github.com/consensys/gnark-crypto@v0.14.0/ecc/bls12-378/fr/element_exp.go (about) 1 // Copyright 2020 ConsenSys Software Inc. 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 // Code generated by consensys/gnark-crypto DO NOT EDIT 16 17 package fr 18 19 // expBySqrtExp is equivalent to z.Exp(x, 41cf7391def65d630ef0ff69c7b761ffd5cefe7b4128000265228) 20 // 21 // uses github.com/mmcloughlin/addchain v0.4.0 to generate a shorter addition chain 22 func (z *Element) expBySqrtExp(x Element) *Element { 23 // addition chain: 24 // 25 // _10 = 2*1 26 // _100 = 2*_10 27 // _101 = 1 + _100 28 // _1010 = 2*_101 29 // _1111 = _101 + _1010 30 // _10011 = _100 + _1111 31 // _10100 = 1 + _10011 32 // _11101 = _1010 + _10011 33 // _101100 = _1111 + _11101 34 // _1001001 = _11101 + _101100 35 // _1001101 = _100 + _1001001 36 // _1001111 = _10 + _1001101 37 // _1010011 = _100 + _1001111 38 // _1011100 = _1111 + _1001101 39 // _10101011 = _1001111 + _1011100 40 // _10111110 = _10011 + _10101011 41 // _11001000 = _1010 + _10111110 42 // i18 = 2*_11001000 43 // i19 = _10101011 + i18 44 // i20 = _1001001 + i19 45 // i21 = i18 + i20 46 // i22 = _1001101 + i21 47 // i23 = _1010011 + i22 48 // i24 = _1001001 + i23 49 // i25 = i20 + i24 50 // i26 = _1111 + i25 51 // i27 = i19 + i26 52 // i28 = i22 + i27 53 // i29 = i24 + i28 54 // i30 = _10111110 + i29 55 // i31 = _101100 + i30 56 // i32 = i25 + i31 57 // i33 = i30 + i32 58 // i34 = i28 + i33 59 // i35 = _10100 + i34 60 // i36 = i21 + i35 61 // i37 = i32 + i36 62 // i38 = i27 + i37 63 // i39 = i31 + i38 64 // i40 = i23 + i39 65 // i41 = 2*i36 66 // i42 = i38 + i40 67 // i43 = _1011100 + i42 68 // i92 = ((i41 << 16 + i42) << 14 + i33) << 17 69 // i129 = ((i37 + i92) << 20 + i26 + i43) << 14 70 // i168 = ((i34 + i129) << 17 + i35) << 19 + i40 71 // i209 = ((i168 << 17 + i43) << 17 + i39) << 5 72 // i248 = ((_101 + i209) << 30 + i29) << 6 + _101 73 // return i248 << 3 74 // 75 // Operations: 200 squares 51 multiplies 76 77 // Allocate Temporaries. 78 var ( 79 t0 = new(Element) 80 t1 = new(Element) 81 t2 = new(Element) 82 t3 = new(Element) 83 t4 = new(Element) 84 t5 = new(Element) 85 t6 = new(Element) 86 t7 = new(Element) 87 t8 = new(Element) 88 t9 = new(Element) 89 t10 = new(Element) 90 ) 91 92 // var t0,t1,t2,t3,t4,t5,t6,t7,t8,t9,t10 Element 93 // Step 1: t3 = x^0x2 94 t3.Square(&x) 95 96 // Step 2: t2 = x^0x4 97 t2.Square(t3) 98 99 // Step 3: z = x^0x5 100 z.Mul(&x, t2) 101 102 // Step 4: t9 = x^0xa 103 t9.Square(z) 104 105 // Step 5: t6 = x^0xf 106 t6.Mul(z, t9) 107 108 // Step 6: t8 = x^0x13 109 t8.Mul(t2, t6) 110 111 // Step 7: t4 = x^0x14 112 t4.Mul(&x, t8) 113 114 // Step 8: t0 = x^0x1d 115 t0.Mul(t9, t8) 116 117 // Step 9: t1 = x^0x2c 118 t1.Mul(t6, t0) 119 120 // Step 10: t0 = x^0x49 121 t0.Mul(t0, t1) 122 123 // Step 11: t5 = x^0x4d 124 t5.Mul(t2, t0) 125 