Wire Sysio Wire Sysion 1.0.0
Loading...
Searching...
No Matches
Public Types | Public Member Functions | Static Public Member Functions | Public Attributes | Static Public Attributes | Friends | List of all members
libff::bn128_G1 Class Reference

#include <bn128_g1.hpp>

Collaboration diagram for libff::bn128_G1:
Collaboration graph
[legend]

Public Types

typedef bn128_Fq base_field
 
typedef bn128_Fr scalar_field
 

Public Member Functions

void fill_coord (bn::Fp coord[3]) const
 
 bn128_G1 ()
 
 bn128_G1 (bn::Fp coord[3])
 
void print () const
 
void print_coordinates () const
 
void to_affine_coordinates ()
 
void to_special ()
 
bool is_special () const
 
bool is_zero () const
 
bool operator== (const bn128_G1 &other) const
 
bool operator!= (const bn128_G1 &other) const
 
bn128_G1 operator+ (const bn128_G1 &other) const
 
bn128_G1 operator- () const
 
bn128_G1 operator- (const bn128_G1 &other) const
 
bn128_G1 add (const bn128_G1 &other) const
 
bn128_G1 mixed_add (const bn128_G1 &other) const
 
bn128_G1 dbl () const
 
bool is_well_formed () const
 

Static Public Member Functions

static bn128_G1 zero ()
 
static bn128_G1 one ()
 
static bn128_G1 random_element ()
 
static size_t size_in_bits ()
 
static bigint< base_field::num_limbsbase_field_char ()
 
static bigint< scalar_field::num_limbsorder ()
 
static void batch_to_special_all_non_zeros (std::vector< bn128_G1 > &vec)
 

Public Attributes

bn::Fp X
 
bn::Fp Y
 
bn::Fp Z
 

Static Public Attributes

static std::vector< size_t > wnaf_window_table
 
static std::vector< size_t > fixed_base_exp_window_table
 
static bn128_G1 G1_zero = {}
 
static bn128_G1 G1_one = {}
 
static bool initialized = false
 

Friends

std::ostream & operator<< (std::ostream &out, const bn128_G1 &g)
 
std::istream & operator>> (std::istream &in, bn128_G1 &g)
 

Detailed Description

Definition at line 23 of file bn128_g1.hpp.

Member Typedef Documentation

◆ base_field

bn128_Fq libff::bn128_G1::base_field

Definition at line 37 of file bn128_g1.hpp.

◆ scalar_field

bn128_Fr libff::bn128_G1::scalar_field

Definition at line 38 of file bn128_g1.hpp.

Constructor & Destructor Documentation

◆ bn128_G1() [1/2]

libff::bn128_G1::bn128_G1 ( )

Definition at line 74 of file bn128_g1.cpp.

75{
76 if (bn128_G1::initialized)
77 {
78 this->X = G1_zero.X;
79 this->Y = G1_zero.Y;
80 this->Z = G1_zero.Z;
81 }
82}
libff::bn128_G1::G1_zero
static bn128_G1 G1_zero
Definition bn128_g1.hpp:33
libff::bn128_G1::Z
bn::Fp Z
Definition bn128_g1.hpp:40
libff::bn128_G1::Y
bn::Fp Y
Definition bn128_g1.hpp:40
libff::bn128_G1::initialized
static bool initialized
Definition bn128_g1.hpp:35
libff::bn128_G1::X
bn::Fp X
Definition bn128_g1.hpp:40
XT
Definition lib.h:43

◆ bn128_G1() [2/2]

libff::bn128_G1::bn128_G1 ( bn::Fp coord[3])
inline

Definition at line 44 of file bn128_g1.hpp.

44: X(coord[0]), Y(coord[1]), Z(coord[2]) {};

Member Function Documentation

◆ add()

bn128_G1 libff::bn128_G1::add ( const bn128_G1 & other) const

Definition at line 224 of file bn128_g1.cpp.

