PoS_EVM
/
mcl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

change the order of arguments of G1 and G2

Browse Source
dev
MITSUNARI Shigeo 8 years ago
parent 3d1d9682c2
commit 13942ae25d
7 changed files with 70 additions and 67 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 43
      include/mcl/bn.hpp
  2. 10
      java/Bn256Test.java
  3. 10
      java/bn256_impl.hpp
  4. 14
      java/bn256_wrap.cxx
  5. 2
      readme.md
  6. 24
      sample/pairing.cpp
  7. 34
      test/bn_test.cpp

43
include/mcl/bn.hpp
Unescape View File

@ -1025,10 +1025,6 @@ struct BNT {
exp_d1(y, y); exp_d1(y, y);
} }
static void millerLoop(Fp12& f, const G1& P, const G2& Q) static void millerLoop(Fp12& f, const G1& P, const G2& Q)
{
millerLoop(f, P, Q);
}
static void millerLoop(Fp12& f, const G2& Q, const G1& P)
{ {
P.normalize(); P.normalize();
Q.normalize(); Q.normalize();
@ -1073,18 +1069,14 @@ struct BNT {
} }
static void pairing(Fp12& f, const G1& P, const G2& Q) static void pairing(Fp12& f, const G1& P, const G2& Q)
{ {
pairing(f, Q, P); millerLoop(f, P, Q);
}
static void pairing(Fp12& f, const G2& Q, const G1& P)
{
millerLoop(f, Q, P);
finalExp(f, f); finalExp(f, f);
} }
/* /*
millerLoop(e, Q, P) is same as the following millerLoop(e, P, Q) is same as the following
std::vector<Fp6> Qcoeff; std::vector<Fp6> Qcoeff;
precomputeG2(Qcoeff, Q); precomputeG2(Qcoeff, Q);
precomputedMillerLoop(e, Qcoeff, P); precomputedMillerLoop(e, P, Qcoeff);
*/ */
static void precomputeG2(std::vector<Fp6>& Qcoeff, const G2& Q) static void precomputeG2(std::vector<Fp6>& Qcoeff, const G2& Q)
{ {
@ -1128,10 +1120,6 @@ struct BNT {
Qcoeff.push_back(e); Qcoeff.push_back(e);
} }
static void precomputedMillerLoop(Fp12& f, const G1& P, const std::vector<Fp6>& Qcoeff) static void precomputedMillerLoop(Fp12& f, const G1& P, const std::vector<Fp6>& Qcoeff)
{
precomputedMillerLoop(f, P, Qcoeff);
}
static void precomputedMillerLoop(Fp12& f, const std::vector<Fp6>& Qcoeff, const G1& P)
{ {
P.normalize(); P.normalize();
size_t idx = 0; size_t idx = 0;
@ -1166,13 +1154,9 @@ struct BNT {
f *= ft; f *= ft;
} }
/* /*
f = MillerLoop((Q1, P1) x MillerLoop(Q2, P2) f = MillerLoop(P1, Q1) x MillerLoop(P2, Q2)
*/ */
static void precomputedMillerLoop2(Fp12& f, const G1& P1, const std::vector<Fp6>& Q1coeff, const G1& P2, const std::vector<Fp6>& Q2coeff) static void precomputedMillerLoop2(Fp12& f, const G1& P1, const std::vector<Fp6>& Q1coeff, const G1& P2, const std::vector<Fp6>& Q2coeff)
{
precomputedMillerLoop2(f, Q1coeff, P1, Q2coeff, P2);
}
static void precomputedMillerLoop2(Fp12& f, const std::vector<Fp6>& Q1coeff, const G1& P1, const std::vector<Fp6>& Q2coeff, const G1& P2)
{ {
P1.normalize(); P1.normalize();
P2.normalize(); P2.normalize();
@ -1221,6 +1205,25 @@ struct BNT {
f *= f1; f *= f1;
f *= f2; f *= f2;
} }
#if 1 // duplicated later
// old order of P and Q
static void millerLoop(Fp12& f, const G2& Q, const G1& P)
{
millerLoop(f, P, Q);
}
static void pairing(Fp12& f, const G2& Q, const G1& P)
{
pairing(f, P, Q);
}
static void precomputedMillerLoop(Fp12& f, const std::vector<Fp6>& Qcoeff, const G1& P)
{
precomputedMillerLoop(f, P, Qcoeff);
}
static void precomputedMillerLoop2(Fp12& f, const std::vector<Fp6>& Q1coeff, const G1& P1, const std::vector<Fp6>& Q2coeff, const G1& P2)
{
precomputedMillerLoop2(f, P1, Q1coeff, P2, Q2coeff);
}
#endif
}; };
template<class Fp> template<class Fp>

