void fp2_norm_low(fp2_t c, fp2_t a) {
fp2_t t;
bn_t b;
fp2_null(t);
bn_null(b);
TRY {
fp2_new(t);
bn_new(b);
#if FP_PRIME == 158
fp_dbl(t[0], a[0]);
fp_dbl(t[0], t[0]);
fp_sub(t[0], t[0], a[1]);
fp_dbl(t[1], a[1]);
fp_dbl(t[1], t[1]);
fp_add(c[1], a[0], t[1]);
fp_copy(c[0], t[0]);
#elif defined(FP_QNRES)
/* If p = 3 mod 8, (1 + i) is a QNR/CNR. */
fp_neg(t[0], a[1]);
fp_add(c[1], a[0], a[1]);
fp_add(c[0], t[0], a[0]);
#else
switch (fp_prime_get_mod8()) {
case 3:
/* If p = 3 mod 8, (1 + u) is a QNR/CNR. */
fp_neg(t[0], a[1]);
fp_add(c[1], a[0], a[1]);
fp_add(c[0], t[0], a[0]);
break;
case 5:
/* If p = 5 mod 8, (u) is a QNR/CNR. */
fp2_mul_art(c, a);
break;
case 7:
/* If p = 7 mod 8, we choose (2^(lg_4(b-1)) + u) as QNR/CNR. */
fp2_mul_art(t, a);
fp2_dbl(c, a);
fp_prime_back(b, ep_curve_get_b());
for (int i = 1; i < bn_bits(b) / 2; i++) {
fp2_dbl(c, c);
}
fp2_add(c, c, t);
break;
default:
THROW(ERR_NO_VALID);
break;
}
#endif
}
CATCH_ANY {
THROW(ERR_CAUGHT);
}
FINALLY {
fp2_free(t);
bn_free(b);
}
}
void fp2_mul_nor_basic(fp2_t c, fp2_t a) {
fp2_t t;
bn_t b;
fp2_null(t);
bn_null(b);
TRY {
fp2_new(t);
bn_new(b);
#ifdef FP_QNRES
/* If p = 3 mod 8, (1 + i) is a QNR/CNR. */
fp_neg(t[0], a[1]);
fp_add(c[1], a[0], a[1]);
fp_add(c[0], t[0], a[0]);
#else
switch (fp_prime_get_mod8()) {
case 3:
/* If p = 3 mod 8, (1 + u) is a QNR/CNR. */
fp_neg(t[0], a[1]);
fp_add(c[1], a[0], a[1]);
fp_add(c[0], t[0], a[0]);
break;
case 1:
case 5:
/* If p = 5 mod 8, (u) is a QNR/CNR. */
fp2_mul_art(c, a);
break;
case 7:
/* If p = 7 mod 8, we choose (4 + u) is a QNR/CNR. */
fp2_mul_art(t, a);
fp2_dbl(c, a);
fp2_dbl(c, c);
fp2_add(c, c, t);
break;
default:
THROW(ERR_NO_VALID);
}
#endif
}
CATCH_ANY {
THROW(ERR_CAUGHT);
}
FINALLY {
fp2_free(t);
bn_free(b);
}
}
void ep2_frb(ep2_t r, ep2_t p, int i) {
switch (i) {
case 0:
ep2_copy(r, p);
break;
case 1:
fp2_frb(r->x, p->x, 1);
fp2_frb(r->y, p->y, 1);
if (ep2_curve_is_twist() == EP_MTYPE) {
fp2_mul_frb(r->x, r->x, 1, 4);
fp2_mul_art(r->x, r->x);
fp2_mul_art(r->y, r->y);
} else {
fp2_mul_frb(r->x, r->x, 1, 2);
}
fp2_mul_frb(r->y, r->y, 1, 3);
break;
case 2:
if (ep2_curve_is_twist() == EP_MTYPE) {
fp2_mul_frb(r->x, p->x, 2, 4);
} else {
fp2_mul_frb(r->x, p->x, 2, 2);
}
fp2_neg(r->y, p->y);
break;
case 3:
if (ep2_curve_is_twist() == EP_MTYPE) {
fp2_frb(r->x, p->x, 1);
fp2_frb(r->y, p->y, 1);
fp2_mul_frb(r->x, r->x, 1, 4);
fp2_mul_frb(r->x, r->x, 2, 4);
fp2_mul_art(r->x, r->x);
fp2_mul_frb(r->y, r->y, 1, 3);
fp2_mul_art(r->y, r->y);
fp2_neg(r->y, r->y);
} else {
fp2_frb(r->x, p->x, 1);
