/** * Compute the final lines for optimal ate pairings. * * @param[out] r - the result. * @param[out] t - the resulting point. * @param[in] q - the first point of the pairing, in G_2. * @param[in] p - the second point of the pairing, in G_1. * @param[in] a - the loop parameter. */ static void pp_fin_k12_oatep(fp12_t r, ep2_t t, ep2_t q, ep_t p) { ep2_t q1, q2; fp12_t tmp; fp12_null(tmp); ep2_null(q1); ep2_null(q2); TRY { ep2_new(q1); ep2_new(q2); fp12_new(tmp); fp12_zero(tmp); fp2_set_dig(q1->z, 1); fp2_set_dig(q2->z, 1); ep2_frb(q1, q, 1); ep2_frb(q2, q, 2); ep2_neg(q2, q2); pp_add_k12(tmp, t, q1, p); fp12_mul_dxs(r, r, tmp); pp_add_k12(tmp, t, q2, p); fp12_mul_dxs(r, r, tmp); } CATCH_ANY { THROW(ERR_CAUGHT); } FINALLY { fp12_free(tmp); ep2_free(q1); ep2_free(q2); } }
/** * Multiplies a point on a Barreto-Lynn-Soctt curve by the cofactor. * * @param[out] r - the result. * @param[in] p - the point to multiply. */ void ep2_mul_cof_b12(ep2_t r, ep2_t p) { bn_t x; ep2_t t0, t1, t2, t3; ep2_null(t0); ep2_null(t1); ep2_null(t2); ep2_null(t3); bn_null(x); TRY { ep2_new(t0); ep2_new(t1); ep2_new(t2); ep2_new(t3); bn_new(x); fp_param_get_var(x); /* Compute t0 = xP. */ ep2_mul(t0, p, x); if (bn_sign(x) == BN_NEG) { ep2_neg(t0, t0); } /* Compute t1 = [x^2]P. */ ep2_mul(t1, t0, x); if (bn_sign(x) == BN_NEG) { ep2_neg(t1, t1); } /* t2 = (x^2 - x - 1)P = x^2P - x*P - P. */ ep2_sub(t2, t1, t0); ep2_sub(t2, t2, p); /* t3 = \psi(x - 1)P. */ ep2_sub(t3, t0, p); ep2_norm(t3, t3); ep2_frb(t3, t3, 1); ep2_add(t2, t2, t3); /* t3 = \psi^2(2P). */ ep2_dbl(t3, p); ep2_norm(t3, t3); ep2_frb(t3, t3, 2); ep2_add(t2, t2, t3); ep2_norm(r, t2); } CATCH_ANY { THROW(ERR_CAUGHT); } FINALLY { ep2_free(t0); ep2_free(t1); ep2_free(t2); ep2_free(t3); bn_free(x); } }
/** * Multiplies a point on a Barreto-Naehrig curve by the cofactor. * * @param[out] r - the result. * @param[in] p - the point to multiply. */ void ep2_mul_cof_bn(ep2_t r, ep2_t p) { bn_t x; ep2_t t0, t1, t2; ep2_null(t0); ep2_null(t1); ep2_null(t2); bn_null(x); TRY { ep2_new(t0); ep2_new(t1); ep2_new(t2); bn_new(x); fp_param_get_var(x); /* Compute t0 = xP. */ ep2_mul(t0, p, x); if (bn_sign(x) == BN_NEG) { ep2_neg(t0, t0); } /* Compute t1 = \psi(3xP). */ ep2_dbl(t1, t0); ep2_add(t1, t1, t0); ep2_norm(t1, t1); ep2_frb(t1, t1, 1); /* Compute t2 = \psi^3(P) + t0 + t1 + \psi^2(xP). */ ep2_frb(t2, p, 2); ep2_frb(t2, t2, 1); ep2_add(t2, t2, t0); ep2_add(t2, t2, t1); ep2_frb(t1, t0, 2); ep2_add(t2, t2, t1); ep2_norm(r, t2); } CATCH_ANY { THROW(ERR_CAUGHT); } FINALLY { ep2_free(t0); ep2_free(t1); ep2_free(t2); bn_free(x); } }