PoS_EVM
/
mcl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

remove macro for bls12

Browse Source
dev
MITSUNARI Shigeo 7 years ago
parent abdbc00f23
commit 2d36f00388
5 changed files with 140 additions and 185 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 59
      include/mcl/bls12.hpp
  2. 70
      include/mcl/bn.hpp
  3. 159
      include/mcl/pairing_util.hpp
  4. 2
      test/bn384_test.cpp
  5. 35
      test/bn512_test.cpp

59
include/mcl/bls12.hpp
Unescape View File

@ -6,8 +6,6 @@
@license modified new BSD license
http://opensource.org/licenses/BSD-3-Clause
*/
#define MCL_MTYPE
#define MCL_USE_BLS12
#include <mcl/pairing_util.hpp>
namespace mcl { namespace bls12 {
@ -98,9 +96,9 @@ struct ParamT : public util::CommonParamT<Fp> {
};
template<class Fp>
struct BLS12T : mcl::util::BasePairingT<Fp, ParamT<Fp> > {
struct BLS12T : mcl::util::BasePairingT<BLS12T<Fp>, Fp, ParamT<Fp> > {
typedef ParamT<Fp> Param;
typedef typename mcl::util::BasePairingT<Fp, Param> Base;
typedef typename mcl::util::BasePairingT<BLS12T<Fp>, Fp, Param> Base;
typedef mcl::Fp2T<Fp> Fp2;
typedef mcl::Fp6T<Fp> Fp6;
typedef mcl::Fp12T<Fp> Fp12;
@ -114,6 +112,59 @@ struct BLS12T : mcl::util::BasePairingT<Fp, ParamT<Fp> > {
Base::param.init(cp, mode);
G2withF::init(cp.isMtype);
}
/*
Implementing Pairings at the 192-bit Security Level
D.F.Aranha, L.F.Castaneda, E.Knapp, A.Menezes, F.R.Henriquez
Section 4
*/
static void expHardPart(Fp12& y, const Fp12& x)
{
#if 0
const mpz_class& p = param.p;
mpz_class p2 = p * p;
mpz_class p4 = p2 * p2;
Fp12::pow(y, x, (p4 - p2 + 1) / param.r * 3);
return;
#endif
#if 1
Fp12 a0, a1, a2, a3, a4, a5, a6, a7;
Fp12::unitaryInv(a0, x); // a0 = x^-1
Base::fasterSqr(a1, a0); // x^-2
Base::pow_z(a2, x); // x^z
Base::fasterSqr(a3, a2); // x^2z
a1 *= a2; // a1 = x^(z-2)
Base::pow_z(a7, a1); // a7 = x^(z^2-2z)
Base::pow_z(a4, a7); // a4 = x^(z^3-2z^2)
Base::pow_z(a5, a4); // a5 = x^(z^4-2z^3)
a3 *= a5; // a3 = x^(z^4-2z^3+2z)
Base::pow_z(a6, a3); // a6 = x^(z^5-2z^4+2z^2)
Fp12::unitaryInv(a1, a1); // x^(2-z)
a1 *= a6; // x^(z^5-2z^4+2z^2-z+2)
a1 *= x; // x^(z^5-2z^4+2z^2-z+3) = x^c0
a3 *= a0; // x^(z^4-2z^3-1) = x^c1
Fp12::Frobenius(a3, a3); // x^(c1 p)
a1 *= a3; // x^(c0 + c1 p)
a4 *= a2; // x^(z^3-2z^2+z) = x^c2
Fp12::Frobenius2(a4, a4); // x^(c2 p^2)
a1 *= a4; // x^(c0 + c1 p + c2 p^2)
a7 *= x; // x^(z^2-2z+1) = x^c3
Fp12::Frobenius3(y, a7);
y *= a1;
#else
Fp12 t1, t2, t3;
Fp12::Frobenius(t1, x);
Fp12::Frobenius(t2, t1);
Fp12::Frobenius(t3, t2);
Fp12::pow(t1, t1, param.exp_c1);
Fp12::pow(t2, t2, param.exp_c2);
Fp12::pow(t3, t3, param.exp_c3);
Fp12::pow(y, x, param.exp_c0);
y *= t1;
y *= t2;
y *= t3;
#endif
}
};
} } // mcl::bls12

