github.com/cloudflare/circl@v1.5.0/ecc/bls12381/constants.go (about) 1 package bls12381 2 3 import ( 4 "errors" 5 6 "github.com/cloudflare/circl/ecc/bls12381/ff" 7 ) 8 9 // Scalar represents positive integers in the range 0 <= x < Order. 10 type Scalar = ff.Scalar 11 12 const ScalarSize = ff.ScalarSize 13 14 // Order returns the order of the pairing groups, returned as a big-endian slice. 15 // 16 // Order = 0x73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000001 17 func Order() []byte { return ff.ScalarOrder() } 18 19 var ( 20 bls12381 struct { // Let z be the BLS12 parameter. 21 minusZ [8]byte // (-z), (integer big-endian). 22 oneMinusZ [8]byte // (1-z), (integer big-endian). 23 g1Check [16]byte // (z^2-1)/3, (integer big-endian). 24 } 25 g1Params struct{ b, _3b, genX, genY ff.Fp } 26 g2Params struct{ b, _3b, genX, genY ff.Fp2 } 27 28 // g1Isog11 is an isogeny of degree 11 from g1Iso(a,b) to G1 and is given 29 // by rational maps: 30 // g1Iso(a,b) --> G1 31 // (x,y,z) |-> (x,y,1) 32 // (xNum/xDen, y * yNum/yDen, 1) 33 // (xNum*yDen, y * yNum*xDen, z*xDen*yDen) 34 // such that 35 // xNum = \sum ai * x^i * z^(n-1-i), for 0 <= i < n, and n=12. 36 // xDen = \sum bi * x^i * z^(n-1-i), for 0 <= i < n, and n=11. 37 // yNum = \sum ci * x^i * z^(n-1-i), for 0 <= i < n, and n=16. 38 // yDen = \sum di * x^i * z^(n-1-i), for 0 <= i < n, and n=16. 39 g1Isog11 struct { 40 a, b ff.Fp 41 xNum [12]ff.Fp 42 xDen [11]ff.Fp 43 yNum [16]ff.Fp 44 yDen [16]ff.Fp 45 } 46 47 // g2Isog3 is an isogeny of degree 3 from g2Iso(a,b) to G2 and is given 48 // by rational maps: 49 // g2Iso(a,b) --> G2 50 // (x,y,z) |-> (x,y,1) 51 // (xNum/xDen, y * yNum/yDen, 1) 52 // (xNum*yDen, y * yNum*xDen, z*xDen*yDen) 53 // such that 54 // xNum = \sum ai * x^i * z^(n-1-i), for 0 <= i < n, and n=4. 55 // xDen = \sum bi * x^i * z^(n-1-i), for 0 <= i < n, and n=3. 56 // yNum = \sum ci * x^i * z^(n-1-i), for 0 <= i < n, and n=4. 57 // yDen = \sum di * x^i * z^(n-1-i), for 0 <= i < n, and n=4. 58 g2Isog3 struct { 59 a, b ff.Fp2 60 xNum [4]ff.Fp2 61 xDen [3]ff.Fp2 62 yNum [4]ff.Fp2 63 yDen [4]ff.Fp2 64 } 65 g1sswu struct { 66 Z ff.Fp // Z = 11. 67 c1 [48]byte // integer c1 = (p - 3) / 4 (big-endian) 68 c2 ff.Fp 69 } 70 g2sswu struct { 71 Z ff.Fp2 // -(2 + I) 72 c1 [95]byte // integer c1 = (p^2 - 9) / 16 (big-endian) 73 c2 ff.Fp2 // sqrt(-1) 74 c3 ff.Fp2 // sqrt(c2) 75 c4 ff.Fp2 // sqrt(Z^3 / c3) 76 c5 ff.Fp2 // sqrt(Z^3 / (c2 * c3)) 77 } 78 g1Sigma struct { 79 beta0 ff.Fp // beta0 = F(2)^(2*(p-1)/3) where F = GF(p). 80 beta1 ff.Fp // beta1 = F(2)^(1*(p-1)/3) where F = GF(p). 