From 1b8bd7f7121e26e7c8937f6dcca1e3eaf754e64a Mon Sep 17 00:00:00 2001
From: MITSUNARI Shigeo <herumi@nifty.com>
Date: Sun, 26 Aug 2018 09:33:01 +0900
Subject: [PATCH] add mclBnG*_isValidOrder

---
 include/mcl/bn.h         |  9 +++++++++
 include/mcl/fp_tower.hpp | 40 ++++++++++++++++++++++++++--------------
 include/mcl/op.hpp       |  2 ++
 src/bn_c_impl.hpp        |  8 ++++++++
 test/bn_c_test.hpp       |  2 ++
 5 files changed, 47 insertions(+), 14 deletions(-)

diff --git a/include/mcl/bn.h b/include/mcl/bn.h
index b161a16..4c514db 100644
--- a/include/mcl/bn.h
+++ b/include/mcl/bn.h
@@ -230,6 +230,13 @@ MCLBN_DLL_API void mclBnG1_clear(mclBnG1 *x);
 MCLBN_DLL_API int mclBnG1_isValid(const mclBnG1 *x);
 MCLBN_DLL_API int mclBnG1_isEqual(const mclBnG1 *x, const mclBnG1 *y);
 MCLBN_DLL_API int mclBnG1_isZero(const mclBnG1 *x);
+/*
+	return 1 if x has a correct order
+	x is valid point of G1 if and only if
+	mclBnG1_isValid() is true, which contains mclBnG1_isValidOrder() if mclBn_verifyOrderG1(true)
+	mclBnG1_isValid() && mclBnG1_isValidOrder() is true if mclBn_verifyOrderG1(false)
+*/
+MCLBN_DLL_API int mclBnG1_isValidOrder(const mclBnG1 *x);
 
 MCLBN_DLL_API int mclBnG1_hashAndMapTo(mclBnG1 *x, const void *buf, mclSize bufSize);
 
@@ -254,6 +261,8 @@ MCLBN_DLL_API void mclBnG2_clear(mclBnG2 *x);
 MCLBN_DLL_API int mclBnG2_isValid(const mclBnG2 *x);
 MCLBN_DLL_API int mclBnG2_isEqual(const mclBnG2 *x, const mclBnG2 *y);
 MCLBN_DLL_API int mclBnG2_isZero(const mclBnG2 *x);
+// return 1 if x has a correct order
+MCLBN_DLL_API int mclBnG2_isValidOrder(const mclBnG2 *x);
 
 MCLBN_DLL_API int mclBnG2_hashAndMapTo(mclBnG2 *x, const void *buf, mclSize bufSize);
 
diff --git a/include/mcl/fp_tower.hpp b/include/mcl/fp_tower.hpp
index 3cd9ba0..1a34d1c 100644
--- a/include/mcl/fp_tower.hpp
+++ b/include/mcl/fp_tower.hpp
@@ -674,21 +674,8 @@ struct Fp2DblT {
 			y.a = t;
 		}
 	}
-	static void sqrPre(Fp2DblT& y, const Fp2& x)
-	{
-		Fp t1, t2;
-		if (Fp::isFullBit()) {
-			Fp::add(t1, x.b, x.b); // 2b
-			Fp::add(t2, x.a, x.b); // a + b
-		} else {
-			Fp::addPre(t1, x.b, x.b); // 2b
-			Fp::addPre(t2, x.a, x.b); // a + b
-		}
-		FpDbl::mulPre(y.b, t1, x.a); // 2ab
-		Fp::sub(t1, x.a, x.b); // a - b
-		FpDbl::mulPre(y.a, t1, t2); // (a + b)(a - b)
-	}
 	static void (*mulPre)(Fp2DblT&, const Fp2&, const Fp2&);
+	static void (*sqrPre)(Fp2DblT&, const Fp2&);
 	static void mod(Fp2& y, const Fp2DblT& x)
 	{
 		FpDbl::mod(y.a, x.a);
@@ -714,6 +701,15 @@ struct Fp2DblT {
 				mulPre = fp2Dbl_mulPreW<false>;
 			}
 		}
+		if (op.fp2Dbl_sqrPreA_) {
+			sqrPre = (void (*)(Fp2DblT&, const Fp2&))op.fp2Dbl_sqrPreA_;
+		} else {
+			if (op.isFullBit) {
+				sqrPre = fp2Dbl_sqrPreW<true>;
+			} else {
+				sqrPre = fp2Dbl_sqrPreW<false>;
+			}
+		}
 	}
 	/*
 		Fp2Dbl::mulPre by FpDblT
@@ -749,9 +745,25 @@ struct Fp2DblT {
 		}
 		FpDbl::sub(d0, d0, d2); // ac - bd
 	}
+	template<bool isFullBit>
+	static void fp2Dbl_sqrPreW(Fp2DblT& y, const Fp2& x)
+	{
+		Fp t1, t2;
+		if (isFullBit) {
+			Fp::add(t1, x.b, x.b); // 2b
+			Fp::add(t2, x.a, x.b); // a + b
+		} else {
+			Fp::addPre(t1, x.b, x.b); // 2b
+			Fp::addPre(t2, x.a, x.b); // a + b
+		}
+		FpDbl::mulPre(y.b, t1, x.a); // 2ab
+		Fp::sub(t1, x.a, x.b); // a - b
+		FpDbl::mulPre(y.a, t1, t2); // (a + b)(a - b)
+	}
 };
 
