diff --git a/include/mcl/bn.hpp b/include/mcl/bn.hpp index a472d9d..f38bc8b 100644 --- a/include/mcl/bn.hpp +++ b/include/mcl/bn.hpp @@ -325,6 +325,7 @@ struct MapTo { mpz_class z_; mpz_class cofactor_; mpz_class g2cofactor_; + Fr g2cofactorAdj_; int type_; int mapToMode_; bool useOriginalG2cofactor_; @@ -459,13 +460,10 @@ struct MapTo { Efficient hash maps to G2 on BLS curves Alessandro Budroni, Federico Pintore Q = (z(z-1)-1)P + Frob((z-1)P) + Frob^2(2P) + original G2 cofactor = this cofactor * g2cofactorAdj_ */ - void mulByCofactorBLS12(G2& Q, const G2& P) const + void mulByCofactorBLS12fast(G2& Q, const G2& P) const { - if (useOriginalG2cofactor_) { - G2::mulGeneric(Q, P, g2cofactor_); - return; - } G2 T0, T1; G2::mulGeneric(T0, P, z_ - 1); G2::mulGeneric(T1, T0, z_); @@ -476,6 +474,14 @@ struct MapTo { Frobenius2(T1, T1); G2::add(Q, T0, T1); } + void mulByCofactorBLS12(G2& Q, const G2& P) const + { + mulByCofactorBLS12fast(Q, P); + if (useOriginalG2cofactor_) { + Q *= g2cofactorAdj_; + return; + } + } /* cofactor_ is for G2(not used now) */ @@ -508,6 +514,11 @@ struct MapTo { assert(b); (void)b; c2_ = (c1_ - 1) / 2; + mpz_class t = (z * z - 1) * 3;; + g2cofactorAdj_.setMpz(&b, t); + assert(b); + (void)b; + Fr::inv(g2cofactorAdj_, g2cofactorAdj_); } /* change mapTo function to mode diff --git a/test/bls12_test.cpp b/test/bls12_test.cpp index 3b11974..e45fcbd 100644 --- a/test/bls12_test.cpp +++ b/test/bls12_test.cpp @@ -733,6 +733,19 @@ CYBOZU_TEST_AUTO(eth2) CYBOZU_BENCH_C("mapToG2 org-cofactor", 1000, mapToG2, Q, m); setOriginalG2cofactor(false); CYBOZU_BENCH_C("mapToG2 fast-cofactor", 1000, mapToG2, Q, m); + + Fp2 x; + x.a = 5; + x.b = 3; + const mpz_class& g2c = BN::param.mapTo.g2cofactor_; + const Fr& g2ca = BN::param.mapTo.g2cofactorAdj_; + G2 Q1, Q2, Q3; + BN::param.mapTo.mapToEc(Q, x); + G2::mulGeneric(Q1, Q, g2c); + Q2 = Q; + BN::param.mapTo.mulByCofactor(Q2); + Q2 *= g2ca; + CYBOZU_TEST_EQUAL(Q1, Q2); } typedef std::vector FpVec;