fptower

package
v0.0.0-...-6c19a75 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 4, 2024 License: Apache-2.0 Imports: 6 Imported by: 0

Documentation

Index

Constants

View Source
const SizeOfGT = sizeOfFp * 6

SizeOfGT represents the size in bytes that a GT element need in binary form

Variables

This section is empty.

Functions

func Mul014By014

func Mul014By014(d0, d1, d4, c0, c1, c4 *fp.Element) [5]fp.Element

Mul014By014 multiplication of sparse element (c0,c1,0,0,c4,0) by sparse element (d0,d1,0,0,d4,0)

func Mul01By01

func Mul01By01(d0, d1, c0, c1 *fp.Element) [5]fp.Element

Mul01By01 multiplication of sparse element (c0,c1,0,0,1,0) by sparse element (d0,d1,0,0,1,0)

Types

type E3

type E3 struct {
	A0, A1, A2 fp.Element
}

E3 is a degree-three finite field extension of fp2

func BatchCompressTorus

func BatchCompressTorus(x []E6) ([]E3, error)

BatchCompressTorus GT/E6 elements to half their size using a batch inversion

func BatchInvertE3

func BatchInvertE3(a []E3) []E3

BatchInvertE3 returns a new slice with every element in a inverted. It uses Montgomery batch inversion trick.

if a[i] == 0, returns result[i] = a[i]

func (*E3) Add

func (z *E3) Add(x, y *E3) *E3

Add adds two elements of E3

func (*E3) Clone

func (z *E3) Clone() *E3

Clone returns a copy of self

func (*E3) DecompressTorus

func (z *E3) DecompressTorus() E6

DecompressTorus GT/E6 a compressed element element must be in the cyclotomic subgroup "COMPRESSION IN FINITE FIELDS AND TORUS-BASED CRYPTOGRAPHY", K. RUBIN AND A. SILVERBERG

func (*E3) Double

func (z *E3) Double(x *E3) *E3

Double doubles an element in E3

func (*E3) Equal

func (z *E3) Equal(x *E3) bool

Equal returns true if z equals x, false otherwise TODO can this be deleted? Should be able to use == operator instead

func (*E3) Inverse

func (z *E3) Inverse(x *E3) *E3

Inverse an element in E3

if x == 0, sets and returns z = x

func (*E3) IsOne

func (z *E3) IsOne() bool

IsOne returns true if z is one, false otherwise

func (*E3) IsZero

func (z *E3) IsZero() bool

IsZero returns true if z is zero, false otherwise

func (*E3) Mul

func (z *E3) Mul(x, y *E3) *E3

Mul sets z to the E3-product of x,y, returns z

func (*E3) MulAssign

func (z *E3) MulAssign(x *E3) *E3

MulAssign sets z to the E3-product of z,y, returns z

func (*E3) MulBy01

func (z *E3) MulBy01(c0, c1 *fp.Element) *E3

MulBy01 multiplication by sparse element (c0,c1,0)

func (*E3) MulBy1

func (z *E3) MulBy1(c1 *fp.Element) *E3

MulBy1 multiplication of E6 by sparse element (0, c1, 0)

func (*E3) MulBy12

func (x *E3) MulBy12(b1, b2 *fp.Element) *E3

MulBy12 multiplication by sparse element (0,b1,b2)

func (*E3) MulByElement

func (z *E3) MulByElement(x *E3, y *fp.Element) *E3

MulByElement multiplies an element in E3 by an element in fp

func (*E3) MulByNonResidue

func (z *E3) MulByNonResidue(x *E3) *E3

MulByNonResidue mul x by (0,1,0)

func (*E3) Neg

func (z *E3) Neg(x *E3) *E3

Neg negates the E3 number

func (*E3) Set

func (z *E3) Set(x *E3) *E3

Set Sets a E3 elmt form another E3 elmt

func (*E3) SetOne

func (z *E3) SetOne() *E3

SetOne sets z to 1 in Montgomery form and returns z

func (*E3) SetRandom

func (z *E3) SetRandom() (*E3, error)

