ZZn6 line(ECn3& A,ECn3& C,ECn3& B,int type,ZZn3& slope,ZZn3& ex1,ZZn3& ex2,ZZn& Px,ZZn& Py)
{
ZZn6 w;
ZZn3 d;
#ifdef AFFINE
ZZn3 x,y;
A.get(x,y);
d.set1(Py);
w=shuffle(y-slope*(Px+x),d);
#endif
#ifdef PROJECTIVE
ZZn3 x,y,z,z3,t;
C.getZ(z3);
d.set1(Py);
if (type==MR_ADD)
{ // exploit that B is in affine
ZZn3 x2,y2;
B.get(x2,y2);
y2*=z3; d*=z3;
w=shuffle(y2-slope*(Px+x2),d);
}
if (type==MR_DOUBLE)
{ // use extra information from point doubling
A.get(x,y,z);
w=shuffle(ex1-slope*(Px*ex2+x),d*z3*ex2);
}
#endif
return w;
}
BOOL ecap2(ECn& P,ECn3 Q,ECn& R,ECn3 &S,Big& order,Big& cf)
{
ECn PP=P;
ECn RR=R;
ZZn3 Qx,Qy,Sx,Sy;
int qnr=-get_mip()->cnr;
normalise(PP);
Q.get(Qx,Qy);
// untwist
Qx=Qx/qnr;
Qy=tx(Qy);
Qy=Qy/(qnr*qnr);
RR=R;
normalise(RR);
S.get(Sx,Sy);
// untwist
Sx=Sx/qnr;
Sy=tx(Sy);
Sy=Sy/(qnr*qnr);
return fast_double_tate_pairing(PP,Qx,Qy,RR,Sx,Sy,order,cf);
}
void cofactor(ECn3 &S,Big &x, ZZn2& X)
{ // S=Phi(2xP)+phi^2(2xP)
ZZn6 X1,X2,Y1,Y2;
ZZn3 Sx,Sy,T;
ECn3 S2;
int qnr=get_mip()->cnr;
S*=x; S+=S; // hard work done here
S.get(Sx,Sy);
// untwist
Sx=Sx/qnr;
Sy=tx(Sy);
Sy=Sy/(qnr*qnr);
X1=shuffle(Sx,(ZZn3)0); Y1=shuffle((ZZn3)0,Sy);
X1.powq(X); Y1.powq(X);
X2=X1; Y2=Y1;
X2.powq(X); Y2.powq(X);
unshuffle(X1,Sx,T); unshuffle(Y1,T,Sy);
// twist
Sx=qnr*Sx;
Sy=txd(Sy*qnr*qnr);
S.set(Sx,Sy);
unshuffle(X2,Sx,T); unshuffle(Y2,T,Sy);
//twist (again, like we did last summer...)
Sx=qnr*Sx;
Sy=txd(Sy*qnr*qnr);
S2.set(Sx,Sy);
S+=S2;
}
BOOL ecap(ECn& P,ECn3& Q,Big& x,ZZn2 &X,ZZn6& res)
{
BOOL Ok;
ECn PP=P;
ZZn3 Qx,Qy;
int qnr=get_mip()->cnr;
normalise(PP);
Q.get(Qx,Qy);
// untwist
Qx=Qx/qnr;
Qy=tx(Qy);
Qy=Qy/(qnr*qnr);
#ifdef MR_COUNT_OPS
fpc=fpa=fpx=0;
#endif
Ok=fast_tate_pairing(PP,Qx,Qy,x,X,res);
#ifdef MR_COUNT_OPS
printf("After pairing fpc= %d fpa= %d fpx= %d\n",fpc,fpa,fpx);
fpa=fpc=fpx=0;
#endif
if (Ok) return TRUE;
return FALSE;
}
ZZn18 line(ECn3& A,ECn3& C,ZZn3& slope,ZZn& Qx,ZZn& Qy)
{
ZZn18 w;
ZZn6 nn,dd;
ZZn3 X,Y;
A.get(X,Y);
nn.set(Qy,Y-slope*X);
dd.set(slope*Qx);
w.set(nn,dd);
//cout << "1. w= " << w << endl;
return w;
}
ECn3 psi(ECn3 &A,ZZn &W,int n)
{
int i;
ECn3 R;
ZZn3 X,Y;
ZZn FF;
// Fast multiplication of A by q^n
A.get(X,Y);
FF=NR*W*W;
for (i=0;i<n;i++)
{ // assumes p=13 mod 18
X.powq(); X=tx(FF*X);
Y.powq(); Y*=(ZZn)get_mip()->sru;
}
R.set(X,Y);
return R;
}
void q_power_frobenius(ECn3 &S,ZZn2& X)
{
ZZn6 X1,X2,Y1,Y2;
ZZn3 Sx,Sy,T;
int qnr=get_mip()->cnr;
S.get(Sx,Sy);
// untwist
Sx=Sx/qnr;
Sy=tx(Sy);
Sy=Sy/(qnr*qnr);
X1=shuffle(Sx,(ZZn3)0); Y1=shuffle((ZZn3)0,Sy);
X1.powq(X); Y1.powq(X);
unshuffle(X1,Sx,T); unshuffle(Y1,T,Sy);
// twist
Sx=qnr*Sx;
Sy=txd(Sy*qnr*qnr);
S.set(Sx,Sy);
}