225{
226#ifdef PROFILE_OP_COUNTS
227 this->add_cnt++;
228#endif
229
230 bn::Fp this_coord[3], other_coord[3], result_coord[3];
231 this->fill_coord(this_coord);
232 other.fill_coord(other_coord);
233 bn::ecop::ECAdd(result_coord, this_coord, other_coord);
234
235 bn128_G1 result(result_coord);
236 return result;
237}
libff::bn128_G1::bn128_G1
bn128_G1()
Definition bn128_g1.cpp:74
libff::bn128_G1::fill_coord
void fill_coord(bn::Fp coord[3]) const
Definition bn128_g1.hpp:41
mie::Fp
Definition zm2.h:18
bn::ecop::ECAdd
void ECAdd(FF *out, const FF *a, const FF *b)
Definition bn.h:2526
Here is the call graph for this function:
Here is the caller graph for this function:

◆ base_field_char()

static bigint< base_field::num_limbs > libff::bn128_G1::base_field_char ( )
inlinestatic

Definition at line 73 of file bn128_g1.hpp.

73{ return base_field::field_char(); }
libff::Fp_model::field_char
static bigint< n > field_char()
Definition fp.hpp:116
Here is the call graph for this function:

◆ batch_to_special_all_non_zeros()

void libff::bn128_G1::batch_to_special_all_non_zeros ( std::vector< bn128_G1 > & vec)
static

Definition at line 505 of file bn128_g1.cpp.

506{
507 std::vector<bn::Fp> Z_vec;
508 Z_vec.reserve(vec.size());
509
510 for (auto &el: vec)
511 {
512 Z_vec.emplace_back(el.Z);
513 }
514 bn_batch_invert<bn::Fp>(Z_vec);
515
516 const bn::Fp one = 1;
517
518 for (size_t i = 0; i < vec.size(); ++i)
519 {
520 bn::Fp Z2, Z3;
521 bn::Fp::square(Z2, Z_vec[i]);
522 bn::Fp::mul(Z3, Z2, Z_vec[i]);
523
524 bn::Fp::mul(vec[i].X, vec[i].X, Z2);
525 bn::Fp::mul(vec[i].Y, vec[i].Y, Z3);
526 vec[i].Z = one;
527 }
528}
libff::bn128_G1::one
static bn128_G1 one()
Definition bn128_g1.cpp:345
mie::Fp::mul
static void(* mul)(Fp &out, const Fp &x, const Fp &y)
Definition zm2.h:93
mie::Fp::square
static void square(Fp &out, const Fp &x)
Definition zm2.h:282
libff::bn_batch_invert
void bn_batch_invert(std::vector< FieldT > &vec)
Here is the call graph for this function:

◆ dbl()

bn128_G1 libff::bn128_G1::dbl ( ) const

Definition at line 326 of file bn128_g1.cpp.

327{
328#ifdef PROFILE_OP_COUNTS
329 this->dbl_cnt++;
330#endif
331
332 bn::Fp this_coord[3], result_coord[3];
333 this->fill_coord(this_coord);
334 bn::ecop::ECDouble(result_coord, this_coord);
335
336 bn128_G1 result(result_coord);
337 return result;
338}
bn::ecop::ECDouble
void ECDouble(FF *out, const FF *in)
Definition bn.h:2497
Here is the call graph for this function:
Here is the caller graph for this function:

◆ fill_coord()

void libff::bn128_G1::fill_coord ( bn::Fp coord[3]) const
inline

Definition at line 41 of file bn128_g1.hpp.

41{ coord[0] = this->X; coord[1] = this->Y; coord[2] = this->Z; return; };
Here is the caller graph for this function:

◆ is_special()

bool libff::bn128_G1::is_special ( ) const

Definition at line 136 of file bn128_g1.cpp.

137{
138 return (this->is_zero() || this->Z == 1);
139}
libff::bn128_G1::is_zero
bool is_zero() const
Definition bn128_g1.cpp:141
Here is the call graph for this function:

◆ is_well_formed()

bool libff::bn128_G1::is_well_formed ( ) const

Definition at line 384 of file bn128_g1.cpp.

385{
386 if (this->is_zero())
387 {
388 return true;
389 }
390 else
391 {
392 /*
393 y^2 = x^3 + b
394
395 We are using Jacobian coordinates, so equation we need to check is actually
396
397 (y/z^3)^2 = (x/z^2)^3 + b
398 y^2 / z^6 = x^3 / z^6 + b
399 y^2 = x^3 + b z^6
400 */
401 bn::Fp X2, Y2, Z2;
402 bn::Fp::square(X2, this->X);
403 bn::Fp::square(Y2, this->Y);
404 bn::Fp::square(Z2, this->Z);
405
406 bn::Fp X3, Z3, Z6;
407 bn::Fp::mul(X3, X2, this->X);
408 bn::Fp::mul(Z3, Z2, this->Z);
409 bn::Fp::square(Z6, Z3);
410
411 return (Y2 == X3 + bn128_coeff_b * Z6);
412 }
413}
libff::bn128_coeff_b
bn::Fp bn128_coeff_b
Definition bn128_init.cpp:18
Here is the call graph for this function:

◆ is_zero()

bool libff::bn128_G1::is_zero ( ) const

Definition at line 141 of file bn128_g1.cpp.

142{
143 return Z.isZero();
144}
mie::Fp::isZero
MIE_FORCE_INLINE bool isZero() const
Definition zm2.h:127
Here is the call graph for this function:
Here is the caller graph for this function:

◆ mixed_add()

bn128_G1 libff::bn128_G1::mixed_add ( const bn128_G1 & other) const

Definition at line 239 of file bn128_g1.cpp.

240{
241 if (this->is_zero())
242 {
243 return other;
244 }
245
246 if (other.is_zero())
247 {
248 return *this;
249 }
250
251 // no need to handle points of order 2,4
252 // (they cannot exist in a prime-order subgroup)
253
254#ifdef DEBUG
255 assert(other.is_special());
256#endif
257
258 // check for doubling case
259
260 // using Jacobian coordinates so:
261 // (X1:Y1:Z1) = (X2:Y2:Z2)
262 // iff
263 // X1/Z1^2 == X2/Z2^2 and Y1/Z1^3 == Y2/Z2^3
264 // iff
265 // X1 * Z2^2 == X2 * Z1^2 and Y1 * Z2^3 == Y2 * Z1^3
266
267 // we know that Z2 = 1
268
269 bn::Fp Z1Z1;
270 bn::Fp::square(Z1Z1, this->Z);
271 const bn::Fp &U1 = this->X;
272 bn::Fp U2;
273 bn::Fp::mul(U2, other.X, Z1Z1);
274 bn::Fp Z1_cubed;
275 bn::Fp::mul(Z1_cubed, this->Z, Z1Z1);
276
277 const bn::Fp &S1 = this->Y;
278 bn::Fp S2;
279 bn::Fp::mul(S2, other.Y, Z1_cubed); // S2 = Y2*Z1*Z1Z1
280
281 if (U1 == U2 && S1 == S2)
282 {
283 // dbl case; nothing of above can be reused
284 return this->dbl();
285 }
286
287#ifdef PROFILE_OP_COUNTS
288 this->add_cnt++;
289#endif
290
291 bn128_G1 result;
292 bn::Fp H, HH, I, J, r, V, tmp;
293 // H = U2-X1
294 bn::Fp::sub(H, U2, this->X);
295 // HH = H^2
296 bn::Fp::square(HH, H);
297 // I = 4*HH
298 bn::Fp::add(tmp, HH, HH);
299 bn::Fp::add(I, tmp, tmp);
300 // J = H*I
301 bn::Fp::mul(J, H, I);
302 // r = 2*(S2-Y1)
303 bn::Fp::sub(tmp, S2, this->Y);
304 bn::Fp::add(r, tmp, tmp);
305 // V = X1*I
306 bn::Fp::mul(V, this->X, I);
307 // X3 = r^2-J-2*V
308 bn::Fp::square(result.X, r);
309 bn::Fp::sub(result.X, result.X, J);
310 bn::Fp::sub(result.X, result.X, V);
311 bn::Fp::sub(result.X, result.X, V);
312 // Y3 = r*(V-X3)-2*Y1*J
313 bn::Fp::sub(tmp, V, result.X);
314 bn::Fp::mul(result.Y, r, tmp);
315 bn::Fp::mul(tmp, this->Y, J);
316 bn::Fp::sub(result.Y, result.Y, tmp);
317 bn::Fp::sub(result.Y, result.Y, tmp);
318 // Z3 = (Z1+H)^2-Z1Z1-HH
319 bn::Fp::add(tmp, this->Z, H);
320 bn::Fp::square(result.Z, tmp);
321 bn::Fp::sub(result.Z, result.Z, Z1Z1);
322 bn::Fp::sub(result.Z, result.Z, HH);
323 return result;
324}
r
const mie::Vuint & r
Definition bn.cpp:28
libff::bn128_G1::dbl
bn128_G1 dbl() const
Definition bn128_g1.cpp:326
mie::Fp::add
static void(* add)(Fp &out, const Fp &x, const Fp &y)
Definition zm2.h:83
mie::Fp::sub
static void(* sub)(Fp &out, const Fp &x, const Fp &y)
Definition zm2.h:91
V
Definition test_zm.cpp:19
Here is the call graph for this function:

◆ one()

bn128_G1 libff::bn128_G1::one ( )
static

Definition at line 345 of file bn128_g1.cpp.

346{
347 return G1_one;
348}
libff::bn128_G1::G1_one
static bn128_G1 G1_one
Definition bn128_g1.hpp:34
Here is the caller graph for this function:

◆ operator!=()

bool libff::bn128_G1::operator!= ( const bn128_G1 & other) const

Definition at line 180 of file bn128_g1.cpp.

181{
182 return !(operator==(other));
183}
libff::bn128_G1::operator==
bool operator==(const bn128_G1 &other) const
Definition bn128_g1.cpp:146
Here is the call graph for this function:

◆ operator+()

bn128_G1 libff::bn128_G1::operator+ ( const bn128_G1 & other) const

Definition at line 185 of file bn128_g1.cpp.

186{
187 // handle special cases having to do with O
188 if (this->is_zero())
189 {
190 return other;
191 }
192
193 if (other.is_zero())
194 {
195 return *this;
196 }
197
198 // no need to handle points of order 2,4
199 // (they cannot exist in a prime-order subgroup)
200
201 // handle double case, and then all the rest
202 if (this->operator==(other))
203 {
204 return this->dbl();
205 }
206 else
207 {
208 return this->add(other);
209 }
210}
libff::bn128_G1::add
bn128_G1 add(const bn128_G1 &other) const
Definition bn128_g1.cpp:224
Here is the call graph for this function:

◆ operator-() [1/2]

bn128_G1 libff::bn128_G1::operator- ( ) const

Definition at line 212 of file bn128_g1.cpp.

213{
214 bn128_G1 result(*this);
215 bn::Fp::neg(result.Y, result.Y);
216 return result;
217}
mie::Fp::neg
static void(* neg)(Fp &out, const Fp &x)
Definition zm2.h:92

◆ operator-() [2/2]

bn128_G1 libff::bn128_G1::operator- ( const bn128_G1 & other) const

Definition at line 219 of file bn128_g1.cpp.

220{
221 return (*this) + (-other);
222}

◆ operator==()

bool libff::bn128_G1::operator== ( const bn128_G1 & other) const

Definition at line 146 of file bn128_g1.cpp.

147{
148 if (this->is_zero())
149 {
150 return other.is_zero();
151 }
152
153 if (other.is_zero())
154 {
155 return false;
156 }
157
158 /* now neither is O */
159
160 bn::Fp Z1sq, Z2sq, lhs, rhs;
161 bn::Fp::square(Z1sq, this->Z);
162 bn::Fp::square(Z2sq, other.Z);
163 bn::Fp::mul(lhs, Z2sq, this->X);
164 bn::Fp::mul(rhs, Z1sq, other.X);
165
166 if (lhs != rhs)
167 {
168 return false;
169 }
170
171 bn::Fp Z1cubed, Z2cubed;
172 bn::Fp::mul(Z1cubed, Z1sq, this->Z);
173 bn::Fp::mul(Z2cubed, Z2sq, other.Z);
174 bn::Fp::mul(lhs, Z2cubed, this->Y);
175 bn::Fp::mul(rhs, Z1cubed, other.Y);
176
177 return (lhs == rhs);
178}
Here is the call graph for this function:
Here is the caller graph for this function:

◆ order()

static bigint< scalar_field::num_limbs > libff::bn128_G1::order ( )
inlinestatic

Definition at line 74 of file bn128_g1.hpp.

