void weil(element_t w, element_t g, element_t h)
{
element_t gr;
element_t hs;
element_t r;
element_t s;
element_t z, z0, z1;
element_init(z, Fq2);
element_init(z0, Fq2);
element_init(z1, Fq2);
element_init_same_as(gr, g);
element_init_same_as(hs, h);
element_init_same_as(r, g);
element_init_same_as(s, h);
element_random(r);
element_random(s);
//point_random always takes the same square root
//why not take the other one for once?
element_neg(r, r);
element_set_str(r, "[[40,0],[54,0]]", 0);
element_set_str(s, "[[48,55],[28,51]]", 0);
element_printf("chose R = %B\n", r);
element_printf("chose S = %B\n", s);
element_add(gr, g, r);
element_add(hs, h, s);
element_printf("P+R = %B\n", gr);
element_printf("Q+S = %B\n", hs);
miller(z, gr, r, g, hs);
miller(z0, gr, r, g, s);
element_div(z1, z, z0);
element_printf("num: %B\n", z1);
miller(z, hs, s, h, gr);
miller(z0, hs, s, h, r);
element_div(w, z, z0);
element_printf("denom: %B\n", w);
element_div(w, z1, w);
element_clear(gr);
element_clear(r);
element_clear(hs);
element_clear(s);
element_clear(z);
element_clear(z0);
element_clear(z1);
}
static int fq_set_str(element_ptr e, const char *s, int base) {
const char *cp = s;
element_set0(e);
while (*cp && isspace(*cp)) cp++;
if (*cp++ != '[') return 0;
eptr p = e->data;
cp += element_set_str(p->x, cp, base);
while (*cp && isspace(*cp)) cp++;
if (*cp++ != ',') return 0;
cp += element_set_str(p->y, cp, base);
if (*cp++ != ']') return 0;
return (int)(cp - s);
}
tree_ptr tree_new_z(const char* s) {
element_ptr e = (element_ptr)pbc_malloc(sizeof(*e));
element_init(e, M);
element_set_str(e, s, 0);
tree_ptr t = tree_new(eval_elem);
t->elem = e;
return t;
}
void element_string_from_file(element_t element, char* inputFile){
FILE* fp_element_str_form = fopen(inputFile, "r");
char element_str[2048] = {'\0'};
fgets( element_str, 2048, fp_element_str_form );
int intCount = element_set_str(element, element_str, 10);
//printf("readCount: %d\n%s", intCount, element_str);
fclose(fp_element_str_form);
}
static int curve_set_str(element_ptr e, const char *s, int base) {
point_ptr p = (point_ptr)e->data;
const char *cp = s;
element_set0(e);
while (*cp && isspace(*cp)) cp++;
if (*cp == 'O') {
return cp - s + 1;
}
p->inf_flag = 0;
if (*cp != '[') return 0;
cp++;
cp += element_set_str(p->x, cp, base);
while (*cp && isspace(*cp)) cp++;
if (*cp != ',') return 0;
cp++;
cp += element_set_str(p->y, cp, base);
if (*cp != ']') return 0;
if (!curve_is_valid_point(e)) {
element_set0(e);
return 0;
}
return cp - s + 1;
}
//Called in file encryption function to generate C0,C1,C0',C1' and EK
//returns CT,EK
void EK_CT_generate(char *gamma, int *shared_users, int num_users, unsigned char *pps, ct CT, element_t EK, char *t_str)
{
global_broadcast_params_t gbs;
element_t t;
int j;
//Global Setup of gbs params
setup_global_broadcast_params(&gbs, pps);
element_set_str(gbs->gamma, gamma, PBC_CONVERT_BASE); //it is important to set user gamma here else a random value will be used
//pick a random value of t from Zr
element_init_Zr(t, gbs->pairing);
element_random(t);
element_snprint(t_str,MAX_ELEMENT_LEN,t);
//compute C0=g^t
element_init(CT->OC0, gbs->pairing->G1);
element_pow_zn(CT->OC0, gbs->g, t);
//compute C1=(g^gamma)x(g[num_users+1-j]) for j in all shared users
element_init(CT->OC1, gbs->pairing->G1);
element_pow_zn(CT->OC1, gbs->g, gbs->gamma); //at this step C1 = g^gamma = v as given in paper
for(j=0;j<num_users;j++)
element_mul(CT->OC1, CT->OC1, gbs->gs[(gbs->num_users)-shared_users[j]]);
element_pow_zn(CT->OC1, CT->OC1, t);
//Duplicate C0'=C0
element_init(CT->C0, gbs->pairing->G1);
element_set(CT->C0,CT->OC0);
//Duplicate C1'=C1
element_init(CT->C1, gbs->pairing->G1);
element_set(CT->C1,CT->OC1);
//COMPUTE EK = e(g[n], g[1])^(t)
element_init(EK, gbs->pairing->GT);
element_pairing(EK, gbs->gs[0],gbs->gs[gbs->num_users-1]); //at this step EK = e(g[1],g[n])
element_pow_zn(EK,EK,t); //EK = e(g[1],g[n])^t
//free the memory for global broadcast params
element_clear(t);
FreeGBP(gbs);
return;
}
void setup_global_broadcast_params(global_broadcast_params_t *sys, int num_users)
{
global_broadcast_params_t gbs;
gbs = pbc_malloc(sizeof(struct global_broadcast_params_s));
// Setup curve in gbp
size_t count = strlen(PBC_PAIRING_PARAMS);
if (!count) pbc_die("input error");
if (pairing_init_set_buf(gbs->pairing, PBC_PAIRING_PARAMS, count))
pbc_die("pairing init failed");
gbs->num_users = num_users;
element_t *lgs;
int i;
lgs = pbc_malloc(2 * num_users * sizeof(element_t));
if(!(lgs)) {
printf("\nMalloc Failed\n");
printf("Didn't finish system setup\n\n");
}
//Set g as a chosen public value
element_init(gbs->g, gbs->pairing->G1);
i=element_set_str(gbs->g, PUBLIC_G, PBC_CONVERT_BASE);
//Get alpha from Zp as mentioned in the paper
element_init_Zr(gbs->alpha, gbs->pairing);
element_random(gbs->alpha); //pick random alpha value and later delete from memory
//i=element_set_str(gbs->alpha, PRIVATE_ALPHA, PBC_CONVERT_BASE); //alpha is initialised as secret and later removed from memory
//Make the 0th element equal to g^alpha
element_init(lgs[0], gbs->pairing->G1);
element_pow_zn(lgs[0],gbs->g, gbs->alpha);
//Fill in the gs and the hs arrays
for(i = 1; i < 2*num_users; i++) {
//raise alpha to one more power
element_init(lgs[i], gbs->pairing->G1);
element_pow_zn(lgs[i], lgs[i-1], gbs->alpha);
}
element_clear(lgs[num_users]); //remove g^(alpha^(n+1)) as it can leak info about parameters
//For simplicity & so code was easy to read
gbs->gs = lgs;
*sys = gbs;
}
void fasterweil(element_t w, element_t g, element_t h)
{
element_t hs;
element_t s;
element_t z, z0, z1;
element_init(z, Fq2);
element_init(z0, Fq2);
element_init(z1, Fq2);
element_init_same_as(hs, h);
element_init_same_as(s, h);
element_random(s);
//point_random always takes the same square root
//why not take the other one for once?
element_set_str(s, "[[48,55],[28,51]]", 0);
element_printf("chose S = %B\n", s);
element_add(hs, h, s);
element_printf("Q+S = %B\n", hs);
millertate(z, g, hs);
millertate(z0, g, s);
element_div(z1, z, z0);
element_printf("num: %B\n", z1);
miller(w, hs, s, h, g);
element_printf("denom: %B\n", w);
element_div(w, z1, w);
element_clear(z);
element_clear(z0);
element_clear(z1);
element_clear(hs);
element_clear(s);
}
void fasterweil2(element_t w, element_t g, element_t h)
{
element_t gr;
element_t r;
element_t z, z0, z1;
element_init(z, Fq2);
element_init(z0, Fq2);
element_init(z1, Fq2);
element_init_same_as(gr, g);
element_init_same_as(r, g);
element_random(r);
//point_random always takes the same square root
//why not take the other one for once?