81 } 82 g2Psi struct { 83 alpha ff.Fp2 // alpha = w^2/Frob(w^2) 84 beta ff.Fp2 // beta = w^3/Frob(w^3) 85 } 86 ) 87 88 var ( 89 errInputLength = errors.New("incorrect input length") 90 errEncoding = errors.New("incorrect encoding") 91 ) 92 93 func headerEncoding(isCompressed, isInfinity, isBigYCoord byte) byte { 94 return (isBigYCoord&0x1)<<5 | (isInfinity&0x1)<<6 | (isCompressed&0x1)<<7 95 } 96 97 func err(e error) { 98 if e != nil { 99 panic(e) 100 } 101 } 102 103 func init() { 104 bls12381.oneMinusZ = [8]byte{ // (big-endian) 105 0xd2, 0x01, 0x00, 0x00, 0x00, 0x01, 0x00, 0x01, 106 } 107 bls12381.minusZ = [8]byte{ // (big-endian) 108 0xd2, 0x01, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 109 } 110 bls12381.g1Check = [16]byte{ // (big-endian) 111 0x39, 0x6c, 0x8c, 0x00, 0x55, 0x55, 0xe1, 0x56, 112 0x00, 0x00, 0x00, 0x00, 0x55, 0x55, 0x55, 0x55, 113 } 114 initG1Params() 115 initG2Params() 116 initG1Isog11() 117 initG2Isog3() 118 initG1sswu() 119 initG2sswu() 120 initSigma() 121 initPsi() 122 } 123 124 func initG1Params() { 125 g1Params.b.SetUint64(4) 126 g1Params._3b.SetUint64(12) 127 err(g1Params.genX.SetString("0x17f1d3a73197d7942695638c4fa9ac0fc3688c4f9774b905a14e3a3f171bac586c55e83ff97a1aeffb3af00adb22c6bb")) 128 err(g1Params.genY.SetString("0x08b3f481e3aaa0f1a09e30ed741d8ae4fcf5e095d5d00af600db18cb2c04b3edd03cc744a2888ae40caa232946c5e7e1")) 129 } 130 131 func initG2Params() { 132 g2Params.b[0].SetUint64(4) 133 g2Params.b[1].SetUint64(4) 134 g2Params._3b[0].SetUint64(12) 135 g2Params._3b[1].SetUint64(12) 136 err(g2Params.genX[0].SetString("0x024aa2b2f08f0a91260805272dc51051c6e47ad4fa403b02b4510b647ae3d1770bac0326a805bbefd48056c8c121bdb8")) 137 err(g2Params.genX[1].SetString("0x13e02b6052719f607dacd3a088274f65596bd0d09920b61ab5da61bbdc7f5049334cf11213945d57e5ac7d055d042b7e")) 138 err(g2Params.genY[0].SetString("0x0ce5d527727d6e118cc9cdc6da2e351aadfd9baa8cbdd3a76d429a695160d12c923ac9cc3baca289e193548608b82801")) 139 err(g2Params.genY[1].SetString("0x0606c4a02ea734cc32acd2b02bc28b99cb3e287e85a763af267492ab572e99ab3f370d275cec1da1aaa9075ff05f79be")) 140 } 141 142 func initG1Isog11() { 143 err(g1Isog11.a.SetString("0x144698a3b8e9433d693a02c96d4982b0ea985383ee66a8d8e8981aefd881ac98936f8da0e0f97f5cf428082d584c1d")) 144 err(g1Isog11.b.SetString("0x12e2908d11688030018b12e8753eee3b2016c1f0f24f4070a0b9c14fcef35ef55a23215a316ceaa5d1cc48e98e172be0")) 145 err(g1Isog11.xNum[0].SetString("0x11a05f2b1e833340b809101dd99815856b303e88a2d7005ff2627b56cdb4e2c85610c2d5f2e62d6eaeac1662734649b7")) 