she: add enc.pub(CipherTextM&)

7 years ago · 3246b21842
parent 09a6505d02
commit 3246b21842
2 changed files with 108 additions and 7 deletions
--- a/include/mcl/she.hpp
+++ b/include/mcl/she.hpp
@ -22,15 +22,21 @@
 #endif
 #ifdef MCL_USE_BN256
 #include <mcl/bn256.hpp>
+namespace mcl {
 namespace bn_current = mcl::bn256;
+}
 #endif
 #ifdef MCL_USE_BN384
 #include <mcl/bn384.hpp>
+namespace mcl {
 namespace bn_current = mcl::bn384;
+}
 #endif
 #ifdef MCL_USE_BN512
 #include <mcl/bn512.hpp>
+namespace mcl {
 namespace bn_current = mcl::bn512;
+}
 #endif

 #if CYBOZU_CPP_VERSION >= CYBOZU_CPP_VERSION_CPP11
@ -465,8 +471,7 @@ public:
 		*/
 		void getPublicKey(PublicKey& pub) const
 		{
-			G1::mul(pub.xP, P, x);
-			G2::mul(pub.yQ, Q, y);
+			pub.set(x, y);
 		}
 #if 0
 		// log_x(y)
@ -573,6 +578,10 @@ public:
 	class PublicKey {
 		G1 xP;
 		G2 yQ;
+		GT mPQ;   // ML(P, Q)
+		GT mxPQ;  // ML(xP, Q)
+		GT myPQ;  // ML(P, yQ)
+		GT mxyPQ; // ML(xP, yQ)
 		friend class SecretKey;
 		/*
 			(S, T) = (m P + r xP, rP)
@ -588,6 +597,19 @@ public:
 			G::mul(C, xP, r);
 			S += C;
 		}
+		void set(const Fr& x, const Fr& y)
+		{
+			G1::mul(xP, P, x);
+			G2::mul(yQ, Q, y);
+			setOtherMember();
+		}
+		void setOtherMember()
+		{
+			BN::millerLoop(mPQ, P, Q);
+			BN::millerLoop(mxPQ, xP, Q);
+			BN::millerLoop(myPQ, P, yQ);
+			BN::millerLoop(mxyPQ, xP, yQ);
+		}
 	public:
 		template<class RG>
 		void enc(CipherTextG1& c, int m, RG& rg) const
@ -606,15 +628,56 @@ public:
 			enc(c.c2, m, rg);
 		}
 		template<class RG>
-		void enc(CipherText& c, int m, RG& rg) const
+		void enc(CipherTextM& c, int m, RG& rg) const
+		{
+			/*
+				(s, t, u, v) = ((e^x)^a (e^y)^b (e^-xy)^c e^m, e^b, e^a, e^c)
+				s = e(a xP + m P, Q)e(b P - c xP, yQ)
+			*/
+			Fr ra, rb, rc;
+			ra.setRand(rg);
+			rb.setRand(rg);
+			rc.setRand(rg);
+			GT e;
+#if 1 // 6.5Mclk -> 5.9Mclk at Fp462
+			G1 P1, P2;
+			G1::mul(P1, xP, ra);
+			G1::mul(P2, P, m);
+			P1 += P2;
+			BN::millerLoop(c.g[0], P1, Q);
+			G1::mul(P1, P, rb);
+			G1::mul(P2, xP, rc);
+			P1 -= P2;
+			BN::millerLoop(e, P1, yQ);
+			c.g[0] *= e;
+#else
+			GT::pow(c.g[0], mxPQ, ra);
+			GT::pow(e, myPQ, rb);
+			c.g[0] *= e;
+			GT::pow(e, mxyPQ, -rc);
+			c.g[0] *= e;
+			GT::pow(e, mPQ, m);
+			c.g[0] *= e;
+#endif
+			GT::pow(c.g[1], mPQ, rb);
+			GT::pow(c.g[2], mPQ, ra);
+			GT::pow(c.g[3], mPQ, rc);
+		}
+		template<class RG>
+		void enc(CipherText& c, int m, RG& rg, bool multiplied = false) const
 		{
-			c.isMultiplied_ = false;
-			enc(c.a, m, rg);
+			c.isMultiplied_ = multiplied;
+			if (multiplied) {
+				enc(c.m, m, rg);
+			} else {
+				enc(c.a, m, rg);
+			}
 		}
 		void enc(CipherTextG1& c, int m) const { return enc(c, m, local::g_rg); }
 		void enc(CipherTextG2& c, int m) const { return enc(c, m, local::g_rg); }
 		void enc(CipherTextA& c, int m) const { return enc(c, m, local::g_rg); }
-		void enc(CipherText& c, int m) const { return enc(c, m, local::g_rg); }
+		void enc(CipherTextM& c, int m) const { return enc(c, m, local::g_rg); }
+		void enc(CipherText& c, int m, bool multiplied = false) const { return enc(c, m, local::g_rg, multiplied); }
 		/*
 			convert from CipherTextG1 to CipherTextM
 		*/
@ -697,6 +760,7 @@ public:
 		{
 			xP.readStream(is, ioMode);
 			yQ.readStream(is, ioMode);
+			setOtherMember();
 			return is;
 		}
 		void getStr(std::string& str, int ioMode = 0) const
--- a/test/she_test.cpp
+++ b/test/she_test.cpp
@ -5,7 +5,7 @@
 #include <mcl/she.hpp>

