Beispiel #1
0
void fp_rdc_basic(fp_t c, dv_t a) {
	dv_t t0, t1, t2, t3;

	dv_null(t0);
	dv_null(t1);
	dv_null(t2);
	dv_null(t3);

	TRY {
		dv_new(t0);
		dv_new(t1);
		dv_new(t2);
		dv_new(t3);

		dv_copy(t2, a, 2 * FP_DIGS);
		dv_copy(t3, fp_prime_get(), FP_DIGS);
		bn_divn_low(t0, t1, t2, 2 * FP_DIGS, t3, FP_DIGS);
		fp_copy(c, t1);
	}
	CATCH_ANY {
		THROW(ERR_CAUGHT);
	} FINALLY {
		dv_free(t0);
		dv_free(t1);
		dv_free(t2);
		dv_free(t3);
	}
}
Beispiel #2
0
void fp2_mul_basic(fp2_t c, fp2_t a, fp2_t b) {
	dv_t t0, t1, t2, t3, t4;

	dv_null(t0);
	dv_null(t1);
	dv_null(t2);
	dv_null(t3);
	dv_null(t4);

	TRY {
		dv_new(t0);
		dv_new(t1);
		dv_new(t2);
		dv_new(t3);
		dv_new(t4);

		/* Karatsuba algorithm. */

		/* t2 = a_0 + a_1, t1 = b0 + b1. */
		fp_add(t2, a[0], a[1]);
		fp_add(t1, b[0], b[1]);

		/* t3 = (a_0 + a_1) * (b0 + b1). */
		fp_muln_low(t3, t2, t1);

		/* t0 = a_0 * b0, t4 = a_1 * b1. */
		fp_muln_low(t0, a[0], b[0]);
		fp_muln_low(t4, a[1], b[1]);

		/* t2 = (a_0 * b0) + (a_1 * b1). */
		fp_addc_low(t2, t0, t4);

		/* t1 = (a_0 * b0) + u^2 * (a_1 * b1). */
		fp_subc_low(t1, t0, t4);

		/* t1 = u^2 * (a_1 * b1). */
		for (int i = -1; i > fp_prime_get_qnr(); i--) {
			fp_subc_low(t1, t1, t4);
		}
		/* c_0 = t1 mod p. */
		fp_rdc(c[0], t1);

		/* t4 = t3 - t2. */
		fp_subc_low(t4, t3, t2);

		/* c_1 = t4 mod p. */
		fp_rdc(c[1], t4);
	}
	CATCH_ANY {
		THROW(ERR_CAUGHT);
	}
	FINALLY {
		dv_free(t0);
		dv_free(t1);
		dv_free(t2);
		dv_free(t3);
		dv_free(t4);
	}
}
Beispiel #3
0
/**
 * Multiplies two binary field elements using right-to-left comb multiplication.
 *
 * @param c					- the result.
 * @param a					- the first binary field element.
 * @param b					- the second binary field element.
 * @param size				- the number of digits to multiply.
 */
static void fb_mul_rcomb_imp(dig_t *c, const dig_t *a, const dig_t *b, int size) {
	dv_t _b;

	dv_null(_b);

	TRY {
		dv_new(_b);
		dv_zero(c, 2 * size);

		for (int i = 0; i < size; i++)
			_b[i] = b[i];
		_b[size] = 0;

		for (int i = 0; i < FB_DIGIT; i++) {
			for (int j = 0; j < size; j++) {
				if (a[j] & ((dig_t)1 << i)) {
					fb_addd_low(c + j, c + j, _b, size + 1);
				}
			}
			if (i != FB_DIGIT - 1) {
				bn_lsh1_low(_b, _b, size + 1);
			}
		}
	}
	CATCH_ANY {
		THROW(ERR_CAUGHT);
	}
	FINALLY {
		dv_free(_b);
	}
}
Beispiel #4
0
void fp_prime_back(bn_t c, const fp_t a) {
	dv_t t;
	int i;

	dv_null(t);

	TRY {
		dv_new(t);

		bn_grow(c, FP_DIGS);
		for (i = 0; i < FP_DIGS; i++) {
			c->dp[i] = a[i];
		}
#if FP_RDC == MONTY
		dv_zero(t, 2 * FP_DIGS + 1);
		dv_copy(t, a, FP_DIGS);
		fp_rdc(c->dp, t);
#endif
		c->used = FP_DIGS;
		c->sign = BN_POS;
		bn_trim(c);
	}
	CATCH_ANY {
		THROW(ERR_CAUGHT);
	}
	FINALLY {
		dv_free(t);
	}
}
Beispiel #5
0
void fp_prime_conv_dig(fp_t c, dig_t a) {
	dv_t t;
	ctx_t *ctx = core_get();

	bn_null(t);

	TRY {
		dv_new(t);

#if FP_RDC == MONTY
		if (a != 1) {
			dv_zero(t, 2 * FP_DIGS + 1);
			t[FP_DIGS] = fp_mul1_low(t, ctx->conv.dp, a);
			fp_rdc(c, t);
		} else {
			dv_copy(c, ctx->one.dp, FP_DIGS);
		}
#else
		(void)ctx;
		fp_zero(c);
		c[0] = a;
#endif
	}
	CATCH_ANY {
		THROW(ERR_CAUGHT);
	}
	FINALLY {
		dv_free(t);
	}
}
Beispiel #6
0
/**
 * Multiplies two binary field elements using shift-and-add multiplication.
 *
 * @param c					- the result.
 * @param a					- the first binary field element.
 * @param b					- the second binary field element.
 * @param size				- the number of digits to multiply.
 */
static void fb_mul_basic_imp(dig_t *c, const dig_t *a, const dig_t *b, int size) {
	int i;
	dv_t s;

	dv_null(s);

	TRY {
		/* We need a temporary variable so that c can be a or b. */
		dv_new(s);
		dv_zero(s, 2 * FB_DIGS);

		dv_copy(s, b, size);
		dv_zero(c, 2 * size);

		if (a[0] & 1) {
			dv_copy(c, b, size);
		}
		for (i = 1; i <= (FB_DIGIT * size) - 1; i++) {
			fb_lsh1_low(s, s);
			fb_rdc(s, s);
			if (fb_get_bit(a, i)) {
				fb_add(c, c, s);
			}
		}
	}
	CATCH_ANY {
		THROW(ERR_CAUGHT);
	}
	FINALLY {
		dv_free(s);
	}
}
Beispiel #7
0
void fp_mul_karat(fp_t c, const fp_t a, const fp_t b) {
	dv_t t;

	dv_null(t);

	TRY {
		/* We need a temporary variable so that c can be a or b. */
		dv_new(t);

		dv_zero(t, 2 * FP_DIGS);

		if (FP_DIGS > 1) {
			fp_mul_karat_imp(t, a, b, FP_DIGS, FP_KARAT);
		} else {
			fp_muln_low(t, a, b);
		}

		fp_rdc(c, t);
	} CATCH_ANY {
		THROW(ERR_CAUGHT);
	}
	FINALLY {
		dv_free(t);
	}
}
Beispiel #8
0
void fp_mul_basic(fp_t c, const fp_t a, const fp_t b) {
	int i;
	dv_t t;
	dig_t carry;

	dv_null(t);

	TRY {
		/* We need a temporary variable so that c can be a or b. */
		dv_new(t);
		dv_zero(t, 2 * FP_DIGS);
		for (i = 0; i < FP_DIGS; i++) {
			carry = fp_mula_low(t + i, b, *(a + i));
			*(t + i + FP_DIGS) = carry;
		}

		fp_rdc(c, t);
	}
	CATCH_ANY {
		THROW(ERR_CAUGHT);
	}
	FINALLY {
		dv_free(t);
	}
}
Beispiel #9
0
void fb_mul_lcomb(fb_t c, const fb_t a, const fb_t b) {
	dv_t t;
	dig_t carry;

	dv_null(t);

	TRY {
		dv_new(t);
		dv_zero(t, 2 * FB_DIGS);

		for (int i = FB_DIGIT - 1; i >= 0; i--) {
			for (int j = 0; j < FB_DIGS; j++) {
				if (a[j] & ((dig_t)1 << i)) {
					/* This cannot use fb_addn_low() because there is no
					 * guarantee that operands will be aligned. */
					fb_addd_low(t + j, t + j, b, FB_DIGS);
				}
			}
			if (i != 0) {
				carry = fb_lsh1_low(t, t);
				fb_lsh1_low(t + FB_DIGS, t + FB_DIGS);
				t[FB_DIGS] |= carry;
			}
		}

		fb_rdc(c, t);
	}
	CATCH_ANY {
		THROW(ERR_CAUGHT);
	}
	FINALLY {
		dv_free(t);
	}
}
Beispiel #10
0
void fb_mul_rcomb(fb_t c, const fb_t a, const fb_t b) {
	dv_t t, _b;
	dig_t carry;

	dv_null(t);
	dv_null(_b);

	TRY {
		dv_new(t);
		dv_new(_b);
		dv_zero(t, 2 * FB_DIGS);
		dv_zero(_b, FB_DIGS + 1);

		fb_copy(_b, b);

		for (int i = 0; i < FB_DIGIT; i++) {
			for (int j = 0; j < FB_DIGS; j++) {
				if (a[j] & ((dig_t)1 << i)) {
					fb_addd_low(t + j, t + j, _b, FB_DIGS + 1);
				}
			}
			if (i != FB_DIGIT - 1) {
				carry = fb_lsh1_low(_b, _b);
				_b[FB_DIGS] = (_b[FB_DIGS] << 1) | carry;
			}
		}

		fb_rdc(c, t);
	}
	CATCH_ANY {
		THROW(ERR_CAUGHT);
	}
	FINALLY {
		dv_free(t);
		dv_free(_b);
	}
}
Beispiel #11
0
void fp_mul_dig(fp_t c, const fp_t a, dig_t b) {
	dv_t t;

	dv_null(t);

	TRY {
		dv_new(t);
		fp_prime_conv_dig(t, b);
		fp_mul(c, a, t);
	} CATCH_ANY {
		THROW(ERR_CAUGHT);
	}
	FINALLY {
		dv_free(t);
	}
}
Beispiel #12
0
void fb_sqr_table(fb_t c, const fb_t a) {
	dv_t t;

	dv_null(t);

	TRY {
		/* We need a temporary variable so that c can be a or b. */
		dv_new(t);
		fb_sqrl_low(t, a);
		fb_rdc(c, t);
	} CATCH_ANY {
		THROW(ERR_CAUGHT);
	}
	FINALLY {
		dv_free(t);
	}
}
Beispiel #13
0
void fb_rdc_basic(fb_t c, dv_t a) {
	int j, k;
	dig_t *tmpa;
	dv_t r;

	dv_null(r);

	TRY {
		dv_new(r);

		tmpa = a + FB_DIGS;

		/* First reduce the high part. */
		for (int i = fb_bits(tmpa) - 1; i >= 0; i--) {
			if (fb_get_bit(tmpa, i)) {
				SPLIT(k, j, i - FB_BITS, FB_DIG_LOG);
				if (k <= 0) {
					fb_addd_low(tmpa + j, tmpa + j, fb_poly_get(), FB_DIGS);
				} else {
					r[FB_DIGS] = fb_lshb_low(r, fb_poly_get(), k);
					fb_addd_low(tmpa + j, tmpa + j, r, FB_DIGS + 1);
				}
			}
		}
		for (int i = fb_bits(a) - 1; i >= FB_BITS; i--) {
			if (fb_get_bit(a, i)) {
				SPLIT(k, j, i - FB_BITS, FB_DIG_LOG);
				if (k == 0) {
					fb_addd_low(a + j, a + j, fb_poly_get(), FB_DIGS);
				} else {
					r[FB_DIGS] = fb_lshb_low(r, fb_poly_get(), k);
					fb_addd_low(a + j, a + j, r, FB_DIGS + 1);
				}
			}
		}

		fb_copy(c, a);
	}
	CATCH_ANY {
		THROW(ERR_CAUGHT);
	}
	FINALLY {
		fb_free(r);
	}
}
Beispiel #14
0
void fb_mul_lodah(fb_t c, const fb_t a, const fb_t b) {
	dv_t t;

	dv_null(t);

	TRY {
		dv_new(t);

		fb_muln_low(t, a, b);

		fb_rdc(c, t);
	} CATCH_ANY {
		THROW(ERR_CAUGHT);
	}
	FINALLY {
		dv_free(t);
	}
}
Beispiel #15
0
void fp_sqr_comba(fp_t c, const fp_t a) {
	dv_t t;

	dv_null(t);

	TRY {
		dv_new(t);

		fp_sqrn_low(t, a);

		fp_rdc(c, t);
	} CATCH_ANY {
		THROW(ERR_CAUGHT);
	}
	FINALLY {
		fp_free(t);
	}
}
Beispiel #16
0
void fb_mul_basic(fb_t c, const fb_t a, const fb_t b) {
	int i;
	dv_t s;
	fb_t t;

	dv_null(s);
	fb_null(t);

	TRY {
		/* We need a temporary variable so that c can be a or b. */
		fb_new(t);
		dv_new(s);
		fb_zero(t);
		dv_zero(s + FB_DIGS, FB_DIGS);
		fb_copy(s, b);

		if (a[0] & 1) {
			fb_copy(t, b);
		}
		for (i = 1; i < FB_BITS; i++) {
			/* We are already shifting a temporary value, so this is more efficient
			 * than calling fb_lsh(). */
			s[FB_DIGS] = fb_lsh1_low(s, s);
			fb_rdc(s, s);
			if (fb_get_bit(a, i)) {
				fb_add(t, t, s);
			}
		}

		if (fb_bits(t) > FB_BITS) {
			fb_poly_add(c, t);
		} else {
			fb_copy(c, t);
		}
	}
	CATCH_ANY {
		THROW(ERR_CAUGHT);
	}
	FINALLY {
		fb_free(t);
		fb_free(s);
	}
}
Beispiel #17
0
void fb_mul_dig(fb_t c, fb_t a, dig_t b) {
	dv_t t;

	dv_null(t);

	TRY {
		/* We need a temporary variable so that c can be a or b. */
		dv_new(t);

		fb_mul1_low(t, a, b);

		fb_rdc1_low(c, t);
	} CATCH_ANY {
		THROW(ERR_CAUGHT);
	}
	FINALLY {
		dv_free(t);
	}
}
Beispiel #18
0
void fb_mul_karat(fb_t c, const fb_t a, const fb_t b) {
	dv_t t;

	dv_null(t);

	TRY {
		/* We need a temporary variable so that c can be a or b. */
		dv_new(t);
		dv_zero(t, 2 * FB_DIGS);

		fb_mul_karat_imp(t, a, b, FB_DIGS, FB_KARAT);

		fb_rdc(c, t);
	} CATCH_ANY {
		THROW(ERR_CAUGHT);
	}
	FINALLY {
		dv_free(t);
	}
}
Beispiel #19
0
void fp_mul_comba(fp_t c, const fp_t a, const fp_t b) {
	dv_t t;

	dv_null(t);

	TRY {
		/* We need a temporary variable so that c can be a or b. */
		dv_new(t);

		fp_muln_low(t, a, b);

		fp_rdc(c, t);

		dv_free(t);
	} CATCH_ANY {
		THROW(ERR_CAUGHT);
	}
	FINALLY {
		dv_free(t);
	}
}
Beispiel #20
0
void fp_sqr_basic(fp_t c, const fp_t a) {
	int i;
	dv_t t;

	dv_null(t);