SetRandom sets z to a random elmt

func (*E3) SetString

func (z *E3) SetString(s1, s2, s3 string) *E3

SetString sets a E3 elmt from stringf

func (*E3) SetZero

func (z *E3) SetZero() *E3

SetZero sets an E3 elmt to zero

func (*E3) Square

func (z *E3) Square(x *E3) *E3

Square sets z to the E3-product of x,x, returns z

func (*E3) String

func (z *E3) String() string

String puts E3 elmt in string form

func (*E3) Sub

func (z *E3) Sub(x, y *E3) *E3

Sub subtracts two elements of E3

type E6

type E6 struct {
	B0, B1 E3
}

E6 is a degree two finite field extension of fp3

func BatchDecompressKarabina

func BatchDecompressKarabina(x []E6) []E6

BatchDecompressKarabina multiple Karabina's cyclotomic square results if g3 != 0

g4 = (E * g5^2 + 3 * g1^2 - 2 * g2)/4g3

if g3 == 0

g4 = 2g1g5/g2

if g3=g2=0 then g4=g5=g1=0 and g0=1 (x=1) Theorem 3.1 is well-defined for all x in Gϕₙ\{1}

Divisions by 4g3 or g2 is batched using Montgomery batch inverse

func BatchDecompressTorus

func BatchDecompressTorus(x []E3) ([]E6, error)

BatchDecompressTorus GT/E6 compressed elements using a batch inversion

func BatchInvertE6

func BatchInvertE6(a []E6) []E6

BatchInvertE6 returns a new slice with every element in a inverted. It uses Montgomery batch inversion trick.

if a[i] == 0, returns result[i] = a[i]

func (*E6) Add

func (z *E6) Add(x, y *E6) *E6

Add sets z=x+y in E6 and returns z

func (*E6) Bytes

func (z *E6) Bytes() (r [SizeOfGT]byte)

Bytes returns the regular (non montgomery) value of z as a big-endian byte array. z.C1.B2.A1 | z.C1.B2.A0 | z.C1.B1.A1 | ...

func (*E6) CompressTorus

func (z *E6) CompressTorus() (E3, error)

CompressTorus GT/E6 element to half its size z must be in the cyclotomic subgroup i.e. z^(p⁴-p²+1)=1 e.g. GT "COMPRESSION IN FINITE FIELDS AND TORUS-BASED CRYPTOGRAPHY", K. RUBIN AND A. SILVERBERG z.B1 == 0 only when z ∈ {-1,1}

func (*E6) Conjugate

func (z *E6) Conjugate(x *E6) *E6

Conjugate sets z to x conjugated and returns z

func (*E6) CyclotomicExp

func (z *E6) CyclotomicExp(x E6, k *big.Int) *E6

CyclotomicExp sets z=xᵏ (mod q⁶) and returns it uses 2-NAF decomposition x must be in the cyclotomic subgroup TODO: use a windowed method

func (*E6) CyclotomicSquare

func (z *E6) CyclotomicSquare(x *E6) *E6

Granger-Scott's cyclotomic square https://eprint.iacr.org/2009/565.pdf, 3.2

func (*E6) CyclotomicSquareCompressed

func (z *E6) CyclotomicSquareCompressed(x *E6) *E6

Karabina's compressed cyclotomic square https://eprint.iacr.org/2010/542.pdf Th. 3.2 with minor modifications to fit our tower

func (*E6) DecompressKarabina

func (z *E6) DecompressKarabina(x *E6) *E6

DecompressKarabina Karabina's cyclotomic square result if g3 != 0

g4 = (E * g5^2 + 3 * g1^2 - 2 * g2)/4g3

if g3 == 0

g4 = 2g1g5/g2

if g3=g2=0 then g4=g5=g1=0 and g0=1 (x=1) Theorem 3.1 is well-defined for all x in Gϕₙ\{1}

func (*E6) Double

func (z *E6) Double(x *E6) *E6

Double sets z=2*x and returns z

func (*E6) Equal

func (z *E6) Equal(x *E6) bool

Equal returns true if z equals x, false otherwise

func (*E6) Exp

func (z *E6) Exp(x E6, k *big.Int) *E6

Exp sets z=xᵏ (mod q⁶) and returns it uses 2-bits windowed method

func (*E6) ExpGLV

func (z *E6) ExpGLV(x E6, k *big.Int) *E6

ExpGLV sets z=xᵏ (q⁶) and returns it uses 2-dimensional GLV with 2-bits windowed method x must be in GT TODO: use 2-NAF TODO: use higher dimensional decomposition

