linefunction.c 5.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172
  1. /*
  2. * File: dclxvi-20130329/linefunction.c
  3. * Author: Ruben Niederhagen, Peter Schwabe
  4. * Public Domain
  5. */
  6. #include "fp2e.h"
  7. #include "curvepoint_fp.h"
  8. #include "twistpoint_fp2.h"
  9. #ifdef N_OPS
  10. unsigned long long linefunction_addctr;
  11. unsigned long long linefunction_doublectr;
  12. #endif
  13. void linefunction_add_ate(
  14. fp2e_t rop11,
  15. fp2e_t rop12,
  16. fp2e_t rop13,
  17. twistpoint_fp2_t rop2,
  18. const twistpoint_fp2_t op1,
  19. const twistpoint_fp2_t op2,
  20. const curvepoint_fp_t op3,
  21. const fp2e_t r2 // r2 = y^2, see "Faster Computation of Tate Pairings"
  22. )
  23. {
  24. #ifdef N_OPS
  25. linefunction_addctr++;
  26. #endif
  27. fp2e_t tmp0, tmp1, tmp2, tmp3, tmp4, tmp5, tmp6, tmp7, tmp8, tmp9, tmp10; // Temporary variables needed for intermediary results
  28. fp2e_mul(tmp0, op2->m_x, op1->m_t); /* tmp0 = B = x2 * T1 = x2z1^2*/
  29. fp2e_add(tmp1, op2->m_y, op1->m_z);
  30. //fp2e_short_coeffred(tmp1);
  31. fp2e_square(tmp1, tmp1);
  32. fp2e_sub2(tmp1, r2);
  33. fp2e_sub2(tmp1, op1->m_t);
  34. //fp2e_short_coeffred(tmp1);
  35. fp2e_mul(tmp1, tmp1, op1->m_t); /* tmp1 = D = ((y2 + Z1)^2 - R2 - T1)T1 = 2y2z1^3 */
  36. fp2e_sub(tmp2, tmp0, op1->m_x); /* tmp2 = H = B - X1 = x2z1^2 - x1*/
  37. //fp2e_short_coeffred(tmp2);
  38. fp2e_square(tmp3, tmp2); /* tmp3 = I = H^2 = (x2z1^2 - x1)^2*/
  39. fp2e_double(tmp4, tmp3);
  40. fp2e_double2(tmp4); /* tmp4 = E = 4I = 4(x2z1^2 - x1)^2*/
  41. fp2e_short_coeffred(tmp4);
  42. fp2e_mul(tmp5, tmp2, tmp4); /* tmp5 = J = HE = 4(x2z1^2 - x1)(x2z1^2 - x1)^2*/
  43. fp2e_sub(tmp6, tmp1, op1->m_y);
  44. fp2e_sub2(tmp6, op1->m_y); /* tmp6 = r = 2(D - 2Y1) = (2y2z1^3 - 2y1)*/
  45. fp2e_short_coeffred(tmp6);
  46. fp2e_mul(tmp9, tmp6, op2->m_x); /* Needed later: tmp9 = x2(2y2z1^3 - 2y1)*/
  47. fp2e_mul(tmp7, op1->m_x, tmp4); /* tmp7 = V = X1*E = 4x1(x2z1^2 - x1)^2*/
  48. fp2e_square(rop2->m_x, tmp6);
  49. fp2e_sub2(rop2->m_x, tmp5);
  50. fp2e_sub2(rop2->m_x, tmp7);
  51. fp2e_sub2(rop2->m_x, tmp7); /* X3 = r^2 - J - 2V = (2y2z1^3 - 2y1)^2 - 4(x2z1^2 - x1)(x2z1^2 - x1)^2 - 8x1(x2z1^2 - x1)^2*/
  52. fp2e_short_coeffred(rop2->m_x);
  53. fp2e_add(rop2->m_z, op1->m_z, tmp2);
  54. fp2e_short_coeffred(rop2->m_z);
  55. fp2e_square(rop2->m_z, rop2->m_z);
  56. fp2e_sub2(rop2->m_z, op1->m_t);
  57. fp2e_sub2(rop2->m_z, tmp3); /* Z3 = (z1 + H)^2 - T1 - I = 2z1(x2z1^2 - x1) */
  58. fp2e_short_coeffred(rop2->m_z);
  59. fp2e_add(tmp10, op2->m_y, rop2->m_z); /* Needed later: tmp10 = y2 + z3*/
  60. //fp2e_short_coeffred(tmp10);
  61. fp2e_sub(tmp8, tmp7, rop2->m_x);
  62. //fp2e_short_coeffred(tmp8);
  63. fp2e_mul(tmp8, tmp8, tmp6);
  64. fp2e_mul(tmp0, op1->m_y, tmp5);
  65. fp2e_double2(tmp0);
  66. fp2e_sub(rop2->m_y, tmp8, tmp0); /* Y3 = r(V - X3) - 2Y1*J = (2y2z1^3 - 2y1)(4x1(x2z1^2 - x1)^2 - x3) - 8y1(x2z1^2 - x1)(x2z1^2 - x1)^2*/
  67. fp2e_short_coeffred(rop2->m_y);
