Wire Sysio Wire Sysion 1.0.0
Loading...
Searching...
No Matches
Public Types | Public Member Functions | Static Public Member Functions | Public Attributes | Static Public Attributes | Friends | List of all members
libff::edwards_G1 Class Reference

#include <edwards_g1.hpp>

Collaboration diagram for libff::edwards_G1:
Collaboration graph
[legend]

Public Types

typedef edwards_Fq base_field
 
typedef edwards_Fr scalar_field
 

Public Member Functions

 edwards_G1 ()
 
 edwards_G1 (const edwards_Fq &X, const edwards_Fq &Y)
 
void print () const
 
void print_coordinates () const
 
void to_affine_coordinates ()
 
void to_special ()
 
bool is_special () const
 
bool is_zero () const
 
bool operator== (const edwards_G1 &other) const
 
bool operator!= (const edwards_G1 &other) const
 
edwards_G1 operator+ (const edwards_G1 &other) const
 
edwards_G1 operator- () const
 
edwards_G1 operator- (const edwards_G1 &other) const
 
edwards_G1 add (const edwards_G1 &other) const
 
edwards_G1 mixed_add (const edwards_G1 &other) const
 
edwards_G1 dbl () const
 
bool is_well_formed () const
 

Static Public Member Functions

static edwards_G1 zero ()
 
static edwards_G1 one ()
 
static edwards_G1 random_element ()
 
static size_t size_in_bits ()
 
static bigint< base_field::num_limbsbase_field_char ()
 
static bigint< scalar_field::num_limbsorder ()
 
static void batch_to_special_all_non_zeros (std::vector< edwards_G1 > &vec)
 

Public Attributes

edwards_Fq X
 
edwards_Fq Y
 
edwards_Fq Z
 

Static Public Attributes

static std::vector< size_t > wnaf_window_table
 
static std::vector< size_t > fixed_base_exp_window_table
 
static edwards_G1 G1_zero = {}
 
static edwards_G1 G1_one = {}
 
static bool initialized = false
 

Friends

std::ostream & operator<< (std::ostream &out, const edwards_G1 &g)
 
std::istream & operator>> (std::istream &in, edwards_G1 &g)
 

Detailed Description

Definition at line 21 of file edwards_g1.hpp.

Member Typedef Documentation

◆ base_field

edwards_Fq libff::edwards_G1::base_field

Definition at line 39 of file edwards_g1.hpp.

◆ scalar_field

edwards_Fr libff::edwards_G1::scalar_field

Definition at line 40 of file edwards_g1.hpp.

Constructor & Destructor Documentation

◆ edwards_G1() [1/2]

libff::edwards_G1::edwards_G1 ( )

Definition at line 23 of file edwards_g1.cpp.

24{
25 if (initialized)
26 {
27 this->X = G1_zero.X;
28 this->Y = G1_zero.Y;
29 this->Z = G1_zero.Z;
30 }
31}
libff::edwards_G1::Y
edwards_Fq Y
Definition edwards_g1.hpp:33
libff::edwards_G1::Z
edwards_Fq Z
Definition edwards_g1.hpp:33
libff::edwards_G1::X
edwards_Fq X
Definition edwards_g1.hpp:33
libff::edwards_G1::initialized
static bool initialized
Definition edwards_g1.hpp:31
libff::edwards_G1::G1_zero
static edwards_G1 G1_zero
Definition edwards_g1.hpp:29
XT
Definition lib.h:43
Here is the caller graph for this function:

◆ edwards_G1() [2/2]

libff::edwards_G1::edwards_G1 ( const edwards_Fq & X,
const edwards_Fq & Y )
inline

Definition at line 42 of file edwards_g1.hpp.

42: X(Y), Y(X), Z(X*Y) {};

Member Function Documentation

◆ add()

edwards_G1 libff::edwards_G1::add ( const edwards_G1 & other) const

Definition at line 178 of file edwards_g1.cpp.

179{
180#ifdef PROFILE_OP_COUNTS
181 this->add_cnt++;
182#endif
183 // NOTE: does not handle O and pts of order 2,4
184 // http://www.hyperelliptic.org/EFD/g1p/auto-edwards-inverted.html#addition-add-2007-bl
185
186 edwards_Fq A = (this->Z) * (other.Z); // A = Z1*Z2
187 edwards_Fq B = edwards_coeff_d * A.squared(); // B = d*A^2
188 edwards_Fq C = (this->X) * (other.X); // C = X1*X2
189 edwards_Fq D = (this->Y) * (other.Y); // D = Y1*Y2
190 edwards_Fq E = C * D; // E = C*D
191 edwards_Fq H = C - D; // H = C-D
192 edwards_Fq I = (this->X+this->Y)*(other.X+other.Y)-C-D; // I = (X1+Y1)*(X2+Y2)-C-D
193 edwards_Fq X3 = (E+B)*H; // X3 = c*(E+B)*H
194 edwards_Fq Y3 = (E-B)*I; // Y3 = c*(E-B)*I
195 edwards_Fq Z3 = A*H*I; // Z3 = A*H*I
196
197 return edwards_G1(X3, Y3, Z3);
198}
libff::edwards_G1::edwards_G1
edwards_G1()
Definition edwards_g1.cpp:23
D
#define D(var, file, col, who, lev,...)
Definition debug.h:44
libff::edwards_Fq
Fp_model< edwards_q_limbs, edwards_modulus_q > edwards_Fq
Definition edwards_init.hpp:27
libff::edwards_coeff_d
edwards_Fq edwards_coeff_d
Definition edwards_init.cpp:18
Here is the call graph for this function:
Here is the caller graph for this function:

◆ base_field_char()

static bigint< base_field::num_limbs > libff::edwards_G1::base_field_char ( )
inlinestatic

Definition at line 71 of file edwards_g1.hpp.

71{ return base_field::field_char(); }
libff::Fp_model< edwards_q_limbs, edwards_modulus_q >::field_char
static bigint< n > field_char()
Definition fp.hpp:116
Here is the call graph for this function:

◆ batch_to_special_all_non_zeros()

void libff::edwards_G1::batch_to_special_all_non_zeros ( std::vector< edwards_G1 > & vec)
static

Definition at line 395 of file edwards_g1.cpp.

396{
397 std::vector<edwards_Fq> Z_vec;
398 Z_vec.reserve(vec.size());
399
400 for (auto &el: vec)
401 {
402 Z_vec.emplace_back(el.Z);
403 }
404 batch_invert<edwards_Fq>(Z_vec);
405
406 const edwards_Fq one = edwards_Fq::one();
407
408 for (size_t i = 0; i < vec.size(); ++i)
409 {
410 vec[i].X = vec[i].X * Z_vec[i];
411 vec[i].Y = vec[i].Y * Z_vec[i];
412 vec[i].Z = one;
413 }
414}
libff::Fp_model< edwards_q_limbs, edwards_modulus_q >::one
static Fp_model< n, modulus > one()
libff::edwards_G1::one
static edwards_G1 one()
Definition edwards_g1.cpp:297
libff::batch_invert
void batch_invert(std::vector< FieldT > &vec)
Here is the call graph for this function:

◆ dbl()

edwards_G1 libff::edwards_G1::dbl ( ) const

Definition at line 237 of file edwards_g1.cpp.

238{
239#ifdef PROFILE_OP_COUNTS
240 this->dbl_cnt++;
241#endif
242 if (this->is_zero())
243 {
244 return (*this);
245 }
246 else
247 {
248 // NOTE: does not handle O and pts of order 2,4
249 // http://www.hyperelliptic.org/EFD/g1p/auto-edwards-inverted.html#doubling-dbl-2007-bl
250
251 edwards_Fq A = (this->X).squared(); // A = X1^2
252 edwards_Fq B = (this->Y).squared(); // B = Y1^2
253 edwards_Fq C = A+B; // C = A+B
254 edwards_Fq D = A-B; // D = A-B
255 edwards_Fq E = (this->X+this->Y).squared()-C; // E = (X1+Y1)^2-C
256 edwards_Fq X3 = C*D; // X3 = C*D
257 edwards_Fq dZZ = edwards_coeff_d * this->Z.squared();
258 edwards_Fq Y3 = E*(C-dZZ-dZZ); // Y3 = E*(C-2*d*Z1^2)
259 edwards_Fq Z3 = D*E; // Z3 = D*E
260
261 return edwards_G1(X3, Y3, Z3);
262 }
263}
libff::Fp_model::squared
Fp_model squared() const
libff::edwards_G1::is_zero
bool is_zero() const
Definition edwards_g1.cpp:112
Here is the call graph for this function:

◆ is_special()

bool libff::edwards_G1::is_special ( ) const

Definition at line 107 of file edwards_g1.cpp.

108{
109 return (this->is_zero() || this->Z == edwards_Fq::one());
110}
Here is the call graph for this function:

◆ is_well_formed()

bool libff::edwards_G1::is_well_formed ( ) const

Definition at line 265 of file edwards_g1.cpp.

266{
267 /* Note that point at infinity is the only special case we must check as
268 inverted representation does no cover points (0, +-c) and (+-c, 0). */
269 if (this->is_zero())
270 {
271 return true;
272 }
273 else
274 {
275 /*
276 a x^2 + y^2 = 1 + d x^2 y^2
277
278 We are using inverted, so equation we need to check is actually
279
280 a (z/x)^2 + (z/y)^2 = 1 + d z^4 / (x^2 * y^2)
281 z^2 (a y^2 + x^2 - dz^2) = x^2 y^2
282 */
283 edwards_Fq X2 = this->X.squared();
284 edwards_Fq Y2 = this->Y.squared();
285 edwards_Fq Z2 = this->Z.squared();
286
287 // for G1 a = 1
288 return (Z2 * (Y2 + X2 - edwards_coeff_d * Z2) == X2 * Y2);
289 }
290}
Here is the call graph for this function:

◆ is_zero()

bool libff::edwards_G1::is_zero ( ) const

Definition at line 112 of file edwards_g1.cpp.

113{
114 return (this->Y.is_zero() && this->Z.is_zero());
115}
libff::Fp_model::is_zero
bool is_zero() const
Here is the call graph for this function:
Here is the caller graph for this function:

◆ mixed_add()

edwards_G1 libff::edwards_G1::mixed_add ( const edwards_G1 & other) const

Definition at line 200 of file edwards_g1.cpp.

201{
202#ifdef PROFILE_OP_COUNTS
203 this->add_cnt++;
204#endif
205 // handle special cases having to do with O
206 if (this->is_zero())
207 {
208 return other;
209 }
210
211 if (other.is_zero())
212 {
213 return *this;
214 }
215
216#ifdef DEBUG
217 assert(other.is_special());
218#endif
219
220 // NOTE: does not handle O and pts of order 2,4
221 // http://www.hyperelliptic.org/EFD/g1p/auto-edwards-inverted.html#addition-madd-2007-lb
222
223 edwards_Fq A = this->Z; // A = Z1
224 edwards_Fq B = edwards_coeff_d * A.squared(); // B = d*A^2
225 edwards_Fq C = (this->X) * (other.X); // C = X1*X2
226 edwards_Fq D = (this->Y) * (other.Y); // D = Y1*Y2
227 edwards_Fq E = C * D; // E = C*D
228 edwards_Fq H = C - D; // H = C-D
229 edwards_Fq I = (this->X+this->Y)*(other.X+other.Y)-C-D; // I = (X1+Y1)*(X2+Y2)-C-D
230 edwards_Fq X3 = (E+B)*H; // X3 = c*(E+B)*H
231 edwards_Fq Y3 = (E-B)*I; // Y3 = c*(E-B)*I
232 edwards_Fq Z3 = A*H*I; // Z3 = A*H*I
233
234 return edwards_G1(X3, Y3, Z3);
235}
Here is the call graph for this function:

◆ one()

edwards_G1 libff::edwards_G1::one ( )
static

Definition at line 297 of file edwards_g1.cpp.

298{
299 return G1_one;
300}
libff::edwards_G1::G1_one
static edwards_G1 G1_one
Definition edwards_g1.hpp:30
Here is the caller graph for this function:

◆ operator!=()

bool libff::edwards_G1::operator!= ( const edwards_G1 & other) const

Definition at line 146 of file edwards_g1.cpp.

147{
148 return !(operator==(other));
149}
libff::edwards_G1::operator==
bool operator==(const edwards_G1 &other) const
Definition edwards_g1.cpp:117
Here is the call graph for this function:

◆ operator+()

edwards_G1 libff::edwards_G1::operator+ ( const edwards_G1 & other) const

Definition at line 151 of file edwards_g1.cpp.

152{
153 // handle special cases having to do with O
154 if (this->is_zero())
155 {
156 return other;
157 }
158
159 if (other.is_zero())
160 {
161 return (*this);
162 }
163
164 return this->add(other);
165}
libff::edwards_G1::add
edwards_G1 add(const edwards_G1 &other) const
Definition edwards_g1.cpp:178
Here is the call graph for this function:

◆ operator-() [1/2]

edwards_G1 libff::edwards_G1::operator- ( ) const

Definition at line 167 of file edwards_g1.cpp.

168{
169 return edwards_G1(-(this->X), this->Y, this->Z);
170}
Here is the call graph for this function:

◆ operator-() [2/2]

edwards_G1 libff::edwards_G1::operator- ( const edwards_G1 & other) const

Definition at line 173 of file edwards_g1.cpp.

174{
175 return (*this) + (-other);
176}

◆ operator==()

bool libff::edwards_G1::operator== ( const edwards_G1 & other) const

Definition at line 117 of file edwards_g1.cpp.

118{
119 if (this->is_zero())
120 {
121 return other.is_zero();
122 }
123
124 if (other.is_zero())
125 {
126 return false;
127 }
128
129 /* now neither is O */
130
131 // X1/Z1 = X2/Z2 <=> X1*Z2 = X2*Z1
132 if ((this->X * other.Z) != (other.X * this->Z))
133 {
134 return false;
135 }
136
137 // Y1/Z1 = Y2/Z2 <=> Y1*Z2 = Y2*Z1
138 if ((this->Y * other.Z) != (other.Y * this->Z))
139 {
140 return false;
141 }
142
143 return true;
144}
Here is the call graph for this function:
Here is the caller graph for this function:

◆ order()

static bigint< scalar_field::num_limbs > libff::edwards_G1::order ( )
inlinestatic

Definition at line 72 of file edwards_g1.hpp.

72{ return scalar_field::field_char(); }
Here is the call graph for this function:

◆ print()

void libff::edwards_G1::print ( ) const

Definition at line 33 of file edwards_g1.cpp.

34{
35 if (this->is_zero())
36 {
37 printf("O\n");
38 }
39 else
40 {
41 edwards_G1 copy(*this);
42 copy.to_affine_coordinates();
43 gmp_printf("(%Nd , %Nd)\n",
44 copy.X.as_bigint().data, edwards_Fq::num_limbs,
45 copy.Y.as_bigint().data, edwards_Fq::num_limbs);
46 }
47}
libff::Fp_model< edwards_q_limbs, edwards_modulus_q >::num_limbs
static const mp_size_t num_limbs
Definition fp.hpp:44
Log::printf
LOGGING_API void printf(Category category, const char *format,...)
Definition Logging.cpp:30
fc::copy
void copy(const path &from, const path &to)
Definition filesystem.cpp:249
Here is the call graph for this function:

◆ print_coordinates()

void libff::edwards_G1::print_coordinates ( ) const

Definition at line 49 of file edwards_g1.cpp.

50{
51 if (this->is_zero())
52 {
53 printf("O\n");
54 }
55 else
56 {
57 gmp_printf("(%Nd : %Nd : %Nd)\n",
58 this->X.as_bigint().data, edwards_Fq::num_limbs,
59 this->Y.as_bigint().data, edwards_Fq::num_limbs,
60 this->Z.as_bigint().data, edwards_Fq::num_limbs);
61 }
62}
Here is the call graph for this function:

◆ random_element()

edwards_G1 libff::edwards_G1::random_element ( )
static

Definition at line 302 of file edwards_g1.cpp.

303{
304 return edwards_Fr::random_element().as_bigint() * G1_one;
305}
libff::Fp_model::random_element
static Fp_model< n, modulus > random_element()
Here is the call graph for this function:

◆ size_in_bits()

static size_t libff::edwards_G1::size_in_bits ( )
inlinestatic

Definition at line 70 of file edwards_g1.hpp.

70{ return edwards_Fq::size_in_bits() + 1; }
libff::Fp_model< edwards_q_limbs, edwards_modulus_q >::size_in_bits
static size_t size_in_bits()
Definition fp.hpp:114
Here is the call graph for this function:

◆ to_affine_coordinates()

void libff::edwards_G1::to_affine_coordinates ( )

Definition at line 64 of file edwards_g1.cpp.

65{
66 if (this->is_zero())
67 {
68 this->X = edwards_Fq::zero();
69 this->Y = edwards_Fq::one();
70 this->Z = edwards_Fq::one();
71 }
72 else
73 {
74 // go from inverted coordinates to projective coordinates
75 edwards_Fq tX = this->Y * this->Z;
76 edwards_Fq tY = this->X * this->Z;
77 edwards_Fq tZ = this->X * this->Y;
78 // go from projective coordinates to affine coordinates
79 edwards_Fq tZ_inv = tZ.inverse();
80 this->X = tX * tZ_inv;
81 this->Y = tY * tZ_inv;
82 this->Z = edwards_Fq::one();
83 }
84}
libff::Fp_model< edwards_q_limbs, edwards_modulus_q >::zero
static Fp_model< n, modulus > zero()
libff::Fp_model::inverse
Fp_model inverse() const
Here is the call graph for this function:
Here is the caller graph for this function:

◆ to_special()

void libff::edwards_G1::to_special ( )

Definition at line 86 of file edwards_g1.cpp.

87{
88 if (this->Z.is_zero())
89 {
90 return;
91 }
92
93#ifdef DEBUG
94 const edwards_G1 copy(*this);
95#endif
96
97 edwards_Fq Z_inv = this->Z.inverse();
98 this->X = this->X * Z_inv;
99 this->Y = this->Y * Z_inv;
100 this->Z = edwards_Fq::one();
101
102#ifdef DEBUG
103 assert((*this) == copy);
104#endif
105}
Here is the call graph for this function:

◆ zero()

edwards_G1 libff::edwards_G1::zero ( )
static

Definition at line 292 of file edwards_g1.cpp.

293{
294 return G1_zero;
295}

Friends And Related Symbol Documentation

◆ operator<<

std::ostream & operator<< ( std::ostream & out,
const edwards_G1 & g )
friend

Definition at line 307 of file edwards_g1.cpp.

308{
309 edwards_G1 copy(g);
310 copy.to_affine_coordinates();
311#ifdef NO_PT_COMPRESSION
312 out << copy.X << OUTPUT_SEPARATOR << copy.Y;
313#else
314 /* storing LSB of Y */
315 out << copy.X << OUTPUT_SEPARATOR << (copy.Y.as_bigint().data[0] & 1);
316#endif
317
318 return out;
319}
OUTPUT_SEPARATOR
#define OUTPUT_SEPARATOR
Definition serialization.hpp:68

◆ operator>>

std::istream & operator>> ( std::istream & in,
edwards_G1 & g )
friend

Definition at line 321 of file edwards_g1.cpp.

322{
323 edwards_Fq tX, tY;
324
325#ifdef NO_PT_COMPRESSION
326 in >> tX;
327 consume_OUTPUT_SEPARATOR(in);
328 in >> tY;
329#else
330 /*
331 a x^2 + y^2 = 1 + d x^2 y^2
332 y = sqrt((1-ax^2)/(1-dx^2))
333 */
334 unsigned char Y_lsb;
335 in >> tX;
336
337 consume_OUTPUT_SEPARATOR(in);
338 in.read((char*)&Y_lsb, 1);
339 Y_lsb -= '0';
340
341 edwards_Fq tX2 = tX.squared();
342 edwards_Fq tY2 = (edwards_Fq::one() - tX2) * // a = 1 for G1 (not a twist)
343 (edwards_Fq::one() - edwards_coeff_d * tX2).inverse();
344 tY = tY2.sqrt();
345
346 if ((tY.as_bigint().data[0] & 1) != Y_lsb)
347 {
348 tY = -tY;
349 }
350#endif
351
352 // using inverted coordinates
353 g.X = tY;
354 g.Y = tX;
355 g.Z = tX * tY;
356
357#ifdef USE_MIXED_ADDITION
358 g.to_special();
359#endif
360
361 return in;
362}
libff::Fp_model::sqrt
Fp_model sqrt() const
libff::consume_OUTPUT_SEPARATOR
void consume_OUTPUT_SEPARATOR(std::istream &in)

Member Data Documentation

◆ fixed_base_exp_window_table

std::vector< size_t > libff::edwards_G1::fixed_base_exp_window_table
static

Definition at line 28 of file edwards_g1.hpp.

◆ G1_one

edwards_G1 libff::edwards_G1::G1_one = {}
static

Definition at line 30 of file edwards_g1.hpp.

◆ G1_zero

edwards_G1 libff::edwards_G1::G1_zero = {}
static

Definition at line 29 of file edwards_g1.hpp.

◆ initialized

bool libff::edwards_G1::initialized = false
static

Definition at line 31 of file edwards_g1.hpp.

◆ wnaf_window_table

std::vector< size_t > libff::edwards_G1::wnaf_window_table
static

Definition at line 27 of file edwards_g1.hpp.

◆ X

edwards_Fq libff::edwards_G1::X

Definition at line 33 of file edwards_g1.hpp.

◆ Y

edwards_Fq libff::edwards_G1::Y

Definition at line 33 of file edwards_g1.hpp.

◆ Z

edwards_Fq libff::edwards_G1::Z

Definition at line 33 of file edwards_g1.hpp.

The documentation for this class was generated from the following files: