void ep_rhs(fp_t rhs, const ep_t p) { fp_t t0; fp_t t1; fp_null(t0); fp_null(t1); TRY { fp_new(t0); fp_new(t1); /* t0 = x1^2. */ fp_sqr(t0, p->x); /* t1 = x1^3. */ fp_mul(t1, t0, p->x); /* t1 = x1^3 + a * x1 + b. */ switch (ep_curve_opt_a()) { case OPT_ZERO: break; case OPT_ONE: fp_add(t1, t1, p->x); break; #if FP_RDC != MONTY case OPT_DIGIT: fp_mul_dig(t0, p->x, ep_curve_get_a()[0]); fp_add(t1, t1, t0); break; #endif default: fp_mul(t0, p->x, ep_curve_get_a()); fp_add(t1, t1, t0); break; } switch (ep_curve_opt_b()) { case OPT_ZERO: break; case OPT_ONE: fp_add_dig(t1, t1, 1); break; #if FP_RDC != MONTY case OPT_DIGIT: fp_add_dig(t1, t1, ep_curve_get_b()[0]); break; #endif default: fp_add(t1, t1, ep_curve_get_b()); break; } fp_copy(rhs, t1); } CATCH_ANY { THROW(ERR_CAUGHT); } FINALLY { fp_free(t0); fp_free(t1); } }
void fp2_norm_low(fp2_t c, fp2_t a) { fp2_t t; bn_t b; fp2_null(t); bn_null(b); TRY { fp2_new(t); bn_new(b); #if FP_PRIME == 158 fp_dbl(t[0], a[0]); fp_dbl(t[0], t[0]); fp_sub(t[0], t[0], a[1]); fp_dbl(t[1], a[1]); fp_dbl(t[1], t[1]); fp_add(c[1], a[0], t[1]); fp_copy(c[0], t[0]); #elif defined(FP_QNRES) /* If p = 3 mod 8, (1 + i) is a QNR/CNR. */ fp_neg(t[0], a[1]); fp_add(c[1], a[0], a[1]); fp_add(c[0], t[0], a[0]); #else switch (fp_prime_get_mod8()) { case 3: /* If p = 3 mod 8, (1 + u) is a QNR/CNR. */ fp_neg(t[0], a[1]); fp_add(c[1], a[0], a[1]); fp_add(c[0], t[0], a[0]); break; case 5: /* If p = 5 mod 8, (u) is a QNR/CNR. */ fp2_mul_art(c, a); break; case 7: /* If p = 7 mod 8, we choose (2^(lg_4(b-1)) + u) as QNR/CNR. */ fp2_mul_art(t, a); fp2_dbl(c, a); fp_prime_back(b, ep_curve_get_b()); for (int i = 1; i < bn_bits(b) / 2; i++) { fp2_dbl(c, c); } fp2_add(c, c, t); break; default: THROW(ERR_NO_VALID); break; } #endif } CATCH_ANY { THROW(ERR_CAUGHT); } FINALLY { fp2_free(t); bn_free(b); } }
void fp2_nord_low(dv2_t c, dv2_t a) { dv2_t t; bn_t b; dv2_null(t); bn_null(b); TRY { dv2_new(t); bn_new(b); #if FP_PRIME == 158 fp_addc_low(t[0], a[0], a[0]); fp_addc_low(t[0], t[0], t[0]); fp_subc_low(t[0], t[0], a[1]); fp_addc_low(t[1], a[1], a[1]); fp_addc_low(t[1], t[1], t[1]); fp_addc_low(c[1], a[0], t[1]); dv_copy(c[0], t[0], 2 * FP_DIGS); #elif defined(FP_QNRES) /* If p = 3 mod 8, (1 + i) is a QNR/CNR. */ /* (a_0 + a_1 * i) * (1 + i) = (a_0 - a_1) + (a_0 + a_1) * u. */ dv_copy(t[0], a[1], 2 * FP_DIGS); fp_addc_low(c[1], a[0], a[1]); fp_subc_low(c[0], a[0], t[0]); #else switch (fp_prime_get_mod8()) { case 3: /* If p = 3 mod 8, (1 + u) is a QNR, u^2 = -1. */ /* (a_0 + a_1 * u) * (1 + u) = (a_0 - a_1) + (a_0 + a_1) * u. */ dv_copy(t[0], a[1], 2 * FP_DIGS); fp_addc_low(c[1], a[0], a[1]); fp_subc_low(c[0], a[0], t[0]); break; case 5: /* If p = 5 mod 8, (u) is a QNR. */ dv_copy(t[0], a[0], 2 * FP_DIGS); dv_zero(t[1], FP_DIGS); dv_copy(t[1] + FP_DIGS, fp_prime_get(), FP_DIGS); fp_subc_low(c[0], t[1], a[1]); for (int i = -1; i > fp_prime_get_qnr(); i--) { fp_subc_low(c[0], c[0], a[1]); } dv_copy(c[1], t[0], 2 * FP_DIGS); break; case 7: /* If p = 7 mod 8, (2^lg_4(b-1) + u) is a QNR/CNR. */ /* (a_0 + a_1 * u)(2^lg_4(b-1) + u) = * (2^lg_4(b-1)a_0 - a_1) + (a_0 + 2^lg_4(b-1)a_1 * u. */ fp2_addc_low(t, a, a); fp_prime_back(b, ep_curve_get_b()); for (int i = 1; i < bn_bits(b) / 2; i++) { fp2_addc_low(t, t, t); } fp_subc_low(c[0], t[0], a[1]); fp_addc_low(c[1], t[1], a[0]); break; default: THROW(ERR_NO_VALID); break; } #endif } CATCH_ANY { THROW(ERR_CAUGHT); } FINALLY { dv2_free(t); bn_free(b); } }
void pp_dbl_lit_k12(fp12_t l, ep_t r, ep_t p, ep2_t q) { fp_t t0, t1, t2, t3, t4, t5, t6; int one = 1, zero = 0; fp_null(t0); fp_null(t1); fp_null(t2); fp_null(t3); fp_null(t4); fp_null(t5); fp_null(t6); TRY { fp_new(t0); fp_new(t1); fp_new(t2); fp_new(t3); fp_new(t4); fp_new(t5); fp_new(t6); fp_sqr(t0, p->x); fp_sqr(t1, p->y); fp_sqr(t2, p->z); fp_mul(t4, ep_curve_get_b(), t2); fp_dbl(t3, t4); fp_add(t3, t3, t4); fp_add(t4, p->x, p->y); fp_sqr(t4, t4); fp_sub(t4, t4, t0); fp_sub(t4, t4, t1); fp_add(t5, p->y, p->z); fp_sqr(t5, t5); fp_sub(t5, t5, t1); fp_sub(t5, t5, t2); fp_dbl(t6, t3); fp_add(t6, t6, t3); fp_sub(r->x, t1, t6); fp_mul(r->x, r->x, t4); fp_add(r->y, t1, t6); fp_sqr(r->y, r->y); fp_sqr(t4, t3); fp_dbl(t6, t4); fp_add(t6, t6, t4); fp_dbl(t6, t6); fp_dbl(t6, t6); fp_sub(r->y, r->y, t6); fp_mul(r->z, t1, t5); fp_dbl(r->z, r->z); fp_dbl(r->z, r->z); r->norm = 0; if (ep2_curve_is_twist() == EP_MTYPE) { one ^= 1; zero ^= 1; } fp2_dbl(l[zero][one], q->x); fp2_add(l[zero][one], l[zero][one], q->x); fp_mul(l[zero][one][0], l[zero][one][0], t0); fp_mul(l[zero][one][1], l[zero][one][1], t0); fp_sub(l[zero][zero][0], t3, t1); fp_zero(l[zero][zero][1]); fp_mul(l[one][one][0], q->y[0], t5); fp_mul(l[one][one][1], q->y[1], t5); } CATCH_ANY { THROW(ERR_CAUGHT); } FINALLY { fp_free(t0); fp_free(t1); fp_free(t2); fp_free(t3); fp_free(t4); fp_free(t5); fp_free(t6); } }