146 err(g1Isog11.xNum[1].SetString("0x17294ed3e943ab2f0588bab22147a81c7c17e75b2f6a8417f565e33c70d1e86b4838f2a6f318c356e834eef1b3cb83bb")) 147 err(g1Isog11.xNum[2].SetString("0x0d54005db97678ec1d1048c5d10a9a1bce032473295983e56878e501ec68e25c958c3e3d2a09729fe0179f9dac9edcb0")) 148 err(g1Isog11.xNum[3].SetString("0x1778e7166fcc6db74e0609d307e55412d7f5e4656a8dbf25f1b33289f1b330835336e25ce3107193c5b388641d9b6861")) 149 err(g1Isog11.xNum[4].SetString("0x0e99726a3199f4436642b4b3e4118e5499db995a1257fb3f086eeb65982fac18985a286f301e77c451154ce9ac8895d9")) 150 err(g1Isog11.xNum[5].SetString("0x1630c3250d7313ff01d1201bf7a74ab5db3cb17dd952799b9ed3ab9097e68f90a0870d2dcae73d19cd13c1c66f652983")) 151 err(g1Isog11.xNum[6].SetString("0x0d6ed6553fe44d296a3726c38ae652bfb11586264f0f8ce19008e218f9c86b2a8da25128c1052ecaddd7f225a139ed84")) 152 err(g1Isog11.xNum[7].SetString("0x17b81e7701abdbe2e8743884d1117e53356de5ab275b4db1a682c62ef0f2753339b7c8f8c8f475af9ccb5618e3f0c88e")) 153 err(g1Isog11.xNum[8].SetString("0x080d3cf1f9a78fc47b90b33563be990dc43b756ce79f5574a2c596c928c5d1de4fa295f296b74e956d71986a8497e317")) 154 err(g1Isog11.xNum[9].SetString("0x169b1f8e1bcfa7c42e0c37515d138f22dd2ecb803a0c5c99676314baf4bb1b7fa3190b2edc0327797f241067be390c9e")) 155 err(g1Isog11.xNum[10].SetString("0x10321da079ce07e272d8ec09d2565b0dfa7dccdde6787f96d50af36003b14866f69b771f8c285decca67df3f1605fb7b")) 156 err(g1Isog11.xNum[11].SetString("0x06e08c248e260e70bd1e962381edee3d31d79d7e22c837bc23c0bf1bc24c6b68c24b1b80b64d391fa9c8ba2e8ba2d229")) 157 158 err(g1Isog11.xDen[0].SetString("0x08ca8d548cff19ae18b2e62f4bd3fa6f01d5ef4ba35b48ba9c9588617fc8ac62b558d681be343df8993cf9fa40d21b1c")) 159 err(g1Isog11.xDen[1].SetString("0x12561a5deb559c4348b4711298e536367041e8ca0cf0800c0126c2588c48bf5713daa8846cb026e9e5c8276ec82b3bff")) 160 err(g1Isog11.xDen[2].SetString("0x0b2962fe57a3225e8137e629bff2991f6f89416f5a718cd1fca64e00b11aceacd6a3d0967c94fedcfcc239ba5cb83e19")) 161 err(g1Isog11.xDen[3].SetString("0x03425581a58ae2fec83aafef7c40eb545b08243f16b1655154cca8abc28d6fd04976d5243eecf5c4130de8938dc62cd8")) 162 err(g1Isog11.xDen[4].SetString("0x13a8e162022914a80a6f1d5f43e7a07dffdfc759a12062bb8d6b44e833b306da9bd29ba81f35781d539d395b3532a21e")) 163 err(g1Isog11.xDen[5].SetString("0x0e7355f8e4e667b955390f7f0506c6e9395735e9ce9cad4d0a43bcef24b8982f7400d24bc4228f11c02df9a29f6304a5")) 164 err(g1Isog11.xDen[6].SetString("0x0772caacf16936190f3e0c63e0596721570f5799af53a1894e2e073062aede9cea73b3538f0de06cec2574496ee84a3a")) 165 