Example #1
0
void field_init_curve_b(field_ptr f, element_ptr b, mpz_t order, mpz_t cofac) {
  element_t a;
  element_init(a, b->field);
  field_init_curve_ab(f, a, b, order, cofac);

  element_clear(a);
}
Example #2
0
void field_init_curve_ab_map(field_t cnew, field_t c,
    fieldmap map, field_ptr mapdest,
    mpz_t ordernew, mpz_t cofacnew) {
  element_t a, b;
  curve_data_ptr cdp = (curve_data_ptr)c->data;

  element_init(a, mapdest);
  element_init(b, mapdest);

  map(a, cdp->a);
  map(b, cdp->b);

  field_init_curve_ab(cnew, a, b, ordernew, cofacnew);
  element_clear(a);
  element_clear(b);
}
Example #3
0
// Requires j != 0, 1728.
void field_init_curve_j(field_ptr f, element_ptr j, mpz_t order, mpz_t cofac) {
  element_t a, b;
  element_init(a, j->field);
  element_init(b, j->field);

  element_set_si(a, 1728);
  element_sub(a, a, j);
  element_invert(a, a);
  element_mul(a, a, j);

  //b = 2 j / (1728 - j)
  element_add(b, a, a);
  //a = 3 j / (1728 - j)
  element_add(a, a, b);
  field_init_curve_ab(f, a, b, order, cofac);

  element_clear(a);
  element_clear(b);
}
Example #4
0
static void e_init_pairing(pairing_t pairing, void *data) {
  e_param_ptr param = data;
  e_pairing_data_ptr p;
  element_t a, b;

  mpz_init(pairing->r);
  mpz_set(pairing->r, param->r);
  field_init_fp(pairing->Zr, pairing->r);
  pairing->map = e_pairing;
  e_miller_fn = e_miller_proj;

  p = pairing->data = pbc_malloc(sizeof(e_pairing_data_t));
  p->exp2 = param->exp2;
  p->exp1 = param->exp1;
  p->sign1 = param->sign1;
  p->sign0 = param->sign0;
  field_init_fp(p->Fq, param->q);
  element_init(a, p->Fq);
  element_init(b, p->Fq);
  element_set_mpz(a, param->a);
  element_set_mpz(b, param->b);
  field_init_curve_ab(p->Eq, a, b, pairing->r, param->h);

  //k=1, hence phikonr = (p-1)/r
  mpz_init(pairing->phikonr);
  mpz_sub_ui(pairing->phikonr, p->Fq->order, 1);
  mpz_divexact(pairing->phikonr, pairing->phikonr, pairing->r);

  pairing->G2 = pairing->G1 = p->Eq;
  pairing_GT_init(pairing, p->Fq);
  pairing->finalpow = e_finalpow;
  pairing->phi = phi_identity;
  pairing->option_set = e_pairing_option_set;
  pairing->clear_func = e_pairing_clear;

  element_init(p->R, p->Eq);
  curve_set_gen_no_cofac(p->R);

  element_clear(a);
  element_clear(b);
}
Example #5
0
File: 19.c Project: blynn/pbc 
int main(void) {
  field_t c;
  field_t Z19;
  element_t P, Q, R;
  mpz_t q, z;
  element_t a, b;
  int i;

  field_t Z19_2;
  field_t c2;
  element_t P2, Q2, R2;
  element_t a2;

  mpz_init(q);
  mpz_init(z);

  mpz_set_ui(q, 19);

  field_init_fp(Z19, q);
  element_init(a, Z19);
  element_init(b, Z19);

  element_set_si(a, 1);
  element_set_si(b, 6);

  mpz_set_ui(q, 18);
  field_init_curve_ab(c, a, b, q, NULL);
  element_init(P, c);
  element_init(Q, c);
  element_init(R, c);

  printf("Y^2 = X^3 + X + 6 over F_19\n");
  //(0,+/-5) is a generator
  element_set0(a);
  curve_from_x(R, a);

  for (i=1; i<19; i++) {
    mpz_set_si(z, i);
    element_mul_mpz(Q, R, z);
    element_printf("%dR = %B\n", i, Q);
  }

  mpz_set_ui(z, 6);
  element_mul_mpz(P, R, z);
  //P has order 3
  element_printf("P = %B\n", P);

  for (i=1; i<=3; i++) {
    mpz_set_si(z, i);
    element_mul_mpz(Q, R, z);
    tate_3(a, P, Q, R);
    element_printf("e_3(P,%dR) = %B\n", i, a);
  }

  element_double(P, R);
  //P has order 9
  element_printf("P = %B\n", P);
  for (i=1; i<=9; i++) {
    mpz_set_si(z, i);
    //we're supposed to use multiples of R
    //but 2R works just as well and it allows us
    //to use R as the offset every time
    element_mul_mpz(Q, P, z);
    tate_9(a, P, Q, R);
    element_printf("e_9(P,%dP) = %B\n", i, a);
  }

  //to do the pairing on all of E(F_19) we need to move to F_19^2
  //or compute the rational function explicitly
  printf("moving to F_19^2\n");
  field_init_fi(Z19_2, Z19);

  //don't need to tell it the real order
  field_init_curve_ab_map(c2, c, element_field_to_fi, Z19_2, q, NULL);
  element_init(P2, c2);
  element_init(Q2, c2);
  element_init(R2, c2);

  element_init(a2, Z19_2);
  element_set0(a2);
  curve_from_x(P2, a2);

  element_random(R2);

  element_printf("P = %B\n", P2);

  for (i=1; i<=18; i++) {
    mpz_set_si(z, i);
    element_mul_mpz(Q2, P2, z);
    tate_18(a2, P2, Q2, R2, P2);
    element_printf("e_18(P,%dP) = %B\n", i, a2);
  }

  element_clear(P2);
  element_clear(Q2);
  element_clear(R2);
  element_clear(a2);
  field_clear(c2);
  field_clear(Z19_2);

  field_clear(c);
  element_clear(a);
  element_clear(b);
  element_clear(P);
  element_clear(Q);
  element_clear(R);
  field_clear(Z19);

  mpz_clear(q);
  mpz_clear(z);
  return 0;
}
Example #6
0
int main(void)
{
    int i;
    element_t g, h;
    element_t w0, w1;
    element_t a, b;
    mpz_t prime, cofac;

    mpz_init(prime);
    mpz_init(order);
    mpz_init(cofac);
    mpz_set_ui(prime, 59);

    field_init_fp(Fq, prime);

    element_init(a, Fq);
    element_init(b, Fq);

    field_init_fi(Fq2, Fq);

    element_set1(a);
    element_set0(b);
    mpz_set_ui(order, 5);
    mpz_set_ui(cofac, 12);

    field_init_curve_ab(E, a, b, order, cofac);

    element_clear(a);
    element_clear(b);
    element_init(a, Fq2);
    element_init(b, Fq2);
    element_set1(a);
    element_set0(b);

    mpz_mul(cofac, cofac, cofac);
    field_init_curve_ab(E2, a, b, order, NULL);

    element_init(g, E2);
    element_init(h, E2);

    element_init(w0, Fq2);
    element_init(w1, Fq2);

    /*
    do {
	element_random(g);
    } while (element_is1(g));
    for (i=1; i<5; i++) {
	element_mul(h, h, g);
	element_printf("%d: %B\n", i, h);
	element_printf("tangent = ");
	do_tangent(h);
    }
    */
    element_set_str(g, "[[25,0],[30,0]", 0);
    element_set_str(h, "[[34,0],[0,30]", 0);
    weil(w0, g, h);
    element_printf("weil: %B\n", w0);

    element_set1(w1);
    for (i=1; i<6; i++) {
	element_mul(w1, w1, w0);
	element_printf("%d: %B\n", i, w1);
    }

    fasterweil(w0, g, h);
    element_printf("fasterweil: %B\n", w0);

    element_set1(w1);
    for (i=1; i<6; i++) {
	element_mul(w1, w1, w0);
	element_printf("%d: %B\n", i, w1);
    }

    fasterweil2(w0, g, h);
    element_printf("fasterweil2: %B\n", w0);

    tate(w0, g, h);
    element_printf("tate: %B\n", w0);

    element_set1(w1);
    for (i=1; i<6; i++) {
	element_mul(w1, w1, w0);
	element_printf("%d: %B\n", i, w1);
    }

    shipseystange(w0, g, h);
    element_printf("ss-tate: %B\n", w0);

