github.com/consensys/gnark-crypto@v0.14.0/ecc/secp256k1/fp/element_exp.go (about) 1 // Copyright 2020 ConsenSys Software Inc. 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 // Code generated by consensys/gnark-crypto DO NOT EDIT 16 17 package fp 18 19 // expBySqrtExp is equivalent to z.Exp(x, 3fffffffffffffffffffffffffffffffffffffffffffffffffffffffbfffff0c) 20 // 21 // uses github.com/mmcloughlin/addchain v0.4.0 to generate a shorter addition chain 22 func (z *Element) expBySqrtExp(x Element) *Element { 23 // addition chain: 24 // 25 // _10 = 2*1 26 // _11 = 1 + _10 27 // _1100 = _11 << 2 28 // _1111 = _11 + _1100 29 // _11110 = 2*_1111 30 // _11111 = 1 + _11110 31 // _1111100 = _11111 << 2 32 // _1111111 = _11 + _1111100 33 // x11 = _1111111 << 4 + _1111 34 // x22 = x11 << 11 + x11 35 // x27 = x22 << 5 + _11111 36 // x54 = x27 << 27 + x27 37 // x108 = x54 << 54 + x54 38 // x216 = x108 << 108 + x108 39 // x223 = x216 << 7 + _1111111 40 // return ((x223 << 23 + x22) << 6 + _11) << 2 41 // 42 // Operations: 253 squares 13 multiplies 43 44 // Allocate Temporaries. 45 var ( 46 t0 = new(Element) 47 t1 = new(Element) 48 t2 = new(Element) 49 t3 = new(Element) 50 ) 51 52 // var t0,t1,t2,t3 Element 53 // Step 1: z = x^0x2 54 z.Square(&x) 55 56 // Step 2: z = x^0x3 57 z.Mul(&x, z) 58 59 // Step 4: t0 = x^0xc 60 t0.Square(z) 61 for s := 1; s < 2; s++ { 62 t0.Square(t0) 63 } 64 65 // Step 5: t0 = x^0xf 66 t0.Mul(z, t0) 67 68 // Step 6: t1 = x^0x1e 69 t1.Square(t0) 70 71 // Step 7: t2 = x^0x1f 72 t2.Mul(&x, t1) 73 74 // Step 9: t1 = x^0x7c 75 t1.Square(t2) 76 for s := 1; s < 2; s++ { 77 t1.Square(t1) 78 } 79 80 // Step 10: t1 = x^0x7f 81 t1.Mul(z, t1) 82 83 // Step 14: t3 = x^0x7f0 84 t3.Square(t1) 85 for s := 1; s < 4; s++ { 86 t3.Square(t3) 87 } 88 89 // Step 15: t0 = x^0x7ff 90 t0.Mul(t0, t3) 91 92 // Step 26: t3 = x^0x3ff800 93 t3.Square(t0) 94 for s := 1; s < 11; s++ { 95 t3.Square(t3) 96 } 97 98 // Step 27: t0 = x^0x3fffff 99 t0.Mul(t0, t3) 100 101 // Step 32: t3 = x^0x7ffffe0 102 t3.Square(t0) 103 for s := 1; s < 5; s++ { 104 t3.Square(t3) 105 } 106 107 // Step 33: t2 = x^0x7ffffff 108 t2.Mul(t2, t3) 109 110 // Step 60: t3 = x^0x3ffffff8000000 111 t3.Square(t2) 112 for s := 1; s < 27; s++ { 113 t3.Square(t3) 114 } 115 116 // Step 61: t2 = x^0x3fffffffffffff 117 t2.Mul(t2, t3) 118 119 // Step 115: t3 = x^0xfffffffffffffc0000000000000 120 t3.Square(t2) 121 for s := 1; s < 54; s++ { 122 t3.Square(t3) 123 } 124 125 // Step 116: t2 = x^0xfffffffffffffffffffffffffff 126 t2.Mul(t2, t3) 127 128 // Step 224: t3 = x^0xfffffffffffffffffffffffffff000000000000000000000000000 129 t3.Square(t2) 130 for s := 1; s < 108; s++ { 131 t3.Square(t3) 132 } 133 134 // Step 225: t2 = x^0xffffffffffffffffffffffffffffffffffffffffffffffffffffff 135 t2.Mul(t2, t3) 136 137 // Step 232: t2 = x^0x7fffffffffffffffffffffffffffffffffffffffffffffffffffff80 138 for s := 0; s < 7; s++ { 139 t2.Square(t2) 140 } 141 142 // Step 233: t1 = x^0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffff 143 t1.Mul(t1, t2) 144 145 // Step 256: t1 = x^0x3fffffffffffffffffffffffffffffffffffffffffffffffffffffff800000 146 for s := 0; s < 23; s++ { 147 t1.Square(t1) 148 } 149 150 // Step 257: t0 = x^0x3fffffffffffffffffffffffffffffffffffffffffffffffffffffffbfffff 151 t0.Mul(t0, t1) 152 153 // Step 263: t0 = x^0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc0 154 for s := 0; s < 6; s++ { 155 t0.Square(t0) 156 } 157 158 // Step 264: z = x^0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc3 159 z.Mul(z, t0) 160 161 // Step 266: z = x^0x3fffffffffffffffffffffffffffffffffffffffffffffffffffffffbfffff0c 162 for s := 0; s < 2; s++ { 163 z.Square(z) 164 } 165 166 return z 167 } 168 169 // expByLegendreExp is equivalent to z.Exp(x, 7fffffffffffffffffffffffffffffffffffffffffffffffffffffff7ffffe17) 170 // 171 // uses github.com/mmcloughlin/addchain v0.4.0 to generate a shorter addition chain 172 func (z *Element) expByLegendreExp(x Element) *Element { 173 // addition chain: 174 // 175 // _10 = 2*1 176 // _100 = 2*_10 177 // _110 = _10 + _100 178 // _111 = 1 + _110 179 // _1110 = 2*_111 180 // _10101 = _111 + _1110 181 // _10111 = _10 + _10101 182 // _101110 = 2*_10111 183 // _10111000 = _101110 << 2 184 // _11100110 = _101110 + _10111000 185 // _11111101 = _10111 + _11100110 186 // x11 = _11111101 << 3 + _10111 187 // x22 = x11 << 11 + x11 188 // i29 = 2*x22 189 // i31 = i29 << 2 190 // i54 = i31 << 22 + i31 191 // i122 = (i54 << 20 + i29) << 46 + i54 192 // x223 = i122 << 110 + i122 + _111 193 // return (x223 << 23 + x22) << 9 + _10111 194 // 195 // Operations: 253 squares 15 multiplies 196 197 // Allocate Temporaries. 198 var ( 199 t0 = new(Element) 200 t1 = new(Element) 201 t2 = new(Element) 202 t3 = new(Element) 203 t4 = new(Element) 204 ) 205 206 // var t0,t1,t2,t3,t4 Element 207 // Step 1: z = x^0x2 208 z.Square(&x) 209 210 // Step 2: t0 = x^0x4 211 t0.Square(z) 212 213 // Step 3: t0 = x^0x6 214 t0.Mul(z, t0) 215 216 // Step 4: t1 = x^0x7 217 t1.Mul(&x, t0) 218 219 // Step 5: t0 = x^0xe 220 t0.Square(t1) 221 222 // Step 6: t0 = x^0x15 223 t0.Mul(t1, t0) 224 225 // Step 7: z = x^0x17 226 z.Mul(z, t0) 227 228 // Step 8: t0 = x^0x2e 229 t0.Square(z) 230 231 // Step 10: t2 = x^0xb8 232 t2.Square(t0) 233 for s := 1; s < 2; s++ { 234 t2.Square(t2) 235 } 236 237 // Step 11: t0 = x^0xe6 238 t0.Mul(t0, t2) 239 240 // Step 12: t0 = x^0xfd 241 t0.Mul(z, t0) 242 243 // Step 15: t0 = x^0x7e8 244 for s := 0; s < 3; s++ { 245 t0.Square(t0) 246 } 247 248 // Step 16: t0 = x^0x7ff 249 t0.Mul(z, t0) 250 251 // Step 27: t2 = x^0x3ff800 252 t2.Square(t0) 253 for s := 1; s < 11; s++ { 254 t2.Square(t2) 255 } 256 257 // Step 28: t0 = x^0x3fffff 258 t0.Mul(t0, t2) 259 260 // Step 29: t3 = x^0x7ffffe 261 t3.Square(t0) 262 263 // Step 31: t2 = x^0x1fffff8 264 t2.Square(t3) 265 for s := 1; s < 2; s++ { 266 t2.Square(t2) 267 } 268 269 // Step 53: t4 = x^0x7ffffe000000 270 t4.Square(t2) 271 for s := 1; s < 22; s++ { 272 t4.Square(t4) 273 } 274 275 // Step 54: t2 = x^0x7ffffffffff8 276 t2.Mul(t2, t4) 277 278 // Step 74: t4 = x^0x7ffffffffff800000 279 t4.Square(t2) 280 for s := 1; s < 20; s++ { 281 t4.Square(t4) 282 } 283 284 // Step 75: t3 = x^0x7fffffffffffffffe 285 t3.Mul(t3, t4) 286 287 // Step 121: t3 = x^0x1ffffffffffffffff800000000000 288 for s := 0; s < 46; s++ { 289 t3.Square(t3) 290 } 291 292 // Step 122: t2 = x^0x1fffffffffffffffffffffffffff8 293 t2.Mul(t2, t3) 294 295 // Step 232: t3 = x^0x7ffffffffffffffffffffffffffe0000000000000000000000000000 296 t3.Square(t2) 297 for s := 1; s < 110; s++ { 298 t3.Square(t3) 299 } 300 301 // Step 233: t2 = x^0x7ffffffffffffffffffffffffffffffffffffffffffffffffffffff8 302 t2.Mul(t2, t3) 303 304 // Step 234: t1 = x^0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffff 305 t1.Mul(t1, t2) 306 307 // Step 257: t1 = x^0x3fffffffffffffffffffffffffffffffffffffffffffffffffffffff800000 308 for s := 0; s < 23; s++ { 309 t1.Square(t1) 310 } 311 312 // Step 258: t0 = x^0x3fffffffffffffffffffffffffffffffffffffffffffffffffffffffbfffff 313 t0.Mul(t0, t1) 314 315 // Step 267: t0 = x^0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffff7ffffe00 316 for s := 0; s < 9; s++ { 317 t0.Square(t0) 318 } 319 320 // Step 268: z = x^0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffff7ffffe17 321 z.Mul(z, t0) 322 323 return z 324 }