	TRY {
		dv_new(t);
		dv_zero(t, 2 * RLC_FP_DIGS);

		for (i = 0; i < RLC_FP_DIGS; i++) {
			bn_sqra_low(t + (2 * i), a + i, RLC_FP_DIGS - i);
		}

		fp_rdc(c, t);
	}
	CATCH_ANY {
		THROW(ERR_CAUGHT);
	}
	FINALLY {
		fp_free(t);
	}
}
Beispiel #21
0
void fp_sqr_karat(fp_t c, const fp_t a) {
	dv_t t;

	dv_null(t);

	TRY {
		dv_new(t);
		dv_zero(t, 2 * RLC_FP_DIGS);

		if (RLC_FP_DIGS > 1) {
			fp_sqr_karat_imp(t, a, RLC_FP_DIGS, FP_KARAT);
		} else {
			fp_sqrn_low(t, a);
		}


		fp_rdc(c, t);
	} CATCH_ANY {
		THROW(ERR_CAUGHT);
	}
	FINALLY {
		dv_free(t);
	}
}
Beispiel #22
0
void fp3_mul_basic(fp3_t c, fp3_t a, fp3_t b) {
	dv_t t, t0, t1, t2, t3, t4, t5, t6;

	dv_null(t);
	dv_null(t0);
	dv_null(t1);
	dv_null(t2);
	dv_null(t3);
	dv_null(t4);
	dv_null(t5);
	dv_null(t6);

	TRY {
		dv_new(t);
		dv_new(t0);
		dv_new(t1);
		dv_new(t2);
		dv_new(t3);
		dv_new(t4);
		dv_new(t5);
		dv_new(t6);

		/* Karatsuba algorithm. */

		/* t0 = a_0 * b_0, t1 = a_1 * b_1, t2 = a_2 * b_2. */
		fp_muln_low(t0, a[0], b[0]);
		fp_muln_low(t1, a[1], b[1]);
		fp_muln_low(t2, a[2], b[2]);

		/* t3 = (a_1 + a_2) * (b_1 + b_2). */
		fp_add(t3, a[1], a[2]);
		fp_add(t4, b[1], b[2]);
		fp_muln_low(t, t3, t4);
		fp_addd_low(t6, t1, t2);
		fp_subc_low(t4, t, t6);
		fp_subc_low(t3, t0, t4);
		for (int i = -1; i > fp_prime_get_cnr(); i--) {
			fp_subc_low(t3, t3, t4);
		}

		fp_add(t4, a[0], a[1]);
		fp_add(t5, b[0], b[1]);
		fp_muln_low(t, t4, t5);
		fp_addd_low(t4, t0, t1);
		fp_subc_low(t4, t, t4);
		fp_subc_low(t4, t4, t2);
		for (int i = -1; i > fp_prime_get_cnr(); i--) {
			fp_subc_low(t4, t4, t2);
		}

		fp_add(t5, a[0], a[2]);
		fp_add(t6, b[0], b[2]);
		fp_muln_low(t, t5, t6);
		fp_addd_low(t6, t0, t2);
		fp_subc_low(t5, t, t6);
		fp_addc_low(t5, t5, t1);

		/* c_0 = t3 mod p. */
		fp_rdc(c[0], t3);

		/* c_1 = t4 mod p. */
		fp_rdc(c[1], t4);

		/* c_2 = t5 mod p. */
		fp_rdc(c[2], t5);
	}
	CATCH_ANY {
		THROW(ERR_CAUGHT);
	}
	FINALLY {
		dv_free(t);
		dv_free(t0);
		dv_free(t1);
		dv_free(t2);
		dv_free(t3);
		dv_free(t4);
		dv_free(t5);
		dv_free(t6);
	}
}
Beispiel #23
0
/**
 * Multiplies two prime field elements using recursive Karatsuba
 * multiplication.
 *
 * @param[out] c			- the result.
 * @param[in] a				- the first prime field element.
 * @param[in] b				- the second prime field element.
 * @param[in] size			- the number of digits to multiply.
 * @param[in] level			- the number of Karatsuba steps to apply.
 */
static void fp_mul_karat_imp(dv_t c, const fp_t a, const fp_t b, int size,
		int level) {
	int i, h, h1;
	dv_t a1, b1, a0b0, a1b1, t;
	dig_t carry;

	/* Compute half the digits of a or b. */
	h = size >> 1;
	h1 = size - h;

	dv_null(a1);
	dv_null(b1);
	dv_null(a0b0);
	dv_null(a1b1);

	TRY {
		/* Allocate the temp variables. */
		dv_new(a1);
		dv_new(b1);
		dv_new(a0b0);
		dv_new(a1b1);
		dv_new(t);
		dv_zero(a1, h1 + 1);
		dv_zero(b1, h1 + 1);
		dv_zero(a0b0, 2 * h);
		dv_zero(a1b1, 2 * h1);
		dv_zero(t, 2 * h1 + 1);