70
include/mcl/bn.hpp
Unescape View File

@ -476,9 +476,9 @@ struct ParamT : public util::CommonParamT<Fp> {
};
template<class Fp>
struct BNT : mcl::util::BasePairingT<Fp, ParamT<Fp> > {
struct BNT : mcl::util::BasePairingT<BNT<Fp>, Fp, ParamT<Fp> > {
typedef ParamT<Fp> Param;
typedef typename mcl::util::BasePairingT<Fp, Param> Base;
typedef typename mcl::util::BasePairingT<BNT<Fp>, Fp, Param> Base;
typedef mcl::Fp2T<Fp> Fp2;
typedef mcl::Fp6T<Fp> Fp6;
typedef mcl::Fp12T<Fp> Fp12;
@ -516,6 +516,72 @@ struct BNT : mcl::util::BasePairingT<Fp, ParamT<Fp> > {
G2::setMulArrayGLV(mulArrayGLV2);
Fp12::setPowArrayGLV(powArrayGLV2);
}
/*
Faster Hashing to G2
Laura Fuentes-Castaneda, Edward Knapp, Francisco Rodriguez-Henriquez
section 4.1
y = x^(d 2z(6z^2 + 3z + 1)) where
p = p(z) = 36z^4 + 36z^3 + 24z^2 + 6z + 1
r = r(z) = 36z^4 + 36z^3 + 18z^2 + 6z + 1
d = (p^4 - p^2 + 1) / r
d1 = d 2z(6z^2 + 3z + 1)
= c0 + c1 p + c2 p^2 + c3 p^3
c0 = 1 + 6z + 12z^2 + 12z^3
c1 = 4z + 6z^2 + 12z^3
c2 = 6z + 6z^2 + 12z^3
c3 = -1 + 4z + 6z^2 + 12z^3
x -> x^z -> x^2z -> x^4z -> x^6z -> x^(6z^2) -> x^(12z^2) -> x^(12z^3)
a = x^(6z) x^(6z^2) x^(12z^3)
b = a / (x^2z)
x^d1 = (a x^(6z^2) x) b^p a^(p^2) (b / x)^(p^3)
*/
static void expHardPart(Fp12& y, const Fp12& x)
{
#if 0
const mpz_class& p = param.p;
mpz_class p2 = p * p;
mpz_class p4 = p2 * p2;
Fp12::pow(y, x, (p4 - p2 + 1) / param.r);
return;
#endif
#if 1
Fp12 a, b;
Fp12 a2, a3;
Base::pow_z(b, x); // x^z
Base::fasterSqr(b, b); // x^2z
Base::fasterSqr(a, b); // x^4z
a *= b; // x^6z
Base::pow_z(a2, a); // x^(6z^2)
a *= a2;
Base::fasterSqr(a3, a2); // x^(12z^2)
Base::pow_z(a3, a3); // x^(12z^3)
a *= a3;
Fp12::unitaryInv(b, b);
b *= a;
a2 *= a;
Fp12::Frobenius2(a, a);
a *= a2;
a *= x;
Fp12::unitaryInv(y, x);
y *= b;
Fp12::Frobenius(b, b);
a *= b;
Fp12::Frobenius3(y, y);
y *= a;
#else
Fp12 t1, t2, t3;
Fp12::Frobenius(t1, x);
Fp12::Frobenius(t2, t1);
Fp12::Frobenius(t3, t2);
Fp12::pow(t1, t1, param.exp_c1);
Fp12::pow(t2, t2, param.exp_c2);
Fp12::pow(y, x, param.exp_c0);
y *= t1;
y *= t2;
y *= t3;
#endif
}
};
} } // mcl::bn

