github.com/consensys/gnark-crypto@v0.14.0/ecc/bls24-315/internal/fptower/frobenius.go (about) 1 // Copyright 2020 ConsenSys AG 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://wwwApache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package fptower 16 17 import ( 18 "github.com/consensys/gnark-crypto/ecc/bls24-315/fp" 19 ) 20 21 // Frobenius sets z in E4 to x^q, returns z 22 func (z *E4) Frobenius(x *E4) *E4 { 23 24 var t [2]E2 25 26 frobCoeffA := fp.Element{ 27 18078622854523849680, 28 1984927455914812303, 29 2087856039593753391, 30 10384413649565796150, 31 62117205619808039, 32 } 33 34 t[0].Conjugate(&x.B0) 35 t[1].Conjugate(&x.B1).MulByElement(&t[1], &frobCoeffA) 36 37 z.B0 = t[0] 38 z.B1 = t[1] 39 40 return z 41 } 42 43 // Frobenius set z to Frobenius(x), return z 44 func (z *E24) Frobenius(x *E24) *E24 { 45 var t [12]E2 46 frobCoeff0 := fp.Element{ 47 18078622854523849680, 48 1984927455914812303, 49 2087856039593753391, 50 10384413649565796150, 51 62117205619808039, 52 } 53 frobCoeff1 := fp.Element{ 54 2418585497346853195, 55 4985300007263584554, 56 14090834255033678869, 57 8443077587606433532, 58 99465464973580433, 59 } 60 frobCoeff2 := fp.Element{ 61 8984310047302919300, 62 2498109052167961353, 63 1307418789688509602, 64 11960473000634917703, 65 283892625570574947, 66 } 67 frobCoeff3 := fp.Element{ 68 16266452697653617742, 69 3469624274549632133, 70 1532064828142410068, 71 17281049885654821422, 72 214020232334507350, 73 } 74 frobCoeff4 := fp.Element{ 75 5276991711591121542, 76 1764125630309599080, 77 4048361144298871290, 78 17215093588476212969, 79 305552045589664998, 80 } 81 frobCoeff5 := fp.Element{ 82 7336511025221188090, 83 2603771785376329468, 84 6562537755091890776, 85 9030934061021684028, 86 49077327029958380, 87 } 88 frobCoeff6 := fp.Element{ 89 2851480573204638815, 90 1335734525939490983, 91 5345966389475061568, 92 16856815570427136360, 93 235013868839987029, 94 } 95 frobCoeff7 := fp.Element{ 96 16303043965024461850, 97 18121025051155953387, 98 13066506537353112078, 99 1182352075644000644, 100 250600645981871933, 101 } 102 frobCoeff8 := fp.Element{ 103 319632480799633719, 104 12918588655636006616, 105 7080179244737088245, 106 5761903421758065752, 107 223741986209306126, 108 } 109 frobCoeff9 := fp.Element{ 110 7656143506020821809, 111 15522360441012336084, 112 13642716999828979021, 113 14792837482779749780, 114 272819313239264506, 115 } 116 frobCoeff10 := fp.Element{ 117 13058879110013405254, 118 6425951730151460541, 119 8330799211860746257, 120 12501476947590434451, 121 327313527801552489, 122 } 123 124 t[0].Conjugate(&x.D0.C0.B0) 125 t[1].Conjugate(&x.D0.C0.B1).MulByElement(&t[1], &frobCoeff0) 126 t[2].Conjugate(&x.D0.C1.B0).MulByElement(&t[2], &frobCoeff1) 127 t[3].Conjugate(&x.D0.C1.B1).MulByElement(&t[3], &frobCoeff2) 128 t[4].Conjugate(&x.D0.C2.B0).MulByElement(&t[4], &frobCoeff3) 129 t[5].Conjugate(&x.D0.C2.B1).MulByElement(&t[5], &frobCoeff4) 130 t[6].Conjugate(&x.D1.C0.B0).MulByElement(&t[6], &frobCoeff5) 131 t[7].Conjugate(&x.D1.C0.B1).MulByElement(&t[7], &frobCoeff6) 132 t[8].Conjugate(&x.D1.C1.B0).MulByElement(&t[8], &frobCoeff7) 133 t[9].Conjugate(&x.D1.C1.B1).MulByElement(&t[9], &frobCoeff8) 