		/* a0b0 = a0 * b0 and a1b1 = a1 * b1 */
		if (level <= 1) {
#if FP_MUL == BASIC
			for (i = 0; i < h; i++) {
				carry = bn_mula_low(a0b0 + i, a, *(b + i), h);
				*(a0b0 + i + h) = carry;
			}
			for (i = 0; i < h1; i++) {
				carry = bn_mula_low(a1b1 + i, a + h, *(b + h + i), h1);
				*(a1b1 + i + h1) = carry;
			}
#elif FP_MUL == COMBA || FP_MUL == INTEG
			bn_muln_low(a0b0, a, b, h);
			bn_muln_low(a1b1, a + h, b + h, h1);
#endif
		} else {
			fp_mul_karat_imp(a0b0, a, b, h, level - 1);
			fp_mul_karat_imp(a1b1, a + h, b + h, h1, level - 1);
		}

		for (i = 0; i < 2 * h; i++) {
			c[i] = a0b0[i];
		}
		for (i = 0; i < 2 * h1 + 1; i++) {
			c[2 * h + i] = a1b1[i];
		}

		/* a1 = (a1 + a0) */
		carry = bn_addn_low(a1, a, a + h, h);
		bn_add1_low(a1 + h, a1 + h, carry, 2);
		if (h1 > h) {
			bn_add1_low(a1 + h, a1 + h, *(a + 2 * h), 2);
		}

		/* b1 = (b1 + b0) */
		carry = bn_addn_low(b1, b, b + h, h);
		bn_add1_low(b1 + h, b1 + h, carry, 2);
		if (h1 > h) {
			bn_add1_low(b1 + h, b1 + h, *(b + 2 * h), 2);
		}

		if (level <= 1) {
			/* t = (a1 + a0)*(b1 + b0) */
#if FP_MUL == BASIC
			for (i = 0; i < h1 + 1; i++) {
				carry = bn_mula_low(t + i, a1, *(b1 + i), h1 + 1);
				*(t + i + h1 + 1) = carry;
			}
#elif FP_MUL == COMBA || FP_MUL == INTEG
			bn_muln_low(t, a1, b1, h1 + 1);
#endif
		} else {
			fp_mul_karat_imp(t, a1, b1, h1 + 1, level - 1);
		}

		/* t = t - (a0*b0 << h digits) */
		carry = bn_subn_low(t, t, a0b0, 2 * h);
		bn_sub1_low(t + 2 * h, t + 2 * h, carry, 2 * (h1 + 1) - 2 * h);

		/* t = t - (a1*b1 << h digits) */
		carry = bn_subn_low(t, t, a1b1, 2 * h1);
		bn_sub1_low(t + 2 * h1, t + 2 * h1, carry, 2 * (h1 + 1) - 2 * h1);

		/* c = c + [(a1 + a0)*(b1 + b0) << digits] */
		c += h;
		carry = bn_addn_low(c, c, t, 2 * (h1 + 1));
		c += 2 * (h1 + 1);
		bn_add1_low(c, c, carry, 2 * size - h - 2 * (h1 + 1));
	}
	CATCH_ANY {
		THROW(ERR_CAUGHT);
	}
	FINALLY {
		dv_free(a1);
		dv_free(b1);
		dv_free(a0b0);
		dv_free(a1b1);
		dv_free(t);
	}
}
Beispiel #24
0
/**
 * Computes the square of a multiple precision integer using recursive Karatsuba
 * squaring.
 *
 * @param[out] c			- the result.
 * @param[in] a				- the prime field element to square.
 * @param[in] size			- the number of digits to square.
 * @param[in] level			- the number of Karatsuba steps to apply.
 */
static void fp_sqr_karat_imp(dv_t c, const fp_t a, int size, int level) {
	int i, h, h1;
	dv_t t0, t1, a0a0, a1a1;
	dig_t carry;

	/* Compute half the digits of a or b. */
	h = size >> 1;
	h1 = size - h;

	dv_null(t0);
	dv_null(t1);
	dv_null(a0a0);
	dv_null(a1a1);

	TRY {
		/* Allocate the temp variables. */
		dv_new(t0);
		dv_new(t1);
		dv_new(a0a0);
		dv_new(a1a1);
		dv_zero(t0, 2 * h1);
		dv_zero(t1, 2 * (h1 + 1));
		dv_zero(a0a0, 2 * h);
		dv_zero(a1a1, 2 * h1);

		if (level <= 1) {
			/* a0a0 = a0 * a0 and a1a1 = a1 * a1 */
#if FP_SQR == BASIC
			for (i = 0; i < h; i++) {
				bn_sqra_low(a0a0 + (2 * i), a + i, h - i);
			}
			for (i = 0; i < h1; i++) {
				bn_sqra_low(a1a1 + (2 * i), a + h + i, h1 - i);
			}
#elif FP_SQR == COMBA || FP_SQR == INTEG
			bn_sqrn_low(a0a0, a, h);
			bn_sqrn_low(a1a1, a + h, h1);
#elif FP_SQR == MULTP
			bn_muln_low(a0a0, a, a, h);
			bn_muln_low(a1a1, a + h, a + h, h1);
#endif
		} else {
			fp_sqr_karat_imp(a0a0, a, h, level - 1);
			fp_sqr_karat_imp(a1a1, a + h, h1, level - 1);
		}

		/* t2 = a1 * a1 << 2*h digits + a0 * a0. */
		for (i = 0; i < 2 * h; i++) {
			c[i] = a0a0[i];
		}
		for (i = 0; i < 2 * h1; i++) {
			c[2 * h + i] = a1a1[i];
		}

