int PFC::precomp_for_mult(G2& w,BOOL small) { ECn3 v; ZZn3 x,y; int i,j,k,bp,is,t; if (small) t=MR_ROUNDUP(2*S,WINDOW_SIZE); else t=MR_ROUNDUP(bits(*ord),WINDOW_SIZE); w.g.norm(); v=w.g; w.mtable=new ECn3[1<<WINDOW_SIZE]; v.norm(); w.mtable[1]=v; w.mtbits=t; for (j=0;j<t;j++) v+=v; k=1; for (i=2;i<(1<<WINDOW_SIZE);i++) { if (i==(1<<k)) { k++; v.norm(); w.mtable[i]=v; for (j=0;j<t;j++) v+=v; continue; } bp=1; for (j=0;j<k;j++) { if (i&bp) { is=1<<j; w.mtable[i]+=w.mtable[is]; } bp<<=1; } w.mtable[i].norm(); } return (1<<WINDOW_SIZE); }
BOOL ate(ECn3& Q,ECn& P,Big &x,ZZn2& X,ZZn6& res) { int i,j,n,nb,nbw,nzs; ECn3 A; ZZn Px,Py; ZZn6 w; Big q=x*x-x+1; #ifdef MR_COUNT_OPS fpc=fpa=fpx=0; #endif normalise(P); #ifdef PROJECTIVE Q.norm(); #endif extract(P,Px,Py); Px+=Px; // because x^6+2 is irreducible.. simplifies line function calculation Py+=Py; res=1; A=Q; // reset A nb=bits(x); res.mark_as_miller(); for (i=nb-2;i>=0;i--) { res*=res; res*=g(A,A,Px,Py); if (bit(x,i)==1) res*=g(A,Q,Px,Py); if (res.iszero()) return FALSE; } #ifdef MR_COUNT_OPS printf("After Miller fpc= %d fpa= %d fpx= %d\n",fpc,fpa,fpx); #endif // if (!A.iszero() || res.iszero()) return FALSE; w=res; w.powq(X); res*=w; // ^(p+1) w=res; w.powq(X); w.powq(X); w.powq(X); res=w/res; // ^(p^3-1) // exploit the clever "trick" for a half-length exponentiation! res.mark_as_unitary(); w=res; res.powq(X); // res*=res; // res=pow(res,CF); if (x<0) res/=powu(w,-x); else res*=powu(w,x); #ifdef MR_COUNT_OPS printf("After pairing fpc= %d fpa= %d fpx= %d\n",fpc,fpa,fpx); fpa=fpc=fpx=0; #endif if (res==(ZZn6)1) return FALSE; return TRUE; }