github.com/yinchengtsinghua/golang-Eos-dpos-Ethereum@v0.0.0-20190121132951-92cc4225ed8e/crypto/bn256/cloudflare/twist.go (about)

     1  
     2  //此源码被清华学神尹成大魔王专业翻译分析并修改
     3  //尹成QQ77025077
     4  //尹成微信18510341407
     5  //尹成所在QQ群721929980
     6  //尹成邮箱 yinc13@mails.tsinghua.edu.cn
     7  //尹成毕业于清华大学,微软区块链领域全球最有价值专家
     8  //https://mvp.microsoft.com/zh-cn/PublicProfile/4033620
     9  package bn256
    10  
    11  import (
    12  	"math/big"
    13  )
    14  
    15  //Twistpoint在gf(p²)上实现椭圆曲线y²=x³+3/ξ。点是
    16  //以雅可比形式保存,有效时t=z²。G组是一组
    17  //n——该曲线在gf(p²)上的扭转点(其中n=阶数)
    18  type twistPoint struct {
    19  	x, y, z, t gfP2
    20  }
    21  
    22  var twistB = &gfP2{
    23  	gfP{0x38e7ecccd1dcff67, 0x65f0b37d93ce0d3e, 0xd749d0dd22ac00aa, 0x0141b9ce4a688d4d},
    24  	gfP{0x3bf938e377b802a8, 0x020b1b273633535d, 0x26b7edf049755260, 0x2514c6324384a86d},
    25  }
    26  
    27  //TwistGen是G组的发生器。
    28  var twistGen = &twistPoint{
    29  	gfP2{
    30  		gfP{0xafb4737da84c6140, 0x6043dd5a5802d8c4, 0x09e950fc52a02f86, 0x14fef0833aea7b6b},
    31  		gfP{0x8e83b5d102bc2026, 0xdceb1935497b0172, 0xfbb8264797811adf, 0x19573841af96503b},
    32  	},
    33  	gfP2{
    34  		gfP{0x64095b56c71856ee, 0xdc57f922327d3cbb, 0x55f935be33351076, 0x0da4a0e693fd6482},
    35  		gfP{0x619dfa9d886be9f6, 0xfe7fd297f59e9b78, 0xff9e1a62231b7dfe, 0x28fd7eebae9e4206},
    36  	},
    37  	gfP2{*newGFp(0), *newGFp(1)},
    38  	gfP2{*newGFp(0), *newGFp(1)},
    39  }
    40  
    41  func (c *twistPoint) String() string {
    42  	c.MakeAffine()
    43  	x, y := gfP2Decode(&c.x), gfP2Decode(&c.y)
    44  	return "(" + x.String() + ", " + y.String() + ")"
    45  }
    46  
    47  func (c *twistPoint) Set(a *twistPoint) {
    48  	c.x.Set(&a.x)
    49  	c.y.Set(&a.y)
    50  	c.z.Set(&a.z)
    51  	c.t.Set(&a.t)
    52  }
    53  
    54  //is on curve返回真的iff c在曲线上。
    55  func (c *twistPoint) IsOnCurve() bool {
    56  	c.MakeAffine()
    57  	if c.IsInfinity() {
    58  		return true
    59  	}
    60  
    61  	y2, x3 := &gfP2{}, &gfP2{}
    62  	y2.Square(&c.y)
    63  	x3.Square(&c.x).Mul(x3, &c.x).Add(x3, twistB)
    64  
    65  	if *y2 != *x3 {
    66  		return false
    67  	}
    68  	cneg := &twistPoint{}
    69  	cneg.Mul(c, Order)
    70  	return cneg.z.IsZero()
    71  }
    72  
    73  func (c *twistPoint) SetInfinity() {
    74  	c.x.SetZero()
    75  	c.y.SetOne()
    76  	c.z.SetZero()
    77  	c.t.SetZero()
    78  }
    79  
    80  func (c *twistPoint) IsInfinity() bool {
    81  	return c.z.IsZero()
    82  }
    83  
    84  func (c *twistPoint) Add(a, b *twistPoint) {
    85  //有关其他注释,请参见curve.go中的相同函数。
    86  
    87  	if a.IsInfinity() {
    88  		c.Set(b)
    89  		return
    90  	}
    91  	if b.IsInfinity() {
    92  		c.Set(a)
    93  		return
    94  	}
    95  
    96  //见http://hyper椭圆形.org/efd/g1p/auto-code/shortw/jacobian-0/addition/add-2007-bl.op3
