Added K18-P354 curve.

relic-toolkit · Sep 11, 2024 · d712ae9 · d712ae9
1 parent 12cf3d6
commit d712ae9
Show file tree

Hide file tree

Showing 11 changed files with 100 additions and 10 deletions.
diff --git a/include/relic_ep.h b/include/relic_ep.h
@@ -141,6 +141,8 @@ enum {
 	B24_P317,
 	/** Kachisa-Schaefer-Scott with embedding degree 16. */
 	K16_P330,
+	/** Kachisa-Schaefer-Scott curve with embedding degree 18. */
+	K18_P354,
 	/** Barreto-Lynn-Scott curve with embedding degree 12 (SNARK curve). */
 	B12_P377,
 	/** Barreto-Lynn-Scott curve with embedding degree 12 (ZCash curve). */

diff --git a/include/relic_fp.h b/include/relic_fp.h
@@ -126,6 +126,8 @@ enum {
 	K16_330,
 	/** 381-bit prime for BLS curve of embedding degree 12 (SNARKs). */
 	B12_377,
+	/** 354-bit prime for KSS curve of embedding degree 18. */
+	K18_354,
 	/** 381-bit prime for BLS curve of embedding degree 12 (Zcash). */
 	B12_381,
 	/** 382-bit prime provided by Barreto for BN curve. */

diff --git a/include/relic_pc.h b/include/relic_pc.h
@@ -62,7 +62,7 @@
 #elif FP_PRIME == 315 || FP_PRIME == 317 || FP_PRIME == 330 || FP_PRIME == 509 || FP_PRIME == 765 || FP_PRIME == 766
 #define RLC_G2_LOWER			ep4_
 #define RLC_G2_BASEF(A)			A[0][0]
-#elif FP_PRIME == 508 || FP_PRIME == 768 || FP_PRIME == 638 && !defined(FP_QNRES)
+#elif FP_PRIME == 354 || FP_PRIME == 508 || FP_PRIME == 768 || FP_PRIME == 638 && !defined(FP_QNRES)
 #define RLC_G2_LOWER			ep3_
 #define RLC_G2_BASEF(A)			A[0]
 #else
@@ -78,7 +78,7 @@
 #elif FP_PRIME == 315 || FP_PRIME == 317 || FP_PRIME == 509
 #define RLC_GT_LOWER			fp24_
 #define RLC_GT_EMBED      		24
-#elif FP_PRIME == 508 || FP_PRIME == 768 || FP_PRIME == 638 && !defined(FP_QNRES)
+#elif FP_PRIME == 354 || FP_PRIME == 508 || FP_PRIME == 768 || FP_PRIME == 638 && !defined(FP_QNRES)
 #define RLC_GT_LOWER			fp18_
 #define RLC_GT_EMBED      		18
 #elif FP_PRIME == 330 || FP_PRIME == 765 || FP_PRIME == 766

diff --git a/preset/x64-pbc-kss18-354.sh b/preset/x64-pbc-kss18-354.sh
@@ -0,0 +1,2 @@
+#!/bin/sh
+cmake -DWSIZE=64 -DRAND=UDEV -DSHLIB=OFF -DSTBIN=ON -DTIMER=CYCLE -DCHECK=off -DVERBS=off -DARITH=x64-asm-6l -DFP_PRIME=354 -DFP_METHD="INTEG;INTEG;INTEG;MONTY;JMPDS;JMPDS;SLIDE" -DCFLAGS="-O3 -funroll-loops -fomit-frame-pointer -march=native -mtune=native" -DFP_PMERS=off -DFP_QNRES=off -DFPX_METHD="INTEG;INTEG;LAZYR" -DEP_PLAIN=off -DEP_SUPER=off -DPP_METHD="LAZYR;OATEP" -DWITH="ALL" $1
diff --git a/src/ep/relic_ep_param.c b/src/ep/relic_ep_param.c
@@ -419,7 +419,7 @@
 
 #if defined(EP_ENDOM) && FP_PRIME == 330
 /**
- * Parameters for a 766-bit pairing-friendly prime curve.
+ * Parameters for a 330-bit pairing-friendly prime curve.
  */
 /** @{ */
 #define K16_P330_A		"1"
@@ -431,6 +431,20 @@
 /** @} */
 #endif
 
