Wire Sysio Wire Sysion 1.0.0
Loading...
Searching...
No Matches
Classes | Typedefs | Enumerations | Functions | Variables
libff Namespace Reference

Classes

struct  alt_bn128_ate_ell_coeffs
 
struct  alt_bn128_ate_G1_precomp
 
struct  alt_bn128_ate_G2_precomp
 
class  alt_bn128_G1
 
class  alt_bn128_G2
 
class  alt_bn128_pp
 
class  bigint
 
struct  bn128_ate_G1_precomp
 
struct  bn128_ate_G2_precomp
 
class  bn128_G1
 
class  bn128_G2
 
class  bn128_GT
 
class  bn128_pp
 
class  Double
 
struct  edwards_ate_G1_precomp
 
struct  edwards_Fq3_conic_coefficients
 
struct  edwards_Fq_conic_coefficients
 
class  edwards_G1
 
class  edwards_G2
 
class  edwards_pp
 
struct  edwards_tate_G2_precomp
 
struct  extended_edwards_G1_projective
 
struct  extended_edwards_G2_projective
 
struct  extended_mnt4_G2_projective
 
struct  extended_mnt6_G2_projective
 
class  Fp12_2over3over2_model
 
class  Fp2_model
 
class  Fp3_model
 
class  Fp4_model
 
class  Fp6_2over3_model
 
class  Fp6_3over2_model
 
class  Fp_model
 
struct  mnt4_affine_ate_coeffs
 
struct  mnt4_affine_ate_G1_precomputation
 
struct  mnt4_affine_ate_G2_precomputation
 
struct  mnt4_ate_add_coeffs
 
struct  mnt4_ate_dbl_coeffs
 
struct  mnt4_ate_G1_precomp
 
struct  mnt4_ate_G2_precomp
 
class  mnt4_G1
 
class  mnt4_G2
 
class  mnt4_pp
 
struct  mnt6_affine_ate_coeffs
 
struct  mnt6_affine_ate_G1_precomputation
 
struct  mnt6_affine_ate_G2_precomputation
 
struct  mnt6_ate_add_coeffs
 
struct  mnt6_ate_dbl_coeffs
 
struct  mnt6_ate_G1_precomp
 
struct  mnt6_ate_G2_precomp
 
class  mnt6_G1
 
class  mnt6_G2
 
class  mnt6_pp
 
struct  void_type
 

Typedefs

typedef Fp_model< alt_bn128_r_limbs, alt_bn128_modulus_ralt_bn128_Fr
 
typedef Fp_model< alt_bn128_q_limbs, alt_bn128_modulus_qalt_bn128_Fq
 
typedef Fp2_model< alt_bn128_q_limbs, alt_bn128_modulus_qalt_bn128_Fq2
 
typedef Fp6_3over2_model< alt_bn128_q_limbs, alt_bn128_modulus_qalt_bn128_Fq6
 
typedef Fp12_2over3over2_model< alt_bn128_q_limbs, alt_bn128_modulus_qalt_bn128_Fq12
 
typedef alt_bn128_Fq12 alt_bn128_GT
 
typedef alt_bn128_ate_G1_precomp alt_bn128_G1_precomp
 
typedef alt_bn128_ate_G2_precomp alt_bn128_G2_precomp
 
typedef Fp_model< bn128_r_limbs, bn128_modulus_rbn128_Fr
 
typedef Fp_model< bn128_q_limbs, bn128_modulus_qbn128_Fq
 
typedef bn128_GT bn128_Fq12
 
typedef bn::Fp6 bn128_ate_ell_coeffs
 
typedef Fp_model< edwards_r_limbs, edwards_modulus_redwards_Fr
 
typedef Fp_model< edwards_q_limbs, edwards_modulus_qedwards_Fq
 
typedef Fp3_model< edwards_q_limbs, edwards_modulus_qedwards_Fq3
 
typedef Fp6_2over3_model< edwards_q_limbs, edwards_modulus_qedwards_Fq6
 
typedef edwards_Fq6 edwards_GT
 
typedef std::vector< edwards_Fq_conic_coefficientsedwards_tate_G1_precomp
 
typedef std::vector< edwards_Fq3_conic_coefficientsedwards_ate_G2_precomp
 
typedef edwards_ate_G1_precomp edwards_G1_precomp
 
typedef edwards_ate_G2_precomp edwards_G2_precomp
 
typedef Fp_model< mnt4_r_limbs, mnt4_modulus_rmnt4_Fr
 
typedef Fp_model< mnt4_q_limbs, mnt4_modulus_qmnt4_Fq
 
typedef Fp2_model< mnt4_q_limbs, mnt4_modulus_qmnt4_Fq2
 
typedef Fp4_model< mnt4_q_limbs, mnt4_modulus_qmnt4_Fq4
 
typedef mnt4_Fq4 mnt4_GT
 
typedef mnt4_ate_G1_precomp mnt4_G1_precomp
 
typedef mnt4_ate_G2_precomp mnt4_G2_precomp
 
typedef Fp_model< mnt6_r_limbs, mnt6_modulus_rmnt6_Fr
 
typedef Fp_model< mnt6_q_limbs, mnt6_modulus_qmnt6_Fq
 
typedef Fp3_model< mnt6_q_limbs, mnt6_modulus_qmnt6_Fq3
 
typedef Fp6_2over3_model< mnt6_q_limbs, mnt6_modulus_qmnt6_Fq6
 
typedef mnt6_Fq6 mnt6_GT
 
typedef mnt6_ate_G1_precomp mnt6_G1_precomp
 
typedef mnt6_ate_G2_precomp mnt6_G2_precomp
 
template<typename EC_ppT >
using Fr = typename EC_ppT::Fp_type
 
template<typename EC_ppT >
using G1 = typename EC_ppT::G1_type
 
template<typename EC_ppT >
using G2 = typename EC_ppT::G2_type
 
template<typename EC_ppT >
using G1_precomp = typename EC_ppT::G1_precomp_type
 
template<typename EC_ppT >
using G2_precomp = typename EC_ppT::G2_precomp_type
 
template<typename EC_ppT >
using affine_ate_G1_precomp = typename EC_ppT::affine_ate_G1_precomp_type
 
template<typename EC_ppT >
using affine_ate_G2_precomp = typename EC_ppT::affine_ate_G2_precomp_type
 
template<typename EC_ppT >
using Fq = typename EC_ppT::Fq_type
 
template<typename EC_ppT >
using Fqe = typename EC_ppT::Fqe_type
 
template<typename EC_ppT >
using Fqk = typename EC_ppT::Fqk_type
 
template<typename EC_ppT >
using GT = typename EC_ppT::GT_type
 
template<typename EC_ppT >
using Fr_vector = std::vector<Fr<EC_ppT> >
 
template<typename EC_ppT >
using G1_vector = std::vector<G1<EC_ppT> >
 
template<typename EC_ppT >
using G2_vector = std::vector<G2<EC_ppT> >
 
template<typename T >
using window_table = std::vector<std::vector<T> >
 
typedef std::vector< bool > bit_vector
 

Enumerations

enum  multi_exp_method { multi_exp_method_naive , multi_exp_method_naive_plain , multi_exp_method_bos_coster , multi_exp_method_BDLO12 }
 

Functions

std::ostream & operator<< (std::ostream &out, const alt_bn128_G1 &g)
 
std::istream & operator>> (std::istream &in, alt_bn128_G1 &g)
 
std::ostream & operator<< (std::ostream &out, const std::vector< alt_bn128_G1 > &v)
 
std::istream & operator>> (std::istream &in, std::vector< alt_bn128_G1 > &v)
 
template<mp_size_t m>
alt_bn128_G1 operator* (const bigint< m > &lhs, const alt_bn128_G1 &rhs)
 
template<mp_size_t m, const bigint< m > & modulus_p>
alt_bn128_G1 operator* (const Fp_model< m, modulus_p > &lhs, const alt_bn128_G1 &rhs)
 
std::ostream & operator<< (std::ostream &out, const alt_bn128_G2 &g)
 
std::istream & operator>> (std::istream &in, alt_bn128_G2 &g)
 
template<mp_size_t m>
alt_bn128_G2 operator* (const bigint< m > &lhs, const alt_bn128_G2 &rhs)
 
template<mp_size_t m, const bigint< m > & modulus_p>
alt_bn128_G2 operator* (const Fp_model< m, modulus_p > &lhs, const alt_bn128_G2 &rhs)
 
void init_alt_bn128_params ()
 
std::ostream & operator<< (std::ostream &out, const alt_bn128_ate_G1_precomp &prec_P)
 
std::istream & operator>> (std::istream &in, alt_bn128_ate_G1_precomp &prec_P)
 
std::ostream & operator<< (std::ostream &out, const alt_bn128_ate_ell_coeffs &c)
 
std::istream & operator>> (std::istream &in, alt_bn128_ate_ell_coeffs &c)
 
std::ostream & operator<< (std::ostream &out, const alt_bn128_ate_G2_precomp &prec_Q)
 
std::istream & operator>> (std::istream &in, alt_bn128_ate_G2_precomp &prec_Q)
 
alt_bn128_Fq12 alt_bn128_final_exponentiation_first_chunk (const alt_bn128_Fq12 &elt)
 
alt_bn128_Fq12 alt_bn128_exp_by_neg_z (const alt_bn128_Fq12 &elt)
 
alt_bn128_Fq12 alt_bn128_final_exponentiation_last_chunk (const alt_bn128_Fq12 &elt)
 
alt_bn128_GT alt_bn128_final_exponentiation (const alt_bn128_Fq12 &elt)
 
void doubling_step_for_flipped_miller_loop (const alt_bn128_Fq two_inv, alt_bn128_G2 &current, alt_bn128_ate_ell_coeffs &c)
 
void mixed_addition_step_for_flipped_miller_loop (const alt_bn128_G2 base, alt_bn128_G2 &current, alt_bn128_ate_ell_coeffs &c)
 
alt_bn128_ate_G1_precomp alt_bn128_ate_precompute_G1 (const alt_bn128_G1 &P)
 
alt_bn128_ate_G2_precomp alt_bn128_ate_precompute_G2 (const alt_bn128_G2 &Q)
 
alt_bn128_Fq12 alt_bn128_ate_miller_loop (const alt_bn128_ate_G1_precomp &prec_P, const alt_bn128_ate_G2_precomp &prec_Q)
 
alt_bn128_Fq12 alt_bn128_ate_double_miller_loop (const alt_bn128_ate_G1_precomp &prec_P1, const alt_bn128_ate_G2_precomp &prec_Q1, const alt_bn128_ate_G1_precomp &prec_P2, const alt_bn128_ate_G2_precomp &prec_Q2)
 
alt_bn128_Fq12 alt_bn128_ate_pairing (const alt_bn128_G1 &P, const alt_bn128_G2 &Q)
 
alt_bn128_GT alt_bn128_ate_reduced_pairing (const alt_bn128_G1 &P, const alt_bn128_G2 &Q)
 
alt_bn128_G1_precomp alt_bn128_precompute_G1 (const alt_bn128_G1 &P)
 
alt_bn128_G2_precomp alt_bn128_precompute_G2 (const alt_bn128_G2 &Q)
 
alt_bn128_Fq12 alt_bn128_miller_loop (const alt_bn128_G1_precomp &prec_P, const alt_bn128_G2_precomp &prec_Q)
 
alt_bn128_Fq12 alt_bn128_double_miller_loop (const alt_bn128_G1_precomp &prec_P1, const alt_bn128_G2_precomp &prec_Q1, const alt_bn128_G1_precomp &prec_P2, const alt_bn128_G2_precomp &prec_Q2)
 
alt_bn128_Fq12 alt_bn128_pairing (const alt_bn128_G1 &P, const alt_bn128_G2 &Q)
 
alt_bn128_GT alt_bn128_reduced_pairing (const alt_bn128_G1 &P, const alt_bn128_G2 &Q)
 
alt_bn128_GT alt_bn128_affine_reduced_pairing (const alt_bn128_G1 &P, const alt_bn128_G2 &Q)
 
std::ostream & operator<< (std::ostream &out, const bn128_G1 &g)
 
std::istream & operator>> (std::istream &in, bn128_G1 &g)
 
std::ostream & operator<< (std::ostream &out, const std::vector< bn128_G1 > &v)
 
std::istream & operator>> (std::istream &in, std::vector< bn128_G1 > &v)
 
template<mp_size_t m>
bn128_G1 operator* (const bigint< m > &lhs, const bn128_G1 &rhs)
 
template<mp_size_t m, const bigint< m > & modulus_p>
bn128_G1 operator* (const Fp_model< m, modulus_p > &lhs, const bn128_G1 &rhs)
 
std::ostream & operator<< (std::ostream &out, const bn128_G2 &g)
 
std::istream & operator>> (std::istream &in, bn128_G2 &g)
 
template<mp_size_t m>
bn128_G2 operator* (const bigint< m > &lhs, const bn128_G2 &rhs)
 
template<mp_size_t m, const bigint< m > & modulus_p>
bn128_G2 operator* (const Fp_model< m, modulus_p > &lhs, const bn128_G2 &rhs)
 
std::ostream & operator<< (std::ostream &out, const bn128_GT &g)
 
std::istream & operator>> (std::istream &in, bn128_GT &g)
 
template<mp_size_t m>
bn128_GT operator^ (const bn128_GT &rhs, const bigint< m > &lhs)
 
template<mp_size_t m, const bigint< m > & modulus_p>
bn128_GT operator^ (const bn128_GT &rhs, const Fp_model< m, modulus_p > &lhs)
 
void init_bn128_params ()
 
std::ostream & operator<< (std::ostream &out, const bn128_ate_G1_precomp &prec_P)
 
std::istream & operator>> (std::istream &in, bn128_ate_G1_precomp &prec_P)
 
std::ostream & operator<< (std::ostream &out, const bn128_ate_G2_precomp &prec_Q)
 
std::istream & operator>> (std::istream &in, bn128_ate_G2_precomp &prec_Q)
 
bn128_ate_G1_precomp bn128_ate_precompute_G1 (const bn128_G1 &P)
 
bn128_ate_G2_precomp bn128_ate_precompute_G2 (const bn128_G2 &Q)
 
bn128_Fq12 bn128_ate_miller_loop (const bn128_ate_G1_precomp &prec_P, const bn128_ate_G2_precomp &prec_Q)
 
bn128_Fq12 bn128_double_ate_miller_loop (const bn128_ate_G1_precomp &prec_P1, const bn128_ate_G2_precomp &prec_Q1, const bn128_ate_G1_precomp &prec_P2, const bn128_ate_G2_precomp &prec_Q2)
 
bn128_GT bn128_final_exponentiation (const bn128_Fq12 &elt)
 
template<typename FieldT >
void bn_batch_invert (std::vector< FieldT > &vec)
 
template<typename GroupT , mp_size_t m>
GroupT scalar_mul (const GroupT &base, const bigint< m > &scalar)
 
std::ostream & operator<< (std::ostream &out, const edwards_G1 &g)
 
std::istream & operator>> (std::istream &in, edwards_G1 &g)
 
std::ostream & operator<< (std::ostream &out, const std::vector< edwards_G1 > &v)
 
std::istream & operator>> (std::istream &in, std::vector< edwards_G1 > &v)
 
template<mp_size_t m>
edwards_G1 operator* (const bigint< m > &lhs, const edwards_G1 &rhs)
 
template<mp_size_t m, const bigint< m > & modulus_p>
edwards_G1 operator* (const Fp_model< m, modulus_p > &lhs, const edwards_G1 &rhs)
 
std::ostream & operator<< (std::ostream &out, const edwards_G2 &g)
 
std::istream & operator>> (std::istream &in, edwards_G2 &g)
 
template<mp_size_t m>
edwards_G2 operator* (const bigint< m > &lhs, const edwards_G2 &rhs)
 
template<mp_size_t m, const bigint< m > & modulus_p>
edwards_G2 operator* (const Fp_model< m, modulus_p > &lhs, const edwards_G2 &rhs)
 
void init_edwards_params ()
 
std::ostream & operator<< (std::ostream &out, const edwards_Fq_conic_coefficients &cc)
 
std::istream & operator>> (std::istream &in, edwards_Fq_conic_coefficients &cc)
 
std::ostream & operator<< (std::ostream &out, const edwards_tate_G1_precomp &prec_P)
 
std::istream & operator>> (std::istream &in, edwards_tate_G1_precomp &prec_P)
 
std::ostream & operator<< (std::ostream &out, const edwards_tate_G2_precomp &prec_Q)
 
std::istream & operator>> (std::istream &in, edwards_tate_G2_precomp &prec_Q)
 
std::ostream & operator<< (std::ostream &out, const edwards_Fq3_conic_coefficients &cc)
 
std::istream & operator>> (std::istream &in, edwards_Fq3_conic_coefficients &cc)
 
std::ostream & operator<< (std::ostream &out, const edwards_ate_G2_precomp &prec_Q)
 
std::istream & operator>> (std::istream &in, edwards_ate_G2_precomp &prec_Q)
 
std::ostream & operator<< (std::ostream &out, const edwards_ate_G1_precomp &prec_P)
 
std::istream & operator>> (std::istream &in, edwards_ate_G1_precomp &prec_P)
 
edwards_Fq6 edwards_final_exponentiation_last_chunk (const edwards_Fq6 &elt, const edwards_Fq6 &elt_inv)
 
edwards_Fq6 edwards_final_exponentiation_first_chunk (const edwards_Fq6 &elt, const edwards_Fq6 &elt_inv)
 
edwards_GT edwards_final_exponentiation (const edwards_Fq6 &elt)
 
edwards_tate_G2_precomp edwards_tate_precompute_G2 (const edwards_G2 &Q)
 
void doubling_step_for_miller_loop (extended_edwards_G1_projective &current, edwards_Fq_conic_coefficients &cc)
 
void full_addition_step_for_miller_loop (const extended_edwards_G1_projective &base, extended_edwards_G1_projective &current, edwards_Fq_conic_coefficients &cc)
 
void mixed_addition_step_for_miller_loop (const extended_edwards_G1_projective &base, extended_edwards_G1_projective &current, edwards_Fq_conic_coefficients &cc)
 
edwards_tate_G1_precomp edwards_tate_precompute_G1 (const edwards_G1 &P)
 
edwards_Fq6 edwards_tate_miller_loop (const edwards_tate_G1_precomp &prec_P, const edwards_tate_G2_precomp &prec_Q)
 
edwards_Fq6 edwards_tate_pairing (const edwards_G1 &P, const edwards_G2 &Q)
 
edwards_GT edwards_tate_reduced_pairing (const edwards_G1 &P, const edwards_G2 &Q)
 
void doubling_step_for_flipped_miller_loop (extended_edwards_G2_projective &current, edwards_Fq3_conic_coefficients &cc)
 
void full_addition_step_for_flipped_miller_loop (const extended_edwards_G2_projective &base, extended_edwards_G2_projective &current, edwards_Fq3_conic_coefficients &cc)
 
void mixed_addition_step_for_flipped_miller_loop (const extended_edwards_G2_projective &base, extended_edwards_G2_projective &current, edwards_Fq3_conic_coefficients &cc)
 
edwards_ate_G1_precomp edwards_ate_precompute_G1 (const edwards_G1 &P)
 
edwards_ate_G2_precomp edwards_ate_precompute_G2 (const edwards_G2 &Q)
 
edwards_Fq6 edwards_ate_miller_loop (const edwards_ate_G1_precomp &prec_P, const edwards_ate_G2_precomp &prec_Q)
 
edwards_Fq6 edwards_ate_double_miller_loop (const edwards_ate_G1_precomp &prec_P1, const edwards_ate_G2_precomp &prec_Q1, const edwards_ate_G1_precomp &prec_P2, const edwards_ate_G2_precomp &prec_Q2)
 
edwards_Fq6 edwards_ate_pairing (const edwards_G1 &P, const edwards_G2 &Q)
 
edwards_GT edwards_ate_reduced_pairing (const edwards_G1 &P, const edwards_G2 &Q)
 
edwards_G1_precomp edwards_precompute_G1 (const edwards_G1 &P)
 
edwards_G2_precomp edwards_precompute_G2 (const edwards_G2 &Q)
 
edwards_Fq6 edwards_miller_loop (const edwards_G1_precomp &prec_P, const edwards_G2_precomp &prec_Q)
 
edwards_Fq6 edwards_double_miller_loop (const edwards_G1_precomp &prec_P1, const edwards_G2_precomp &prec_Q1, const edwards_G1_precomp &prec_P2, const edwards_G2_precomp &prec_Q2)
 
edwards_Fq6 edwards_pairing (const edwards_G1 &P, const edwards_G2 &Q)
 
edwards_GT edwards_reduced_pairing (const edwards_G1 &P, const edwards_G2 &Q)
 
std::ostream & operator<< (std::ostream &out, const mnt4_G1 &g)
 
std::istream & operator>> (std::istream &in, mnt4_G1 &g)
 
std::ostream & operator<< (std::ostream &out, const std::vector< mnt4_G1 > &v)
 
std::istream & operator>> (std::istream &in, std::vector< mnt4_G1 > &v)
 
template<mp_size_t m>
mnt4_G1 operator* (const bigint< m > &lhs, const mnt4_G1 &rhs)
 
template<mp_size_t m, const bigint< m > & modulus_p>
mnt4_G1 operator* (const Fp_model< m, modulus_p > &lhs, const mnt4_G1 &rhs)
 
std::ostream & operator<< (std::ostream &out, const mnt4_G2 &g)
 
std::istream & operator>> (std::istream &in, mnt4_G2 &g)
 
template<mp_size_t m>
mnt4_G2 operator* (const bigint< m > &lhs, const mnt4_G2 &rhs)
 
template<mp_size_t m, const bigint< m > & modulus_p>
mnt4_G2 operator* (const Fp_model< m, modulus_p > &lhs, const mnt4_G2 &rhs)
 
void init_mnt4_params ()
 
std::ostream & operator<< (std::ostream &out, const mnt4_ate_G1_precomp &prec_P)
 
std::istream & operator>> (std::istream &in, mnt4_ate_G1_precomp &prec_P)
 
std::ostream & operator<< (std::ostream &out, const mnt4_ate_dbl_coeffs &dc)
 
std::istream & operator>> (std::istream &in, mnt4_ate_dbl_coeffs &dc)
 
std::ostream & operator<< (std::ostream &out, const mnt4_ate_add_coeffs &ac)
 
std::istream & operator>> (std::istream &in, mnt4_ate_add_coeffs &ac)
 
std::ostream & operator<< (std::ostream &out, const mnt4_ate_G2_precomp &prec_Q)
 
std::istream & operator>> (std::istream &in, mnt4_ate_G2_precomp &prec_Q)
 
mnt4_Fq4 mnt4_final_exponentiation_last_chunk (const mnt4_Fq4 &elt, const mnt4_Fq4 &elt_inv)
 
mnt4_Fq4 mnt4_final_exponentiation_first_chunk (const mnt4_Fq4 &elt, const mnt4_Fq4 &elt_inv)
 
mnt4_GT mnt4_final_exponentiation (const mnt4_Fq4 &elt)
 
mnt4_affine_ate_G1_precomputation mnt4_affine_ate_precompute_G1 (const mnt4_G1 &P)
 
mnt4_affine_ate_G2_precomputation mnt4_affine_ate_precompute_G2 (const mnt4_G2 &Q)
 
mnt4_Fq4 mnt4_affine_ate_miller_loop (const mnt4_affine_ate_G1_precomputation &prec_P, const mnt4_affine_ate_G2_precomputation &prec_Q)
 
void doubling_step_for_flipped_miller_loop (extended_mnt4_G2_projective &current, mnt4_ate_dbl_coeffs &dc)
 
void mixed_addition_step_for_flipped_miller_loop (const mnt4_Fq2 base_X, const mnt4_Fq2 base_Y, const mnt4_Fq2 base_Y_squared, extended_mnt4_G2_projective &current, mnt4_ate_add_coeffs &ac)
 
mnt4_ate_G1_precomp mnt4_ate_precompute_G1 (const mnt4_G1 &P)
 
mnt4_ate_G2_precomp mnt4_ate_precompute_G2 (const mnt4_G2 &Q)
 
mnt4_Fq4 mnt4_ate_miller_loop (const mnt4_ate_G1_precomp &prec_P, const mnt4_ate_G2_precomp &prec_Q)
 
mnt4_Fq4 mnt4_ate_double_miller_loop (const mnt4_ate_G1_precomp &prec_P1, const mnt4_ate_G2_precomp &prec_Q1, const mnt4_ate_G1_precomp &prec_P2, const mnt4_ate_G2_precomp &prec_Q2)
 
mnt4_Fq4 mnt4_ate_pairing (const mnt4_G1 &P, const mnt4_G2 &Q)
 
mnt4_GT mnt4_ate_reduced_pairing (const mnt4_G1 &P, const mnt4_G2 &Q)
 
mnt4_G1_precomp mnt4_precompute_G1 (const mnt4_G1 &P)
 
mnt4_G2_precomp mnt4_precompute_G2 (const mnt4_G2 &Q)
 
mnt4_Fq4 mnt4_miller_loop (const mnt4_G1_precomp &prec_P, const mnt4_G2_precomp &prec_Q)
 
mnt4_Fq4 mnt4_double_miller_loop (const mnt4_G1_precomp &prec_P1, const mnt4_G2_precomp &prec_Q1, const mnt4_G1_precomp &prec_P2, const mnt4_G2_precomp &prec_Q2)
 
mnt4_Fq4 mnt4_pairing (const mnt4_G1 &P, const mnt4_G2 &Q)
 
mnt4_GT mnt4_reduced_pairing (const mnt4_G1 &P, const mnt4_G2 &Q)
 
mnt4_GT mnt4_affine_reduced_pairing (const mnt4_G1 &P, const mnt4_G2 &Q)
 
std::ostream & operator<< (std::ostream &out, const mnt6_G1 &g)
 
std::istream & operator>> (std::istream &in, mnt6_G1 &g)
 
std::ostream & operator<< (std::ostream &out, const std::vector< mnt6_G1 > &v)
 
std::istream & operator>> (std::istream &in, std::vector< mnt6_G1 > &v)
 
template<mp_size_t m>
mnt6_G1 operator* (const bigint< m > &lhs, const mnt6_G1 &rhs)
 
template<mp_size_t m, const bigint< m > & modulus_p>
mnt6_G1 operator* (const Fp_model< m, modulus_p > &lhs, const mnt6_G1 &rhs)
 
std::ostream & operator<< (std::ostream &out, const mnt6_G2 &g)
 
std::istream & operator>> (std::istream &in, mnt6_G2 &g)
 
template<mp_size_t m>
mnt6_G2 operator* (const bigint< m > &lhs, const mnt6_G2 &rhs)
 
template<mp_size_t m, const bigint< m > & modulus_p>
mnt6_G2 operator* (const Fp_model< m, modulus_p > &lhs, const mnt6_G2 &rhs)
 
void init_mnt6_params ()
 
std::ostream & operator<< (std::ostream &out, const mnt6_ate_G1_precomp &prec_P)
 
std::istream & operator>> (std::istream &in, mnt6_ate_G1_precomp &prec_P)
 
std::ostream & operator<< (std::ostream &out, const mnt6_ate_dbl_coeffs &dc)
 
std::istream & operator>> (std::istream &in, mnt6_ate_dbl_coeffs &dc)
 
std::ostream & operator<< (std::ostream &out, const mnt6_ate_add_coeffs &ac)
 
std::istream & operator>> (std::istream &in, mnt6_ate_add_coeffs &ac)
 
std::ostream & operator<< (std::ostream &out, const mnt6_ate_G2_precomp &prec_Q)
 
std::istream & operator>> (std::istream &in, mnt6_ate_G2_precomp &prec_Q)
 
mnt6_Fq6 mnt6_final_exponentiation_last_chunk (const mnt6_Fq6 &elt, const mnt6_Fq6 &elt_inv)
 
mnt6_Fq6 mnt6_final_exponentiation_first_chunk (const mnt6_Fq6 &elt, const mnt6_Fq6 &elt_inv)
 
mnt6_GT mnt6_final_exponentiation (const mnt6_Fq6 &elt)
 
mnt6_affine_ate_G1_precomputation mnt6_affine_ate_precompute_G1 (const mnt6_G1 &P)
 
mnt6_affine_ate_G2_precomputation mnt6_affine_ate_precompute_G2 (const mnt6_G2 &Q)
 
mnt6_Fq6 mnt6_affine_ate_miller_loop (const mnt6_affine_ate_G1_precomputation &prec_P, const mnt6_affine_ate_G2_precomputation &prec_Q)
 
void doubling_step_for_flipped_miller_loop (extended_mnt6_G2_projective &current, mnt6_ate_dbl_coeffs &dc)
 
void mixed_addition_step_for_flipped_miller_loop (const mnt6_Fq3 base_X, const mnt6_Fq3 base_Y, const mnt6_Fq3 base_Y_squared, extended_mnt6_G2_projective &current, mnt6_ate_add_coeffs &ac)
 
mnt6_ate_G1_precomp mnt6_ate_precompute_G1 (const mnt6_G1 &P)
 
mnt6_ate_G2_precomp mnt6_ate_precompute_G2 (const mnt6_G2 &Q)
 
mnt6_Fq6 mnt6_ate_miller_loop (const mnt6_ate_G1_precomp &prec_P, const mnt6_ate_G2_precomp &prec_Q)
 
mnt6_Fq6 mnt6_ate_double_miller_loop (const mnt6_ate_G1_precomp &prec_P1, const mnt6_ate_G2_precomp &prec_Q1, const mnt6_ate_G1_precomp &prec_P2, const mnt6_ate_G2_precomp &prec_Q2)
 
mnt6_Fq6 mnt6_ate_pairing (const mnt6_G1 &P, const mnt6_G2 &Q)
 
mnt6_GT mnt6_ate_reduced_pairing (const mnt6_G1 &P, const mnt6_G2 &Q)
 
mnt6_G1_precomp mnt6_precompute_G1 (const mnt6_G1 &P)
 
mnt6_G2_precomp mnt6_precompute_G2 (const mnt6_G2 &Q)
 
mnt6_Fq6 mnt6_miller_loop (const mnt6_G1_precomp &prec_P, const mnt6_G2_precomp &prec_Q)
 
mnt6_Fq6 mnt6_double_miller_loop (const mnt6_G1_precomp &prec_P1, const mnt6_G2_precomp &prec_Q1, const mnt6_G1_precomp &prec_P2, const mnt6_G2_precomp &prec_Q2)
 
mnt6_Fq6 mnt6_pairing (const mnt6_G1 &P, const mnt6_G2 &Q)
 
mnt6_GT mnt6_reduced_pairing (const mnt6_G1 &P, const mnt6_G2 &Q)
 
mnt6_GT mnt6_affine_reduced_pairing (const mnt6_G1 &P, const mnt6_G2 &Q)
 
template<typename FieldT , mp_size_t m>
FieldT power (const FieldT &base, const bigint< m > &exponent)
 
template<typename FieldT >
FieldT power (const FieldT &base, const unsigned long exponent)
 
template<mp_size_t n>
std::ostream & operator<< (std::ostream &out, const bigint< n > &b)
 
template<mp_size_t n>
std::istream & operator>> (std::istream &in, bigint< n > &b)
 
template<typename FieldT >
std::enable_if< std::is_same< FieldT, Double >::value, FieldT >::type get_root_of_unity (const size_t n)
 
template<typename FieldT >
std::enable_if<!std::is_same< FieldT, Double >::value, FieldT >::type get_root_of_unity (const size_t n)
 
template<typename FieldT >
std::vector< FieldT > pack_int_vector_into_field_element_vector (const std::vector< size_t > &v, const size_t w)
 
template<typename FieldT >
std::vector< FieldT > pack_bit_vector_into_field_element_vector (const bit_vector &v, const size_t chunk_bits)
 
template<typename FieldT >
std::vector< FieldT > pack_bit_vector_into_field_element_vector (const bit_vector &v)
 
template<typename FieldT >
std::vector< FieldT > convert_bit_vector_to_field_element_vector (const bit_vector &v)
 
template<typename FieldT >
bit_vector convert_field_element_vector_to_bit_vector (const std::vector< FieldT > &v)
 
template<typename FieldT >
bit_vector convert_field_element_to_bit_vector (const FieldT &el)
 
template<typename FieldT >
bit_vector convert_field_element_to_bit_vector (const FieldT &el, const size_t bitcount)
 
template<typename FieldT >
FieldT convert_bit_vector_to_field_element (const bit_vector &v)
 
template<typename FieldT >
void batch_invert (std::vector< FieldT > &vec)
 
template<mp_size_t n, const bigint< n > & modulus>
std::ostream & operator<< (std::ostream &, const Fp_model< n, modulus > &)
 
template<mp_size_t n, const bigint< n > & modulus>
std::istream & operator>> (std::istream &in, Fp_model< n, modulus > &p)
 
template<mp_size_t n, const bigint< n > & modulus>
std::ostream & operator<< (std::ostream &, const Fp12_2over3over2_model< n, modulus > &)
 
template<mp_size_t n, const bigint< n > & modulus>
std::istream & operator>> (std::istream &in, Fp12_2over3over2_model< n, modulus > &el)
 
template<mp_size_t n, const bigint< n > & modulus>
std::ostream & operator<< (std::ostream &out, const std::vector< Fp12_2over3over2_model< n, modulus > > &v)
 
template<mp_size_t n, const bigint< n > & modulus>
std::istream & operator>> (std::istream &in, std::vector< Fp12_2over3over2_model< n, modulus > > &v)
 
template<mp_size_t n, const bigint< n > & modulus>
Fp12_2over3over2_model< n, modulus > operator* (const Fp_model< n, modulus > &lhs, const Fp12_2over3over2_model< n, modulus > &rhs)
 
