github.com/consensys/gnark-crypto@v0.14.0/ecc/bls12-377/fr/element_exp.go (about) 1 // Copyright 2020 ConsenSys Software Inc. 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 // Code generated by consensys/gnark-crypto DO NOT EDIT 16 17 package fr 18 19 // expBySqrtExp is equivalent to z.Exp(x, 12ab655e9a2ca55660b44d1e5c37b00159aa76fed00000010a11) 20 // 21 // uses github.com/mmcloughlin/addchain v0.4.0 to generate a shorter addition chain 22 func (z *Element) expBySqrtExp(x Element) *Element { 23 // addition chain: 24 // 25 // _10 = 2*1 26 // _11 = 1 + _10 27 // _101 = _10 + _11 28 // _1000 = _11 + _101 29 // _1011 = _11 + _1000 30 // _10000 = _101 + _1011 31 // _10001 = 1 + _10000 32 // _10110 = _101 + _10001 33 // _100000 = 2*_10000 34 // _101011 = _1011 + _100000 35 // _101101 = _10 + _101011 36 // _1011010 = 2*_101101 37 // _1011011 = 1 + _1011010 38 // _1111011 = _100000 + _1011011 39 // _10000101 = _101011 + _1011010 40 // _10001011 = _10000 + _1111011 41 // _10100101 = _100000 + _10000101 42 // _10101011 = _100000 + _10001011 43 // _11000001 = _10110 + _10101011 44 // _11000011 = _10 + _11000001 45 // _11010001 = _10000 + _11000001 46 // _11010011 = _10 + _11010001 47 // _11010101 = _10 + _11010011 48 // _11100101 = _10000 + _11010101 49 // _11101101 = _1000 + _11100101 50 // i45 = ((_10000101 + _10100101) << 7 + _1011011) << 10 + _10101011 51 // i74 = ((i45 << 8 + _11010011) << 9 + _10001011) << 10 52 // i94 = ((_10100101 + i74) << 7 + _101011) << 10 + _11000001 53 // i123 = ((i94 << 9 + _11010001) << 10 + _11010001) << 8 54 // i142 = ((_11100101 + i123) << 8 + _11000011) << 8 + _1111011 55 // i181 = ((i142 << 17 + _101011) << 10 + _11010101) << 10 56 // i195 = ((_11101101 + i181) << 8 + _11101101 + _10000) << 3 57 // return ((_101 + i195) << 35 + _10000101) << 9 + _10001 58 // 59 // Operations: 199 squares 43 multiplies 60 61 // Allocate Temporaries. 62 var ( 63 t0 = new(Element) 64 t1 = new(Element) 65 t2 = new(Element) 66 t3 = new(Element) 67 t4 = new(Element) 68 t5 = new(Element) 69 t6 = new(Element) 70 t7 = new(Element) 71 t8 = new(Element) 72 t9 = new(Element) 73 t10 = new(Element) 74 t11 = new(Element) 75 t12 = new(Element) 76 t13 = new(Element) 77 t14 = new(Element) 78 t15 = new(Element) 79 t16 = new(Element) 80 ) 81 82 // var t0,t1,t2,t3,t4,t5,t6,t7,t8,t9,t10,t11,t12,t13,t14,t15,t16 Element 83 // Step 1: t4 = x^0x2 84 t4.Square(&x) 85 86 // Step 2: z = x^0x3 87 z.Mul(&x, t4) 88 89 // Step 3: t1 = x^0x5 90 t1.Mul(t4, z) 91 92 // Step 4: t3 = x^0x8 93 t3.Mul(z, t1) 94 95 // Step 5: t0 = x^0xb 96 t0.Mul(z, t3) 97 98 // Step 6: t2 = x^0x10 99 t2.Mul(t1, t0) 100 101 // Step 7: z = x^0x11 102 z.Mul(&x, t2) 103 104 // Step 8: t7 = x^0x16 105 t7.Mul(t1, z) 106 107 // Step 9: t8 = x^0x20 108 t8.Square(t2) 109 110 // Step 10: t5 = x^0x2b 111 t5.Mul(t0, t8) 112 113 // Step 11: t0 = x^0x2d 114 t0.Mul(t4, t5) 115 116 // Step 12: t0 = x^0x5a 117 t0.Square(t0) 118 119 // Step 13: t15 = x^0x5b 120 t15.Mul(&x, t0) 121 122 // Step 14: t6 = x^0x7b 123 t6.Mul(t8, t15) 124 125 // Step 15: t0 = x^0x85 126 t0.Mul(t5, t0) 127 128 // Step 16: t12 = x^0x8b 129 t12.Mul(t2, t6) 130 131 // Step 17: t11 = x^0xa5 132 t11.Mul(t8, t0) 133 134 // Step 18: t14 = x^0xab 135 t14.Mul(t8, t12) 136 137 // Step 19: t10 = x^0xc1 138 t10.Mul(t7, t14) 139 140 // Step 20: t7 = x^0xc3 141 t7.Mul(t4, t10) 142 143 // Step 21: t9 = x^0xd1 144 t9.Mul(t2, t10) 145 146 // Step 22: t13 = x^0xd3 147 t13.Mul(t4, t9) 148 149 // Step 23: t4 = x^0xd5 150 t4.Mul(t4, t13) 151 152 // Step 24: t8 = x^0xe5 153 t8.Mul(t2, t4) 154 155 // Step 25: t3 = x^0xed 156 t3.Mul(t3, t8) 157 158 // Step 26: t16 = x^0x12a 159 t16.Mul(t0, t11) 160 161 // Step 33: t16 = x^0x9500 162 for s := 0; s < 7; s++ { 163 t16.Square(t16) 164 } 165 166 // Step 34: t15 = x^0x955b 167 t15.Mul(t15, t16) 168 169 // Step 44: t15 = x^0x2556c00 170 for s := 0; s < 10; s++ { 171 t15.Square(t15) 172 } 173 174 // Step 45: t14 = x^0x2556cab 175 t14.Mul(t14, t15) 176 177 // Step 53: t14 = x^0x2556cab00 178 for s := 0; s < 8; s++ { 179 t14.Square(t14) 180 } 181 182 // Step 54: t13 = x^0x2556cabd3 183 t13.Mul(t13, t14) 184 185 // Step 63: t13 = x^0x4aad957a600 186 for s := 0; s < 9; s++ { 187 t13.Square(t13) 188 } 189 190 // Step 64: t12 = x^0x4aad957a68b 191 t12.Mul(t12, t13) 192 193 // Step 74: t12 = x^0x12ab655e9a2c00 194 for s := 0; s < 10; s++ { 195 t12.Square(t12) 196 } 197 198 // Step 75: t11 = x^0x12ab655e9a2ca5 199 t11.Mul(t11, t12) 200 201 // Step 82: t11 = x^0x955b2af4d165280 202 for s := 0; s < 7; s++ { 203 t11.Square(t11) 204 } 205 206 // Step 83: t11 = x^0x955b2af4d1652ab 207 t11.Mul(t5, t11) 208 209 // Step 93: t11 = x^0x2556cabd34594aac00 210 for s := 0; s < 10; s++ { 211 t11.Square(t11) 212 } 213 214 // Step 94: t10 = x^0x2556cabd34594aacc1 215 t10.Mul(t10, t11) 216 217 // Step 103: t10 = x^0x4aad957a68b295598200 218 for s := 0; s < 9; s++ { 219 t10.Square(t10) 220 } 221 222 // Step 104: t10 = x^0x4aad957a68b2955982d1 223 t10.Mul(t9, t10) 224 225 // Step 114: t10 = x^0x12ab655e9a2ca55660b4400 226 for s := 0; s < 10; s++ { 227 t10.Square(t10) 228 } 229 230 // Step 115: t9 = x^0x12ab655e9a2ca55660b44d1 231 t9.Mul(t9, t10) 232 233 // Step 123: t9 = x^0x12ab655e9a2ca55660b44d100 234 for s := 0; s < 8; s++ { 235 t9.Square(t9) 236 } 237 238 // Step 124: t8 = x^0x12ab655e9a2ca55660b44d1e5 239 t8.Mul(t8, t9) 240 241 // Step 132: t8 = x^0x12ab655e9a2ca55660b44d1e500 242 for s := 0; s < 8; s++ { 243 t8.Square(t8) 244 } 245 246 // Step 133: t7 = x^0x12ab655e9a2ca55660b44d1e5c3 247 t7.Mul(t7, t8) 248 249 // Step 141: t7 = x^0x12ab655e9a2ca55660b44d1e5c300 250 for s := 0; s < 8; s++ { 251 t7.Square(t7) 252 } 253 254 // Step 142: t6 = x^0x12ab655e9a2ca55660b44d1e5c37b 255 t6.Mul(t6, t7) 256 257 // Step 159: t6 = x^0x2556cabd34594aacc1689a3cb86f60000 258 for s := 0; s < 17; s++ { 259 t6.Square(t6) 260 } 261 262 // Step 160: t5 = x^0x2556cabd34594aacc1689a3cb86f6002b 263 t5.Mul(t5, t6) 264 265 // Step 170: t5 = x^0x955b2af4d1652ab305a268f2e1bd800ac00 266 for s := 0; s < 10; s++ { 267 t5.Square(t5) 268 } 269 270 // Step 171: t4 = x^0x955b2af4d1652ab305a268f2e1bd800acd5 271 t4.Mul(t4, t5) 272 273 // Step 181: t4 = x^0x2556cabd34594aacc1689a3cb86f6002b35400 274 for s := 0; s < 10; s++ { 275 t4.Square(t4) 276 } 277 278 // Step 182: t4 = x^0x2556cabd34594aacc1689a3cb86f6002b354ed 279 t4.Mul(t3, t4) 280 281 // Step 190: t4 = x^0x2556cabd34594aacc1689a3cb86f6002b354ed00 282 for s := 0; s < 8; s++ { 283 t4.Square(t4) 284 } 285 286 // Step 191: t3 = x^0x2556cabd34594aacc1689a3cb86f6002b354eded 287 t3.Mul(t3, t4) 288 289 // Step 192: t2 = x^0x2556cabd34594aacc1689a3cb86f6002b354edfd 290 t2.Mul(t2, t3) 291 292 // Step 195: t2 = x^0x12ab655e9a2ca55660b44d1e5c37b00159aa76fe8 293 for s := 0; s < 3; s++ { 294 t2.Square(t2) 295 } 296 297 // Step 196: t1 = x^0x12ab655e9a2ca55660b44d1e5c37b00159aa76fed 298 t1.Mul(t1, t2) 299 300 // Step 231: t1 = x^0x955b2af4d1652ab305a268f2e1bd800acd53b7f6800000000 301 for s := 0; s < 35; s++ { 302 t1.Square(t1) 303 } 304 305 // Step 232: t0 = x^0x955b2af4d1652ab305a268f2e1bd800acd53b7f6800000085 306 t0.Mul(t0, t1) 307 308 // Step 241: t0 = x^0x12ab655e9a2ca55660b44d1e5c37b00159aa76fed00000010a00 309 for s := 0; s < 9; s++ { 310 t0.Square(t0) 311 } 312 313 // Step 242: z = x^0x12ab655e9a2ca55660b44d1e5c37b00159aa76fed00000010a11 314 z.Mul(z, t0) 315 316 return z 317 } 318 319 // expByLegendreExp is equivalent to z.Exp(x, 955b2af4d1652ab305a268f2e1bd800acd53b7f680000008508c00000000000) 320 // 321 // uses github.com/mmcloughlin/addchain v0.4.0 to generate a shorter addition chain 322 func (z *Element) expByLegendreExp(x Element) *Element { 323 // addition chain: 324 // 325 // _10 = 2*1 326 // _11 = 1 + _10 327 // _101 = _10 + _11 328 // _110 = 1 + _101 329 // _1000 = _10 + _110 330 // _10000 = 2*_1000 331 // _10110 = _110 + _10000 332 // _100000 = 2*_10000 333 // _100011 = _11 + _100000 334 // _101011 = _1000 + _100011 335 // _101101 = _10 + _101011 336 // _1011010 = 2*_101101 337 // _1011011 = 1 + _1011010 338 // _1111011 = _100000 + _1011011 339 // _10000101 = _101011 + _1011010 340 // _10001011 = _110 + _10000101 341 // _10100101 = _100000 + _10000101 342 // _10101011 = _110 + _10100101 343 // _11000001 = _10110 + _10101011 344 // _11000011 = _10 + _11000001 345 // _11010001 = _10000 + _11000001 346 // _11010011 = _10 + _11010001 347 // _11010101 = _10 + _11010011 348 // _11100101 = _10000 + _11010101 349 // _11101101 = _1000 + _11100101 350 // i45 = ((_10000101 + _10100101) << 7 + _1011011) << 10 + _10101011 351 // i74 = ((i45 << 8 + _11010011) << 9 + _10001011) << 10 352 // i94 = ((_10100101 + i74) << 7 + _101011) << 10 + _11000001 353 // i123 = ((i94 << 9 + _11010001) << 10 + _11010001) << 8 354 // i142 = ((_11100101 + i123) << 8 + _11000011) << 8 + _1111011 355 // i181 = ((i142 << 17 + _101011) << 10 + _11010101) << 10 356 // i195 = ((_11101101 + i181) << 8 + _11101101 + _10000) << 3 357 // i243 = ((_101 + i195) << 35 + _10000101) << 10 + _100011 358 // return i243 << 46 359 // 360 // Operations: 247 squares 42 multiplies 361 362 // Allocate Temporaries. 363 var ( 364 t0 = new(Element) 365 t1 = new(Element) 366 t2 = new(Element) 367 t3 = new(Element) 368 t4 = new(Element) 369 t5 = new(Element) 370 t6 = new(Element) 371 t7 = new(Element) 372 t8 = new(Element) 373 t9 = new(Element) 374 t10 = new(Element) 375 t11 = new(Element) 376 t12 = new(Element) 377 t13 = new(Element) 378 t14 = new(Element) 379 t15 = new(Element) 380 t16 = new(Element) 381 ) 382 383 // var t0,t1,t2,t3,t4,t5,t6,t7,t8,t9,t10,t11,t12,t13,t14,t15,t16 Element 384 // Step 1: t4 = x^0x2 385 t4.Square(&x) 386 387 // Step 2: z = x^0x3 388 z.Mul(&x, t4) 389 390 // Step 3: t1 = x^0x5 391 t1.Mul(t4, z) 392 393 // Step 4: t8 = x^0x6 394 t8.Mul(&x, t1) 395 396 // Step 5: t3 = x^0x8 397 t3.Mul(t4, t8) 398 399 // Step 6: t2 = x^0x10 400 t2.Square(t3) 401 402 // Step 7: t7 = x^0x16 403 t7.Mul(t8, t2) 404 405 // Step 8: t9 = x^0x20 406 t9.Square(t2) 407 408 // Step 9: z = x^0x23 409 z.Mul(z, t9) 410 411 // Step 10: t5 = x^0x2b 412 t5.Mul(t3, z) 413 414 // Step 11: t0 = x^0x2d 415 t0.Mul(t4, t5) 416 417 // Step 12: t0 = x^0x5a 418 t0.Square(t0) 419 420 // Step 13: t15 = x^0x5b 421 t15.Mul(&x, t0) 422 423 // Step 14: t6 = x^0x7b 424 t6.Mul(t9, t15) 425 426 // Step 15: t0 = x^0x85 427 t0.Mul(t5, t0) 428 429 // Step 16: t12 = x^0x8b 430 t12.Mul(t8, t0) 431 432 // Step 17: t11 = x^0xa5 433 t11.Mul(t9, t0) 434 435 // Step 18: t14 = x^0xab 436 t14.Mul(t8, t11) 437 438 // Step 19: t10 = x^0xc1 439 t10.Mul(t7, t14) 440 441 // Step 20: t7 = x^0xc3 442 t7.Mul(t4, t10) 443 444 // Step 21: t9 = x^0xd1 445 t9.Mul(t2, t10) 446 447 // Step 22: t13 = x^0xd3 448 t13.Mul(t4, t9) 449 450 // Step 23: t4 = x^0xd5 451 t4.Mul(t4, t13) 452 453 // Step 24: t8 = x^0xe5 454 t8.Mul(t2, t4) 455 456 // Step 25: t3 = x^0xed 457 t3.Mul(t3, t8) 458 459 // Step 26: t16 = x^0x12a 460 t16.Mul(t0, t11) 461 462 // Step 33: t16 = x^0x9500 463 for s := 0; s < 7; s++ { 464 t16.Square(t16) 465 } 466 467 // Step 34: t15 = x^0x955b 468 t15.Mul(t15, t16) 469 470 // Step 44: t15 = x^0x2556c00 471 for s := 0; s < 10; s++ { 472 t15.Square(t15) 473 } 474 475 // Step 45: t14 = x^0x2556cab 476 t14.Mul(t14, t15) 477 478 // Step 53: t14 = x^0x2556cab00 479 for s := 0; s < 8; s++ { 480 t14.Square(t14) 481 } 482 483 // Step 54: t13 = x^0x2556cabd3 484 t13.Mul(t13, t14) 485 486 // Step 63: t13 = x^0x4aad957a600 487 for s := 0; s < 9; s++ { 488 t13.Square(t13) 489 } 490 491 // Step 64: t12 = x^0x4aad957a68b 492 t12.Mul(t12, t13) 493 494 // Step 74: t12 = x^0x12ab655e9a2c00 495 for s := 0; s < 10; s++ { 496 t12.Square(t12) 497 } 498 499 // Step 75: t11 = x^0x12ab655e9a2ca5 500 t11.Mul(t11, t12) 501 502 // Step 82: t11 = x^0x955b2af4d165280 503 for s := 0; s < 7; s++ { 504 t11.Square(t11) 505 } 506 