change the order of arguments of G1 and G2

8 years ago · 13942ae25d
parent 3d1d9682c2
commit 13942ae25d
7 changed files with 70 additions and 67 deletions
--- a/include/mcl/bn.hpp
+++ b/include/mcl/bn.hpp
@ -1025,10 +1025,6 @@ struct BNT {
 		exp_d1(y, y);
 	}
 	static void millerLoop(Fp12& f, const G1& P, const G2& Q)
-	{
-		millerLoop(f, P, Q);
-	}
-	static void millerLoop(Fp12& f, const G2& Q, const G1& P)
 	{
 		P.normalize();
 		Q.normalize();
@ -1073,18 +1069,14 @@ struct BNT {
 	}
 	static void pairing(Fp12& f, const G1& P, const G2& Q)
 	{
-		pairing(f, Q, P);
-	}
-	static void pairing(Fp12& f, const G2& Q, const G1& P)
-	{
-		millerLoop(f, Q, P);
+		millerLoop(f, P, Q);
 		finalExp(f, f);
 	}
 	/*
-		millerLoop(e, Q, P) is same as the following
+		millerLoop(e, P, Q) is same as the following
 		std::vector<Fp6> Qcoeff;
 		precomputeG2(Qcoeff, Q);
-		precomputedMillerLoop(e, Qcoeff, P);
+		precomputedMillerLoop(e, P, Qcoeff);
 	*/
 	static void precomputeG2(std::vector<Fp6>& Qcoeff, const G2& Q)
 	{
@ -1128,10 +1120,6 @@ struct BNT {
 		Qcoeff.push_back(e);
 	}
 	static void precomputedMillerLoop(Fp12& f, const G1& P, const std::vector<Fp6>& Qcoeff)
-	{
-		precomputedMillerLoop(f, P, Qcoeff);
-	}
-	static void precomputedMillerLoop(Fp12& f, const std::vector<Fp6>& Qcoeff, const G1& P)
 	{
 		P.normalize();
 		size_t idx = 0;
@ -1166,13 +1154,9 @@ struct BNT {
 		f *= ft;
 	}
 	/*
-		f = MillerLoop((Q1, P1) x MillerLoop(Q2, P2)
+		f = MillerLoop(P1, Q1) x MillerLoop(P2, Q2)
 	*/
 	static void precomputedMillerLoop2(Fp12& f, const G1& P1, const std::vector<Fp6>& Q1coeff, const G1& P2, const std::vector<Fp6>& Q2coeff)
-	{
-		precomputedMillerLoop2(f, Q1coeff, P1, Q2coeff, P2);
-	}
-	static void precomputedMillerLoop2(Fp12& f, const std::vector<Fp6>& Q1coeff, const G1& P1, const std::vector<Fp6>& Q2coeff, const G1& P2)
 	{
 		P1.normalize();
 		P2.normalize();
@ -1221,6 +1205,25 @@ struct BNT {
 		f *= f1;
 		f *= f2;
 	}
+#if 1 // duplicated later
+	// old order of P and Q
+	static void millerLoop(Fp12& f, const G2& Q, const G1& P)
+	{
+		millerLoop(f, P, Q);
+	}
+	static void pairing(Fp12& f, const G2& Q, const G1& P)
+	{
+		pairing(f, P, Q);
+	}
+	static void precomputedMillerLoop(Fp12& f, const std::vector<Fp6>& Qcoeff, const G1& P)
+	{
+		precomputedMillerLoop(f, P, Qcoeff);
+	}
+	static void precomputedMillerLoop2(Fp12& f, const std::vector<Fp6>& Q1coeff, const G1& P1, const std::vector<Fp6>& Q2coeff, const G1& P2)
+	{
+		precomputedMillerLoop2(f, P1, Q1coeff, P2, Q2coeff);
+	}
+#endif
 };

 template<class Fp>
--- a/java/Bn256Test.java
+++ b/java/Bn256Test.java
@ -61,19 +61,19 @@ public class Bn256Test {
 			}

 			GT e = new GT();
-			Bn256.pairing(e, Q, P);
+			Bn256.pairing(e, P, Q);
 			GT e1 = new GT();
 			GT e2 = new GT();
 			Fr c = new Fr("1234567890123234928348230428394234");
 			G2 cQ = new G2(Q);
 			Bn256.mul(cQ, Q, c); // cQ = Q * c
-			Bn256.pairing(e1, cQ, P);
+			Bn256.pairing(e1, P, cQ);
 			Bn256.pow(e2, e, c); // e2 = e^c
 			assertBool("e1 == e2", e1.equals(e2));

 			G1 cP = new G1(P);
 			Bn256.mul(cP, P, c); // cP = P * c
-			Bn256.pairing(e1, Q, cP);
+			Bn256.pairing(e1, cP, Q);
 			assertBool("e1 == e2", e1.equals(e2));

 			BLSsignature(Q);
@ -97,8 +97,8 @@ public class Bn256Test {

 		GT e1 = new GT();
 		GT e2 = new GT();
-		Bn256.pairing(e1, pub, H); // e1 = e(s Q, H)
-		Bn256.pairing(e2, Q, sign); // e2 = e(Q, s H);
+		Bn256.pairing(e1, H, pub); // e1 = e(H, s Q)
+		Bn256.pairing(e2, sign, Q); // e2 = e(s H, Q);
 		assertBool("verify signature", e1.equals(e2));
 	}
 }
--- a/java/bn256_impl.hpp
+++ b/java/bn256_impl.hpp
@ -90,7 +90,7 @@ class G1 {
 	friend void add(G1& z, const G1& x, const G1& y);
 	friend void sub(G1& z, const G1& x, const G1& y);
 	friend void mul(G1& z, const G1& x, const Fr& y);
-	friend void pairing(GT& e, const G2& Q, const G1& P);
+	friend void pairing(GT& e, const G1& P, const G2& Q);
 public:
 	G1() {}
 	G1(const G1& rhs) : self_(rhs.self_) {}
@ -155,7 +155,7 @@ class G2 {
 	friend void add(G2& z, const G2& x, const G2& y);
 	friend void sub(G2& z, const G2& x, const G2& y);
 	friend void mul(G2& z, const G2& x, const Fr& y);
-	friend void pairing(GT& e, const G2& Q, const G1& P);
+	friend void pairing(GT& e, const G1& P, const G2& Q);
 public:
 	G2() {}
 	G2(const G2& rhs) : self_(rhs.self_) {}
@ -213,7 +213,7 @@ class GT {
 	mcl::bn256::Fp12 self_;
 	friend void mul(GT& z, const GT& x, const GT& y);
 	friend void pow(GT& z, const GT& x, const Fr& y);
-	friend void pairing(GT& e, const G2& Q, const G1& P);
+	friend void pairing(GT& e, const G1& P, const G2& Q);
 public:
 	GT() {}
 	GT(const GT& rhs) : self_(rhs.self_) {}
@ -243,7 +243,7 @@ void pow(GT& z, const GT& x, const Fr& y)
 {
 	mcl::bn256::Fp12::pow(z.self_, x.self_, y.self_);
 }
-void pairing(GT& e, const G2& Q, const G1& P)
+void pairing(GT& e, const G1& P, const G2& Q)
 {
-	mcl::bn256::BN::pairing(e.self_, Q.self_, P.self_);
+	mcl::bn256::BN::pairing(e.self_, P.self_, Q.self_);
 }
--- a/java/bn256_wrap.cxx
+++ b/java/bn256_wrap.cxx
@ -795,8 +795,8 @@ SWIGEXPORT void JNICALL Java_com_herumi_mcl_Bn256JNI_sub_1_1SWIG_11(JNIEnv *jenv

 SWIGEXPORT void JNICALL Java_com_herumi_mcl_Bn256JNI_pairing(JNIEnv *jenv, jclass jcls, jlong jarg1, jobject jarg1_, jlong jarg2, jobject jarg2_, jlong jarg3, jobject jarg3_) {
  GT *arg1 = 0 ;
-  G2 *arg2 = 0 ;
-  G1 *arg3 = 0 ;
+  G1 *arg2 = 0 ;
+  G2 *arg3 = 0 ;
  