template<mp_size_t n, const bigint< n > & modulus>
Fp12_2over3over2_model< n, modulus > operator* (const Fp2_model< n, modulus > &lhs, const Fp12_2over3over2_model< n, modulus > &rhs)
 
template<mp_size_t n, const bigint< n > & modulus>
Fp12_2over3over2_model< n, modulus > operator* (const Fp6_3over2_model< n, modulus > &lhs, const Fp12_2over3over2_model< n, modulus > &rhs)
 
template<mp_size_t n, const bigint< n > & modulus, mp_size_t m>
Fp12_2over3over2_model< n, modulus > operator^ (const Fp12_2over3over2_model< n, modulus > &self, const bigint< m > &exponent)
 
template<mp_size_t n, const bigint< n > & modulus, mp_size_t m, const bigint< m > & exp_modulus>
Fp12_2over3over2_model< n, modulus > operator^ (const Fp12_2over3over2_model< n, modulus > &self, const Fp_model< m, exp_modulus > &exponent)
 
template<mp_size_t n, const bigint< n > & modulus>
std::ostream & operator<< (std::ostream &, const Fp2_model< n, modulus > &)
 
template<mp_size_t n, const bigint< n > & modulus>
std::istream & operator>> (std::istream &in, Fp2_model< n, modulus > &el)
 
template<mp_size_t n, const bigint< n > & modulus>
std::ostream & operator<< (std::ostream &out, const std::vector< Fp2_model< n, modulus > > &v)
 
template<mp_size_t n, const bigint< n > & modulus>
std::istream & operator>> (std::istream &in, std::vector< Fp2_model< n, modulus > > &v)
 
template<mp_size_t n, const bigint< n > & modulus>
Fp2_model< n, modulus > operator* (const Fp_model< n, modulus > &lhs, const Fp2_model< n, modulus > &rhs)
 
template<mp_size_t n, const bigint< n > & modulus>
std::ostream & operator<< (std::ostream &, const Fp3_model< n, modulus > &)
 
template<mp_size_t n, const bigint< n > & modulus>
std::istream & operator>> (std::istream &in, Fp3_model< n, modulus > &el)
 
template<mp_size_t n, const bigint< n > & modulus>
std::ostream & operator<< (std::ostream &out, const std::vector< Fp3_model< n, modulus > > &v)
 
template<mp_size_t n, const bigint< n > & modulus>
std::istream & operator>> (std::istream &in, std::vector< Fp3_model< n, modulus > > &v)
 
template<mp_size_t n, const bigint< n > & modulus>
Fp3_model< n, modulus > operator* (const Fp_model< n, modulus > &lhs, const Fp3_model< n, modulus > &rhs)
 
template<mp_size_t n, const bigint< n > & modulus>
std::ostream & operator<< (std::ostream &, const Fp4_model< n, modulus > &)
 
template<mp_size_t n, const bigint< n > & modulus>
std::istream & operator>> (std::istream &in, Fp4_model< n, modulus > &el)
 
template<mp_size_t n, const bigint< n > & modulus>
Fp4_model< n, modulus > operator* (const Fp_model< n, modulus > &lhs, const Fp4_model< n, modulus > &rhs)
 
template<mp_size_t n, const bigint< n > & modulus>
Fp4_model< n, modulus > operator* (const Fp2_model< n, modulus > &lhs, const Fp4_model< n, modulus > &rhs)
 
template<mp_size_t n, const bigint< n > & modulus, mp_size_t m>
Fp4_model< n, modulus > operator^ (const Fp4_model< n, modulus > &self, const bigint< m > &exponent)
 
template<mp_size_t n, const bigint< n > & modulus, mp_size_t m, const bigint< m > & modulus_p>
Fp4_model< n, modulus > operator^ (const Fp4_model< n, modulus > &self, const Fp_model< m, modulus_p > &exponent)
 
template<mp_size_t n, const bigint< n > & modulus>
std::ostream & operator<< (std::ostream &, const Fp6_2over3_model< n, modulus > &)
 
template<mp_size_t n, const bigint< n > & modulus>
std::istream & operator>> (std::istream &in, Fp6_2over3_model< n, modulus > &el)
 
template<mp_size_t n, const bigint< n > & modulus>
std::ostream & operator<< (std::ostream &out, const std::vector< Fp6_2over3_model< n, modulus > > &v)
 
template<mp_size_t n, const bigint< n > & modulus>
std::istream & operator>> (std::istream &in, std::vector< Fp6_2over3_model< n, modulus > > &v)
 
template<mp_size_t n, const bigint< n > & modulus>
Fp6_2over3_model< n, modulus > operator* (const Fp_model< n, modulus > &lhs, const Fp6_2over3_model< n, modulus > &rhs)
 
template<mp_size_t n, const bigint< n > & modulus, mp_size_t m>
Fp6_2over3_model< n, modulus > operator^ (const Fp6_2over3_model< n, modulus > &self, const bigint< m > &exponent)
 
template<mp_size_t n, const bigint< n > & modulus, mp_size_t m, const bigint< m > & exp_modulus>
Fp6_2over3_model< n, modulus > operator^ (const Fp6_2over3_model< n, modulus > &self, const Fp_model< m, exp_modulus > &exponent)
 
template<mp_size_t n, const bigint< n > & modulus>
std::ostream & operator<< (std::ostream &, const Fp6_3over2_model< n, modulus > &)
 
template<mp_size_t n, const bigint< n > & modulus>
std::istream & operator>> (std::istream &in, Fp6_3over2_model< n, modulus > &el)
 
template<mp_size_t n, const bigint< n > & modulus>
std::ostream & operator<< (std::ostream &out, const std::vector< Fp6_3over2_model< n, modulus > > &v)
 
template<mp_size_t n, const bigint< n > & modulus>
std::istream & operator>> (std::istream &in, std::vector< Fp6_3over2_model< n, modulus > > &v)
 
template<mp_size_t n, const bigint< n > & modulus>
Fp6_3over2_model< n, modulus > operator* (const Fp_model< n, modulus > &lhs, const Fp6_3over2_model< n, modulus > &rhs)
 
template<mp_size_t n, const bigint< n > & modulus>
Fp6_3over2_model< n, modulus > operator* (const Fp2_model< n, modulus > &lhs, const Fp6_3over2_model< n, modulus > &rhs)
 
template<typename T , typename FieldT , multi_exp_method Method>
T multi_exp (typename std::vector< T >::const_iterator vec_start, typename std::vector< T >::const_iterator vec_end, typename std::vector< FieldT >::const_iterator scalar_start, typename std::vector< FieldT >::const_iterator scalar_end, const size_t chunks)
 
template<typename T , typename FieldT , multi_exp_method Method>
T multi_exp_with_mixed_addition (typename std::vector< T >::const_iterator vec_start, typename std::vector< T >::const_iterator vec_end, typename std::vector< FieldT >::const_iterator scalar_start, typename std::vector< FieldT >::const_iterator scalar_end, const size_t chunks)
 
template<typename T >
T inner_product (typename std::vector< T >::const_iterator a_start, typename std::vector< T >::const_iterator a_end, typename std::vector< T >::const_iterator b_start, typename std::vector< T >::const_iterator b_end)
 
template<typename T >
size_t get_exp_window_size (const size_t num_scalars)
 
template<typename T >
window_table< Tget_window_table (const size_t scalar_size, const size_t window, const T &g)
 
template<typename T , typename FieldT >
T windowed_exp (const size_t scalar_size, const size_t window, const window_table< T > &powers_of_g, const FieldT &pow)
 
template<typename T , typename FieldT >
std::vector< Tbatch_exp (const size_t scalar_size, const size_t window, const window_table< T > &table, const std::vector< FieldT > &v)
 
template<typename T , typename FieldT >
std::vector< Tbatch_exp_with_coeff (const size_t scalar_size, const size_t window, const window_table< T > &table, const FieldT &coeff, const std::vector< FieldT > &v)
 
template<typename T >
void batch_to_special (std::vector< T > &vec)
 
template<mp_size_t n>
std::vector< long > find_wnaf (const size_t window_size, const bigint< n > &scalar)
 
template<typename T , mp_size_t n>
T fixed_window_wnaf_exp (const size_t window_size, const T &base, const bigint< n > &scalar)
 
template<typename T , mp_size_t n>
T opt_window_wnaf_exp (const T &base, const bigint< n > &scalar, const size_t scalar_bits)
 
long long get_nsec_time ()
 
long long get_nsec_cpu_time ()
 
void start_profiling ()
 
void clear_profiling_counters ()
 
void print_cumulative_time_entry (const std::string &key, const long long factor)
 
void print_cumulative_times (const long long factor)
 
void print_cumulative_op_counts (const bool only_fq)
 
void print_op_profiling (const std::string &msg)
 
void print_time (const char *msg)
 
void print_header (const char *msg)
 
void print_indent ()
 
void op_profiling_enter (const std::string &msg)
 
void enter_block (const std::string &msg, const bool indent)
 
void leave_block (const std::string &msg, const bool indent)
 
void print_mem (const std::string &s)
 
void print_compilation_info ()
 
template<typename FieldT >
FieldT SHA512_rng (const uint64_t idx)
 
void consume_newline (std::istream &in)
 
void consume_OUTPUT_NEWLINE (std::istream &in)
 
void consume_OUTPUT_SEPARATOR (std::istream &in)
 
void output_bool (std::ostream &out, const bool b)
 
void input_bool (std::istream &in, bool &b)
 
void output_bool_vector (std::ostream &out, const std::vector< bool > &v)
 
void input_bool_vector (std::istream &in, std::vector< bool > &v)
 
template<typename T >
T reserialize (const T &obj)
 
template<typename T >
std::ostream & operator<< (std::ostream &out, const std::vector< T > &v)
 
template<typename T >
std::istream & operator>> (std::ostream &out, std::vector< T > &v)
 
template<typename T1 , typename T2 >
std::ostream & operator<< (std::ostream &out, const std::map< T1, T2 > &m)
 
template<typename T1 , typename T2 >
std::istream & operator>> (std::istream &in, std::map< T1, T2 > &m)
 
template<typename T >
std::ostream & operator<< (std::ostream &out, const std::set< T > &s)
 
template<typename T >
std::istream & operator>> (std::istream &in, std::set< T > &s)
 
size_t get_power_of_two (size_t n)
 
size_t log2 (size_t n)
 returns ceil(log2(n)), so 1ul<<log2(n) is the smallest power of 2, that is not less than n
 
size_t to_twos_complement (int i, size_t w)
 
int from_twos_complement (size_t i, size_t w)
 
size_t bitreverse (size_t n, const size_t l)
 
bit_vector int_list_to_bits (const std::initializer_list< unsigned long > &l, const size_t wordsize)
 
long long div_ceil (long long x, long long y)
 
bool is_little_endian ()
 
std::string FORMAT (const std::string &prefix, const char *format,...)
 
void serialize_bit_vector (std::ostream &out, const bit_vector &v)
 
void deserialize_bit_vector (std::istream &in, bit_vector &v)
 
size_t exp2 (size_t k)
 
template<typename ... Types>
void UNUSED (Types &&...)
 
template<typename T >
size_t size_in_bits (const std::vector< T > &v)
 

Variables

bigint< alt_bn128_r_limbsalt_bn128_modulus_r
 
bigint< alt_bn128_q_limbsalt_bn128_modulus_q
 
alt_bn128_Fq alt_bn128_coeff_b
 
alt_bn128_Fq2 alt_bn128_twist
 
alt_bn128_Fq2 alt_bn128_twist_coeff_b
 
alt_bn128_Fq alt_bn128_twist_mul_by_b_c0
 
alt_bn128_Fq alt_bn128_twist_mul_by_b_c1
 
alt_bn128_Fq2 alt_bn128_twist_mul_by_q_X
 
alt_bn128_Fq2 alt_bn128_twist_mul_by_q_Y
 
bigint< alt_bn128_q_limbsalt_bn128_ate_loop_count
 
bool alt_bn128_ate_is_loop_count_neg
 
bigint< 12 *alt_bn128_q_limbsalt_bn128_final_exponent
 
bigint< alt_bn128_q_limbsalt_bn128_final_exponent_z
 
bool alt_bn128_final_exponent_is_z_neg
 
const mp_size_t alt_bn128_r_bitcount = 254
 
const mp_size_t alt_bn128_q_bitcount = 254
 
const mp_size_t alt_bn128_r_limbs = (alt_bn128_r_bitcount+GMP_NUMB_BITS-1)/GMP_NUMB_BITS
 
const mp_size_t alt_bn128_q_limbs = (alt_bn128_q_bitcount+GMP_NUMB_BITS-1)/GMP_NUMB_BITS
 
bigint< bn128_r_limbsbn128_modulus_r
 
bigint< bn128_q_limbsbn128_modulus_q
 
bn::Fp bn128_coeff_b
 
size_t bn128_Fq_s
 
bn::Fp bn128_Fq_nqr_to_t
 
mie::Vuint bn128_Fq_t_minus_1_over_2
 
bn::Fp2 bn128_twist_coeff_b
 
size_t bn128_Fq2_s
 
bn::Fp2 bn128_Fq2_nqr_to_t
 
mie::Vuint bn128_Fq2_t_minus_1_over_2
 
const mp_size_t bn128_r_bitcount = 254
 
const mp_size_t bn128_q_bitcount = 254
 
const mp_size_t bn128_r_limbs = (bn128_r_bitcount+GMP_NUMB_BITS-1)/GMP_NUMB_BITS
 
const mp_size_t bn128_q_limbs = (bn128_q_bitcount+GMP_NUMB_BITS-1)/GMP_NUMB_BITS
 
bigint< edwards_r_limbsedwards_modulus_r
 
bigint< edwards_q_limbsedwards_modulus_q
 
edwards_Fq edwards_coeff_a
 
edwards_Fq edwards_coeff_d
 
edwards_Fq3 edwards_twist
 
edwards_Fq3 edwards_twist_coeff_a
 
edwards_Fq3 edwards_twist_coeff_d
 
edwards_Fq edwards_twist_mul_by_a_c0
 
edwards_Fq edwards_twist_mul_by_a_c1
 
edwards_Fq edwards_twist_mul_by_a_c2
 
edwards_Fq edwards_twist_mul_by_d_c0
 
edwards_Fq edwards_twist_mul_by_d_c1
 
edwards_Fq edwards_twist_mul_by_d_c2
 
edwards_Fq edwards_twist_mul_by_q_Y
 
edwards_Fq edwards_twist_mul_by_q_Z
 
bigint< edwards_q_limbsedwards_ate_loop_count
 
bigint< 6 *edwards_q_limbsedwards_final_exponent
 
bigint< edwards_q_limbsedwards_final_exponent_last_chunk_abs_of_w0
 
bool edwards_final_exponent_last_chunk_is_w0_neg
 
bigint< edwards_q_limbsedwards_final_exponent_last_chunk_w1
 
const mp_size_t edwards_r_bitcount = 181
 
const mp_size_t edwards_q_bitcount = 183
 
const mp_size_t edwards_r_limbs = (edwards_r_bitcount+GMP_NUMB_BITS-1)/GMP_NUMB_BITS
 
const mp_size_t edwards_q_limbs = (edwards_q_bitcount+GMP_NUMB_BITS-1)/GMP_NUMB_BITS
 
mnt4_Fq2 mnt4_twist
 
mnt4_Fq2 mnt4_twist_coeff_a
 
mnt4_Fq2 mnt4_twist_coeff_b
 
mnt4_Fq mnt4_twist_mul_by_a_c0
 
mnt4_Fq mnt4_twist_mul_by_a_c1
 
mnt4_Fq mnt4_twist_mul_by_b_c0
 
mnt4_Fq mnt4_twist_mul_by_b_c1
 
mnt4_Fq mnt4_twist_mul_by_q_X
 
mnt4_Fq mnt4_twist_mul_by_q_Y
 
bigint< mnt4_q_limbsmnt4_ate_loop_count
 
bool mnt4_ate_is_loop_count_neg
 
bigint< 4 *mnt4_q_limbsmnt4_final_exponent
 
bigint< mnt4_q_limbsmnt4_final_exponent_last_chunk_abs_of_w0
 
bool mnt4_final_exponent_last_chunk_is_w0_neg
 
bigint< mnt4_q_limbsmnt4_final_exponent_last_chunk_w1
 
const mp_size_t mnt4_r_bitcount = mnt46_A_bitcount
 
const mp_size_t mnt4_q_bitcount = mnt46_B_bitcount
 
const mp_size_t mnt4_r_limbs = mnt46_A_limbs
 
const mp_size_t mnt4_q_limbs = mnt46_B_limbs
 
bigint< mnt4_r_limbsmnt4_modulus_r
 
bigint< mnt4_q_limbsmnt4_modulus_q
 
bigint< mnt46_A_limbsmnt46_modulus_A
 
bigint< mnt46_B_limbsmnt46_modulus_B
 
const mp_size_t mnt46_A_bitcount = 298
 
const mp_size_t mnt46_B_bitcount = 298
 
const mp_size_t mnt46_A_limbs = (mnt46_A_bitcount+GMP_NUMB_BITS-1)/GMP_NUMB_BITS
 
const mp_size_t mnt46_B_limbs = (mnt46_B_bitcount+GMP_NUMB_BITS-1)/GMP_NUMB_BITS
 
mnt6_Fq3 mnt6_twist
 
mnt6_Fq3 mnt6_twist_coeff_a
 
mnt6_Fq3 mnt6_twist_coeff_b
 
mnt6_Fq mnt6_twist_mul_by_a_c0
 
mnt6_Fq mnt6_twist_mul_by_a_c1
 
mnt6_Fq mnt6_twist_mul_by_a_c2
 
mnt6_Fq mnt6_twist_mul_by_b_c0
 
mnt6_Fq mnt6_twist_mul_by_b_c1
 
mnt6_Fq mnt6_twist_mul_by_b_c2
 
mnt6_Fq mnt6_twist_mul_by_q_X
 
mnt6_Fq mnt6_twist_mul_by_q_Y
 
bigint< mnt6_q_limbsmnt6_ate_loop_count
 
bool mnt6_ate_is_loop_count_neg
 
bigint< 6 *mnt6_q_limbsmnt6_final_exponent
 
bigint< mnt6_q_limbsmnt6_final_exponent_last_chunk_abs_of_w0
 
bool mnt6_final_exponent_last_chunk_is_w0_neg
 
bigint< mnt6_q_limbsmnt6_final_exponent_last_chunk_w1
 
const mp_size_t mnt6_r_bitcount = mnt46_B_bitcount
 
const mp_size_t mnt6_q_bitcount = mnt46_A_bitcount
 
const mp_size_t mnt6_r_limbs = mnt46_B_limbs
 
const mp_size_t mnt6_q_limbs = mnt46_A_limbs
 
bigint< mnt6_r_limbsmnt6_modulus_r
 
bigint< mnt6_q_limbsmnt6_modulus_q
 
const double PI = 3.141592653589793238460264338328L
 
long long start_time
 
long long last_time
 
long long start_cpu_time
 
long long last_cpu_time
 
std::map< std::string, size_t > invocation_counts
 
std::map< std::string, long long > enter_times
 
std::map< std::string, long long > last_times
 
std::map< std::string, long long > cumulative_times
 
std::map< std::string, long long > enter_cpu_times
 
std::map< std::string, long long > last_cpu_times
 
std::map< std::pair< std::string, std::string >, long long > op_counts
 
std::map< std::pair< std::string, std::string >, long long > cumulative_op_counts
 
size_t indentation = 0
 
std::vector< std::string > block_names
 
std::list< std::pair< std::string, long long * > > op_data_points
 
bool inhibit_profiling_info = false
 
bool inhibit_profiling_counters = false
 

Typedef Documentation

◆ affine_ate_G1_precomp

template<typename EC_ppT >
using libff::affine_ate_G1_precomp = typename EC_ppT::affine_ate_G1_precomp_type

Definition at line 82 of file public_params.hpp.

◆ affine_ate_G2_precomp

template<typename EC_ppT >
using libff::affine_ate_G2_precomp = typename EC_ppT::affine_ate_G2_precomp_type

Definition at line 84 of file public_params.hpp.

◆ alt_bn128_Fq

typedef Fp_model<alt_bn128_q_limbs, alt_bn128_modulus_q> libff::alt_bn128_Fq

Definition at line 28 of file alt_bn128_init.hpp.

◆ alt_bn128_Fq12

typedef Fp12_2over3over2_model<alt_bn128_q_limbs, alt_bn128_modulus_q> libff::alt_bn128_Fq12

Definition at line 31 of file alt_bn128_init.hpp.

◆ alt_bn128_Fq2

typedef Fp2_model<alt_bn128_q_limbs, alt_bn128_modulus_q> libff::alt_bn128_Fq2

Definition at line 29 of file alt_bn128_init.hpp.

◆ alt_bn128_Fq6

typedef Fp6_3over2_model<alt_bn128_q_limbs, alt_bn128_modulus_q> libff::alt_bn128_Fq6

Definition at line 30 of file alt_bn128_init.hpp.

◆ alt_bn128_Fr

typedef Fp_model<alt_bn128_r_limbs, alt_bn128_modulus_r> libff::alt_bn128_Fr

Definition at line 27 of file alt_bn128_init.hpp.

◆ alt_bn128_G1_precomp

typedef alt_bn128_ate_G1_precomp libff::alt_bn128_G1_precomp

Definition at line 68 of file alt_bn128_pairing.hpp.

◆ alt_bn128_G2_precomp

typedef alt_bn128_ate_G2_precomp libff::alt_bn128_G2_precomp

Definition at line 69 of file alt_bn128_pairing.hpp.

◆ alt_bn128_GT

typedef alt_bn128_Fq12 libff::alt_bn128_GT

Definition at line 32 of file alt_bn128_init.hpp.

◆ bit_vector

typedef std::vector<bool> libff::bit_vector

Definition at line 21 of file utils.hpp.

◆ bn128_ate_ell_coeffs

typedef bn::Fp6 libff::bn128_ate_ell_coeffs

Definition at line 29 of file bn128_pairing.hpp.

◆ bn128_Fq

typedef Fp_model<bn128_q_limbs, bn128_modulus_q> libff::bn128_Fq

Definition at line 37 of file bn128_init.hpp.

◆ bn128_Fq12

typedef bn128_GT libff::bn128_Fq12

Definition at line 44 of file bn128_init.hpp.

◆ bn128_Fr

typedef Fp_model<bn128_r_limbs, bn128_modulus_r> libff::bn128_Fr

Definition at line 36 of file bn128_init.hpp.

◆ edwards_ate_G2_precomp

typedef std::vector<edwards_Fq3_conic_coefficients> libff::edwards_ate_G2_precomp

Definition at line 70 of file edwards_pairing.hpp.

◆ edwards_Fq

typedef Fp_model<edwards_q_limbs, edwards_modulus_q> libff::edwards_Fq

Definition at line 27 of file edwards_init.hpp.

◆ edwards_Fq3

typedef Fp3_model<edwards_q_limbs, edwards_modulus_q> libff::edwards_Fq3

Definition at line 28 of file edwards_init.hpp.

◆ edwards_Fq6

typedef Fp6_2over3_model<edwards_q_limbs, edwards_modulus_q> libff::edwards_Fq6

Definition at line 29 of file edwards_init.hpp.

◆ edwards_Fr

typedef Fp_model<edwards_r_limbs, edwards_modulus_r> libff::edwards_Fr

Definition at line 26 of file edwards_init.hpp.

◆ edwards_G1_precomp

typedef edwards_ate_G1_precomp libff::edwards_G1_precomp

Definition at line 102 of file edwards_pairing.hpp.

◆ edwards_G2_precomp

typedef edwards_ate_G2_precomp libff::edwards_G2_precomp

Definition at line 103 of file edwards_pairing.hpp.

◆ edwards_GT

typedef edwards_Fq6 libff::edwards_GT

Definition at line 30 of file edwards_init.hpp.

◆ edwards_tate_G1_precomp

typedef std::vector<edwards_Fq_conic_coefficients> libff::edwards_tate_G1_precomp

Definition at line 35 of file edwards_pairing.hpp.

◆ Fq

template<typename EC_ppT >
using libff::Fq = typename EC_ppT::Fq_type

Definition at line 86 of file public_params.hpp.

◆ Fqe

template<typename EC_ppT >
using libff::Fqe = typename EC_ppT::Fqe_type

Definition at line 88 of file public_params.hpp.

◆ Fqk

template<typename EC_ppT >
using libff::Fqk = typename EC_ppT::Fqk_type

Definition at line 90 of file public_params.hpp.

◆ Fr

template<typename EC_ppT >
using libff::Fr = typename EC_ppT::Fp_type

Definition at line 72 of file public_params.hpp.

◆ Fr_vector

template<typename EC_ppT >
using libff::Fr_vector = std::vector<Fr<EC_ppT> >

Definition at line 95 of file public_params.hpp.

◆ G1

template<typename EC_ppT >
using libff::G1 = typename EC_ppT::G1_type

Definition at line 74 of file public_params.hpp.

◆ G1_precomp

template<typename EC_ppT >
using libff::G1_precomp = typename EC_ppT::G1_precomp_type

Definition at line 78 of file public_params.hpp.

◆ G1_vector

template<typename EC_ppT >
using libff::G1_vector = std::vector<G1<EC_ppT> >

Definition at line 97 of file public_params.hpp.

◆ G2

template<typename EC_ppT >
using libff::G2 = typename EC_ppT::G2_type

Definition at line 76 of file public_params.hpp.

◆ G2_precomp

template<typename EC_ppT >
using libff::G2_precomp = typename EC_ppT::G2_precomp_type

Definition at line 80 of file public_params.hpp.

◆ G2_vector

template<typename EC_ppT >
using libff::G2_vector = std::vector<G2<EC_ppT> >

Definition at line 99 of file public_params.hpp.

◆ GT

template<typename EC_ppT >
using libff::GT = typename EC_ppT::GT_type

Definition at line 92 of file public_params.hpp.

◆ mnt4_Fq

typedef Fp_model<mnt4_q_limbs, mnt4_modulus_q> libff::mnt4_Fq

Definition at line 36 of file mnt4_init.hpp.

◆ mnt4_Fq2

typedef Fp2_model<mnt4_q_limbs, mnt4_modulus_q> libff::mnt4_Fq2

Definition at line 37 of file mnt4_init.hpp.

◆ mnt4_Fq4

typedef Fp4_model<mnt4_q_limbs, mnt4_modulus_q> libff::mnt4_Fq4

Definition at line 38 of file mnt4_init.hpp.

◆ mnt4_Fr

typedef Fp_model<mnt4_r_limbs, mnt4_modulus_r> libff::mnt4_Fr

Definition at line 35 of file mnt4_init.hpp.

◆ mnt4_G1_precomp

typedef mnt4_ate_G1_precomp libff::mnt4_G1_precomp

Definition at line 122 of file mnt4_pairing.hpp.

◆ mnt4_G2_precomp

typedef mnt4_ate_G2_precomp libff::mnt4_G2_precomp

Definition at line 123 of file mnt4_pairing.hpp.

◆ mnt4_GT

typedef mnt4_Fq4 libff::mnt4_GT

Definition at line 39 of file mnt4_init.hpp.

◆ mnt6_Fq

typedef Fp_model<mnt6_q_limbs, mnt6_modulus_q> libff::mnt6_Fq

Definition at line 36 of file mnt6_init.hpp.

◆ mnt6_Fq3

typedef Fp3_model<mnt6_q_limbs, mnt6_modulus_q> libff::mnt6_Fq3

Definition at line 37 of file mnt6_init.hpp.

◆ mnt6_Fq6

typedef Fp6_2over3_model<mnt6_q_limbs, mnt6_modulus_q> libff::mnt6_Fq6

Definition at line 38 of file mnt6_init.hpp.

◆ mnt6_Fr

typedef Fp_model<mnt6_r_limbs, mnt6_modulus_r> libff::mnt6_Fr

Definition at line 35 of file mnt6_init.hpp.

◆ mnt6_G1_precomp

typedef mnt6_ate_G1_precomp libff::mnt6_G1_precomp

Definition at line 122 of file mnt6_pairing.hpp.

◆ mnt6_G2_precomp

typedef mnt6_ate_G2_precomp libff::mnt6_G2_precomp

Definition at line 123 of file mnt6_pairing.hpp.

◆ mnt6_GT

typedef mnt6_Fq6 libff::mnt6_GT

Definition at line 39 of file mnt6_init.hpp.

◆ window_table

template<typename T >
using libff::window_table = std::vector<std::vector<T> >

A window table stores window sizes for different instance sizes for fixed-base multi-scalar multiplications.

Definition at line 91 of file multiexp.hpp.

Enumeration Type Documentation

◆ multi_exp_method

enum libff::multi_exp_method
Enumerator
multi_exp_method_naive 

Naive multi-exponentiation individually multiplies each base by the corresponding scalar and adds up the results. multi_exp_method_naive uses opt_window_wnaf_exp for exponentiation, while multi_exp_method_plain uses operator *.

multi_exp_method_naive_plain 
multi_exp_method_bos_coster 

A variant of the Bos-Coster algorithm [1], with implementation suggestions from [2].

[1] = Bos and Coster, "Addition chain heuristics", CRYPTO '89 [2] = Bernstein, Duif, Lange, Schwabe, and Yang, "High-speed high-security signatures", CHES '11

multi_exp_method_BDLO12 

A special case of Pippenger's algorithm from Page 15 of Bernstein, Doumen, Lange, Oosterwijk, "Faster batch forgery identification", INDOCRYPT 2012 (https://eprint.iacr.org/2012/549.pdf) When compiled with USE_MIXED_ADDITION, assumes input is in special form. Requires that T implements .dbl() (and, if USE_MIXED_ADDITION is defined, .to_special(), .mixed_add(), and batch_to_special()).

Definition at line 20 of file multiexp.hpp.

20 {
27 multi_exp_method_naive,
28 multi_exp_method_naive_plain,
36 multi_exp_method_bos_coster,
46 multi_exp_method_BDLO12
47};
libff::multi_exp_method_naive_plain
@ multi_exp_method_naive_plain
Definition multiexp.hpp:28
libff::multi_exp_method_naive
@ multi_exp_method_naive
Definition multiexp.hpp:27
libff::multi_exp_method_BDLO12
@ multi_exp_method_BDLO12
Definition multiexp.hpp:46
libff::multi_exp_method_bos_coster
@ multi_exp_method_bos_coster
Definition multiexp.hpp:36

Function Documentation

◆ alt_bn128_affine_reduced_pairing()

alt_bn128_GT libff::alt_bn128_affine_reduced_pairing ( const alt_bn128_G1 & P,
const alt_bn128_G2 & Q )

◆ alt_bn128_ate_double_miller_loop()

alt_bn128_Fq12 libff::alt_bn128_ate_double_miller_loop ( const alt_bn128_ate_G1_precomp & prec_P1,
const alt_bn128_ate_G2_precomp & prec_Q1,
const alt_bn128_ate_G1_precomp & prec_P2,
const alt_bn128_ate_G2_precomp & prec_Q2 )

Definition at line 422 of file alt_bn128_pairing.cpp.

426{
427 enter_block("Call to alt_bn128_ate_double_miller_loop");
428
429 alt_bn128_Fq12 f = alt_bn128_Fq12::one();
430
431 bool found_one = false;
432 size_t idx = 0;
433
434 const bigint<alt_bn128_Fr::num_limbs> &loop_count = alt_bn128_ate_loop_count;
435 for (long i = loop_count.max_bits(); i >= 0; --i)
436 {
437 const bool bit = loop_count.test_bit(i);
438 if (!found_one)
439 {
440 /* this skips the MSB itself */
441 found_one |= bit;
442 continue;
443 }
444
445 /* code below gets executed for all bits (EXCEPT the MSB itself) of
446 alt_bn128_param_p (skipping leading zeros) in MSB to LSB
447 order */
448
449 alt_bn128_ate_ell_coeffs c1 = prec_Q1.coeffs[idx];
450 alt_bn128_ate_ell_coeffs c2 = prec_Q2.coeffs[idx];
451 ++idx;
452
453 f = f.squared();
454
455 f = f.mul_by_024(c1.ell_0, prec_P1.PY * c1.ell_VW, prec_P1.PX * c1.ell_VV);
456 f = f.mul_by_024(c2.ell_0, prec_P2.PY * c2.ell_VW, prec_P2.PX * c2.ell_VV);
457
458 if (bit)
459 {
460 alt_bn128_ate_ell_coeffs c1 = prec_Q1.coeffs[idx];
461 alt_bn128_ate_ell_coeffs c2 = prec_Q2.coeffs[idx];
462 ++idx;
463
464 f = f.mul_by_024(c1.ell_0, prec_P1.PY * c1.ell_VW, prec_P1.PX * c1.ell_VV);
465 f = f.mul_by_024(c2.ell_0, prec_P2.PY * c2.ell_VW, prec_P2.PX * c2.ell_VV);
466 }
467 }
468
469 if (alt_bn128_ate_is_loop_count_neg)
470 {
471 f = f.inverse();
472 }
473
474 alt_bn128_ate_ell_coeffs c1 = prec_Q1.coeffs[idx];
475 alt_bn128_ate_ell_coeffs c2 = prec_Q2.coeffs[idx];
476 ++idx;
477 f = f.mul_by_024(c1.ell_0, prec_P1.PY * c1.ell_VW, prec_P1.PX * c1.ell_VV);
478 f = f.mul_by_024(c2.ell_0, prec_P2.PY * c2.ell_VW, prec_P2.PX * c2.ell_VV);
479
480 c1 = prec_Q1.coeffs[idx];
481 c2 = prec_Q2.coeffs[idx];
482 ++idx;
483 f = f.mul_by_024(c1.ell_0, prec_P1.PY * c1.ell_VW, prec_P1.PX * c1.ell_VV);
484 f = f.mul_by_024(c2.ell_0, prec_P2.PY * c2.ell_VW, prec_P2.PX * c2.ell_VV);
485
486 leave_block("Call to alt_bn128_ate_double_miller_loop");
487
488 return f;
489}
f
foo f
Definition X02-DisabledMacros.cpp:25
libff::Fp12_2over3over2_model
Definition fp12_2over3over2.hpp:38
libff::bigint::test_bit
bool test_bit(const std::size_t bitno) const
libff::bigint::max_bits
size_t max_bits() const
Definition bigint.hpp:48
libff::enter_block
void enter_block(const std::string &msg, const bool indent)
Definition profiling.cpp:245
libff::alt_bn128_ate_loop_count
bigint< alt_bn128_q_limbs > alt_bn128_ate_loop_count
Definition alt_bn128_init.cpp:25
libff::leave_block
void leave_block(const std::string &msg, const bool indent)
Definition profiling.cpp:282
libff::alt_bn128_ate_G1_precomp::PY
alt_bn128_Fq PY
Definition alt_bn128_pairing.hpp:24
libff::alt_bn128_ate_G1_precomp::PX
alt_bn128_Fq PX
Definition alt_bn128_pairing.hpp:23
libff::alt_bn128_ate_G2_precomp::coeffs
std::vector< alt_bn128_ate_ell_coeffs > coeffs
Definition alt_bn128_pairing.hpp:44
bit
int bit
Definition yubihsm.h:566
Here is the call graph for this function:
Here is the caller graph for this function:

◆ alt_bn128_ate_miller_loop()

alt_bn128_Fq12 libff::alt_bn128_ate_miller_loop ( const alt_bn128_ate_G1_precomp & prec_P,
const alt_bn128_ate_G2_precomp & prec_Q )

Definition at line 368 of file alt_bn128_pairing.cpp.