10
java/Bn256Test.java
Unescape View File

@ -61,19 +61,19 @@ public class Bn256Test {
} }
GT e = new GT(); GT e = new GT();
Bn256.pairing(e, Q, P); Bn256.pairing(e, P, Q);
GT e1 = new GT(); GT e1 = new GT();
GT e2 = new GT(); GT e2 = new GT();
Fr c = new Fr("1234567890123234928348230428394234"); Fr c = new Fr("1234567890123234928348230428394234");
G2 cQ = new G2(Q); G2 cQ = new G2(Q);
Bn256.mul(cQ, Q, c); // cQ = Q * c Bn256.mul(cQ, Q, c); // cQ = Q * c
Bn256.pairing(e1, cQ, P); Bn256.pairing(e1, P, cQ);
Bn256.pow(e2, e, c); // e2 = e^c Bn256.pow(e2, e, c); // e2 = e^c
assertBool("e1 == e2", e1.equals(e2)); assertBool("e1 == e2", e1.equals(e2));
G1 cP = new G1(P); G1 cP = new G1(P);
Bn256.mul(cP, P, c); // cP = P * c Bn256.mul(cP, P, c); // cP = P * c
Bn256.pairing(e1, Q, cP); Bn256.pairing(e1, cP, Q);
assertBool("e1 == e2", e1.equals(e2)); assertBool("e1 == e2", e1.equals(e2));
BLSsignature(Q); BLSsignature(Q);
@ -97,8 +97,8 @@ public class Bn256Test {
GT e1 = new GT(); GT e1 = new GT();
GT e2 = new GT(); GT e2 = new GT();
Bn256.pairing(e1, pub, H); // e1 = e(s Q, H) Bn256.pairing(e1, H, pub); // e1 = e(H, s Q)
Bn256.pairing(e2, Q, sign); // e2 = e(Q, s H); Bn256.pairing(e2, sign, Q); // e2 = e(s H, Q);
assertBool("verify signature", e1.equals(e2)); assertBool("verify signature", e1.equals(e2));
} }
} }

10
java/bn256_impl.hpp
Unescape View File

@ -90,7 +90,7 @@ class G1 {
friend void add(G1& z, const G1& x, const G1& y); friend void add(G1& z, const G1& x, const G1& y);
friend void sub(G1& z, const G1& x, const G1& y); friend void sub(G1& z, const G1& x, const G1& y);
friend void mul(G1& z, const G1& x, const Fr& y); friend void mul(G1& z, const G1& x, const Fr& y);
friend void pairing(GT& e, const G2& Q, const G1& P); friend void pairing(GT& e, const G1& P, const G2& Q);
public: public:
G1() {} G1() {}
G1(const G1& rhs) : self_(rhs.self_) {} G1(const G1& rhs) : self_(rhs.self_) {}
@ -155,7 +155,7 @@ class G2 {
friend void add(G2& z, const G2& x, const G2& y); friend void add(G2& z, const G2& x, const G2& y);
friend void sub(G2& z, const G2& x, const G2& y); friend void sub(G2& z, const G2& x, const G2& y);
friend void mul(G2& z, const G2& x, const Fr& y); friend void mul(G2& z, const G2& x, const Fr& y);
friend void pairing(GT& e, const G2& Q, const G1& P); friend void pairing(GT& e, const G1& P, const G2& Q);
public: public:
G2() {} G2() {}
G2(const G2& rhs) : self_(rhs.self_) {} G2(const G2& rhs) : self_(rhs.self_) {}
@ -213,7 +213,7 @@ class GT {
mcl::bn256::Fp12 self_; mcl::bn256::Fp12 self_;
friend void mul(GT& z, const GT& x, const GT& y); friend void mul(GT& z, const GT& x, const GT& y);
friend void pow(GT& z, const GT& x, const Fr& y); friend void pow(GT& z, const GT& x, const Fr& y);
friend void pairing(GT& e, const G2& Q, const G1& P); friend void pairing(GT& e, const G1& P, const G2& Q);
public: public:
GT() {} GT() {}
GT(const GT& rhs) : self_(rhs.self_) {} GT(const GT& rhs) : self_(rhs.self_) {}
@ -243,7 +243,7 @@ void pow(GT& z, const GT& x, const Fr& y)
{ {
mcl::bn256::Fp12::pow(z.self_, x.self_, y.self_); mcl::bn256::Fp12::pow(z.self_, x.self_, y.self_);
} }
void pairing(GT& e, const G2& Q, const G1& P) void pairing(GT& e, const G1& P, const G2& Q)
{ {
mcl::bn256::BN::pairing(e.self_, Q.self_, P.self_); mcl::bn256::BN::pairing(e.self_, P.self_, Q.self_);
} }