		/* t = (a1 + a0) */
		carry = bn_addn_low(t0, a, a + h, h);
		carry = bn_add1_low(t0 + h, t0 + h, carry, 2);
		if (h1 > h) {
			carry = bn_add1_low(t0 + h, t0 + h, *(a + 2 * h), 2);
		}

		if (level <= 1) {
			/* a1a1 = (a1 + a0)*(a1 + a0) */
#if FP_SQR == BASIC
			for (i = 0; i < h1 + 1; i++) {
				bn_sqra_low(t1 + (2 * i), t0 + i, h1 + 1 - i);
			}
#elif FP_SQR == COMBA || FP_SQR == INTEG
			bn_sqrn_low(t1, t0, h1 + 1);
#elif FP_SQR == MULTP
			bn_muln_low(t1, t0, t0, h1 + 1);
#endif
		} else {
			fp_sqr_karat_imp(t1, t0, h1 + 1, level - 1);
		}

		/* t = t - (a0*a0 << h digits) */
		carry = bn_subn_low(t1, t1, a0a0, 2 * h);
		bn_sub1_low(t1 + 2 * h, t1 + 2 * h, carry, 2 * (h1 + 1) - 2 * h);

		/* t = t - (a1*a1 << h digits) */
		carry = bn_subn_low(t1, t1, a1a1, 2 * h1);
		bn_sub1_low(t1 + 2 * h, t1 + 2 * h, carry, 2 * (h1 + 1) - 2 * h);

		/* c = c + [(a1 + a0)*(a1 + a0) << digits] */
		c += h;
		carry = bn_addn_low(c, c, t1, 2 * (h1 + 1));
		c += 2 * (h1 + 1);
		carry = bn_add1_low(c, c, carry, 2 * size - h - 2 * (h1 + 1));
	}
	CATCH_ANY {
		THROW(ERR_CAUGHT);
	}
	FINALLY {
		dv_free(t0);
		dv_free(t1);
		dv_free(a0a0);
		dv_free(a1a1);
	}
}
Beispiel #25
0
void
test_mult(void) {
    bsc_hist_t *H;
    csc_mat_t *M;
    dv_t *x, *x2, *y;
    int i;

    printf("Testing matrix-vector multiplication...");
    fflush(stdout);
    x= dv_new(RC_NCOLS);
    x2= dv_new(RC_NCOLS);
    y= dv_new(RC_NROWS);
    if(!x || !x2 || !y) { perror("dv_new"); abort(); }
    dv_uniform(y, 1.0);

    H= bsc_random(RC_NROWS, RC_NCOLS, RC_NENT, 1);
    M= bsc_normalise(H);
    bsc_hist_destroy(H);

    if(!csc_check(M, 1)) abort();

    mult_csc_dv(x, y, M);

    for(i= 0; i < RC_NCOLS; i++) {
        int j;
        float s= 0.0;

        for(j= M->ci[i]; j < M->ci[i+1]; j++)
            s+= M->entries[j];

        assert(abs(s - x->entries[i]) - PROB_DELTA);
    }
    printf(" done.\n");

#if 0
    printf("Testing strided (%d) matrix-vector multiplication...",
           RC_STRIDE);
    fflush(stdout);
    csc_stride(M, RC_STRIDE);
    if(!csc_check(M, 1)) abort();
    csc_str_mult_nv(x2, y, M);

    for(i= 0; i < x->length; i++)
        assert(x->entries[i] == x2->entries[i]);
    printf(" done.\n");

    printf("Testing strided (%d) collision-free multiplication...",
           RC_STRIDE);
    fflush(stdout);
    csc_make_cfree(M, RC_CFSPAN);
    if(!csc_check(M, 1)) abort();
    csc_mult_cf(x2, y, M);

    for(i= 0; i < x->length; i++)
        assert(x->entries[i] == x2->entries[i]);
    printf(" done.\n");
#endif

    csc_mat_destroy(M);
    dv_destroy(x);
    dv_destroy(x2);
    dv_destroy(y);
}
void fp3_sqr_basic(fp3_t c, fp3_t a) {
	dv_t t0, t1, t2, t3, t4, t5;

	dv_null(t0);
	dv_null(t1);
	dv_null(t2);
	dv_null(t3);
	dv_null(t4);
	dv_null(t5);

	TRY {
		dv_new(t0);
		dv_new(t1);
		dv_new(t2);
		dv_new(t3);
		dv_new(t4);
		dv_new(t5);

		/* t0 = a_0^2. */
		fp_sqrn_low(t0, a[0]);

		/* t1 = 2 * a_1 * a_2. */
		fp_dbl(t2, a[1]);
		fp_muln_low(t1, t2, a[2]);

		/* t2 = a_2^2. */
		fp_sqrn_low(t2, a[2]);

		/* t3 = (a_0 + a_2 + a_1)^2, t4 = (a_0 + a_2 - a_1)^2. */
		fp_add(t3, a[0], a[2]);
		fp_add(t4, t3, a[1]);
		fp_sub(t5, t3, a[1]);
		fp_sqrn_low(t3, t4);
		fp_sqrn_low(t4, t5);

		/* t4 = (t4 + t3)/2. */
		fp_addd_low(t4, t4, t3);
		fp_hlvd_low(t4, t4);