370{
371 enter_block("Call to alt_bn128_ate_miller_loop");
372
373 alt_bn128_Fq12 f = alt_bn128_Fq12::one();
374
375 bool found_one = false;
376 size_t idx = 0;
377
378 const bigint<alt_bn128_Fr::num_limbs> &loop_count = alt_bn128_ate_loop_count;
379 alt_bn128_ate_ell_coeffs c;
380
381 for (long i = loop_count.max_bits(); i >= 0; --i)
382 {
383 const bool bit = loop_count.test_bit(i);
384 if (!found_one)
385 {
386 /* this skips the MSB itself */
387 found_one |= bit;
388 continue;
389 }
390
391 /* code below gets executed for all bits (EXCEPT the MSB itself) of
392 alt_bn128_param_p (skipping leading zeros) in MSB to LSB
393 order */
394
395 c = prec_Q.coeffs[idx++];
396 f = f.squared();
397 f = f.mul_by_024(c.ell_0, prec_P.PY * c.ell_VW, prec_P.PX * c.ell_VV);
398
399 if (bit)
400 {
401 c = prec_Q.coeffs[idx++];
402 f = f.mul_by_024(c.ell_0, prec_P.PY * c.ell_VW, prec_P.PX * c.ell_VV);
403 }
404
405 }
406
407 if (alt_bn128_ate_is_loop_count_neg)
408 {
409 f = f.inverse();
410 }
411
412 c = prec_Q.coeffs[idx++];
413 f = f.mul_by_024(c.ell_0,prec_P.PY * c.ell_VW,prec_P.PX * c.ell_VV);
414
415 c = prec_Q.coeffs[idx++];
416 f = f.mul_by_024(c.ell_0,prec_P.PY * c.ell_VW,prec_P.PX * c.ell_VV);
417
418 leave_block("Call to alt_bn128_ate_miller_loop");
419 return f;
420}
libff::alt_bn128_ate_ell_coeffs
Definition alt_bn128_pairing.hpp:31
libff::alt_bn128_ate_ell_coeffs::ell_VV
alt_bn128_Fq2 ell_VV
Definition alt_bn128_pairing.hpp:34
libff::alt_bn128_ate_ell_coeffs::ell_0
alt_bn128_Fq2 ell_0
Definition alt_bn128_pairing.hpp:32
libff::alt_bn128_ate_ell_coeffs::ell_VW
alt_bn128_Fq2 ell_VW
Definition alt_bn128_pairing.hpp:33
Here is the call graph for this function:
Here is the caller graph for this function:

◆ alt_bn128_ate_pairing()

alt_bn128_Fq12 libff::alt_bn128_ate_pairing ( const alt_bn128_G1 & P,
const alt_bn128_G2 & Q )

Definition at line 491 of file alt_bn128_pairing.cpp.

492{
493 enter_block("Call to alt_bn128_ate_pairing");
494 alt_bn128_ate_G1_precomp prec_P = alt_bn128_ate_precompute_G1(P);
495 alt_bn128_ate_G2_precomp prec_Q = alt_bn128_ate_precompute_G2(Q);
496 alt_bn128_Fq12 result = alt_bn128_ate_miller_loop(prec_P, prec_Q);
497 leave_block("Call to alt_bn128_ate_pairing");
498 return result;
499}
P
#define P
Definition dtoa.c:437
libff::alt_bn128_ate_precompute_G2
alt_bn128_ate_G2_precomp alt_bn128_ate_precompute_G2(const alt_bn128_G2 &Q)
Definition alt_bn128_pairing.cpp:305
libff::alt_bn128_ate_precompute_G1
alt_bn128_ate_G1_precomp alt_bn128_ate_precompute_G1(const alt_bn128_G1 &P)
Definition alt_bn128_pairing.cpp:290
libff::alt_bn128_ate_miller_loop
alt_bn128_Fq12 alt_bn128_ate_miller_loop(const alt_bn128_ate_G1_precomp &prec_P, const alt_bn128_ate_G2_precomp &prec_Q)
Definition alt_bn128_pairing.cpp:368
libff::alt_bn128_ate_G1_precomp
Definition alt_bn128_pairing.hpp:22
libff::alt_bn128_ate_G2_precomp
Definition alt_bn128_pairing.hpp:41
Here is the call graph for this function:
Here is the caller graph for this function:

◆ alt_bn128_ate_precompute_G1()

alt_bn128_ate_G1_precomp libff::alt_bn128_ate_precompute_G1 ( const alt_bn128_G1 & P)

Definition at line 290 of file alt_bn128_pairing.cpp.

291{
292 enter_block("Call to alt_bn128_ate_precompute_G1");
293
294 alt_bn128_G1 Pcopy = P;
295 Pcopy.to_affine_coordinates();
296
297 alt_bn128_ate_G1_precomp result;
298 result.PX = Pcopy.X;
299 result.PY = Pcopy.Y;
300
301 leave_block("Call to alt_bn128_ate_precompute_G1");
302 return result;
303}
libff::alt_bn128_G1
Definition alt_bn128_g1.hpp:21
libff::alt_bn128_G1::X
alt_bn128_Fq X
Definition alt_bn128_g1.hpp:36
libff::alt_bn128_G1::Y
alt_bn128_Fq Y
Definition alt_bn128_g1.hpp:36
libff::alt_bn128_G1::to_affine_coordinates
void to_affine_coordinates()
Definition alt_bn128_g1.cpp:64
Here is the call graph for this function:
Here is the caller graph for this function:

◆ alt_bn128_ate_precompute_G2()

alt_bn128_ate_G2_precomp libff::alt_bn128_ate_precompute_G2 ( const alt_bn128_G2 & Q)

Definition at line 305 of file alt_bn128_pairing.cpp.

306{
307 enter_block("Call to alt_bn128_ate_precompute_G2");
308
309 alt_bn128_G2 Qcopy(Q);
310 Qcopy.to_affine_coordinates();
311
312 alt_bn128_Fq two_inv = (alt_bn128_Fq("2").inverse()); // could add to global params if needed
313
314 alt_bn128_ate_G2_precomp result;
315 result.QX = Qcopy.X;
316 result.QY = Qcopy.Y;
317
318 alt_bn128_G2 R;
319 R.X = Qcopy.X;
320 R.Y = Qcopy.Y;
321 R.Z = alt_bn128_Fq2::one();
322
323 const bigint<alt_bn128_Fr::num_limbs> &loop_count = alt_bn128_ate_loop_count;
324 bool found_one = false;
325 alt_bn128_ate_ell_coeffs c;
326
327 for (long i = loop_count.max_bits(); i >= 0; --i)
328 {
329 const bool bit = loop_count.test_bit(i);
330 if (!found_one)
331 {
332 /* this skips the MSB itself */
333 found_one |= bit;
334 continue;
335 }
336
337 doubling_step_for_flipped_miller_loop(two_inv, R, c);
338 result.coeffs.push_back(c);
339
340 if (bit)
341 {
342 mixed_addition_step_for_flipped_miller_loop(Qcopy, R, c);
343 result.coeffs.push_back(c);
344 }
345 }
346
347 alt_bn128_G2 Q1 = Qcopy.mul_by_q();
348 assert(Q1.Z == alt_bn128_Fq2::one());
349 alt_bn128_G2 Q2 = Q1.mul_by_q();
350 assert(Q2.Z == alt_bn128_Fq2::one());
351
352 if (alt_bn128_ate_is_loop_count_neg)
353 {
354 R.Y = - R.Y;
355 }
356 Q2.Y = - Q2.Y;
357
358 mixed_addition_step_for_flipped_miller_loop(Q1, R, c);
359 result.coeffs.push_back(c);
360
361 mixed_addition_step_for_flipped_miller_loop(Q2, R, c);
362 result.coeffs.push_back(c);
363
364 leave_block("Call to alt_bn128_ate_precompute_G2");
365 return result;
366}
libff::Fp_model< alt_bn128_q_limbs, alt_bn128_modulus_q >
libff::Fp_model::inverse
Fp_model inverse() const
libff::alt_bn128_G2
Definition alt_bn128_g2.hpp:21
libff::alt_bn128_G2::X
alt_bn128_Fq2 X
Definition alt_bn128_g2.hpp:37
libff::mixed_addition_step_for_flipped_miller_loop
void mixed_addition_step_for_flipped_miller_loop(const alt_bn128_G2 base, alt_bn128_G2 &current, alt_bn128_ate_ell_coeffs &c)
Definition alt_bn128_pairing.cpp:267
R
#define R
Here is the call graph for this function:
Here is the caller graph for this function:

◆ alt_bn128_ate_reduced_pairing()

alt_bn128_GT libff::alt_bn128_ate_reduced_pairing ( const alt_bn128_G1 & P,
const alt_bn128_G2 & Q )

Definition at line 501 of file alt_bn128_pairing.cpp.

502{
503 enter_block("Call to alt_bn128_ate_reduced_pairing");
504 const alt_bn128_Fq12 f = alt_bn128_ate_pairing(P, Q);
505 const alt_bn128_GT result = alt_bn128_final_exponentiation(f);
506 leave_block("Call to alt_bn128_ate_reduced_pairing");
507 return result;
508}
libff::alt_bn128_final_exponentiation
alt_bn128_GT alt_bn128_final_exponentiation(const alt_bn128_Fq12 &elt)
Definition alt_bn128_pairing.cpp:226
libff::alt_bn128_ate_pairing
alt_bn128_Fq12 alt_bn128_ate_pairing(const alt_bn128_G1 &P, const alt_bn128_G2 &Q)
Definition alt_bn128_pairing.cpp:491
Here is the call graph for this function:
Here is the caller graph for this function:

◆ alt_bn128_double_miller_loop()

alt_bn128_Fq12 libff::alt_bn128_double_miller_loop ( const alt_bn128_G1_precomp & prec_P1,
const alt_bn128_G2_precomp & prec_Q1,
const alt_bn128_G1_precomp & prec_P2,
const alt_bn128_G2_precomp & prec_Q2 )

Definition at line 528 of file alt_bn128_pairing.cpp.

532{
533 return alt_bn128_ate_double_miller_loop(prec_P1, prec_Q1, prec_P2, prec_Q2);
534}
libff::alt_bn128_ate_double_miller_loop
alt_bn128_Fq12 alt_bn128_ate_double_miller_loop(const alt_bn128_ate_G1_precomp &prec_P1, const alt_bn128_ate_G2_precomp &prec_Q1, const alt_bn128_ate_G1_precomp &prec_P2, const alt_bn128_ate_G2_precomp &prec_Q2)
Definition alt_bn128_pairing.cpp:422
Here is the call graph for this function:
Here is the caller graph for this function:

◆ alt_bn128_exp_by_neg_z()

alt_bn128_Fq12 libff::alt_bn128_exp_by_neg_z ( const alt_bn128_Fq12 & elt)

Definition at line 137 of file alt_bn128_pairing.cpp.

138{
139 enter_block("Call to alt_bn128_exp_by_neg_z");
140
141 alt_bn128_Fq12 result = elt.cyclotomic_exp(alt_bn128_final_exponent_z);
142 if (!alt_bn128_final_exponent_is_z_neg)
143 {
144 result = result.unitary_inverse();
145 }
146
147 leave_block("Call to alt_bn128_exp_by_neg_z");
148
149 return result;
150}
libff::Fp12_2over3over2_model::cyclotomic_exp
Fp12_2over3over2_model cyclotomic_exp(const bigint< m > &exponent) const
Here is the call graph for this function:
Here is the caller graph for this function:

◆ alt_bn128_final_exponentiation()

alt_bn128_GT libff::alt_bn128_final_exponentiation ( const alt_bn128_Fq12 & elt)

Definition at line 226 of file alt_bn128_pairing.cpp.

227{
228 enter_block("Call to alt_bn128_final_exponentiation");
229 /* OLD naive version:
230 alt_bn128_GT result = elt^alt_bn128_final_exponent;
231 */
232 alt_bn128_Fq12 A = alt_bn128_final_exponentiation_first_chunk(elt);
233 alt_bn128_GT result = alt_bn128_final_exponentiation_last_chunk(A);
234
235 leave_block("Call to alt_bn128_final_exponentiation");
236 return result;
237}
libff::alt_bn128_final_exponentiation_last_chunk
alt_bn128_Fq12 alt_bn128_final_exponentiation_last_chunk(const alt_bn128_Fq12 &elt)
Definition alt_bn128_pairing.cpp:152
libff::alt_bn128_final_exponentiation_first_chunk
alt_bn128_Fq12 alt_bn128_final_exponentiation_first_chunk(const alt_bn128_Fq12 &elt)
Definition alt_bn128_pairing.cpp:110
Here is the call graph for this function:
Here is the caller graph for this function:

◆ alt_bn128_final_exponentiation_first_chunk()

alt_bn128_Fq12 libff::alt_bn128_final_exponentiation_first_chunk ( const alt_bn128_Fq12 & elt)

Definition at line 110 of file alt_bn128_pairing.cpp.

111{
112 enter_block("Call to alt_bn128_final_exponentiation_first_chunk");
113
114 /*
115 Computes result = elt^((q^6-1)*(q^2+1)).
116 Follows, e.g., Beuchat et al page 9, by computing result as follows:
117 elt^((q^6-1)*(q^2+1)) = (conj(elt) * elt^(-1))^(q^2+1)
118 More precisely:
119 A = conj(elt)
120 B = elt.inverse()
121 C = A * B
122 D = C.Frobenius_map(2)
123 result = D * C
124 */
125
126 const alt_bn128_Fq12 A = alt_bn128_Fq12(elt.c0,-elt.c1);
127 const alt_bn128_Fq12 B = elt.inverse();
128 const alt_bn128_Fq12 C = A * B;
129 const alt_bn128_Fq12 D = C.Frobenius_map(2);
130 const alt_bn128_Fq12 result = D * C;
131
132 leave_block("Call to alt_bn128_final_exponentiation_first_chunk");
133
134 return result;
135}
libff::Fp12_2over3over2_model::Frobenius_map
Fp12_2over3over2_model Frobenius_map(unsigned long power) const
libff::Fp12_2over3over2_model::inverse
Fp12_2over3over2_model inverse() const
libff::Fp12_2over3over2_model::c0
my_Fp6 c0
Definition fp12_2over3over2.hpp:47
libff::Fp12_2over3over2_model::c1
my_Fp6 c1
Definition fp12_2over3over2.hpp:47
D
#define D(var, file, col, who, lev,...)
Definition debug.h:44
Here is the call graph for this function:
Here is the caller graph for this function:

◆ alt_bn128_final_exponentiation_last_chunk()

alt_bn128_Fq12 libff::alt_bn128_final_exponentiation_last_chunk ( const alt_bn128_Fq12 & elt)

Definition at line 152 of file alt_bn128_pairing.cpp.

153{
154 enter_block("Call to alt_bn128_final_exponentiation_last_chunk");
155
156 /*
157 Follows Laura Fuentes-Castaneda et al. "Faster hashing to G2"
158 by computing:
159
160 result = elt^(q^3 * (12*z^3 + 6z^2 + 4z - 1) +
161 q^2 * (12*z^3 + 6z^2 + 6z) +
162 q * (12*z^3 + 6z^2 + 4z) +
163 1 * (12*z^3 + 12z^2 + 6z + 1))
164 which equals
165
166 result = elt^( 2z * ( 6z^2 + 3z + 1 ) * (q^4 - q^2 + 1)/r ).
167
168 Using the following addition chain:
169
170 A = exp_by_neg_z(elt) // = elt^(-z)
171 B = A^2 // = elt^(-2*z)
172 C = B^2 // = elt^(-4*z)
173 D = C * B // = elt^(-6*z)
174 E = exp_by_neg_z(D) // = elt^(6*z^2)
175 F = E^2 // = elt^(12*z^2)
176 G = epx_by_neg_z(F) // = elt^(-12*z^3)
177 H = conj(D) // = elt^(6*z)
178 I = conj(G) // = elt^(12*z^3)
179 J = I * E // = elt^(12*z^3 + 6*z^2)
180 K = J * H // = elt^(12*z^3 + 6*z^2 + 6*z)
181 L = K * B // = elt^(12*z^3 + 6*z^2 + 4*z)
182 M = K * E // = elt^(12*z^3 + 12*z^2 + 6*z)
183 N = M * elt // = elt^(12*z^3 + 12*z^2 + 6*z + 1)
184 O = L.Frobenius_map(1) // = elt^(q*(12*z^3 + 6*z^2 + 4*z))
185 P = O * N // = elt^(q*(12*z^3 + 6*z^2 + 4*z) * (12*z^3 + 12*z^2 + 6*z + 1))
186 Q = K.Frobenius_map(2) // = elt^(q^2 * (12*z^3 + 6*z^2 + 6*z))
187 R = Q * P // = elt^(q^2 * (12*z^3 + 6*z^2 + 6*z) + q*(12*z^3 + 6*z^2 + 4*z) * (12*z^3 + 12*z^2 + 6*z + 1))
188 S = conj(elt) // = elt^(-1)
189 T = S * L // = elt^(12*z^3 + 6*z^2 + 4*z - 1)
190 U = T.Frobenius_map(3) // = elt^(q^3(12*z^3 + 6*z^2 + 4*z - 1))
191 V = U * R // = elt^(q^3(12*z^3 + 6*z^2 + 4*z - 1) + q^2 * (12*z^3 + 6*z^2 + 6*z) + q*(12*z^3 + 6*z^2 + 4*z) * (12*z^3 + 12*z^2 + 6*z + 1))
192 result = V
193
194 */
195
196 const alt_bn128_Fq12 A = alt_bn128_exp_by_neg_z(elt);
197 const alt_bn128_Fq12 B = A.cyclotomic_squared();
198 const alt_bn128_Fq12 C = B.cyclotomic_squared();
199 const alt_bn128_Fq12 D = C * B;
200 const alt_bn128_Fq12 E = alt_bn128_exp_by_neg_z(D);
201 const alt_bn128_Fq12 F = E.cyclotomic_squared();
202 const alt_bn128_Fq12 G = alt_bn128_exp_by_neg_z(F);
203 const alt_bn128_Fq12 H = D.unitary_inverse();
204 const alt_bn128_Fq12 I = G.unitary_inverse();
205 const alt_bn128_Fq12 J = I * E;
206 const alt_bn128_Fq12 K = J * H;
207 const alt_bn128_Fq12 L = K * B;
208 const alt_bn128_Fq12 M = K * E;
209 const alt_bn128_Fq12 N = M * elt;
210 const alt_bn128_Fq12 O = L.Frobenius_map(1);
211 const alt_bn128_Fq12 P = O * N;
212 const alt_bn128_Fq12 Q = K.Frobenius_map(2);
213 const alt_bn128_Fq12 R = Q * P;
214 const alt_bn128_Fq12 S = elt.unitary_inverse();
215 const alt_bn128_Fq12 T = S * L;
216 const alt_bn128_Fq12 U = T.Frobenius_map(3);
217 const alt_bn128_Fq12 V = U * R;
218
219 const alt_bn128_Fq12 result = V;
220
221 leave_block("Call to alt_bn128_final_exponentiation_last_chunk");
222
223 return result;
224}
libff::Fp12_2over3over2_model::unitary_inverse
Fp12_2over3over2_model unitary_inverse() const
libff::Fp12_2over3over2_model::cyclotomic_squared
Fp12_2over3over2_model cyclotomic_squared() const
K
const uint64 K
Definition make_512.cpp:78
libff::alt_bn128_exp_by_neg_z
alt_bn128_Fq12 alt_bn128_exp_by_neg_z(const alt_bn128_Fq12 &elt)
Definition alt_bn128_pairing.cpp:137
T
#define T(meth, val, expected)
N
const int N
Definition quantize.cpp:54
V
Definition test_zm.cpp:19
U
Definition dtoa.c:306
Here is the call graph for this function:
Here is the caller graph for this function:

◆ alt_bn128_miller_loop()

alt_bn128_Fq12 libff::alt_bn128_miller_loop ( const alt_bn128_G1_precomp & prec_P,
const alt_bn128_G2_precomp & prec_Q )

Definition at line 522 of file alt_bn128_pairing.cpp.

524{
525 return alt_bn128_ate_miller_loop(prec_P, prec_Q);
526}
Here is the call graph for this function:
Here is the caller graph for this function:

◆ alt_bn128_pairing()

alt_bn128_Fq12 libff::alt_bn128_pairing ( const alt_bn128_G1 & P,
const alt_bn128_G2 & Q )

Definition at line 536 of file alt_bn128_pairing.cpp.

538{
539 return alt_bn128_ate_pairing(P, Q);
540}
Here is the call graph for this function:
Here is the caller graph for this function:

◆ alt_bn128_precompute_G1()

alt_bn128_G1_precomp libff::alt_bn128_precompute_G1 ( const alt_bn128_G1 & P)

Definition at line 512 of file alt_bn128_pairing.cpp.

513{
514 return alt_bn128_ate_precompute_G1(P);
515}
Here is the call graph for this function:
Here is the caller graph for this function:

◆ alt_bn128_precompute_G2()

alt_bn128_G2_precomp libff::alt_bn128_precompute_G2 ( const alt_bn128_G2 & Q)

Definition at line 517 of file alt_bn128_pairing.cpp.

518{
519 return alt_bn128_ate_precompute_G2(Q);
520}
Here is the call graph for this function:
Here is the caller graph for this function:

◆ alt_bn128_reduced_pairing()

alt_bn128_GT libff::alt_bn128_reduced_pairing ( const alt_bn128_G1 & P,
const alt_bn128_G2 & Q )

Definition at line 542 of file alt_bn128_pairing.cpp.

544{
545 return alt_bn128_ate_reduced_pairing(P, Q);
546}
libff::alt_bn128_ate_reduced_pairing
alt_bn128_GT alt_bn128_ate_reduced_pairing(const alt_bn128_G1 &P, const alt_bn128_G2 &Q)
Definition alt_bn128_pairing.cpp:501
Here is the call graph for this function:
Here is the caller graph for this function:

◆ batch_exp()

template<typename T , typename FieldT >
std::vector< T > libff::batch_exp ( const size_t scalar_size,
const size_t window,
const window_table< T > & table,
const std::vector< FieldT > & v )

◆ batch_exp_with_coeff()

template<typename T , typename FieldT >
std::vector< T > libff::batch_exp_with_coeff ( const size_t scalar_size,
const size_t window,
const window_table< T > & table,
const FieldT & coeff,
const std::vector< FieldT > & v )

◆ batch_invert()

template<typename FieldT >
void libff::batch_invert ( std::vector< FieldT > & vec)
Here is the caller graph for this function:

◆ batch_to_special()

template<typename T >
void libff::batch_to_special ( std::vector< T > & vec)

◆ bitreverse()

size_t libff::bitreverse ( size_t n,
const size_t l )

Definition at line 60 of file utils.cpp.

61{
62 size_t r = 0;
63 for (size_t k = 0; k < l; ++k)
64 {
65 r = (r << 1) | (n & 1);
66 n >>= 1;
67 }
68 return r;
69}
r
const mie::Vuint & r
Definition bn.cpp:28
l
int l
Definition yubihsm_pkcs11.c:525

◆ bn128_ate_miller_loop()

bn128_Fq12 libff::bn128_ate_miller_loop ( const bn128_ate_G1_precomp & prec_P,
const bn128_ate_G2_precomp & prec_Q )

Definition at line 190 of file bn128_pairing.cpp.

192{
193 bn128_Fq12 f;
194 bn::components::millerLoop(f.elem, prec_Q.coeffs, prec_P.P);
195 return f;
196}
libff::bn128_GT
Definition bn128_gt.hpp:23
bn::components::millerLoop
void millerLoop(Fp12 &f, const std::vector< Fp6 > &Qcoeff, const Fp precP[2])
Definition bn.h:3060
libff::bn128_ate_G1_precomp::P
bn::Fp P[3]
Definition bn128_pairing.hpp:22
libff::bn128_ate_G2_precomp::coeffs
std::vector< bn128_ate_ell_coeffs > coeffs
Definition bn128_pairing.hpp:33
Here is the call graph for this function:
Here is the caller graph for this function:

◆ bn128_ate_precompute_G1()

bn128_ate_G1_precomp libff::bn128_ate_precompute_G1 ( const bn128_G1 & P)

Definition at line 164 of file bn128_pairing.cpp.

165{
166 enter_block("Call to bn128_ate_precompute_G1");
167
168 bn128_ate_G1_precomp result;
169 bn::Fp P_coord[3];
170 P.fill_coord(P_coord);
171 bn::ecop::NormalizeJac(result.P, P_coord);
172
173 leave_block("Call to bn128_ate_precompute_G1");
174 return result;
175}
mie::Fp
Definition zm2.h:18
bn::ecop::NormalizeJac
void NormalizeJac(FF *out, const FF *in)
Definition bn.h:2451
libff::bn128_ate_G1_precomp
Definition bn128_pairing.hpp:21
Here is the call graph for this function:
Here is the caller graph for this function:

◆ bn128_ate_precompute_G2()

bn128_ate_G2_precomp libff::bn128_ate_precompute_G2 ( const bn128_G2 & Q)

Definition at line 177 of file bn128_pairing.cpp.

178{
179 enter_block("Call to bn128_ate_precompute_G2");
180
181 bn128_ate_G2_precomp result;
182 bn::Fp2 Q_coord[3];
183 Q.fill_coord(Q_coord);
184 bn::components::precomputeG2(result.coeffs, result.Q, Q_coord);
185
186 leave_block("Call to bn128_ate_precompute_G2");
187 return result;
188}
libff::bn128_G2::fill_coord
void fill_coord(bn::Fp2 coord[3]) const
Definition bn128_g2.hpp:42
bn::components::precomputeG2
void precomputeG2(std::vector< Fp6 > &coeff, Fp2 Q[3], const Fp2 inQ[3])
Definition bn.h:2997
bn::Fp2T
Definition bn.h:348
libff::bn128_ate_G2_precomp
Definition bn128_pairing.hpp:31
Here is the call graph for this function:
Here is the caller graph for this function:

◆ bn128_double_ate_miller_loop()

bn128_Fq12 libff::bn128_double_ate_miller_loop ( const bn128_ate_G1_precomp & prec_P1,
const bn128_ate_G2_precomp & prec_Q1,
const bn128_ate_G1_precomp & prec_P2,
const bn128_ate_G2_precomp & prec_Q2 )

Definition at line 198 of file bn128_pairing.cpp.

202{
203 bn128_Fq12 f;
204 bn::components::millerLoop2(f.elem, prec_Q1.coeffs, prec_P1.P, prec_Q2.coeffs, prec_P2.P);
205 return f;
206}
bn::components::millerLoop2
void millerLoop2(Fp12 &f, const std::vector< Fp6 > &Q1coeff, const Fp precP1[2], const std::vector< Fp6 > &Q2coeff, const Fp precP2[2])
Definition bn.h:3108
Here is the call graph for this function:
Here is the caller graph for this function:

◆ bn128_final_exponentiation()

bn128_GT libff::bn128_final_exponentiation ( const bn128_Fq12 & elt)

Definition at line 208 of file bn128_pairing.cpp.

209{
210 enter_block("Call to bn128_final_exponentiation");
211 bn128_GT eltcopy = elt;
212 eltcopy.elem.final_exp();
213 leave_block("Call to bn128_final_exponentiation");
214 return eltcopy;
215}
libff::bn128_GT::elem
bn::Fp12 elem
Definition bn128_gt.hpp:26
bn::Fp12T::final_exp
void final_exp()
Definition bn.h:1776
Here is the call graph for this function:
Here is the caller graph for this function:

◆ bn_batch_invert()

template<typename FieldT >
void libff::bn_batch_invert ( std::vector< FieldT > & vec)
Here is the caller graph for this function:

◆ clear_profiling_counters()

void libff::clear_profiling_counters ( )

Definition at line 98 of file profiling.cpp.

99{
100 invocation_counts.clear();
101 last_times.clear();
102 last_cpu_times.clear();
103 cumulative_times.clear();
104}
libff::invocation_counts
std::map< std::string, size_t > invocation_counts
Definition profiling.cpp:64
libff::last_cpu_times
std::map< std::string, long long > last_cpu_times
Definition profiling.cpp:70
libff::cumulative_times
std::map< std::string, long long > cumulative_times
Definition profiling.cpp:67
libff::last_times
std::map< std::string, long long > last_times
Definition profiling.cpp:66

◆ consume_newline()

void libff::consume_newline ( std::istream & in)
inline
Here is the caller graph for this function:

◆ consume_OUTPUT_NEWLINE()

void libff::consume_OUTPUT_NEWLINE ( std::istream & in)
inline
Here is the caller graph for this function:

◆ consume_OUTPUT_SEPARATOR()

void libff::consume_OUTPUT_SEPARATOR ( std::istream & in)
inline

◆ convert_bit_vector_to_field_element()

template<typename FieldT >
FieldT libff::convert_bit_vector_to_field_element ( const bit_vector & v)

◆ convert_bit_vector_to_field_element_vector()

template<typename FieldT >
std::vector< FieldT > libff::convert_bit_vector_to_field_element_vector ( const bit_vector & v)

◆ convert_field_element_to_bit_vector() [1/2]

template<typename FieldT >
bit_vector libff::convert_field_element_to_bit_vector ( const FieldT & el)

◆ convert_field_element_to_bit_vector() [2/2]

template<typename FieldT >
bit_vector libff::convert_field_element_to_bit_vector ( const FieldT & el,
const size_t bitcount )

◆ convert_field_element_vector_to_bit_vector()

template<typename FieldT >
bit_vector libff::convert_field_element_vector_to_bit_vector ( const std::vector< FieldT > & v)

◆ deserialize_bit_vector()

void libff::deserialize_bit_vector ( std::istream & in,
bit_vector & v )

Definition at line 117 of file utils.cpp.

118{
119 size_t size;
120 in >> size;
121 v.resize(size);
122 for (size_t i = 0; i < size; ++i)
123 {
124 bool b;
125 in >> b;
126 v[i] = b;
127 }
128}

◆ div_ceil()

long long libff::div_ceil ( long long x,
long long y )

Definition at line 84 of file utils.cpp.

85{
86 return (x + (y-1)) / y;
87}

◆ doubling_step_for_flipped_miller_loop() [1/4]

void libff::doubling_step_for_flipped_miller_loop ( const alt_bn128_Fq two_inv,
alt_bn128_G2 & current,
alt_bn128_ate_ell_coeffs & c )

Definition at line 241 of file alt_bn128_pairing.cpp.

244{
245 const alt_bn128_Fq2 X = current.X, Y = current.Y, Z = current.Z;
246
247 const alt_bn128_Fq2 A = two_inv * (X * Y); // A = X1 * Y1 / 2
248 const alt_bn128_Fq2 B = Y.squared(); // B = Y1^2
249 const alt_bn128_Fq2 C = Z.squared(); // C = Z1^2
250 const alt_bn128_Fq2 D = C+C+C; // D = 3 * C
251 const alt_bn128_Fq2 E = alt_bn128_twist_coeff_b * D; // E = twist_b * D
252 const alt_bn128_Fq2 F = E+E+E; // F = 3 * E
253 const alt_bn128_Fq2 G = two_inv * (B+F); // G = (B+F)/2
254 const alt_bn128_Fq2 H = (Y+Z).squared() - (B+C); // H = (Y1+Z1)^2-(B+C)
255 const alt_bn128_Fq2 I = E-B; // I = E-B
256 const alt_bn128_Fq2 J = X.squared(); // J = X1^2
257 const alt_bn128_Fq2 E_squared = E.squared(); // E_squared = E^2
258
259 current.X = A * (B-F); // X3 = A * (B-F)
260 current.Y = G.squared() - (E_squared+E_squared+E_squared); // Y3 = G^2 - 3*E^2
261 current.Z = B * H; // Z3 = B * H
262 c.ell_0 = alt_bn128_twist * I; // ell_0 = xi * I
263 c.ell_VW = -H; // ell_VW = - H (later: * yP)
264 c.ell_VV = J+J+J; // ell_VV = 3*J (later: * xP)
265}
libff::Fp2_model< alt_bn128_q_limbs, alt_bn128_modulus_q >
libff::Fp2_model::squared
Fp2_model squared() const
libff::alt_bn128_twist
alt_bn128_Fq2 alt_bn128_twist
Definition alt_bn128_init.cpp:18
libff::alt_bn128_twist_coeff_b
alt_bn128_Fq2 alt_bn128_twist_coeff_b
Definition alt_bn128_init.cpp:19
XT
Definition lib.h:43
Here is the call graph for this function:
Here is the caller graph for this function:

◆ doubling_step_for_flipped_miller_loop() [2/4]

void libff::doubling_step_for_flipped_miller_loop ( extended_edwards_G2_projective & current,
edwards_Fq3_conic_coefficients & cc )

Definition at line 471 of file edwards_pairing.cpp.

