github.com/aswedchain/aswed@v1.0.1/crypto/bls12381/field_element.go (about) 1 // Copyright 2020 The go-ethereum Authors 2 // This file is part of the go-ethereum library. 3 // 4 // The go-ethereum library is free software: you can redistribute it and/or modify 5 // it under the terms of the GNU Lesser General Public License as published by 6 // the Free Software Foundation, either version 3 of the License, or 7 // (at your option) any later version. 8 // 9 // The go-ethereum library is distributed in the hope that it will be useful, 10 // but WITHOUT ANY WARRANTY; without even the implied warranty of 11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 // GNU Lesser General Public License for more details. 13 // 14 // You should have received a copy of the GNU Lesser General Public License 15 // along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>. 16 17 package bls12381 18 19 import ( 20 "crypto/rand" 21 "encoding/hex" 22 "fmt" 23 "io" 24 "math/big" 25 ) 26 27 // fe is base field element representation 28 type fe [6]uint64 29 30 // fe2 is element representation of 'fp2' which is quadratic extension of base field 'fp' 31 // Representation follows c[0] + c[1] * u encoding order. 32 type fe2 [2]fe 33 34 // fe6 is element representation of 'fp6' field which is cubic extension of 'fp2' 35 // Representation follows c[0] + c[1] * v + c[2] * v^2 encoding order. 36 type fe6 [3]fe2 37 38 // fe12 is element representation of 'fp12' field which is quadratic extension of 'fp6' 39 // Representation follows c[0] + c[1] * w encoding order. 40 type fe12 [2]fe6 41 42 func (fe *fe) setBytes(in []byte) *fe { 43 size := 48 44 l := len(in) 45 if l >= size { 46 l = size 47 } 48 padded := make([]byte, size) 49 copy(padded[size-l:], in[:]) 50 var a int 51 for i := 0; i < 6; i++ { 52 a = size - i*8 53 fe[i] = uint64(padded[a-1]) | uint64(padded[a-2])<<8 | 54 uint64(padded[a-3])<<16 | uint64(padded[a-4])<<24 | 55 uint64(padded[a-5])<<32 | uint64(padded[a-6])<<40 | 56 uint64(padded[a-7])<<48 | uint64(padded[a-8])<<56 57 } 58 return fe 59 } 60 61 func (fe *fe) setBig(a *big.Int) *fe { 62 return fe.setBytes(a.Bytes()) 63 } 64 65 func (fe *fe) setString(s string) (*fe, error) { 66 if s[:2] == "0x" { 67 s = s[2:] 68 } 69 bytes, err := hex.DecodeString(s) 70 if err != nil { 71 return nil, err 72 } 73 return fe.setBytes(bytes), nil 74 } 75 76 func (fe *fe) set(fe2 *fe) *fe { 77 fe[0] = fe2[0] 78 fe[1] = fe2[1] 79 fe[2] = fe2[2] 80 fe[3] = fe2[3] 81 fe[4] = fe2[4] 82 fe[5] = fe2[5] 83 return fe 84 } 85 86 func (fe *fe) bytes() []byte { 87 out := make([]byte, 48) 88 var a int 89 for i := 0; i < 6; i++ { 90 a = 48 - i*8 91 out[a-1] = byte(fe[i]) 92 out[a-2] = byte(fe[i] >> 8) 93 out[a-3] = byte(fe[i] >> 16) 94 out[a-4] = byte(fe[i] >> 24) 95 out[a-5] = byte(fe[i] >> 32) 96 out[a-6] = byte(fe[i] >> 40) 97 out[a-7] = byte(fe[i] >> 48) 98 out[a-8] = byte(fe[i] >> 56) 99 } 100 return out 101 } 102 103 func (fe *fe) big() *big.Int { 104 return new(big.Int).SetBytes(fe.bytes()) 105 } 106 107 func (fe *fe) string() (s string) { 108 for i := 5; i >= 0; i-- { 109 s = fmt.Sprintf("%s%16.16x", s, fe[i]) 110 } 111 return "0x" + s 112 } 113 114 func (fe *fe) zero() *fe { 115 fe[0] = 0 116 fe[1] = 0 117 fe[2] = 0 118 fe[3] = 0 119 fe[4] = 0 120 fe[5] = 0 121 return fe 122 } 123 124 func (fe *fe) one() *fe { 125 return fe.set(r1) 126 } 127 128 func (fe *fe) rand(r io.Reader) (*fe, error) { 129 bi, err := rand.Int(r, modulus.big()) 130 if err != nil { 131 return nil, err 132 } 133 return fe.setBig(bi), nil 134 } 135 136 func (fe *fe) isValid() bool { 137 return fe.cmp(&modulus) < 0 138 } 139 140 func (fe *fe) isOdd() bool { 141 var mask uint64 = 1 142 return fe[0]&mask != 0 143 } 144 145 func (fe *fe) isEven() bool { 146 var mask uint64 = 1 147 return fe[0]&mask == 0 148 } 149 150 func (fe *fe) isZero() bool { 151 return (fe[5] | fe[4] | fe[3] | fe[2] | fe[1] | fe[0]) == 0 152 } 153 154 func (fe *fe) isOne() bool { 155 return fe.equal(r1) 156 } 157 158 func (fe *fe) cmp(fe2 *fe) int { 159 for i := 5; i >= 0; i-- { 160 if fe[i] > fe2[i] { 161 return 1 162 } else if fe[i] < fe2[i] { 163 return -1 164 } 165 } 166 return 0 167 } 168 169 func (fe *fe) equal(fe2 *fe) bool { 170 return fe2[0] == fe[0] && fe2[1] == fe[1] && fe2[2] == fe[2] && fe2[3] == fe[3] && fe2[4] == fe[4] && fe2[5] == fe[5] 171 } 172 173 func (e *fe) sign() bool { 174 r := new(fe) 175 fromMont(r, e) 176 return r[0]&1 == 0 177 } 178 179 func (fe *fe) div2(e uint64) { 180 fe[0] = fe[0]>>1 | fe[1]<<63 181 fe[1] = fe[1]>>1 | fe[2]<<63 182 fe[2] = fe[2]>>1 | fe[3]<<63 183 fe[3] = fe[3]>>1 | fe[4]<<63 184 fe[4] = fe[4]>>1 | fe[5]<<63 185 fe[5] = fe[5]>>1 | e<<63 186 } 187 188 func (fe *fe) mul2() uint64 { 189 e := fe[5] >> 63 190 fe[5] = fe[5]<<1 | fe[4]>>63 191 fe[4] = fe[4]<<1 | fe[3]>>63 192 fe[3] = fe[3]<<1 | fe[2]>>63 193 fe[2] = fe[2]<<1 | fe[1]>>63 194 fe[1] = fe[1]<<1 | fe[0]>>63 195 fe[0] = fe[0] << 1 196 return e 197 } 198 199 func (e *fe2) zero() *fe2 { 200 e[0].zero() 201 e[1].zero() 202 return e 203 } 204 205 func (e *fe2) one() *fe2 { 206 e[0].one() 207 e[1].zero() 208 return e 209 } 210 211 func (e *fe2) set(e2 *fe2) *fe2 { 212 e[0].set(&e2[0]) 213 e[1].set(&e2[1]) 214 return e 215 } 216 217 func (e *fe2) rand(r io.Reader) (*fe2, error) { 218 a0, err := new(fe).rand(r) 219 if err != nil { 220 return nil, err 221 } 222 a1, err := new(fe).rand(r) 223 if err != nil { 224 return nil, err 225 } 226 return &fe2{*a0, *a1}, nil 227 } 228 229 func (e *fe2) isOne() bool { 230 return e[0].isOne() && e[1].isZero() 231 } 232 233 func (e *fe2) isZero() bool { 234 return e[0].isZero() && e[1].isZero() 235 } 236 237 func (e *fe2) equal(e2 *fe2) bool { 238 return e[0].equal(&e2[0]) && e[1].equal(&e2[1]) 239 } 240 241 func (e *fe2) sign() bool { 242 r := new(fe) 243 if !e[0].isZero() { 244 fromMont(r, &e[0]) 245 return r[0]&1 == 0 246 } 247 fromMont(r, &e[1]) 248 return r[0]&1 == 0 249 } 250 251 func (e *fe6) zero() *fe6 { 252 e[0].zero() 253 e[1].zero() 254 e[2].zero() 255 return e 256 } 257 258 func (e *fe6) one() *fe6 { 259 e[0].one() 260 e[1].zero() 261 e[2].zero() 262 return e 263 } 264 265 func (e *fe6) set(e2 *fe6) *fe6 { 266 e[0].set(&e2[0]) 267 e[1].set(&e2[1]) 268 e[2].set(&e2[2]) 269 return e 270 } 271 272 func (e *fe6) rand(r io.Reader) (*fe6, error) { 273 a0, err := new(fe2).rand(r) 274 if err != nil { 275 return nil, err 276 } 277 a1, err := new(fe2).rand(r) 278 if err != nil { 279 return nil, err 280 } 281 a2, err := new(fe2).rand(r) 282 if err != nil { 283 return nil, err 284 } 285 return &fe6{*a0, *a1, *a2}, nil 286 } 287 288 func (e *fe6) isOne() bool { 289 return e[0].isOne() && e[1].isZero() && e[2].isZero() 290 } 291 292 func (e *fe6) isZero() bool { 293 return e[0].isZero() && e[1].isZero() && e[2].isZero() 294 } 295 296 func (e *fe6) equal(e2 *fe6) bool { 297 return e[0].equal(&e2[0]) && e[1].equal(&e2[1]) && e[2].equal(&e2[2]) 298 } 299 300 func (e *fe12) zero() *fe12 { 301 e[0].zero() 302 e[1].zero() 303 return e 304 } 305 306 func (e *fe12) one() *fe12 { 307 e[0].one() 308 e[1].zero() 309 return e 310 } 311 312 func (e *fe12) set(e2 *fe12) *fe12 { 313 e[0].set(&e2[0]) 314 e[1].set(&e2[1]) 315 return e 316 } 317 318 func (e *fe12) rand(r io.Reader) (*fe12, error) { 319 a0, err := new(fe6).rand(r) 320 if err != nil { 321 return nil, err 322 } 323 a1, err := new(fe6).rand(r) 324 if err != nil { 325 return nil, err 326 } 327 return &fe12{*a0, *a1}, nil 328 } 329 330 func (e *fe12) isOne() bool { 331 return e[0].isOne() && e[1].isZero() 332 } 333 334 func (e *fe12) isZero() bool { 335 return e[0].isZero() && e[1].isZero() 336 } 337 338 func (e *fe12) equal(e2 *fe12) bool { 339 return e[0].equal(&e2[0]) && e[1].equal(&e2[1]) 340 }