fp2_mul_frb(r->x, r->x, 3, 2);
fp_neg(r->y[0], p->y[0]);
fp_copy(r->y[1], p->y[1]);
fp2_mul_frb(r->y, r->y, 1, 3);
}
break;
}
r->norm = 1;
fp_set_dig(r->z[0], 1);
fp_zero(r->z[1]);
}
void ep2_frb(ep2_t r, ep2_t p, int i) {
ep2_copy(r, p);
switch (i) {
case 1:
fp2_frb(r->x, r->x, 1);
fp2_frb(r->y, r->y, 1);
fp2_frb(r->z, r->z, 1);
if (ep2_curve_is_twist() == EP_MTYPE) {
fp2_mul_frb(r->x, r->x, 1, 4);
fp2_mul_art(r->x, r->x);
fp2_mul_art(r->y, r->y);
} else {
fp2_mul_frb(r->x, r->x, 1, 2);
}
fp2_mul_frb(r->y, r->y, 1, 3);
break;
case 2:
if (ep2_curve_is_twist() == EP_MTYPE) {
fp2_mul_frb(r->x, r->x, 2, 4);
} else {
fp2_mul_frb(r->x, r->x, 2, 2);
}
fp2_neg(r->y, r->y);
break;
case 3:
if (ep2_curve_is_twist() == EP_MTYPE) {
fp2_frb(r->x, r->x, 1);
fp2_frb(r->y, r->y, 1);
fp2_frb(r->z, r->z, 1);
fp2_mul_frb(r->x, r->x, 1, 4);
fp2_mul_frb(r->x, r->x, 2, 4);
fp2_mul_art(r->x, r->x);
fp2_mul_frb(r->y, r->y, 1, 3);
fp2_mul_art(r->y, r->y);
fp2_neg(r->y, r->y);
} else {
fp2_frb(r->x, r->x, 1);
fp2_mul_frb(r->x, r->x, 3, 2);
fp_neg(r->y[0], r->y[0]);
fp_copy(r->y[1], r->y[1]);
fp2_mul_frb(r->y, r->y, 1, 3);
}
break;
}
}
/**
* Doubles a point represented in affine coordinates on an ordinary prime
* elliptic curve.
*
* @param[out] r - the result.
* @param[out] s - the resulting slope.
* @param[in] p - the point to double.
*/
static void ep2_dbl_basic_imp(ep2_t r, fp2_t s, ep2_t p) {
fp2_t t0, t1, t2;
fp2_null(t0);
fp2_null(t1);
fp2_null(t2);
TRY {
fp2_new(t0);
fp2_new(t1);
fp2_new(t2);
/* t0 = 1/(2 * y1). */
fp2_dbl(t0, p->y);
fp2_inv(t0, t0);
/* t1 = 3 * x1^2 + a. */
fp2_sqr(t1, p->x);
fp2_copy(t2, t1);
fp2_dbl(t1, t1);
fp2_add(t1, t1, t2);
if (ep2_curve_is_twist()) {
switch (ep_curve_opt_a()) {
case OPT_ZERO:
break;
case OPT_ONE:
fp_set_dig(t2[0], 1);
fp2_mul_art(t2, t2);
fp2_mul_art(t2, t2);
fp2_add(t1, t1, t2);
break;
case OPT_DIGIT:
fp_set_dig(t2[0], ep_curve_get_a()[0]);
fp2_mul_art(t2, t2);
fp2_mul_art(t2, t2);
fp2_add(t1, t1, t2);
break;
default:
fp_copy(t2[0], ep_curve_get_a());
fp_zero(t2[1]);
fp2_mul_art(t2, t2);
fp2_mul_art(t2, t2);
fp2_add(t1, t1, t2);
break;
}
}
/* t1 = (3 * x1^2 + a)/(2 * y1). */
fp2_mul(t1, t1, t0);
if (s != NULL) {
fp2_copy(s, t1);
}
/* t2 = t1^2. */
fp2_sqr(t2, t1);
/* x3 = t1^2 - 2 * x1. */
fp2_dbl(t0, p->x);
fp2_sub(t0, t2, t0);
/* y3 = t1 * (x1 - x3) - y1. */
fp2_sub(t2, p->x, t0);
fp2_mul(t1, t1, t2);
fp2_sub(r->y, t1, p->y);
fp2_copy(r->x, t0);
fp2_copy(r->z, p->z);
r->norm = 1;
}
CATCH_ANY {
THROW(ERR_CAUGHT);
}
FINALLY {
fp2_free(t0);
fp2_free(t1);
fp2_free(t2);
}
}