element_set_str(r, "[[48,55],[28,51]]", 0);
element_printf("chose R = %B\n", r);
element_add(gr, g, r);
element_printf("P+R = %B\n", gr);
miller(w, gr, r, g, h);
element_printf("num: %B\n", w);
millertate(z, h, gr);
millertate(z0, h, r);
element_div(z1, z, z0);
element_printf("denom: %B\n", z1);
element_div(w, w, z1);
element_clear(z);
element_clear(z0);
element_clear(z1);
element_clear(gr);
element_clear(r);
}
int main(int argc, char **argv) {
FILE *fpairing, *ftag, *fdata, *fresult, *fplain, *fkey, *fcipher, *fpub;
pairing_t pairing;
paillier_pubkey_t *pub;
paillier_prvkey_t *priv;
element_t g, h, u, sig1, sig2, sig3, temp_pow, m, g1, g2;
element_t public_key, tag, tag_prod;
element_t secret_key;
paillier_get_rand_t get_rand;
paillier_ciphertext_t *cipher1, *cipher2;
paillier_plaintext_t *plain1, *plain2;
mpz_t pub_n, a, b, data2, nsquare;
int count = 0, val=5;
pairing_init_set_str(pairing, param_str);
//mpz_init_set_str(data_sum, "0", 10);
plain1 = (paillier_plaintext_t*) malloc(sizeof(paillier_plaintext_t));
plain2 = (paillier_plaintext_t*) malloc(sizeof(paillier_plaintext_t));
cipher1 = (paillier_ciphertext_t*) malloc(sizeof(paillier_ciphertext_t));
cipher2 = (paillier_ciphertext_t*) malloc(sizeof(paillier_ciphertext_t));
//pbc_demo_pairing_init(pairing, argc, argv);
element_init_G1(g1, pairing);
element_init_G1(g2, pairing);
element_init_G2(g, pairing);
element_init_G2(public_key, pairing);
element_init_G1(u, pairing);
element_init_G1(temp_pow, pairing);
element_init_G2(public_key, pairing);
element_init_G1(h, pairing);
element_init_G1(m, pairing);
element_init_G1(sig1, pairing);
element_init_G1(sig2, pairing);
element_init_G1(sig3, pairing);
element_init_G1(tag, pairing);
element_init_G1(tag_prod, pairing);
element_init_Zr(secret_key, pairing);
// mpz_init(pub_n);
char *len;
mpz_init(a);
mpz_init(b);
mpz_init(data2);
printf("Short signature test\n");
len = (char *)malloc(2048*sizeof(char));
if((fpub = fopen("pub.txt", "r")))
{
pub = (paillier_pubkey_t*) malloc(sizeof(paillier_pubkey_t));
priv = (paillier_prvkey_t*) malloc(sizeof(paillier_prvkey_t));
mpz_init(pub->n_squared);
mpz_init(pub->n);
fgets(len, 1000, fpub);
mpz_init_set_str(pub->p, len, 10);
fgets(len, 1000, fpub);
mpz_init_set_str(pub->q, len, 10);
fgets(len, 1000, fpub);
mpz_init_set_str(pub->n_plusone, len, 10);
//printf("value of nplusone : \n");
//mpz_out_str(stdout, 10, pub->n_plusone);
paillier_keygen(&pub, &priv, get_rand, 0);
pub->bits = mpz_sizeinbase(pub->n, 2);
fclose(fpub);
}
//setting already known pairing parameters
if((fpairing = fopen("pairing.txt", "r")))
{
fgets(len, 1000, fpairing);
//printf("\n %s\n", len);
element_set_str(g, len, 10);
//element_printf(" g = %B\n", g);
fgets(len, 1000, fpairing);
//printf("\n %s\n", len);
element_set_str(u, len, 10);
//element_printf("\n u= %B\n", u);
fgets(len, 1000, fpairing);
element_set_str(secret_key, len, 10);
//element_printf(" secretkey %B\n",secret_key);
fgets(len, 1000, fpairing);
element_set_str(public_key, len, 10);
//element_printf(" publickey %B\n", public_key);
fgets(len, 1000, fpairing);
element_set_str(h, len, 10);
//element_printf(" \nh = %B\n", h);
fgets(len, 1000, fpairing);
mpz_init_set_str(pub_n, len, 10);
//printf("\n n = ");
//mpz_out_str(stdout, 10, pub_n);
fclose(fpairing);
}
element_set1(tag_prod);
ftag = fopen("./tag/output5.txt", "r");
fgets(len, 1000, ftag);
element_set_str(g1, len, 10);
element_printf("\ng1 = %B\n", g1);
fclose(ftag);
ftag = fopen("./tag/output6.txt", "r");
fgets(len, 1000, ftag);
element_set_str(g2, len, 10);
element_printf("\ng2 = %B\n", g2);