err(g1Isog11.xDen[7].SetString("0x14a7ac2a9d64a8b230b3f5b074cf01996e7f63c21bca68a81996e1cdf9822c580fa5b9489d11e2d311f7d99bbdcc5a5e")) 166 err(g1Isog11.xDen[8].SetString("0x0a10ecf6ada54f825e920b3dafc7a3cce07f8d1d7161366b74100da67f39883503826692abba43704776ec3a79a1d641")) 167 err(g1Isog11.xDen[9].SetString("0x095fc13ab9e92ad4476d6e3eb3a56680f682b4ee96f7d03776df533978f31c1593174e4b4b7865002d6384d168ecdd0a")) 168 g1Isog11.xDen[10].SetOne() 169 170 err(g1Isog11.yNum[0].SetString("0x090d97c81ba24ee0259d1f094980dcfa11ad138e48a869522b52af6c956543d3cd0c7aee9b3ba3c2be9845719707bb33")) 171 err(g1Isog11.yNum[1].SetString("0x134996a104ee5811d51036d776fb46831223e96c254f383d0f906343eb67ad34d6c56711962fa8bfe097e75a2e41c696")) 172 err(g1Isog11.yNum[2].SetString("0x00cc786baa966e66f4a384c86a3b49942552e2d658a31ce2c344be4b91400da7d26d521628b00523b8dfe240c72de1f6")) 173 err(g1Isog11.yNum[3].SetString("0x01f86376e8981c217898751ad8746757d42aa7b90eeb791c09e4a3ec03251cf9de405aba9ec61deca6355c77b0e5f4cb")) 174 err(g1Isog11.yNum[4].SetString("0x08cc03fdefe0ff135caf4fe2a21529c4195536fbe3ce50b879833fd221351adc2ee7f8dc099040a841b6daecf2e8fedb")) 175 err(g1Isog11.yNum[5].SetString("0x16603fca40634b6a2211e11db8f0a6a074a7d0d4afadb7bd76505c3d3ad5544e203f6326c95a807299b23ab13633a5f0")) 176 err(g1Isog11.yNum[6].SetString("0x04ab0b9bcfac1bbcb2c977d027796b3ce75bb8ca2be184cb5231413c4d634f3747a87ac2460f415ec961f8855fe9d6f2")) 177 err(g1Isog11.yNum[7].SetString("0x0987c8d5333ab86fde9926bd2ca6c674170a05bfe3bdd81ffd038da6c26c842642f64550fedfe935a15e4ca31870fb29")) 178 err(g1Isog11.yNum[8].SetString("0x09fc4018bd96684be88c9e221e4da1bb8f3abd16679dc26c1e8b6e6a1f20cabe69d65201c78607a360370e577bdba587")) 179 err(g1Isog11.yNum[9].SetString("0x0e1bba7a1186bdb5223abde7ada14a23c42a0ca7915af6fe06985e7ed1e4d43b9b3f7055dd4eba6f2bafaaebca731c30")) 180 err(g1Isog11.yNum[10].SetString("0x19713e47937cd1be0dfd0b8f1d43fb93cd2fcbcb6caf493fd1183e416389e61031bf3a5cce3fbafce813711ad011c132")) 181 err(g1Isog11.yNum[11].SetString("0x18b46a908f36f6deb918c143fed2edcc523559b8aaf0c2462e6bfe7f911f643249d9cdf41b44d606ce07c8a4d0074d8e")) 182 err(g1Isog11.yNum[12].SetString("0x0b182cac101b9399d155096004f53f447aa7b12a3426b08ec02710e807b4633f06c851c1919211f20d4c04f00b971ef8")) 183 err(g1Isog11.yNum[13].SetString("0x0245a394ad1eca9b72fc00ae7be315dc757b3b080d4c158013e6632d3c40659cc6cf90ad1c232a6442d9d3f5db980133")) 184 err(g1Isog11.yNum[14].SetString("0x05c129645e44cf1102a159f748c4a3fc5e673d81d7e86568d9ab0f5d396a7ce46ba1049b6579afb7866b1e715475224b")) 185 err(g1Isog11.yNum[15].SetString("0x15e6be4e990f03ce4ea50b3b42df2eb5cb181d8f84965a3957add4fa95af01b2b665027efec01c7704b456be69c8b604")) 