+#if defined(EP_ENDOM) && FP_PRIME == 354
+/**
+ * Parameters for a 354-bit pairing-friendly prime curve.
+ */
+/** @{ */
+#define K18_P354_A		"0"
+#define K18_P354_B		"2"
+#define K18_P354_X		"2FF2367676645FED0C3D8ACD28BE62A86B5D4FA670073CF2ECC52B9C0605E22F3A160D93F4FFAD78C16662"
+#define K18_P354_Y		"34210146B78362C463D0AE93AC24EEA5DB23E938A2411E34BCD35DAC55BE7D05CE9C0321D8783772527649"
+#define K18_P354_R		"22D4230DB8342C5981301C8070000000BCA4DE1983DCC0000000000000000001"
+#define K18_P354_H		"942D1B947092D3F06AAAB1D"
+/** @} */
+#endif
+
 #if defined(EP_ENDOM) && FP_PRIME == 377
 /**
 * Parameters for a 377-bit pairing-friendly prime curve.
@@ -1039,6 +1053,13 @@ void ep_param_set(int param) {
 				pairf = EP_K16;
 				break;
 #endif
+#if defined(EP_ENDOM) & FP_PRIME == 354
+			case K18_P354:
+				ASSIGN(K18_P354, K18_354);
+				endom = 1;
+				pairf = EP_K18;
+				break;
+#endif
 #if defined(EP_ENDOM) & FP_PRIME == 377
 			case B12_P377:
 				ASSIGN(B12_P377, B12_377);
@@ -1456,6 +1477,8 @@ int ep_param_set_any_endom(void) {
 	ep_param_set(B24_P317);
 #elif FP_PRIME == 330
 	ep_param_set(K16_P330);
+#elif FP_PRIME == 354
+	ep_param_set(K18_P354);
 #elif FP_PRIME == 377
 	ep_param_set(B12_P377);
 #elif FP_PRIME == 381
@@ -1543,6 +1566,10 @@ int ep_param_set_any_pairf(void) {
 	ep_param_set(K16_P330);
 	type = RLC_EP_MTYPE;
 	extension = 4;
+#elif FP_PRIME == 354
+	ep_param_set(K18_P354);
+	type = RLC_EP_DTYPE;
+	extension = 3;
 #elif FP_PRIME == 377
 	ep_param_set(B12_P377);
 	type = RLC_EP_DTYPE;
@@ -1725,6 +1752,9 @@ void ep_param_print(void) {
 		case K16_P330:
 			util_banner("Curve K16-P330:", 0);
 			break;
+		case K18_P354:
+			util_banner("Curve K18-P354:", 0);
+			break;
 		case B12_P377:
 			util_banner("Curve B12-P377:", 0);
 			break;
@@ -1834,14 +1864,15 @@ int ep_param_level(void) {
 			return 128;
 		case B24_P315:
 		case B24_P317:
+		case K18_P354:
 		case B12_P377:
 		case K16_P330:
 		case B12_P381:
 		case BN_P382:
 		case B12_P383:
 		case BN_P446:
 		case B12_P446:
-		case GMT8_544:
+		case GMT8_P544:
 		case SS_P1536:
 			return 128;
 		case B12_P455:

diff --git a/src/epx/relic_ep3_curve.c b/src/epx/relic_ep3_curve.c
@@ -36,11 +36,33 @@
 /* Private definitions                                                        */
 /*============================================================================*/
 
-#if defined(EP_ENDOM) && FP_PRIME == 508
+#if defined(EP_ENDOM) && FP_PRIME == 354
 /**
  * Parameters for a pairing-friendly prime curve over a quadratic extension.
  */
 /** @{ */
+#define K18_P354_A0		"0"
+#define K18_P354_A1		"0"
+#define K18_P354_A2		"0"
+#define K18_P354_B0		"0"
+#define K18_P354_B1		"0"
+#define K18_P354_B2		"1"
+#define K18_P354_X0		"0610B9E63ACF3075E9FD16A5DAD4122E5B75B025295B7E8F49AB263FCA33640C66DA49DDC2E602CC8A65707"
+#define K18_P354_X1		"12BE42281E4312CE6D00FA52B1EE0B533F26195FBBF7A629A0154E37BAA6DF23907DD58CCAD1F86AD589B6F"
+#define K18_P354_X2		"07F6A46EC13CD2CAC91A5F603234270AD7C568D6200C74F5440AFD2F9F7EC86EB8AEF7EEBA205D093F389F8"
+#define K18_P354_Y0		"1109E1AEBA3644FCEA4BB3628A41AB34991705F9DEFF5C6D71DC8F1BD3F6AC9763939B285322652D920F85F"
+#define K18_P354_Y1		"0CFD794CFDFF35D3C72F8EC1E7FF3C1F3F9827BC4568DAB9A7B924D6FDA4436D08A46174F6E7A6A1DDA9267"
+#define K18_P354_Y2		"0FFC2B0D999E6593B18B2A623B3D1175A082D896385107A18121938C730CC7A23BF21CC21E278F17A38F268"
+#define K18_P354_R		"22D4230DB8342C5981301C8070000000BCA4DE1983DCC0000000000000000001"
+#define K18_P354_H		"EB3A5DFCC91261F375C5967288E92C811BB4A588A6B8E3EF6FB8F0D7E82DC1643EAC9D700CF4C79FD0C1106A41A118CD0DCFEBFE5E4A6E75ABD641D569347216AA11E7F972AEA3F8108366A1220A3F4A15F1C1B638F897EC0A5976F6EC47B0D4B6B"
+/** @} */
+#endif
+
+#if defined(EP_ENDOM) && FP_PRIME == 508
+/**
+ * Parameters for a pairing-friendly prime curve over a cubic extension.
+ */
+/** @{ */
 #define K18_P508_A0		"0"
 #define K18_P508_A1		"0"
 #define K18_P508_A2		"0"
@@ -200,6 +222,9 @@ void ep3_curve_init(void) {
 	ep3_new(ctx->ep3_g);
 	fp3_new(ctx->ep3_a);
 	fp3_new(ctx->ep3_b);
+	fp3_new(ctx->ep3_frb[0]);
+	fp3_new(ctx->ep3_frb[1]);
+	fp3_new(ctx->ep3_frb[2]);
 #endif
 
