github.com/consensys/gnark-crypto@v0.14.0/ecc/bls24-317/internal/fptower/frobenius.go

github.com/consensys/gnark-crypto@v0.14.0/ecc/bls24-317/internal/fptower/frobenius.go (about)

     1  // Copyright 2020 ConsenSys AG
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     http://wwwApache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package fptower
    16  
    17  import (
    18  	"github.com/consensys/gnark-crypto/ecc/bls24-317/fp"
    19  )
    20  
    21  // Frobenius sets z in E4 to x^q, returns z
    22  func (z *E4) Frobenius(x *E4) *E4 {
    23  
    24  	var t [2]E2
    25  
    26  	// (u+1)^((p-1)/2)
    27  	frobCoeffA := fp.Element{
    28  		9105899941191937594,
    29  		12184646476002172414,
    30  		7321502160543123086,
    31  		6035789969373957152,
    32  		33356129992723801,
    33  	}
    34  	t[0].Conjugate(&x.B0)
    35  	t[1].Conjugate(&x.B1).MulByNonResidue(&t[1]).MulByElement(&t[1], &frobCoeffA)
    36  
    37  	z.B0 = t[0]
    38  	z.B1 = t[1]
    39  
    40  	return z
    41  }
    42  
    43  // Frobenius set z to Frobenius(x), return z
    44  func (z *E24) Frobenius(x *E24) *E24 {
    45  	var t [12]E2
    46  	var frobCoeff1, frobCoeff3, frobCoeff4 E2
    47  	var frobCoeff5 E4
    48  	frobCoeff0 := fp.Element{
    49  		9105899941191937594,
    50  		12184646476002172414,
    51  		7321502160543123086,
    52  		6035789969373957152,
    53  		33356129992723801,
    54  	}
    55  	frobCoeff1.A0 = fp.Element{
    56  		2497921667672846212,
    57  		17809570827777133368,
    58  		182875672615776868,
    59  		8141251192822526532,
    60  		541317525405759051,
    61  	}
    62  	frobCoeff1.A1 = fp.Element{
    63  		7685049513262119719,
    64  		16125960441679836230,
    65  		1445846185330098657,
    66  		9337154780097699317,
    67  		636596026397922017,
    68  	}
    69  	frobCoeff2 := fp.Element{
    70  		12480069551231893946,
    71  		13145883874818081857,
    72  		17830246446819370377,
    73  		1479988843601531044,
    74  		728901529575278942,
    75  	}
    76  	frobCoeff3.A1 = fp.Element{
    77  		9386911782805384298,
    78  		2712061974843046954,
    79  		6996308026534275575,
    80  		4433323304681870390,
    81  		1128774284724624429,
    82  	}
    83  	frobCoeff4.A0 = fp.Element{
    84  		11603821608864783806,
    85  		11547473230069754166,
    86  		7504377833158899955,
    87  		14177041162196483684,
    88  		574673655398482852,
    89  	}
    90  	frobCoeff4.A1 = fp.Element{
    91  		17025893645779733741,
    92  		3941313965677663815,
    93  		12571088098496527187,
    94  		3301364810723742164,
    95  		603239896405198216,
    96  	}
    97  	frobCoeff5.B1.A0 = fp.Element{
    98  		16800646172467814206,
    99  		346280723711515920,
   100  		16347809494184080414,
   101  		7631911081188324677,
   102  		9467827575491553,
   103  	}
   104  	frobCoeff5.B1.A1 = fp.Element{
   105  		11829069082176703341,
   106  		15142506472035902061,
   107  		3727656437471346728,
   108  		9846494891731901171,
   109  		1168445724228189515,
   110  	}
   111  
   112  	t[0].Conjugate(&x.D0.C0.B0)
   113  	t[1].Conjugate(&x.D0.C0.B1).MulByNonResidue(&t[1]).MulByElement(&t[1], &frobCoeff0)
   114  	t[2].Conjugate(&x.D0.C1.B0).Mul(&t[2], &frobCoeff1)
   115  	t[3].Conjugate(&x.D0.C1.B1).MulByElement(&t[3], &frobCoeff2)
   116  	t[4].Conjugate(&x.D0.C2.B0).Mul(&t[4], &frobCoeff3)
   117  	t[5].Conjugate(&x.D0.C2.B1).Mul(&t[5], &frobCoeff4)
   118  	t[6].Conjugate(&x.D1.C0.B0)
