github.com/emmansun/gmsm@v0.29.1/sm9/bn256/gfp2_g1_generic.go (about) 1 //go:build purego || plugin || !(amd64 || arm64) 2 3 package bn256 4 5 func gfp2Mul(c, a, b *gfP2) { 6 tmp := &gfP2{} 7 tx := &tmp.x 8 ty := &tmp.y 9 v0, v1 := &gfP{}, &gfP{} 10 11 gfpMul(v0, &a.y, &b.y) 12 gfpMul(v1, &a.x, &b.x) 13 14 gfpAdd(tx, &a.x, &a.y) 15 gfpAdd(ty, &b.x, &b.y) 16 gfpMul(tx, tx, ty) 17 gfpSub(tx, tx, v0) 18 gfpSub(tx, tx, v1) 19 20 gfpSub(ty, v0, v1) 21 gfpSub(ty, ty, v1) 22 23 gfp2Copy(c, tmp) 24 } 25 26 func gfp2MulU(c, a, b *gfP2) { 27 tmp := &gfP2{} 28 tx := &tmp.x 29 ty := &tmp.y 30 v0, v1 := &gfP{}, &gfP{} 31 32 gfpMul(v0, &a.y, &b.y) 33 gfpMul(v1, &a.x, &b.x) 34 35 gfpAdd(tx, &a.x, &a.y) 36 gfpAdd(ty, &b.x, &b.y) 37 38 gfpMul(ty, tx, ty) 39 gfpSub(ty, ty, v0) 40 gfpSub(ty, ty, v1) 41 gfpDouble(ty, ty) 42 gfpNeg(ty, ty) 43 44 gfpSub(tx, v0, v1) 45 gfpSub(tx, tx, v1) 46 47 gfp2Copy(c, tmp) 48 } 49 50 func gfp2MulU1(c, a *gfP2) { 51 t := &gfP{} 52 gfpDouble(t, &a.x) 53 gfpNeg(t, t) 54 55 gfpCopy(&c.x, &a.y) 56 gfpCopy(&c.y, t) 57 } 58 59 func gfp2Square(c, a *gfP2) { 60 tmp := &gfP2{} 61 tx := &tmp.x 62 ty := &tmp.y 63 64 gfpAdd(ty, &a.x, &a.y) 65 gfpDouble(tx, &a.x) 66 gfpSub(tx, &a.y, tx) 67 gfpMul(ty, tx, ty) 68 gfpMul(tx, &a.x, &a.y) 69 gfpAdd(ty, tx, ty) 70 gfpDouble(tx, tx) 71 72 gfp2Copy(c, tmp) 73 } 74 75 func gfp2SquareU(c, a *gfP2) { 76 tmp := &gfP2{} 77 tx := &tmp.x 78 ty := &tmp.y 79 80 gfpAdd(tx, &a.x, &a.y) 81 gfpDouble(ty, &a.x) 82 gfpSub(ty, &a.y, ty) 83 gfpMul(tx, tx, ty) 84 gfpMul(ty, &a.x, &a.y) 85 gfpAdd(tx, tx, ty) 86 gfpDouble(ty, ty) 87 gfpDouble(ty, ty) 88 gfpNeg(ty, ty) 89 90 gfp2Copy(c, tmp) 91 } 92 93 func curvePointDoubleComplete(c, p *curvePoint) { 94 // Complete addition formula for a = 0 from "Complete addition formulas for 95 // prime order elliptic curves" (https://eprint.iacr.org/2015/1060), §3.2. 96 // Algorithm 9: Exception-free point doubling for prime order j-invariant 0 short Weierstrass curves. 97 t0, t1, t2 := new(gfP), new(gfP), new(gfP) 98 x3, y3, z3 := new(gfP), new(gfP), new(gfP) 99 100 gfpSqr(t0, &p.y, 1) // t0 := Y^2 101 gfpDouble(z3, t0) // Z3 := t0 + t0 102 gfpDouble(z3, z3) // Z3 := Z3 + Z3 103 gfpDouble(z3, z3) // Z3 := Z3 + Z3 104 gfpMul(t1, &p.y, &p.z) // t1 := YZ 105 gfpSqr(t2, &p.z, 1) // t2 := Z^2 106 gfpMul(t2, threeCurveB, t2) // t2 := 3b * t2 = 3bZ^2 107 gfpMul(x3, t2, z3) // X3 := t2 * Z3 108 gfpAdd(y3, t0, t2) // Y3 := t0 + t2 109 gfpMul(z3, t1, z3) // Z3 := t1 * Z3 110 gfpTriple(t2, t2) // t2 := t2 + t2 + t2 111 gfpSub(t0, t0, t2) // t0 := t0 - t2 112 gfpMul(y3, t0, y3) // Y3 := t0 * Y3 113 gfpAdd(y3, x3, y3) // Y3 := X3 + Y3 114 gfpMul(t1, &p.x, &p.y) // t1 := XY 115 gfpMul(x3, t0, t1) // X3 := t0 * t1 116 gfpDouble(x3, x3) // X3 := X3 + X3 117 118 c.x.Set(x3) 119 c.y.Set(y3) 120 c.z.Set(z3) 121 } 122 123 func curvePointAddComplete(c, p1, p2 *curvePoint) { 124 // Complete addition formula for a = 0 from "Complete addition formulas for 125 // prime order elliptic curves" (https://eprint.iacr.org/2015/1060), §3.2. 126 // Algorithm 7: Complete, projective point addition for prime order j-invariant 0 short Weierstrass curves. 127 128 t0, t1, t2, t3, t4 := new(gfP), new(gfP), new(gfP), new(gfP), new(gfP) 129 x3, y3, z3 := new(gfP), new(gfP), new(gfP) 130 gfpMul(t0, &p1.x, &p2.x) // t0 := X1X2 131 gfpMul(t1, &p1.y, &p2.y) // t1 := Y1Y2 132 gfpMul(t2, &p1.z, &p2.z) // t2 := Z1Z2 133 gfpAdd(t3, &p1.x, &p1.y) // t3 := X1 + Y1 134 gfpAdd(t4, &p2.x, &p2.y) // t4 := X2 + Y2 135 gfpMul(t3, t3, t4) // t3 := t3 * t4 = (X1 + Y1) * (X2 + Y2) 136 gfpAdd(t4, t0, t1) // t4 := t0 + t1 137 gfpSub(t3, t3, t4) // t3 := t3 - t4 = X1Y2 + X2Y1 138 gfpAdd(t4, &p1.y, &p1.z) // t4 := Y1 + Z1 139 gfpAdd(x3, &p2.y, &p2.z) // X3 := Y2 + Z2 140 gfpMul(t4, t4, x3) // t4 := t4 * X3 = (Y1 + Z1)(Y2 + Z2) 141 gfpAdd(x3, t1, t2) // X3 := t1 + t2 142 gfpSub(t4, t4, x3) // t4 := t4 - X3 = Y1Z2 + Y2Z1 143 gfpAdd(x3, &p1.x, &p1.z) // X3 := X1 + Z1 144 gfpAdd(y3, &p2.x, &p2.z) // Y3 := X2 + Z2 145 gfpMul(x3, x3, y3) // X3 := X3 * Y3 146 gfpAdd(y3, t0, t2) // Y3 := t0 + t2 147 gfpSub(y3, x3, y3) // Y3 := X3 - Y3 = X1Z2 + X2Z1 148 gfpTriple(t0, t0) // t0 := t0 + t0 + t0 = 3X1X2 149 gfpMul(t2, threeCurveB, t2) // t2 := 3b * t2 = 3bZ1Z2 150 gfpAdd(z3, t1, t2) // Z3 := t1 + t2 = Y1Y2 + 3bZ1Z2 151 gfpSub(t1, t1, t2) // t1 := t1 - t2 = Y1Y2 - 3bZ1Z2 152 gfpMul(y3, threeCurveB, y3) // Y3 = 3b * Y3 = 3b(X1Z2 + X2Z1) 153 gfpMul(x3, t4, y3) // X3 := t4 * Y3 = 3b(X1Z2 + X2Z1)(Y1Z2 + Y2Z1) 154 gfpMul(t2, t3, t1) // t2 := t3 * t1 = (X1Y2 + X2Y1)(Y1Y2 - 3bZ1Z2) 155 gfpSub(x3, t2, x3) // X3 := t2 - X3 = (X1Y2 + X2Y1)(Y1Y2 - 3bZ1Z2) - 3b(Y1Z2 + Y2Z1)(X1Z2 + X2Z1) 156 gfpMul(y3, y3, t0) // Y3 := Y3 * t0 = 9bX1X2(X1Z2 + X2Z1) 157 gfpMul(t1, t1, z3) // t1 := t1 * Z3 = (Y1Y2 + 3bZ1Z2)(Y1Y2 - 3bZ1Z2) 158 gfpAdd(y3, t1, y3) // Y3 := t1 + Y3 = (Y1Y2 + 3bZ1Z2)(Y1Y2 - 3bZ1Z2) + 9bX1X2(X1Z2 + X2Z1) 159 gfpMul(t0, t0, t3) // t0 := t0 * t3 = 3X1X2(X1Y2 + X2Y1) 160 gfpMul(z3, z3, t4) // Z3 := Z3 * t4 = (Y1Z2 + Y2Z1)(Y1Y2 + 3bZ1Z2) 161 gfpAdd(z3, z3, t0) // Z3 := Z3 + t0 = (Y1Z2 + Y2Z1)(Y1Y2 + 3bZ1Z2) + 3X1X2(X1Y2 + X2Y1) 162 163 c.x.Set(x3) 164 c.y.Set(y3) 165 c.z.Set(z3) 166 }