  68. fp2e_square(rop2->m_t, rop2->m_z); /* T3 = Z3^2 */
  69. fp2e_square(tmp10, tmp10); /* tmp10 = (y2 + z3)^2 */
  70. fp2e_sub2(tmp10, r2);
  71. fp2e_sub2(tmp10, rop2->m_t);
  72. //fp2e_short_coeffred(tmp10);
  73. fp2e_double2(tmp9);
  74. fp2e_sub(rop11, tmp9, tmp10); /* tmp9 = 4x2(y2z1^3 - y1) - 2z3y2 */
  75. fp2e_short_coeffred(rop11);
  76. fp2e_mul_fpe(tmp10, rop2->m_z, op3->m_y); /* tmp10 = z3y_Q */
  77. fp2e_double(rop13, tmp10);
  78. //fp2e_short_coeffred(rop13);
  79. fp2e_neg(tmp6, tmp6);
  80. fp2e_mul_fpe(tmp1, tmp6, op3->m_x);
  81. fp2e_double(rop12, tmp1);
  82. fp2e_short_coeffred(rop12);
  83. }
  84. void linefunction_double_ate(fp2e_t rop11, fp2e_t rop12, fp2e_t rop13, twistpoint_fp2_t rop2, const twistpoint_fp2_t op1, const curvepoint_fp_t op3)
  85. {
  86. #ifdef N_OPS
  87. linefunction_doublectr++;
  88. #endif
  89. fp2e_t tmp0, tmp1, tmp2, tmp3, tmp4, tmp5, tmp7, dummy; // Temporary variables needed for intermediary results
  90. fp2e_square(tmp0, op1->m_x); /* tmp0 = A = X1^2 = x1^2 */
  91. fp2e_square(tmp1, op1->m_y); /* tmp1 = B = Y1^2 = y1^2 */
  92. fp2e_square(tmp2, tmp1); /* tmp2 = C = B^2 = y1^4 */
  93. fp2e_add(tmp3, op1->m_x, tmp1);
  94. //fp2e_short_coeffred(tmp3);
  95. fp2e_square(tmp3, tmp3);
  96. fp2e_sub2(tmp3, tmp0);
  97. fp2e_sub2(tmp3, tmp2);
  98. fp2e_double2(tmp3); /* tmp3 = D = 2(X1 + B)^2 - A - C) = 4x1y1^2 */
  99. fp2e_triple(tmp4, tmp0); /* tmp4 = E = 3A = 3x1^2 */
  100. fp2e_short_coeffred(tmp4);
  101. fp2e_add(tmp7, tmp4, op1->m_x); /* Needed later */
  102. //fp2e_short_coeffred(tmp7);
  103. fp2e_square(tmp5, tmp4); /* tmp5 = G = E^2 = 9x1^4 */
  104. fp2e_sub(rop2->m_x, tmp5, tmp3);
  105. fp2e_sub2(rop2->m_x, tmp3); /* X3 = G - 2D = 9x1^4 - 8x1y1^2 */
  106. fp2e_short_coeffred(rop2->m_x);
  107. fp2e_add(rop2->m_z, op1->m_y, op1->m_z);
  108. //fp2e_short_coeffred(rop2->m_z);
  109. fp2e_square(rop2->m_z, rop2->m_z);
  110. fp2e_sub2(rop2->m_z, tmp1);
  111. fp2e_sub2(rop2->m_z, op1->m_t); /* Z3 = (Y1 + Z1)^2 - B - T1 = 2y1z1; */
  112. fp2e_short_coeffred(rop2->m_z);
  113. fp2e_sub(rop2->m_y, tmp3, rop2->m_x);
  114. fp2e_short_coeffred(rop2->m_y);
  115. fp2e_mul(rop2->m_y, rop2->m_y, tmp4);
  116. fp2e_double(dummy, tmp2);
  117. fp2e_double2(dummy);
  118. fp2e_double2(dummy);
  119. fp2e_sub2(rop2->m_y, dummy); /* Y3 = E(D - X3) - 8C = 3x1^2(4x1y1^2 - X3) - 8y1^4 */
  120. fp2e_short_coeffred(rop2->m_y);
  121. fp2e_mul(tmp3, tmp4, op1->m_t);
  122. fp2e_double2(tmp3);
  123. fp2e_neg(tmp3, tmp3);
  124. fp2e_mul_fpe(rop12, tmp3, op3->m_x); /* tmp3 = -6x1^2z1^2 * x_Q */
  125. fp2e_square(tmp7, tmp7);
  126. fp2e_sub2(tmp7, tmp0);
  127. fp2e_sub2(tmp7, tmp5);
  128. fp2e_double(dummy, tmp1);
  129. fp2e_double2(dummy);
  130. fp2e_sub(rop11, tmp7, dummy); /* tmp7 = 6x1^3 - 4y1^2 */
  131. fp2e_short_coeffred(rop11);
  132. fp2e_mul(tmp0, rop2->m_z, op1->m_t);
  133. fp2e_double2(tmp0);
  134. fp2e_mul_fpe(rop13, tmp0, op3->m_y);
  135. fp2e_square(rop2->m_t, rop2->m_z);
  136. }