473{
474 const edwards_Fq3 &X = current.X, &Y = current.Y, &Z = current.Z, &T = current.T;
475 const edwards_Fq3 A = X.squared(); // A = X1^2
476 const edwards_Fq3 B = Y.squared(); // B = Y1^2
477 const edwards_Fq3 C = Z.squared(); // C = Z1^2
478 const edwards_Fq3 D = (X+Y).squared(); // D = (X1+Y1)^2
479 const edwards_Fq3 E = (Y+Z).squared(); // E = (Y1+Z1)^2
480 const edwards_Fq3 F = D-(A+B); // F = D-(A+B)
481 const edwards_Fq3 G = E-(B+C); // G = E-(B+C)
482 const edwards_Fq3 H = edwards_G2::mul_by_a(A); // edwards_param_twist_coeff_a is 1 * X for us
483 // H = twisted_a * A
484 const edwards_Fq3 I = H+B; // I = H+B
485 const edwards_Fq3 J = C-I; // J = C-I
486 const edwards_Fq3 K = J+C; // K = J+C
487
488 cc.c_ZZ = Y*(T-X); // c_ZZ = 2*Y1*(T1-X1)
489 cc.c_ZZ = cc.c_ZZ + cc.c_ZZ;
490
491 // c_XY = 2*(C-edwards_a * A * delta_3-B)+G (edwards_a = 1 for us)
492 cc.c_XY = C - edwards_G2::mul_by_a(A) - B; // edwards_param_twist_coeff_a is 1 * X for us
493 cc.c_XY = cc.c_XY + cc.c_XY + G;
494
495 // c_XZ = 2*(edwards_a*X1*T1*delta_3-B) (edwards_a = 1 for us)
496 cc.c_XZ = edwards_G2::mul_by_a(X * T) - B; // edwards_param_twist_coeff_a is 1 * X for us
497 cc.c_XZ = cc.c_XZ + cc.c_XZ;
498
499 current.X = F*K; // X3 = F*K
500 current.Y = I*(B-H); // Y3 = I*(B-H)
501 current.Z = I*K; // Z3 = I*K
502 current.T = F*(B-H); // T3 = F*(B-H)
503#ifdef DEBUG
504 current.test_invariant();
505#endif
506}
libff::Fp3_model< edwards_q_limbs, edwards_modulus_q >
libff::Fp3_model::squared
Fp3_model squared() const
X
XT< 0 > X
Definition lib.h:50
libff::edwards_Fq3_conic_coefficients::c_XZ
edwards_Fq3 c_XZ
Definition edwards_pairing.hpp:64
libff::edwards_Fq3_conic_coefficients::c_XY
edwards_Fq3 c_XY
Definition edwards_pairing.hpp:63
libff::edwards_Fq3_conic_coefficients::c_ZZ
edwards_Fq3 c_ZZ
Definition edwards_pairing.hpp:62
Here is the call graph for this function:

◆ doubling_step_for_flipped_miller_loop() [3/4]

void libff::doubling_step_for_flipped_miller_loop ( extended_mnt4_G2_projective & current,
mnt4_ate_dbl_coeffs & dc )

Definition at line 410 of file mnt4_pairing.cpp.

412{
413 const mnt4_Fq2 X = current.X, Y = current.Y, Z = current.Z, T = current.T;
414
415 const mnt4_Fq2 A = T.squared(); // A = T1^2
416 const mnt4_Fq2 B = X.squared(); // B = X1^2
417 const mnt4_Fq2 C = Y.squared(); // C = Y1^2
418 const mnt4_Fq2 D = C.squared(); // D = C^2
419 const mnt4_Fq2 E = (X+C).squared() - B - D; // E = (X1+C)^2-B-D
420 const mnt4_Fq2 F = (B+B+B) + mnt4_twist_coeff_a * A; // F = 3*B + a *A
421 const mnt4_Fq2 G = F.squared(); // G = F^2
422
423 current.X = -(E+E+E+E) + G; // X3 = -4*E+G
424 current.Y = -mnt4_Fq("8")*D + F*(E+E-current.X); // Y3 = -8*D+F*(2*E-X3)
425 current.Z = (Y+Z).squared() - C - Z.squared(); // Z3 = (Y1+Z1)^2-C-Z1^2
426 current.T = current.Z.squared(); // T3 = Z3^2
427
428 dc.c_H = (current.Z + T).squared() - current.T - A; // H = (Z3+T1)^2-T3-A
429 dc.c_4C = C+C+C+C; // fourC = 4*C
430 dc.c_J = (F+T).squared() - G - A; // J = (F+T1)^2-G-A
431 dc.c_L = (F+X).squared() - G - B; // L = (F+X1)^2-G-B
432
433#ifdef DEBUG
434 current.test_invariant();
435#endif
436}
libff::mnt4_ate_dbl_coeffs::c_4C
mnt4_Fq2 c_4C
Definition mnt4_pairing.hpp:73
libff::mnt4_ate_dbl_coeffs::c_H
mnt4_Fq2 c_H
Definition mnt4_pairing.hpp:72
libff::mnt4_ate_dbl_coeffs::c_L
mnt4_Fq2 c_L
Definition mnt4_pairing.hpp:75
libff::mnt4_ate_dbl_coeffs::c_J
mnt4_Fq2 c_J
Definition mnt4_pairing.hpp:74
A
#define A
Here is the call graph for this function:

◆ doubling_step_for_flipped_miller_loop() [4/4]

void libff::doubling_step_for_flipped_miller_loop ( extended_mnt6_G2_projective & current,
mnt6_ate_dbl_coeffs & dc )

Definition at line 416 of file mnt6_pairing.cpp.

418{
419 const mnt6_Fq3 X = current.X, Y = current.Y, Z = current.Z, T = current.T;
420
421 const mnt6_Fq3 A = T.squared(); // A = T1^2
422 const mnt6_Fq3 B = X.squared(); // B = X1^2
423 const mnt6_Fq3 C = Y.squared(); // C = Y1^2
424 const mnt6_Fq3 D = C.squared(); // D = C^2
425 const mnt6_Fq3 E = (X+C).squared() - B - D; // E = (X1+C)^2-B-D
426 const mnt6_Fq3 F = (B+B+B) + mnt6_twist_coeff_a * A; // F = 3*B + a *A
427 const mnt6_Fq3 G = F.squared(); // G = F^2
428
429 current.X = -(E+E+E+E) + G; // X3 = -4*E+G
430 current.Y = -mnt6_Fq("8")*D + F*(E+E-current.X); // Y3 = -8*D+F*(2*E-X3)
431 current.Z = (Y+Z).squared() - C - Z.squared(); // Z3 = (Y1+Z1)^2-C-Z1^2
432 current.T = current.Z.squared(); // T3 = Z3^2
433
434 dc.c_H = (current.Z + T).squared() - current.T - A; // H = (Z3+T1)^2-T3-A
435 dc.c_4C = C+C+C+C; // fourC = 4*C
436 dc.c_J = (F+T).squared() - G - A; // J = (F+T1)^2-G-A
437 dc.c_L = (F+X).squared() - G - B; // L = (F+X1)^2-G-B
438
439#ifdef DEBUG
440 current.test_invariant();
441#endif
442}
libff::mnt6_ate_dbl_coeffs::c_H
mnt6_Fq3 c_H
Definition mnt6_pairing.hpp:72
libff::mnt6_ate_dbl_coeffs::c_4C
mnt6_Fq3 c_4C
Definition mnt6_pairing.hpp:73
libff::mnt6_ate_dbl_coeffs::c_J
mnt6_Fq3 c_J
Definition mnt6_pairing.hpp:74
libff::mnt6_ate_dbl_coeffs::c_L
mnt6_Fq3 c_L
Definition mnt6_pairing.hpp:75
Here is the call graph for this function:

◆ doubling_step_for_miller_loop()

void libff::doubling_step_for_miller_loop ( extended_edwards_G1_projective & current,
edwards_Fq_conic_coefficients & cc )

Definition at line 253 of file edwards_pairing.cpp.

255{
256 const edwards_Fq &X = current.X, &Y = current.Y, &Z = current.Z, &T = current.T;
257 const edwards_Fq A = X.squared(); // A = X1^2
258 const edwards_Fq B = Y.squared(); // B = Y1^2
259 const edwards_Fq C = Z.squared(); // C = Z1^2
260 const edwards_Fq D = (X+Y).squared(); // D = (X1+Y1)^2
261 const edwards_Fq E = (Y+Z).squared(); // E = (Y1+Z1)^2
262 const edwards_Fq F = D-(A+B); // F = D-(A+B)
263 const edwards_Fq G = E-(B+C); // G = E-(B+C)
264 const edwards_Fq &H = A; // H = A (edwards_a=1)
265 const edwards_Fq I = H+B; // I = H+B
266 const edwards_Fq J = C-I; // J = C-I
267 const edwards_Fq K = J+C; // K = J+C
268
269 cc.c_ZZ = Y*(T-X); // c_ZZ = 2*Y1*(T1-X1)
270 cc.c_ZZ = cc.c_ZZ + cc.c_ZZ;
271
272 cc.c_XY = J+J+G; // c_XY = 2*J+G
273 cc.c_XZ = X*T-B; // c_XZ = 2*(X1*T1-B) (edwards_a=1)
274 cc.c_XZ = cc.c_XZ + cc.c_XZ;
275
276 current.X = F*K; // X3 = F*K
277 current.Y = I*(B-H); // Y3 = I*(B-H)
278 current.Z = I*K; // Z3 = I*K
279 current.T = F*(B-H); // T3 = F*(B-H)
280
281#ifdef DEBUG
282 current.test_invariant();
283#endif
284}
libff::Fp_model::squared
Fp_model squared() const
libff::edwards_Fq_conic_coefficients::c_XZ
edwards_Fq c_XZ
Definition edwards_pairing.hpp:29
libff::edwards_Fq_conic_coefficients::c_ZZ
edwards_Fq c_ZZ
Definition edwards_pairing.hpp:27
libff::edwards_Fq_conic_coefficients::c_XY
edwards_Fq c_XY
Definition edwards_pairing.hpp:28
Here is the call graph for this function:
Here is the caller graph for this function:

◆ edwards_ate_double_miller_loop()

edwards_Fq6 libff::edwards_ate_double_miller_loop ( const edwards_ate_G1_precomp & prec_P1,
const edwards_ate_G2_precomp & prec_Q1,
const edwards_ate_G1_precomp & prec_P2,
const edwards_ate_G2_precomp & prec_Q2 )

Definition at line 669 of file edwards_pairing.cpp.

673{
674 enter_block("Call to edwards_ate_double_miller_loop");
675 const bigint<edwards_Fr::num_limbs> &loop_count = edwards_ate_loop_count;
676
677 edwards_Fq6 f = edwards_Fq6::one();
678
679 bool found_one = false;
680 size_t idx = 0;
681 for (long i = loop_count.max_bits()-1; i >= 0; --i)
682 {
683 const bool bit = loop_count.test_bit(i);
684 if (!found_one)
685 {
686 /* this skips the MSB itself */
687 found_one |= bit;
688 continue;
689 }
690
691 /* code below gets executed for all bits (EXCEPT the MSB itself) of
692 edwards_param_p (skipping leading zeros) in MSB to LSB
693 order */
694 edwards_Fq3_conic_coefficients cc1 = prec_Q1[idx];
695 edwards_Fq3_conic_coefficients cc2 = prec_Q2[idx];
696 ++idx;
697
698 edwards_Fq6 g_RR_at_P1 = edwards_Fq6(prec_P1.P_XY * cc1.c_XY + prec_P1.P_XZ * cc1.c_XZ,
699 prec_P1.P_ZZplusYZ * cc1.c_ZZ);
700
701 edwards_Fq6 g_RR_at_P2 = edwards_Fq6(prec_P2.P_XY * cc2.c_XY + prec_P2.P_XZ * cc2.c_XZ,
702 prec_P2.P_ZZplusYZ * cc2.c_ZZ);
703 f = f.squared() * g_RR_at_P1 * g_RR_at_P2;
704
705 if (bit)
706 {
707 cc1 = prec_Q1[idx];
708 cc2 = prec_Q2[idx];
709 ++idx;
710 edwards_Fq6 g_RQ_at_P1 = edwards_Fq6(prec_P1.P_ZZplusYZ * cc1.c_ZZ,
711 prec_P1.P_XY * cc1.c_XY + prec_P1.P_XZ * cc1.c_XZ);
712 edwards_Fq6 g_RQ_at_P2 = edwards_Fq6(prec_P2.P_ZZplusYZ * cc2.c_ZZ,
713 prec_P2.P_XY * cc2.c_XY + prec_P2.P_XZ * cc2.c_XZ);
714 f = f * g_RQ_at_P1 * g_RQ_at_P2;
715 }
716 }
717 leave_block("Call to edwards_ate_double_miller_loop");
718
719 return f;
720}
libff::Fp6_2over3_model
Definition fp6_2over3.hpp:36
libff::edwards_ate_loop_count
bigint< edwards_q_limbs > edwards_ate_loop_count
Definition edwards_init.cpp:31
libff::edwards_ate_G1_precomp::P_XZ
edwards_Fq P_XZ
Definition edwards_pairing.hpp:77
libff::edwards_ate_G1_precomp::P_ZZplusYZ
edwards_Fq P_ZZplusYZ
Definition edwards_pairing.hpp:78
libff::edwards_ate_G1_precomp::P_XY
edwards_Fq P_XY
Definition edwards_pairing.hpp:76
Here is the call graph for this function:
Here is the caller graph for this function:

◆ edwards_ate_miller_loop()

edwards_Fq6 libff::edwards_ate_miller_loop ( const edwards_ate_G1_precomp & prec_P,
const edwards_ate_G2_precomp & prec_Q )

Definition at line 628 of file edwards_pairing.cpp.

630{
631 enter_block("Call to edwards_ate_miller_loop");
632 const bigint<edwards_Fr::num_limbs> &loop_count = edwards_ate_loop_count;
633
634 edwards_Fq6 f = edwards_Fq6::one();
635
636 bool found_one = false;
637 size_t idx = 0;
638 for (long i = loop_count.max_bits()-1; i >= 0; --i)
639 {
640 const bool bit = loop_count.test_bit(i);
641 if (!found_one)
642 {
643 /* this skips the MSB itself */
644 found_one |= bit;
645 continue;
646 }
647
648 /* code below gets executed for all bits (EXCEPT the MSB itself) of
649 edwards_param_p (skipping leading zeros) in MSB to LSB
650 order */
651 edwards_Fq3_conic_coefficients cc = prec_Q[idx++];
652
653 edwards_Fq6 g_RR_at_P = edwards_Fq6(prec_P.P_XY * cc.c_XY + prec_P.P_XZ * cc.c_XZ,
654 prec_P.P_ZZplusYZ * cc.c_ZZ);
655 f = f.squared() * g_RR_at_P;
656 if (bit)
657 {
658 cc = prec_Q[idx++];
659 edwards_Fq6 g_RQ_at_P = edwards_Fq6(prec_P.P_ZZplusYZ * cc.c_ZZ,
660 prec_P.P_XY * cc.c_XY + prec_P.P_XZ * cc.c_XZ);
661 f = f * g_RQ_at_P;
662 }
663 }
664 leave_block("Call to edwards_ate_miller_loop");
665
666 return f;
667}
Here is the call graph for this function:
Here is the caller graph for this function:

◆ edwards_ate_pairing()

edwards_Fq6 libff::edwards_ate_pairing ( const edwards_G1 & P,
const edwards_G2 & Q )

Definition at line 722 of file edwards_pairing.cpp.

723{
724 enter_block("Call to edwards_ate_pairing");
725 edwards_ate_G1_precomp prec_P = edwards_ate_precompute_G1(P);
726 edwards_ate_G2_precomp prec_Q = edwards_ate_precompute_G2(Q);
727 edwards_Fq6 result = edwards_ate_miller_loop(prec_P, prec_Q);
728 leave_block("Call to edwards_ate_pairing");
729 return result;
730}
libff::edwards_ate_miller_loop
edwards_Fq6 edwards_ate_miller_loop(const edwards_ate_G1_precomp &prec_P, const edwards_ate_G2_precomp &prec_Q)
Definition edwards_pairing.cpp:628
libff::edwards_ate_precompute_G2
edwards_ate_G2_precomp edwards_ate_precompute_G2(const edwards_G2 &Q)
Definition edwards_pairing.cpp:586
libff::edwards_ate_precompute_G1
edwards_ate_G1_precomp edwards_ate_precompute_G1(const edwards_G1 &P)
Definition edwards_pairing.cpp:573
libff::edwards_ate_G2_precomp
std::vector< edwards_Fq3_conic_coefficients > edwards_ate_G2_precomp
Definition edwards_pairing.hpp:70
libff::edwards_ate_G1_precomp
Definition edwards_pairing.hpp:75
Here is the call graph for this function:
Here is the caller graph for this function:

◆ edwards_ate_precompute_G1()

edwards_ate_G1_precomp libff::edwards_ate_precompute_G1 ( const edwards_G1 & P)

Definition at line 573 of file edwards_pairing.cpp.

574{
575 enter_block("Call to edwards_ate_precompute_G1");
576 edwards_G1 Pcopy = P;
577 Pcopy.to_affine_coordinates();
578 edwards_ate_G1_precomp result;
579 result.P_XY = Pcopy.X*Pcopy.Y;
580 result.P_XZ = Pcopy.X; // P.X * P.Z but P.Z = 1
581 result.P_ZZplusYZ = (edwards_Fq::one() + Pcopy.Y); // (P.Z + P.Y) * P.Z but P.Z = 1
582 leave_block("Call to edwards_ate_precompute_G1");
583 return result;
584}
libff::edwards_G1
Definition edwards_g1.hpp:21
libff::edwards_G1::Y
edwards_Fq Y
Definition edwards_g1.hpp:33
libff::edwards_G1::to_affine_coordinates
void to_affine_coordinates()
Definition edwards_g1.cpp:64
libff::edwards_G1::X
edwards_Fq X
Definition edwards_g1.hpp:33
Here is the call graph for this function:
Here is the caller graph for this function:

◆ edwards_ate_precompute_G2()

edwards_ate_G2_precomp libff::edwards_ate_precompute_G2 ( const edwards_G2 & Q)

Definition at line 586 of file edwards_pairing.cpp.

587{
588 enter_block("Call to edwards_ate_precompute_G2");
589 const bigint<edwards_Fr::num_limbs> &loop_count = edwards_ate_loop_count;
590 edwards_ate_G2_precomp result;
591
592 edwards_G2 Qcopy(Q);
593 Qcopy.to_affine_coordinates();
594
595 extended_edwards_G2_projective Q_ext;
596 Q_ext.X = Qcopy.X;
597 Q_ext.Y = Qcopy.Y;
598 Q_ext.Z = Qcopy.Z;
599 Q_ext.T = Qcopy.X*Qcopy.Y;
600
601 extended_edwards_G2_projective R = Q_ext;
602
603 bool found_one = false;
604 for (long i = loop_count.max_bits()-1; i >= 0; --i)
605 {
606 const bool bit = loop_count.test_bit(i);
607 if (!found_one)
608 {
609 /* this skips the MSB itself */
610 found_one |= bit;
611 continue;
612 }
613
614 edwards_Fq3_conic_coefficients cc;
615 doubling_step_for_flipped_miller_loop(R, cc);
616 result.push_back(cc);
617 if (bit)
618 {
619 mixed_addition_step_for_flipped_miller_loop(Q_ext, R, cc);
620 result.push_back(cc);
621 }
622 }
623
624 leave_block("Call to edwards_ate_precompute_G2");
625 return result;
626}
libff::edwards_G2
Definition edwards_g2.hpp:22
libff::extended_edwards_G2_projective
Definition edwards_pairing.cpp:450
libff::extended_edwards_G2_projective::X
edwards_Fq3 X
Definition edwards_pairing.cpp:451
libff::extended_edwards_G2_projective::T
edwards_Fq3 T
Definition edwards_pairing.cpp:454
libff::extended_edwards_G2_projective::Z
edwards_Fq3 Z
Definition edwards_pairing.cpp:453
libff::extended_edwards_G2_projective::Y
edwards_Fq3 Y
Definition edwards_pairing.cpp:452
Here is the call graph for this function:
Here is the caller graph for this function:

◆ edwards_ate_reduced_pairing()

edwards_GT libff::edwards_ate_reduced_pairing ( const edwards_G1 & P,
const edwards_G2 & Q )

Definition at line 732 of file edwards_pairing.cpp.

733{
734 enter_block("Call to edwards_ate_reduced_pairing");
735 const edwards_Fq6 f = edwards_ate_pairing(P, Q);
736 const edwards_GT result = edwards_final_exponentiation(f);
737 leave_block("Call to edwards_ate_reduced_pairing");
738 return result;
739}
libff::edwards_final_exponentiation
edwards_GT edwards_final_exponentiation(const edwards_Fq6 &elt)
Definition edwards_pairing.cpp:207
libff::edwards_ate_pairing
edwards_Fq6 edwards_ate_pairing(const edwards_G1 &P, const edwards_G2 &Q)
Definition edwards_pairing.cpp:722
Here is the call graph for this function:
Here is the caller graph for this function:

◆ edwards_double_miller_loop()

edwards_Fq6 libff::edwards_double_miller_loop ( const edwards_G1_precomp & prec_P1,
const edwards_G2_precomp & prec_Q1,
const edwards_G1_precomp & prec_P2,
const edwards_G2_precomp & prec_Q2 )

Definition at line 757 of file edwards_pairing.cpp.

761{
762 return edwards_ate_double_miller_loop(prec_P1, prec_Q1, prec_P2, prec_Q2);
763}
libff::edwards_ate_double_miller_loop
edwards_Fq6 edwards_ate_double_miller_loop(const edwards_ate_G1_precomp &prec_P1, const edwards_ate_G2_precomp &prec_Q1, const edwards_ate_G1_precomp &prec_P2, const edwards_ate_G2_precomp &prec_Q2)
Definition edwards_pairing.cpp:669
Here is the call graph for this function:
Here is the caller graph for this function:

◆ edwards_final_exponentiation()

edwards_GT libff::edwards_final_exponentiation ( const edwards_Fq6 & elt)

Definition at line 207 of file edwards_pairing.cpp.

208{
209 enter_block("Call to edwards_final_exponentiation");
210 const edwards_Fq6 elt_inv = elt.inverse();
211 const edwards_Fq6 elt_to_first_chunk = edwards_final_exponentiation_first_chunk(elt, elt_inv);
212 const edwards_Fq6 elt_inv_to_first_chunk = edwards_final_exponentiation_first_chunk(elt_inv, elt);
213 edwards_GT result = edwards_final_exponentiation_last_chunk(elt_to_first_chunk, elt_inv_to_first_chunk);
214 leave_block("Call to edwards_final_exponentiation");
215
216 return result;
217}
libff::Fp6_2over3_model::inverse
Fp6_2over3_model inverse() const
libff::edwards_final_exponentiation_first_chunk
edwards_Fq6 edwards_final_exponentiation_first_chunk(const edwards_Fq6 &elt, const edwards_Fq6 &elt_inv)
Definition edwards_pairing.cpp:189
libff::edwards_final_exponentiation_last_chunk
edwards_Fq6 edwards_final_exponentiation_last_chunk(const edwards_Fq6 &elt, const edwards_Fq6 &elt_inv)
Definition edwards_pairing.cpp:171
Here is the call graph for this function:
Here is the caller graph for this function:

◆ edwards_final_exponentiation_first_chunk()

edwards_Fq6 libff::edwards_final_exponentiation_first_chunk ( const edwards_Fq6 & elt,
const edwards_Fq6 & elt_inv )

Definition at line 189 of file edwards_pairing.cpp.

190{
191 enter_block("Call to edwards_final_exponentiation_first_chunk");
192
193 /* (q^3-1)*(q+1) */
194
195 /* elt_q3 = elt^(q^3) */
196 const edwards_Fq6 elt_q3 = elt.Frobenius_map(3);
197 /* elt_q3_over_elt = elt^(q^3-1) */
198 const edwards_Fq6 elt_q3_over_elt = elt_q3 * elt_inv;
199 /* alpha = elt^((q^3-1) * q) */
200 const edwards_Fq6 alpha = elt_q3_over_elt.Frobenius_map(1);
201 /* beta = elt^((q^3-1)*(q+1) */
202 const edwards_Fq6 beta = alpha * elt_q3_over_elt;
203 leave_block("Call to edwards_final_exponentiation_first_chunk");
204 return beta;
205}
libff::Fp6_2over3_model::Frobenius_map
Fp6_2over3_model Frobenius_map(unsigned long power) const
Here is the call graph for this function:
Here is the caller graph for this function:

◆ edwards_final_exponentiation_last_chunk()

edwards_Fq6 libff::edwards_final_exponentiation_last_chunk ( const edwards_Fq6 & elt,
const edwards_Fq6 & elt_inv )

Definition at line 171 of file edwards_pairing.cpp.

172{
173 enter_block("Call to edwards_final_exponentiation_last_chunk");
174 const edwards_Fq6 elt_q = elt.Frobenius_map(1);
175 edwards_Fq6 w1_part = elt_q.cyclotomic_exp(edwards_final_exponent_last_chunk_w1);
176 edwards_Fq6 w0_part;
177 if (edwards_final_exponent_last_chunk_is_w0_neg)
178 {
179 w0_part = elt_inv.cyclotomic_exp(edwards_final_exponent_last_chunk_abs_of_w0);
180 } else {
181 w0_part = elt.cyclotomic_exp(edwards_final_exponent_last_chunk_abs_of_w0);
182 }
183 edwards_Fq6 result = w1_part * w0_part;
184 leave_block("Call to edwards_final_exponentiation_last_chunk");
185
186 return result;
187}
libff::Fp6_2over3_model::cyclotomic_exp
Fp6_2over3_model cyclotomic_exp(const bigint< m > &exponent) const
libff::edwards_Fq6
Fp6_2over3_model< edwards_q_limbs, edwards_modulus_q > edwards_Fq6
Definition edwards_init.hpp:29
Here is the call graph for this function:
Here is the caller graph for this function:

◆ edwards_miller_loop()

edwards_Fq6 libff::edwards_miller_loop ( const edwards_G1_precomp & prec_P,
const edwards_G2_precomp & prec_Q )

Definition at line 751 of file edwards_pairing.cpp.

753{
754 return edwards_ate_miller_loop(prec_P, prec_Q);
755}
Here is the call graph for this function:
Here is the caller graph for this function:

◆ edwards_pairing()

edwards_Fq6 libff::edwards_pairing ( const edwards_G1 & P,
const edwards_G2 & Q )

Definition at line 765 of file edwards_pairing.cpp.

767{
768 return edwards_ate_pairing(P, Q);
769}
Here is the call graph for this function:
Here is the caller graph for this function:

◆ edwards_precompute_G1()

edwards_G1_precomp libff::edwards_precompute_G1 ( const edwards_G1 & P)

Definition at line 741 of file edwards_pairing.cpp.

742{
743 return edwards_ate_precompute_G1(P);
744}
Here is the call graph for this function:
Here is the caller graph for this function:

◆ edwards_precompute_G2()

edwards_G2_precomp libff::edwards_precompute_G2 ( const edwards_G2 & Q)

Definition at line 746 of file edwards_pairing.cpp.

747{
748 return edwards_ate_precompute_G2(Q);
749}
Here is the call graph for this function:
Here is the caller graph for this function:

◆ edwards_reduced_pairing()

edwards_GT libff::edwards_reduced_pairing ( const edwards_G1 & P,
const edwards_G2 & Q )

Definition at line 771 of file edwards_pairing.cpp.

773{
774 return edwards_ate_reduced_pairing(P, Q);
775}
libff::edwards_ate_reduced_pairing
edwards_GT edwards_ate_reduced_pairing(const edwards_G1 &P, const edwards_G2 &Q)
Definition edwards_pairing.cpp:732
Here is the call graph for this function:
Here is the caller graph for this function:

◆ edwards_tate_miller_loop()

edwards_Fq6 libff::edwards_tate_miller_loop ( const edwards_tate_G1_precomp & prec_P,
const edwards_tate_G2_precomp & prec_Q )

Definition at line 391 of file edwards_pairing.cpp.

393{
394 enter_block("Call to edwards_tate_miller_loop");
395
396 edwards_Fq6 f = edwards_Fq6::one();
397
398 bool found_one = false;
399 size_t idx = 0;
400 for (long i = edwards_modulus_r.max_bits()-1; i >= 0; --i)
401 {
402 const bool bit = edwards_modulus_r.test_bit(i);
403 if (!found_one)
404 {
405 /* this skips the MSB itself */
406 found_one |= bit;
407 continue;
408 }
409
410 /* code below gets executed for all bits (EXCEPT the MSB itself) of
411 edwards_modulus_r (skipping leading zeros) in MSB to LSB
412 order */
413 edwards_Fq_conic_coefficients cc = prec_P[idx++];
414 edwards_Fq6 g_RR_at_Q = edwards_Fq6(edwards_Fq3(cc.c_XZ, edwards_Fq(0l), edwards_Fq(0l)) + cc.c_XY * prec_Q.y0,
415 cc.c_ZZ * prec_Q.eta);
416 f = f.squared() * g_RR_at_Q;
417 if (bit)
418 {
419 cc = prec_P[idx++];
420
421 edwards_Fq6 g_RP_at_Q = edwards_Fq6(edwards_Fq3(cc.c_XZ, edwards_Fq(0l), edwards_Fq(0l)) + cc.c_XY * prec_Q.y0,
422 cc.c_ZZ * prec_Q.eta);
423 f = f * g_RP_at_Q;
424 }
425 }
426 leave_block("Call to edwards_tate_miller_loop");
427
428 return f;
429}
libff::edwards_modulus_r
bigint< edwards_r_limbs > edwards_modulus_r
Definition edwards_init.cpp:14
libff::edwards_tate_G2_precomp::eta
edwards_Fq3 eta
Definition edwards_pairing.hpp:41
libff::edwards_tate_G2_precomp::y0
edwards_Fq3 y0
Definition edwards_pairing.hpp:41
Here is the call graph for this function:
Here is the caller graph for this function:

◆ edwards_tate_pairing()

edwards_Fq6 libff::edwards_tate_pairing ( const edwards_G1 & P,
const edwards_G2 & Q )

Definition at line 431 of file edwards_pairing.cpp.

432{
433 enter_block("Call to edwards_tate_pairing");
434 edwards_tate_G1_precomp prec_P = edwards_tate_precompute_G1(P);
435 edwards_tate_G2_precomp prec_Q = edwards_tate_precompute_G2(Q);
436 edwards_Fq6 result = edwards_tate_miller_loop(prec_P, prec_Q);
437 leave_block("Call to edwards_tate_pairing");
438 return result;
439}
libff::edwards_tate_G1_precomp
std::vector< edwards_Fq_conic_coefficients > edwards_tate_G1_precomp
Definition edwards_pairing.hpp:35
libff::edwards_tate_precompute_G2
edwards_tate_G2_precomp edwards_tate_precompute_G2(const edwards_G2 &Q)
Definition edwards_pairing.cpp:219
libff::edwards_tate_precompute_G1
edwards_tate_G1_precomp edwards_tate_precompute_G1(const edwards_G1 &P)
Definition edwards_pairing.cpp:346
libff::edwards_tate_miller_loop
edwards_Fq6 edwards_tate_miller_loop(const edwards_tate_G1_precomp &prec_P, const edwards_tate_G2_precomp &prec_Q)
Definition edwards_pairing.cpp:391
libff::edwards_tate_G2_precomp
Definition edwards_pairing.hpp:40
Here is the call graph for this function:
Here is the caller graph for this function:

◆ edwards_tate_precompute_G1()

edwards_tate_G1_precomp libff::edwards_tate_precompute_G1 ( const edwards_G1 & P)

Definition at line 346 of file edwards_pairing.cpp.