186 187 err(g1Isog11.yDen[0].SetString("0x16112c4c3a9c98b252181140fad0eae9601a6de578980be6eec3232b5be72e7a07f3688ef60c206d01479253b03663c1")) 188 err(g1Isog11.yDen[1].SetString("0x1962d75c2381201e1a0cbd6c43c348b885c84ff731c4d59ca4a10356f453e01f78a4260763529e3532f6102c2e49a03d")) 189 err(g1Isog11.yDen[2].SetString("0x058df3306640da276faaae7d6e8eb15778c4855551ae7f310c35a5dd279cd2eca6757cd636f96f891e2538b53dbf67f2")) 190 err(g1Isog11.yDen[3].SetString("0x16b7d288798e5395f20d23bf89edb4d1d115c5dbddbcd30e123da489e726af41727364f2c28297ada8d26d98445f5416")) 191 err(g1Isog11.yDen[4].SetString("0x0be0e079545f43e4b00cc912f8228ddcc6d19c9f0f69bbb0542eda0fc9dec916a20b15dc0fd2ededda39142311a5001d")) 192 err(g1Isog11.yDen[5].SetString("0x08d9e5297186db2d9fb266eaac783182b70152c65550d881c5ecd87b6f0f5a6449f38db9dfa9cce202c6477faaf9b7ac")) 193 err(g1Isog11.yDen[6].SetString("0x166007c08a99db2fc3ba8734ace9824b5eecfdfa8d0cf8ef5dd365bc400a0051d5fa9c01a58b1fb93d1a1399126a775c")) 194 err(g1Isog11.yDen[7].SetString("0x16a3ef08be3ea7ea03bcddfabba6ff6ee5a4375efa1f4fd7feb34fd206357132b920f5b00801dee460ee415a15812ed9")) 195 err(g1Isog11.yDen[8].SetString("0x1866c8ed336c61231a1be54fd1d74cc4f9fb0ce4c6af5920abc5750c4bf39b4852cfe2f7bb9248836b233d9d55535d4a")) 196 err(g1Isog11.yDen[9].SetString("0x167a55cda70a6e1cea820597d94a84903216f763e13d87bb5308592e7ea7d4fbc7385ea3d529b35e346ef48bb8913f55")) 197 err(g1Isog11.yDen[10].SetString("0x04d2f259eea405bd48f010a01ad2911d9c6dd039bb61a6290e591b36e636a5c871a5c29f4f83060400f8b49cba8f6aa8")) 198 err(g1Isog11.yDen[11].SetString("0x0accbb67481d033ff5852c1e48c50c477f94ff8aefce42d28c0f9a88cea7913516f968986f7ebbea9684b529e2561092")) 199 err(g1Isog11.yDen[12].SetString("0x0ad6b9514c767fe3c3613144b45f1496543346d98adf02267d5ceef9a00d9b8693000763e3b90ac11e99b138573345cc")) 200 err(g1Isog11.yDen[13].SetString("0x02660400eb2e4f3b628bdd0d53cd76f2bf565b94e72927c1cb748df27942480e420517bd8714cc80d1fadc1326ed06f7")) 201 err(g1Isog11.yDen[14].SetString("0x0e0fa1d816ddc03e6b24255e0d7819c171c40f65e273b853324efcd6356caa205ca2f570f13497804415473a1d634b8f")) 202 g1Isog11.yDen[15].SetOne() 203 } 204 205 func initG2Isog3() { 206 err(g2Isog3.a.SetString("0x00", "0xF0")) 207 err(g2Isog3.b.SetString("0x03F4", "0x03F4")) 208 209 err(g2Isog3.xNum[0].SetString( 210 "0x5c759507e8e333ebb5b7a9a47d7ed8532c52d39fd3a042a88b58423c50ae15d5c2638e343d9c71c6238aaaaaaaa97d6", 211 "0x5c759507e8e333ebb5b7a9a47d7ed8532c52d39fd3a042a88b58423c50ae15d5c2638e343d9c71c6238aaaaaaaa97d6", 212 )) 213 