159
include/mcl/pairing_util.hpp
Unescape View File

@ -108,6 +108,7 @@ struct CommonParamT {
mpz_class z;
mpz_class abs_z;
bool isNegative;
bool isBLS12;
mpz_class p;
mpz_class r;
/*
@ -133,8 +134,8 @@ struct CommonParamT {
void initCommonParam(const CurveParam& cp, fp::Mode mode)
{
const bool isBLS12 = cp.curveType == mclBls12_CurveFp381;
this->cp = cp;
isBLS12 = cp.curveType == mclBls12_CurveFp381;
z = mpz_class(cp.z);
isNegative = z < 0;
if (isNegative) {
@ -269,7 +270,7 @@ typename G2::Fp HaveFrobenius<G2>::g2;
template<class G2>
typename G2::Fp HaveFrobenius<G2>::g3;
template<class Fp, class Param>
template<class CT, class Fp, class Param>
struct BasePairingT {
typedef mcl::Fp2T<Fp> Fp2;
typedef mcl::Fp6T<Fp> Fp6;
@ -774,11 +775,11 @@ struct BasePairingT {
*/
static void mulSparse(Fp12& z, const Fp6& x)
{
#ifdef MCL_USE_BLS12
mul_041(z, x);
return;
#endif
mul_403(z, x);
if (param.cp.isMtype) {
mul_041(z, x);
} else {
mul_403(z, x);
}
}
static void convertFp6toFp12(Fp12& y, const Fp6& x)
{
@ -800,32 +801,6 @@ struct BasePairingT {
convertFp6toFp12(z, x);
mulSparse(z, y);
}
#if 0
/*
y = x^d
d = (p^4 - p^2 + 1)/r = c0 + c1 p + c2 p^2 + p^3
*/
static void exp_d(Fp12& y, const Fp12& x)
{
#if 1
Fp12 t1, t2, t3;
Fp12::Frobenius(t1, x);
Fp12::Frobenius(t2, t1);
Fp12::Frobenius(t3, t2);
Fp12::pow(t1, t1, param.exp_c1);
Fp12::pow(t2, t2, param.exp_c2);
Fp12::pow(y, x, param.exp_c0);
y *= t1;
y *= t2;
y *= t3;
#else
const mpz_class& p = param.p;
mpz_class p2 = p * p;
mpz_class p4 = p2 * p2;
Fp12::pow(y, x, (p4 - p2 + 1) / param.r);
#endif
}
#endif
/*
Faster Squaring in the Cyclotomic Subgroup of Sixth Degree Extensions
Robert Granger, Michael Scott
@ -899,52 +874,6 @@ struct BasePairingT {
y3 += t2;
#endif
}
/*
Faster Hashing to G2
Laura Fuentes-Castaneda, Edward Knapp, Francisco Rodriguez-Henriquez
section 4.1
y = x^(d 2z(6z^2 + 3z + 1)) where
p = p(z) = 36z^4 + 36z^3 + 24z^2 + 6z + 1
r = r(z) = 36z^4 + 36z^3 + 18z^2 + 6z + 1
d = (p^4 - p^2 + 1) / r
d1 = d 2z(6z^2 + 3z + 1)
= c0 + c1 p + c2 p^2 + c3 p^3
c0 = 1 + 6z + 12z^2 + 12z^3
c1 = 4z + 6z^2 + 12z^3