507 // Step 83: t11 = x^0x955b2af4d1652ab 508 t11.Mul(t5, t11) 509 510 // Step 93: t11 = x^0x2556cabd34594aac00 511 for s := 0; s < 10; s++ { 512 t11.Square(t11) 513 } 514 515 // Step 94: t10 = x^0x2556cabd34594aacc1 516 t10.Mul(t10, t11) 517 518 // Step 103: t10 = x^0x4aad957a68b295598200 519 for s := 0; s < 9; s++ { 520 t10.Square(t10) 521 } 522 523 // Step 104: t10 = x^0x4aad957a68b2955982d1 524 t10.Mul(t9, t10) 525 526 // Step 114: t10 = x^0x12ab655e9a2ca55660b4400 527 for s := 0; s < 10; s++ { 528 t10.Square(t10) 529 } 530 531 // Step 115: t9 = x^0x12ab655e9a2ca55660b44d1 532 t9.Mul(t9, t10) 533 534 // Step 123: t9 = x^0x12ab655e9a2ca55660b44d100 535 for s := 0; s < 8; s++ { 536 t9.Square(t9) 537 } 538 539 // Step 124: t8 = x^0x12ab655e9a2ca55660b44d1e5 540 t8.Mul(t8, t9) 541 542 // Step 132: t8 = x^0x12ab655e9a2ca55660b44d1e500 543 for s := 0; s < 8; s++ { 544 t8.Square(t8) 545 } 546 547 // Step 133: t7 = x^0x12ab655e9a2ca55660b44d1e5c3 548 t7.Mul(t7, t8) 549 550 // Step 141: t7 = x^0x12ab655e9a2ca55660b44d1e5c300 551 for s := 0; s < 8; s++ { 552 t7.Square(t7) 553 } 554 555 // Step 142: t6 = x^0x12ab655e9a2ca55660b44d1e5c37b 556 t6.Mul(t6, t7) 557 558 // Step 159: t6 = x^0x2556cabd34594aacc1689a3cb86f60000 559 for s := 0; s < 17; s++ { 560 t6.Square(t6) 561 } 562 563 // Step 160: t5 = x^0x2556cabd34594aacc1689a3cb86f6002b 564 t5.Mul(t5, t6) 565 566 // Step 170: t5 = x^0x955b2af4d1652ab305a268f2e1bd800ac00 567 for s := 0; s < 10; s++ { 568 t5.Square(t5) 569 } 570 571 // Step 171: t4 = x^0x955b2af4d1652ab305a268f2e1bd800acd5 572 t4.Mul(t4, t5) 573 574 // Step 181: t4 = x^0x2556cabd34594aacc1689a3cb86f6002b35400 575 for s := 0; s < 10; s++ { 576 t4.Square(t4) 577 } 578 579 // Step 182: t4 = x^0x2556cabd34594aacc1689a3cb86f6002b354ed 580 t4.Mul(t3, t4) 581 582 // Step 190: t4 = x^0x2556cabd34594aacc1689a3cb86f6002b354ed00 583 for s := 0; s < 8; s++ { 584 t4.Square(t4) 585 } 586 587 // Step 191: t3 = x^0x2556cabd34594aacc1689a3cb86f6002b354eded 588 t3.Mul(t3, t4) 589 590 // Step 192: t2 = x^0x2556cabd34594aacc1689a3cb86f6002b354edfd 591 t2.Mul(t2, t3) 592 593 // Step 195: t2 = x^0x12ab655e9a2ca55660b44d1e5c37b00159aa76fe8 594 for s := 0; s < 3; s++ { 595 t2.Square(t2) 596 } 597 598 // Step 196: t1 = x^0x12ab655e9a2ca55660b44d1e5c37b00159aa76fed 599 t1.Mul(t1, t2) 600 601 // Step 231: t1 = x^0x955b2af4d1652ab305a268f2e1bd800acd53b7f6800000000 602 for s := 0; s < 35; s++ { 603 t1.Square(t1) 604 } 605 606 // Step 232: t0 = x^0x955b2af4d1652ab305a268f2e1bd800acd53b7f6800000085 607 t0.Mul(t0, t1) 608 609 // Step 242: t0 = x^0x2556cabd34594aacc1689a3cb86f6002b354edfda00000021400 610 for s := 0; s < 10; s++ { 611 t0.Square(t0) 612 } 613 614 // Step 243: z = x^0x2556cabd34594aacc1689a3cb86f6002b354edfda00000021423 615 z.Mul(z, t0) 616 617 // Step 289: z = x^0x955b2af4d1652ab305a268f2e1bd800acd53b7f680000008508c00000000000 618 for s := 0; s < 46; s++ { 619 z.Square(z) 620 } 621 622 return z 623 }