github.com/consensys/gnark-crypto@v0.14.0/ecc/bn254/internal/fptower/e2_bn254.go

github.com/consensys/gnark-crypto@v0.14.0/ecc/bn254/internal/fptower/e2_bn254.go (about)

     1  // Copyright 2020 ConsenSys AG
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package fptower
    16  
    17  import (
    18  	"github.com/consensys/gnark-crypto/ecc/bn254/fp"
    19  )
    20  
    21  // declaring nonResInverse as global makes MulByNonResInv inlinable
    22  var nonResInverse E2 = E2{
    23  	A0: fp.Element{
    24  		10477841894441615122,
    25  		7327163185667482322,
    26  		3635199979766503006,
    27  		3215324977242306624,
    28  	},
    29  	A1: fp.Element{
    30  		7515750141297360845,
    31  		14746352163864140223,
    32  		11319968037783994424,
    33  		30185921062296004,
    34  	},
    35  }
    36  
    37  // mulGenericE2 sets z to the E2-product of x,y, returns z
    38  // note: do not rename, this is referenced in the x86 assembly impl
    39  func mulGenericE2(z, x, y *E2) {
    40  	var a, b, c fp.Element
    41  	a.Add(&x.A0, &x.A1)
    42  	b.Add(&y.A0, &y.A1)
    43  	a.Mul(&a, &b)
    44  	b.Mul(&x.A0, &y.A0)
    45  	c.Mul(&x.A1, &y.A1)
    46  	z.A1.Sub(&a, &b).Sub(&z.A1, &c)
    47  	z.A0.Sub(&b, &c) // z.A0.MulByNonResidue(&c).Add(&z.A0, &b)
    48  }
    49  
    50  // squareGenericE2 sets z to the E2-product of x,x returns z
    51  // note: do not rename, this is referenced in the x86 assembly impl
    52  func squareGenericE2(z, x *E2) {
    53  	// adapted from algo 22 https://eprint.iacr.org/2010/354.pdf
    54  	var a, b fp.Element
    55  	a.Add(&x.A0, &x.A1)
    56  	b.Sub(&x.A0, &x.A1)
    57  	a.Mul(&a, &b)
    58  	b.Mul(&x.A0, &x.A1).Double(&b)
    59  	z.A0.Set(&a)
    60  	z.A1.Set(&b)
    61  }
    62  
    63  // MulByNonResidueInv multiplies a E2 by (9,1)^{-1}
    64  func (z *E2) MulByNonResidueInv(x *E2) *E2 {
    65  	z.Mul(x, &nonResInverse)
    66  	return z
    67  }
    68  
    69  // Inverse sets z to the E2-inverse of x, returns z
    70  //
    71  // if x == 0, sets and returns z = x
    72  func (z *E2) Inverse(x *E2) *E2 {
    73  	// Algorithm 8 from https://eprint.iacr.org/2010/354.pdf
    74  	var t0, t1 fp.Element
    75  	t0.Square(&x.A0)
    76  	t1.Square(&x.A1)
    77  	t0.Add(&t0, &t1)
    78  	t1.Inverse(&t0)
    79  	z.A0.Mul(&x.A0, &t1)
    80  	z.A1.Mul(&x.A1, &t1).Neg(&z.A1)
    81  
    82  	return z
    83  }
    84  
    85  // norm sets x to the norm of z
    86  func (z *E2) norm(x *fp.Element) {
    87  	var tmp fp.Element
    88  	x.Square(&z.A0)
    89  	tmp.Square(&z.A1)
    90  	x.Add(x, &tmp)
    91  }
    92  
    93  // MulBybTwistCurveCoeff multiplies by 3/(9,1)
    94  func (z *E2) MulBybTwistCurveCoeff(x *E2) *E2 {
    95  
    96  	var res E2
    97  	res.MulByNonResidueInv(x)
    98  	z.Double(&res).
    99  		Add(&res, z)
   100  
   101  	return z
   102  }