void eb_mul_pre_combs(eb_t *t, eb_t p) {
int i, j, l;
bn_t ord;
bn_null(ord);
TRY {
bn_new(ord);
eb_curve_get_ord(ord);
l = bn_bits(ord);
l = ((l % EB_DEPTH) == 0 ? (l / EB_DEPTH) : (l / EB_DEPTH) + 1);
eb_set_infty(t[0]);
eb_copy(t[1], p);
for (j = 1; j < EB_DEPTH; j++) {
eb_dbl(t[1 << j], t[1 << (j - 1)]);
for (i = 1; i < l; i++) {
eb_dbl(t[1 << j], t[1 << j]);
}
for (i = 1; i < (1 << j); i++) {
eb_add(t[(1 << j) + i], t[1 << j], t[i]);
}
}
eb_norm_sim(t + 2, t + 2, EB_TABLE_COMBS - 2);
}
CATCH_ANY {
THROW(ERR_CAUGHT);
}
FINALLY {
bn_free(ord);
}
}
void eb_mul_fix_combd(eb_t r, eb_t *t, bn_t k) {
int i, j, d, e, w0, w1, n0, p0, p1;
bn_t n;
bn_null(n);
TRY {
bn_new(n);
eb_curve_get_ord(n);
d = bn_bits(n);
d = ((d % EB_DEPTH) == 0 ? (d / EB_DEPTH) : (d / EB_DEPTH) + 1);
e = (d % 2 == 0 ? (d / 2) : (d / 2) + 1);
eb_set_infty(r);
n0 = bn_bits(k);
p1 = (e - 1) + (EB_DEPTH - 1) * d;
for (i = e - 1; i >= 0; i--) {
eb_dbl(r, r);
w0 = 0;
p0 = p1;
for (j = EB_DEPTH - 1; j >= 0; j--, p0 -= d) {
w0 = w0 << 1;
if (p0 < n0 && bn_test_bit(k, p0)) {
w0 = w0 | 1;
}
}
w1 = 0;
p0 = p1-- + e;
for (j = EB_DEPTH - 1; j >= 0; j--, p0 -= d) {
w1 = w1 << 1;
if (i + e < d && p0 < n0 && bn_test_bit(k, p0)) {
w1 = w1 | 1;
}
}
eb_add(r, r, t[w0]);
eb_add(r, r, t[(1 << EB_DEPTH) + w1]);
}
eb_norm(r, r);
}
CATCH_ANY {
THROW(ERR_CAUGHT);
}
FINALLY {
bn_free(n);
}
}
void eb_mul_fix_combs(eb_t r, eb_t *t, bn_t k) {
int i, j, l, w, n, p0, p1;
bn_t ord;
bn_null(ord);
TRY {
bn_new(ord);
eb_curve_get_ord(ord);
l = bn_bits(ord);
l = ((l % EB_DEPTH) == 0 ? (l / EB_DEPTH) : (l / EB_DEPTH) + 1);
n = bn_bits(k);
p0 = (EB_DEPTH) * l - 1;
w = 0;
p1 = p0--;
for (j = EB_DEPTH - 1; j >= 0; j--, p1 -= l) {
w = w << 1;
if (p1 < n && bn_test_bit(k, p1)) {
w = w | 1;
}
}
eb_copy(r, t[w]);
for (i = l - 2; i >= 0; i--) {
eb_dbl(r, r);
w = 0;
p1 = p0--;
for (j = EB_DEPTH - 1; j >= 0; j--, p1 -= l) {
w = w << 1;
if (p1 < n && bn_test_bit(k, p1)) {
w = w | 1;
}
}
if (w > 0) {
eb_add(r, r, t[w]);
}
}
eb_norm(r, r);
}
CATCH_ANY {
THROW(ERR_CAUGHT);
}
FINALLY {
bn_free(ord);
}
}
void eb_mul_pre_combd(eb_t *t, eb_t p) {
bn_t n;
bn_null(n);
TRY {
int i, j, d, e;
bn_new(n);