 template<class Fp> void (*Fp2DblT<Fp>::mulPre)(Fp2DblT&, const Fp2T<Fp>&, const Fp2T<Fp>&);
+template<class Fp> void (*Fp2DblT<Fp>::sqrPre)(Fp2DblT&, const Fp2T<Fp>&);
 
 template<class Fp> uint32_t Fp2T<Fp>::xi_a_;
 template<class Fp> Fp2T<Fp> Fp2T<Fp>::g[Fp2T<Fp>::gN];
diff --git a/include/mcl/op.hpp b/include/mcl/op.hpp
index 64104e6..96771ea 100644
--- a/include/mcl/op.hpp
+++ b/include/mcl/op.hpp
@@ -197,6 +197,7 @@ struct Op {
 	void2u fpDbl_sqrPreA_;
 	void2u fpDbl_modA_;
 	void3u fp2Dbl_mulPreA_;
+	void3u fp2Dbl_sqrPreA_;
 	size_t maxN;
 	size_t N;
 	size_t bitSize;
@@ -285,6 +286,7 @@ struct Op {
 		fpDbl_sqrPreA_ = 0;
 		fpDbl_modA_ = 0;
 		fp2Dbl_mulPreA_ = 0;
+		fp2Dbl_sqrPreA_ = 0;
 		maxN = 0;
 		N = 0;
 		bitSize = 0;
diff --git a/src/bn_c_impl.hpp b/src/bn_c_impl.hpp
index f88d219..7dc724a 100644
--- a/src/bn_c_impl.hpp
+++ b/src/bn_c_impl.hpp
@@ -210,6 +210,10 @@ int mclBnG1_isZero(const mclBnG1 *x)
 {
 	return cast(x)->isZero();
 }
+int mclBnG1_isValidOrder(const mclBnG1 *x)
+{
+	return cast(x)->isValidOrder();
+}
 
 int mclBnG1_hashAndMapTo(mclBnG1 *x, const void *buf, mclSize bufSize)
 {
@@ -285,6 +289,10 @@ int mclBnG2_isZero(const mclBnG2 *x)
 {
 	return cast(x)->isZero();
 }
+int mclBnG2_isValidOrder(const mclBnG2 *x)
+{
+	return cast(x)->isValidOrder();
+}
 
 int mclBnG2_hashAndMapTo(mclBnG2 *x, const void *buf, mclSize bufSize)
 {
diff --git a/test/bn_c_test.hpp b/test/bn_c_test.hpp
index 06ed271..d0d4141 100644
--- a/test/bn_c_test.hpp
+++ b/test/bn_c_test.hpp
@@ -141,6 +141,7 @@ CYBOZU_TEST_AUTO(G1)
 	CYBOZU_TEST_ASSERT(mclBnG1_isZero(&x));
 
 	CYBOZU_TEST_ASSERT(!mclBnG1_hashAndMapTo(&y, "abc", 3));
+	CYBOZU_TEST_ASSERT(mclBnG1_isValidOrder(&y));
 
 	char buf[1024];
 	size_t size;
@@ -184,6 +185,7 @@ CYBOZU_TEST_AUTO(G2)
 	CYBOZU_TEST_ASSERT(mclBnG2_isZero(&x));
 
 	CYBOZU_TEST_ASSERT(!mclBnG2_hashAndMapTo(&x, "abc", 3));
+	CYBOZU_TEST_ASSERT(mclBnG2_isValidOrder(&x));
 
 	char buf[1024];
 	size_t size;