347{
348 enter_block("Call to edwards_tate_precompute_G1");
349 edwards_tate_G1_precomp result;
350
351 edwards_G1 Pcopy = P;
352 Pcopy.to_affine_coordinates();
353
354 extended_edwards_G1_projective P_ext;
355 P_ext.X = Pcopy.X;
356 P_ext.Y = Pcopy.Y;
357 P_ext.Z = Pcopy.Z;
358 P_ext.T = Pcopy.X*Pcopy.Y;
359
360 extended_edwards_G1_projective R = P_ext;
361
362 bool found_one = false;
363 for (long i = edwards_modulus_r.max_bits(); i >= 0; --i)
364 {
365 const bool bit = edwards_modulus_r.test_bit(i);
366 if (!found_one)
367 {
368 /* this skips the MSB itself */
369 found_one |= bit;
370 continue;
371 }
372
373 /* code below gets executed for all bits (EXCEPT the MSB itself) of
374 edwards_modulus_r (skipping leading zeros) in MSB to LSB
375 order */
376 edwards_Fq_conic_coefficients cc;
377 doubling_step_for_miller_loop(R, cc);
378 result.push_back(cc);
379
380 if (bit)
381 {
382 mixed_addition_step_for_miller_loop(P_ext, R, cc);
383 result.push_back(cc);
384 }
385 }
386
387 leave_block("Call to edwards_tate_precompute_G1");
388 return result;
389}
libff::edwards_G1::Z
edwards_Fq Z
Definition edwards_g1.hpp:33
libff::extended_edwards_G1_projective
Definition edwards_pairing.cpp:232
libff::extended_edwards_G1_projective::Y
edwards_Fq Y
Definition edwards_pairing.cpp:234
libff::extended_edwards_G1_projective::Z
edwards_Fq Z
Definition edwards_pairing.cpp:235
libff::extended_edwards_G1_projective::X
edwards_Fq X
Definition edwards_pairing.cpp:233
libff::extended_edwards_G1_projective::T
edwards_Fq T
Definition edwards_pairing.cpp:236
Here is the call graph for this function:
Here is the caller graph for this function:

◆ edwards_tate_precompute_G2()

edwards_tate_G2_precomp libff::edwards_tate_precompute_G2 ( const edwards_G2 & Q)

Definition at line 219 of file edwards_pairing.cpp.

220{
221 enter_block("Call to edwards_tate_precompute_G2");
222 edwards_G2 Qcopy = Q;
223 Qcopy.to_affine_coordinates();
224 edwards_tate_G2_precomp result;
225 result.y0 = Qcopy.Y * Qcopy.Z.inverse(); // Y/Z
226 result.eta = (Qcopy.Z+Qcopy.Y) * edwards_Fq6::mul_by_non_residue(Qcopy.X).inverse(); // (Z+Y)/(nqr*X)
227 leave_block("Call to edwards_tate_precompute_G2");
228
229 return result;
230}
libff::Fp3_model::inverse
Fp3_model inverse() const
libff::edwards_G2::Z
edwards_Fq3 Z
Definition edwards_g2.hpp:35
libff::edwards_G2::to_affine_coordinates
void to_affine_coordinates()
Definition edwards_g2.cpp:88
libff::edwards_G2::Y
edwards_Fq3 Y
Definition edwards_g2.hpp:35
libff::edwards_G2::X
edwards_Fq3 X
Definition edwards_g2.hpp:35
Here is the call graph for this function:
Here is the caller graph for this function:

◆ edwards_tate_reduced_pairing()

edwards_GT libff::edwards_tate_reduced_pairing ( const edwards_G1 & P,
const edwards_G2 & Q )

Definition at line 441 of file edwards_pairing.cpp.

442{
443 enter_block("Call to edwards_tate_reduced_pairing");
444 const edwards_Fq6 f = edwards_tate_pairing(P, Q);
445 const edwards_GT result = edwards_final_exponentiation(f);
446 leave_block("Call to edwards_tate_reduce_pairing");
447 return result;
448}
libff::edwards_tate_pairing
edwards_Fq6 edwards_tate_pairing(const edwards_G1 &P, const edwards_G2 &Q)
Definition edwards_pairing.cpp:431
Here is the call graph for this function:

◆ enter_block()

void libff::enter_block ( const std::string & msg,
const bool indent )

Definition at line 245 of file profiling.cpp.

246{
247 if (inhibit_profiling_counters)
248 {
249 return;
250 }
251
252 block_names.emplace_back(msg);
253 long long t = get_nsec_time();
254 enter_times[msg] = t;
255 long long cpu_t = get_nsec_cpu_time();
256 enter_cpu_times[msg] = cpu_t;
257
258 if (inhibit_profiling_info)
259 {
260 return;
261 }
262
263#ifdef MULTICORE
264#pragma omp critical
265#endif
266 {
267 op_profiling_enter(msg);
268
269 print_indent();
270 printf("(enter) %-35s\t", msg.c_str());
271 print_times_from_last_and_start(t, t, cpu_t, cpu_t);
272 printf("\n");
273 fflush(stdout);
274
275 if (indent)
276 {
277 ++indentation;
278 }
279 }
280}
Log::printf
LOGGING_API void printf(Category category, const char *format,...)
Definition Logging.cpp:30
libff::op_profiling_enter
void op_profiling_enter(const std::string &msg)
Definition profiling.cpp:237
libff::indentation
size_t indentation
Definition profiling.cpp:74
libff::print_indent
void print_indent()
Definition profiling.cpp:229
Here is the call graph for this function:

◆ exp2()

size_t libff::exp2 ( size_t k)
inline

Definition at line 28 of file utils.hpp.

28{ return size_t(1) << k; }

◆ find_wnaf()

template<mp_size_t n>
std::vector< long > libff::find_wnaf ( const size_t window_size,
const bigint< n > & scalar )

Find the wNAF representation of the given scalar relative to the given window size.

Here is the caller graph for this function:

◆ fixed_window_wnaf_exp()

template<typename T , mp_size_t n>
T libff::fixed_window_wnaf_exp ( const size_t window_size,
const T & base,
const bigint< n > & scalar )

In additive notation, use wNAF exponentiation (with the given window size) to compute scalar * base.

◆ FORMAT()

std::string libff::FORMAT ( const std::string & prefix,
const char * format,
... )

Definition at line 96 of file utils.cpp.

97{
98 const static size_t MAX_FMT = 256;
99 char buf[MAX_FMT];
100 va_list args;
101 va_start(args, format);
102 vsnprintf(buf, MAX_FMT, format, args);
103 va_end(args);
104
105 return prefix + std::string(buf);
106}
format
cmd_format format
Definition yubihsm-shell.h:40
buf
uint8_t buf[2048]
Definition yubihsm_pkcs11.c:4770

◆ from_twos_complement()

int libff::from_twos_complement ( size_t i,
size_t w )

Definition at line 54 of file utils.cpp.

55{
56 assert(i < (1ul<<w));
57 return (i < (1ul<<(w-1))) ? i : i - (1ul<<w);
58}

◆ full_addition_step_for_flipped_miller_loop()

void libff::full_addition_step_for_flipped_miller_loop ( const extended_edwards_G2_projective & base,
extended_edwards_G2_projective & current,
edwards_Fq3_conic_coefficients & cc )

Definition at line 508 of file edwards_pairing.cpp.

511{
512 const edwards_Fq3 &X1 = current.X, &Y1 = current.Y, &Z1 = current.Z, &T1 = current.T;
513 const edwards_Fq3 &X2 = base.X, &Y2 = base.Y, &Z2 = base.Z, &T2 = base.T;
514
515 const edwards_Fq3 A = X1*X2; // A = X1*X2
516 const edwards_Fq3 B = Y1*Y2; // B = Y1*Y2
517 const edwards_Fq3 C = Z1*T2; // C = Z1*T2
518 const edwards_Fq3 D = T1*Z2; // D = T1*Z2
519 const edwards_Fq3 E = D+C; // E = D+C
520 const edwards_Fq3 F = (X1-Y1)*(X2+Y2)+B-A; // F = (X1-Y1)*(X2+Y2)+B-A
521 // G = B + twisted_edwards_a * A
522 const edwards_Fq3 G = B + edwards_G2::mul_by_a(A); // edwards_param_twist_coeff_a is 1*X for us
523 const edwards_Fq3 H = D-C; // H = D-C
524 const edwards_Fq3 I = T1*T2; // I = T1*T2
525
526 // c_ZZ = delta_3* ((T1-X1)*(T2+X2)-I+A)
527 cc.c_ZZ = edwards_G2::mul_by_a((T1-X1)*(T2+X2)-I+A); // edwards_param_twist_coeff_a is 1*X for us
528
529 cc.c_XY = X1*Z2-X2*Z1+F; // c_XY = X1*Z2-X2*Z1+F
530 cc.c_XZ = (Y1-T1)*(Y2+T2)-B+I-H; // c_XZ = (Y1-T1)*(Y2+T2)-B+I-H
531 current.X = E*F; // X3 = E*F
532 current.Y = G*H; // Y3 = G*H
533 current.Z = F*G; // Z3 = F*G
534 current.T = E*H; // T3 = E*H
535
536#ifdef DEBUG
537 current.test_invariant();
538#endif
539}
Here is the call graph for this function:

◆ full_addition_step_for_miller_loop()

void libff::full_addition_step_for_miller_loop ( const extended_edwards_G1_projective & base,
extended_edwards_G1_projective & current,
edwards_Fq_conic_coefficients & cc )

Definition at line 286 of file edwards_pairing.cpp.

289{
290 const edwards_Fq &X1 = current.X, &Y1 = current.Y, &Z1 = current.Z, &T1 = current.T;
291 const edwards_Fq &X2 = base.X, &Y2 = base.Y, &Z2 = base.Z, &T2 = base.T;
292
293 const edwards_Fq A = X1*X2; // A = X1*X2
294 const edwards_Fq B = Y1*Y2; // B = Y1*Y2
295 const edwards_Fq C = Z1*T2; // C = Z1*T2
296 const edwards_Fq D = T1*Z2; // D = T1*Z2
297 const edwards_Fq E = D+C; // E = D+C
298 const edwards_Fq F = (X1-Y1)*(X2+Y2)+B-A; // F = (X1-Y1)*(X2+Y2)+B-A
299 const edwards_Fq G = B + A; // G = B + A (edwards_a=1)
300 const edwards_Fq H = D-C; // H = D-C
301 const edwards_Fq I = T1*T2; // I = T1*T2
302
303 cc.c_ZZ = (T1-X1)*(T2+X2)-I+A; // c_ZZ = (T1-X1)*(T2+X2)-I+A
304 cc.c_XY = X1*Z2-X2*Z1+F; // c_XY = X1*Z2-X2*Z1+F
305 cc.c_XZ = (Y1-T1)*(Y2+T2)-B+I-H; // c_XZ = (Y1-T1)*(Y2+T2)-B+I-H
306 current.X = E*F; // X3 = E*F
307 current.Y = G*H; // Y3 = G*H
308 current.Z = F*G; // Z3 = F*G
309 current.T = E*H; // T3 = E*H
310
311#ifdef DEBUG
312 current.test_invariant();
313#endif
314}

◆ get_exp_window_size()

template<typename T >
size_t libff::get_exp_window_size ( const size_t num_scalars)

Compute window size for the given number of scalars.

◆ get_nsec_cpu_time()

long long libff::get_nsec_cpu_time ( )

Definition at line 39 of file profiling.cpp.

40{
41#if _MSC_VER
42 return 0;
43#else
44 ::timespec ts;
45 if ( ::clock_gettime(CLOCK_PROCESS_CPUTIME_ID, &ts) )
46 throw ::std::runtime_error("clock_gettime(CLOCK_PROCESS_CPUTIME_ID) failed");
47 // If we expected this to work, don't silently ignore failures, because that would hide the problem and incur an unnecessarily system-call overhead. So if we ever observe this exception, we should probably add a suitable #ifdef .
48 //TODO: clock_gettime(CLOCK_PROCESS_CPUTIME_ID) is not supported by native Windows. What about Cygwin? Should we #ifdef on CLOCK_PROCESS_CPUTIME_ID or on __linux__?
49 return ts.tv_sec * 1000000000ll + ts.tv_nsec;
50#endif
51}
Here is the caller graph for this function:

◆ get_nsec_time()

long long libff::get_nsec_time ( )

Definition at line 32 of file profiling.cpp.

33{
34 auto timepoint = std::chrono::high_resolution_clock::now();
35 return std::chrono::duration_cast<std::chrono::nanoseconds>(timepoint.time_since_epoch()).count();
36}
Here is the caller graph for this function:

◆ get_power_of_two()

size_t libff::get_power_of_two ( size_t n)

Definition at line 19 of file utils.cpp.

20{
21 n--;
22 n |= n >> 1;
23 n |= n >> 2;
24 n |= n >> 4;
25 n |= n >> 8;
26 n |= n >> 16;
27 n++;
28
29 return n;
30}

◆ get_root_of_unity() [1/2]

template<typename FieldT >
std::enable_if< std::is_same< FieldT, Double >::value, FieldT >::type libff::get_root_of_unity ( const size_t n)

◆ get_root_of_unity() [2/2]

template<typename FieldT >
std::enable_if<!std::is_same< FieldT, Double >::value, FieldT >::type libff::get_root_of_unity ( const size_t n)

◆ get_window_table()

template<typename T >
window_table< T > libff::get_window_table ( const size_t scalar_size,
const size_t window,
const T & g )

Compute table of window sizes.

◆ init_alt_bn128_params()

void libff::init_alt_bn128_params ( )

Definition at line 31 of file alt_bn128_init.cpp.

32{
33 typedef bigint<alt_bn128_r_limbs> bigint_r;
34 typedef bigint<alt_bn128_q_limbs> bigint_q;
35
36 assert(sizeof(mp_limb_t) == 8 || sizeof(mp_limb_t) == 4); // Montgomery assumes this
37
38 /* parameters for scalar field Fr */
39
40 alt_bn128_modulus_r = bigint_r("21888242871839275222246405745257275088548364400416034343698204186575808495617");
41 assert(alt_bn128_Fr::modulus_is_valid());
42 if (sizeof(mp_limb_t) == 8)
43 {
44 alt_bn128_Fr::Rsquared = bigint_r("944936681149208446651664254269745548490766851729442924617792859073125903783");
45 alt_bn128_Fr::Rcubed = bigint_r("5866548545943845227489894872040244720403868105578784105281690076696998248512");
46 alt_bn128_Fr::inv = 0xc2e1f593efffffff;
47 }
48 if (sizeof(mp_limb_t) == 4)
49 {
50 alt_bn128_Fr::Rsquared = bigint_r("944936681149208446651664254269745548490766851729442924617792859073125903783");
51 alt_bn128_Fr::Rcubed = bigint_r("5866548545943845227489894872040244720403868105578784105281690076696998248512");
52 alt_bn128_Fr::inv = 0xefffffff;
53 }
54 alt_bn128_Fr::num_bits = 254;
55 alt_bn128_Fr::euler = bigint_r("10944121435919637611123202872628637544274182200208017171849102093287904247808");
56 alt_bn128_Fr::s = 28;
57 alt_bn128_Fr::t = bigint_r("81540058820840996586704275553141814055101440848469862132140264610111");
58 alt_bn128_Fr::t_minus_1_over_2 = bigint_r("40770029410420498293352137776570907027550720424234931066070132305055");
59 alt_bn128_Fr::multiplicative_generator = alt_bn128_Fr("5");
60 alt_bn128_Fr::root_of_unity = alt_bn128_Fr("19103219067921713944291392827692070036145651957329286315305642004821462161904");
61 alt_bn128_Fr::nqr = alt_bn128_Fr("5");
62 alt_bn128_Fr::nqr_to_t = alt_bn128_Fr("19103219067921713944291392827692070036145651957329286315305642004821462161904");
63
64 /* parameters for base field Fq */
65
66 alt_bn128_modulus_q = bigint_q("21888242871839275222246405745257275088696311157297823662689037894645226208583");
67 assert(alt_bn128_Fq::modulus_is_valid());
68 if (sizeof(mp_limb_t) == 8)
69 {
70 alt_bn128_Fq::Rsquared = bigint_q("3096616502983703923843567936837374451735540968419076528771170197431451843209");
71 alt_bn128_Fq::Rcubed = bigint_q("14921786541159648185948152738563080959093619838510245177710943249661917737183");
72 alt_bn128_Fq::inv = 0x87d20782e4866389;
73 }
74 if (sizeof(mp_limb_t) == 4)
75 {
76 alt_bn128_Fq::Rsquared = bigint_q("3096616502983703923843567936837374451735540968419076528771170197431451843209");
77 alt_bn128_Fq::Rcubed = bigint_q("14921786541159648185948152738563080959093619838510245177710943249661917737183");
78 alt_bn128_Fq::inv = 0xe4866389;
79 }
80 alt_bn128_Fq::num_bits = 254;
81 alt_bn128_Fq::euler = bigint_q("10944121435919637611123202872628637544348155578648911831344518947322613104291");
82 alt_bn128_Fq::s = 1;
83 alt_bn128_Fq::t = bigint_q("10944121435919637611123202872628637544348155578648911831344518947322613104291");
84 alt_bn128_Fq::t_minus_1_over_2 = bigint_q("5472060717959818805561601436314318772174077789324455915672259473661306552145");
85 alt_bn128_Fq::multiplicative_generator = alt_bn128_Fq("3");
86 alt_bn128_Fq::root_of_unity = alt_bn128_Fq("21888242871839275222246405745257275088696311157297823662689037894645226208582");
87 alt_bn128_Fq::nqr = alt_bn128_Fq("3");
88 alt_bn128_Fq::nqr_to_t = alt_bn128_Fq("21888242871839275222246405745257275088696311157297823662689037894645226208582");
89
90 /* parameters for twist field Fq2 */
91 alt_bn128_Fq2::euler = bigint<2*alt_bn128_q_limbs>("239547588008311421220994022608339370399626158265550411218223901127035046843189118723920525909718935985594116157406550130918127817069793474323196511433944");
92 alt_bn128_Fq2::s = 4;
93 alt_bn128_Fq2::t = bigint<2*alt_bn128_q_limbs>("29943448501038927652624252826042421299953269783193801402277987640879380855398639840490065738714866998199264519675818766364765977133724184290399563929243");
94 alt_bn128_Fq2::t_minus_1_over_2 = bigint<2*alt_bn128_q_limbs>("14971724250519463826312126413021210649976634891596900701138993820439690427699319920245032869357433499099632259837909383182382988566862092145199781964621");
95 alt_bn128_Fq2::non_residue = alt_bn128_Fq("21888242871839275222246405745257275088696311157297823662689037894645226208582");
96 alt_bn128_Fq2::nqr = alt_bn128_Fq2(alt_bn128_Fq("2"),alt_bn128_Fq("1"));
97 alt_bn128_Fq2::nqr_to_t = alt_bn128_Fq2(alt_bn128_Fq("5033503716262624267312492558379982687175200734934877598599011485707452665730"),alt_bn128_Fq("314498342015008975724433667930697407966947188435857772134235984660852259084"));
98 alt_bn128_Fq2::Frobenius_coeffs_c1[0] = alt_bn128_Fq("1");
99 alt_bn128_Fq2::Frobenius_coeffs_c1[1] = alt_bn128_Fq("21888242871839275222246405745257275088696311157297823662689037894645226208582");
100
101 /* parameters for Fq6 */
102 alt_bn128_Fq6::non_residue = alt_bn128_Fq2(alt_bn128_Fq("9"),alt_bn128_Fq("1"));
103 alt_bn128_Fq6::Frobenius_coeffs_c1[0] = alt_bn128_Fq2(alt_bn128_Fq("1"),alt_bn128_Fq("0"));
104 alt_bn128_Fq6::Frobenius_coeffs_c1[1] = alt_bn128_Fq2(alt_bn128_Fq("21575463638280843010398324269430826099269044274347216827212613867836435027261"),alt_bn128_Fq("10307601595873709700152284273816112264069230130616436755625194854815875713954"));
105 alt_bn128_Fq6::Frobenius_coeffs_c1[2] = alt_bn128_Fq2(alt_bn128_Fq("21888242871839275220042445260109153167277707414472061641714758635765020556616"),alt_bn128_Fq("0"));
106 alt_bn128_Fq6::Frobenius_coeffs_c1[3] = alt_bn128_Fq2(alt_bn128_Fq("3772000881919853776433695186713858239009073593817195771773381919316419345261"),alt_bn128_Fq("2236595495967245188281701248203181795121068902605861227855261137820944008926"));
107 alt_bn128_Fq6::Frobenius_coeffs_c1[4] = alt_bn128_Fq2(alt_bn128_Fq("2203960485148121921418603742825762020974279258880205651966"),alt_bn128_Fq("0"));
108 alt_bn128_Fq6::Frobenius_coeffs_c1[5] = alt_bn128_Fq2(alt_bn128_Fq("18429021223477853657660792034369865839114504446431234726392080002137598044644"),alt_bn128_Fq("9344045779998320333812420223237981029506012124075525679208581902008406485703"));
109 alt_bn128_Fq6::Frobenius_coeffs_c2[0] = alt_bn128_Fq2(alt_bn128_Fq("1"),alt_bn128_Fq("0"));
110 alt_bn128_Fq6::Frobenius_coeffs_c2[1] = alt_bn128_Fq2(alt_bn128_Fq("2581911344467009335267311115468803099551665605076196740867805258568234346338"),alt_bn128_Fq("19937756971775647987995932169929341994314640652964949448313374472400716661030"));
111 alt_bn128_Fq6::Frobenius_coeffs_c2[2] = alt_bn128_Fq2(alt_bn128_Fq("2203960485148121921418603742825762020974279258880205651966"),alt_bn128_Fq("0"));
112 alt_bn128_Fq6::Frobenius_coeffs_c2[3] = alt_bn128_Fq2(alt_bn128_Fq("5324479202449903542726783395506214481928257762400643279780343368557297135718"),alt_bn128_Fq("16208900380737693084919495127334387981393726419856888799917914180988844123039"));
113 alt_bn128_Fq6::Frobenius_coeffs_c2[4] = alt_bn128_Fq2(alt_bn128_Fq("21888242871839275220042445260109153167277707414472061641714758635765020556616"),alt_bn128_Fq("0"));
114 alt_bn128_Fq6::Frobenius_coeffs_c2[5] = alt_bn128_Fq2(alt_bn128_Fq("13981852324922362344252311234282257507216387789820983642040889267519694726527"),alt_bn128_Fq("7629828391165209371577384193250820201684255241773809077146787135900891633097"));
115
116 /* parameters for Fq12 */
117
118 alt_bn128_Fq12::non_residue = alt_bn128_Fq2(alt_bn128_Fq("9"),alt_bn128_Fq("1"));
119 alt_bn128_Fq12::Frobenius_coeffs_c1[0] = alt_bn128_Fq2(alt_bn128_Fq("1"),alt_bn128_Fq("0"));
120 alt_bn128_Fq12::Frobenius_coeffs_c1[1] = alt_bn128_Fq2(alt_bn128_Fq("8376118865763821496583973867626364092589906065868298776909617916018768340080"),alt_bn128_Fq("16469823323077808223889137241176536799009286646108169935659301613961712198316"));
121 alt_bn128_Fq12::Frobenius_coeffs_c1[2] = alt_bn128_Fq2(alt_bn128_Fq("21888242871839275220042445260109153167277707414472061641714758635765020556617"),alt_bn128_Fq("0"));
122 alt_bn128_Fq12::Frobenius_coeffs_c1[3] = alt_bn128_Fq2(alt_bn128_Fq("11697423496358154304825782922584725312912383441159505038794027105778954184319"),alt_bn128_Fq("303847389135065887422783454877609941456349188919719272345083954437860409601"));
123 alt_bn128_Fq12::Frobenius_coeffs_c1[4] = alt_bn128_Fq2(alt_bn128_Fq("21888242871839275220042445260109153167277707414472061641714758635765020556616"),alt_bn128_Fq("0"));
124 alt_bn128_Fq12::Frobenius_coeffs_c1[5] = alt_bn128_Fq2(alt_bn128_Fq("3321304630594332808241809054958361220322477375291206261884409189760185844239"),alt_bn128_Fq("5722266937896532885780051958958348231143373700109372999374820235121374419868"));
125 alt_bn128_Fq12::Frobenius_coeffs_c1[6] = alt_bn128_Fq2(alt_bn128_Fq("21888242871839275222246405745257275088696311157297823662689037894645226208582"),alt_bn128_Fq("0"));
126 alt_bn128_Fq12::Frobenius_coeffs_c1[7] = alt_bn128_Fq2(alt_bn128_Fq("13512124006075453725662431877630910996106405091429524885779419978626457868503"),alt_bn128_Fq("5418419548761466998357268504080738289687024511189653727029736280683514010267"));
127 alt_bn128_Fq12::Frobenius_coeffs_c1[8] = alt_bn128_Fq2(alt_bn128_Fq("2203960485148121921418603742825762020974279258880205651966"),alt_bn128_Fq("0"));
128 alt_bn128_Fq12::Frobenius_coeffs_c1[9] = alt_bn128_Fq2(alt_bn128_Fq("10190819375481120917420622822672549775783927716138318623895010788866272024264"),alt_bn128_Fq("21584395482704209334823622290379665147239961968378104390343953940207365798982"));
129 alt_bn128_Fq12::Frobenius_coeffs_c1[10] = alt_bn128_Fq2(alt_bn128_Fq("2203960485148121921418603742825762020974279258880205651967"),alt_bn128_Fq("0"));
130 alt_bn128_Fq12::Frobenius_coeffs_c1[11] = alt_bn128_Fq2(alt_bn128_Fq("18566938241244942414004596690298913868373833782006617400804628704885040364344"),alt_bn128_Fq("16165975933942742336466353786298926857552937457188450663314217659523851788715"));
131
132 /* choice of short Weierstrass curve and its twist */
133
134 alt_bn128_coeff_b = alt_bn128_Fq("3");
135 alt_bn128_twist = alt_bn128_Fq2(alt_bn128_Fq("9"), alt_bn128_Fq("1"));
136 alt_bn128_twist_coeff_b = alt_bn128_coeff_b * alt_bn128_twist.inverse();
137 alt_bn128_twist_mul_by_b_c0 = alt_bn128_coeff_b * alt_bn128_Fq2::non_residue;
138 alt_bn128_twist_mul_by_b_c1 = alt_bn128_coeff_b * alt_bn128_Fq2::non_residue;
139 alt_bn128_twist_mul_by_q_X = alt_bn128_Fq2(alt_bn128_Fq("21575463638280843010398324269430826099269044274347216827212613867836435027261"),
140 alt_bn128_Fq("10307601595873709700152284273816112264069230130616436755625194854815875713954"));
141 alt_bn128_twist_mul_by_q_Y = alt_bn128_Fq2(alt_bn128_Fq("2821565182194536844548159561693502659359617185244120367078079554186484126554"),
142 alt_bn128_Fq("3505843767911556378687030309984248845540243509899259641013678093033130930403"));
143
144 /* choice of group G1 */
145 alt_bn128_G1::G1_zero = alt_bn128_G1(alt_bn128_Fq::zero(),
146 alt_bn128_Fq::one(),
147 alt_bn128_Fq::zero());
148 alt_bn128_G1::G1_one = alt_bn128_G1(alt_bn128_Fq("1"),
149 alt_bn128_Fq("2"),
150 alt_bn128_Fq::one());
151 alt_bn128_G1::initialized = true;
152
153 alt_bn128_G1::wnaf_window_table.resize(0);
154 alt_bn128_G1::wnaf_window_table.push_back(11);
155 alt_bn128_G1::wnaf_window_table.push_back(24);
156 alt_bn128_G1::wnaf_window_table.push_back(60);
157 alt_bn128_G1::wnaf_window_table.push_back(127);
158
159 alt_bn128_G1::fixed_base_exp_window_table.resize(0);
160 // window 1 is unbeaten in [-inf, 4.99]
161 alt_bn128_G1::fixed_base_exp_window_table.push_back(1);
162 // window 2 is unbeaten in [4.99, 10.99]
163 alt_bn128_G1::fixed_base_exp_window_table.push_back(5);
164 // window 3 is unbeaten in [10.99, 32.29]
165 alt_bn128_G1::fixed_base_exp_window_table.push_back(11);
166 // window 4 is unbeaten in [32.29, 55.23]
167 alt_bn128_G1::fixed_base_exp_window_table.push_back(32);
168 // window 5 is unbeaten in [55.23, 162.03]
169 alt_bn128_G1::fixed_base_exp_window_table.push_back(55);
170 // window 6 is unbeaten in [162.03, 360.15]
171 alt_bn128_G1::fixed_base_exp_window_table.push_back(162);
172 // window 7 is unbeaten in [360.15, 815.44]
173 alt_bn128_G1::fixed_base_exp_window_table.push_back(360);
174 // window 8 is unbeaten in [815.44, 2373.07]
175 alt_bn128_G1::fixed_base_exp_window_table.push_back(815);
176 // window 9 is unbeaten in [2373.07, 6977.75]
177 alt_bn128_G1::fixed_base_exp_window_table.push_back(2373);
178 // window 10 is unbeaten in [6977.75, 7122.23]
179 alt_bn128_G1::fixed_base_exp_window_table.push_back(6978);
180 // window 11 is unbeaten in [7122.23, 57818.46]
181 alt_bn128_G1::fixed_base_exp_window_table.push_back(7122);
182 // window 12 is never the best
183 alt_bn128_G1::fixed_base_exp_window_table.push_back(0);
184 // window 13 is unbeaten in [57818.46, 169679.14]
185 alt_bn128_G1::fixed_base_exp_window_table.push_back(57818);
186 // window 14 is never the best
187 alt_bn128_G1::fixed_base_exp_window_table.push_back(0);
188 // window 15 is unbeaten in [169679.14, 439758.91]
189 alt_bn128_G1::fixed_base_exp_window_table.push_back(169679);
190 // window 16 is unbeaten in [439758.91, 936073.41]
191 alt_bn128_G1::fixed_base_exp_window_table.push_back(439759);
192 // window 17 is unbeaten in [936073.41, 4666554.74]
193 alt_bn128_G1::fixed_base_exp_window_table.push_back(936073);
194 // window 18 is never the best
195 alt_bn128_G1::fixed_base_exp_window_table.push_back(0);
196 // window 19 is unbeaten in [4666554.74, 7580404.42]
197 alt_bn128_G1::fixed_base_exp_window_table.push_back(4666555);
198 // window 20 is unbeaten in [7580404.42, 34552892.20]
199 alt_bn128_G1::fixed_base_exp_window_table.push_back(7580404);
200 // window 21 is never the best
201 alt_bn128_G1::fixed_base_exp_window_table.push_back(0);
202 // window 22 is unbeaten in [34552892.20, inf]
203 alt_bn128_G1::fixed_base_exp_window_table.push_back(34552892);
204
205 /* choice of group G2 */
206
207 alt_bn128_G2::G2_zero = alt_bn128_G2(alt_bn128_Fq2::zero(),
208 alt_bn128_Fq2::one(),
209 alt_bn128_Fq2::zero());
210
211 alt_bn128_G2::G2_one = alt_bn128_G2(alt_bn128_Fq2(alt_bn128_Fq("10857046999023057135944570762232829481370756359578518086990519993285655852781"),
212 alt_bn128_Fq("11559732032986387107991004021392285783925812861821192530917403151452391805634")),
213 alt_bn128_Fq2(alt_bn128_Fq("8495653923123431417604973247489272438418190587263600148770280649306958101930"),
214 alt_bn128_Fq("4082367875863433681332203403145435568316851327593401208105741076214120093531")),
215 alt_bn128_Fq2::one());
216 alt_bn128_G2::initialized = true;
217
218 alt_bn128_G2::wnaf_window_table.resize(0);
219 alt_bn128_G2::wnaf_window_table.push_back(5);
220 alt_bn128_G2::wnaf_window_table.push_back(15);
221 alt_bn128_G2::wnaf_window_table.push_back(39);
222 alt_bn128_G2::wnaf_window_table.push_back(109);
223
224 alt_bn128_G2::fixed_base_exp_window_table.resize(0);
225 // window 1 is unbeaten in [-inf, 5.10]
226 alt_bn128_G2::fixed_base_exp_window_table.push_back(1);
227 // window 2 is unbeaten in [5.10, 10.43]
228 alt_bn128_G2::fixed_base_exp_window_table.push_back(5);
229 // window 3 is unbeaten in [10.43, 25.28]
230 alt_bn128_G2::fixed_base_exp_window_table.push_back(10);
231 // window 4 is unbeaten in [25.28, 59.00]
232 alt_bn128_G2::fixed_base_exp_window_table.push_back(25);
233 // window 5 is unbeaten in [59.00, 154.03]
234 alt_bn128_G2::fixed_base_exp_window_table.push_back(59);
235 // window 6 is unbeaten in [154.03, 334.25]
236 alt_bn128_G2::fixed_base_exp_window_table.push_back(154);
237 // window 7 is unbeaten in [334.25, 742.58]
238 alt_bn128_G2::fixed_base_exp_window_table.push_back(334);
239 // window 8 is unbeaten in [742.58, 2034.40]
240 alt_bn128_G2::fixed_base_exp_window_table.push_back(743);
241 // window 9 is unbeaten in [2034.40, 4987.56]
242 alt_bn128_G2::fixed_base_exp_window_table.push_back(2034);
243 // window 10 is unbeaten in [4987.56, 8888.27]
244 alt_bn128_G2::fixed_base_exp_window_table.push_back(4988);
245 // window 11 is unbeaten in [8888.27, 26271.13]
246 alt_bn128_G2::fixed_base_exp_window_table.push_back(8888);
247 // window 12 is unbeaten in [26271.13, 39768.20]
248 alt_bn128_G2::fixed_base_exp_window_table.push_back(26271);
249 // window 13 is unbeaten in [39768.20, 106275.75]
250 alt_bn128_G2::fixed_base_exp_window_table.push_back(39768);
251 // window 14 is unbeaten in [106275.75, 141703.40]
252 alt_bn128_G2::fixed_base_exp_window_table.push_back(106276);
253 // window 15 is unbeaten in [141703.40, 462422.97]
254 alt_bn128_G2::fixed_base_exp_window_table.push_back(141703);
255 // window 16 is unbeaten in [462422.97, 926871.84]
256 alt_bn128_G2::fixed_base_exp_window_table.push_back(462423);
257 // window 17 is unbeaten in [926871.84, 4873049.17]
258 alt_bn128_G2::fixed_base_exp_window_table.push_back(926872);
259 // window 18 is never the best
260 alt_bn128_G2::fixed_base_exp_window_table.push_back(0);
261 // window 19 is unbeaten in [4873049.17, 5706707.88]
262 alt_bn128_G2::fixed_base_exp_window_table.push_back(4873049);
263 // window 20 is unbeaten in [5706707.88, 31673814.95]
264 alt_bn128_G2::fixed_base_exp_window_table.push_back(5706708);
265 // window 21 is never the best
266 alt_bn128_G2::fixed_base_exp_window_table.push_back(0);
267 // window 22 is unbeaten in [31673814.95, inf]
268 alt_bn128_G2::fixed_base_exp_window_table.push_back(31673815);
269
270 /* pairing parameters */
271
272 alt_bn128_ate_loop_count = bigint_q("29793968203157093288");
273 alt_bn128_ate_is_loop_count_neg = false;
274 alt_bn128_final_exponent = bigint<12*alt_bn128_q_limbs>("552484233613224096312617126783173147097382103762957654188882734314196910839907541213974502761540629817009608548654680343627701153829446747810907373256841551006201639677726139946029199968412598804882391702273019083653272047566316584365559776493027495458238373902875937659943504873220554161550525926302303331747463515644711876653177129578303191095900909191624817826566688241804408081892785725967931714097716709526092261278071952560171111444072049229123565057483750161460024353346284167282452756217662335528813519139808291170539072125381230815729071544861602750936964829313608137325426383735122175229541155376346436093930287402089517426973178917569713384748081827255472576937471496195752727188261435633271238710131736096299798168852925540549342330775279877006784354801422249722573783561685179618816480037695005515426162362431072245638324744480");
275 alt_bn128_final_exponent_z = bigint_q("4965661367192848881");
276 alt_bn128_final_exponent_is_z_neg = false;
277
278}
libff::Fp2_model::inverse
Fp2_model inverse() const
libff::alt_bn128_final_exponent_z
bigint< alt_bn128_q_limbs > alt_bn128_final_exponent_z
Definition alt_bn128_init.cpp:28
libff::alt_bn128_Fq2
Fp2_model< alt_bn128_q_limbs, alt_bn128_modulus_q > alt_bn128_Fq2
Definition alt_bn128_init.hpp:29
libff::alt_bn128_Fq
Fp_model< alt_bn128_q_limbs, alt_bn128_modulus_q > alt_bn128_Fq
Definition alt_bn128_init.hpp:28
libff::alt_bn128_twist_mul_by_b_c0
alt_bn128_Fq alt_bn128_twist_mul_by_b_c0
Definition alt_bn128_init.cpp:20
libff::alt_bn128_twist_mul_by_q_Y
alt_bn128_Fq2 alt_bn128_twist_mul_by_q_Y
Definition alt_bn128_init.cpp:23
libff::alt_bn128_coeff_b
alt_bn128_Fq alt_bn128_coeff_b
Definition alt_bn128_init.cpp:17
libff::alt_bn128_modulus_q
bigint< alt_bn128_q_limbs > alt_bn128_modulus_q
Definition alt_bn128_init.cpp:15
libff::alt_bn128_ate_is_loop_count_neg
bool alt_bn128_ate_is_loop_count_neg
Definition alt_bn128_init.cpp:26
libff::alt_bn128_final_exponent_is_z_neg
bool alt_bn128_final_exponent_is_z_neg
Definition alt_bn128_init.cpp:29
libff::alt_bn128_twist_mul_by_b_c1
alt_bn128_Fq alt_bn128_twist_mul_by_b_c1
Definition alt_bn128_init.cpp:21
libff::alt_bn128_Fr
Fp_model< alt_bn128_r_limbs, alt_bn128_modulus_r > alt_bn128_Fr
Definition alt_bn128_init.hpp:27
libff::alt_bn128_modulus_r
bigint< alt_bn128_r_limbs > alt_bn128_modulus_r
Definition alt_bn128_init.cpp:14
libff::alt_bn128_twist_mul_by_q_X
alt_bn128_Fq2 alt_bn128_twist_mul_by_q_X
Definition alt_bn128_init.cpp:22
libff::alt_bn128_final_exponent
bigint< 12 *alt_bn128_q_limbs > alt_bn128_final_exponent
Definition alt_bn128_init.cpp:27
Here is the call graph for this function:
Here is the caller graph for this function:

◆ init_bn128_params()

void libff::init_bn128_params ( )

Definition at line 28 of file bn128_init.cpp.

