optate.c 3.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125
  1. /*
  2. * File: dclxvi-20130329/optate.c
  3. * Author: Ruben Niederhagen, Peter Schwabe
  4. * Public Domain
  5. */
  6. #include <stdio.h>
  7. #include "fp2e.h"
  8. #include "fp6e.h"
  9. #include "fp12e.h"
  10. #include "curvepoint_fp.h"
  11. #include "twistpoint_fp2.h"
  12. #include "linefunction.h"
  13. #include "final_expo.h"
  14. #include "optate.h"
  15. //#include "parameters.h"
  16. extern const unsigned long bn_naflen_6uplus2;
  17. extern const scalar_t bn_6uplus2;
  18. extern const fpe_t bn_zeta2;
  19. extern const fp2e_t bn_z2p;
  20. extern const fp2e_t bn_z3p;
  21. extern const signed char bn_6uplus2_naf[66];
  22. void optate_miller(fp12e_t rop, const twistpoint_fp2_t op1, const curvepoint_fp_t op2)
  23. {
  24. // op1 and op2 are assumed to be in affine coordinates!
  25. twistpoint_fp2_t q1, q2;//, q3;
  26. fp12e_setone(rop);
  27. fp2e_t dummy1, dummy2, dummy3;
  28. fp2e_t tfp2e1, tfp2e2;
  29. twistpoint_fp2_t r, t, mop1;
  30. twistpoint_fp2_set(r, op1);
  31. twistpoint_fp2_neg(mop1, op1);
  32. fp2e_setone(r->m_t); /* As r has to be in affine coordinates this is ok */
  33. fp2e_setone(t->m_t); /* As t has to be in affine coordinates this is ok */
  34. fp2e_t r2;
  35. fp2e_square(r2, op1->m_y);
  36. unsigned int i;
  37. /*
  38. for(i = bn_bitlen_6uplus2 - 1; i > 0; i--)
  39. {
  40. linefunction_double_ate(dummy1, dummy2, dummy3, r, r, op2);
  41. if(i != bn_bitlen_6uplus2 -1) fp12e_square(rop, rop);
  42. fp12e_mul_line(rop, rop, dummy1, dummy2, dummy3);
  43. if (scalar_getbit(bn_6uplus2, i - 1))
  44. {
  45. linefunction_add_ate(dummy1, dummy2, dummy3, r, r, op1, op2, r2);
  46. fp12e_mul_line(rop, rop, dummy1, dummy2, dummy3);
  47. }
  48. }
  49. */
  50. for(i = bn_naflen_6uplus2-1; i > 0; i--)
  51. {
  52. linefunction_double_ate(dummy1, dummy2, dummy3, r, r, op2);
  53. if(i != bn_naflen_6uplus2 -1) fp12e_square(rop, rop);
  54. fp12e_mul_line(rop, rop, dummy1, dummy2, dummy3);
  55. if (bn_6uplus2_naf[i-1]==1)
  56. {
  57. linefunction_add_ate(dummy1, dummy2, dummy3, r, r, op1, op2, r2);
  58. fp12e_mul_line(rop, rop, dummy1, dummy2, dummy3);
  59. }
  60. if (bn_6uplus2_naf[i-1]==-1)
  61. {
  62. linefunction_add_ate(dummy1, dummy2, dummy3, r, r, mop1, op2, r2);
  63. fp12e_mul_line(rop, rop, dummy1, dummy2, dummy3);
  64. }
  65. }
  66. /* Compute Q2 */
  67. fp2e_mul_fpe(tfp2e1, op1->m_x, bn_zeta2);
  68. twistpoint_fp2_affineset_fp2e(q2, tfp2e1, op1->m_y);
  69. /* Compute Q1 */
  70. fp2e_set(tfp2e1, op1->m_x);
  71. fp2e_conjugate(tfp2e1, tfp2e1);
  72. fp2e_mul(tfp2e1, tfp2e1, bn_z2p);
  73. /*
  74. printf("\n");
  75. fp2e_print(stdout, bn_z2p);
  76. printf("\n");
  77. */
  78. fp2e_set(tfp2e2, op1->m_y);
  79. fp2e_conjugate(tfp2e2, tfp2e2);
  80. fp2e_mul(tfp2e2, tfp2e2, bn_z3p);
  81. twistpoint_fp2_affineset_fp2e(q1, tfp2e1, tfp2e2);
  82. /* Compute Q3 */
  83. //fp2e_mul_fpe(tfp2e3, tfp2e1, bn_zeta2);
  84. //fp2e_neg(tfp2e2, tfp2e2);
  85. //twistpoint_fp2_affineset_fp2e(q3, tfp2e3, tfp2e2);
  86. /* Remaining line functions */
  87. fp2e_square(r2, q1->m_y);
  88. linefunction_add_ate(dummy1, dummy2, dummy3, t, r, q1, op2, r2);
  89. fp12e_mul_line(rop, rop, dummy1, dummy2, dummy3);
  90. fp2e_square(r2, q2->m_y);
  91. linefunction_add_ate(dummy1, dummy2, dummy3, t, t, q2, op2, r2);
  92. fp12e_mul_line(rop, rop, dummy1, dummy2, dummy3);
  93. //fp2e_square(r2, q3->m_y);
  94. //linefunction_add_ate(dummy1, dummy2, dummy3, t, t, q3, op2, r2);
  95. //fp12e_mul_line(rop, rop, dummy1, dummy2, dummy3);
  96. }
  97. void optate(fp12e_t rop, const twistpoint_fp2_t op1, const curvepoint_fp_t op2)
  98. {
  99. int retone;
  100. fp12e_t d;
  101. fp12e_setone(d);
  102. optate_miller(rop, op1, op2);
  103. final_expo(rop);
  104. retone = fp2e_iszero(op1->m_z);
  105. retone |= fpe_iszero(op2->m_z);
  106. fp12e_cmov(rop, d, retone);
  107. }