refactor ec::dbl

5 years ago · 7e6ab212fb
parent 9c62b3d964
commit 7e6ab212fb
3 changed files with 38 additions and 93 deletions
--- a/include/mcl/ec.hpp
+++ b/include/mcl/ec.hpp
@ -117,9 +117,9 @@ bool isValidJacobi(const F& x, const F& y, const F& z, const F& a, const F& b)
 }

 /*
-	a = 0   3M + 4S + 12A
-	a = -3  3M + 6S + 13A
-	generic 4M + 6S + 13A
+	a = 0   2M + 5S + 14A
+	a = -3  2M + 7S + 15A
+	generic 3M + 7S + 15A
 */
 template<class E>
 void dblJacobi(E& R, const E& P, int specialA, const typename E::Fp& a)
@ -129,87 +129,31 @@ void dblJacobi(E& R, const E& P, int specialA, const typename E::Fp& a)
 		R.clear();
 		return;
 	}
-#if 0
-	// a = 0    M + 7S + 15A
-	// a = -3   M + 8S + 18A
-	// generic 2M + 8S + 16A
-	F x2, y2, y4, z2, s, m, t;
-    F::sqr(x2, P.x);
-    F::sqr(y2, P.y);
-    F::sqr(y4, y2);
 	const bool isPzOne = P.z.isOne();
-	if (isPzOne) {
-		z2 = P.z;
-	} else {
-	    F::sqr(z2, P.z);
-	}
-    F::add(s, P.x, y2);
-    F::sqr(s, s);
-    s -= x2;
-    s -= y4;
-    s += s;
-	F::add(m, x2, x2);
-	m += x2;
-	switch (specialA) {
-	case Zero:
-		break;
-	case Minus3:
-		if (isPzOne) {
-			t = z2;
-		} else {
-			F::sqr(t, z2);
-		}
-		m -= t;
-		m -= t;
-		m -= t;
-		break;
-	case GenericA:
-	default:
-		if (isPzOne) {
-			m += a;
-		} else {
-			F::sqr(t, z2);
-			t *= a;
-			m += t;
-		}
-		break;
-	}
-    F::sqr(t, m);
-    t -= s;
-    F::sub(R.x, t, s); // m^2 - 2s
-	F::add(R.z, P.y, P.z);
-	F::sqr(R.z, R.z);
-	R.z -= y2;
-	R.z -= z2;
-	F::sub(R.y, s, R.x);
-	R.y *= m;
-	F::add(t, y4, y4);
-	t += t;
-	t += t;
-	R.y -= t;
-#else
-	F S, M, t, y2;
+	F x2, y2, xy, t;
+	F::sqr(x2, P.x);
 	F::sqr(y2, P.y);
-	F::mul(S, P.x, y2);
-	const bool isPzOne = P.z.isOne();
-	S += S;
-	S += S;
-	F::sqr(M, P.x);
+	F::add(xy, P.x, y2);
+	F::sqr(y2, y2);
+	F::sqr(xy, xy);
+	xy -= x2;
+	xy -= y2;
+	xy += xy;
 	switch (specialA) {
 	case Zero:
-		F::add(t, M, M);
-		M += t;
+		F::add(t, x2, x2);
+		x2 += t;
 		break;
 	case Minus3:
 		if (isPzOne) {
-			M -= P.z;
+			x2 -= P.z;
 		} else {
 			F::sqr(t, P.z);
 			F::sqr(t, t);
-			M -= t;
+			x2 -= t;
 		}
-		F::add(t, M, M);
-		M += t;
+		F::add(t, x2, x2);
+		x2 += t;
 		break;
 	case GenericA:
 	default:
@ -220,28 +164,26 @@ void dblJacobi(E& R, const E& P, int specialA, const typename E::Fp& a)
 			F::sqr(t, t);
 			t *= a;
 		}
-		t += M;
-		M += M;
-		M += t;
+		t += x2;
+		x2 += x2;
+		x2 += t;
 		break;
 	}
-	F::sqr(R.x, M);
-	R.x -= S;
-	R.x -= S;
+	F::sqr(R.x, x2);
+	R.x -= xy;
+	R.x -= xy;
 	if (isPzOne) {
 		R.z = P.y;
 	} else {
 		F::mul(R.z, P.y, P.z);
 	}
 	R.z += R.z;
-	F::sqr(y2, y2);
+	F::sub(R.y, xy, R.x);
+	R.y *= x2;
 	y2 += y2;
 	y2 += y2;
 	y2 += y2;
-	F::sub(R.y, S, R.x);
-	R.y *= M;
 	R.y -= y2;
-#endif
 }