 using namespace mcl::she;
-using namespace mcl::bn256;
+using namespace mcl::bn_current;

 SecretKey g_sec;

@ -115,6 +115,12 @@ CYBOZU_TEST_AUTO(add_sub_mul)

 			CipherText::mul(c3, c3, -25);
 			CYBOZU_TEST_EQUAL(m1 * m2 * -25, sec.dec(c3));
+
+			pub.enc(c1, m1, true);
+			CYBOZU_TEST_EQUAL(m1, sec.dec(c1));
+			pub.enc(c2, m2, true);
+			CipherText::add(c3, c1, c2);
+			CYBOZU_TEST_EQUAL(m1 + m2, sec.dec(c3));
 		}
 	}
 }
@ -227,6 +233,37 @@ CYBOZU_TEST_AUTO(io)
 	}
 }

+CYBOZU_TEST_AUTO(opBench)
+{
+	G1 P, P2;
+	G2 Q;
+	GT e, e2;
+	Fr r;
+	r.setRand(mcl::she::local::g_rg);
+	BN::hashAndMapToG1(P, "abc");
+	BN::hashAndMapToG2(Q, "abc");
+	BN::pairing(e, P, Q);
+	const int c = 100;
+	P2.clear();
+	e2 = 1;
+	CYBOZU_BENCH_C("G1::add", c, G1::add, P2, P2, P);
+	CYBOZU_BENCH_C("G1::pow", c, G1::mul, P, P, r);
+	CYBOZU_BENCH_C("GT::mul", c, GT::mul, e2, e2, e);
+	CYBOZU_BENCH_C("GT::pow", c, GT::pow, e, e, r);
+	CYBOZU_BENCH_C("miller ", c, BN::millerLoop, e, P, Q);
+
+	const SecretKey& sec = g_sec;
+	PublicKey pub;
+	sec.getPublicKey(pub);
+	CipherTextG1 ca1;
+	CipherTextG2 ca2;
+	CipherTextM cm;
+	CYBOZU_BENCH_C("encG1", c, pub.enc, ca1, 12345);
+	CYBOZU_BENCH_C("encG2", c, pub.enc, ca2, 12345);
+	CYBOZU_BENCH_C("encGT", c, pub.enc, cm, 12345);
+}
+
+
 CYBOZU_TEST_AUTO(bench)
 {
 	const SecretKey& sec = g_sec;