github.com/consensys/gnark-crypto@v0.14.0/ecc/bls24-315/internal/fptower/e24_pairing.go (about) 1 package fptower 2 3 func (z *E24) nSquareCompressed(n int) { 4 for i := 0; i < n; i++ { 5 z.CyclotomicSquareCompressed(z) 6 } 7 } 8 9 // Expt set z to x^t in E24 and return z (t is the seed of the curve) 10 // -2**32+2**30+2**22-2**20+1 11 func (z *E24) Expt(x *E24) *E24 { 12 13 var result, x20, x22, x30, x32 E24 14 result.Set(x) 15 16 result.nSquareCompressed(20) 17 x20.Conjugate(&result) 18 result.nSquareCompressed(2) 19 x22.Set(&result) 20 result.nSquareCompressed(8) 21 x30.Set(&result) 22 23 batch := BatchDecompressKarabina([]E24{x20, x22, x30}) 24 25 x32.CyclotomicSquare(&batch[2]). 26 CyclotomicSquare(&x32). 27 Conjugate(&x32) 28 29 z.Mul(x, &batch[0]). 30 Mul(z, &batch[1]). 31 Mul(z, &batch[2]). 32 Mul(z, &x32) 33 34 return z 35 } 36 37 // MulBy034 multiplication by sparse element (c0,0,0,c3,c4,0) 38 func (z *E24) MulBy034(c0, c3, c4 *E4) *E24 { 39 40 var a, b, d E12 41 42 a.MulByE2(&z.D0, c0) 43 44 b.Set(&z.D1) 45 b.MulBy01(c3, c4) 46 47 var d0 E4 48 d0.Add(c0, c3) 49 d.Add(&z.D0, &z.D1) 50 d.MulBy01(&d0, c4) 51 52 z.D1.Add(&a, &b).Neg(&z.D1).Add(&z.D1, &d) 53 z.D0.MulByNonResidue(&b).Add(&z.D0, &a) 54 55 return z 56 } 57 58 // MulBy34 multiplication by sparse element (1,0,0,c3,c4,0) 59 func (z *E24) MulBy34(c3, c4 *E4) *E24 { 60 61 var a, b, d E12 62 63 a.Set(&z.D0) 64 65 b.Set(&z.D1) 66 b.MulBy01(c3, c4) 67 68 var d0 E4 69 d0.SetOne().Add(&d0, c3) 70 d.Add(&z.D0, &z.D1) 71 d.MulBy01(&d0, c4) 72 73 z.D1.Add(&a, &b).Neg(&z.D1).Add(&z.D1, &d) 74 z.D0.MulByNonResidue(&b).Add(&z.D0, &a) 75 76 return z 77 } 78 79 // Mul034By034 multiplication of sparse element (c0,0,0,c3,c4,0) by sparse element (d0,0,0,d3,d4,0) 80 func Mul034By034(d0, d3, d4, c0, c3, c4 *E4) [5]E4 { 81 var z00, tmp, x0, x3, x4, x04, x03, x34 E4 82 x0.Mul(c0, d0) 83 x3.Mul(c3, d3) 84 x4.Mul(c4, d4) 85 tmp.Add(c0, c4) 86 x04.Add(d0, d4). 87 Mul(&x04, &tmp). 88 Sub(&x04, &x0). 89 Sub(&x04, &x4) 90 tmp.Add(c0, c3) 91 x03.Add(d0, d3). 92 Mul(&x03, &tmp). 93 Sub(&x03, &x0). 94 Sub(&x03, &x3) 95 tmp.Add(c3, c4) 96 x34.Add(d3, d4). 97 Mul(&x34, &tmp). 98 Sub(&x34, &x3). 99 Sub(&x34, &x4) 100 101 z00.MulByNonResidue(&x4). 102 Add(&z00, &x0) 103 104 return [5]E4{z00, x3, x34, x03, x04} 105 } 106 107 // Mul34By34 multiplication of sparse element (1,0,0,c3,c4,0) by sparse element (1,0,0,d3,d4,0) 108 func Mul34By34(d3, d4, c3, c4 *E4) [5]E4 { 109 var z00, tmp, x0, x3, x4, x04, x03, x34 E4 110 x3.Mul(c3, d3) 111 x4.Mul(c4, d4) 112 x04.Add(c4, d4) 113 x03.Add(c3, d3) 114 tmp.Add(c3, c4) 115 x34.Add(d3, d4). 116 Mul(&x34, &tmp). 117 Sub(&x34, &x3). 118 Sub(&x34, &x4) 119 120 x0.SetOne() 121 z00.MulByNonResidue(&x4). 122 Add(&z00, &x0) 123 124 return [5]E4{z00, x3, x34, x03, x04} 125 } 126 127 // MulBy01234 multiplies z by an E12 sparse element of the form (x0, x1, x2, x3, x4, 0) 128 func (z *E24) MulBy01234(x *[5]E4) *E24 { 129 var c1, a, b, c, z0, z1 E12 130 c0 := &E12{C0: x[0], C1: x[1], C2: x[2]} 131 c1.C0 = x[3] 132 c1.C1 = x[4] 133 a.Add(&z.D0, &z.D1) 134 b.Add(c0, &c1) 135 a.Mul(&a, &b) 136 b.Mul(&z.D0, c0) 137 c.Set(&z.D1).MulBy01(&x[3], &x[4]) 138 z1.Sub(&a, &b) 139 z1.Sub(&z1, &c) 140 z0.MulByNonResidue(&c) 141 z0.Add(&z0, &b) 142 143 z.D0 = z0 144 z.D1 = z1 145 146 return z 147 }