fclose(ftag);
fplain = fopen("./split/output5.txt", "r");
fgets(len, 1000, fplain);
// printf("\nlen %s", len);
mpz_set_str(a, len, 10);
//element_printf("\na = %Zd\n", a);
fclose(fplain);
fplain = fopen("./split/output6.txt", "r");
fgets(len, 1000, fplain);
mpz_set_str(b, len, 10);
fcipher = fopen("./cipher/copy1/output5.txt", "r");
fgets(len, 1000, fcipher);
mpz_init_set_str(cipher1->c, len, 10);
fclose(fcipher);
fcipher = fopen("./cipher/copy1/output6.txt", "r");
fgets(len, 1000, fcipher);
mpz_init_set_str(cipher2->c, len, 10);
fclose(fcipher);
paillier_mul(pub, cipher2, cipher2, cipher1);
plain1 = paillier_dec(plain1, pub, priv, cipher2);
//tag
mpz_t an;
mpz_init(an);
mpz_init(nsquare);
// mpz_mul(an, a, pub_n);
mpz_mul(nsquare, pub_n, pub_n);
element_pow_mpz(temp_pow,u, plain1->m);
element_mul(temp_pow, temp_pow, h);
element_pow_zn(sig1, temp_pow, secret_key);
element_printf("\n signature of plain = %B\n", sig1);
//mpz_mul(an, b, pub_n);
// mpz_mul(nsquare, pub_n, pub_n);
element_pow_mpz(temp_pow,u, b);
element_mul(temp_pow, temp_pow, h);
element_pow_zn(sig2, temp_pow, secret_key);
element_printf("\n signature of b = %B\n", sig2);
//element_printf("\nb = %Zd\n", b);
fclose(fplain);
mpz_add(a, a, b);
// mpz_mod(a, a, pub_n);
// mpz_mul(a, a, pub_n);
// mpz_mod(a, a, nsquare);
count = 2;
element_pow_mpz(temp_pow,u, a);
mpz_set_ui(data2, count);
// itoa(count, len, 10);+
//element_printf(" \nh = %B\n", h);
element_pow_mpz(h, h, data2);
element_mul(temp_pow, temp_pow, h);
//element_printf("\n h. u^bN = %B\n", temp_pow);
element_pow_zn(sig3, temp_pow, secret_key);
element_printf("\n sig 3 %B\n", sig3);
element_mul(g2, g2, g1);
element_printf("\n Direct Product %B\n", g2);
element_mul(sig2, sig1, sig2);
element_printf("\n Direct Product %B\n", sig2);
return 0;
}
//============================================
// 楕円曲線の演算テスト
//============================================
void test_arithmetic_operation(const EC_GROUP ec)
{
int i;
unsigned long long int t1, t2;
EC_POINT a, b, c, d;
Element dx, dy;
mpz_t scalar;
//-------------------
// init
//-------------------
point_init(a, ec);
point_init(b, ec);
point_init(c, ec);
point_init(d, ec);
//-------------------
// random
//-------------------
point_random(a);
assert(point_is_on_curve(a));
t1 = rdtsc();
for (i = 0; i < M; i++) { point_random(a); }
t2 = rdtsc();
printf("point random: %.2lf [clock]\n", (double)(t2 - t1) / M);
//-------------------
// add/dob
//-------------------
point_add(b, b, a);
point_add(c, b, c);
assert(point_cmp(b, a) == 0);
assert(point_cmp(c, b) == 0);
point_set_infinity(d);
point_dob(d, d);
assert(point_is_infinity(d));
point_set_str(a, "[6D2E4115FA177379A504A0EE4EF53767DE51C6364AAB69D4064529EC1FD047A 635B2C858AA4F4A3DB8AA17A588B037CAFFD36678F76E3F3369DFC90C6878C7,193E877C82EFCA81EC2815906630B837BBC6976CC8A7958E6A40D1B190FF2E5F E8A77E88AFCEE9F806DC15BF50EADD138320F1A5A87E78DDE86FA7A867300D]");
point_set_str(b, "[1A8F5DAB09EE4290F95FE4C824C153E355D55B6CF94B998C6203FEC3D81377CF 15A19F2704C4BDBAAE39A5E26772A3E4E7EC7A9E205651F8822298766DE044FF,1C566EB3917F06B05E0A786BD8030CAFCCDB62864DD0E2A22A9B6817B310FD53 6A0927BB33EB263F45CAB921A20E67A1BD8A791D6EB0415AC92C9B1F74D16D1]");
point_set_str(d, "[143D414F99AA18C844B331064C9DD66363EBA3D852250CBCF8C9D4B33E0C4C1C 225865D85EC7A34647CA55E026BD1FA201E0C4E8C66F7A43E69AF708F410A0FF,FACA1388C034CF614A72E06EE60DEDC4880CDBD368E5BEC2795130B266FFB9E 1681217E50705AB9A21FEB62E0BF9A5657EB27C3AED3323FE9C57058358735A9]");
point_add(c, a, b);
assert(point_cmp(c, d) == 0);
t1 = rdtsc();
for (i = 0; i < N; i++) { point_add(c, a, b); }