29{
30 bn::Param::init(); // init ate-pairing library
31
32 typedef bigint<bn128_r_limbs> bigint_r;
33 typedef bigint<bn128_q_limbs> bigint_q;
34
35 assert(sizeof(mp_limb_t) == 8 || sizeof(mp_limb_t) == 4); // Montgomery assumes this
36
37 /* parameters for scalar field Fr */
38 bn128_modulus_r = bigint_r("21888242871839275222246405745257275088548364400416034343698204186575808495617");
39 assert(bn128_Fr::modulus_is_valid());
40 if (sizeof(mp_limb_t) == 8)
41 {
42 bn128_Fr::Rsquared = bigint_r("944936681149208446651664254269745548490766851729442924617792859073125903783");
43 bn128_Fr::Rcubed = bigint_r("5866548545943845227489894872040244720403868105578784105281690076696998248512");
44 bn128_Fr::inv = 0xc2e1f593efffffff;
45 }
46 if (sizeof(mp_limb_t) == 4)
47 {
48 bn128_Fr::Rsquared = bigint_r("944936681149208446651664254269745548490766851729442924617792859073125903783");
49 bn128_Fr::Rcubed = bigint_r("5866548545943845227489894872040244720403868105578784105281690076696998248512");
50 bn128_Fr::inv = 0xefffffff;
51 }
52 bn128_Fr::num_bits = 254;
53 bn128_Fr::euler = bigint_r("10944121435919637611123202872628637544274182200208017171849102093287904247808");
54 bn128_Fr::s = 28;
55 bn128_Fr::t = bigint_r("81540058820840996586704275553141814055101440848469862132140264610111");
56 bn128_Fr::t_minus_1_over_2 = bigint_r("40770029410420498293352137776570907027550720424234931066070132305055");
57 bn128_Fr::multiplicative_generator = bn128_Fr("5");
58 bn128_Fr::root_of_unity = bn128_Fr("19103219067921713944291392827692070036145651957329286315305642004821462161904");
59 bn128_Fr::nqr = bn128_Fr("5");
60 bn128_Fr::nqr_to_t = bn128_Fr("19103219067921713944291392827692070036145651957329286315305642004821462161904");
61
62 /* parameters for base field Fq */
63 bn128_modulus_q = bigint_q("21888242871839275222246405745257275088696311157297823662689037894645226208583");
64 assert(bn128_Fq::modulus_is_valid());
65 if (sizeof(mp_limb_t) == 8)
66 {
67 bn128_Fq::Rsquared = bigint_q("3096616502983703923843567936837374451735540968419076528771170197431451843209");
68 bn128_Fq::Rcubed = bigint_q("14921786541159648185948152738563080959093619838510245177710943249661917737183");
69 bn128_Fq::inv = 0x87d20782e4866389;
70 }
71 if (sizeof(mp_limb_t) == 4)
72 {
73 bn128_Fq::Rsquared = bigint_q("3096616502983703923843567936837374451735540968419076528771170197431451843209");
74 bn128_Fq::Rcubed = bigint_q("14921786541159648185948152738563080959093619838510245177710943249661917737183");
75 bn128_Fq::inv = 0xe4866389;
76 }
77 bn128_Fq::num_bits = 254;
78 bn128_Fq::euler = bigint_q("10944121435919637611123202872628637544348155578648911831344518947322613104291");
79 bn128_Fq::s = 1;
80 bn128_Fq::t = bigint_q("10944121435919637611123202872628637544348155578648911831344518947322613104291");
81 bn128_Fq::t_minus_1_over_2 = bigint_q("5472060717959818805561601436314318772174077789324455915672259473661306552145");
82 bn128_Fq::multiplicative_generator = bn128_Fq("3");
83 bn128_Fq::root_of_unity = bn128_Fq("21888242871839275222246405745257275088696311157297823662689037894645226208582");
84 bn128_Fq::nqr = bn128_Fq("3");
85 bn128_Fq::nqr_to_t = bn128_Fq("21888242871839275222246405745257275088696311157297823662689037894645226208582");
86
87 /* additional parameters for square roots in Fq/Fq2 */
88 bn128_coeff_b = bn::Fp(3);
89 bn128_Fq_s = 1;
90 bn128_Fq_nqr_to_t = bn::Fp("21888242871839275222246405745257275088696311157297823662689037894645226208582");
91 bn128_Fq_t_minus_1_over_2 = mie::Vuint("5472060717959818805561601436314318772174077789324455915672259473661306552145");
92
93 bn128_twist_coeff_b = bn::Fp2(bn::Fp("19485874751759354771024239261021720505790618469301721065564631296452457478373"),
94 bn::Fp("266929791119991161246907387137283842545076965332900288569378510910307636690"));
95 bn128_Fq2_s = 4;
96 bn128_Fq2_nqr_to_t = bn::Fp2(bn::Fp("5033503716262624267312492558379982687175200734934877598599011485707452665730"),
97 bn::Fp("314498342015008975724433667930697407966947188435857772134235984660852259084"));
98 bn128_Fq2_t_minus_1_over_2 = mie::Vuint("14971724250519463826312126413021210649976634891596900701138993820439690427699319920245032869357433499099632259837909383182382988566862092145199781964621");
99
100 /* choice of group G1 */
101 bn128_G1::G1_zero.X = bn::Fp(1);
102 bn128_G1::G1_zero.Y = bn::Fp(1);
103 bn128_G1::G1_zero.Z = bn::Fp(0);
104
105 bn128_G1::G1_one.X = bn::Fp(1);
106 bn128_G1::G1_one.Y = bn::Fp(2);
107 bn128_G1::G1_one.Z = bn::Fp(1);
108
109 bn128_G1::initialized = true;
110
111 bn128_G1::wnaf_window_table.resize(0);
112 bn128_G1::wnaf_window_table.push_back(10);
113 bn128_G1::wnaf_window_table.push_back(24);
114 bn128_G1::wnaf_window_table.push_back(40);
115 bn128_G1::wnaf_window_table.push_back(132);
116
117 bn128_G1::fixed_base_exp_window_table.resize(0);
118 // window 1 is unbeaten in [-inf, 4.24]
119 bn128_G1::fixed_base_exp_window_table.push_back(1);
120 // window 2 is unbeaten in [4.24, 10.43]
121 bn128_G1::fixed_base_exp_window_table.push_back(4);
122 // window 3 is unbeaten in [10.43, 24.88]
123 bn128_G1::fixed_base_exp_window_table.push_back(10);
124 // window 4 is unbeaten in [24.88, 62.10]
125 bn128_G1::fixed_base_exp_window_table.push_back(25);
126 // window 5 is unbeaten in [62.10, 157.80]
127 bn128_G1::fixed_base_exp_window_table.push_back(62);
128 // window 6 is unbeaten in [157.80, 362.05]
129 bn128_G1::fixed_base_exp_window_table.push_back(158);
130 // window 7 is unbeaten in [362.05, 806.67]
131 bn128_G1::fixed_base_exp_window_table.push_back(362);
132 // window 8 is unbeaten in [806.67, 2090.34]
133 bn128_G1::fixed_base_exp_window_table.push_back(807);
134 // window 9 is unbeaten in [2090.34, 4459.58]
135 bn128_G1::fixed_base_exp_window_table.push_back(2090);
136 // window 10 is unbeaten in [4459.58, 9280.12]
137 bn128_G1::fixed_base_exp_window_table.push_back(4460);
138 // window 11 is unbeaten in [9280.12, 43302.64]
139 bn128_G1::fixed_base_exp_window_table.push_back(9280);
140 // window 12 is unbeaten in [43302.64, 210998.73]
141 bn128_G1::fixed_base_exp_window_table.push_back(43303);
142 // window 13 is never the best
143 bn128_G1::fixed_base_exp_window_table.push_back(0);
144 // window 14 is never the best
145 bn128_G1::fixed_base_exp_window_table.push_back(0);
146 // window 15 is unbeaten in [210998.73, 506869.47]
147 bn128_G1::fixed_base_exp_window_table.push_back(210999);
148 // window 16 is unbeaten in [506869.47, 930023.36]
149 bn128_G1::fixed_base_exp_window_table.push_back(506869);
150 // window 17 is unbeaten in [930023.36, 8350812.20]
151 bn128_G1::fixed_base_exp_window_table.push_back(930023);
152 // window 18 is never the best
153 bn128_G1::fixed_base_exp_window_table.push_back(0);
154 // window 19 is never the best
155 bn128_G1::fixed_base_exp_window_table.push_back(0);
156 // window 20 is unbeaten in [8350812.20, 21708138.87]
157 bn128_G1::fixed_base_exp_window_table.push_back(8350812);
158 // window 21 is unbeaten in [21708138.87, 29482995.52]
159 bn128_G1::fixed_base_exp_window_table.push_back(21708139);
160 // window 22 is unbeaten in [29482995.52, inf]
161 bn128_G1::fixed_base_exp_window_table.push_back(29482996);
162
163 /* choice of group G2 */
164 bn128_G2::G2_zero.X = bn::Fp2(bn::Fp(1), bn::Fp(0));
165 bn128_G2::G2_zero.Y = bn::Fp2(bn::Fp(1), bn::Fp(0));
166 bn128_G2::G2_zero.Z = bn::Fp2(bn::Fp(0), bn::Fp(0));
167
168 bn128_G2::G2_one.X = bn::Fp2(bn::Fp("15267802884793550383558706039165621050290089775961208824303765753922461897946"),
169 bn::Fp("9034493566019742339402378670461897774509967669562610788113215988055021632533"));
170 bn128_G2::G2_one.Y = bn::Fp2(bn::Fp("644888581738283025171396578091639672120333224302184904896215738366765861164"),
171 bn::Fp("20532875081203448695448744255224543661959516361327385779878476709582931298750"));
172 bn128_G2::G2_one.Z = bn::Fp2(bn::Fp(1), bn::Fp(0));
173
174 bn128_G2::initialized = true;
175
176 bn128_G2::wnaf_window_table.resize(0);
177 bn128_G2::wnaf_window_table.push_back(7);
178 bn128_G2::wnaf_window_table.push_back(18);
179 bn128_G2::wnaf_window_table.push_back(35);
180 bn128_G2::wnaf_window_table.push_back(116);
181
182 bn128_G2::fixed_base_exp_window_table.resize(0);
183 // window 1 is unbeaten in [-inf, 4.13]
184 bn128_G2::fixed_base_exp_window_table.push_back(1);
185 // window 2 is unbeaten in [4.13, 10.72]
186 bn128_G2::fixed_base_exp_window_table.push_back(4);
187 // window 3 is unbeaten in [10.72, 25.60]
188 bn128_G2::fixed_base_exp_window_table.push_back(11);
189 // window 4 is unbeaten in [25.60, 60.99]
190 bn128_G2::fixed_base_exp_window_table.push_back(26);
191 // window 5 is unbeaten in [60.99, 153.66]
192 bn128_G2::fixed_base_exp_window_table.push_back(61);
193 // window 6 is unbeaten in [153.66, 353.13]
194 bn128_G2::fixed_base_exp_window_table.push_back(154);
195 // window 7 is unbeaten in [353.13, 771.87]
196 bn128_G2::fixed_base_exp_window_table.push_back(353);
197 // window 8 is unbeaten in [771.87, 2025.85]
198 bn128_G2::fixed_base_exp_window_table.push_back(772);
199 // window 9 is unbeaten in [2025.85, 4398.65]
200 bn128_G2::fixed_base_exp_window_table.push_back(2026);
201 // window 10 is unbeaten in [4398.65, 10493.42]
202 bn128_G2::fixed_base_exp_window_table.push_back(4399);
203 // window 11 is unbeaten in [10493.42, 37054.73]
204 bn128_G2::fixed_base_exp_window_table.push_back(10493);
205 // window 12 is unbeaten in [37054.73, 49928.78]
206 bn128_G2::fixed_base_exp_window_table.push_back(37055);
207 // window 13 is unbeaten in [49928.78, 114502.82]
208 bn128_G2::fixed_base_exp_window_table.push_back(49929);
209 // window 14 is unbeaten in [114502.82, 161445.26]
210 bn128_G2::fixed_base_exp_window_table.push_back(114503);
211 // window 15 is unbeaten in [161445.26, 470648.01]
212 bn128_G2::fixed_base_exp_window_table.push_back(161445);
213 // window 16 is unbeaten in [470648.01, 1059821.87]
214 bn128_G2::fixed_base_exp_window_table.push_back(470648);
215 // window 17 is unbeaten in [1059821.87, 5450848.25]
216 bn128_G2::fixed_base_exp_window_table.push_back(1059822);
217 // window 18 is never the best
218 bn128_G2::fixed_base_exp_window_table.push_back(0);
219 // window 19 is unbeaten in [5450848.25, 5566795.57]
220 bn128_G2::fixed_base_exp_window_table.push_back(5450848);
221 // window 20 is unbeaten in [5566795.57, 33055217.52]
222 bn128_G2::fixed_base_exp_window_table.push_back(5566796);
223 // window 21 is never the best
224 bn128_G2::fixed_base_exp_window_table.push_back(0);
225 // window 22 is unbeaten in [33055217.52, inf]
226 bn128_G2::fixed_base_exp_window_table.push_back(33055218);
227
228 bn128_GT::GT_one.elem = bn::Fp12(1);
229}
bn::Fp
mie::Fp Fp
Definition bn.h:2952
bn::Fp12
Fp12T< Fp6 > Fp12
Definition bn.h:2959
bn::Fp2
Fp2T< Fp > Fp2
Definition bn.h:2954
libff::bn128_twist_coeff_b
bn::Fp2 bn128_twist_coeff_b
Definition bn128_init.cpp:23
libff::bn128_Fq_t_minus_1_over_2
mie::Vuint bn128_Fq_t_minus_1_over_2
Definition bn128_init.cpp:21
libff::bn128_Fq2_s
size_t bn128_Fq2_s
Definition bn128_init.cpp:24
libff::bn128_coeff_b
bn::Fp bn128_coeff_b
Definition bn128_init.cpp:18
libff::bn128_Fq2_nqr_to_t
bn::Fp2 bn128_Fq2_nqr_to_t
Definition bn128_init.cpp:25
libff::bn128_Fq2_t_minus_1_over_2
mie::Vuint bn128_Fq2_t_minus_1_over_2
Definition bn128_init.cpp:26
libff::bn128_Fr
Fp_model< bn128_r_limbs, bn128_modulus_r > bn128_Fr
Definition bn128_init.hpp:36
libff::bn128_Fq_nqr_to_t
bn::Fp bn128_Fq_nqr_to_t
Definition bn128_init.cpp:20
libff::bn128_Fq
Fp_model< bn128_q_limbs, bn128_modulus_q > bn128_Fq
Definition bn128_init.hpp:37
libff::bn128_modulus_q
bigint< bn128_q_limbs > bn128_modulus_q
Definition bn128_init.cpp:16
libff::bn128_Fq_s
size_t bn128_Fq_s
Definition bn128_init.cpp:19
libff::bn128_modulus_r
bigint< bn128_r_limbs > bn128_modulus_r
Definition bn128_init.cpp:15
mie::Vuint
VuintT< local::FixedBuffer< mie::Unit, MIE_ZM_VUINT_BIT_LEN > > Vuint
Definition zm.h:1161
bn::ParamT::init
static void init(const CurveParam &cp, int mode=-1, bool useMulx=true)
Definition bn.h:206
Here is the call graph for this function:
Here is the caller graph for this function:

◆ init_edwards_params()

void libff::init_edwards_params ( )

Definition at line 37 of file edwards_init.cpp.

38{
39 typedef bigint<edwards_r_limbs> bigint_r;
40 typedef bigint<edwards_q_limbs> bigint_q;
41
42 assert(sizeof(mp_limb_t) == 8 || sizeof(mp_limb_t) == 4); // Montgomery assumes this
43
44 /* parameters for scalar field Fr */
45
46 edwards_modulus_r = bigint_r("1552511030102430251236801561344621993261920897571225601");
47 assert(edwards_Fr::modulus_is_valid());
48 if (sizeof(mp_limb_t) == 8)
49 {
50 edwards_Fr::Rsquared = bigint_r("621738487827897760168419760282818735947979812540885779");
51 edwards_Fr::Rcubed = bigint_r("899968968216802386013510389846941393831065658679774050");
52 edwards_Fr::inv = 0xdde553277fffffff;
53 }
54 if (sizeof(mp_limb_t) == 4)
55 {
56 edwards_Fr::Rsquared = bigint_r("621738487827897760168419760282818735947979812540885779");
57 edwards_Fr::Rcubed = bigint_r("899968968216802386013510389846941393831065658679774050");
58 edwards_Fr::inv = 0x7fffffff;
59 }
60 edwards_Fr::num_bits = 181;
61 edwards_Fr::euler = bigint_r("776255515051215125618400780672310996630960448785612800");
62 edwards_Fr::s = 31;
63 edwards_Fr::t = bigint_r("722944284836962004768104088187507350585386575");
64 edwards_Fr::t_minus_1_over_2 = bigint_r("361472142418481002384052044093753675292693287");
65 edwards_Fr::multiplicative_generator = edwards_Fr("19");
66 edwards_Fr::root_of_unity = edwards_Fr("695314865466598274460565335217615316274564719601897184");
67 edwards_Fr::nqr = edwards_Fr("11");
68 edwards_Fr::nqr_to_t = edwards_Fr("1326707053668679463752768729767248251415639579872144553");
69
70 /* parameters for base field Fq */
71
72 edwards_modulus_q = bigint_q("6210044120409721004947206240885978274523751269793792001");
73 assert(edwards_Fq::modulus_is_valid());
74 if (sizeof(mp_limb_t) == 8)
75 {
76 edwards_Fq::Rsquared = bigint_q("5943559676554581037560514598978484097352477055348195432");
77 edwards_Fq::Rcubed = bigint_q("1081560488703514202058739223469726982199727506489234349");
78 edwards_Fq::inv = 0x76eb690b7fffffff;
79 }
80 if (sizeof(mp_limb_t) == 4)
81 {
82 edwards_Fq::Rsquared = bigint_q("5943559676554581037560514598978484097352477055348195432");
83 edwards_Fq::Rcubed = bigint_q("1081560488703514202058739223469726982199727506489234349");
84 edwards_Fq::inv = 0x7fffffff;
85 }
86 edwards_Fq::num_bits = 183;
87 edwards_Fq::euler = bigint_q("3105022060204860502473603120442989137261875634896896000");
88 edwards_Fq::s = 31;
89 edwards_Fq::t = bigint_q("2891777139347848019072416350658041552884388375");
90 edwards_Fq::t_minus_1_over_2 = bigint_q("1445888569673924009536208175329020776442194187");
91 edwards_Fq::multiplicative_generator = edwards_Fq("61");
92 edwards_Fq::root_of_unity = edwards_Fq("4692813029219384139894873043933463717810008194158530536");
93 edwards_Fq::nqr = edwards_Fq("23");
94 edwards_Fq::nqr_to_t = edwards_Fq("2626736066325740702418554487368721595489070118548299138");
95
96 /* parameters for twist field Fq3 */
97
98 edwards_Fq3::euler = bigint<3*edwards_q_limbs>("119744082713971502962992613191067836698205043373978948903839934564152994858051284658545502971203325031831647424413111161318314144765646525057914792711854057586688000");
99 edwards_Fq3::s = 31;
100 edwards_Fq3::t = bigint<3*edwards_q_limbs>("111520367408144756185815309352304634357062208814526860512643991563611659089151103662834971185031649686239331424621037357783237607000066456438894190557165125");
101 edwards_Fq3::t_minus_1_over_2 = bigint<3*edwards_q_limbs>("55760183704072378092907654676152317178531104407263430256321995781805829544575551831417485592515824843119665712310518678891618803500033228219447095278582562");
102 edwards_Fq3::non_residue = edwards_Fq("61");
103 edwards_Fq3::nqr = edwards_Fq3(edwards_Fq("23"),edwards_Fq("0"),edwards_Fq("0"));
104 edwards_Fq3::nqr_to_t = edwards_Fq3(edwards_Fq("104810943629412208121981114244673004633270996333237516"),edwards_Fq("0"),edwards_Fq("0"));
105 edwards_Fq3::Frobenius_coeffs_c1[0] = edwards_Fq("1");
106 edwards_Fq3::Frobenius_coeffs_c1[1] = edwards_Fq("1073752683758513276629212192812154536507607213288832061");
107 edwards_Fq3::Frobenius_coeffs_c1[2] = edwards_Fq("5136291436651207728317994048073823738016144056504959939");
108 edwards_Fq3::Frobenius_coeffs_c2[0] = edwards_Fq("1");
109 edwards_Fq3::Frobenius_coeffs_c2[1] = edwards_Fq("5136291436651207728317994048073823738016144056504959939");
110 edwards_Fq3::Frobenius_coeffs_c2[2] = edwards_Fq("1073752683758513276629212192812154536507607213288832061");
111
112 /* parameters for Fq6 */
113
114 edwards_Fq6::non_residue = edwards_Fq("61");
115 edwards_Fq6::Frobenius_coeffs_c1[0] = edwards_Fq("1");
116 edwards_Fq6::Frobenius_coeffs_c1[1] = edwards_Fq("1073752683758513276629212192812154536507607213288832062");
117 edwards_Fq6::Frobenius_coeffs_c1[2] = edwards_Fq("1073752683758513276629212192812154536507607213288832061");
118 edwards_Fq6::Frobenius_coeffs_c1[3] = edwards_Fq("6210044120409721004947206240885978274523751269793792000");
119 edwards_Fq6::Frobenius_coeffs_c1[4] = edwards_Fq("5136291436651207728317994048073823738016144056504959939");
120 edwards_Fq6::Frobenius_coeffs_c1[5] = edwards_Fq("5136291436651207728317994048073823738016144056504959940");
121 edwards_Fq6::my_Fp2::non_residue = edwards_Fq3::non_residue;
122
123 /* choice of Edwards curve and its twist */
124
125 edwards_coeff_a = edwards_Fq::one();
126 edwards_coeff_d = edwards_Fq("600581931845324488256649384912508268813600056237543024");
127 edwards_twist = edwards_Fq3(edwards_Fq::zero(), edwards_Fq::one(), edwards_Fq::zero());
128 edwards_twist_coeff_a = edwards_coeff_a * edwards_twist;
129 edwards_twist_coeff_d = edwards_coeff_d * edwards_twist;
130 edwards_twist_mul_by_a_c0 = edwards_coeff_a * edwards_Fq3::non_residue;
131 edwards_twist_mul_by_a_c1 = edwards_coeff_a;
132 edwards_twist_mul_by_a_c2 = edwards_coeff_a;
133 edwards_twist_mul_by_d_c0 = edwards_coeff_d * edwards_Fq3::non_residue;
134 edwards_twist_mul_by_d_c1 = edwards_coeff_d;
135 edwards_twist_mul_by_d_c2 = edwards_coeff_d;
136 edwards_twist_mul_by_q_Y = edwards_Fq("1073752683758513276629212192812154536507607213288832062");
137 edwards_twist_mul_by_q_Z = edwards_Fq("1073752683758513276629212192812154536507607213288832062");
138
139 /* choice of group G1 */
140 edwards_G1::G1_zero = edwards_G1(edwards_Fq::zero(),
141 edwards_Fq::one());
142 edwards_G1::G1_one = edwards_G1(edwards_Fq("3713709671941291996998665608188072510389821008693530490"),
143 edwards_Fq("4869953702976555123067178261685365085639705297852816679"));
144 edwards_G1::initialized = true;
145
146 edwards_G1::wnaf_window_table.resize(0);
147 edwards_G1::wnaf_window_table.push_back(9);
148 edwards_G1::wnaf_window_table.push_back(14);
149 edwards_G1::wnaf_window_table.push_back(24);
150 edwards_G1::wnaf_window_table.push_back(117);
151
152 edwards_G1::fixed_base_exp_window_table.resize(0);
153 // window 1 is unbeaten in [-inf, 4.10]
154 edwards_G1::fixed_base_exp_window_table.push_back(1);
155 // window 2 is unbeaten in [4.10, 9.69]
156 edwards_G1::fixed_base_exp_window_table.push_back(4);
157 // window 3 is unbeaten in [9.69, 25.21]
158 edwards_G1::fixed_base_exp_window_table.push_back(10);
159 // window 4 is unbeaten in [25.21, 60.00]
160 edwards_G1::fixed_base_exp_window_table.push_back(25);
161 // window 5 is unbeaten in [60.00, 149.33]
162 edwards_G1::fixed_base_exp_window_table.push_back(60);
163 // window 6 is unbeaten in [149.33, 369.61]
164 edwards_G1::fixed_base_exp_window_table.push_back(149);
165 // window 7 is unbeaten in [369.61, 849.07]
166 edwards_G1::fixed_base_exp_window_table.push_back(370);
167 // window 8 is unbeaten in [849.07, 1764.94]
168 edwards_G1::fixed_base_exp_window_table.push_back(849);
169 // window 9 is unbeaten in [1764.94, 4429.59]
170 edwards_G1::fixed_base_exp_window_table.push_back(1765);
171 // window 10 is unbeaten in [4429.59, 13388.78]
172 edwards_G1::fixed_base_exp_window_table.push_back(4430);
173 // window 11 is unbeaten in [13388.78, 15368.00]
174 edwards_G1::fixed_base_exp_window_table.push_back(13389);
175 // window 12 is unbeaten in [15368.00, 74912.07]
176 edwards_G1::fixed_base_exp_window_table.push_back(15368);
177 // window 13 is unbeaten in [74912.07, 438107.20]
178 edwards_G1::fixed_base_exp_window_table.push_back(74912);
179 // window 14 is never the best
180 edwards_G1::fixed_base_exp_window_table.push_back(0);
181 // window 15 is unbeaten in [438107.20, 1045626.18]
182 edwards_G1::fixed_base_exp_window_table.push_back(438107);
183 // window 16 is never the best
184 edwards_G1::fixed_base_exp_window_table.push_back(0);
185 // window 17 is unbeaten in [1045626.18, 1577434.48]
186 edwards_G1::fixed_base_exp_window_table.push_back(1045626);
187 // window 18 is unbeaten in [1577434.48, 17350594.23]
188 edwards_G1::fixed_base_exp_window_table.push_back(1577434);
189 // window 19 is never the best
190 edwards_G1::fixed_base_exp_window_table.push_back(0);
191 // window 20 is never the best
192 edwards_G1::fixed_base_exp_window_table.push_back(0);
193 // window 21 is unbeaten in [17350594.23, inf]
194 edwards_G1::fixed_base_exp_window_table.push_back(17350594);
195 // window 22 is never the best
196 edwards_G1::fixed_base_exp_window_table.push_back(0);
197
198 /* choice of group G2 */
199
200 edwards_G2::G2_zero = edwards_G2(edwards_Fq3::zero(),
201 edwards_Fq3::one());
202 edwards_G2::G2_one = edwards_G2(edwards_Fq3(edwards_Fq("4531683359223370252210990718516622098304721701253228128"),
203 edwards_Fq("5339624155305731263217400504407647531329993548123477368"),
204 edwards_Fq("3964037981777308726208525982198654699800283729988686552")),
205 edwards_Fq3(edwards_Fq("364634864866983740775341816274081071386963546650700569"),
206 edwards_Fq("3264380230116139014996291397901297105159834497864380415"),
207 edwards_Fq("3504781284999684163274269077749440837914479176282903747")));
208 edwards_G2::initialized = true;
209
210 edwards_G2::wnaf_window_table.resize(0);
211 edwards_G2::wnaf_window_table.push_back(6);
212 edwards_G2::wnaf_window_table.push_back(12);
213 edwards_G2::wnaf_window_table.push_back(42);
214 edwards_G2::wnaf_window_table.push_back(97);
215
216 edwards_G2::fixed_base_exp_window_table.resize(0);
217 // window 1 is unbeaten in [-inf, 4.74]
218 edwards_G2::fixed_base_exp_window_table.push_back(1);
219 // window 2 is unbeaten in [4.74, 10.67]
220 edwards_G2::fixed_base_exp_window_table.push_back(5);
221 // window 3 is unbeaten in [10.67, 25.53]
222 edwards_G2::fixed_base_exp_window_table.push_back(11);
223 // window 4 is unbeaten in [25.53, 60.67]
224 edwards_G2::fixed_base_exp_window_table.push_back(26);
225 // window 5 is unbeaten in [60.67, 145.77]
226 edwards_G2::fixed_base_exp_window_table.push_back(61);
227 // window 6 is unbeaten in [145.77, 356.76]
228 edwards_G2::fixed_base_exp_window_table.push_back(146);
229 // window 7 is unbeaten in [356.76, 823.08]
230 edwards_G2::fixed_base_exp_window_table.push_back(357);
231 // window 8 is unbeaten in [823.08, 1589.45]
232 edwards_G2::fixed_base_exp_window_table.push_back(823);
233 // window 9 is unbeaten in [1589.45, 4135.70]
234 edwards_G2::fixed_base_exp_window_table.push_back(1589);
235 // window 10 is unbeaten in [4135.70, 14297.74]
236 edwards_G2::fixed_base_exp_window_table.push_back(4136);
237 // window 11 is unbeaten in [14297.74, 16744.85]
238 edwards_G2::fixed_base_exp_window_table.push_back(14298);
239 // window 12 is unbeaten in [16744.85, 51768.98]
240 edwards_G2::fixed_base_exp_window_table.push_back(16745);
241 // window 13 is unbeaten in [51768.98, 99811.01]
242 edwards_G2::fixed_base_exp_window_table.push_back(51769);
243 // window 14 is unbeaten in [99811.01, 193306.72]
244 edwards_G2::fixed_base_exp_window_table.push_back(99811);
245 // window 15 is unbeaten in [193306.72, 907184.68]
246 edwards_G2::fixed_base_exp_window_table.push_back(193307);
247 // window 16 is never the best
248 edwards_G2::fixed_base_exp_window_table.push_back(0);
249 // window 17 is unbeaten in [907184.68, 1389682.59]
250 edwards_G2::fixed_base_exp_window_table.push_back(907185);
251 // window 18 is unbeaten in [1389682.59, 6752695.74]
252 edwards_G2::fixed_base_exp_window_table.push_back(1389683);
253 // window 19 is never the best
254 edwards_G2::fixed_base_exp_window_table.push_back(0);
255 // window 20 is unbeaten in [6752695.74, 193642894.51]
256 edwards_G2::fixed_base_exp_window_table.push_back(6752696);
257 // window 21 is unbeaten in [193642894.51, 226760202.29]
258 edwards_G2::fixed_base_exp_window_table.push_back(193642895);
259 // window 22 is unbeaten in [226760202.29, inf]
260 edwards_G2::fixed_base_exp_window_table.push_back(226760202);
261
262 /* pairing parameters */
263
264 edwards_ate_loop_count = bigint_q("4492509698523932320491110403");
265 edwards_final_exponent = bigint<6*edwards_q_limbs>("36943107177961694649618797346446870138748651578611748415128207429491593976636391130175425245705674550269561361208979548749447898941828686017765730419416875539615941651269793928962468899856083169227457503942470721108165443528513330156264699608120624990672333642644221591552000");
266 edwards_final_exponent_last_chunk_abs_of_w0 = bigint_q("17970038794095729281964441603");
267 edwards_final_exponent_last_chunk_is_w0_neg = true;
268 edwards_final_exponent_last_chunk_w1 = bigint_q("4");
269
270}
libff::edwards_twist
edwards_Fq3 edwards_twist
Definition edwards_init.cpp:19
libff::edwards_coeff_a
edwards_Fq edwards_coeff_a
Definition edwards_init.cpp:17
libff::edwards_Fq3
Fp3_model< edwards_q_limbs, edwards_modulus_q > edwards_Fq3
Definition edwards_init.hpp:28
libff::edwards_final_exponent
bigint< 6 *edwards_q_limbs > edwards_final_exponent
Definition edwards_init.cpp:32
libff::edwards_Fq
Fp_model< edwards_q_limbs, edwards_modulus_q > edwards_Fq
Definition edwards_init.hpp:27
libff::edwards_twist_mul_by_q_Y
edwards_Fq edwards_twist_mul_by_q_Y
Definition edwards_init.cpp:28
libff::edwards_twist_mul_by_d_c1
edwards_Fq edwards_twist_mul_by_d_c1
Definition edwards_init.cpp:26
libff::edwards_twist_mul_by_q_Z
edwards_Fq edwards_twist_mul_by_q_Z
Definition edwards_init.cpp:29
libff::edwards_final_exponent_last_chunk_abs_of_w0
bigint< edwards_q_limbs > edwards_final_exponent_last_chunk_abs_of_w0
Definition edwards_init.cpp:33
libff::edwards_modulus_q
bigint< edwards_q_limbs > edwards_modulus_q
Definition edwards_init.cpp:15
libff::edwards_twist_mul_by_a_c0
edwards_Fq edwards_twist_mul_by_a_c0
Definition edwards_init.cpp:22
libff::edwards_twist_mul_by_a_c1
edwards_Fq edwards_twist_mul_by_a_c1
Definition edwards_init.cpp:23
libff::edwards_coeff_d
edwards_Fq edwards_coeff_d
Definition edwards_init.cpp:18
libff::edwards_twist_coeff_a
edwards_Fq3 edwards_twist_coeff_a
Definition edwards_init.cpp:20
libff::edwards_final_exponent_last_chunk_w1
bigint< edwards_q_limbs > edwards_final_exponent_last_chunk_w1
Definition edwards_init.cpp:35
libff::edwards_final_exponent_last_chunk_is_w0_neg
bool edwards_final_exponent_last_chunk_is_w0_neg
Definition edwards_init.cpp:34
libff::edwards_twist_mul_by_d_c2
edwards_Fq edwards_twist_mul_by_d_c2
Definition edwards_init.cpp:27
libff::edwards_Fr
Fp_model< edwards_r_limbs, edwards_modulus_r > edwards_Fr
Definition edwards_init.hpp:26
libff::edwards_twist_mul_by_a_c2
edwards_Fq edwards_twist_mul_by_a_c2
Definition edwards_init.cpp:24
libff::edwards_twist_coeff_d
edwards_Fq3 edwards_twist_coeff_d
Definition edwards_init.cpp:21
libff::edwards_twist_mul_by_d_c0
edwards_Fq edwards_twist_mul_by_d_c0
Definition edwards_init.cpp:25
Here is the call graph for this function:
Here is the caller graph for this function:

◆ init_mnt4_params()

void libff::init_mnt4_params ( )

Definition at line 40 of file mnt4_init.cpp.

41{
42 typedef bigint<mnt4_r_limbs> bigint_r;
43 typedef bigint<mnt4_q_limbs> bigint_q;
44
45 assert(sizeof(mp_limb_t) == 8 || sizeof(mp_limb_t) == 4); // Montgomery assumes this
46
47 /* parameters for scalar field Fr */
48 mnt4_modulus_r = bigint_r("475922286169261325753349249653048451545124878552823515553267735739164647307408490559963137");
49 assert(mnt4_Fr::modulus_is_valid());
50 if (sizeof(mp_limb_t) == 8)
51 {
52 mnt4_Fr::Rsquared = bigint_r("163983144722506446826715124368972380525894397127205577781234305496325861831001705438796139");
53 mnt4_Fr::Rcubed = bigint_r("207236281459091063710247635236340312578688659363066707916716212805695955118593239854980171");
54 mnt4_Fr::inv = 0xbb4334a3ffffffff;
55 }
56 if (sizeof(mp_limb_t) == 4)
57 {
58 mnt4_Fr::Rsquared = bigint_r("163983144722506446826715124368972380525894397127205577781234305496325861831001705438796139");
59 mnt4_Fr::Rcubed = bigint_r("207236281459091063710247635236340312578688659363066707916716212805695955118593239854980171");
60 mnt4_Fr::inv = 0xffffffff;
61 }
62 mnt4_Fr::num_bits = 298;
63 mnt4_Fr::euler = bigint_r("237961143084630662876674624826524225772562439276411757776633867869582323653704245279981568");
64 mnt4_Fr::s = 34;
65 mnt4_Fr::t = bigint_r("27702323054502562488973446286577291993024111641153199339359284829066871159442729");
66 mnt4_Fr::t_minus_1_over_2 = bigint_r("13851161527251281244486723143288645996512055820576599669679642414533435579721364");
67 mnt4_Fr::multiplicative_generator = mnt4_Fr("10");
68 mnt4_Fr::root_of_unity = mnt4_Fr("120638817826913173458768829485690099845377008030891618010109772937363554409782252579816313");
69 mnt4_Fr::nqr = mnt4_Fr("5");
70 mnt4_Fr::nqr_to_t = mnt4_Fr("406220604243090401056429458730298145937262552508985450684842547562990900634752279902740880");
71
72 /* parameters for base field Fq */
73 mnt4_modulus_q = bigint_q("475922286169261325753349249653048451545124879242694725395555128576210262817955800483758081");
74 assert(mnt4_Fq::modulus_is_valid());
75 if (sizeof(mp_limb_t) == 8)
76 {
77 mnt4_Fq::Rsquared = bigint_q("273000478523237720910981655601160860640083126627235719712980612296263966512828033847775776");
78 mnt4_Fq::Rcubed = bigint_q("427298980065529822574935274648041073124704261331681436071990730954930769758106792920349077");
79 mnt4_Fq::inv = 0xb071a1b67165ffff;
80 }
81 if (sizeof(mp_limb_t) == 4)
82 {
83 mnt4_Fq::Rsquared = bigint_q("273000478523237720910981655601160860640083126627235719712980612296263966512828033847775776");
84 mnt4_Fq::Rcubed = bigint_q("427298980065529822574935274648041073124704261331681436071990730954930769758106792920349077");
85 mnt4_Fq::inv = 0x7165ffff;
86 }
87 mnt4_Fq::num_bits = 298;
88 mnt4_Fq::euler = bigint_q("237961143084630662876674624826524225772562439621347362697777564288105131408977900241879040");
89 mnt4_Fq::s = 17;
90 mnt4_Fq::t = bigint_q("3630998887399759870554727551674258816109656366292531779446068791017229177993437198515");
91 mnt4_Fq::t_minus_1_over_2 = bigint_q("1815499443699879935277363775837129408054828183146265889723034395508614588996718599257");
92 mnt4_Fq::multiplicative_generator = mnt4_Fq("17");
93 mnt4_Fq::root_of_unity = mnt4_Fq("264706250571800080758069302369654305530125675521263976034054878017580902343339784464690243");
94 mnt4_Fq::nqr = mnt4_Fq("17");
95 mnt4_Fq::nqr_to_t = mnt4_Fq("264706250571800080758069302369654305530125675521263976034054878017580902343339784464690243");
96
97 /* parameters for twist field Fq2 */
98 mnt4_Fq2::euler = bigint<2*mnt4_q_limbs>("113251011236288135098249345249154230895914381858788918106847214243419142422924133497460817468249854833067260038985710370091920860837014281886963086681184370139950267830740466401280");
99 mnt4_Fq2::s = 18;
100 mnt4_Fq2::t = bigint<2*mnt4_q_limbs>("864036645784668999467844736092790457885088972921668381552484239528039111503022258739172496553419912972009735404859240494475714575477709059806542104196047745818712370534824115");
101 mnt4_Fq2::t_minus_1_over_2 = bigint<2*mnt4_q_limbs>("432018322892334499733922368046395228942544486460834190776242119764019555751511129369586248276709956486004867702429620247237857287738854529903271052098023872909356185267412057");
102 mnt4_Fq2::non_residue = mnt4_Fq("17");
103 mnt4_Fq2::nqr = mnt4_Fq2(mnt4_Fq("8"),mnt4_Fq("1"));
104 mnt4_Fq2::nqr_to_t = mnt4_Fq2(mnt4_Fq("0"),mnt4_Fq("29402818985595053196743631544512156561638230562612542604956687802791427330205135130967658"));
105 mnt4_Fq2::Frobenius_coeffs_c1[0] = mnt4_Fq("1");
106 mnt4_Fq2::Frobenius_coeffs_c1[1] = mnt4_Fq("475922286169261325753349249653048451545124879242694725395555128576210262817955800483758080");
107
108 /* parameters for Fq4 */
109 mnt4_Fq4::non_residue = mnt4_Fq("17");
110 mnt4_Fq4::Frobenius_coeffs_c1[0] = mnt4_Fq("1");
111 mnt4_Fq4::Frobenius_coeffs_c1[1] = mnt4_Fq("7684163245453501615621351552473337069301082060976805004625011694147890954040864167002308");
112 mnt4_Fq4::Frobenius_coeffs_c1[2] = mnt4_Fq("475922286169261325753349249653048451545124879242694725395555128576210262817955800483758080");
113 mnt4_Fq4::Frobenius_coeffs_c1[3] = mnt4_Fq("468238122923807824137727898100575114475823797181717920390930116882062371863914936316755773");
114
115 /* choice of short Weierstrass curve and its twist */
116 mnt4_G1::coeff_a = mnt4_Fq("2");
117 mnt4_G1::coeff_b = mnt4_Fq("423894536526684178289416011533888240029318103673896002803341544124054745019340795360841685");
118 mnt4_twist = mnt4_Fq2(mnt4_Fq::zero(), mnt4_Fq::one());
119 mnt4_twist_coeff_a = mnt4_Fq2(mnt4_G1::coeff_a * mnt4_Fq2::non_residue, mnt4_Fq::zero());
120 mnt4_twist_coeff_b = mnt4_Fq2(mnt4_Fq::zero(), mnt4_G1::coeff_b * mnt4_Fq2::non_residue);
121 mnt4_G2::twist = mnt4_twist;
122 mnt4_G2::coeff_a = mnt4_twist_coeff_a;
123 mnt4_G2::coeff_b = mnt4_twist_coeff_b;
124 mnt4_twist_mul_by_a_c0 = mnt4_G1::coeff_a * mnt4_Fq2::non_residue;
125 mnt4_twist_mul_by_a_c1 = mnt4_G1::coeff_a * mnt4_Fq2::non_residue;
126 mnt4_twist_mul_by_b_c0 = mnt4_G1::coeff_b * mnt4_Fq2::non_residue.squared();
127 mnt4_twist_mul_by_b_c1 = mnt4_G1::coeff_b * mnt4_Fq2::non_residue;
128 mnt4_twist_mul_by_q_X = mnt4_Fq("475922286169261325753349249653048451545124879242694725395555128576210262817955800483758080");
129 mnt4_twist_mul_by_q_Y = mnt4_Fq("7684163245453501615621351552473337069301082060976805004625011694147890954040864167002308");
130
131 /* choice of group G1 */
132 mnt4_G1::G1_zero = mnt4_G1(mnt4_Fq::zero(),
133 mnt4_Fq::one(),
134 mnt4_Fq::zero());
135
136
137 mnt4_G1::G1_one = mnt4_G1(mnt4_Fq("60760244141852568949126569781626075788424196370144486719385562369396875346601926534016838"),
138 mnt4_Fq("363732850702582978263902770815145784459747722357071843971107674179038674942891694705904306"),
139 mnt4_Fq::one());
140 mnt4_G1::initialized = true;
141
142 mnt4_G1::wnaf_window_table.resize(0);
143 mnt4_G1::wnaf_window_table.push_back(11);
144 mnt4_G1::wnaf_window_table.push_back(24);
145 mnt4_G1::wnaf_window_table.push_back(60);
146 mnt4_G1::wnaf_window_table.push_back(127);
147
148 mnt4_G1::fixed_base_exp_window_table.resize(0);
149 // window 1 is unbeaten in [-inf, 5.09]
150 mnt4_G1::fixed_base_exp_window_table.push_back(1);
151 // window 2 is unbeaten in [5.09, 9.64]
152 mnt4_G1::fixed_base_exp_window_table.push_back(5);
153 // window 3 is unbeaten in [9.64, 24.79]
154 mnt4_G1::fixed_base_exp_window_table.push_back(10);
155 // window 4 is unbeaten in [24.79, 60.29]
156 mnt4_G1::fixed_base_exp_window_table.push_back(25);
157 // window 5 is unbeaten in [60.29, 144.37]
158 mnt4_G1::fixed_base_exp_window_table.push_back(60);
159 // window 6 is unbeaten in [144.37, 344.90]
160 mnt4_G1::fixed_base_exp_window_table.push_back(144);
161 // window 7 is unbeaten in [344.90, 855.00]
162 mnt4_G1::fixed_base_exp_window_table.push_back(345);
163 // window 8 is unbeaten in [855.00, 1804.62]
164 mnt4_G1::fixed_base_exp_window_table.push_back(855);
165 // window 9 is unbeaten in [1804.62, 3912.30]
166 mnt4_G1::fixed_base_exp_window_table.push_back(1805);
167 // window 10 is unbeaten in [3912.30, 11264.50]
168 mnt4_G1::fixed_base_exp_window_table.push_back(3912);
169 // window 11 is unbeaten in [11264.50, 27897.51]
170 mnt4_G1::fixed_base_exp_window_table.push_back(11265);
171 // window 12 is unbeaten in [27897.51, 57596.79]
172 mnt4_G1::fixed_base_exp_window_table.push_back(27898);
173 // window 13 is unbeaten in [57596.79, 145298.71]
174 mnt4_G1::fixed_base_exp_window_table.push_back(57597);
175 // window 14 is unbeaten in [145298.71, 157204.59]
176 mnt4_G1::fixed_base_exp_window_table.push_back(145299);
177 // window 15 is unbeaten in [157204.59, 601600.62]
178 mnt4_G1::fixed_base_exp_window_table.push_back(157205);
179 // window 16 is unbeaten in [601600.62, 1107377.25]
180 mnt4_G1::fixed_base_exp_window_table.push_back(601601);
181 // window 17 is unbeaten in [1107377.25, 1789646.95]
182 mnt4_G1::fixed_base_exp_window_table.push_back(1107377);
183 // window 18 is unbeaten in [1789646.95, 4392626.92]
184 mnt4_G1::fixed_base_exp_window_table.push_back(1789647);
185 // window 19 is unbeaten in [4392626.92, 8221210.60]
186 mnt4_G1::fixed_base_exp_window_table.push_back(4392627);
187 // window 20 is unbeaten in [8221210.60, 42363731.19]
188 mnt4_G1::fixed_base_exp_window_table.push_back(8221211);
189 // window 21 is never the best
190 mnt4_G1::fixed_base_exp_window_table.push_back(0);
191 // window 22 is unbeaten in [42363731.19, inf]
192 mnt4_G1::fixed_base_exp_window_table.push_back(42363731);
193
194 /* choice of group G2 */
195 mnt4_G2::G2_zero = mnt4_G2(mnt4_Fq2::zero(),
196 mnt4_Fq2::one(),
197 mnt4_Fq2::zero());
198
199 mnt4_G2::G2_one = mnt4_G2(mnt4_Fq2(mnt4_Fq("438374926219350099854919100077809681842783509163790991847867546339851681564223481322252708"),
200 mnt4_Fq("37620953615500480110935514360923278605464476459712393277679280819942849043649216370485641")),
201 mnt4_Fq2(mnt4_Fq("37437409008528968268352521034936931842973546441370663118543015118291998305624025037512482"),
202 mnt4_Fq("424621479598893882672393190337420680597584695892317197646113820787463109735345923009077489")),
203 mnt4_Fq2::one());
204 mnt4_G2::initialized = true;
205
206 mnt4_G2::wnaf_window_table.resize(0);
207 mnt4_G2::wnaf_window_table.push_back(5);
208 mnt4_G2::wnaf_window_table.push_back(15);
209 mnt4_G2::wnaf_window_table.push_back(39);
210 mnt4_G2::wnaf_window_table.push_back(109);
211
212 mnt4_G2::fixed_base_exp_window_table.resize(0);
213 // window 1 is unbeaten in [-inf, 4.17]
214 mnt4_G2::fixed_base_exp_window_table.push_back(1);
215 // window 2 is unbeaten in [4.17, 10.12]
216 mnt4_G2::fixed_base_exp_window_table.push_back(4);
217 // window 3 is unbeaten in [10.12, 24.65]
218 mnt4_G2::fixed_base_exp_window_table.push_back(10);
219 // window 4 is unbeaten in [24.65, 60.03]
220 mnt4_G2::fixed_base_exp_window_table.push_back(25);
221 // window 5 is unbeaten in [60.03, 143.16]
222 mnt4_G2::fixed_base_exp_window_table.push_back(60);
223 // window 6 is unbeaten in [143.16, 344.73]
224 mnt4_G2::fixed_base_exp_window_table.push_back(143);
225 // window 7 is unbeaten in [344.73, 821.24]
226 mnt4_G2::fixed_base_exp_window_table.push_back(345);
227 // window 8 is unbeaten in [821.24, 1793.92]
228 mnt4_G2::fixed_base_exp_window_table.push_back(821);
229 // window 9 is unbeaten in [1793.92, 3919.59]
230 mnt4_G2::fixed_base_exp_window_table.push_back(1794);
231 // window 10 is unbeaten in [3919.59, 11301.46]
232 mnt4_G2::fixed_base_exp_window_table.push_back(3920);
233 // window 11 is unbeaten in [11301.46, 18960.09]
234 mnt4_G2::fixed_base_exp_window_table.push_back(11301);
235 // window 12 is unbeaten in [18960.09, 44198.62]
236 mnt4_G2::fixed_base_exp_window_table.push_back(18960);
237 // window 13 is unbeaten in [44198.62, 150799.57]
238 mnt4_G2::fixed_base_exp_window_table.push_back(44199);
239 // window 14 is never the best
240 mnt4_G2::fixed_base_exp_window_table.push_back(0);
241 // window 15 is unbeaten in [150799.57, 548694.81]
242 mnt4_G2::fixed_base_exp_window_table.push_back(150800);
243 // window 16 is unbeaten in [548694.81, 1051769.08]
244 mnt4_G2::fixed_base_exp_window_table.push_back(548695);
245 // window 17 is unbeaten in [1051769.08, 2023925.59]
246 mnt4_G2::fixed_base_exp_window_table.push_back(1051769);
247 // window 18 is unbeaten in [2023925.59, 3787108.68]
248 mnt4_G2::fixed_base_exp_window_table.push_back(2023926);
249 // window 19 is unbeaten in [3787108.68, 7107480.30]
250 mnt4_G2::fixed_base_exp_window_table.push_back(3787109);
251 // window 20 is unbeaten in [7107480.30, 38760027.14]
252 mnt4_G2::fixed_base_exp_window_table.push_back(7107480);
253 // window 21 is never the best
254 mnt4_G2::fixed_base_exp_window_table.push_back(0);
255 // window 22 is unbeaten in [38760027.14, inf]
256 mnt4_G2::fixed_base_exp_window_table.push_back(38760027);
257
258 /* pairing parameters */
259 mnt4_ate_loop_count = bigint_q("689871209842287392837045615510547309923794944");
260 mnt4_ate_is_loop_count_neg = false;
261 mnt4_final_exponent = bigint<4*mnt4_q_limbs>("107797360357109903430794490309592072278927783803031854357910908121903439838772861497177116410825586743089760869945394610511917274977971559062689561855016270594656570874331111995170645233717143416875749097203441437192367065467706065411650403684877366879441766585988546560");
262 mnt4_final_exponent_last_chunk_abs_of_w0 = bigint_q("689871209842287392837045615510547309923794945");
263 mnt4_final_exponent_last_chunk_is_w0_neg = false;
264 mnt4_final_exponent_last_chunk_w1 = bigint_q("1");
265}
mnt4_modulus_q
#define mnt4_modulus_q
Definition mnt4_init.hpp:24
mnt4_modulus_r
#define mnt4_modulus_r
Definition mnt4_init.hpp:23
libff::mnt4_final_exponent_last_chunk_is_w0_neg
bool mnt4_final_exponent_last_chunk_is_w0_neg
Definition mnt4_init.cpp:37
libff::mnt4_Fq
Fp_model< mnt4_q_limbs, mnt4_modulus_q > mnt4_Fq
Definition mnt4_init.hpp:36
libff::mnt4_final_exponent
bigint< 4 *mnt4_q_limbs > mnt4_final_exponent
Definition mnt4_init.cpp:35
libff::mnt4_twist_mul_by_b_c1
mnt4_Fq mnt4_twist_mul_by_b_c1
Definition mnt4_init.cpp:29
libff::mnt4_ate_is_loop_count_neg
bool mnt4_ate_is_loop_count_neg
Definition mnt4_init.cpp:34
libff::mnt4_final_exponent_last_chunk_abs_of_w0
bigint< mnt4_q_limbs > mnt4_final_exponent_last_chunk_abs_of_w0
Definition mnt4_init.cpp:36
libff::mnt4_twist
mnt4_Fq2 mnt4_twist
Definition mnt4_init.cpp:23
libff::mnt4_final_exponent_last_chunk_w1
bigint< mnt4_q_limbs > mnt4_final_exponent_last_chunk_w1
Definition mnt4_init.cpp:38
libff::mnt4_ate_loop_count
bigint< mnt4_q_limbs > mnt4_ate_loop_count
Definition mnt4_init.cpp:33
libff::mnt4_twist_mul_by_a_c0
mnt4_Fq mnt4_twist_mul_by_a_c0
Definition mnt4_init.cpp:26
libff::mnt4_twist_coeff_b
mnt4_Fq2 mnt4_twist_coeff_b
Definition mnt4_init.cpp:25
libff::mnt4_twist_mul_by_q_X
mnt4_Fq mnt4_twist_mul_by_q_X
Definition mnt4_init.cpp:30
libff::mnt4_Fr
Fp_model< mnt4_r_limbs, mnt4_modulus_r > mnt4_Fr
Definition mnt4_init.hpp:35
libff::mnt4_twist_mul_by_a_c1
mnt4_Fq mnt4_twist_mul_by_a_c1
Definition mnt4_init.cpp:27
libff::mnt4_twist_coeff_a
mnt4_Fq2 mnt4_twist_coeff_a
Definition mnt4_init.cpp:24
libff::mnt4_Fq2
Fp2_model< mnt4_q_limbs, mnt4_modulus_q > mnt4_Fq2
Definition mnt4_init.hpp:37
libff::mnt4_twist_mul_by_b_c0
mnt4_Fq mnt4_twist_mul_by_b_c0
Definition mnt4_init.cpp:28
libff::mnt4_twist_mul_by_q_Y
mnt4_Fq mnt4_twist_mul_by_q_Y
Definition mnt4_init.cpp:31
Here is the call graph for this function:
Here is the caller graph for this function:

◆ init_mnt6_params()

void libff::init_mnt6_params ( )

Definition at line 42 of file mnt6_init.cpp.