134 t[10].Conjugate(&x.D1.C2.B0).MulByElement(&t[10], &frobCoeff9) 135 t[11].Conjugate(&x.D1.C2.B1).MulByElement(&t[11], &frobCoeff10) 136 137 z.D0.C0.B0 = t[0] 138 z.D0.C0.B1 = t[1] 139 z.D0.C1.B0 = t[2] 140 z.D0.C1.B1 = t[3] 141 z.D0.C2.B0 = t[4] 142 z.D0.C2.B1 = t[5] 143 z.D1.C0.B0 = t[6] 144 z.D1.C0.B1 = t[7] 145 z.D1.C1.B0 = t[8] 146 z.D1.C1.B1 = t[9] 147 z.D1.C2.B0 = t[10] 148 z.D1.C2.B1 = t[11] 149 150 return z 151 } 152 153 // FrobeniusSquare set z to Frobenius^2(x), return z 154 func (z *E24) FrobeniusSquare(x *E24) *E24 { 155 var t [12]E4 156 frobCoeff3 := fp.Element{ 157 18078622854523849680, 158 1984927455914812303, 159 2087856039593753391, 160 10384413649565796150, 161 62117205619808039, 162 } 163 frobCoeff2 := fp.Element{ 164 2418585497346853195, 165 4985300007263584554, 166 14090834255033678869, 167 8443077587606433532, 168 99465464973580433, 169 } 170 frobCoeff1 := fp.Element{ 171 8984310047302919300, 172 2498109052167961353, 173 1307418789688509602, 174 11960473000634917703, 175 283892625570574947, 176 } 177 frobCoeff0 := fp.Element{ 178 16266452697653617742, 179 3469624274549632133, 180 1532064828142410068, 181 17281049885654821422, 182 214020232334507350, 183 } 184 frobCoeff4 := fp.Element{ 185 5276991711591121542, 186 1764125630309599080, 187 4048361144298871290, 188 17215093588476212969, 189 305552045589664998, 190 } 191 t[0].Conjugate(&x.D0.C0) 192 t[1].Conjugate(&x.D0.C1).MulByElement(&t[1], &frobCoeff0) 193 t[2].Conjugate(&x.D0.C2).MulByElement(&t[2], &frobCoeff1) 194 t[3].Conjugate(&x.D1.C0).MulByElement(&t[3], &frobCoeff2) 195 t[4].Conjugate(&x.D1.C1).MulByElement(&t[4], &frobCoeff3) 196 t[5].Conjugate(&x.D1.C2).MulByElement(&t[5], &frobCoeff4) 197 198 z.D0.C0 = t[0] 199 z.D0.C1 = t[1] 200 z.D0.C2 = t[2] 201 z.D1.C0 = t[3] 202 z.D1.C1 = t[4] 203 z.D1.C2 = t[5] 204 205 return z 206 } 207 208 // FrobeniusQuad set z to Frobenius^4(x), return z 209 func (z *E24) FrobeniusQuad(x *E24) *E24 { 210 var t [12]E4 211 frobCoeff3 := fp.Element{ 212 11164601423358853174, 213 17475228851327880835, 214 18222098035255651149, 215 13126167188689647896, 216 69872393236067596, 217 } 218 frobCoeff1 := fp.Element{ 219 10243989804179610547, 220 1294873907108739196, 221 14519274531596386700, 222 16439451714571580545, 223 128880072608930041, 224 } 225 frobCoeff0 := fp.Element{ 226 8984310047302919300, 227 2498109052167961353, 228 1307418789688509602, 229 11960473000634917703, 230 283892625570574947, 231 } 232 frobCoeff2 := fp.Element{ 233 16266452697653617742, 234 3469624274549632133, 235 1532064828142410068, 236 17281049885654821422, 237 214020232334507350, 238 } 239 frobCoeff4 := fp.Element{ 240 17526132454530308989, 241 2266389129490409976, 242 14743920570050287166, 243 3313284525881932648, 244 59007679372862445, 245 } 246 247 t[0].Set(&x.D0.C0) 248 t[1].MulByElement(&x.D0.C1, &frobCoeff0) 249 t[2].MulByElement(&x.D0.C2, &frobCoeff1) 250 t[3].MulByElement(&x.D1.C0, &frobCoeff2) 251 t[4].MulByElement(&x.D1.C1, &frobCoeff3) 252 t[5].MulByElement(&x.D1.C2, &frobCoeff4) 253 254 z.D0.C0 = t[0] 255 z.D0.C1 = t[1] 256 z.D0.C2 = t[2] 257 z.D1.C0 = t[3] 258 z.D1.C1 = t[4] 259 z.D1.C2 = t[5] 260 261 return z 262 }