14
java/bn256_wrap.cxx
Unescape View File

@ -795,8 +795,8 @@ SWIGEXPORT void JNICALL Java_com_herumi_mcl_Bn256JNI_sub_1_1SWIG_11(JNIEnv *jenv
SWIGEXPORT void JNICALL Java_com_herumi_mcl_Bn256JNI_pairing(JNIEnv *jenv, jclass jcls, jlong jarg1, jobject jarg1_, jlong jarg2, jobject jarg2_, jlong jarg3, jobject jarg3_) { SWIGEXPORT void JNICALL Java_com_herumi_mcl_Bn256JNI_pairing(JNIEnv *jenv, jclass jcls, jlong jarg1, jobject jarg1_, jlong jarg2, jobject jarg2_, jlong jarg3, jobject jarg3_) {
GT *arg1 = 0 ; GT *arg1 = 0 ;
G2 *arg2 = 0 ; G1 *arg2 = 0 ;
G1 *arg3 = 0 ; G2 *arg3 = 0 ;
(void)jenv; (void)jenv;
(void)jcls; (void)jcls;
@ -808,17 +808,17 @@ SWIGEXPORT void JNICALL Java_com_herumi_mcl_Bn256JNI_pairing(JNIEnv *jenv, jclas
SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "GT & reference is null"); SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "GT & reference is null");
return ; return ;
} }
arg2 = *(G2 **)&jarg2; arg2 = *(G1 **)&jarg2;
if (!arg2) { if (!arg2) {
SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "G2 const & reference is null"); SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "G1 const & reference is null");
return ; return ;
} }
arg3 = *(G1 **)&jarg3; arg3 = *(G2 **)&jarg3;
if (!arg3) { if (!arg3) {
SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "G1 const & reference is null"); SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "G2 const & reference is null");
return ; return ;
} }
pairing(*arg1,(G2 const &)*arg2,(G1 const &)*arg3); pairing(*arg1,(G1 const &)*arg2,(G2 const &)*arg3);
} }

2
readme.md
Unescape View File

@ -99,7 +99,7 @@ mcl::bn256::bn256init(cp);
mcl::bn256::G1 P(...); mcl::bn256::G1 P(...);
mcl::bn256::G2 Q(...); mcl::bn256::G2 Q(...);
mcl::bn256::Fp12 e; mcl::bn256::Fp12 e;
mcl::bn256::BN::pairing(e, Q, P); mcl::bn256::BN::pairing(e, P, Q);
``` ```
1. (CurveFp254BNb) a BN curve over the 254-bit prime p = 36z^4 + 36z^3 + 24z^2 + 6z + 1 where z = -(2^62 + 2^55 + 1). 1. (CurveFp254BNb) a BN curve over the 254-bit prime p = 36z^4 + 36z^3 + 24z^2 + 6z + 1 where z = -(2^62 + 2^55 + 1).
2. (CurveSNARK1) a BN curve over a 254-bit prime p such that n := p + 1 - t has high 2-adicity. 2. (CurveSNARK1) a BN curve over a 254-bit prime p such that n := p + 1 - t has high 2-adicity.

24
sample/pairing.cpp
Unescape View File

@ -7,38 +7,38 @@ const char *ab = "41687836088149321545364279345098957822465737152979115539641713
const char *ba = "13891744915211034074451795021214165905772212241412891944830863846330766296736"; const char *ba = "13891744915211034074451795021214165905772212241412891944830863846330766296736";
const char *bb = "7937318970632701341203597196594272556916396164729705624521405069090520231616"; const char *bb = "7937318970632701341203597196594272556916396164729705624521405069090520231616";
void minimum_sample(const G2& Q, const G1& P) void minimum_sample(const G1& P, const G2& Q)
{ {
const mpz_class a = 123; const mpz_class a = 123;
const mpz_class b = 456; const mpz_class b = 456;
Fp12 e1, e2; Fp12 e1, e2;
BN::pairing(e1, Q, P); BN::pairing(e1, P, Q);
G2 aQ; G2 aQ;
G1 bP; G1 bP;
G2::mul(aQ, Q, a); G2::mul(aQ, Q, a);
G1::mul(bP, P, b); G1::mul(bP, P, b);
BN::pairing(e2, aQ, bP); BN::pairing(e2, aP, aQ);
Fp12::pow(e1, e1, a * b); Fp12::pow(e1, e1, a * b);
printf("%s\n", e1 == e2 ? "ok" : "ng"); printf("%s\n", e1 == e2 ? "ok" : "ng");
} }
void miller_and_finel_exp(const G2& Q, const G1& P) void miller_and_finel_exp(const G1& P, const G2& Q)
{ {
Fp12 e1, e2; Fp12 e1, e2;
BN::pairing(e1, Q, P); BN::pairing(e1, P, Q);
BN::millerLoop(e2, Q, P); BN::millerLoop(e2, P, Q);
BN::finalExp(e2, e2); BN::finalExp(e2, e2);
printf("%s\n", e1 == e2 ? "ok" : "ng"); printf("%s\n", e1 == e2 ? "ok" : "ng");
} }
void precomputed(const G2& Q, const G1& P) void precomputed(const G1& P, const G2& Q)
{ {
Fp12 e1, e2; Fp12 e1, e2;
BN::pairing(e1, Q, P); BN::pairing(e1, P, Q);
std::vector<Fp6> Qcoeff; std::vector<Fp6> Qcoeff;
BN::precomputeG2(Qcoeff, Q); BN::precomputeG2(Qcoeff, Q);
BN::precomputedMillerLoop(e2, Qcoeff, P); BN::precomputedMillerLoop(e2, P, Qcoeff);
BN::finalExp(e2, e2); BN::finalExp(e2, e2);
printf("%s\n", e1 == e2 ? "ok" : "ng"); printf("%s\n", e1 == e2 ? "ok" : "ng");
} }
@ -49,8 +49,8 @@ int main()
G2 Q(Fp2(aa, ab), Fp2(ba, bb)); G2 Q(Fp2(aa, ab), Fp2(ba, bb));
G1 P(-1, 1); G1 P(-1, 1);
minimum_sample(Q, P); minimum_sample(P, Q);
miller_and_finel_exp(Q, P); miller_and_finel_exp(P, Q);
precomputed(Q, P); precomputed(P, Q);
} }

34
test/bn_test.cpp
Unescape View File

@ -168,18 +168,18 @@ void testCompress()
CYBOZU_TEST_EQUAL(b, c); CYBOZU_TEST_EQUAL(b, c);
} }
void testPrecomputed(const G2& Q, const G1& P) void testPrecomputed(const G1& P, const G2& Q)
