ZZn6 line(ECn3& A,ECn3& C,ECn3& B,int type,ZZn3& slope,ZZn3& ex1,ZZn3& ex2,ZZn& Px,ZZn& Py) { ZZn6 w; ZZn3 d; #ifdef AFFINE ZZn3 x,y; A.get(x,y); d.set1(Py); w=shuffle(y-slope*(Px+x),d); #endif #ifdef PROJECTIVE ZZn3 x,y,z,z3,t; C.getZ(z3); d.set1(Py); if (type==MR_ADD) { // exploit that B is in affine ZZn3 x2,y2; B.get(x2,y2); y2*=z3; d*=z3; w=shuffle(y2-slope*(Px+x2),d); } if (type==MR_DOUBLE) { // use extra information from point doubling A.get(x,y,z); w=shuffle(ex1-slope*(Px*ex2+x),d*z3*ex2); } #endif return w; }
BOOL ecap2(ECn& P,ECn3 Q,ECn& R,ECn3 &S,Big& order,Big& cf) { ECn PP=P; ECn RR=R; ZZn3 Qx,Qy,Sx,Sy; int qnr=-get_mip()->cnr; normalise(PP); Q.get(Qx,Qy); // untwist Qx=Qx/qnr; Qy=tx(Qy); Qy=Qy/(qnr*qnr); RR=R; normalise(RR); S.get(Sx,Sy); // untwist Sx=Sx/qnr; Sy=tx(Sy); Sy=Sy/(qnr*qnr); return fast_double_tate_pairing(PP,Qx,Qy,RR,Sx,Sy,order,cf); }
void cofactor(ECn3 &S,Big &x, ZZn2& X) { // S=Phi(2xP)+phi^2(2xP) ZZn6 X1,X2,Y1,Y2; ZZn3 Sx,Sy,T; ECn3 S2; int qnr=get_mip()->cnr; S*=x; S+=S; // hard work done here S.get(Sx,Sy); // untwist Sx=Sx/qnr; Sy=tx(Sy); Sy=Sy/(qnr*qnr); X1=shuffle(Sx,(ZZn3)0); Y1=shuffle((ZZn3)0,Sy); X1.powq(X); Y1.powq(X); X2=X1; Y2=Y1; X2.powq(X); Y2.powq(X); unshuffle(X1,Sx,T); unshuffle(Y1,T,Sy); // twist Sx=qnr*Sx; Sy=txd(Sy*qnr*qnr); S.set(Sx,Sy); unshuffle(X2,Sx,T); unshuffle(Y2,T,Sy); //twist (again, like we did last summer...) Sx=qnr*Sx; Sy=txd(Sy*qnr*qnr); S2.set(Sx,Sy); S+=S2; }
BOOL ecap(ECn& P,ECn3& Q,Big& x,ZZn2 &X,ZZn6& res) { BOOL Ok; ECn PP=P; ZZn3 Qx,Qy; int qnr=get_mip()->cnr; normalise(PP); Q.get(Qx,Qy); // untwist Qx=Qx/qnr; Qy=tx(Qy); Qy=Qy/(qnr*qnr); #ifdef MR_COUNT_OPS fpc=fpa=fpx=0; #endif Ok=fast_tate_pairing(PP,Qx,Qy,x,X,res); #ifdef MR_COUNT_OPS printf("After pairing fpc= %d fpa= %d fpx= %d\n",fpc,fpa,fpx); fpa=fpc=fpx=0; #endif if (Ok) return TRUE; return FALSE; }
ZZn18 line(ECn3& A,ECn3& C,ZZn3& slope,ZZn& Qx,ZZn& Qy) { ZZn18 w; ZZn6 nn,dd; ZZn3 X,Y; A.get(X,Y); nn.set(Qy,Y-slope*X); dd.set(slope*Qx); w.set(nn,dd); //cout << "1. w= " << w << endl; return w; }
ECn3 psi(ECn3 &A,ZZn &W,int n) { int i; ECn3 R; ZZn3 X,Y; ZZn FF; // Fast multiplication of A by q^n A.get(X,Y); FF=NR*W*W; for (i=0;i<n;i++) { // assumes p=13 mod 18 X.powq(); X=tx(FF*X); Y.powq(); Y*=(ZZn)get_mip()->sru; } R.set(X,Y); return R; }
void q_power_frobenius(ECn3 &S,ZZn2& X) { ZZn6 X1,X2,Y1,Y2; ZZn3 Sx,Sy,T; int qnr=get_mip()->cnr; S.get(Sx,Sy); // untwist Sx=Sx/qnr; Sy=tx(Sy); Sy=Sy/(qnr*qnr); X1=shuffle(Sx,(ZZn3)0); Y1=shuffle((ZZn3)0,Sy); X1.powq(X); Y1.powq(X); unshuffle(X1,Sx,T); unshuffle(Y1,T,Sy); // twist Sx=qnr*Sx; Sy=txd(Sy*qnr*qnr); S.set(Sx,Sy); }