74{ return scalar_field::field_char(); }
Here is the call graph for this function:

◆ print()

void libff::bn128_G1::print ( ) const

Definition at line 84 of file bn128_g1.cpp.

85{
86 if (this->is_zero())
87 {
88 printf("O\n");
89 }
90 else
91 {
92 bn128_G1 copy(*this);
93 copy.to_affine_coordinates();
94 std::cout << "(" << copy.X.toString(10) << " : " << copy.Y.toString(10) << " : " << copy.Z.toString(10) << ")\n";
95 }
96}
Log::printf
LOGGING_API void printf(Category category, const char *format,...)
Definition Logging.cpp:30
fc::copy
void copy(const path &from, const path &to)
Definition filesystem.cpp:249
Here is the call graph for this function:

◆ print_coordinates()

void libff::bn128_G1::print_coordinates ( ) const

Definition at line 98 of file bn128_g1.cpp.

99{
100 if (this->is_zero())
101 {
102 printf("O\n");
103 }
104 else
105 {
106 std::cout << "(" << X.toString(10) << " : " << Y.toString(10) << " : " << Z.toString(10) << ")\n";
107 }
108}
mie::Fp::toString
std::string toString(int base=10) const
Definition zm2.h:250
Here is the call graph for this function:

◆ random_element()

bn128_G1 libff::bn128_G1::random_element ( )
static

Definition at line 350 of file bn128_g1.cpp.

351{
352 return bn128_Fr::random_element().as_bigint() * G1_one;
353}
libff::Fp_model::random_element
static Fp_model< n, modulus > random_element()
Here is the call graph for this function:

◆ size_in_bits()

static size_t libff::bn128_G1::size_in_bits ( )
inlinestatic

Definition at line 72 of file bn128_g1.hpp.

72{ return bn128_Fq::size_in_bits() + 1; }
libff::Fp_model::size_in_bits
static size_t size_in_bits()
Definition fp.hpp:114
Here is the call graph for this function:

◆ to_affine_coordinates()

void libff::bn128_G1::to_affine_coordinates ( )

Definition at line 110 of file bn128_g1.cpp.

111{
112 if (this->is_zero())
113 {
114 X = 0;
115 Y = 1;
116 Z = 0;
117 }
118 else
119 {
120 bn::Fp r;
121 r = Z;
122 r.inverse();
123 bn::Fp::square(Z, r);
124 X *= Z;
125 r *= Z;
126 Y *= r;
127 Z = 1;
128 }
129}
Here is the call graph for this function:
Here is the caller graph for this function:

◆ to_special()

void libff::bn128_G1::to_special ( )

Definition at line 131 of file bn128_g1.cpp.

132{
133 this->to_affine_coordinates();
134}
libff::bn128_G1::to_affine_coordinates
void to_affine_coordinates()
Definition bn128_g1.cpp:110
Here is the call graph for this function:

◆ zero()

bn128_G1 libff::bn128_G1::zero ( )
static

Definition at line 340 of file bn128_g1.cpp.

341{
342 return G1_zero;
343}

Friends And Related Symbol Documentation

◆ operator<<

std::ostream & operator<< ( std::ostream & out,
const bn128_G1 & g )
friend

Definition at line 355 of file bn128_g1.cpp.

356{
357 bn128_G1 gcopy(g);
358 gcopy.to_affine_coordinates();
359
360 out << (gcopy.is_zero() ? '1' : '0') << OUTPUT_SEPARATOR;
361
362#ifdef NO_PT_COMPRESSION
363 /* no point compression case */
364#ifndef BINARY_OUTPUT
365 out << gcopy.X << OUTPUT_SEPARATOR << gcopy.Y;
366#else
367 out.write((char*) &gcopy.X, sizeof(gcopy.X));
368 out.write((char*) &gcopy.Y, sizeof(gcopy.Y));
369#endif
370
371#else
372 /* point compression case */
373#ifndef BINARY_OUTPUT
374 out << gcopy.X;
375#else
376 out.write((char*) &gcopy.X, sizeof(gcopy.X));
377#endif
378 out << OUTPUT_SEPARATOR << (((unsigned char*)&gcopy.Y)[0] & 1 ? '1' : '0');
379#endif
380
381 return out;
382}
OUTPUT_SEPARATOR
#define OUTPUT_SEPARATOR
Definition serialization.hpp:68

◆ operator>>

std::istream & operator>> ( std::istream & in,
bn128_G1 & g )
friend

Definition at line 415 of file bn128_g1.cpp.

416{
417 char is_zero;
418 in.read((char*)&is_zero, 1); // this reads is_zero;
419 is_zero -= '0';
420 consume_OUTPUT_SEPARATOR(in);
421
422#ifdef NO_PT_COMPRESSION
423 /* no point compression case */
424#ifndef BINARY_OUTPUT
425 in >> g.X;
426 consume_OUTPUT_SEPARATOR(in);
427 in >> g.Y;
428#else
429 in.read((char*) &g.X, sizeof(g.X));
430 in.read((char*) &g.Y, sizeof(g.Y));
431#endif
432
433#else
434 /* point compression case */
435 bn::Fp tX;
436#ifndef BINARY_OUTPUT
437 in >> tX;
438#else
439 in.read((char*)&tX, sizeof(tX));
440#endif
441 consume_OUTPUT_SEPARATOR(in);
442 unsigned char Y_lsb;
443 in.read((char*)&Y_lsb, 1);
444 Y_lsb -= '0';
445
446 // y = +/- sqrt(x^3 + b)
447 if (!is_zero)
448 {
449 g.X = tX;
450 bn::Fp tX2, tY2;
451 bn::Fp::square(tX2, tX);
452 bn::Fp::mul(tY2, tX2, tX);
453 bn::Fp::add(tY2, tY2, bn128_coeff_b);
454
455 g.Y = bn128_G1::sqrt(tY2);
456 if ((((unsigned char*)&g.Y)[0] & 1) != Y_lsb)
457 {
458 bn::Fp::neg(g.Y, g.Y);
459 }
460 }
461#endif
462
463 /* finalize */
464 if (!is_zero)
465 {
466 g.Z = bn::Fp(1);
467 }
468 else
469 {
470 g = bn128_G1::zero();
471 }
472
473 return in;
474}
libff::bn128_G1::zero
static bn128_G1 zero()
Definition bn128_g1.cpp:340
bn::Fp
mie::Fp Fp
Definition bn.h:2952
libff::consume_OUTPUT_SEPARATOR
void consume_OUTPUT_SEPARATOR(std::istream &in)

Member Data Documentation

◆ fixed_base_exp_window_table

std::vector< size_t > libff::bn128_G1::fixed_base_exp_window_table
static

Definition at line 32 of file bn128_g1.hpp.

◆ G1_one

bn128_G1 libff::bn128_G1::G1_one = {}
static

Definition at line 34 of file bn128_g1.hpp.

◆ G1_zero

bn128_G1 libff::bn128_G1::G1_zero = {}
static

Definition at line 33 of file bn128_g1.hpp.

◆ initialized

bool libff::bn128_G1::initialized = false
static

Definition at line 35 of file bn128_g1.hpp.

◆ wnaf_window_table

std::vector< size_t > libff::bn128_G1::wnaf_window_table
static

Definition at line 31 of file bn128_g1.hpp.

◆ X

bn::Fp libff::bn128_G1::X

Definition at line 40 of file bn128_g1.hpp.

◆ Y

bn::Fp libff::bn128_G1::Y

Definition at line 40 of file bn128_g1.hpp.

◆ Z

bn::Fp libff::bn128_G1::Z

Definition at line 40 of file bn128_g1.hpp.

The documentation for this class was generated from the following files: