/* Multiply P by e in group G1 */
void PAIR_G1mul(ECP *P,BIG e)
{
#ifdef USE_GLV /* Note this method is patented */
int i,np,nn;
ECP Q;
BIG cru,t,q;
BIG u[2];
BIG_rcopy(q,CURVE_Order);
glv(u,e);
ECP_affine(P);
ECP_copy(&Q,P);
BIG_rcopy(cru,CURVE_Cru);
FP_nres(cru);
FP_mul(Q.x,Q.x,cru);
/* note that -a.B = a.(-B). Use a or -a depending on which is smaller */
np=BIG_nbits(u[0]);
BIG_modneg(t,u[0],q);
nn=BIG_nbits(t);
if (nn<np)
{
BIG_copy(u[0],t);
ECP_neg(P);
}
np=BIG_nbits(u[1]);
BIG_modneg(t,u[1],q);
nn=BIG_nbits(t);
if (nn<np)
{
BIG_copy(u[1],t);
ECP_neg(&Q);
}
ECP_mul2(P,&Q,u[0],u[1]);
#else
ECP_mul(P,e);
#endif
}
/* Multiply P by e in group G2 */
void PAIR_G2mul(ECP2 *P,BIG e)
{
#ifdef USE_GS_G2 /* Well I didn't patent it :) */
int i,np,nn;
ECP2 Q[4];
FP2 X;
BIG x,y;
BIG u[4];
BIG_rcopy(x,CURVE_Fra);
BIG_rcopy(y,CURVE_Frb);
FP2_from_BIGs(&X,x,y);
BIG_rcopy(y,CURVE_Order);
gs(u,e);
ECP2_affine(P);
ECP2_copy(&Q[0],P);
for (i=1; i<4; i++)
{
ECP2_copy(&Q[i],&Q[i-1]);
ECP2_frob(&Q[i],&X);
}
for (i=0; i<4; i++)
{
np=BIG_nbits(u[i]);
BIG_modneg(x,u[i],y);
nn=BIG_nbits(x);
if (nn<np)
{
BIG_copy(u[i],x);
ECP2_neg(&Q[i]);
}
}
ECP2_mul4(P,Q,u);
#else
ECP2_mul(P,e);
#endif
}
/* f=f^e */
void PAIR_GTpow(FP12 *f,BIG e)
{
#ifdef USE_GS_GT /* Note that this option requires a lot of RAM! Maybe better to use compressed XTR method, see fp4.c */
int i,np,nn;
FP12 g[4];
FP2 X;
BIG t,q,x,y;
BIG u[4];
BIG_rcopy(x,CURVE_Fra);
BIG_rcopy(y,CURVE_Frb);
FP2_from_BIGs(&X,x,y);
BIG_rcopy(q,CURVE_Order);
gs(u,e);
FP12_copy(&g[0],f);
for (i=1; i<4; i++)
{
FP12_copy(&g[i],&g[i-1]);
FP12_frob(&g[i],&X);
}
for (i=0; i<4; i++)
{
np=BIG_nbits(u[i]);
BIG_modneg(t,u[i],q);
nn=BIG_nbits(t);
if (nn<np)
{
BIG_copy(u[i],t);
FP12_conj(&g[i],&g[i]);
}
}
FP12_pow4(f,g,u);
#else
FP12_pow(f,f,e);
#endif
}