  (void)jenv;
  (void)jcls;
@ -808,17 +808,17 @@ SWIGEXPORT void JNICALL Java_com_herumi_mcl_Bn256JNI_pairing(JNIEnv *jenv, jclas
    SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "GT & reference is null");
    return ;
  } 
-  arg2 = *(G2 **)&jarg2;
+  arg2 = *(G1 **)&jarg2;
  if (!arg2) {
-    SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "G2 const & reference is null");
+    SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "G1 const & reference is null");
    return ;
  } 
-  arg3 = *(G1 **)&jarg3;
+  arg3 = *(G2 **)&jarg3;
  if (!arg3) {
-    SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "G1 const & reference is null");
+    SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "G2 const & reference is null");
    return ;
  } 
-  pairing(*arg1,(G2 const &)*arg2,(G1 const &)*arg3);
+  pairing(*arg1,(G1 const &)*arg2,(G2 const &)*arg3);
 }


--- a/readme.md
+++ b/readme.md
@ -99,7 +99,7 @@ mcl::bn256::bn256init(cp);
 mcl::bn256::G1 P(...);
 mcl::bn256::G2 Q(...);
 mcl::bn256::Fp12 e;
-mcl::bn256::BN::pairing(e, Q, P);
+mcl::bn256::BN::pairing(e, P, Q);
 ```
 1. (CurveFp254BNb) a BN curve over the 254-bit prime p = 36z^4 + 36z^3 + 24z^2 + 6z + 1 where z = -(2^62 + 2^55 + 1).
 2. (CurveSNARK1) a BN curve over a 254-bit prime p such that n := p + 1 - t has high 2-adicity.
--- a/sample/pairing.cpp
+++ b/sample/pairing.cpp
@ -7,38 +7,38 @@ const char *ab = "41687836088149321545364279345098957822465737152979115539641713
 const char *ba = "13891744915211034074451795021214165905772212241412891944830863846330766296736";
 const char *bb = "7937318970632701341203597196594272556916396164729705624521405069090520231616";

-void minimum_sample(const G2& Q, const G1& P)
+void minimum_sample(const G1& P, const G2& Q)
 {
 	const mpz_class a = 123;
 	const mpz_class b = 456;
 	Fp12 e1, e2;
-	BN::pairing(e1, Q, P);
+	BN::pairing(e1, P, Q);
 	G2 aQ;
 	G1 bP;
 	G2::mul(aQ, Q, a);
 	G1::mul(bP, P, b);
-	BN::pairing(e2, aQ, bP);
+	BN::pairing(e2, aP, aQ);
 	Fp12::pow(e1, e1, a * b);
 	printf("%s\n", e1 == e2 ? "ok" : "ng");
 }

-void miller_and_finel_exp(const G2& Q, const G1& P)
+void miller_and_finel_exp(const G1& P, const G2& Q)
 {
 	Fp12 e1, e2;
-	BN::pairing(e1, Q, P);
+	BN::pairing(e1, P, Q);

-	BN::millerLoop(e2, Q, P);
+	BN::millerLoop(e2, P, Q);
 	BN::finalExp(e2, e2);
 	printf("%s\n", e1 == e2 ? "ok" : "ng");
 }

-void precomputed(const G2& Q, const G1& P)
+void precomputed(const G1& P, const G2& Q)
 {
 	Fp12 e1, e2;
-	BN::pairing(e1, Q, P);
+	BN::pairing(e1, P, Q);
 	std::vector<Fp6> Qcoeff;
 	BN::precomputeG2(Qcoeff, Q);
-	BN::precomputedMillerLoop(e2, Qcoeff, P);
+	BN::precomputedMillerLoop(e2, P, Qcoeff);
 	BN::finalExp(e2, e2);
 	printf("%s\n", e1 == e2 ? "ok" : "ng");
 }
@ -49,8 +49,8 @@ int main()
 	G2 Q(Fp2(aa, ab), Fp2(ba, bb));