{ {
Fp12 e1, e2; Fp12 e1, e2;
BN::pairing(e1, Q, P); BN::pairing(e1, P, Q);
std::vector<Fp6> Qcoeff; std::vector<Fp6> Qcoeff;
BN::precomputeG2(Qcoeff, Q); BN::precomputeG2(Qcoeff, Q);
BN::precomputedMillerLoop(e2, Qcoeff, P); BN::precomputedMillerLoop(e2, P, Qcoeff);
BN::finalExp(e2, e2); BN::finalExp(e2, e2);
CYBOZU_TEST_EQUAL(e1, e2); CYBOZU_TEST_EQUAL(e1, e2);
} }
void testMillerLoop2(const G2& Q1, const G1& P1) void testMillerLoop2(const G1& P1, const G2& Q1)
{ {
Fp12 e1, e2; Fp12 e1, e2;
mpz_class c1("12342342423442"); mpz_class c1("12342342423442");
@ -188,22 +188,22 @@ void testMillerLoop2(const G2& Q1, const G1& P1)
G1 P2; G1 P2;
G2::mul(Q2, Q1, c1); G2::mul(Q2, Q1, c1);
G1::mul(P2, P1, c2); G1::mul(P2, P1, c2);
BN::pairing(e1, Q1, P1); BN::pairing(e1, P1, Q1);
BN::pairing(e2, Q2, P2); BN::pairing(e2, P2, Q2);
e1 *= e2; e1 *= e2;
std::vector<Fp6> Q1coeff, Q2coeff; std::vector<Fp6> Q1coeff, Q2coeff;
BN::precomputeG2(Q1coeff, Q1); BN::precomputeG2(Q1coeff, Q1);
BN::precomputeG2(Q2coeff, Q2); BN::precomputeG2(Q2coeff, Q2);
BN::precomputedMillerLoop2(e2, Q1coeff, P1, Q2coeff, P2); BN::precomputedMillerLoop2(e2, P1, Q1coeff, P2, Q2coeff);
BN::finalExp(e2, e2); BN::finalExp(e2, e2);
CYBOZU_TEST_EQUAL(e1, e2); CYBOZU_TEST_EQUAL(e1, e2);
} }
void testPairing(const G2& Q, const G1& P, const char *eStr) void testPairing(const G1& P, const G2& Q, const char *eStr)
{ {
Fp12 e1; Fp12 e1;
BN::pairing(e1, Q, P); BN::pairing(e1, P, Q);
Fp12 e2; Fp12 e2;
{ {
std::stringstream ss(eStr); std::stringstream ss(eStr);
@ -211,8 +211,8 @@ void testPairing(const G2& Q, const G1& P, const char *eStr)
} }
CYBOZU_TEST_EQUAL(e1, e2); CYBOZU_TEST_EQUAL(e1, e2);
#if 0 #if 0
for (int i = 0; i < 1000; i++) BN::pairing(e1, Q, P); for (int i = 0; i < 1000; i++) BN::pairing(e1, P, Q);
// CYBOZU_BENCH_C("pairing", 1000, BN::pairing, e1, Q, P); // 2.4Mclk // CYBOZU_BENCH_C("pairing", 1000, BN::pairing, e1, P, Q); // 2.4Mclk
#else #else
{ {
Fp12 e = e1, ea; Fp12 e = e1, ea;
@ -228,14 +228,14 @@ void testPairing(const G2& Q, const G1& P, const char *eStr)
Fp12::pow(ea, e, a); Fp12::pow(ea, e, a);
G1::mul(Pa, P, a); G1::mul(Pa, P, a);
G2::mul(Qa, Q, a); G2::mul(Qa, Q, a);
BN::pairing(e1, Q, Pa); BN::pairing(e1, Pa, Q);
BN::pairing(e2, Qa, P); BN::pairing(e2, P, Qa);
CYBOZU_TEST_EQUAL(ea, e1); CYBOZU_TEST_EQUAL(ea, e1);
CYBOZU_TEST_EQUAL(ea, e2); CYBOZU_TEST_EQUAL(ea, e2);
a--; a--;
} }
} }
CYBOZU_BENCH("pairing", BN::pairing, e1, Q, P); // 2.4Mclk CYBOZU_BENCH("pairing", BN::pairing, e1, P, Q); // 2.4Mclk
CYBOZU_BENCH("finalExp", BN::finalExp, e1, e1); // 1.3Mclk CYBOZU_BENCH("finalExp", BN::finalExp, e1, e1); // 1.3Mclk
#endif #endif
} }
@ -253,9 +253,9 @@ CYBOZU_TEST_AUTO(naive)
testMapToG2(); testMapToG2();
testCyclotomic(); testCyclotomic();
testCompress(); testCompress();
testPairing(Q, P, ts.e); testPairing(P, Q, ts.e);
testPrecomputed(Q, P); testPrecomputed(P, Q);
testMillerLoop2(Q, P); testMillerLoop2(P, Q);
//break; //break;
} }
int count = (int)clk.getCount(); int count = (int)clk.getCount();

Write Preview
Loading…
Cancel
Save