126 // Step 12: t7 = x^0x4f 127 t7.Mul(t3, t5) 128 129 // Step 13: t3 = x^0x53 130 t3.Mul(t2, t7) 131 132 // Step 14: t2 = x^0x5c 133 t2.Mul(t6, t5) 134 135 // Step 15: t7 = x^0xab 136 t7.Mul(t7, t2) 137 138 // Step 16: t8 = x^0xbe 139 t8.Mul(t8, t7) 140 141 // Step 17: t9 = x^0xc8 142 t9.Mul(t9, t8) 143 144 // Step 18: t10 = x^0x190 145 t10.Square(t9) 146 147 // Step 19: t9 = x^0x23b 148 t9.Mul(t7, t10) 149 150 // Step 20: t7 = x^0x284 151 t7.Mul(t0, t9) 152 153 // Step 21: t10 = x^0x414 154 t10.Mul(t10, t7) 155 156 // Step 22: t5 = x^0x461 157 t5.Mul(t5, t10) 158 159 // Step 23: t3 = x^0x4b4 160 t3.Mul(t3, t5) 161 162 // Step 24: t0 = x^0x4fd 163 t0.Mul(t0, t3) 164 165 // Step 25: t7 = x^0x781 166 t7.Mul(t7, t0) 167 168 // Step 26: t6 = x^0x790 169 t6.Mul(t6, t7) 170 171 // Step 27: t9 = x^0x9cb 172 t9.Mul(t9, t6) 173 174 // Step 28: t5 = x^0xe2c 175 t5.Mul(t5, t9) 176 177 // Step 29: t0 = x^0x1329 178 t0.Mul(t0, t5) 179 180 // Step 30: t8 = x^0x13e7 181 t8.Mul(t8, t0) 182 183 // Step 31: t1 = x^0x1413 184 t1.Mul(t1, t8) 185 186 // Step 32: t7 = x^0x1b94 187 t7.Mul(t7, t1) 188 189 // Step 33: t8 = x^0x2f7b 190 t8.Mul(t8, t7) 191 192 // Step 34: t5 = x^0x3da7 193 t5.Mul(t5, t8) 194 195 // Step 35: t4 = x^0x3dbb 196 t4.Mul(t4, t5) 197 198 // Step 36: t10 = x^0x41cf 199 t10.Mul(t10, t4) 200 201 // Step 37: t7 = x^0x5d63 202 t7.Mul(t7, t10) 203 204 // Step 38: t9 = x^0x672e 205 t9.Mul(t9, t7) 206 207 // Step 39: t1 = x^0x7b41 208 t1.Mul(t1, t9) 209 210 // Step 40: t3 = x^0x7ff5 211 t3.Mul(t3, t1) 212 213 // Step 41: t10 = x^0x839e 214 t10.Square(t10) 215 216 // Step 42: t9 = x^0xe723 217 t9.Mul(t9, t3) 218 219 // Step 43: t2 = x^0xe77f 220 t2.Mul(t2, t9) 221 222 // Step 59: t10 = x^0x839e0000 223 for s := 0; s < 16; s++ { 224 t10.Square(t10) 225 } 226 227 // Step 60: t9 = x^0x839ee723 228 t9.Mul(t9, t10) 229 230 // Step 74: t9 = x^0x20e7b9c8c000 231 for s := 0; s < 14; s++ { 232 t9.Square(t9) 233 } 234 235 // Step 75: t8 = x^0x20e7b9c8ef7b 236 t8.Mul(t8, t9) 237 238 // Step 92: t8 = x^0x41cf7391def60000 239 for s := 0; s < 17; s++ { 240 t8.Square(t8) 241 } 242 243 // Step 93: t7 = x^0x41cf7391def65d63 244 t7.Mul(t7, t8) 245 246 // Step 113: t7 = x^0x41cf7391def65d6300000 247 for s := 0; s < 20; s++ { 248 t7.Square(t7) 249 } 250 251 // Step 114: t6 = x^0x41cf7391def65d6300790 252 t6.Mul(t6, t7) 253 254 // Step 115: t6 = x^0x41cf7391def65d630ef0f 255 t6.Mul(t2, t6) 256 257 // Step 129: t6 = x^0x1073dce477bd9758c3bc3c000 258 for s := 0; s < 14; s++ { 259 t6.Square(t6) 260 } 261 262 // Step 130: t5 = x^0x1073dce477bd9758c3bc3fda7 263 t5.Mul(t5, t6) 264 265 // Step 147: t5 = x^0x20e7b9c8ef7b2eb187787fb4e0000 266 for s := 0; s < 17; s++ { 267 t5.Square(t5) 268 } 269 270 // Step 148: t4 = x^0x20e7b9c8ef7b2eb187787fb4e3dbb 271 t4.Mul(t4, t5) 272 273 // Step 167: t4 = x^0x1073dce477bd9758c3bc3fda71edd80000 