t2 = rdtsc();
printf("point add: %.2lf [clock]\n", (double)(t2 - t1) / N);
element_init(dx, ec->field);
element_init(dy, ec->field);
element_set_str(dx, "33F550F9A63EF53C786BF7BDFDAB1538CD76A3FCED3C9DBC3307DD4F354775A C814AE99C91C71845F0B51E4349520908E48C70181313D70C05F6ED24EC1F36");
element_set_str(dy, "3766ED0DD7C988DB76770081A298DAA924D0E3279726F9B5504129AFA3E57B9 520CE8A563F88AF882AB99086BFDBBDCEF9DE65879AB234DFF5AAFD5BEE7E4F");
point_set_xy(d, dx, dy);
point_dob(c, a);
assert(point_cmp(c, d) == 0);
t1 = rdtsc();
for (i = 0; i < N; i++) { point_dob(c, a); }
t2 = rdtsc();
printf("point dob: %.2lf [clock]\n", (double)(t2 - t1) / N);
element_clear(dx);
element_clear(dy);
//------------------
// neg/sub
//------------------
point_neg(c, a);
point_add(d, a, c);
point_sub(b, a, a);
assert(point_is_infinity(d));
assert(point_is_infinity(b));
//-------------------
// mul
//-------------------
mpz_init(scalar);
mpz_set(scalar, ec->order);
for (i = 0; i < 100; i++)
{
point_random(a);
point_mul(b, scalar, a);
ec_bn254_fp2_mul_end(c, scalar, a);
assert(point_is_infinity(b));
assert(point_cmp(c, b) == 0);
}
t1 = rdtsc();
for (i = 0; i < M; i++) { point_mul(b, scalar, a); }
t2 = rdtsc();
printf("point mul with endomorphism: %.2lf [clock]\n", (double)(t2 - t1) / M);
t1 = rdtsc();
for (i = 0; i < M; i++) { ec_bn254_fp2_mul(b, scalar, a); }
t2 = rdtsc();
printf("point mul with binary method: %.2lf [clock]\n", (double)(t2 - t1) / M);
mpz_clear(scalar);
//-------------------
// clear
//-------------------
point_clear(a);
point_clear(b);
point_clear(c);
point_clear(d);
}
static int mulg_set_str(element_ptr e, const char *s, int base) {
return element_set_str(e->data, s, base);
}
int main() {
// declaring pairing parameters
pairing_t p;
pairing_init_set_str(p, param_str);
FILE *pf;
// declaring elements
element_t C, g1, g2, g3;
// element_init_G1(C, p);
element_init_G1(g1, p);
element_init_G1(g2, p);
char *len;
len = (char *) malloc(1000*sizeof(char));
//element_init_G1(g3, p);
pf = fopen("comp.txt", "r");
fgets(len, 1000,pf);
element_set_str(g1, len, 10);
fclose(pf);
element_printf("g1 = %B\n\n", g1);
pf = fopen("comp1.txt", "r");
fgets(len, 1000,pf);
element_set_str(g2, len, 10);
fclose(pf);
element_printf("g2 = %B\n\n", g2);
element_mul(g2, g2, g1);
element_printf("prod = %B\n\n", g2);
///element_t a, b;
//element_init_Zr(a, p);
//element_init_Zr(b, p);
//int i;
// for(i = 0; i < 10; i++) {
// randomizing elements
// element_random(g1);
// element_random(g2);
// element_random(g3);
//element_random(a);
//element_random(b);
// g1 <- g1 ^ a
//element_pow_zn(g1, g1, a);
// g2 <- g2 ^ b
//element_pow_zn(g2, g2, b);
// C <- g1^a * g2^b
//element_mul(C, g1, g2);
// C <- g1^a * g2^b * g3
//element_mul(C, C, g3);
/*
element_printf("g1 = %B\n", g1);
element_printf("g2 = %B\n", g2);
char buf1[element_length_in_bytes(g1)], buf2[element_length_in_bytes(g2)];
element_to_bytes(buf1, g1);
element_to_bytes(buf2, g2);
pf = fopen("comp.txt", "w");
element_fprintf(pf, "%s", buf1);
fclose(pf);
pf = fopen("comp1.txt", "w");
element_fprintf(pf, "%s", buf2);
fclose(pf);
element_mul(g2, g2, g1);
element_printf("prod = %B\n", g2);
// element_from_bytes(C, buf);
//element_printf("C = %B\n\n", C);
// }
*/
// element_clear(C);
element_clear(g1);
// element_clear(g2);
//element_clear(g3);
//element_clear(a);
//element_clear(b);
pairing_clear(p);
return 0;
}
//============================================
// 四則演算のテストプログラム
//============================================
void test_arithmetic_operation(Field f)
{
int i;