		/* t3 = t3 - t4 - t1. */
		fp_addc_low(t5, t1, t4);
		fp_subc_low(t3, t3, t5);

		/* c_2 = t4 - t0 - t2. */
		fp_addc_low(t5, t0, t2);
		fp_subc_low(t4, t4, t5);
		fp_rdc(c[2], t4);

		/* c_0 = t0 + t1 * B. */
		fp_subc_low(t0, t0, t1);
		for (int i = -1; i > fp_prime_get_cnr(); i--) {
			fp_subc_low(t0, t0, t1);
		}
		fp_rdc(c[0], t0);

		/* c_1 = t3 + t2 * B. */
		fp_subc_low(t3, t3, t2);
		for (int i = -1; i > fp_prime_get_cnr(); i--) {
			fp_subc_low(t3, t3, t2);
		}
		fp_rdc(c[1], t3);
	}
	CATCH_ANY {
		THROW(ERR_CAUGHT);
	}
	FINALLY {
		dv_free(t0);
		dv_free(t1);
		dv_free(t2);
		dv_free(t3);
		dv_free(t4);
		dv_free(t5);
	}
}
Beispiel #27
0
void fb_sqrm_low(dig_t *c, const dig_t *a) {
	dv_t t;

	dv_new(t);
	fb_sqri_low(c, t, a);
}
Beispiel #28
0
/**
 * Assigns the prime field modulus.
 *
 * @param[in] p			- the new prime field modulus.
 */
static void fp_prime_set(const bn_t p) {
	dv_t s, q;
	bn_t t;
	ctx_t *ctx = core_get();

	if (p->used != FP_DIGS) {
		THROW(ERR_NO_VALID);
	}

	dv_null(s);
	bn_null(t);
	dv_null(q);

	TRY {
		dv_new(s);
		bn_new(t);
		dv_new(q);

		bn_copy(&(ctx->prime), p);

		bn_mod_dig(&(ctx->mod8), &(ctx->prime), 8);

		switch (ctx->mod8) {
			case 3:
			case 7:
				ctx->qnr = -1;
				/* The current code for extensions of Fp^3 relies on qnr being
				 * also a cubic non-residue. */
				ctx->cnr = 0;
				break;
			case 1:
			case 5:
				ctx->qnr = ctx->cnr = -2;
				break;
			default:
				ctx->qnr = ctx->cnr = 0;
				THROW(ERR_NO_VALID);
				break;
		}
#ifdef FP_QNRES
		if (ctx->mod8 != 3) {
			THROW(ERR_NO_VALID);
		}
#endif

#if FP_RDC == MONTY || !defined(STRIP)
		bn_mod_pre_monty(t, &(ctx->prime));
		ctx->u = t->dp[0];
		dv_zero(s, 2 * FP_DIGS);
		s[2 * FP_DIGS] = 1;
		dv_zero(q, 2 * FP_DIGS + 1);
		dv_copy(q, ctx->prime.dp, FP_DIGS);
		bn_divn_low(t->dp, ctx->conv.dp, s, 2 * FP_DIGS + 1, q, FP_DIGS);
		ctx->conv.used = FP_DIGS;
		bn_trim(&(ctx->conv));
		bn_set_dig(&(ctx->one), 1);
		bn_lsh(&(ctx->one), &(ctx->one), ctx->prime.used * BN_DIGIT);
		bn_mod(&(ctx->one), &(ctx->one), &(ctx->prime));
#endif
		fp_prime_calc();
	}
	CATCH_ANY {
		THROW(ERR_CAUGHT);
	}
	FINALLY {
		bn_free(t);
		dv_free(s);
		dv_free(q);
	}
}
Beispiel #29
0
/**
 * Multiplies two binary field elements using recursive Karatsuba
 * multiplication.
 *
 * @param[out] c			- the result.
 * @param[in] a				- the first binary field element.
 * @param[in] b				- the second binary field element.
 * @param[in] size			- the number of digits to multiply.
 * @param[in] level			- the number of Karatsuba steps to apply.
 */
static void fb_mul_karat_imp(dv_t c, const fb_t a, const fb_t b, int size,
		int level) {
	int i, h, h1;
	dv_t a1, b1, ab;
	dig_t *a0b0, *a1b1;

	dv_null(a1);
	dv_null(b1);
	dv_null(ab);

	/* Compute half the digits of a or b. */
	h = size >> 1;
	h1 = size - h;

	TRY {
		/* Allocate the temp variables. */
		dv_new(a1);
		dv_new(b1);
		dv_new(ab);
		a0b0 = ab;
		a1b1 = ab + 2 * h;

		/* a0b0 = a0 * b0 and a1b1 = a1 * b1 */
		if (level <= 1) {
#if FB_MUL == BASIC
			fb_mul_basic_imp(a0b0, a, b, h);
			fb_mul_basic_imp(a1b1, a + h, b + h, h1);
#elif FB_MUL == LCOMB
			fb_mul_lcomb_imp(a0b0, a, b, h);
			fb_mul_lcomb_imp(a1b1, a + h, b + h, h1);
#elif FB_MUL == RCOMB
			fb_mul_rcomb_imp(a0b0, a, b, h);
			fb_mul_rcomb_imp(a1b1, a + h, b + h, h1);
#elif FB_MUL == INTEG || FB_MUL == LODAH
			fb_muld_low(a0b0, a, b, h);
			fb_muld_low(a1b1, a + h, b + h, h1);
#endif
		} else {
			fb_mul_karat_imp(a0b0, a, b, h, level - 1);
			fb_mul_karat_imp(a1b1, a + h, b + h, h1, level - 1);
		}

		for (i = 0; i < 2 * size; i++) {
			c[i] = ab[i];
		}

		/* c = c - (a0*b0 << h digits) */
		fb_addd_low(c + h, c + h, a0b0, 2 * h);