err(g2Isog3.xNum[1].SetString( 214 "0x00", 215 "0x11560bf17baa99bc32126fced787c88f984f87adf7ae0c7f9a208c6b4f20a4181472aaa9cb8d555526a9ffffffffc71a", 216 )) 217 err(g2Isog3.xNum[2].SetString( 218 "0x11560bf17baa99bc32126fced787c88f984f87adf7ae0c7f9a208c6b4f20a4181472aaa9cb8d555526a9ffffffffc71e", 219 "0x8ab05f8bdd54cde190937e76bc3e447cc27c3d6fbd7063fcd104635a790520c0a395554e5c6aaaa9354ffffffffe38d", 220 )) 221 err(g2Isog3.xNum[3].SetString( 222 "0x171d6541fa38ccfaed6dea691f5fb614cb14b4e7f4e810aa22d6108f142b85757098e38d0f671c7188e2aaaaaaaa5ed1", 223 "0x00", 224 )) 225 226 err(g2Isog3.xDen[0].SetString( 227 "0x00", 228 "0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaa63", 229 )) 230 err(g2Isog3.xDen[1].SetString( 231 "0x0c", 232 "0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaa9f", 233 )) 234 g2Isog3.xDen[2].SetOne() 235 236 err(g2Isog3.yNum[0].SetString( 237 "0x1530477c7ab4113b59a4c18b076d11930f7da5d4a07f649bf54439d87d27e500fc8c25ebf8c92f6812cfc71c71c6d706", 238 "0x1530477c7ab4113b59a4c18b076d11930f7da5d4a07f649bf54439d87d27e500fc8c25ebf8c92f6812cfc71c71c6d706", 239 )) 240 err(g2Isog3.yNum[1].SetString( 241 "0x00", 242 "0x5c759507e8e333ebb5b7a9a47d7ed8532c52d39fd3a042a88b58423c50ae15d5c2638e343d9c71c6238aaaaaaaa97be", 243 )) 244 err(g2Isog3.yNum[2].SetString( 245 "0x11560bf17baa99bc32126fced787c88f984f87adf7ae0c7f9a208c6b4f20a4181472aaa9cb8d555526a9ffffffffc71c", 246 "0x8ab05f8bdd54cde190937e76bc3e447cc27c3d6fbd7063fcd104635a790520c0a395554e5c6aaaa9354ffffffffe38f", 247 )) 248 err(g2Isog3.yNum[3].SetString( 249 "0x124c9ad43b6cf79bfbf7043de3811ad0761b0f37a1e26286b0e977c69aa274524e79097a56dc4bd9e1b371c71c718b10", 250 "0x00", 251 )) 252 253 err(g2Isog3.yDen[0].SetString( 254 "0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffa8fb", 255 "0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffa8fb", 256 )) 257 err(g2Isog3.yDen[1].SetString( 258 "0x00", 259 "0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffa9d3", 260 )) 261 err(g2Isog3.yDen[2].SetString( 262 "0x12", 263 "0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaa99", 264 )) 265 g2Isog3.yDen[3].SetOne() 266 } 267 268 func initG1sswu() { 269 g1sswu.Z.SetUint64(11) 270 g1sswu.c1 = [48]byte{ // (big-endian) 271 0x06, 0x80, 0x44, 0x7a, 0x8e, 0x5f, 0xf9, 0xa6, 272 0x92, 0xc6, 0xe9, 0xed, 0x90, 0xd2, 0xeb, 0x35, 273 0xd9, 0x1d, 0xd2, 0xe1, 0x3c, 0xe1, 0x44, 0xaf, 274 0xd9, 0xcc, 0x34, 0xa8, 0x3d, 0xac, 0x3d, 0x89, 275 0x07, 0xaa, 0xff, 0xff, 0xac, 0x54, 0xff, 0xff, 276 0xee, 0x7f, 0xbf, 0xff, 0xff, 0xff, 0xea, 0xaa, 277 } 278 