github.com/amazechain/amc@v0.1.3/common/crypto/bls12381/field_element.go (about) 1 // Copyright 2023 The AmazeChain Authors 2 // This file is part of the AmazeChain library. 3 // 4 // The AmazeChain library is free software: you can redistribute it and/or modify 5 // it under the terms of the GNU Lesser General Public License as published by 6 // the Free Software Foundation, either version 3 of the License, or 7 // (at your option) any later version. 8 // 9 // The AmazeChain library is distributed in the hope that it will be useful, 10 // but WITHOUT ANY WARRANTY; without even the implied warranty of 11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 // GNU Lesser General Public License for more details. 13 // 14 // You should have received a copy of the GNU Lesser General Public License 15 // along with the AmazeChain library. If not, see <http://www.gnu.org/licenses/>. 16 17 //nolint:stylecheck 18 package bls12381 19 20 import ( 21 "crypto/rand" 22 "encoding/hex" 23 "fmt" 24 "io" 25 "math/big" 26 ) 27 28 // fe is base field element representation 29 type fe [6]uint64 30 31 // fe2 is element representation of 'fp2' which is quadratic extension of base field 'fp' 32 // Representation follows c[0] + c[1] * u encoding order. 33 type fe2 [2]fe 34 35 // fe6 is element representation of 'fp6' field which is cubic extension of 'fp2' 36 // Representation follows c[0] + c[1] * v + c[2] * v^2 encoding order. 37 type fe6 [3]fe2 38 39 // fe12 is element representation of 'fp12' field which is quadratic extension of 'fp6' 40 // Representation follows c[0] + c[1] * w encoding order. 41 type fe12 [2]fe6 42 43 func (fe *fe) setBytes(in []byte) *fe { 44 size := 48 45 l := len(in) 46 if l >= size { 47 l = size 48 } 49 padded := make([]byte, size) 50 copy(padded[size-l:], in) 51 var a int 52 for i := 0; i < 6; i++ { 53 a = size - i*8 54 fe[i] = uint64(padded[a-1]) | uint64(padded[a-2])<<8 | 55 uint64(padded[a-3])<<16 | uint64(padded[a-4])<<24 | 56 uint64(padded[a-5])<<32 | uint64(padded[a-6])<<40 | 57 uint64(padded[a-7])<<48 | uint64(padded[a-8])<<56 58 } 59 return fe 60 } 61 62 func (fe *fe) setBig(a *big.Int) *fe { 63 return fe.setBytes(a.Bytes()) 64 } 65 66 func (fe *fe) setString(s string) (*fe, error) { 67 if s[:2] == "0x" { 68 s = s[2:] 69 } 70 bytes, err := hex.DecodeString(s) 71 if err != nil { 72 return nil, err 73 } 74 return fe.setBytes(bytes), nil 75 } 76 77 func (fe *fe) set(fe2 *fe) *fe { 78 fe[0] = fe2[0] 79 fe[1] = fe2[1] 80 fe[2] = fe2[2] 81 fe[3] = fe2[3] 82 fe[4] = fe2[4] 83 fe[5] = fe2[5] 84 return fe 85 } 86 87 func (fe *fe) bytes() []byte { 88 out := make([]byte, 48) 89 var a int 90 for i := 0; i < 6; i++ { 91 a = 48 - i*8 92 out[a-1] = byte(fe[i]) 93 out[a-2] = byte(fe[i] >> 8) 94 out[a-3] = byte(fe[i] >> 16) 95 out[a-4] = byte(fe[i] >> 24) 96 out[a-5] = byte(fe[i] >> 32) 97 out[a-6] = byte(fe[i] >> 40) 98 out[a-7] = byte(fe[i] >> 48) 99 out[a-8] = byte(fe[i] >> 56) 100 } 101 return out 102 } 103 104 func (fe *fe) big() *big.Int { 105 return new(big.Int).SetBytes(fe.bytes()) 106 } 107 108 func (fe *fe) string() (s string) { 109 for i := 5; i >= 0; i-- { 110 s = fmt.Sprintf("%s%16.16x", s, fe[i]) 111 } 112 return "0x" + s 113 } 114 115 func (fe *fe) zero() *fe { 116 fe[0] = 0 117 fe[1] = 0 118 fe[2] = 0 119 fe[3] = 0 120 fe[4] = 0 121 fe[5] = 0 122 return fe 123 } 124 125 func (fe *fe) one() *fe { 126 return fe.set(r1) 127 } 128 129 func (fe *fe) rand(r io.Reader) (*fe, error) { 130 bi, err := rand.Int(r, modulus.big()) 131 if err != nil { 132 return nil, err 133 } 134 return fe.setBig(bi), nil 135 } 136 137 func (fe *fe) isValid() bool { 138 return fe.cmp(&modulus) < 0 139 } 140 141 func (fe *fe) isOdd() bool { 142 var mask uint64 = 1 143 return fe[0]&mask != 0 144 } 145 146 func (fe *fe) isEven() bool { 147 var mask uint64 = 1 148 return fe[0]&mask == 0 149 } 150 151 func (fe *fe) isZero() bool { 152 return (fe[5] | fe[4] | fe[3] | fe[2] | fe[1] | fe[0]) == 0 153 } 154 155 func (fe *fe) isOne() bool { 156 return fe.equal(r1) 157 } 158 159 func (fe *fe) cmp(fe2 *fe) int { 160 for i := 5; i >= 0; i-- { 161 if fe[i] > fe2[i] { 162 return 1 163 } else if fe[i] < fe2[i] { 164 return -1 165 } 166 } 167 return 0 168 } 169 170 func (fe *fe) equal(fe2 *fe) bool { 171 return fe2[0] == fe[0] && fe2[1] == fe[1] && fe2[2] == fe[2] && fe2[3] == fe[3] && fe2[4] == fe[4] && fe2[5] == fe[5] 172 } 173 174 func (e *fe) sign() bool { 175 r := new(fe) 176 fromMont(r, e) 177 return r[0]&1 == 0 178 } 179 180 //nolint:unparam 181 func (fe *fe) div2(e uint64) { 182 fe[0] = fe[0]>>1 | fe[1]<<63 183 fe[1] = fe[1]>>1 | fe[2]<<63 184 fe[2] = fe[2]>>1 | fe[3]<<63 185 fe[3] = fe[3]>>1 | fe[4]<<63 186 fe[4] = fe[4]>>1 | fe[5]<<63 187 fe[5] = fe[5]>>1 | e<<63 188 } 189 190 func (fe *fe) mul2() uint64 { 191 e := fe[5] >> 63 192 fe[5] = fe[5]<<1 | fe[4]>>63 193 fe[4] = fe[4]<<1 | fe[3]>>63 194 fe[3] = fe[3]<<1 | fe[2]>>63 195 fe[2] = fe[2]<<1 | fe[1]>>63 196 fe[1] = fe[1]<<1 | fe[0]>>63 197 fe[0] = fe[0] << 1 198 return e 199 } 200 201 func (e *fe2) zero() *fe2 { 202 e[0].zero() 203 e[1].zero() 204 return e 205 } 206 207 func (e *fe2) one() *fe2 { 208 e[0].one() 209 e[1].zero() 210 return e 211 } 212 213 func (e *fe2) set(e2 *fe2) *fe2 { 214 e[0].set(&e2[0]) 215 e[1].set(&e2[1]) 216 return e 217 } 218 219 func (e *fe2) rand(r io.Reader) (*fe2, error) { 220 a0, err := new(fe).rand(r) 221 if err != nil { 222 return nil, err 223 } 224 a1, err := new(fe).rand(r) 225 if err != nil { 226 return nil, err 227 } 228 return &fe2{*a0, *a1}, nil 229 } 230 231 func (e *fe2) isOne() bool { 232 return e[0].isOne() && e[1].isZero() 233 } 234 235 func (e *fe2) isZero() bool { 236 return e[0].isZero() && e[1].isZero() 237 } 238 239 func (e *fe2) equal(e2 *fe2) bool { 240 return e[0].equal(&e2[0]) && e[1].equal(&e2[1]) 241 } 242 243 func (e *fe2) sign() bool { 244 r := new(fe) 245 if !e[0].isZero() { 246 fromMont(r, &e[0]) 247 return r[0]&1 == 0 248 } 249 fromMont(r, &e[1]) 250 return r[0]&1 == 0 251 } 252 253 func (e *fe6) zero() *fe6 { 254 e[0].zero() 255 e[1].zero() 256 e[2].zero() 257 return e 258 } 259 260 func (e *fe6) one() *fe6 { 261 e[0].one() 262 e[1].zero() 263 e[2].zero() 264 return e 265 } 266 267 func (e *fe6) set(e2 *fe6) *fe6 { 268 e[0].set(&e2[0]) 269 e[1].set(&e2[1]) 270 e[2].set(&e2[2]) 271 return e 272 } 273 274 func (e *fe6) rand(r io.Reader) (*fe6, error) { 275 a0, err := new(fe2).rand(r) 276 if err != nil { 277 return nil, err 278 } 279 a1, err := new(fe2).rand(r) 280 if err != nil { 281 return nil, err 282 } 283 a2, err := new(fe2).rand(r) 284 if err != nil { 285 return nil, err 286 } 287 return &fe6{*a0, *a1, *a2}, nil 288 } 289 290 func (e *fe6) isOne() bool { 291 return e[0].isOne() && e[1].isZero() && e[2].isZero() 292 } 293 294 func (e *fe6) isZero() bool { 295 return e[0].isZero() && e[1].isZero() && e[2].isZero() 296 } 297 298 func (e *fe6) equal(e2 *fe6) bool { 299 return e[0].equal(&e2[0]) && e[1].equal(&e2[1]) && e[2].equal(&e2[2]) 300 } 301 302 func (e *fe12) zero() *fe12 { 303 e[0].zero() 304 e[1].zero() 305 return e 306 } 307 308 func (e *fe12) one() *fe12 { 309 e[0].one() 310 e[1].zero() 311 return e 312 } 313 314 func (e *fe12) set(e2 *fe12) *fe12 { 315 e[0].set(&e2[0]) 316 e[1].set(&e2[1]) 317 return e 318 } 319 320 func (e *fe12) rand(r io.Reader) (*fe12, error) { 321 a0, err := new(fe6).rand(r) 322 if err != nil { 323 return nil, err 324 } 325 a1, err := new(fe6).rand(r) 326 if err != nil { 327 return nil, err 328 } 329 return &fe12{*a0, *a1}, nil 330 } 331 332 func (e *fe12) isOne() bool { 333 return e[0].isOne() && e[1].isZero() 334 } 335 336 func (e *fe12) isZero() bool { 337 return e[0].isZero() && e[1].isZero() 338 } 339 340 func (e *fe12) equal(e2 *fe12) bool { 341 return e[0].equal(&e2[0]) && e[1].equal(&e2[1]) 342 }