eb_curve_get_ord(n);
d = bn_bits(n);
d = ((d % EB_DEPTH) == 0 ? (d / EB_DEPTH) : (d / EB_DEPTH) + 1);
e = (d % 2 == 0 ? (d / 2) : (d / 2) + 1);
eb_set_infty(t[0]);
eb_copy(t[1], p);
for (j = 1; j < EB_DEPTH; j++) {
eb_dbl(t[1 << j], t[1 << (j - 1)]);
for (i = 1; i < d; i++) {
eb_dbl(t[1 << j], t[1 << j]);
}
for (i = 1; i < (1 << j); i++) {
eb_add(t[(1 << j) + i], t[1 << j], t[i]);
}
}
eb_set_infty(t[1 << EB_DEPTH]);
for (j = 1; j < (1 << EB_DEPTH); j++) {
eb_dbl(t[(1 << EB_DEPTH) + j], t[j]);
for (i = 1; i < e; i++) {
eb_dbl(t[(1 << EB_DEPTH) + j], t[(1 << EB_DEPTH) + j]);
}
}
eb_norm_sim(t + 2, t + 2, (1 << EB_DEPTH) - 2);
eb_norm_sim(t + (1 << EB_DEPTH) + 1, t + (1 << EB_DEPTH) + 1, (1 << EB_DEPTH) - 1);
}
CATCH_ANY {
THROW(ERR_CAUGHT);
}
FINALLY {
bn_free(n);
}
}
void eb_rand(eb_t p) {
bn_t n, k;
bn_null(n);
bn_null(k);
TRY {
bn_new(k);
bn_new(n);
eb_curve_get_ord(n);
bn_rand(k, BN_POS, bn_bits(n));
bn_mod(k, k, n);
eb_mul_gen(p, k);
} CATCH_ANY {
THROW(ERR_CAUGHT);
} FINALLY {
bn_free(k);
bn_free(n);
}
}
void eb_mul_sim_trick(eb_t r, const eb_t p, const bn_t k, const eb_t q,
const bn_t m) {
eb_t t0[1 << (EB_WIDTH / 2)], t1[1 << (EB_WIDTH / 2)], t[1 << EB_WIDTH];
bn_t n;
int l0, l1, w = EB_WIDTH / 2;
uint8_t w0[CEIL(FB_BITS, 2)], w1[CEIL(FB_BITS, w)];
bn_null(n);
for (int i = 0; i < 1 << EB_WIDTH; i++) {
eb_null(t[i]);
}
for (int i = 0; i < 1 << (EB_WIDTH / 2); i++) {
eb_null(t0[i]);
eb_null(t1[i]);
}
TRY {
bn_new(n);
eb_curve_get_ord(n);
for (int i = 0; i < (1 << w); i++) {
eb_new(t0[i]);
eb_new(t1[i]);
}
for (int i = 0; i < (1 << EB_WIDTH); i++) {
eb_new(t[i]);
}
eb_set_infty(t0[0]);
for (int i = 1; i < (1 << w); i++) {
eb_add(t0[i], t0[i - 1], p);
}
eb_set_infty(t1[0]);
for (int i = 1; i < (1 << w); i++) {
eb_add(t1[i], t1[i - 1], q);
}
for (int i = 0; i < (1 << w); i++) {
for (int j = 0; j < (1 << w); j++) {
eb_add(t[(i << w) + j], t0[i], t1[j]);
}
}
#if EB_WIDTH > 2 && defined(EB_MIXED)
eb_norm_sim(t + 1, (const eb_t *)(t + 1), (1 << EB_WIDTH) - 1);
#endif
l0 = l1 = CEIL(FB_BITS, w);
bn_rec_win(w0, &l0, k, w);
bn_rec_win(w1, &l1, m, w);
for (int i = l0; i < l1; i++) {
w0[i] = 0;
}
for (int i = l1; i < l0; i++) {
