github.com/consensys/gnark-crypto@v0.14.0/ecc/bls12-381/internal/fptower/e2_bls381.go

github.com/consensys/gnark-crypto@v0.14.0/ecc/bls12-381/internal/fptower/e2_bls381.go (about)

     1  // Copyright 2020 ConsenSys AG
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package fptower
    16  
    17  import "github.com/consensys/gnark-crypto/ecc/bls12-381/fp"
    18  
    19  // used with !amd64, make staticcheck happier.
    20  var (
    21  	_ = mulGenericE2
    22  	_ = squareGenericE2
    23  )
    24  
    25  // mulGenericE2 sets z to the E2-product of x,y, returns z
    26  // note: do not rename, this is referenced in the x86 assembly impl
    27  func mulGenericE2(z, x, y *E2) {
    28  	var a, b, c fp.Element
    29  	a.Add(&x.A0, &x.A1)
    30  	b.Add(&y.A0, &y.A1)
    31  	a.Mul(&a, &b)
    32  	b.Mul(&x.A0, &y.A0)
    33  	c.Mul(&x.A1, &y.A1)
    34  	z.A1.Sub(&a, &b).Sub(&z.A1, &c)
    35  	z.A0.Sub(&b, &c)
    36  }
    37  
    38  // Square sets z to the E2-product of x,x returns z
    39  func squareGenericE2(z, x *E2) *E2 {
    40  	// adapted from algo 22 https://eprint.iacr.org/2010/354.pdf
    41  	var a, b fp.Element
    42  	a.Add(&x.A0, &x.A1)
    43  	b.Sub(&x.A0, &x.A1)
    44  	a.Mul(&a, &b)
    45  	b.Mul(&x.A0, &x.A1).Double(&b)
    46  	z.A0.Set(&a)
    47  	z.A1.Set(&b)
    48  	return z
    49  }
    50  
    51  var twoInv = fp.Element{
    52  	1730508156817200468,
    53  	9606178027640717313,
    54  	7150789853162776431,
    55  	7936136305760253186,
    56  	15245073033536294050,
    57  	1728177566264616342,
    58  }
    59  
    60  // MulByNonResidueInv multiplies a E2 by (1,1)^{-1}
    61  func (z *E2) MulByNonResidueInv(x *E2) *E2 {
    62  
    63  	var tmp fp.Element
    64  	tmp.Add(&x.A0, &x.A1)
    65  	z.A1.Sub(&x.A1, &x.A0).Mul(&z.A1, &twoInv)
    66  	z.A0.Set(&tmp).Mul(&z.A0, &twoInv)
    67  
    68  	return z
    69  }
    70  
    71  // Inverse sets z to the E2-inverse of x, returns z
    72  //
    73  // if x == 0, sets and returns z = x
    74  func (z *E2) Inverse(x *E2) *E2 {
    75  	// Algorithm 8 from https://eprint.iacr.org/2010/354.pdf
    76  	var t0, t1 fp.Element
    77  	t0.Square(&x.A0)
    78  	t1.Square(&x.A1)
    79  	t0.Add(&t0, &t1)
    80  	t1.Inverse(&t0)
    81  	z.A0.Mul(&x.A0, &t1)
    82  	z.A1.Mul(&x.A1, &t1).Neg(&z.A1)
    83  
    84  	return z
    85  }
    86  
    87  // norm sets x to the norm of z
    88  func (z *E2) norm(x *fp.Element) {
    89  	var tmp fp.Element
    90  	x.Square(&z.A0)
    91  	tmp.Square(&z.A1)
    92  	x.Add(x, &tmp)
    93  }
    94  
    95  // MulBybTwistCurveCoeff multiplies by 4(1,1)
    96  func (z *E2) MulBybTwistCurveCoeff(x *E2) *E2 {
    97  
    98  	var res E2
    99  	res.A0.Sub(&x.A0, &x.A1)
   100  	res.A1.Add(&x.A0, &x.A1)
   101  	z.Double(&res).
   102  		Double(z)
   103  
   104  	return z
   105  }