c2 = 6z + 6z^2 + 12z^3
c3 = -1 + 4z + 6z^2 + 12z^3
x -> x^z -> x^2z -> x^4z -> x^6z -> x^(6z^2) -> x^(12z^2) -> x^(12z^3)
a = x^(6z) x^(6z^2) x^(12z^3)
b = a / (x^2z)
x^d1 = (a x^(6z^2) x) b^p a^(p^2) (b / x)^(p^3)
*/
static void exp_d1(Fp12& y, const Fp12& x)
{
Fp12 a, b;
Fp12 a2, a3;
pow_z(b, x); // x^z
fasterSqr(b, b); // x^2z
fasterSqr(a, b); // x^4z
a *= b; // x^6z
pow_z(a2, a); // x^(6z^2)
a *= a2;
fasterSqr(a3, a2); // x^(12z^2)
pow_z(a3, a3); // x^(12z^3)
a *= a3;
Fp12::unitaryInv(b, b);
b *= a;
a2 *= a;
Fp12::Frobenius2(a, a);
a *= a2;
a *= x;
Fp12::unitaryInv(y, x);
y *= b;
Fp12::Frobenius(b, b);
a *= b;
Fp12::Frobenius3(y, y);
y *= a;
}
static void mapToCyclotomic(Fp12& y, const Fp12& x)
{
Fp12 z;
@ -954,56 +883,6 @@ struct BasePairingT {
Fp6::neg(z.b, z.b); // z^(p^6) = conjugate of z
y *= z;
}
#ifdef MCL_USE_BLS12
static void exp_d(Fp12& y, const Fp12& x)
{
#if 0
const mpz_class& p = param.p;
mpz_class p2 = p * p;
mpz_class p4 = p2 * p2;
Fp12::pow(y, x, (p4 - p2 + 1) / param.r * 3);
return;
#endif
#if 1
Fp12 a0, a1, a2, a3, a4, a5, a6, a7;
Fp12::unitaryInv(a0, x); // a0 = x^-1
fasterSqr(a1, a0); // x^-2
pow_z(a2, x); // x^z
fasterSqr(a3, a2); // x^2z
a1 *= a2; // a1 = x^(z-2)
pow_z(a7, a1); // a7 = x^(z^2-2z)
pow_z(a4, a7); // a4 = x^(z^3-2z^2)
pow_z(a5, a4); // a5 = x^(z^4-2z^3)
a3 *= a5; // a3 = x^(z^4-2z^3+2z)
pow_z(a6, a3); // a6 = x^(z^5-2z^4+2z^2)
Fp12::unitaryInv(a1, a1); // x^(2-z)
a1 *= a6; // x^(z^5-2z^4+2z^2-z+2)
a1 *= x; // x^(z^5-2z^4+2z^2-z+3) = x^c0
a3 *= a0; // x^(z^4-2z^3-1) = x^c1
Fp12::Frobenius(a3, a3); // x^(c1 p)
a1 *= a3; // x^(c0 + c1 p)
a4 *= a2; // x^(z^3-2z^2+z) = x^c2
Fp12::Frobenius2(a4, a4); // x^(c2 p^2)
a1 *= a4; // x^(c0 + c1 p + c2 p^2)
a7 *= x; // x^(z^2-2z+1) = x^c3
Fp12::Frobenius3(y, a7);
y *= a1;
#else
Fp12 t1, t2, t3;
Fp12::Frobenius(t1, x);
Fp12::Frobenius(t2, t1);
Fp12::Frobenius(t3, t2);
Fp12::pow(t1, t1, param.exp_c1);
Fp12::pow(t2, t2, param.exp_c2);
Fp12::pow(t3, t3, param.exp_c3);
Fp12::pow(y, x, param.exp_c0);
y *= t1;
y *= t2;
y *= t3;
#endif
}
#endif
/*
y = x^((p^12 - 1) / r)