 // 7M + 4S + 7A
--- a/include/mcl/mapto_wb19.hpp
+++ b/include/mcl/mapto_wb19.hpp
@ -135,14 +135,14 @@ struct MapToG2_WB19 {
 		R.y -= S1;
 		R.y -= S1;
 	}
-	// jacobi : sqr 5, mul 2, add 14
+	// jacobi : 2M + 5S + 14A
 	template<class G>
 	void dblT(G& Q, const G& P) const
 	{
 #if 0
 		ec::dblJacobi(Q, P, ec::GenericA, Ell2p_a);
 #else
-		Fp2 A, B, C, D, E, F;
+		Fp2 A, B, C, D, e, f;
 		Fp2::sqr(A, P.x);
 		Fp2::sqr(B, P.y);
 		Fp2::sqr(C, B);
@ -151,10 +151,10 @@ struct MapToG2_WB19 {
 		D -= A;
 		D -= C;
 		D += D;
-		Fp2::add(E, A, A);
-		E += A;
-		Fp2::sqr(F, E);
-		Fp2::sub(Q.x, F, D);
+		Fp2::add(e, A, A);
+		e += A;
+		Fp2::sqr(f, e);
+		Fp2::sub(Q.x, f, D);
 		Q.x -= D;
 		Fp2::mul(Q.z, P.y, P.z);
 		if (Q.z.isZero()) {
@ -164,7 +164,7 @@ struct MapToG2_WB19 {
 		}
 		Q.z += Q.z;
 		Fp2::sub(Q.y, D, Q.x);
-		Q.y *= E;
+		Q.y *= e;
 		C += C;
 		C += C;
 		C += C;
@ -178,6 +178,7 @@ struct MapToG2_WB19 {
 	void dbl(G2& Q, const G2& P) const
 	{
 		dblT(Q, P);
+//		G2::dbl(Q, P);
 	}
 	// P is on y^2 = x^3 + Ell2p_a x + Ell2p_b
 	bool isValidPoint(const Point& P) const
@ -301,6 +302,7 @@ struct MapToG2_WB19 {
 	// refer (xnum, xden, ynum, yden)
 	void iso3(G2& Q, const Point& P) const
 	{
+//		assert(isValidPoint(P));
 		Fp2 zpows[3];
 		Fp2::sqr(zpows[0], P.z);
 		Fp2::sqr(zpows[1], zpows[0]);
@ -321,6 +323,7 @@ struct MapToG2_WB19 {
 		Fp2::sqr(t, Q.z);
 		Fp2::mul(Q.y, mapvals[2], mapvals[1]);
 		Q.y *= t;
+//		assert(Q.isValid());
 	}
 	/*
 		(a+bi)*(-2-i) = (b-2a)-(a+2b)i
--- a/test/mapto_wb19_test.cpp
+++ b/test/mapto_wb19_test.cpp
@ -688,9 +688,9 @@ void testHashToFp2v6(const T& mapto)
 		Fp2 out[2];
 		mapto.hashToFp2v6(out, msg, strlen(msg), dst, strlen(dst));
 		Fp2 expect[2];
-		for (int i = 0; i < 2; i++) {
-			set(expect[i], expectStr[i]);
-			CYBOZU_TEST_EQUAL(out[i], expect[i]);
+		for (int j = 0; j < 2; j++) {
+			set(expect[j], expectStr[j]);
+			CYBOZU_TEST_EQUAL(out[j], expect[j]);
 		}
 		if (i == 0) {
 			// from draft-irtf-cfrg-hash-to-curve/poc/vectors/BLS12381G2_XMD:SHA-256_SSWU_RO_.json.swp