github.com/consensys/gnark-crypto@v0.14.0/ecc/bls24-317/internal/fptower/e2_bls317.go

github.com/consensys/gnark-crypto@v0.14.0/ecc/bls24-317/internal/fptower/e2_bls317.go (about)

     1  // Copyright 2020 ConsenSys AG
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package fptower
    16  
    17  import "github.com/consensys/gnark-crypto/ecc/bls24-317/fp"
    18  
    19  // Mul sets z to the E2-product of x,y, returns z
    20  func (z *E2) Mul(x, y *E2) *E2 {
    21  	var a, b, c fp.Element
    22  	a.Add(&x.A0, &x.A1)
    23  	b.Add(&y.A0, &y.A1)
    24  	a.Mul(&a, &b)
    25  	b.Mul(&x.A0, &y.A0)
    26  	c.Mul(&x.A1, &y.A1)
    27  	z.A1.Sub(&a, &b).Sub(&z.A1, &c)
    28  	z.A0.Sub(&b, &c)
    29  	return z
    30  }
    31  
    32  // Square sets z to the E2-product of x,x returns z
    33  func (z *E2) Square(x *E2) *E2 {
    34  	// algo 22 https://eprint.iacr.org/2010/354.pdf
    35  	var a, b fp.Element
    36  	a.Add(&x.A0, &x.A1)
    37  	b.Sub(&x.A0, &x.A1)
    38  	a.Mul(&a, &b)
    39  	b.Mul(&x.A0, &x.A1).Double(&b)
    40  	z.A0.Set(&a)
    41  	z.A1.Set(&b)
    42  	return z
    43  }
    44  
    45  // MulByNonResidue multiplies a E2 by (1,1)
    46  func (z *E2) MulByNonResidue(x *E2) *E2 {
    47  	var a fp.Element
    48  	a.Sub(&x.A0, &x.A1)
    49  	z.A1.Add(&x.A0, &x.A1)
    50  	z.A0.Set(&a)
    51  	return z
    52  }
    53  
    54  // MulByNonResidueInv multiplies a E2 by (1,1)^{-1}
    55  func (z *E2) MulByNonResidueInv(x *E2) *E2 {
    56  
    57  	var twoInv fp.Element
    58  	twoInv.SetString("68196535552147955757549882954137028530972556060709796988605069651952986598616012809013078365526")
    59  	var tmp fp.Element
    60  	tmp.Add(&x.A0, &x.A1)
    61  	z.A1.Sub(&x.A1, &x.A0).Mul(&z.A1, &twoInv)
    62  	z.A0.Set(&tmp).Mul(&z.A0, &twoInv)
    63  
    64  	return z
    65  }
    66  
    67  // Inverse sets z to the E2-inverse of x, returns z
    68  //
    69  // if x == 0, sets and returns z = x
    70  func (z *E2) Inverse(x *E2) *E2 {
    71  	// Algorithm 8 from https://eprint.iacr.org/2010/354.pdf
    72  	var t0, t1 fp.Element
    73  	t0.Square(&x.A0)
    74  	t1.Square(&x.A1)
    75  	t0.Add(&t0, &t1)
    76  	t1.Inverse(&t0)
    77  	z.A0.Mul(&x.A0, &t1)
    78  	z.A1.Mul(&x.A1, &t1).Neg(&z.A1)
    79  
    80  	return z
    81  }
    82  
    83  // norm sets x to the norm of z
    84  func (z *E2) norm(x *fp.Element) {
    85  	var tmp fp.Element
    86  	x.Square(&z.A0)
    87  	tmp.Square(&z.A1)
    88  	x.Add(x, &tmp)
    89  }