(p^12 - 1) / r = (p^2 + 1) (p^6 - 1) (p^4 - p^2 + 1)/r
@ -1021,11 +900,7 @@ struct BasePairingT {
Fp12::pow(y, x, p2 + 1);
Fp12::pow(y, y, p4 * p2 - 1);
#endif
#ifdef MCL_USE_BLS12
exp_d(y, y);
#else
exp_d1(y, y);
#endif
CT::expHardPart(y, y);
}
/*
remark : returned value is NOT on a curve
@ -1078,7 +953,7 @@ struct BasePairingT {
G2::neg(T, T);
Fp6::neg(f.b, f.b);
}
#ifndef MCL_USE_BLS12
if (param.isBLS12) return;
G2 Q1, Q2;
G2withF::Frobenius(Q1, Q);
G2withF::Frobenius(Q2, Q1);
@ -1088,7 +963,6 @@ struct BasePairingT {
Fp12 ft;
mulSparse2(ft, d, e);
f *= ft;
#endif
}
static void pairing(Fp12& f, const G1& P, const G2& Q)
{
@ -1141,7 +1015,7 @@ struct BasePairingT {
if (param.z < 0) {
G2::neg(T, T);
}
#ifndef MCL_USE_BLS12
if (param.isBLS12) return;
G2 Q1, Q2;
G2withF::Frobenius(Q1, Q);
G2withF::Frobenius(Q2, Q1);
@ -1149,7 +1023,6 @@ struct BasePairingT {
addLineWithoutP(Qcoeff[idx++], T, Q1);
addLineWithoutP(Qcoeff[idx++], T, Q2);
assert(idx == param.precomputedQcoeffSize);
#endif
}
static void precomputedMillerLoop(Fp12& f, const G1& P, const std::vector<Fp6>& Qcoeff)
{
@ -1182,7 +1055,7 @@ struct BasePairingT {
if (param.z < 0) {
Fp6::neg(f.b, f.b);
}
#ifndef MCL_USE_BLS12
if (param.isBLS12) return;
mulFp6cb_by_G1xy(d, Qcoeff[idx], P);
idx++;
mulFp6cb_by_G1xy(e, Qcoeff[idx], P);
@ -1190,7 +1063,6 @@ struct BasePairingT {
Fp12 ft;
mulSparse2(ft, d, e);
f *= ft;
#endif
}
/*
f = MillerLoop(P1, Q1) x MillerLoop(P2, Q2)
@ -1238,7 +1110,7 @@ struct BasePairingT {
if (param.z < 0) {
Fp6::neg(f.b, f.b);
}
#ifndef MCL_USE_BLS12
if (param.isBLS12) return;
mulFp6cb_by_G1xy(d1, Q1coeff[idx], P1);
mulFp6cb_by_G1xy(d2, Q2coeff[idx], P2);
idx++;
@ -1249,7 +1121,6 @@ struct BasePairingT {
mulSparse2(f2, d2, e2);
f *= f1;
f *= f2;
#endif
}
static void mapToG1(G1& P, const Fp& x) { param.mapTo.calcG1(P, x); }
static void mapToG2(G2& P, const Fp2& x) { param.mapTo.calcG2(P, x); }
@ -1276,8 +1147,8 @@ struct BasePairingT {
}
};
template<class Fp, class Param>
Param BasePairingT<Fp, Param>::param;
template<class CT, class Fp, class Param>
Param BasePairingT<CT, Fp, Param>::param;
} // mcl::util