274 for s := 0; s < 19; s++ { 275 t4.Square(t4) 276 } 277 278 // Step 168: t3 = x^0x1073dce477bd9758c3bc3fda71edd87ff5 279 t3.Mul(t3, t4) 280 281 // Step 185: t3 = x^0x20e7b9c8ef7b2eb187787fb4e3dbb0ffea0000 282 for s := 0; s < 17; s++ { 283 t3.Square(t3) 284 } 285 286 // Step 186: t2 = x^0x20e7b9c8ef7b2eb187787fb4e3dbb0ffeae77f 287 t2.Mul(t2, t3) 288 289 // Step 203: t2 = x^0x41cf7391def65d630ef0ff69c7b761ffd5cefe0000 290 for s := 0; s < 17; s++ { 291 t2.Square(t2) 292 } 293 294 // Step 204: t1 = x^0x41cf7391def65d630ef0ff69c7b761ffd5cefe7b41 295 t1.Mul(t1, t2) 296 297 // Step 209: t1 = x^0x839ee723bdecbac61de1fed38f6ec3ffab9dfcf6820 298 for s := 0; s < 5; s++ { 299 t1.Square(t1) 300 } 301 302 // Step 210: t1 = x^0x839ee723bdecbac61de1fed38f6ec3ffab9dfcf6825 303 t1.Mul(z, t1) 304 305 // Step 240: t1 = x^0x20e7b9c8ef7b2eb187787fb4e3dbb0ffeae77f3da0940000000 306 for s := 0; s < 30; s++ { 307 t1.Square(t1) 308 } 309 310 // Step 241: t0 = x^0x20e7b9c8ef7b2eb187787fb4e3dbb0ffeae77f3da0940001329 311 t0.Mul(t0, t1) 312 313 // Step 247: t0 = x^0x839ee723bdecbac61de1fed38f6ec3ffab9dfcf682500004ca40 314 for s := 0; s < 6; s++ { 315 t0.Square(t0) 316 } 317 318 // Step 248: z = x^0x839ee723bdecbac61de1fed38f6ec3ffab9dfcf682500004ca45 319 z.Mul(z, t0) 320 321 // Step 251: z = x^0x41cf7391def65d630ef0ff69c7b761ffd5cefe7b4128000265228 322 for s := 0; s < 3; s++ { 323 z.Square(z) 324 } 325 326 return z 327 } 328 329 // expByLegendreExp is equivalent to z.Exp(x, 1073dce477bd9758c3bc3fda71edd87ff573bf9ed04a00009948a20000000000) 330 // 331 // uses github.com/mmcloughlin/addchain v0.4.0 to generate a shorter addition chain 332 func (z *Element) expByLegendreExp(x Element) *Element { 333 // addition chain: 334 // 335 // _10 = 2*1 336 // _100 = 2*_10 337 // _101 = 1 + _100 338 // _1010 = 2*_101 339 // _1111 = _101 + _1010 340 // _10011 = _100 + _1111 341 // _10100 = 1 + _10011 342 // _11101 = _1010 + _10011 343 // _101100 = _1111 + _11101 344 // _1001001 = _11101 + _101100 345 // _1001101 = _100 + _1001001 346 // _1001111 = _10 + _1001101 347 // _1010001 = _10 + _1001111 348 // _1010011 = _10 + _1010001 349 // _1011100 = _1111 + _1001101 350 // _10101011 = _1001111 + _1011100 351 // _10111110 = _10011 + _10101011 352 // _11001000 = _1010 + _10111110 353 // i19 = 2*_11001000 354 // i20 = _10101011 + i19 355 // i21 = _1001001 + i20 356 // i22 = i19 + i21 357 // i23 = _1001101 + i22 358 // i24 = _1010011 + i23 359 // i25 = _1001001 + i24 360 // i26 = i21 + i25 361 // i27 = _1111 + i26 362 // i28 = i20 + i27 363 // i29 = i23 + i28 364 // i30 = i25 + i29 365 // i31 = _10111110 + i30 366 // i32 = _101100 + i31 367 // i33 = i26 + i32 368 // i34 = i31 + i33 369 // i35 = i29 + i34 370 // i36 = _10100 + i35 371 // i37 = i22 + i36 372 // i38 = i33 + i37 373 // i39 = i28 + i38 374 // i40 = i32 + i39 375 // i41 = i24 + i40 