unsigned long long int t1, t2;
Element a, b, c, d;
Element d1, d2, d3;
mpz_t exp;
//--------------------
// init
//--------------------
element_init(a, f);
element_init(b, f);
element_init(c, f);
element_init(d, f);
element_init(d1, f->base);
element_init(d2, f->base);
element_init(d3, f->base);
//--------------------
// add
//--------------------
element_set_str(a, "17A767D1D0F35B9B2CE7CF00A9D036B7E087E24F1CBFFEF8C599F75DFDAD470B 107B87895D05703A57532E47A7BD8CA9C6406B5378C7E81F064749BB848490B2 44C128CE2774FC5C7022584909212BAB973CE5CA964D1B6A0ED9CCED1FA77DD 61C632B1BA796F688FF4A04475242B4116296B8A873B6C535C090278D88A7DB 685D0DA4D199864C925BAC4FD9EDBC9522367F43054E28E4E529A0FBF9BA604 7533624DC55FB89EDD5417E8F7E88E0B4A1F4CABD11353BEB3BD55FB62E7555");
element_set_str(b, "19A7AA060E14E19A21FEF364C2BA8C3015EE7951DC51B928A55CE8C77E8998D9 43D2B55CCF3C20793C1402EE521F63E0DA933666152D14E6B35670281BB24E7 1A27F4DA83812A83B3189BAA7B9CB92F8401337F9334D9E155F66F31F33DE5DC 189A48DEB41106F112E6CCC46C55110E9BCF02C2B727B373CC6E46F3F80147F5 1A6243EC30C85C55E948EFF298055B8B5991E3CBD578CAB7DF4C1E52427329B7 2331BDFFF829F8D50BC7FD2BEF8607985B8C3F4805BA05F0F5CAB75DAD1E0194");
element_set_str(d, "DDE16D341C72D770070A7CCE5A5C0A679741C60E111B81FEC7680257C36DFE3 14B8B2DF29F93241EB146E768CDF82E7D3E99EB9DA1AB96D717CB0BE063FB599 1E74076765F87A497A1AC12F0C2ECBEA3D7501DC3C99AB97F6E40C00C5385DB9 1EB6AC09CFB89DE79BE616C8B3A753C2AD31997B5F9B6A39022ED71B8589EFD0 20E814C67DE1F4BAB26EAAB795A43754ABB54BC005CDAD462D9EB862020ECFBB 713F920373EE4A0AB272411F81F8E37932BF4D2AACB3B2B62862CBD634C76E8");
element_add(c, a, b);
assert(element_cmp(c, d) == 0);
t1 = rdtsc();
for (i = 0; i < N; i++) { element_add(c, a, b); }
t2 = rdtsc();
printf("element add: %.2lf [clock]\n", (double)(t2 - t1) / N);
//--------------------
// sub
//--------------------
element_set(d, c);
element_sub(c, c, d);
assert(element_is_zero(c));
//--------------------
// mul
//--------------------
element_mul(c, a, b);
element_set_str(d1, "12B60569C8620CA5D70141D319878E5B060A4AA80413BEC52B5173D61E8A3387 1EF2082B9DCA3ABF201AA99B0230714369969A04C6064A7E9288B9551F95CA36");
element_set_str(d2, "17B103CB3F5567B2C3A06E07CD31923CD87D72406E23B25B5066E61D029991F1 1791B2FB67A6FE4BC47F7719F2B5720ED863499E582E787A3EE2F513B4BDB4CF");
element_set_str(d3, "2264428EB266F97E47163B2BE433146D0D5FBD32F6552D6079B4D85719F10635 14418C5689124B593F626719E1A07B7D0A2DA48E5BFEC13BDE16F0B8CC521F9B");
element_set(((Element *)d->data)[0], d1);
element_set(((Element *)d->data)[1], d2);
element_set(((Element *)d->data)[2], d3);
assert(element_cmp(c, d) == 0);
t1 = rdtsc();
for (i = 0; i < N; i++) { element_mul(c, a, b); }
t2 = rdtsc();
printf("element mul: %.2lf [clock]\n", (double)(t2 - t1) / N);
//--------------------
// sqr
//--------------------
element_sqr(c, a);
element_mul(d, a, a);
assert(element_cmp(c, d) == 0);
t1 = rdtsc();
for (i = 0; i < N; i++) { element_sqr(c, a); }
t2 = rdtsc();
printf("element sqr: %.2lf [clock]\n", (double)(t2 - t1) / N);
//--------------------
// random
//--------------------
element_random(b);
//--------------------
// inv
//--------------------
element_mul(c, a, b);
element_inv(b, b);
element_mul(c, c, b);
element_inv(d, a);
element_mul(d, a, d);
assert(element_cmp(c, a) == 0);
assert(element_is_one(d));
t1 = rdtsc();
for (i = 0; i < N; i++) { element_inv(c, a); }
t2 = rdtsc();
printf("element inv: %.2lf [clock]\n", (double)(t2 - t1) / N);
//--------------------
// pow
//--------------------
mpz_init(exp);
mpz_set_str(exp, "AA4A2EE5234E0E95E8BB01F6B4A67F0EE8F2ADC1AA153C48D163AA85F3F534C", 16);
