bilintest.c 3.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138
  1. /*
  2. * File: dclxvi-20130329/bilintest.c
  3. * Author: Ruben Niederhagen, Peter Schwabe
  4. * Public Domain
  5. */
  6. #include <stdio.h>
  7. #include "curvepoint_fp.h"
  8. #include "twistpoint_fp2.h"
  9. #include "fp12e.h"
  10. #include "optate.h"
  11. extern const curvepoint_fp_t bn_curvegen;
  12. extern const twistpoint_fp2_t bn_twistgen;
  13. extern const scalar_t bn_n;
  14. int main(int argc, char* argv[])
  15. {
  16. fp12e_t e1, e2, e3;
  17. curvepoint_fp_t p1;
  18. twistpoint_fp2_t p2;
  19. scalar_t s1, s2;
  20. int i;
  21. // Test with neutral element as argument
  22. scalar_setrandom(s1, bn_n);
  23. curvepoint_fp_set(p1, bn_curvegen);
  24. twistpoint_fp2_setneutral(p2);
  25. fpe_isreduced(p1->m_x);
  26. fpe_isreduced(p1->m_y);
  27. curvepoint_fp_scalarmult_vartime(p1, p1, s1);
  28. curvepoint_fp_makeaffine(p1);
  29. optate(e1, p2, p1);
  30. if(!fp12e_isone(e1))
  31. printf("Error in optimal ate: e(infty,P) != 1\n");
  32. scalar_setrandom(s2, bn_n);
  33. curvepoint_fp_setneutral(p1);
  34. twistpoint_fp2_set(p2, bn_twistgen);
  35. fp2e_isreduced(p2->m_x);
  36. fp2e_isreduced(p2->m_y);
  37. twistpoint_fp2_scalarmult_vartime(p2, p2, s2);
  38. twistpoint_fp2_makeaffine(p2);
  39. optate(e1, p2, p1);
  40. if(!fp12e_isone(e1))
  41. printf("Error in optimal ate: e(Q,infty) != 1\n");
  42. // Bilinearity test of optimal ate Pairing:
  43. for(i=0;i<NTESTS;i++)
  44. {
  45. #if (NTESTS > 100)
  46. if(!(i%(NTESTS/100)) && i!=0) printf("Number of tests: %d\n",i);
  47. #else
  48. if(i!=0) printf("Number of tests: %d\n",i);
  49. #endif
  50. scalar_setrandom(s1, bn_n);
  51. scalar_setrandom(s2, bn_n);
  52. curvepoint_fp_set(p1, bn_curvegen);
  53. twistpoint_fp2_set(p2, bn_twistgen);
  54. fpe_isreduced(p1->m_x);
  55. fpe_isreduced(p1->m_y);
  56. fp2e_isreduced(p2->m_x);
  57. fp2e_isreduced(p2->m_y);
  58. curvepoint_fp_scalarmult_vartime(p1, p1, s1);
  59. curvepoint_fp_makeaffine(p1);
  60. twistpoint_fp2_scalarmult_vartime(p2, p2, s2);
  61. twistpoint_fp2_makeaffine(p2);
  62. optate(e1, p2, p1);
  63. curvepoint_fp_set(p1, bn_curvegen);
  64. twistpoint_fp2_set(p2, bn_twistgen);
  65. fpe_isreduced(p1->m_x);
  66. fpe_isreduced(p1->m_y);
  67. fp2e_isreduced(p2->m_x);
  68. fp2e_isreduced(p2->m_y);
  69. curvepoint_fp_scalarmult_vartime(p1, p1, s2);
  70. curvepoint_fp_makeaffine(p1);
  71. twistpoint_fp2_scalarmult_vartime(p2, p2, s1);
  72. twistpoint_fp2_makeaffine(p2);
  73. optate(e2, p2, p1);
  74. curvepoint_fp_set(p1, bn_curvegen);
  75. twistpoint_fp2_set(p2, bn_twistgen);
  76. optate(e3, p2, p1);
  77. fp12e_pow_vartime(e3, e3, s1);
  78. fp12e_pow_vartime(e3, e3, s2);
  79. if(!fp12e_iseq(e1,e2))
  80. {
  81. printf("Error in optimal ate: e1 != e2\n");
  82. printf("e1: ");
  83. fp12e_print(stdout, e1);
  84. printf("\ne2: ");
  85. fp12e_print(stdout, e2);
  86. printf("\nScalars:\n");
  87. printf("s1: ");
  88. scalar_print(stdout, s1);
  89. printf("\ns2: ");
  90. scalar_print(stdout, s2);
  91. printf("\n");
  92. }
  93. else if(!fp12e_iseq(e2,e3))
  94. {
  95. printf("Error in optimal ate: e2 != e3\n");
  96. printf("e2: ");
  97. fp12e_print(stdout, e2);
  98. printf("\ne3: ");
  99. fp12e_print(stdout, e3);
  100. printf("\nScalars:\n");
  101. printf("s1: ");
  102. scalar_print(stdout, s1);
  103. printf("\ns2: ");
  104. scalar_print(stdout, s2);
  105. printf("\n");
  106. }
  107. else if(fp12e_iszero(e2))
  108. printf("Error: Pairing value is zero\n");
  109. else if(fp12e_isone(e2))
  110. printf("Warning: Pairing value is one\n");
  111. }
  112. return 0;
  113. }