 #ifdef EP_PRECO
@@ -230,6 +255,9 @@ void ep3_curve_clean(void) {
 		ep3_free(ctx->ep3_g);
 		fp3_free(ctx->ep3_a);
 		fp3_free(ctx->ep3_b);
+		fp3_free(ctx->ep3_frb[0]);
+		fp3_free(ctx->ep3_frb[1]);
+		fp3_free(ctx->ep3_frb[2]);
 	}
 }
 
@@ -356,7 +384,11 @@ void ep3_curve_set_twist(int type) {
 		bn_new(h);
 
 		switch (ep_param_get()) {
-#if FP_PRIME == 508
+#if FP_PRIME == 354
+			case K18_P354:
+				ASSIGN(K18_P354);
+				break;
+#elif FP_PRIME == 508
 			case K18_P508:
 				ASSIGN(K18_P508);
 				break;

diff --git a/src/fp/relic_fp_param.c b/src/fp/relic_fp_param.c
@@ -335,6 +335,17 @@ void fp_param_set(int param) {
 				bn_sub_dig(t0, t0, 31);
 				fp_prime_set_pairf(t0, EP_K16);
 				break;
+#elif FP_PRIME == 354
+			case K18_354:
+				/* x = 2^43 + 2^42 + 2^35 + 2^34 + 2^30 + 2^26. */
+				bn_set_2b(t0, 43);
+				bn_set_bit(t0, 42, 1);
+				bn_set_bit(t0, 35, 1);
+				bn_set_bit(t0, 34, 1);
+				bn_set_bit(t0, 30, 1);
+				bn_set_bit(t0, 26, 1);
+				fp_prime_set_pairf(t0, EP_K18);
+				break;
 #elif FP_PRIME == 377
 			case B12_377:
 				/* x = 2^63 + 2^58 + 2^56 + 2^51 + 2^47 + 2^46 + 1. */
@@ -790,6 +801,8 @@ int fp_param_set_any_tower(void) {
 	fp_param_set(B24_317);
 #elif FP_PRIME == 330
 	fp_param_set(K16_330);
+#elif FP_PRIME == 354
+	fp_param_set(K18_354);
 #elif FP_PRIME == 377
 	fp_param_set(B12_377);
 #elif FP_PRIME == 381

diff --git a/src/fpx/relic_fpx_srt.c b/src/fpx/relic_fpx_srt.c
@@ -170,8 +170,8 @@ int fp3_is_sqr(const fp3_t a) {
 	} RLC_CATCH_ANY {
 		RLC_THROW(ERR_CAUGHT);
 	} RLC_FINALLY {
-		fp2_free(t);
-		fp2_free(u);
+		fp3_free(t);
+		fp3_free(u);
 	}
 
 	return r;

diff --git a/src/low/x64-asm-6l/macro.s b/src/low/x64-asm-6l/macro.s
@@ -48,6 +48,14 @@
 #define P4	0xC63B05C06CA1493B
 #define P5	0X01AE3A4617C510EA
 #define U0	0x8508BFFFFFFFFFFF
+#elif FP_PRIME == 354
+#define P0	0x470948C8C6AAAB1D
+#define P1	0x2E5DA80FED8491B9
+#define P2	0x8E6E049BE3926C48
+#define P3	0xA1928ADE1A404A33
+#define P4	0xEA98F0A5315F4B6B
+#define P5	0x1428C74
+#define U0	0xE03977E479F290CB
 #elif FP_PRIME == 381
 #define P0	0xB9FEFFFFFFFFAAAB
 #define P1	0x1EABFFFEB153FFFF

diff --git a/src/pc/relic_pc_util.c b/src/pc/relic_pc_util.c
@@ -56,7 +56,7 @@ void gt_rand(gt_t a) {
 	pp_exp_k24(a, a);
 #elif FP_PRIME == 330 || FP_PRIME == 765 || FP_PRIME == 766
 	pp_exp_k16(a, a);
-#elif FP_PRIME == 508 || FP_PRIME == 768 || FP_PRIME == 638 && !defined(FP_QNRES)
+#elif FP_PRIME == 354 || FP_PRIME == 508 || FP_PRIME == 768 || FP_PRIME == 638 && !defined(FP_QNRES)
 	pp_exp_k18(a, a);
 #elif FP_PRIME == 544
 	pp_exp_k8(a, a);

diff --git a/src/pp/relic_pp_map_k18.c b/src/pp/relic_pp_map_k18.c
@@ -213,7 +213,7 @@ static void pp_fin_k18_oatep(fp18_t r, ep3_t t, const ep3_t q, const ep_t p,
         fp18_new(u);
         fp18_new(v);
         ep3_new(_q);
-        ep3_null(_p);
+        ep_new(_p);
 
 		/* Compute additional line function. */
 		fp18_zero(u);