element_pow(c, a, exp);
element_set_str(d, "1CE3C3F32AC26429F4B8CDA845C051A4E88297DCCF33466FE03DDBCB06D7F83C 12AB1B1C4204A483CB230C3A25F3D3498CBC006D7DFF3F9D3565544BF09EEECD 16449675C385AA37E54DC18FABD35B84D1714E22991BEBD5CE7EFFBBEB110517 4B8B39A2E4C86D3BBD58B771A220F62E988136ECBB92D1213B3D268152A4E14 5C3CF6A5663F06A4F805674B29A6D2D7B9F0A8DA7E366EC239420E78B5BFAB6 C762C8ECC272929A992D55227F9C2927A04731122265C0E217B9B47AF524AA1");
assert(element_cmp(c, d) == 0);
mpz_set(exp, f->order);
for (i = 0; i < 50; i++)
{
element_random(a);
element_pow(b, a, exp);
assert(element_cmp(b, a) == 0);
}
t1 = rdtsc();
for (i = 0; i < M; i++) { element_pow(b, a, exp); }
t2 = rdtsc();
printf("element pow with order: %.2lf [clock]\n", (double)(t2 - t1) / M);
mpz_clear(exp);
//--------------------
// clear
//--------------------
element_clear(a);
element_clear(b);
element_clear(c);
element_clear(d);
element_clear(d1);
element_clear(d2);
element_clear(d3);
}
//============================================
// 入出力のテストプログラム
//============================================
void test_io(Field f)
{
int i;
unsigned long long int t1, t2;
char a_str[390];
size_t blen;
unsigned char b_str[192];
Element a, b, c;
element_init(a, f);
element_init(b, f);
element_init(c, f);
for (i = 0; i < 100; i++)
{
element_random(a);
element_get_str(a_str, a);
element_set_str(c, a_str);
assert(element_cmp(a, c) == 0);
}
t1 = rdtsc();
for (i = 0; i < N; i++) { element_get_str(a_str, a); }
t2 = rdtsc();
printf("element get string: %.2lf [clock]\n", (double)(t2 - t1) / N);
t1 = rdtsc();
for (i = 0; i < N; i++) { element_set_str(c, a_str); }
t2 = rdtsc();
printf("element set string: %.2lf [clock]\n", (double)(t2 - t1) / N);
for (i = 0; i < 100; i++)
{
element_random(b);
element_to_oct(b_str, &blen, b);
element_from_oct(c, b_str, blen);
assert(element_cmp(b, c) == 0);
}
t1 = rdtsc();
for (i = 0; i < N; i++) { element_to_oct(b_str, &blen, b); }
t2 = rdtsc();
printf("element to octet string: %.2lf [clock]\n", (double)(t2 - t1) / N);
t1 = rdtsc();
for (i = 0; i < N; i++) { element_from_oct(c, b_str, blen); }
t2 = rdtsc();
printf("element from octet string: %.2lf [clock]\n", (double)(t2 - t1) / N);
element_clear(a);
element_clear(b);
element_clear(c);
}
int main(void)
{
int i;
element_t g, h;
element_t w0, w1;
element_t a, b;
mpz_t prime, cofac;
mpz_init(prime);
mpz_init(order);
mpz_init(cofac);
mpz_set_ui(prime, 59);
field_init_fp(Fq, prime);
element_init(a, Fq);
element_init(b, Fq);
field_init_fi(Fq2, Fq);
element_set1(a);
element_set0(b);
mpz_set_ui(order, 5);
mpz_set_ui(cofac, 12);
field_init_curve_ab(E, a, b, order, cofac);
element_clear(a);
element_clear(b);
element_init(a, Fq2);
element_init(b, Fq2);
element_set1(a);
element_set0(b);
mpz_mul(cofac, cofac, cofac);
field_init_curve_ab(E2, a, b, order, NULL);
element_init(g, E2);
element_init(h, E2);
element_init(w0, Fq2);
element_init(w1, Fq2);
/*
do {
element_random(g);
} while (element_is1(g));
for (i=1; i<5; i++) {
element_mul(h, h, g);
element_printf("%d: %B\n", i, h);
element_printf("tangent = ");
do_tangent(h);
}
*/
element_set_str(g, "[[25,0],[30,0]", 0);
element_set_str(h, "[[34,0],[0,30]", 0);
weil(w0, g, h);
element_printf("weil: %B\n", w0);
element_set1(w1);
for (i=1; i<6; i++) {
element_mul(w1, w1, w0);
element_printf("%d: %B\n", i, w1);
}
fasterweil(w0, g, h);
element_printf("fasterweil: %B\n", w0);
element_set1(w1);
for (i=1; i<6; i++) {
element_mul(w1, w1, w0);
element_printf("%d: %B\n", i, w1);
}
fasterweil2(w0, g, h);
element_printf("fasterweil2: %B\n", w0);
tate(w0, g, h);
element_printf("tate: %B\n", w0);
element_set1(w1);
for (i=1; i<6; i++) {
element_mul(w1, w1, w0);
element_printf("%d: %B\n", i, w1);
}
shipseystange(w0, g, h);
element_printf("ss-tate: %B\n", w0);
element_set1(w1);
for (i=1; i<6; i++) {
element_mul(w1, w1, w0);
element_printf("%d: %B\n", i, w1);
}
return 0;
}
//============================================
// 四則演算のテストプログラム
//============================================
void test_arithmetic_operation(Field f)
{
int i;
unsigned long long int t1, t2;
Element a, b, c, d;
char loop[] = "100";
mpz_t e, exp;
//--------------------
// init
//--------------------
element_init(a, f);
element_init(b, f);
element_init(c, f);
element_init(d, f);
//--------------------
// add
//--------------------
element_set_str(a, "1C12C39A2AD14054EDC9EE504301127AFFEEAADC59A78B50FCFFED87AC6EB8BF 20E1A922384561EA82602CD664D85D442DAC5D391E142ABB3CFEC2A095C22DF9");
element_set_str(b, "F1B91250A124F268B8239185B23B31EB25179A11A9A0398E61B701F7D4F7265 20D206C5F7D007EDBA34A4B041622289D64F04CA28CEAC490619585AA14F7B2F");
element_set_str(d, "7BD59BA97A27FBD2AD60CD0173FC358353DE53D5C418EE8649AFDA729BE2B23 1E42B4E392D45A19EE1EB6EE1F557D8C86F922C32EE2D702C497BAFB3711A927");
element_add(c, a, b);
assert(element_cmp(c, d) == 0);
t1 = rdtsc();
for (i = 0; i < N; i++) { element_add(c, a, b); }
t2 = rdtsc();
printf("element add: %.2lf [clock]\n", (double)(t2 - t1) / N);
//--------------------
// sub
//--------------------
element_set(d, c);
element_sub(c, c, d);
assert(element_is_zero(c));
//--------------------
// mul
//--------------------
element_mul(c, a, b);
element_set_str(d, "1D0562FF0AB317FFDE555320A7072D2B29C07077E08996CE5F093BB8E4200B2C 9B04361A24DC7F37C8BD09A7C51A9D8577168AD021BF2B4AC3D67552F481B1A");
assert(element_cmp(c, d) == 0);
t1 = rdtsc();
for (i = 0; i < N; i++) { element_mul(c, a, b); }
t2 = rdtsc();
printf("element mul: %.2lf [clock]\n", (double)(t2 - t1) / N);
mpz_init_set_str(e, "1B45F16C848B9C476C1D2FF1FD60A0D0C19BBA6F3ECE3CF6C5FCE4FAB7CAD4FF", 16);
element_pow(c, a, e);
element_set_str(d, "B40190CE812CB4F668A839952128D19B1748F3BB19E902480D089AF9053A6D2 19DA59F09C3C20472C3BD19A4FC95BCAF266B9D1539AAD23E3C67C4F3A7CA51D");
assert(element_cmp(c, d) == 0);
mpz_clear(e);
//--------------------
// sqr
//--------------------
element_sqr(c, a);
element_mul(d, a, a);
assert(element_cmp(c, d) == 0);
t1 = rdtsc();
for (i = 0; i < N; i++) { element_sqr(c, a); }
t2 = rdtsc();
printf("element sqr: %.2lf [clock]\n", (double)(t2 - t1) / N);
//--------------------
// random
//--------------------
element_random(a);
element_random(b);
//--------------------
// inv
//--------------------
element_mul(c, a, b);
element_inv(b, b);
element_mul(c, c, b);
element_inv(d, a);
element_mul(d, a, d);
assert(element_cmp(c, a) == 0);
assert(element_is_one(d));
t1 = rdtsc();
for (i = 0; i < N; i++) { element_inv(b, a); }
t2 = rdtsc();
printf("element inv: %.2lf [clock]\n", (double)(t2 - t1) / N);
//--------------------
// pow
//--------------------
mpz_init_set_str(exp, loop, 10);
element_set_one(b);
for (i = 0; i < atoi(loop); i++) { element_mul(b, b, a); }
element_pow(c, a, exp);
assert(element_cmp(b, c) == 0);
mpz_set(exp, f->order);
for (i = 0; i < 100; i++)
{
element_random(a);
element_pow(b, a, exp);
assert(element_cmp(b, a) == 0);
}
t1 = rdtsc();
for (i = 0; i < N; i++) { element_pow(b, a, exp); }
t2 = rdtsc();
printf("element pow with order: %.2lf [clock]\n", (double)(t2 - t1) / N);
mpz_clear(exp);
//--------------------
// clear
//--------------------
element_clear(a);
element_clear(b);
element_clear(c);
element_clear(d);
}