    element_set1(w1);
    for (i=1; i<6; i++) {
	element_mul(w1, w1, w0);
	element_printf("%d: %B\n", i, w1);
    }
    return 0;
}
Example #7
0
File: f_param.c Project: blynn/pbc 
static void f_init_pairing(pairing_t pairing, void *data) {
  f_param_ptr param = data;
  f_pairing_data_ptr p;
  element_t irred;
  element_t e0, e1, e2;
  p = pairing->data = pbc_malloc(sizeof(f_pairing_data_t));
  mpz_init(pairing->r);
  mpz_set(pairing->r, param->r);
  field_init_fp(pairing->Zr, pairing->r);
  field_init_fp(p->Fq, param->q);
  p->Fq->nqr = pbc_malloc(sizeof(element_t));
  element_init(p->Fq->nqr, p->Fq);
  element_set_mpz(p->Fq->nqr, param->beta);
  field_init_quadratic(p->Fq2, p->Fq);
  field_init_poly(p->Fq2x, p->Fq2);
  element_init(irred, p->Fq2x);
  // Call poly_set_coeff1() first so we can use element_item() for the other
  // coefficients.
  poly_set_coeff1(irred, 6);

  element_init(p->negalpha, p->Fq2);
  element_init(p->negalphainv, p->Fq2);
  element_set_mpz(element_x(p->negalpha), param->alpha0);
  element_set_mpz(element_y(p->negalpha), param->alpha1);

  element_set(element_item(irred, 0), p->negalpha);
  field_init_polymod(p->Fq12, irred);
  element_neg(p->negalpha, p->negalpha);
  element_invert(p->negalphainv, p->negalpha);
  element_clear(irred);

  element_init(e0, p->Fq);
  element_init(e1, p->Fq);
  element_init(e2, p->Fq2);

  // Initialize the curve Y^2 = X^3 + b.
  element_set_mpz(e1, param->b);
  field_init_curve_ab(p->Eq, e0, e1, pairing->r, NULL);

  // Initialize the curve Y^2 = X^3 - alpha0 b - alpha1 sqrt(beta) b.
  element_set_mpz(e0, param->alpha0);
  element_neg(e0, e0);
  element_mul(element_x(e2), e0, e1);
  element_set_mpz(e0, param->alpha1);
  element_neg(e0, e0);
  element_mul(element_y(e2), e0, e1);
  element_clear(e0);
  element_init(e0, p->Fq2);
  field_init_curve_ab(p->Etwist, e0, e2, pairing->r, NULL);
  element_clear(e0);
  element_clear(e1);
  element_clear(e2);

  mpz_t ndonr;
  mpz_init(ndonr);
  // ndonr temporarily holds the trace.
  mpz_sub(ndonr, param->q, param->r);
  mpz_add_ui(ndonr, ndonr, 1);
  // TODO: We can use a smaller quotient_cmp, but I have to figure out
  // BN curves again.
  pbc_mpz_curve_order_extn(ndonr, param->q, ndonr, 12);
  mpz_divexact(ndonr, ndonr, param->r);
  mpz_divexact(ndonr, ndonr, param->r);
  field_curve_set_quotient_cmp(p->Etwist, ndonr);
  mpz_clear(ndonr);

  pairing->G1 = p->Eq;
  pairing->G2 = p->Etwist;
  pairing_GT_init(pairing, p->Fq12);
  pairing->finalpow = f_finalpow;
  pairing->map = f_pairing;
  pairing->clear_func = f_pairing_clear;

  mpz_init(p->tateexp);
  /* unoptimized tate exponent
  mpz_pow_ui(p->tateexp, param->q, 12);
  mpz_sub_ui(p->tateexp, p->tateexp, 1);
  mpz_divexact(p->tateexp, p->tateexp, param->r);
  */
  mpz_ptr z = p->tateexp;
  mpz_mul(z, param->q, param->q);
  mpz_sub_ui(z, z, 1);
  mpz_mul(z, z, param->q);
  mpz_mul(z, z, param->q);
  mpz_add_ui(z, z, 1);
  mpz_divexact(z, z, param->r);

  element_init(p->xpowq2, p->Fq2);
  element_init(p->xpowq6, p->Fq2);
  element_init(p->xpowq8, p->Fq2);
  element_t xpowq;
  element_init(xpowq, p->Fq12);

  //there are smarter ways since we know q = 1 mod 6
  //and that x^6 = -alpha
  //but this is fast enough
  element_set1(element_item(xpowq, 1));
  element_pow_mpz(xpowq, xpowq, param->q);
  element_pow_mpz(xpowq, xpowq, param->q);
  element_set(p->xpowq2, element_item(xpowq, 1));

  element_pow_mpz(xpowq, xpowq, param->q);
  element_pow_mpz(xpowq, xpowq, param->q);
  element_pow_mpz(xpowq, xpowq, param->q);
  element_pow_mpz(xpowq, xpowq, param->q);
  element_set(p->xpowq6, element_item(xpowq, 1));

  element_pow_mpz(xpowq, xpowq, param->q);
  element_pow_mpz(xpowq, xpowq, param->q);
  element_set(p->xpowq8, element_item(xpowq, 1));

  element_clear(xpowq);
}
Example #8
0
File: d_param.c Project: blynn/pbc 
static void d_init_pairing(pairing_ptr pairing, void *data) {
  d_param_ptr param = data;
  pptr p;
  element_t a, b;
  element_t irred;
  int d = param->k / 2;
  int i;

  if (param->k % 2) pbc_die("k must be even");

  mpz_init(pairing->r);
  mpz_set(pairing->r, param->r);
  field_init_fp(pairing->Zr, pairing->r);
  pairing->map = cc_pairing;
  pairing->prod_pairings = cc_pairings_affine;
  pairing->is_almost_coddh = cc_is_almost_coddh;

  p = pairing->data = pbc_malloc(sizeof(*p));
  field_init_fp(p->Fq, param->q);
  element_init(a, p->Fq);
  element_init(b, p->Fq);
  element_set_mpz(a, param->a);
  element_set_mpz(b, param->b);
  field_init_curve_ab(p->Eq, a, b, pairing->r, param->h);

  field_init_poly(p->Fqx, p->Fq);
  element_init(irred, p->Fqx);
  poly_set_coeff1(irred, d);
  for (i = 0; i < d; i++) {
    element_set_mpz(element_item(irred, i), param->coeff[i]);
  }

  field_init_polymod(p->Fqd, irred);
  element_clear(irred);

  p->Fqd->nqr = pbc_malloc(sizeof(element_t));
  element_init(p->Fqd->nqr, p->Fqd);
  element_set_mpz(((element_t *) p->Fqd->nqr->data)[0], param->nqr);

  field_init_quadratic(p->Fqk, p->Fqd);

  // Compute constants involved in the final powering.
  if (param->k == 6) {
    mpz_ptr q = param->q;
    mpz_ptr z = pairing->phikonr;
    mpz_init(z);
    mpz_mul(z, q, q);
    mpz_sub(z, z, q);
    mpz_add_ui(z, z, 1);
    mpz_divexact(z, z, pairing->r);

    element_ptr e = p->xpowq;
    element_init(e, p->Fqd);
    element_set1(((element_t *) e->data)[1]);
    element_pow_mpz(e, e, q);

    element_init(p->xpowq2, p->Fqd);
    element_square(p->xpowq2, e);
  } else {
    mpz_init(p->tateexp);
    mpz_sub_ui(p->tateexp, p->Fqk->order, 1);
    mpz_divexact(p->tateexp, p->tateexp, pairing->r);
  }

  field_init_curve_ab_map(p->Etwist, p->Eq, element_field_to_polymod, p->Fqd, pairing->r, NULL);
  field_reinit_curve_twist(p->Etwist);

  mpz_t ndonr;
  mpz_init(ndonr);
  // ndonr temporarily holds the trace.
  mpz_sub(ndonr, param->q, param->n);
  mpz_add_ui(ndonr, ndonr, 1);
  // Negate it because we want the trace of the twist.
  mpz_neg(ndonr, ndonr);
  pbc_mpz_curve_order_extn(ndonr, param->q, ndonr, d);
  mpz_divexact(ndonr, ndonr, param->r);
  field_curve_set_quotient_cmp(p->Etwist, ndonr);
  mpz_clear(ndonr);

  element_init(p->nqrinv, p->Fqd);
  element_invert(p->nqrinv, field_get_nqr(p->Fqd));
  element_init(p->nqrinv2, p->Fqd);
  element_square(p->nqrinv2, p->nqrinv);

  pairing->G1 = p->Eq;
  pairing->G2 = p->Etwist;

  p->k = param->k;
  pairing_GT_init(pairing, p->Fqk);
  pairing->finalpow = cc_finalpow;

  // By default use affine coordinates.
  cc_miller_no_denom_fn = cc_miller_no_denom_affine;
  pairing->option_set = d_pairing_option_set;
  pairing->pp_init = d_pairing_pp_init;
  pairing->pp_clear = d_pairing_pp_clear;
  pairing->pp_apply = d_pairing_pp_apply;

  pairing->clear_func = d_pairing_clear;

  element_clear(a);
  element_clear(b);
}