/**
* Multiplies a point on a Barreto-Lynn-Soctt curve by the cofactor.
*
* @param[out] r - the result.
* @param[in] p - the point to multiply.
*/
void ep2_mul_cof_b12(ep2_t r, ep2_t p) {
bn_t x;
ep2_t t0, t1, t2, t3;
ep2_null(t0);
ep2_null(t1);
ep2_null(t2);
ep2_null(t3);
bn_null(x);
TRY {
ep2_new(t0);
ep2_new(t1);
ep2_new(t2);
ep2_new(t3);
bn_new(x);
fp_param_get_var(x);
/* Compute t0 = xP. */
ep2_mul(t0, p, x);
if (bn_sign(x) == BN_NEG) {
ep2_neg(t0, t0);
}
/* Compute t1 = [x^2]P. */
ep2_mul(t1, t0, x);
if (bn_sign(x) == BN_NEG) {
ep2_neg(t1, t1);
}
/* t2 = (x^2 - x - 1)P = x^2P - x*P - P. */
ep2_sub(t2, t1, t0);
ep2_sub(t2, t2, p);
/* t3 = \psi(x - 1)P. */
ep2_sub(t3, t0, p);
ep2_norm(t3, t3);
ep2_frb(t3, t3, 1);
ep2_add(t2, t2, t3);
/* t3 = \psi^2(2P). */
ep2_dbl(t3, p);
ep2_norm(t3, t3);
ep2_frb(t3, t3, 2);
ep2_add(t2, t2, t3);
ep2_norm(r, t2);
}
CATCH_ANY {
THROW(ERR_CAUGHT);
}
FINALLY {
ep2_free(t0);
ep2_free(t1);
ep2_free(t2);
ep2_free(t3);
bn_free(x);
}
}
void ep2_map(ep2_t p, uint8_t *msg, int len) {
bn_t x;
fp2_t t0;
uint8_t digest[MD_LEN];
bn_null(x);
fp2_null(t0);
TRY {
bn_new(x);
fp2_new(t0);
md_map(digest, msg, len);
bn_read_bin(x, digest, MIN(FP_BYTES, MD_LEN));
fp_prime_conv(p->x[0], x);
fp_zero(p->x[1]);
fp_set_dig(p->z[0], 1);
fp_zero(p->z[1]);
while (1) {
ep2_rhs(t0, p);
if (fp2_srt(p->y, t0)) {
p->norm = 1;
break;
}
fp_add_dig(p->x[0], p->x[0], 1);
}
switch (ep_param_get()) {
case BN_P158:
case BN_P254:
case BN_P256:
case BN_P638:
ep2_mul_cof_bn(p, p);
break;
case B12_P638:
ep2_mul_cof_b12(p, p);
break;
default:
/* Now, multiply by cofactor to get the correct group. */
ep2_curve_get_cof(x);
if (bn_bits(x) < BN_DIGIT) {
ep2_mul_dig(p, p, x->dp[0]);
} else {
ep2_mul(p, p, x);
}
break;
}
}
CATCH_ANY {
THROW(ERR_CAUGHT);
}
FINALLY {
bn_free(x);
fp2_free(t0);
}
}
void ep2_rand(ep2_t p) {
bn_t n, k;
ep2_t gen;
bn_null(k);
bn_null(n);
ep2_null(gen);
TRY {
bn_new(k);
bn_new(n);
ep2_new(gen);
ep2_curve_get_ord(n);
bn_rand_mod(k, n);
ep2_curve_get_gen(gen);
ep2_mul(p, gen, k);
}
CATCH_ANY {
THROW(ERR_CAUGHT);
}
FINALLY {
bn_free(k);
bn_free(n);
ep2_free(gen);
}
}
void ep2_mul_sim_basic(ep2_t r, ep2_t p, bn_t k, ep2_t q, bn_t l) {
ep2_t t;
ep2_null(t);
TRY {
ep2_new(t);
ep2_mul(t, q, l);
ep2_mul(r, p, k);
ep2_add(t, t, r);
ep2_norm(r, t);
} CATCH_ANY {
THROW(ERR_CAUGHT);
}
FINALLY {
ep2_free(t);
}
}
/**
* Multiplies a point on a Barreto-Naehrig curve by the cofactor.
*
* @param[out] r - the result.
* @param[in] p - the point to multiply.
*/
void ep2_mul_cof_bn(ep2_t r, ep2_t p) {
bn_t x;
ep2_t t0, t1, t2;
ep2_null(t0);
ep2_null(t1);
ep2_null(t2);
bn_null(x);
TRY {
ep2_new(t0);
ep2_new(t1);
ep2_new(t2);
bn_new(x);
fp_param_get_var(x);
/* Compute t0 = xP. */
ep2_mul(t0, p, x);
if (bn_sign(x) == BN_NEG) {
ep2_neg(t0, t0);
}
/* Compute t1 = \psi(3xP). */
ep2_dbl(t1, t0);
ep2_add(t1, t1, t0);
ep2_norm(t1, t1);
ep2_frb(t1, t1, 1);
/* Compute t2 = \psi^3(P) + t0 + t1 + \psi^2(xP). */
ep2_frb(t2, p, 2);
ep2_frb(t2, t2, 1);
ep2_add(t2, t2, t0);
ep2_add(t2, t2, t1);
ep2_frb(t1, t0, 2);
ep2_add(t2, t2, t1);
ep2_norm(r, t2);
}
CATCH_ANY {
THROW(ERR_CAUGHT);
}
FINALLY {
ep2_free(t0);
ep2_free(t1);
ep2_free(t2);
bn_free(x);
}
}
void ep2_mul_gen(ep2_t r, bn_t k) {
#ifdef EP_PRECO
ep2_mul_fix(r, ep2_curve_get_tab(), k);
#else
ep2_t g;
ep2_null(g);
TRY {
ep2_new(g);
ep2_curve_get_gen(g);
ep2_mul(r, g, k);
}
CATCH_ANY {
THROW(ERR_CAUGHT);
}
FINALLY {
ep2_free(g);
}
#endif
}