 	G1 P(-1, 1);

-	minimum_sample(Q, P);
-	miller_and_finel_exp(Q, P);
-	precomputed(Q, P);
+	minimum_sample(P, Q);
+	miller_and_finel_exp(P, Q);
+	precomputed(P, Q);
 }

--- a/test/bn_test.cpp
+++ b/test/bn_test.cpp
@ -168,18 +168,18 @@ void testCompress()
 	CYBOZU_TEST_EQUAL(b, c);
 }

-void testPrecomputed(const G2& Q, const G1& P)
+void testPrecomputed(const G1& P, const G2& Q)
 {
 	Fp12 e1, e2;
-	BN::pairing(e1, Q, P);
+	BN::pairing(e1, P, Q);
 	std::vector<Fp6> Qcoeff;
 	BN::precomputeG2(Qcoeff, Q);
-	BN::precomputedMillerLoop(e2, Qcoeff, P);
+	BN::precomputedMillerLoop(e2, P, Qcoeff);
 	BN::finalExp(e2, e2);
 	CYBOZU_TEST_EQUAL(e1, e2);
 }

-void testMillerLoop2(const G2& Q1, const G1& P1)
+void testMillerLoop2(const G1& P1, const G2& Q1)
 {
 	Fp12 e1, e2;
 	mpz_class c1("12342342423442");
@ -188,22 +188,22 @@ void testMillerLoop2(const G2& Q1, const G1& P1)
 	G1 P2;
 	G2::mul(Q2, Q1, c1);
 	G1::mul(P2, P1, c2);
-	BN::pairing(e1, Q1, P1);
-	BN::pairing(e2, Q2, P2);
+	BN::pairing(e1, P1, Q1);
+	BN::pairing(e2, P2, Q2);
 	e1 *= e2;

 	std::vector<Fp6> Q1coeff, Q2coeff;
 	BN::precomputeG2(Q1coeff, Q1);
 	BN::precomputeG2(Q2coeff, Q2);
-	BN::precomputedMillerLoop2(e2, Q1coeff, P1, Q2coeff, P2);
+	BN::precomputedMillerLoop2(e2, P1, Q1coeff, P2, Q2coeff);
 	BN::finalExp(e2, e2);
 	CYBOZU_TEST_EQUAL(e1, e2);
 }

-void testPairing(const G2& Q, const G1& P, const char *eStr)
+void testPairing(const G1& P, const G2& Q, const char *eStr)
 {
 	Fp12 e1;
-	BN::pairing(e1, Q, P);
+	BN::pairing(e1, P, Q);
 	Fp12 e2;
 	{
 		std::stringstream ss(eStr);
@ -211,8 +211,8 @@ void testPairing(const G2& Q, const G1& P, const char *eStr)
 	}
 	CYBOZU_TEST_EQUAL(e1, e2);
 #if 0
-	for (int i = 0; i < 1000; i++) BN::pairing(e1, Q, P);
-//	CYBOZU_BENCH_C("pairing", 1000, BN::pairing, e1, Q, P); // 2.4Mclk
+	for (int i = 0; i < 1000; i++) BN::pairing(e1, P, Q);
+//	CYBOZU_BENCH_C("pairing", 1000, BN::pairing, e1, P, Q); // 2.4Mclk
 #else
 	{
 		Fp12 e = e1, ea;
@ -228,14 +228,14 @@ void testPairing(const G2& Q, const G1& P, const char *eStr)
 			Fp12::pow(ea, e, a);
 			G1::mul(Pa, P, a);
 			G2::mul(Qa, Q, a);
-			BN::pairing(e1, Q, Pa);
-			BN::pairing(e2, Qa, P);
+			BN::pairing(e1, Pa, Q);
+			BN::pairing(e2, P, Qa);
 			CYBOZU_TEST_EQUAL(ea, e1);
 			CYBOZU_TEST_EQUAL(ea, e2);
 			a--;
 		}
 	}
-	CYBOZU_BENCH("pairing", BN::pairing, e1, Q, P); // 2.4Mclk
+	CYBOZU_BENCH("pairing", BN::pairing, e1, P, Q); // 2.4Mclk
 	CYBOZU_BENCH("finalExp", BN::finalExp, e1, e1); // 1.3Mclk
 #endif
 }
@ -253,9 +253,9 @@ CYBOZU_TEST_AUTO(naive)
 		testMapToG2();
 		testCyclotomic();
 		testCompress();
-		testPairing(Q, P, ts.e);
-		testPrecomputed(Q, P);
-		testMillerLoop2(Q, P);
+		testPairing(P, Q, ts.e);
+		testPrecomputed(P, Q);
+		testMillerLoop2(P, Q);
 //break;
 	}
 	int count = (int)clk.getCount();