    97  	z12 := (&gfP2{}).Square(&a.z)
    98  	z22 := (&gfP2{}).Square(&b.z)
    99  	u1 := (&gfP2{}).Mul(&a.x, z22)
   100  	u2 := (&gfP2{}).Mul(&b.x, z12)
   101  
   102  	t := (&gfP2{}).Mul(&b.z, z22)
   103  	s1 := (&gfP2{}).Mul(&a.y, t)
   104  
   105  	t.Mul(&a.z, z12)
   106  	s2 := (&gfP2{}).Mul(&b.y, t)
   107  
   108  	h := (&gfP2{}).Sub(u2, u1)
   109  	xEqual := h.IsZero()
   110  
   111  	t.Add(h, h)
   112  	i := (&gfP2{}).Square(t)
   113  	j := (&gfP2{}).Mul(h, i)
   114  
   115  	t.Sub(s2, s1)
   116  	yEqual := t.IsZero()
   117  	if xEqual && yEqual {
   118  		c.Double(a)
   119  		return
   120  	}
   121  	r := (&gfP2{}).Add(t, t)
   122  
   123  	v := (&gfP2{}).Mul(u1, i)
   124  
   125  	t4 := (&gfP2{}).Square(r)
   126  	t.Add(v, v)
   127  	t6 := (&gfP2{}).Sub(t4, j)
   128  	c.x.Sub(t6, t)
   129  
   130  t.Sub(v, &c.x) //T7
   131  t4.Mul(s1, j)  //T8
   132  t6.Add(t4, t4) //T9
   133  t4.Mul(r, t)   //T10
   134  	c.y.Sub(t4, t6)
   135  
   136  t.Add(&a.z, &b.z) //T11
   137  t4.Square(t)      //T12
   138  t.Sub(t4, z12)    //T13
   139  t4.Sub(t, z22)    //T14
   140  	c.z.Mul(t4, h)
   141  }
   142  
   143  func (c *twistPoint) Double(a *twistPoint) {
   144  //请参阅http://hyper椭圆形.org/efd/g1p/auto-code/shortw/jacobian-0/double/dbl-2009-l.op3
   145  	A := (&gfP2{}).Square(&a.x)
   146  	B := (&gfP2{}).Square(&a.y)
   147  	C := (&gfP2{}).Square(B)
   148  
   149  	t := (&gfP2{}).Add(&a.x, B)
   150  	t2 := (&gfP2{}).Square(t)
   151  	t.Sub(t2, A)
   152  	t2.Sub(t, C)
   153  	d := (&gfP2{}).Add(t2, t2)
   154  	t.Add(A, A)
   155  	e := (&gfP2{}).Add(t, A)
   156  	f := (&gfP2{}).Square(e)
   157  
   158  	t.Add(d, d)
   159  	c.x.Sub(f, t)
   160  
   161  	t.Add(C, C)
   162  	t2.Add(t, t)
   163  	t.Add(t2, t2)
   164  	c.y.Sub(d, &c.x)
   165  	t2.Mul(e, &c.y)
   166  	c.y.Sub(t2, t)
   167  
   168  	t.Mul(&a.y, &a.z)
   169  	c.z.Add(t, t)
   170  }
   171  
   172  func (c *twistPoint) Mul(a *twistPoint, scalar *big.Int) {
   173  	sum, t := &twistPoint{}, &twistPoint{}
   174  
   175  	for i := scalar.BitLen(); i >= 0; i-- {
   176  		t.Double(sum)
   177  		if scalar.Bit(i) != 0 {
   178  			sum.Add(t, a)
   179  		} else {
   180  			sum.Set(t)
   181  		}
   182  	}
   183  
   184  	c.Set(sum)
   185  }
   186  
   187  func (c *twistPoint) MakeAffine() {
   188  	if c.z.IsOne() {
   189  		return
   190  	} else if c.z.IsZero() {
   191  		c.x.SetZero()
   192  		c.y.SetOne()
   193  		c.t.SetZero()
   194  		return
   195  	}
   196  
   197  	zInv := (&gfP2{}).Invert(&c.z)
   198  	t := (&gfP2{}).Mul(&c.y, zInv)
   199  	zInv2 := (&gfP2{}).Square(zInv)
   200  	c.y.Mul(t, zInv2)
   201  	t.Mul(&c.x, zInv2)
   202  	c.x.Set(t)
   203  	c.z.SetOne()
   204  	c.t.SetOne()
   205  }
   206  
   207  func (c *twistPoint) Neg(a *twistPoint) {
   208  	c.x.Set(&a.x)
   209  	c.y.Neg(&a.y)
   210  	c.z.Set(&a.z)
   211  	c.t.SetZero()
   212  }