map_to_g2.c: switch to new sqrt_fp2 (and rearrange the layout).

emlowe · Dec 2, 2020 · c35d034 · c35d034
1 parent 86c4def
commit c35d034
Show file tree

Hide file tree

Showing 10 changed files with 87 additions and 312 deletions.
diff --git a/src/client_min_pk.c b/src/client_min_pk.c
@@ -6,11 +6,12 @@
 
 #include "keygen.c"
 #include "e2.c"
-#include "exp2.c"
 #include "hash_to_field.c"
 #include "map_to_g2.c"
 #include "e1.c"
 #include "exp.c"
+#include "recip.c"
+#include "sqrt.c"
 #include "consts.c"
 #include "vect.c"
 #include "exports.c"
diff --git a/src/client_min_sig.c b/src/client_min_sig.c
@@ -6,11 +6,12 @@
 
 #include "keygen.c"
 #include "e1.c"
-#include "exp.c"
 #include "hash_to_field.c"
 #include "map_to_g1.c"
 #include "e2.c"
-#include "exp2.c"
+#include "exp.c"
+#include "recip.c"
+#include "sqrt.c"
 #include "consts.c"
 #include "vect.c"
 #include "exports.c"
diff --git a/src/exp.c b/src/exp.c
@@ -5,19 +5,6 @@
  */
 
 #include "vect.h"
-#include "fields.h"
-
-static void reciprocal_fp(vec384 out, const vec384 inp)
-{
-    vec768 temp;
-
-    ct_inverse_mod_383(temp, inp, BLS12_381_P);
-    redc_mont_384(out, temp, BLS12_381_P, p0);
-    mul_mont_384(out, out, BLS12_381_RR, BLS12_381_P, p0);
-}
-
-void blst_fp_inverse(vec384 out, const vec384 inp)
-{   reciprocal_fp(out, inp);   }
 
 /*
  * |out| = |inp|^|pow|, small footprint, public exponent
@@ -52,85 +39,17 @@ static void exp_mont_384(vec384 out, const vec384 inp, const byte *pow,
 #endif
 }
 
-#ifdef __OPTIMIZE_SIZE__
-static void recip_sqrt_fp_3mod4(vec384 out, const vec384 inp)
+static void exp_mont_384x(vec384x out, const vec384x inp, const byte *pow,
+                          size_t pow_bits, const vec384 p, limb_t n0)
 {
-    static const byte BLS_12_381_P_minus_3_div_4[] = {
-        TO_BYTES(0xee7fbfffffffeaaa), TO_BYTES(0x07aaffffac54ffff),
-        TO_BYTES(0xd9cc34a83dac3d89), TO_BYTES(0xd91dd2e13ce144af),
-        TO_BYTES(0x92c6e9ed90d2eb35), TO_BYTES(0x0680447a8e5ff9a6)
-    };
+    vec384x ret;
 
-    exp_mont_384(out, inp, BLS_12_381_P_minus_3_div_4, 379, BLS12_381_P, p0);
-}
-#else
-# if 1
-/*
- * "383"-bit variant omits full reductions at the ends of squarings,
- * which results in up to ~15% improvement. [One can improve further
- * by omitting full reductions even after multiplications and
- * performing final reduction at the very end of the chain.]
- */
-static inline void sqr_n_mul_fp(vec384 out, const vec384 a, size_t count,
-                                const vec384 b)
-{   sqr_n_mul_mont_383(out, a, count, BLS12_381_P, p0, b);   }
-# else
-static void sqr_n_mul_fp(vec384 out, const vec384 a, size_t count,
-                         const vec384 b)
-{
-    while(count--) {
-        sqr_fp(out, a);
-        a = out;
+    vec_copy(ret, inp, sizeof(ret));  /* |ret| = |inp|^1 */
+    --pow_bits; /* most significant bit is accounted for, skip over */
+    while (pow_bits--) {
+        sqr_mont_384x(ret, ret, p, n0);
+        if (is_bit_set(pow, pow_bits))
+            mul_mont_384x(ret, ret, inp, p, n0);
     }
-    mul_fp(out, out, b);
-}
-# endif
-
-# define sqr(ret,a)		sqr_fp(ret,a)
-# define mul(ret,a,b)		mul_fp(ret,a,b)
-# define sqr_n_mul(ret,a,n,b)	sqr_n_mul_fp(ret,a,n,b)
-
-# include "sqrt-addchain.h"
-static void recip_sqrt_fp_3mod4(vec384 out, const vec384 inp)
-{
-    RECIP_SQRT_MOD_BLS12_381_P(out, inp, vec384);
+    vec_copy(out, ret, sizeof(ret));  /* |out| = |ret| */
 }
-# undef RECIP_SQRT_MOD_BLS12_381_P
-
-# undef sqr_n_mul
-# undef sqr
-# undef mul
-#endif
-
-static bool_t recip_sqrt_fp(vec384 out, const vec384 inp)
-{
-    vec384 t0, t1;
-    bool_t ret;
-
-    recip_sqrt_fp_3mod4(t0, inp);
-
-    mul_fp(t1, t0, inp);
-    sqr_fp(t1, t1);
-    ret = vec_is_equal(t1, inp, sizeof(t1));
-    vec_copy(out, t0, sizeof(t0));
-
-    return ret;
-}
-
-static bool_t sqrt_fp(vec384 out, const vec384 inp)
-{
-    vec384 t0, t1;
-    bool_t ret;
-
-    recip_sqrt_fp_3mod4(t0, inp);
-
-    mul_fp(t0, t0, inp);
-    sqr_fp(t1, t0);
-    ret = vec_is_equal(t1, inp, sizeof(t1));
-    vec_copy(out, t0, sizeof(t0));
-
-    return ret;
-}
-
-int blst_fp_sqrt(vec384 out, const vec384 inp)
-{   return (int)sqrt_fp(out, inp);   }
diff --git a/src/exp2.c b/src/exp2.c
diff --git a/src/exports.c b/src/exports.c
@@ -80,9 +80,6 @@ void blst_fp_sqr(vec384 ret, const vec384 a)
 void blst_fp_cneg(vec384 ret, const vec384 a, int flag)
 {   cneg_fp(ret, a, is_zero(flag) ^ 1);   }
 
-void blst_fp_eucl_inverse(vec384 ret, const vec384 a)
-{   reciprocal_fp(ret, a);   }
-
 void blst_fp_to(vec384 ret, const vec384 a)
 {   mul_fp(ret, a, BLS12_381_RR);   }
 

diff --git a/src/fields.h b/src/fields.h
@@ -84,6 +84,17 @@ static inline void cneg_fp2(vec384x ret, const vec384x a, bool_t flag)
 
 #define vec_load_global vec_copy
 
+static void reciprocal_fp(vec384 out, const vec384 inp);
+static bool_t recip_sqrt_fp(vec384 out, const vec384 inp);
+static bool_t sqrt_fp(vec384 out, const vec384 inp);
+
+static void reciprocal_fp2(vec384x out, const vec384x inp);
+static bool_t recip_sqrt_fp2(vec384x out, const vec384x inp,
+                             const vec384x recip_ZZZ, const vec384x magic_ZZZ);
+static bool_t sqrt_fp2(vec384x out, const vec384x inp);
+static bool_t sqrt_align_fp2(vec384x out, const vec384x ret,
+                             const vec384x sqrt, const vec384x inp);
+
 typedef vec384x   vec384fp2;
 typedef vec384fp2 vec384fp6[3];
 typedef vec384fp6 vec384fp12[2];