376 // i42 = 2*i37 377 // i43 = i39 + i41 378 // i44 = _1011100 + i43 379 // i93 = ((i42 << 16 + i43) << 14 + i34) << 17 380 // i130 = ((i38 + i93) << 20 + i27 + i44) << 14 381 // i169 = ((i35 + i130) << 17 + i36) << 19 + i41 382 // i210 = ((i169 << 17 + i44) << 17 + i40) << 5 383 // i253 = ((_101 + i210) << 30 + i30) << 10 + _1010001 384 // return i253 << 41 385 // 386 // Operations: 242 squares 52 multiplies 387 388 // Allocate Temporaries. 389 var ( 390 t0 = new(Element) 391 t1 = new(Element) 392 t2 = new(Element) 393 t3 = new(Element) 394 t4 = new(Element) 395 t5 = new(Element) 396 t6 = new(Element) 397 t7 = new(Element) 398 t8 = new(Element) 399 t9 = new(Element) 400 t10 = new(Element) 401 t11 = new(Element) 402 ) 403 404 // var t0,t1,t2,t3,t4,t5,t6,t7,t8,t9,t10,t11 Element 405 // Step 1: t3 = x^0x2 406 t3.Square(&x) 407 408 // Step 2: z = x^0x4 409 z.Square(t3) 410 411 // Step 3: t1 = x^0x5 412 t1.Mul(&x, z) 413 414 // Step 4: t10 = x^0xa 415 t10.Square(t1) 416 417 // Step 5: t7 = x^0xf 418 t7.Mul(t1, t10) 419 420 // Step 6: t9 = x^0x13 421 t9.Mul(z, t7) 422 423 // Step 7: t5 = x^0x14 424 t5.Mul(&x, t9) 425 426 // Step 8: t0 = x^0x1d 427 t0.Mul(t10, t9) 428 429 // Step 9: t2 = x^0x2c 430 t2.Mul(t7, t0) 431 432 // Step 10: t0 = x^0x49 433 t0.Mul(t0, t2) 434 435 // Step 11: t6 = x^0x4d 436 t6.Mul(z, t0) 437 438 // Step 12: t8 = x^0x4f 439 t8.Mul(t3, t6) 440 441 // Step 13: z = x^0x51 442 z.Mul(t3, t8) 443 444 // Step 14: t4 = x^0x53 445 t4.Mul(t3, z) 446 447 // Step 15: t3 = x^0x5c 448 t3.Mul(t7, t6) 449 450 // Step 16: t8 = x^0xab 451 t8.Mul(t8, t3) 452 453 // Step 17: t9 = x^0xbe 454 t9.Mul(t9, t8) 455 456 // Step 18: t10 = x^0xc8 457 t10.Mul(t10, t9) 458 459 // Step 19: t11 = x^0x190 460 t11.Square(t10) 461 462 // Step 20: t10 = x^0x23b 463 t10.Mul(t8, t11) 464 465 // Step 21: t8 = x^0x284 466 t8.Mul(t0, t10) 467 468 // Step 22: t11 = x^0x414 469 t11.Mul(t11, t8) 470 471 // Step 23: t6 = x^0x461 472 t6.Mul(t6, t11) 473 474 // Step 24: t4 = x^0x4b4 475 t4.Mul(t4, t6) 476 477 // Step 25: t0 = x^0x4fd 478 t0.Mul(t0, t4) 479 480 // Step 26: t8 = x^0x781 481 t8.Mul(t8, t0) 482 483 // Step 27: t7 = x^0x790 484 t7.Mul(t7, t8) 485 486 // Step 28: t10 = x^0x9cb 487 t10.Mul(t10, t7) 488 489 // Step 29: t6 = x^0xe2c 490 t6.Mul(t6, t10) 491 492 // Step 30: t0 = x^0x1329 493 t0.Mul(t0, t6) 494 495 // Step 31: t9 = x^0x13e7 496 t9.Mul(t9, t0) 497 498 // Step 32: t2 = x^0x1413 499 t2.Mul(t2, t9) 500 501 // Step 33: t8 = x^0x1b94 502 t8.Mul(t8, t2) 503 504 // Step 34: t9 = x^0x2f7b 505 t9.Mul(t9, t8) 506 507 // Step 35: t6 = x^0x3da7 508 t6.Mul(t6, t9) 509 510 // Step 36: t5 = x^0x3dbb 511 t5.Mul(t5, t6) 512 513 // Step 37: t11 = x^0x41cf 514 t11.Mul(t11, t5) 515 516 // Step 38: t8 = x^0x5d63 517 t8.Mul(t8, t11) 518 519 // Step 39: t10 = x^0x672e 520 t10.Mul(t10, t8) 521 522 // Step 40: t2 = x^0x7b41 