-
Notifications
You must be signed in to change notification settings - Fork 10
/
Copy pathEC_Pairing.hpp
112 lines (85 loc) · 2.9 KB
/
EC_Pairing.hpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
#ifndef _SNARKLIB_EC_PAIRING_HPP_
#define _SNARKLIB_EC_PAIRING_HPP_
#include <gmp.h>
#include <vector>
#include <snarklib/BigInt.hpp>
namespace snarklib {
////////////////////////////////////////////////////////////////////////////////
// Elliptic curve pairing templated functions
//
template <typename T, typename B, typename C, typename P>
void precompLoop(std::vector<T>& coeffs,
const B& Q,
C& R,
P& PAIRING)
{
const auto& loop_count = PAIRING.ate_loop_count();
bool found_one = false;
for (long i = loop_count.maxBits(); i >= 0; --i) {
const bool bit = loop_count.testBit(i);
if (! found_one) {
found_one |= bit;
continue;
}
coeffs.push_back(
PAIRING.doubling_step_for_flipped_miller_loop(R));
if (bit) {
coeffs.push_back(
PAIRING.mixed_addition_step_for_flipped_miller_loop(Q, R));
}
}
}
template <typename P>
typename P::GT millerLoop(const typename P::G1_precomp& prec_P,
const typename P::G2_precomp& prec_Q,
P& PAIRING)
{
auto f = P::GT::one();
std::size_t idx = 0;
const auto& loop_count = PAIRING.ate_loop_count();
bool found_one = false;
for (long i = loop_count.maxBits(); i >= 0; --i) {
const bool bit = loop_count.testBit(i);
if (! found_one) {
found_one |= bit;
continue;
}
f = PAIRING.millerMul(squared(f), prec_P, prec_Q, prec_Q.coeffs[idx++]);
if (bit) {
f = PAIRING.millerMulBit(f, prec_P, prec_Q, prec_Q.coeffs[idx++]);
}
}
f = PAIRING.millerFinish(f, prec_P, prec_Q, idx);
return f;
}
template <typename P>
typename P::GT doubleMillerLoop(const typename P::G1_precomp& prec_P1,
const typename P::G2_precomp& prec_Q1,
const typename P::G1_precomp& prec_P2,
const typename P::G2_precomp& prec_Q2,
P& PAIRING)
{
auto f = P::GT::one();
std::size_t idx = 0;
const auto& loop_count = PAIRING.ate_loop_count();
bool found_one = false;
for (long i = loop_count.maxBits(); i >= 0; --i) {
const bool bit = loop_count.testBit(i);
if (! found_one) {
found_one |= bit;
continue;
}
f = PAIRING.millerMul(squared(f), prec_P1, prec_Q1, prec_Q1.coeffs[idx]);
f = PAIRING.millerMul(f, prec_P2, prec_Q2, prec_Q2.coeffs[idx]);
++idx;
if (bit) {
f = PAIRING.millerMulBit(f, prec_P1, prec_Q1, prec_Q1.coeffs[idx]);
f = PAIRING.millerMulBit(f, prec_P2, prec_Q2, prec_Q2.coeffs[idx]);
++idx;
}
}
f = PAIRING.doubleMillerFinish(f, prec_P1, prec_Q1, prec_P2, prec_Q2, idx);
return f;
}
} // namespace snarklib
#endif