   119  	t[7].Conjugate(&x.D1.C0.B1).MulByNonResidue(&t[7]).MulByElement(&t[7], &frobCoeff0)
   120  	t[8].Conjugate(&x.D1.C1.B0).Mul(&t[8], &frobCoeff1)
   121  	t[9].Conjugate(&x.D1.C1.B1).MulByElement(&t[9], &frobCoeff2)
   122  	t[10].Conjugate(&x.D1.C2.B0).Mul(&t[10], &frobCoeff3)
   123  	t[11].Conjugate(&x.D1.C2.B1).Mul(&t[11], &frobCoeff4)
   124  
   125  	z.D0.C0.B0 = t[0]
   126  	z.D0.C0.B1 = t[1]
   127  	z.D0.C1.B0 = t[2]
   128  	z.D0.C1.B1 = t[3]
   129  	z.D0.C2.B0 = t[4]
   130  	z.D0.C2.B1 = t[5]
   131  	z.D1.C0.B0 = t[6]
   132  	z.D1.C0.B1 = t[7]
   133  	z.D1.C1.B0 = t[8]
   134  	z.D1.C1.B1 = t[9]
   135  	z.D1.C2.B0 = t[10]
   136  	z.D1.C2.B1 = t[11]
   137  
   138  	z.D1.C0.Mul(&z.D1.C0, &frobCoeff5)
   139  	z.D1.C1.Mul(&z.D1.C1, &frobCoeff5)
   140  	z.D1.C2.Mul(&z.D1.C2, &frobCoeff5)
   141  
   142  	return z
   143  }
   144  
   145  // FrobeniusSquare set z to Frobenius^2(x), return z
   146  func (z *E24) FrobeniusSquare(x *E24) *E24 {
   147  	var t [12]E4
   148  	var frobCoeff3 E4
   149  	frobCoeff0 := fp.Element{
   150  		796059398129581633,
   151  		12776725220904371028,
   152  		13079157905121151567,
   153  		13045082668238355458,
   154  		49139267079056639,
   155  	}
   156  	frobCoeff1 := fp.Element{
   157  		16149645703412623601,
   158  		2342903320929336124,
   159  		2245219484836056765,
   160  		15998417129318694804,
   161  		449012022228402126,
   162  	}
   163  	frobCoeff3.B0.A1 = fp.Element{
   164  		12480069551231893946,
   165  		13145883874818081857,
   166  		17830246446819370377,
   167  		1479988843601531044,
   168  		728901529575278942,
   169  	}
   170  	t[0].Conjugate(&x.D0.C0)
   171  	t[1].Conjugate(&x.D0.C1).MulByElement(&t[1], &frobCoeff0)
   172  	t[2].Conjugate(&x.D0.C2).MulByElement(&t[2], &frobCoeff1)
   173  	t[3].Conjugate(&x.D1.C0).Mul(&t[3], &frobCoeff3)
   174  	t[4].Conjugate(&x.D1.C1).MulByElement(&t[4], &frobCoeff0).Mul(&t[4], &frobCoeff3)
   175  	t[5].Conjugate(&x.D1.C2).MulByElement(&t[5], &frobCoeff1).Mul(&t[5], &frobCoeff3)
   176  
   177  	z.D0.C0 = t[0]
   178  	z.D0.C1 = t[1]
   179  	z.D0.C2 = t[2]
   180  	z.D1.C0 = t[3]
   181  	z.D1.C1 = t[4]
   182  	z.D1.C2 = t[5]
   183  
   184  	return z
   185  }
   186  
   187  // FrobeniusQuad set z to Frobenius^4(x), return z
   188  func (z *E24) FrobeniusQuad(x *E24) *E24 {
   189  	var t [12]E4
   190  	frobCoeff0 := fp.Element{
   191  		16149645703412623601,
   192  		2342903320929336124,
   193  		2245219484836056765,
   194  		15998417129318694804,
   195  		449012022228402126,
   196  	}
   197  	frobCoeff1 := fp.Element{
   198  		9386911782805384298,
   199  		2712061974843046954,
   200  		6996308026534275575,
   201  		4433323304681870390,
   202  		1128774284724624429,
   203  	}
   204  	frobCoeff2 := fp.Element{
   205  		796059398129581633,
   206  		12776725220904371028,
   207  		13079157905121151567,
   208  		13045082668238355458,
   209  		49139267079056639,
   210  	}
   211  
   212  	t[0].Set(&x.D0.C0)
   213  	t[1].MulByElement(&x.D0.C1, &frobCoeff0)
   214  	t[2].MulByElement(&x.D0.C2, &frobCoeff1)
   215  	t[3].MulByElement(&x.D1.C0, &frobCoeff2)
   216  	t[4].MulByElement(&x.D1.C1, &frobCoeff0).MulByElement(&t[4], &frobCoeff2)
   217  	t[5].MulByElement(&x.D1.C2, &frobCoeff1).MulByElement(&t[5], &frobCoeff2)
   218  
   219  	z.D0.C0 = t[0]
   220  	z.D0.C1 = t[1]
   221  	z.D0.C2 = t[2]
   222  	z.D1.C0 = t[3]
   223  	z.D1.C1 = t[4]
   224  	z.D1.C2 = t[5]
   225  
   226  	return z
   227  }