func (*E6) Expc1

func (z *E6) Expc1(x *E6) *E6

Expc1 set z to z^c1 in E6 and return z ht, hy = -7, -1 c1 = (ht-hy)/2 = -3

func (*E6) Expc2

func (z *E6) Expc2(x *E6) *E6

Expc2 set z to z^c2 in E6 and return z ht, hy = -7, -1 c2 = (ht**2+3*hy**2)/4 = 13

func (*E6) Expt

func (z *E6) Expt(x *E6) *E6

Expt set z to x^t in E6 and return z (t is the seed of the curve) t = -3218079743 = -2**32+2**30+2**22-2**20+1

func (*E6) ExptMinus1

func (z *E6) ExptMinus1(x *E6) *E6

ExptMinus1 set z to x^(t-1) in E6 and return z t-1 = -3218079744

func (*E6) ExptMinus1Div3

func (z *E6) ExptMinus1Div3(x *E6) *E6

ExptMinus1Div3 set z to x^((t-1)/3) in E6 and return z (t-1)/3 = -1072693248

func (*E6) ExptMinus1Squared

func (z *E6) ExptMinus1Squared(x *E6) *E6

ExptMinus1Squared set z to x^(t-1)^2 in E6 and return z (t-1)^2 = 10356037238743105536

func (*E6) ExptPlus1

func (z *E6) ExptPlus1(x *E6) *E6

ExptPlus1 set z to x^(t+1) in E6 and return z t + 1 = -3218079742

func (*E6) ExptSquarePlus1

func (z *E6) ExptSquarePlus1(x *E6) *E6

ExptSquarePlus1 set z to x^(t^2+1) in E6 and return z t^2 + 1 = 10356037232306946050

func (*E6) Frobenius

func (z *E6) Frobenius(x *E6) *E6

Frobenius set z in E6 to Frobenius(x), return z

func (*E6) Inverse

func (z *E6) Inverse(x *E6) *E6

Inverse sets z to the inverse of x in E6 and returns z

if x == 0, sets and returns z = x

func (*E6) InverseUnitary

func (z *E6) InverseUnitary(x *E6) *E6

InverseUnitary inverses a unitary element

func (*E6) IsInSubGroup

func (z *E6) IsInSubGroup() bool

IsInSubGroup ensures GT/E6 is in correct subgroup

func (*E6) IsOne

func (z *E6) IsOne() bool

IsOne returns true if z is one, false otherwise

func (*E6) IsZero

func (z *E6) IsZero() bool

IsZero returns true if z is zero, false otherwise

func (*E6) Mul

func (z *E6) Mul(x, y *E6) *E6

Mul sets z=x*y in E6 and returns z

func (*E6) MulBy01

func (z *E6) MulBy01(c0, c1 *fp.Element) *E6

MulBy01 multiplication by sparse element (c0, c1, 0, 0, 1)

func (*E6) MulBy01245

func (z *E6) MulBy01245(x *[5]fp.Element) *E6

MulBy01245 multiplies z by an E12 sparse element of the form (x0, x1, x2, 0, x4, x5)

func (*E6) MulBy014

func (z *E6) MulBy014(c0, c1, c4 *fp.Element) *E6

/ MulBy014 multiplication by sparse element (c0,c1,0,0,c4,0)

func (*E6) Set

func (z *E6) Set(x *E6) *E6

Set copies x into z and returns z

func (*E6) SetBytes

func (z *E6) SetBytes(e []byte) error

SetBytes interprets e as the bytes of a big-endian GT sets z to that value (in Montgomery form), and returns z. z.C1.B2.A1 | z.C1.B2.A0 | z.C1.B1.A1 | ...

func (*E6) SetOne

func (z *E6) SetOne() *E6

SetOne sets z to 1 in Montgomery form and returns z

func (*E6) SetRandom

func (z *E6) SetRandom() (*E6, error)

SetRandom used only in tests

func (*E6) SetString

func (z *E6) SetString(s0, s1, s2, s3, s4, s5 string) *E6

SetString sets a E6 from string

func (*E6) Square

func (z *E6) Square(x *E6) *E6

Square sets z=x*x in E6 and returns z

func (*E6) String

func (z *E6) String() string

String puts E6 in string form

func (*E6) Sub

func (z *E6) Sub(x, y *E6) *E6

Sub sets z to x-y and returns z

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL