github.com/consensys/gnark-crypto@v0.14.0/field/goldilocks/element_exp.go (about) 1 // Copyright 2020 ConsenSys Software Inc. 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 // Code generated by consensys/gnark-crypto DO NOT EDIT 16 17 package goldilocks 18 19 // expBySqrtExp is equivalent to z.Exp(x, 7fffffff) 20 // 21 // uses github.com/mmcloughlin/addchain v0.4.0 to generate a shorter addition chain 22 func (z *Element) expBySqrtExp(x Element) *Element { 23 // addition chain: 24 // 25 // _10 = 2*1 26 // _11 = 1 + _10 27 // _110 = 2*_11 28 // _111 = 1 + _110 29 // _111000 = _111 << 3 30 // _111111 = _111 + _111000 31 // _1111110 = 2*_111111 32 // _1111111 = 1 + _1111110 33 // x12 = _1111110 << 5 + _111111 34 // x24 = x12 << 12 + x12 35 // return x24 << 7 + _1111111 36 // 37 // Operations: 30 squares 7 multiplies 38 39 // Allocate Temporaries. 40 var ( 41 t0 = new(Element) 42 t1 = new(Element) 43 ) 44 45 // var t0,t1 Element 46 // Step 1: z = x^0x2 47 z.Square(&x) 48 49 // Step 2: z = x^0x3 50 z.Mul(&x, z) 51 52 // Step 3: z = x^0x6 53 z.Square(z) 54 55 // Step 4: z = x^0x7 56 z.Mul(&x, z) 57 58 // Step 7: t0 = x^0x38 59 t0.Square(z) 60 for s := 1; s < 3; s++ { 61 t0.Square(t0) 62 } 63 64 // Step 8: t0 = x^0x3f 65 t0.Mul(z, t0) 66 67 // Step 9: t1 = x^0x7e 68 t1.Square(t0) 69 70 // Step 10: z = x^0x7f 71 z.Mul(&x, t1) 72 73 // Step 15: t1 = x^0xfc0 74 for s := 0; s < 5; s++ { 75 t1.Square(t1) 76 } 77 78 // Step 16: t0 = x^0xfff 79 t0.Mul(t0, t1) 80 81 // Step 28: t1 = x^0xfff000 82 t1.Square(t0) 83 for s := 1; s < 12; s++ { 84 t1.Square(t1) 85 } 86 87 // Step 29: t0 = x^0xffffff 88 t0.Mul(t0, t1) 89 90 // Step 36: t0 = x^0x7fffff80 91 for s := 0; s < 7; s++ { 92 t0.Square(t0) 93 } 94 95 // Step 37: z = x^0x7fffffff 96 z.Mul(z, t0) 97 98 return z 99 } 100 101 // expByLegendreExp is equivalent to z.Exp(x, 7fffffff80000000) 102 // 103 // uses github.com/mmcloughlin/addchain v0.4.0 to generate a shorter addition chain 104 func (z *Element) expByLegendreExp(x Element) *Element { 105 // addition chain: 106 // 107 // _10 = 2*1 108 // _11 = 1 + _10 109 // _1100 = _11 << 2 110 // _1111 = _11 + _1100 111 // _11110000 = _1111 << 4 112 // _11111111 = _1111 + _11110000 113 // x16 = _11111111 << 8 + _11111111 114 // x32 = x16 << 16 + x16 115 // return x32 << 31 116 // 117 // Operations: 62 squares 5 multiplies 118 119 // Allocate Temporaries. 120 var ( 121 t0 = new(Element) 122 ) 123 124 // var t0 Element 125 // Step 1: z = x^0x2 126 z.Square(&x) 127 128 // Step 2: z = x^0x3 129 z.Mul(&x, z) 130 131 // Step 4: t0 = x^0xc 132 t0.Square(z) 133 for s := 1; s < 2; s++ { 134 t0.Square(t0) 135 } 136 137 // Step 5: z = x^0xf 138 z.Mul(z, t0) 139 140 // Step 9: t0 = x^0xf0 141 t0.Square(z) 142 for s := 1; s < 4; s++ { 143 t0.Square(t0) 144 } 145 146 // Step 10: z = x^0xff 147 z.Mul(z, t0) 148 149 // Step 18: t0 = x^0xff00 150 t0.Square(z) 151 for s := 1; s < 8; s++ { 152 t0.Square(t0) 153 } 154 155 // Step 19: z = x^0xffff 156 z.Mul(z, t0) 157 158 // Step 35: t0 = x^0xffff0000 159 t0.Square(z) 160 for s := 1; s < 16; s++ { 161 t0.Square(t0) 162 } 163 164 // Step 36: z = x^0xffffffff 165 z.Mul(z, t0) 166 167 // Step 67: z = x^0x7fffffff80000000 168 for s := 0; s < 31; s++ { 169 z.Square(z) 170 } 171 172 return z 173 }