2
test/bn384_test.cpp
Unescape View File

@ -33,7 +33,7 @@ void testCurve(const mcl::bn::CurveParam& cp)
BN::pairing(e2, aP, bQ);
GT::pow(e1, e1, a * b);
CYBOZU_TEST_EQUAL(e1, e2);
testBench(P, Q);
testBench<BN>(P, Q);
}
CYBOZU_TEST_AUTO(pairing)

35
test/bn512_test.cpp
Unescape View File

@ -12,38 +12,6 @@ mcl::fp::Mode g_mode;
#include "bench.hpp"
void testHashAndMapto(const mcl::bn::CurveParam& cp)
{
G1 P;
G2 Q;
BN::hashAndMapToG1(P, "test", 4);
BN::hashAndMapToG2(Q, "test", 4);
const char *p = 0;
const char *q = 0;
if (cp == mcl::bn::CurveFp462) {
p = "1 10953c12172901fcbdada97c50a248ee33f57ecad739b5e16d5dee3abf43e4ef282c76eb6dec6e639b5df4a3bde3000d8e850db82b7b0465a979 1326c1cba10792ce942bf7064795c8f6222242a2ece48cf92a227e481588ce8bbdc0e661bfbefd421c440fb9859f95ce0e0a43e81522b1ded5";
q = "1 118143ce614efdcddd2a56a78615a5a37eb544e0e2456a18e378de01e967d2c28a8e3175211b140e764255e04dbadc3cac95dd8fc78829169513 1603d1906a39839ded9154f199039ace8c564bd205f14b96fd43180f71400df02f9d117bf68b008a845ea952699d163d4ce8c274d092faa42c90 1c81acea0fba05de766733651fc9fe0aa05c490d27ff54236212b0e5c3ed9efc6d91d505d88ce0ef3ac30eb4ae1eb49a7fabeaac3625f21d279b 1d51b2613d65f1f93462163e37415bf75bdfda6eaefba4034a1375590edd340f295f5cbca7f8afe9d1bdf4fbe85a279a5ebe19f403dcf4f35263";
} else if (cp == mcl::bn::CurveFp382_1) {
p = "1 21e43f3aecae284f008bcf780ef3064c92951c40357de8d6653fecdcaaaa4e539847e3d74becab9a6edcce475cb56374 1668854173ac1d40921a325ed482cf39aad24570eb5ba04b71d96f8f9b5385652a48167365039974c3e215c79305d4f8";
q = "1 141ed1e349e553088bdd1e118b5cdf10ae382f7305100c7afc8f30c685c659ff3428261f2dc52079fb0ec6158e08689b 1cf6f471ef1a959ae0170a8ee5e9637defeb41b1f85f953223b20349de894741e0f5882dcacbfb7efbb301ec1ba0807c 16a2ce4c680918b0e80596d51d2add3fcc51a9ec986d9eff0be328ebe75cee039047055317871d8b2101b687bda58739 10fed1bc206bd46f48e58b371f70c4df8da5477c5de15c0014967cd81664b131917709216618ee6795ec81a6cad6cc3";
} else if (cp == mcl::bn::CurveFp382_2) {
p = "1 16e20771f6138ac9254a2b2d03af648192230c1d54a74490ba1c8ea9d4f4962fef22fda740ec8c3600faa49cca4b265f c62cd3384224dacee20b34926e7deb45887959f3db948dc358fe00917fa9723dad5e5146822c513a22888f74156bff3";
q = "1 5c4a9258661680ffa4bb27db209ad3fb7d1778826fc4c701d0f6b47fc1b0c366ec0b1fcd4873d14a9a4e024e03bbdd5 c0f34a7ad7d698f8aa0821a9c3693d2b396803ec96ebcdfca2cf02b164955c04b582b9f49e6cea2bcd8087546199252 1760d4d6f5b96f18a215fc03756c81ae40582bd2d5c403f0cef4eba774e250db37bcc5cf99fff863b4e3a60a57c4753e 6d432706c8dcc0213cd7f316058a6d97b8e785d6a82158dbd93f0be041acb0c1a732da3e2abff331450fbef5ae42401";
} else if (cp == mcl::bn::CurveFp254BNb) {
p = "1 eec3cf4d6081a968f03332701b07163bf6b69fdef0b995f067857f018cb7761 1a47fcc17416ae55d2a8c32be5662ff2446e044252d77eb66299e13b38a71452";
q = "1 1890d3fee3f3cbed840f62846b54cb7386b776da11ae16b2d1b72d1d2467f6ad 1aec28931fbac01fb567b297a5d70252521a965a2a8c890c5ce700d2801742f5 113fd22d2c5264d7ef1a98344777407ed3a622bb8ce9e5efeec15f2c03dc9698 b0ac220896b9efca039babada9536e04cf392cb482508eafab2ad7362509b4a";
} else {
CYBOZU_TEST_ASSERT(0);
}
G1 P2;
G2 Q2;
P2.setStr(p, 16);
Q2.setStr(q, 16);
CYBOZU_TEST_EQUAL(P, P2);
CYBOZU_TEST_EQUAL(Q, Q2);
}
void testCurve(const mcl::bn::CurveParam& cp)
{
initPairing(cp, g_mode);
@ -65,8 +33,7 @@ void testCurve(const mcl::bn::CurveParam& cp)
BN::pairing(e2, aP, bQ);
GT::pow(e1, e1, a * b);
CYBOZU_TEST_EQUAL(e1, e2);
testHashAndMapto(cp);
testBench(P, Q);
testBench<BN>(P, Q);
}
CYBOZU_TEST_AUTO(pairing)

Write Preview
Loading…
Cancel
Save