err(g1sswu.c2.SetString("0x3d689d1e0e762cef9f2bec6130316806b4c80eda6fc10ce77ae83eab1ea8b8b8a407c9c6db195e06f2dbeabc2baeff5")) 279 } 280 281 func initG2sswu() { 282 g2sswu.Z[1].SetUint64(1) 283 g2sswu.Z[0].SetUint64(2) 284 g2sswu.Z.Neg() 285 g2sswu.c1 = [95]byte{ // (big-endian) 286 0x2a, 0x43, 0x7a, 0x4b, 0x8c, 0x35, 0xfc, 0x74, 287 0xbd, 0x27, 0x8e, 0xaa, 0x22, 0xf2, 0x5e, 0x9e, 288 0x2d, 0xc9, 0x0e, 0x50, 0xe7, 0x04, 0x6b, 0x46, 289 0x6e, 0x59, 0xe4, 0x93, 0x49, 0xe8, 0xbd, 0x05, 290 0x0a, 0x62, 0xcf, 0xd1, 0x6d, 0xdc, 0xa6, 0xef, 291 0x53, 0x14, 0x93, 0x30, 0x97, 0x8e, 0xf0, 0x11, 292 0xd6, 0x86, 0x19, 0xc8, 0x61, 0x85, 0xc7, 0xb2, 293 0x92, 0xe8, 0x5a, 0x87, 0x09, 0x1a, 0x04, 0x96, 294 0x6b, 0xf9, 0x1e, 0xd3, 0xe7, 0x1b, 0x74, 0x31, 295 0x62, 0xc3, 0x38, 0x36, 0x21, 0x13, 0xcf, 0xd7, 296 0xce, 0xd6, 0xb1, 0xd7, 0x63, 0x82, 0xea, 0xb2, 297 0x6a, 0xa0, 0x00, 0x01, 0xc7, 0x18, 0xe3, 298 } 299 err(g2sswu.c2.SetString("0x00", "0x01")) 300 err(g2sswu.c3.SetString( 301 "0x135203e60180a68ee2e9c448d77a2cd91c3dedd930b1cf60ef396489f61eb45e304466cf3e67fa0af1ee7b04121bdea2", 302 "0x6af0e0437ff400b6831e36d6bd17ffe48395dabc2d3435e77f76e17009241c5ee67992f72ec05f4c81084fbede3cc09", 303 )) 304 err(g2sswu.c4.SetString( 305 "0x699be3b8c6870965e5bf892ad5d2cc7b0e85a117402dfd83b7f4a947e02d978498255a2aaec0ac627b5afbdf1bf1c90", 306 "0x8157cd83046453f5dd0972b6e3949e4288020b5b8a9cc99ca07e27089a2ce2436d965026adad3ef7baba37f2183e9b5", 307 )) 308 err(g2sswu.c5.SetString( 309 "0xf5d0d63d2797471e6d39f306cc0dc0ab85de3bd9f39ce46f3649ac0de9e844417cc8de88716c1fd323fa68040801aea", 310 "0xab1c2ffdd6c253ca155231eb3e71ba044fd562f6f72bc5bad5ec46a0b7a3b0247cf08ce6c6317f40edbc653a72dee17", 311 )) 312 } 313 314 func initSigma() { 315 err(g1Sigma.beta0.SetString("0x1a0111ea397fe699ec02408663d4de85aa0d857d89759ad4897d29650fb85f9b409427eb4f49fffd8bfd00000000aaac")) 316 err(g1Sigma.beta1.SetString("0x5f19672fdf76ce51ba69c6076a0f77eaddb3a93be6f89688de17d813620a00022e01fffffffefffe")) 317 } 318 319 func initPsi() { 320 // ratioKummer sets z = t/Frob(t) if it falls in Fp2, panics otherwise. 321 ratioKummer := func(z *ff.Fp2, t *ff.Fp12) { 322 var r ff.Fp12 323 r.Frob(t) 324 r.Inv(&r) 325 r.Mul(t, &r) 326 if r[1].IsZero() != 1 || r[0][1].IsZero() != 1 || r[0][2].IsZero() != 1 { 327 err(errors.New("failure of result to be in Fp2")) 328 } 329 *z = r[0][0] 330 } 331 332 w := &ff.Fp12{} 333 w[1].SetOne() 334 wsq := &ff.Fp12{} 335 wsq.Sqr(w) 336 ratioKummer(&g2Psi.alpha, wsq) 337 wcube := &ff.Fp12{} 338 wcube.Mul(wsq, w) 339 ratioKummer(&g2Psi.beta, wcube) 340 }