523 t2.Mul(t2, t10) 524 525 // Step 41: t4 = x^0x7ff5 526 t4.Mul(t4, t2) 527 528 // Step 42: t11 = x^0x839e 529 t11.Square(t11) 530 531 // Step 43: t10 = x^0xe723 532 t10.Mul(t10, t4) 533 534 // Step 44: t3 = x^0xe77f 535 t3.Mul(t3, t10) 536 537 // Step 60: t11 = x^0x839e0000 538 for s := 0; s < 16; s++ { 539 t11.Square(t11) 540 } 541 542 // Step 61: t10 = x^0x839ee723 543 t10.Mul(t10, t11) 544 545 // Step 75: t10 = x^0x20e7b9c8c000 546 for s := 0; s < 14; s++ { 547 t10.Square(t10) 548 } 549 550 // Step 76: t9 = x^0x20e7b9c8ef7b 551 t9.Mul(t9, t10) 552 553 // Step 93: t9 = x^0x41cf7391def60000 554 for s := 0; s < 17; s++ { 555 t9.Square(t9) 556 } 557 558 // Step 94: t8 = x^0x41cf7391def65d63 559 t8.Mul(t8, t9) 560 561 // Step 114: t8 = x^0x41cf7391def65d6300000 562 for s := 0; s < 20; s++ { 563 t8.Square(t8) 564 } 565 566 // Step 115: t7 = x^0x41cf7391def65d6300790 567 t7.Mul(t7, t8) 568 569 // Step 116: t7 = x^0x41cf7391def65d630ef0f 570 t7.Mul(t3, t7) 571 572 // Step 130: t7 = x^0x1073dce477bd9758c3bc3c000 573 for s := 0; s < 14; s++ { 574 t7.Square(t7) 575 } 576 577 // Step 131: t6 = x^0x1073dce477bd9758c3bc3fda7 578 t6.Mul(t6, t7) 579 580 // Step 148: t6 = x^0x20e7b9c8ef7b2eb187787fb4e0000 581 for s := 0; s < 17; s++ { 582 t6.Square(t6) 583 } 584 585 // Step 149: t5 = x^0x20e7b9c8ef7b2eb187787fb4e3dbb 586 t5.Mul(t5, t6) 587 588 // Step 168: t5 = x^0x1073dce477bd9758c3bc3fda71edd80000 589 for s := 0; s < 19; s++ { 590 t5.Square(t5) 591 } 592 593 // Step 169: t4 = x^0x1073dce477bd9758c3bc3fda71edd87ff5 594 t4.Mul(t4, t5) 595 596 // Step 186: t4 = x^0x20e7b9c8ef7b2eb187787fb4e3dbb0ffea0000 597 for s := 0; s < 17; s++ { 598 t4.Square(t4) 599 } 600 601 // Step 187: t3 = x^0x20e7b9c8ef7b2eb187787fb4e3dbb0ffeae77f 602 t3.Mul(t3, t4) 603 604 // Step 204: t3 = x^0x41cf7391def65d630ef0ff69c7b761ffd5cefe0000 605 for s := 0; s < 17; s++ { 606 t3.Square(t3) 607 } 608 609 // Step 205: t2 = x^0x41cf7391def65d630ef0ff69c7b761ffd5cefe7b41 610 t2.Mul(t2, t3) 611 612 // Step 210: t2 = x^0x839ee723bdecbac61de1fed38f6ec3ffab9dfcf6820 613 for s := 0; s < 5; s++ { 614 t2.Square(t2) 615 } 616 617 // Step 211: t1 = x^0x839ee723bdecbac61de1fed38f6ec3ffab9dfcf6825 618 t1.Mul(t1, t2) 619 620 // Step 241: t1 = x^0x20e7b9c8ef7b2eb187787fb4e3dbb0ffeae77f3da0940000000 621 for s := 0; s < 30; s++ { 622 t1.Square(t1) 623 } 624 625 // Step 242: t0 = x^0x20e7b9c8ef7b2eb187787fb4e3dbb0ffeae77f3da0940001329 626 t0.Mul(t0, t1) 627 628 // Step 252: t0 = x^0x839ee723bdecbac61de1fed38f6ec3ffab9dfcf682500004ca400 629 for s := 0; s < 10; s++ { 630 t0.Square(t0) 631 } 632 633 // Step 253: z = x^0x839ee723bdecbac61de1fed38f6ec3ffab9dfcf682500004ca451 634 z.Mul(z, t0) 635 636 // Step 294: z = x^0x1073dce477bd9758c3bc3fda71edd87ff573bf9ed04a00009948a20000000000 637 for s := 0; s < 41; s++ { 638 z.Square(z) 639 } 640 641 return z 642 }