		/* c = c - (a1*b1 << h digits) */
		fb_addd_low(c + h, c + h, a1b1, 2 * h1);

		/* a1 = (a1 + a0) */
		fb_addd_low(a1, a, a + h, h);

		/* b1 = (b1 + b0) */
		fb_addd_low(b1, b, b + h, h);

		if (h1 > h) {
			a1[h1 - 1] = a[h + h1 - 1];
			b1[h1 - 1] = b[h + h1 - 1];
		}

		if (level <= 1) {
			/* a1b1 = (a1 + a0)*(b1 + b0) */
#if FB_MUL == BASIC
			fb_mul_basic_imp(a1b1, a1, b1, h1);
#elif FB_MUL == LCOMB
			fb_mul_lcomb_imp(a1b1, a1, b1, h1);
#elif FB_MUL == RCOMB
			fb_mul_rcomb_imp(a1b1, a1, b1, h1);
#elif FB_MUL == INTEG || FB_MUL == LODAH
			fb_muld_low(a1b1, a1, b1, h1);
#endif
		} else {
			fb_mul_karat_imp(a1b1, a1, b1, h1, level - 1);
		}

		/* c = c + [(a1 + a0)*(b1 + b0) << digits] */
		fb_addd_low(c + h, c + h, a1b1, 2 * h1);
	}
	CATCH_ANY {
		THROW(ERR_CAUGHT);
	}
	FINALLY {
		dv_free(a1);
		dv_free(b1);
		dv_free(ab);
	}
}
Beispiel #30
0
void pp_dbl_k2_projc_lazyr(fp2_t l, ep_t r, ep_t p, ep_t q) {
	fp_t t0, t1, t2, t3, t4, t5;
	dv_t u0, u1;

	fp_null(t0);
	fp_null(t1);
	fp_null(t2);
	fp_null(t3);
	fp_null(t4);
	fp_null(t5);
	dv_null(u0);
	dv_null(u1);

	TRY {
		fp_new(t0);
		fp_new(t1);
		fp_new(t2);
		fp_new(t3);
		fp_new(t4);
		fp_new(t5);
		dv_new(u0);
		dv_new(u1);

		/* For these curves, we always can choose a = -3. */
		/* dbl-2001-b formulas: 3M + 5S + 8add + 1*4 + 2*8 + 1*3 */
		/* http://www.hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#doubling-dbl-2001-b */

		/* t0 = delta = z1^2. */
		fp_sqr(t0, p->z);

		/* t1 = gamma = y1^2. */
		fp_sqr(t1, p->y);

		/* t2 = beta = x1 * y1^2. */
		fp_mul(t2, p->x, t1);

		/* t3 = alpha = 3 * (x1 - z1^2) * (x1 + z1^2). */
		fp_sub(t3, p->x, t0);
		fp_add(t4, p->x, t0);
		fp_mul(t4, t3, t4);
		fp_dbl(t3, t4);
		fp_add(t3, t3, t4);

		/* t2 = 4 * beta. */
		fp_dbl(t2, t2);
		fp_dbl(t2, t2);

		/* z3 = (y1 + z1)^2 - gamma - delta. */
		fp_add(r->z, p->y, p->z);
		fp_sqr(r->z, r->z);
		fp_sub(r->z, r->z, t1);
		fp_sub(r->z, r->z, t0);

		/* l0 = 2 * gamma - alpha * (delta * xq + x1). */
		fp_dbl(t1, t1);
		fp_mul(t5, t0, q->x);
		fp_add(t5, t5, p->x);
		fp_mul(t5, t5, t3);
		fp_sub(l[0], t1, t5);

		/* x3 = alpha^2 - 8 * beta. */
		fp_dbl(t5, t2);
		fp_sqr(r->x, t3);
		fp_sub(r->x, r->x, t5);

		/* y3 = alpha * (4 * beta - x3) - 8 * gamma^2. */
		fp_sqrn_low(u0, t1);
		fp_addc_low(u0, u0, u0);
		fp_subm_low(r->y, t2, r->x);
		fp_muln_low(u1, r->y, t3);
		fp_subc_low(u1, u1, u0);
		fp_rdcn_low(r->y, u1);

		/* l1 = - z3 * delta * yq. */
		fp_mul(l[1], r->z, t0);
		fp_mul(l[1], l[1], q->y);

		r->norm = 0;
	}
	CATCH_ANY {
		THROW(ERR_CAUGHT);
	}
	FINALLY {
		fp_free(t0);
		fp_free(t1);
		fp_free(t2);
		fp_free(t3);
		fp_free(t4);
		fp_free(t5);
		dv_free(u0);
		dv_free(u1);
	}
}