w1[i] = 0;
}
eb_set_infty(r);
for (int i = MAX(l0, l1) - 1; i >= 0; i--) {
for (int j = 0; j < w; j++) {
eb_dbl(r, r);
}
eb_add(r, r, t[(w0[i] << w) + w1[i]]);
}
eb_norm(r, r);
} CATCH_ANY {
THROW(ERR_CAUGHT);
}
FINALLY {
bn_free(n);
for (int i = 0; i < (1 << w); i++) {
eb_free(t0[i]);
eb_free(t1[i]);
}
for (int i = 0; i < (1 << EB_WIDTH); i++) {
eb_free(t[i]);
}
}
}
void eb_mul_sim_trick(eb_t r, const eb_t p, const bn_t k, const eb_t q,
const bn_t m) {
eb_t t0[1 << (EB_WIDTH / 2)], t1[1 << (EB_WIDTH / 2)], t[1 << EB_WIDTH];
int l0, l1, w = EB_WIDTH / 2;
uint8_t *w0 = RLC_ALLOCA(uint8_t, RLC_CEIL(RLC_FB_BITS, w));
uint8_t *w1 = RLC_ALLOCA(uint8_t, RLC_CEIL(RLC_FB_BITS, w));
bn_t n;
bn_null(n);
if (bn_is_zero(k) || eb_is_infty(p)) {
eb_mul(r, q, m);
return;
}
if (bn_is_zero(m) || eb_is_infty(q)) {
eb_mul(r, p, k);
return;
}
TRY {
bn_new(n);
eb_curve_get_ord(n);
for (int i = 0; i < (1 << w); i++) {
eb_null(t0[i]);
eb_null(t1[i]);
eb_new(t0[i]);
eb_new(t1[i]);
}
for (int i = 0; i < (1 << EB_WIDTH); i++) {
eb_null(t[i]);
eb_new(t[i]);
}
eb_set_infty(t0[0]);
eb_copy(t0[1], p);
if (bn_sign(k) == RLC_NEG) {
eb_neg(t0[1], t0[1]);
}
for (int i = 2; i < (1 << w); i++) {
eb_add(t0[i], t0[i - 1], t0[1]);
}
eb_set_infty(t1[0]);
eb_copy(t1[1], q);
if (bn_sign(m) == RLC_NEG) {
eb_neg(t1[1], t1[1]);
}
for (int i = 2; i < (1 << w); i++) {
eb_add(t1[i], t1[i - 1], t1[1]);
}
for (int i = 0; i < (1 << w); i++) {
for (int j = 0; j < (1 << w); j++) {
eb_add(t[(i << w) + j], t0[i], t1[j]);
}
}
#if EB_WIDTH > 2 && defined(EB_MIXED)
eb_norm_sim(t + 1, (const eb_t *)(t + 1), (1 << EB_WIDTH) - 1);
#endif
l0 = l1 = RLC_CEIL(RLC_FB_BITS + 1, w);
bn_rec_win(w0, &l0, k, w);
bn_rec_win(w1, &l1, m, w);
for (int i = l0; i < l1; i++) {
w0[i] = 0;
}
for (int i = l1; i < l0; i++) {
w1[i] = 0;
}
eb_set_infty(r);
for (int i = RLC_MAX(l0, l1) - 1; i >= 0; i--) {
for (int j = 0; j < w; j++) {
eb_dbl(r, r);
}
eb_add(r, r, t[(w0[i] << w) + w1[i]]);
}
eb_norm(r, r);
} CATCH_ANY {
THROW(ERR_CAUGHT);
}
FINALLY {
bn_free(n);
for (int i = 0; i < (1 << w); i++) {
eb_free(t0[i]);
eb_free(t1[i]);
}
for (int i = 0; i < (1 << EB_WIDTH); i++) {
eb_free(t[i]);
}
}
}