43{
44 typedef bigint<mnt6_r_limbs> bigint_r;
45 typedef bigint<mnt6_q_limbs> bigint_q;
46
47 assert(sizeof(mp_limb_t) == 8 || sizeof(mp_limb_t) == 4); // Montgomery assumes this
48
49 /* parameters for scalar field Fr */
50 mnt6_modulus_r = bigint_r("475922286169261325753349249653048451545124879242694725395555128576210262817955800483758081");
51 assert(mnt6_Fr::modulus_is_valid());
52 if (sizeof(mp_limb_t) == 8)
53 {
54 mnt6_Fr::Rsquared = bigint_r("273000478523237720910981655601160860640083126627235719712980612296263966512828033847775776");
55 mnt6_Fr::Rcubed = bigint_r("427298980065529822574935274648041073124704261331681436071990730954930769758106792920349077");
56 mnt6_Fr::inv = 0xb071a1b67165ffff;
57 }
58 if (sizeof(mp_limb_t) == 4)
59 {
60 mnt6_Fr::Rsquared = bigint_r("273000478523237720910981655601160860640083126627235719712980612296263966512828033847775776");
61 mnt6_Fr::Rcubed = bigint_r("427298980065529822574935274648041073124704261331681436071990730954930769758106792920349077");
62 mnt6_Fr::inv = 0x7165ffff;
63 }
64 mnt6_Fr::num_bits = 298;
65 mnt6_Fr::euler = bigint_r("237961143084630662876674624826524225772562439621347362697777564288105131408977900241879040");
66 mnt6_Fr::s = 17;
67 mnt6_Fr::t = bigint_r("3630998887399759870554727551674258816109656366292531779446068791017229177993437198515");
68 mnt6_Fr::t_minus_1_over_2 = bigint_r("1815499443699879935277363775837129408054828183146265889723034395508614588996718599257");
69 mnt6_Fr::multiplicative_generator = mnt6_Fr("17");
70 mnt6_Fr::root_of_unity = mnt6_Fr("264706250571800080758069302369654305530125675521263976034054878017580902343339784464690243");
71 mnt6_Fr::nqr = mnt6_Fr("17");
72 mnt6_Fr::nqr_to_t = mnt6_Fr("264706250571800080758069302369654305530125675521263976034054878017580902343339784464690243");
73
74 /* parameters for base field Fq */
75 mnt6_modulus_q = bigint_q("475922286169261325753349249653048451545124878552823515553267735739164647307408490559963137");
76 assert(mnt6_Fq::modulus_is_valid());
77 if (sizeof(mp_limb_t) == 8)
78 {
79 mnt6_Fq::Rsquared = bigint_q("163983144722506446826715124368972380525894397127205577781234305496325861831001705438796139");
80 mnt6_Fq::Rcubed = bigint_q("207236281459091063710247635236340312578688659363066707916716212805695955118593239854980171");
81 mnt6_Fq::inv = 0xbb4334a3ffffffff;
82 }
83 if (sizeof(mp_limb_t) == 4)
84 {
85 mnt6_Fq::Rsquared = bigint_q("163983144722506446826715124368972380525894397127205577781234305496325861831001705438796139");
86 mnt6_Fq::Rcubed = bigint_q("207236281459091063710247635236340312578688659363066707916716212805695955118593239854980171");
87 mnt6_Fq::inv = 0xffffffff;
88 }
89 mnt6_Fq::num_bits = 298;
90 mnt6_Fq::euler = bigint_q("237961143084630662876674624826524225772562439276411757776633867869582323653704245279981568");
91 mnt6_Fq::s = 34;
92 mnt6_Fq::t = bigint_q("27702323054502562488973446286577291993024111641153199339359284829066871159442729");
93 mnt6_Fq::t_minus_1_over_2 = bigint_q("13851161527251281244486723143288645996512055820576599669679642414533435579721364");
94 mnt6_Fq::multiplicative_generator = mnt6_Fq("10");
95 mnt6_Fq::root_of_unity = mnt6_Fq("120638817826913173458768829485690099845377008030891618010109772937363554409782252579816313");
96 mnt6_Fq::nqr = mnt6_Fq("5");
97 mnt6_Fq::nqr_to_t = mnt6_Fq("406220604243090401056429458730298145937262552508985450684842547562990900634752279902740880");
98
99 /* parameters for twist field Fq3 */
100 mnt6_Fq3::euler = bigint<3*mnt6_q_limbs>("53898680178554951715397245154796036139463891589001478629193136369124915637741423690184935056189295242736833704290747216410090671804540908400210778934462129625646263095398323485795557551284190224166851571615834194321908328559167529729507439069424158411618728014749106176");
101 mnt6_Fq3::s = 34;
102 mnt6_Fq3::t = bigint<3*mnt6_q_limbs>("6274632199033507112809136178669989590936327770934612330653836993631547740397674926811006741620285348354004521888069251599964996777072188956687550402067383940523288107407084140669968625447269322370045302856694231080113482726640944570478452261237446033817102203");
103 mnt6_Fq3::t_minus_1_over_2 = bigint<3*mnt6_q_limbs>("3137316099516753556404568089334994795468163885467306165326918496815773870198837463405503370810142674177002260944034625799982498388536094478343775201033691970261644053703542070334984312723634661185022651428347115540056741363320472285239226130618723016908551101");
104 mnt6_Fq3::non_residue = mnt6_Fq("5");
105 mnt6_Fq3::nqr = mnt6_Fq3(mnt6_Fq("5"),mnt6_Fq("0"),mnt6_Fq("0"));
106 mnt6_Fq3::nqr_to_t = mnt6_Fq3(mnt6_Fq("154361449678783505076984156275977937654331103361174469632346230549735979552469642799720052"),mnt6_Fq("0"),mnt6_Fq("0"));
107 mnt6_Fq3::Frobenius_coeffs_c1[0] = mnt6_Fq("1");
108 mnt6_Fq3::Frobenius_coeffs_c1[1] = mnt6_Fq("471738898967521029133040851318449165997304108729558973770077319830005517129946578866686956");
109 mnt6_Fq3::Frobenius_coeffs_c1[2] = mnt6_Fq("4183387201740296620308398334599285547820769823264541783190415909159130177461911693276180");
110 mnt6_Fq3::Frobenius_coeffs_c2[0] = mnt6_Fq("1");
111 mnt6_Fq3::Frobenius_coeffs_c2[1] = mnt6_Fq("4183387201740296620308398334599285547820769823264541783190415909159130177461911693276180");
112 mnt6_Fq3::Frobenius_coeffs_c2[2] = mnt6_Fq("471738898967521029133040851318449165997304108729558973770077319830005517129946578866686956");
113
114 /* parameters for Fq6 */
115 mnt6_Fq6::non_residue = mnt6_Fq("5");
116 mnt6_Fq6::Frobenius_coeffs_c1[0] = mnt6_Fq("1");
117 mnt6_Fq6::Frobenius_coeffs_c1[1] = mnt6_Fq("471738898967521029133040851318449165997304108729558973770077319830005517129946578866686957");
118 mnt6_Fq6::Frobenius_coeffs_c1[2] = mnt6_Fq("471738898967521029133040851318449165997304108729558973770077319830005517129946578866686956");
119 mnt6_Fq6::Frobenius_coeffs_c1[3] = mnt6_Fq("475922286169261325753349249653048451545124878552823515553267735739164647307408490559963136");
120 mnt6_Fq6::Frobenius_coeffs_c1[4] = mnt6_Fq("4183387201740296620308398334599285547820769823264541783190415909159130177461911693276180");
121 mnt6_Fq6::Frobenius_coeffs_c1[5] = mnt6_Fq("4183387201740296620308398334599285547820769823264541783190415909159130177461911693276181");
122 mnt6_Fq6::my_Fp2::non_residue = mnt6_Fq3::non_residue;
123
124 /* choice of short Weierstrass curve and its twist */
125 mnt6_G1::coeff_a = mnt6_Fq("11");
126 mnt6_G1::coeff_b = mnt6_Fq("106700080510851735677967319632585352256454251201367587890185989362936000262606668469523074");
127 mnt6_twist = mnt6_Fq3(mnt6_Fq::zero(), mnt6_Fq::one(), mnt6_Fq::zero());
128 mnt6_twist_coeff_a = mnt6_Fq3(mnt6_Fq::zero(), mnt6_Fq::zero(),
129 mnt6_G1::coeff_a);
130 mnt6_twist_coeff_b = mnt6_Fq3(mnt6_G1::coeff_b * mnt6_Fq3::non_residue,
131 mnt6_Fq::zero(), mnt6_Fq::zero());
132 mnt6_G2::twist = mnt6_twist;
133 mnt6_G2::coeff_a = mnt6_twist_coeff_a;
134 mnt6_G2::coeff_b = mnt6_twist_coeff_b;
135 mnt6_twist_mul_by_a_c0 = mnt6_G1::coeff_a * mnt6_Fq3::non_residue;
136 mnt6_twist_mul_by_a_c1 = mnt6_G1::coeff_a * mnt6_Fq3::non_residue;
137 mnt6_twist_mul_by_a_c2 = mnt6_G1::coeff_a;
138 mnt6_twist_mul_by_b_c0 = mnt6_G1::coeff_b * mnt6_Fq3::non_residue;
139 mnt6_twist_mul_by_b_c1 = mnt6_G1::coeff_b * mnt6_Fq3::non_residue;
140 mnt6_twist_mul_by_b_c2 = mnt6_G1::coeff_b * mnt6_Fq3::non_residue;
141 mnt6_twist_mul_by_q_X = mnt6_Fq("4183387201740296620308398334599285547820769823264541783190415909159130177461911693276180");
142 mnt6_twist_mul_by_q_Y = mnt6_Fq("475922286169261325753349249653048451545124878552823515553267735739164647307408490559963136");
143
144 /* choice of group G1 */
145 mnt6_G1::G1_zero = mnt6_G1(mnt6_Fq::zero(),
146 mnt6_Fq::one(),
147 mnt6_Fq::zero());
148 mnt6_G1::G1_one = mnt6_G1(mnt6_Fq("336685752883082228109289846353937104185698209371404178342968838739115829740084426881123453"),
149 mnt6_Fq("402596290139780989709332707716568920777622032073762749862342374583908837063963736098549800"),
150 mnt6_Fq::one());
151 mnt6_G1::initialized = true;
152
153 mnt6_G1::wnaf_window_table.resize(0);
154 mnt6_G1::wnaf_window_table.push_back(11);
155 mnt6_G1::wnaf_window_table.push_back(24);
156 mnt6_G1::wnaf_window_table.push_back(60);
157 mnt6_G1::wnaf_window_table.push_back(127);
158
159 mnt6_G1::fixed_base_exp_window_table.resize(0);
160 // window 1 is unbeaten in [-inf, 3.96]
161 mnt6_G1::fixed_base_exp_window_table.push_back(1);
162 // window 2 is unbeaten in [3.96, 9.67]
163 mnt6_G1::fixed_base_exp_window_table.push_back(4);
164 // window 3 is unbeaten in [9.67, 25.13]
165 mnt6_G1::fixed_base_exp_window_table.push_back(10);
166 // window 4 is unbeaten in [25.13, 60.31]
167 mnt6_G1::fixed_base_exp_window_table.push_back(25);
168 // window 5 is unbeaten in [60.31, 146.07]
169 mnt6_G1::fixed_base_exp_window_table.push_back(60);
170 // window 6 is unbeaten in [146.07, 350.09]
171 mnt6_G1::fixed_base_exp_window_table.push_back(146);
172 // window 7 is unbeaten in [350.09, 844.54]
173 mnt6_G1::fixed_base_exp_window_table.push_back(350);
174 // window 8 is unbeaten in [844.54, 1839.64]
175 mnt6_G1::fixed_base_exp_window_table.push_back(845);
176 // window 9 is unbeaten in [1839.64, 3904.26]
177 mnt6_G1::fixed_base_exp_window_table.push_back(1840);
178 // window 10 is unbeaten in [3904.26, 11309.42]
179 mnt6_G1::fixed_base_exp_window_table.push_back(3904);
180 // window 11 is unbeaten in [11309.42, 24015.57]
181 mnt6_G1::fixed_base_exp_window_table.push_back(11309);
182 // window 12 is unbeaten in [24015.57, 72288.57]
183 mnt6_G1::fixed_base_exp_window_table.push_back(24016);
184 // window 13 is unbeaten in [72288.57, 138413.22]
185 mnt6_G1::fixed_base_exp_window_table.push_back(72289);
186 // window 14 is unbeaten in [138413.22, 156390.30]
187 mnt6_G1::fixed_base_exp_window_table.push_back(138413);
188 // window 15 is unbeaten in [156390.30, 562560.50]
189 mnt6_G1::fixed_base_exp_window_table.push_back(156390);
190 // window 16 is unbeaten in [562560.50, 1036742.02]
191 mnt6_G1::fixed_base_exp_window_table.push_back(562560);
192 // window 17 is unbeaten in [1036742.02, 2053818.86]
193 mnt6_G1::fixed_base_exp_window_table.push_back(1036742);
194 // window 18 is unbeaten in [2053818.86, 4370223.95]
195 mnt6_G1::fixed_base_exp_window_table.push_back(2053819);
196 // window 19 is unbeaten in [4370223.95, 8215703.81]
197 mnt6_G1::fixed_base_exp_window_table.push_back(4370224);
198 // window 20 is unbeaten in [8215703.81, 42682375.43]
199 mnt6_G1::fixed_base_exp_window_table.push_back(8215704);
200 // window 21 is never the best
201 mnt6_G1::fixed_base_exp_window_table.push_back(0);
202 // window 22 is unbeaten in [42682375.43, inf]
203 mnt6_G1::fixed_base_exp_window_table.push_back(42682375);
204
205 /* choice of group G2 */
206 mnt6_G2::G2_zero = mnt6_G2(mnt6_Fq3::zero(),
207 mnt6_Fq3::one(),
208 mnt6_Fq3::zero());
209 mnt6_G2::G2_one = mnt6_G2(mnt6_Fq3(mnt6_Fq("421456435772811846256826561593908322288509115489119907560382401870203318738334702321297427"),
210 mnt6_Fq("103072927438548502463527009961344915021167584706439945404959058962657261178393635706405114"),
211 mnt6_Fq("143029172143731852627002926324735183809768363301149009204849580478324784395590388826052558")),
212 mnt6_Fq3(mnt6_Fq("464673596668689463130099227575639512541218133445388869383893594087634649237515554342751377"),
213 mnt6_Fq("100642907501977375184575075967118071807821117960152743335603284583254620685343989304941678"),
214 mnt6_Fq("123019855502969896026940545715841181300275180157288044663051565390506010149881373807142903")),
215 mnt6_Fq3::one());
216 mnt6_G2::initialized = true;
217
218 mnt6_G2::wnaf_window_table.resize(0);
219 mnt6_G2::wnaf_window_table.push_back(5);
220 mnt6_G2::wnaf_window_table.push_back(15);
221 mnt6_G2::wnaf_window_table.push_back(39);
222 mnt6_G2::wnaf_window_table.push_back(109);
223
224 mnt6_G2::fixed_base_exp_window_table.resize(0);
225 // window 1 is unbeaten in [-inf, 4.25]
226 mnt6_G2::fixed_base_exp_window_table.push_back(1);
227 // window 2 is unbeaten in [4.25, 10.22]
228 mnt6_G2::fixed_base_exp_window_table.push_back(4);
229 // window 3 is unbeaten in [10.22, 24.85]
230 mnt6_G2::fixed_base_exp_window_table.push_back(10);
231 // window 4 is unbeaten in [24.85, 60.06]
232 mnt6_G2::fixed_base_exp_window_table.push_back(25);
233 // window 5 is unbeaten in [60.06, 143.61]
234 mnt6_G2::fixed_base_exp_window_table.push_back(60);
235 // window 6 is unbeaten in [143.61, 345.66]
236 mnt6_G2::fixed_base_exp_window_table.push_back(144);
237 // window 7 is unbeaten in [345.66, 818.56]
238 mnt6_G2::fixed_base_exp_window_table.push_back(346);
239 // window 8 is unbeaten in [818.56, 1782.06]
240 mnt6_G2::fixed_base_exp_window_table.push_back(819);
241 // window 9 is unbeaten in [1782.06, 4002.45]
242 mnt6_G2::fixed_base_exp_window_table.push_back(1782);
243 // window 10 is unbeaten in [4002.45, 10870.18]
244 mnt6_G2::fixed_base_exp_window_table.push_back(4002);
245 // window 11 is unbeaten in [10870.18, 18022.51]
246 mnt6_G2::fixed_base_exp_window_table.push_back(10870);
247 // window 12 is unbeaten in [18022.51, 43160.74]
248 mnt6_G2::fixed_base_exp_window_table.push_back(18023);
249 // window 13 is unbeaten in [43160.74, 149743.32]
250 mnt6_G2::fixed_base_exp_window_table.push_back(43161);
251 // window 14 is never the best
252 mnt6_G2::fixed_base_exp_window_table.push_back(0);
253 // window 15 is unbeaten in [149743.32, 551844.13]
254 mnt6_G2::fixed_base_exp_window_table.push_back(149743);
255 // window 16 is unbeaten in [551844.13, 1041827.91]
256 mnt6_G2::fixed_base_exp_window_table.push_back(551844);
257 // window 17 is unbeaten in [1041827.91, 1977371.53]
258 mnt6_G2::fixed_base_exp_window_table.push_back(1041828);
259 // window 18 is unbeaten in [1977371.53, 3703619.51]
260 mnt6_G2::fixed_base_exp_window_table.push_back(1977372);
261 // window 19 is unbeaten in [3703619.51, 7057236.87]
262 mnt6_G2::fixed_base_exp_window_table.push_back(3703620);
263 // window 20 is unbeaten in [7057236.87, 38554491.67]
264 mnt6_G2::fixed_base_exp_window_table.push_back(7057237);
265 // window 21 is never the best
266 mnt6_G2::fixed_base_exp_window_table.push_back(0);
267 // window 22 is unbeaten in [38554491.67, inf]
268 mnt6_G2::fixed_base_exp_window_table.push_back(38554492);
269
270 /* pairing parameters */
271 mnt6_ate_loop_count = bigint_q("689871209842287392837045615510547309923794944");
272 mnt6_ate_is_loop_count_neg = true;
273 mnt6_final_exponent = bigint<6*mnt6_q_limbs>("24416320138090509697890595414313438768353977489862543935904010715439066975957855922532159264213056712140358746422742237328406558352706591021642230618060502855451264045397444793186876199015256781648746888625527075466063075011307800862173764236311342105211681121426931616843635215852236649271569251468773714424208521977615548771268520882870120900360322044218806712027729351845307690474985502587527753847200130592058098363641559341826790559426614919168");
274 mnt6_final_exponent_last_chunk_abs_of_w0 = bigint_q("689871209842287392837045615510547309923794944");
275 mnt6_final_exponent_last_chunk_is_w0_neg = true;
276 mnt6_final_exponent_last_chunk_w1 = bigint_q("1");
277}
mnt6_modulus_r
#define mnt6_modulus_r
Definition mnt6_init.hpp:23
mnt6_modulus_q
#define mnt6_modulus_q
Definition mnt6_init.hpp:24
libff::mnt6_final_exponent
bigint< 6 *mnt6_q_limbs > mnt6_final_exponent
Definition mnt6_init.cpp:37
libff::mnt6_final_exponent_last_chunk_abs_of_w0
bigint< mnt6_q_limbs > mnt6_final_exponent_last_chunk_abs_of_w0
Definition mnt6_init.cpp:38
libff::mnt6_final_exponent_last_chunk_is_w0_neg
bool mnt6_final_exponent_last_chunk_is_w0_neg
Definition mnt6_init.cpp:39
libff::mnt6_twist_mul_by_a_c0
mnt6_Fq mnt6_twist_mul_by_a_c0
Definition mnt6_init.cpp:26
libff::mnt6_final_exponent_last_chunk_w1
bigint< mnt6_q_limbs > mnt6_final_exponent_last_chunk_w1
Definition mnt6_init.cpp:40
libff::mnt6_twist_mul_by_a_c2
mnt6_Fq mnt6_twist_mul_by_a_c2
Definition mnt6_init.cpp:28
libff::mnt6_Fr
Fp_model< mnt6_r_limbs, mnt6_modulus_r > mnt6_Fr
Definition mnt6_init.hpp:35
libff::mnt6_twist_mul_by_b_c2
mnt6_Fq mnt6_twist_mul_by_b_c2
Definition mnt6_init.cpp:31
libff::mnt6_Fq
Fp_model< mnt6_q_limbs, mnt6_modulus_q > mnt6_Fq
Definition mnt6_init.hpp:36
libff::mnt6_twist
mnt6_Fq3 mnt6_twist
Definition mnt6_init.cpp:23
libff::mnt6_twist_mul_by_b_c1
mnt6_Fq mnt6_twist_mul_by_b_c1
Definition mnt6_init.cpp:30
libff::mnt6_ate_is_loop_count_neg
bool mnt6_ate_is_loop_count_neg
Definition mnt6_init.cpp:36
libff::mnt6_twist_coeff_a
mnt6_Fq3 mnt6_twist_coeff_a
Definition mnt6_init.cpp:24
libff::mnt6_twist_mul_by_q_Y
mnt6_Fq mnt6_twist_mul_by_q_Y
Definition mnt6_init.cpp:33
libff::mnt6_twist_mul_by_b_c0
mnt6_Fq mnt6_twist_mul_by_b_c0
Definition mnt6_init.cpp:29
libff::mnt6_twist_mul_by_q_X
mnt6_Fq mnt6_twist_mul_by_q_X
Definition mnt6_init.cpp:32
libff::mnt6_Fq3
Fp3_model< mnt6_q_limbs, mnt6_modulus_q > mnt6_Fq3
Definition mnt6_init.hpp:37
libff::mnt6_twist_coeff_b
mnt6_Fq3 mnt6_twist_coeff_b
Definition mnt6_init.cpp:25
libff::mnt6_ate_loop_count
bigint< mnt6_q_limbs > mnt6_ate_loop_count
Definition mnt6_init.cpp:35
libff::mnt6_twist_mul_by_a_c1
mnt6_Fq mnt6_twist_mul_by_a_c1
Definition mnt6_init.cpp:27
Here is the call graph for this function:
Here is the caller graph for this function:

◆ inner_product()

template<typename T >
T libff::inner_product ( typename std::vector< T >::const_iterator a_start,
typename std::vector< T >::const_iterator a_end,
typename std::vector< T >::const_iterator b_start,
typename std::vector< T >::const_iterator b_end )

A convenience function for calculating a pure inner product, where the more complicated methods are not required.

◆ input_bool()

void libff::input_bool ( std::istream & in,
bool & b )
inline

◆ input_bool_vector()

void libff::input_bool_vector ( std::istream & in,
std::vector< bool > & v )
inline

◆ int_list_to_bits()

bit_vector libff::int_list_to_bits ( const std::initializer_list< unsigned long > & l,
const size_t wordsize )

Definition at line 71 of file utils.cpp.

72{
73 bit_vector res(wordsize*l.size());
74 for (size_t i = 0; i < l.size(); ++i)
75 {
76 for (size_t j = 0; j < wordsize; ++j)
77 {
78 res[i*wordsize + j] = (*(l.begin()+i) & (1ul<<(wordsize-1-j)));
79 }
80 }
81 return res;
82}
libff::bit_vector
std::vector< bool > bit_vector
Definition utils.hpp:21
j
uint16_t j
Definition yubihsm_pkcs11.c:465

◆ is_little_endian()

bool libff::is_little_endian ( )

Definition at line 89 of file utils.cpp.

90{
91 uint64_t a = 0x12345678;
92 unsigned char *c = (unsigned char*)(&a);
93 return (*c = 0x78);
94}
a
const GenericPointer< typename T::ValueType > T2 T::AllocatorType & a
Definition pointer.h:1181
uint64_t
unsigned __int64 uint64_t
Definition stdint.h:136

◆ leave_block()

void libff::leave_block ( const std::string & msg,
const bool indent )

Definition at line 282 of file profiling.cpp.

283{
284 if (inhibit_profiling_counters)
285 {
286 return;
287 }
288
289#ifndef MULTICORE
290 assert(*(--block_names.end()) == msg);
291#endif
292 block_names.pop_back();
293
294 ++invocation_counts[msg];
295
296 long long t = get_nsec_time();
297 last_times[msg] = (t - enter_times[msg]);
298 cumulative_times[msg] += (t - enter_times[msg]);
299
300 long long cpu_t = get_nsec_cpu_time();
301 last_cpu_times[msg] = (cpu_t - enter_cpu_times[msg]);
302
303#ifdef PROFILE_OP_COUNTS
304 for (std::pair<std::string, long long*> p : op_data_points)
305 {
306 cumulative_op_counts[std::make_pair(msg, p.first)] += *(p.second)-op_counts[std::make_pair(msg, p.first)];
307 }
308#endif
309
310 if (inhibit_profiling_info)
311 {
312 return;
313 }
314
315#ifdef MULTICORE
316#pragma omp critical
317#endif
318 {
319 if (indent)
320 {
321 --indentation;
322 }
323
324 print_indent();
325 printf("(leave) %-35s\t", msg.c_str());
326 print_times_from_last_and_start(t, enter_times[msg], cpu_t, enter_cpu_times[msg]);
327 print_op_profiling(msg);
328 printf("\n");
329 fflush(stdout);
330 }
331}
p
const mie::Vuint & p
Definition bn.cpp:27
libff::print_op_profiling
void print_op_profiling(const std::string &msg)
Definition profiling.cpp:155
Here is the call graph for this function:

◆ log2()

size_t libff::log2 ( size_t n)

Definition at line 32 of file utils.cpp.

35{
36 size_t r = ((n & (n-1)) == 0 ? 0 : 1); // add 1 if n is not power of 2
37
38 while (n > 1)
39 {
40 n >>= 1;
41 r++;
42 }
43
44 return r;
45}

◆ mixed_addition_step_for_flipped_miller_loop() [1/4]

void libff::mixed_addition_step_for_flipped_miller_loop ( const alt_bn128_G2 base,
alt_bn128_G2 & current,
alt_bn128_ate_ell_coeffs & c )

Definition at line 267 of file alt_bn128_pairing.cpp.

270{
271 const alt_bn128_Fq2 X1 = current.X, Y1 = current.Y, Z1 = current.Z;
272 const alt_bn128_Fq2 &x2 = base.X, &y2 = base.Y;
273
274 const alt_bn128_Fq2 D = X1 - x2 * Z1; // D = X1 - X2*Z1
275 const alt_bn128_Fq2 E = Y1 - y2 * Z1; // E = Y1 - Y2*Z1
276 const alt_bn128_Fq2 F = D.squared(); // F = D^2
277 const alt_bn128_Fq2 G = E.squared(); // G = E^2
278 const alt_bn128_Fq2 H = D*F; // H = D*F
279 const alt_bn128_Fq2 I = X1 * F; // I = X1 * F
280 const alt_bn128_Fq2 J = H + Z1*G - (I+I); // J = H + Z1*G - (I+I)
281
282 current.X = D * J; // X3 = D*J
283 current.Y = E * (I-J)-(H * Y1); // Y3 = E*(I-J)-(H*Y1)
284 current.Z = Z1 * H; // Z3 = Z1*H
285 c.ell_0 = alt_bn128_twist * (E * x2 - D * y2); // ell_0 = xi * (E * X2 - D * Y2)
286 c.ell_VV = - E; // ell_VV = - E (later: * xP)
287 c.ell_VW = D; // ell_VW = D (later: * yP )
288}
Here is the call graph for this function:
Here is the caller graph for this function:

◆ mixed_addition_step_for_flipped_miller_loop() [2/4]

void libff::mixed_addition_step_for_flipped_miller_loop ( const extended_edwards_G2_projective & base,
extended_edwards_G2_projective & current,
edwards_Fq3_conic_coefficients & cc )

Definition at line 541 of file edwards_pairing.cpp.

544{
545 const edwards_Fq3 &X1 = current.X, &Y1 = current.Y, &Z1 = current.Z, &T1 = current.T;
546 const edwards_Fq3 &X2 = base.X, &Y2 = base.Y, &T2 = base.T;
547
548 const edwards_Fq3 A = X1*X2; // A = X1*X2
549 const edwards_Fq3 B = Y1*Y2; // B = Y1*Y2
550 const edwards_Fq3 C = Z1*T2; // C = Z1*T2
551 const edwards_Fq3 E = T1+C; // E = T1+C
552 const edwards_Fq3 F = (X1-Y1)*(X2+Y2)+B-A; // F = (X1-Y1)*(X2+Y2)+B-A
553 // G = B + twisted_edwards_a * A
554 const edwards_Fq3 G = B + edwards_G2::mul_by_a(A); // edwards_param_twist_coeff_a is 1*X for us
555 const edwards_Fq3 H = T1-C; // H = T1-C
556 const edwards_Fq3 I = T1*T2; // I = T1*T2
557
558 // c_ZZ = delta_3* ((T1-X1)*(T2+X2)-I+A)
559 cc.c_ZZ = edwards_G2::mul_by_a((T1-X1)*(T2+X2)-I+A); // edwards_param_twist_coeff_a is 1*X for us
560
561 cc.c_XY = X1-X2*Z1+F; // c_XY = X1*Z2-X2*Z1+F
562 cc.c_XZ = (Y1-T1)*(Y2+T2)-B+I-H; // c_XZ = (Y1-T1)*(Y2+T2)-B+I-H
563 current.X = E*F; // X3 = E*F
564 current.Y = G*H; // Y3 = G*H
565 current.Z = F*G; // Z3 = F*G
566 current.T = E*H; // T3 = E*H
567
568#ifdef DEBUG
569 current.test_invariant();
570#endif
571}
Here is the call graph for this function:

◆ mixed_addition_step_for_flipped_miller_loop() [3/4]

void libff::mixed_addition_step_for_flipped_miller_loop ( const mnt4_Fq2 base_X,
const mnt4_Fq2 base_Y,
const mnt4_Fq2 base_Y_squared,
extended_mnt4_G2_projective & current,
mnt4_ate_add_coeffs & ac )

Definition at line 438 of file mnt4_pairing.cpp.

441{
442 const mnt4_Fq2 X1 = current.X, Y1 = current.Y, Z1 = current.Z, T1 = current.T;
443 const mnt4_Fq2 &x2 = base_X, &y2 = base_Y, &y2_squared = base_Y_squared;
444
445 const mnt4_Fq2 B = x2 * T1; // B = x2 * T1
446 const mnt4_Fq2 D = ((y2 + Z1).squared() - y2_squared - T1) * T1; // D = ((y2 + Z1)^2 - y2squared - T1) * T1
447 const mnt4_Fq2 H = B - X1; // H = B - X1
448 const mnt4_Fq2 I = H.squared(); // I = H^2
449 const mnt4_Fq2 E = I + I + I + I; // E = 4*I
450 const mnt4_Fq2 J = H * E; // J = H * E
451 const mnt4_Fq2 V = X1 * E; // V = X1 * E
452 const mnt4_Fq2 L1 = D - (Y1 + Y1); // L1 = D - 2 * Y1
453
454 current.X = L1.squared() - J - (V+V); // X3 = L1^2 - J - 2*V
455 current.Y = L1 * (V-current.X) - (Y1+Y1) * J; // Y3 = L1 * (V-X3) - 2*Y1 * J
456 current.Z = (Z1+H).squared() - T1 - I; // Z3 = (Z1 + H)^2 - T1 - I
457 current.T = current.Z.squared(); // T3 = Z3^2
458
459 ac.c_L1 = L1;
460 ac.c_RZ = current.Z;
461#ifdef DEBUG
462 current.test_invariant();
463#endif
464}
libff::mnt4_ate_add_coeffs::c_L1
mnt4_Fq2 c_L1
Definition mnt4_pairing.hpp:83
libff::mnt4_ate_add_coeffs::c_RZ
mnt4_Fq2 c_RZ
Definition mnt4_pairing.hpp:84
Here is the call graph for this function:

◆ mixed_addition_step_for_flipped_miller_loop() [4/4]

void libff::mixed_addition_step_for_flipped_miller_loop ( const mnt6_Fq3 base_X,
const mnt6_Fq3 base_Y,
const mnt6_Fq3 base_Y_squared,
extended_mnt6_G2_projective & current,
mnt6_ate_add_coeffs & ac )

Definition at line 444 of file mnt6_pairing.cpp.

447{
448 const mnt6_Fq3 X1 = current.X, Y1 = current.Y, Z1 = current.Z, T1 = current.T;
449 const mnt6_Fq3 &x2 = base_X, &y2 = base_Y, &y2_squared = base_Y_squared;
450
451 const mnt6_Fq3 B = x2 * T1; // B = x2 * T1
452 const mnt6_Fq3 D = ((y2 + Z1).squared() - y2_squared - T1) * T1; // D = ((y2 + Z1)^2 - y2squared - T1) * T1
453 const mnt6_Fq3 H = B - X1; // H = B - X1
454 const mnt6_Fq3 I = H.squared(); // I = H^2
455 const mnt6_Fq3 E = I + I + I + I; // E = 4*I
456 const mnt6_Fq3 J = H * E; // J = H * E
457 const mnt6_Fq3 V = X1 * E; // V = X1 * E
458 const mnt6_Fq3 L1 = D - (Y1 + Y1); // L1 = D - 2 * Y1
459
460 current.X = L1.squared() - J - (V+V); // X3 = L1^2 - J - 2*V
461 current.Y = L1 * (V-current.X) - (Y1+Y1) * J; // Y3 = L1 * (V-X3) - 2*Y1 * J
462 current.Z = (Z1+H).squared() - T1 - I; // Z3 = (Z1 + H)^2 - T1 - I
463 current.T = current.Z.squared(); // T3 = Z3^2
464
465 ac.c_L1 = L1;
466 ac.c_RZ = current.Z;
467#ifdef DEBUG
468 current.test_invariant();
469#endif
470}
libff::mnt6_ate_add_coeffs::c_L1
mnt6_Fq3 c_L1
Definition mnt6_pairing.hpp:83
libff::mnt6_ate_add_coeffs::c_RZ
mnt6_Fq3 c_RZ
Definition mnt6_pairing.hpp:84
Here is the call graph for this function:

◆ mixed_addition_step_for_miller_loop()

void libff::mixed_addition_step_for_miller_loop ( const extended_edwards_G1_projective & base,
extended_edwards_G1_projective & current,
edwards_Fq_conic_coefficients & cc )

Definition at line 316 of file edwards_pairing.cpp.

319{
320 const edwards_Fq &X1 = current.X, &Y1 = current.Y, &Z1 = current.Z, &T1 = current.T;
321 const edwards_Fq &X2 = base.X, &Y2 = base.Y, &T2 = base.T;
322
323 const edwards_Fq A = X1*X2; // A = X1*X2
324 const edwards_Fq B = Y1*Y2; // B = Y1*Y2
325 const edwards_Fq C = Z1*T2; // C = Z1*T2
326 const edwards_Fq D = T1; // D = T1*Z2
327 const edwards_Fq E = D+C; // E = D+C
328 const edwards_Fq F = (X1-Y1)*(X2+Y2)+B-A; // F = (X1-Y1)*(X2+Y2)+B-A
329 const edwards_Fq G = B + A; // G = B + A (edwards_a=1)
330 const edwards_Fq H = D-C; // H = D-C
331 const edwards_Fq I = T1*T2; // I = T1*T2
332
333 cc.c_ZZ = (T1-X1)*(T2+X2)-I+A; // c_ZZ = (T1-X1)*(T2+X2)-I+A
334 cc.c_XY = X1-X2*Z1+F; // c_XY = X1*Z2-X2*Z1+F
335 cc.c_XZ = (Y1-T1)*(Y2+T2)-B+I-H; // c_XZ = (Y1-T1)*(Y2+T2)-B+I-H
336 current.X = E*F; // X3 = E*F
337 current.Y = G*H; // Y3 = G*H
338 current.Z = F*G; // Z3 = F*G
339 current.T = E*H; // T3 = E*H
340
341#ifdef DEBUG
342 current.test_invariant();
343#endif
344}
Here is the caller graph for this function:

◆ mnt4_affine_ate_miller_loop()

mnt4_Fq4 libff::mnt4_affine_ate_miller_loop ( const mnt4_affine_ate_G1_precomputation & prec_P,
const mnt4_affine_ate_G2_precomputation & prec_Q )

Definition at line 323 of file mnt4_pairing.cpp.

325{
326 enter_block("Call to mnt4_affine_ate_miller_loop");
327
328 mnt4_Fq4 f = mnt4_Fq4::one();
329
330 bool found_nonzero = false;
331 size_t idx = 0;
332 const bigint<mnt4_Fr::num_limbs> &loop_count = mnt4_ate_loop_count;
333
334 std::vector<long> NAF = find_wnaf(1, loop_count);
335 for (long i = NAF.size() - 1; i >= 0; --i)
336 {
337 if (!found_nonzero)
338 {
339 /* this skips the MSB itself */
340 found_nonzero |= (NAF[i] != 0);
341 continue;
342 }
343
344 /* code below gets executed for all bits (EXCEPT the MSB itself) of
345 mnt4_param_p (skipping leading zeros) in MSB to LSB
346 order */
347 mnt4_affine_ate_coeffs c = prec_Q.coeffs[idx++];
348
349 mnt4_Fq4 g_RR_at_P = mnt4_Fq4(prec_P.PY_twist_squared,
350 - prec_P.PX * c.gamma_twist + c.gamma_X - c.old_RY);
351 f = f.squared().mul_by_023(g_RR_at_P);
352
353 if (NAF[i] != 0)
354 {
355 mnt4_affine_ate_coeffs c = prec_Q.coeffs[idx++];
356 mnt4_Fq4 g_RQ_at_P;
357 if (NAF[i] > 0)
358 {
359 g_RQ_at_P = mnt4_Fq4(prec_P.PY_twist_squared,
360 - prec_P.PX * c.gamma_twist + c.gamma_X - prec_Q.QY);
361 }
362 else
363 {
364 g_RQ_at_P = mnt4_Fq4(prec_P.PY_twist_squared,
365 - prec_P.PX * c.gamma_twist + c.gamma_X + prec_Q.QY);
366 }
367 f = f.mul_by_023(g_RQ_at_P);
368 }
369 }
370
371 /* TODO: maybe handle neg
372 if (mnt4_ate_is_loop_count_neg)
373 {
374 // TODO:
375 mnt4_affine_ate_coeffs ac = prec_Q.coeffs[idx++];
376 mnt4_Fq4 g_RnegR_at_P = mnt4_Fq4(prec_P.PY_twist_squared,
377 - prec_P.PX * c.gamma_twist + c.gamma_X - c.old_RY);
378 f = (f * g_RnegR_at_P).inverse();
379 }
380 */
381
382 leave_block("Call to mnt4_affine_ate_miller_loop");
383
384 return f;
385}
libff::Fp4_model
Definition fp4.hpp:34
libff::mnt4_Fq4
Fp4_model< mnt4_q_limbs, mnt4_modulus_q > mnt4_Fq4
Definition mnt4_init.hpp:38
libff::find_wnaf
std::vector< long > find_wnaf(const size_t window_size, const bigint< n > &scalar)
libff::mnt4_affine_ate_G1_precomputation::PY_twist_squared
mnt4_Fq2 PY_twist_squared
Definition mnt4_pairing.hpp:34
libff::mnt4_affine_ate_G1_precomputation::PX
mnt4_Fq PX
Definition mnt4_pairing.hpp:32
libff::mnt4_affine_ate_G2_precomputation::QY
mnt4_Fq2 QY
Definition mnt4_pairing.hpp:48
libff::mnt4_affine_ate_G2_precomputation::coeffs
std::vector< mnt4_affine_ate_coeffs > coeffs
Definition mnt4_pairing.hpp:49
Here is the call graph for this function:
Here is the caller graph for this function:

◆ mnt4_affine_ate_precompute_G1()

mnt4_affine_ate_G1_precomputation libff::mnt4_affine_ate_precompute_G1 ( const mnt4_G1 & P)

Definition at line 227 of file mnt4_pairing.cpp.

228{
229 enter_block("Call to mnt4_affine_ate_precompute_G1");
230
231 mnt4_G1 Pcopy = P;
232 Pcopy.to_affine_coordinates();
233
234 mnt4_affine_ate_G1_precomputation result;
235 result.PX = Pcopy.X;
236 result.PY = Pcopy.Y;
237 result.PY_twist_squared = Pcopy.Y * mnt4_twist.squared();
238
239 leave_block("Call to mnt4_affine_ate_precompute_G1");
240 return result;
241}
libff::mnt4_G1
Definition mnt4_g1.hpp:26
libff::mnt4_G1::X
mnt4_Fq X
Definition mnt4_g1.hpp:43
libff::mnt4_G1::to_affine_coordinates
void to_affine_coordinates()
Definition mnt4_g1.cpp:72
libff::mnt4_G1::Y
mnt4_Fq Y
Definition mnt4_g1.hpp:43
libff::mnt4_affine_ate_G1_precomputation
Definition mnt4_pairing.hpp:31
Here is the call graph for this function:
Here is the caller graph for this function:

◆ mnt4_affine_ate_precompute_G2()

mnt4_affine_ate_G2_precomputation libff::mnt4_affine_ate_precompute_G2 ( const mnt4_G2 & Q)

Definition at line 243 of file mnt4_pairing.cpp.

244{
245 enter_block("Call to mnt4_affine_ate_precompute_G2");
246
247 mnt4_G2 Qcopy(Q);
248 Qcopy.to_affine_coordinates();
249
250 mnt4_affine_ate_G2_precomputation result;
251 result.QX = Qcopy.X;
252 result.QY = Qcopy.Y;
253
254 mnt4_Fq2 RX = Qcopy.X;
255 mnt4_Fq2 RY = Qcopy.Y;
256
257 const bigint<mnt4_Fr::num_limbs> &loop_count = mnt4_ate_loop_count;
258 bool found_nonzero = false;
259
260 std::vector<long> NAF = find_wnaf(1, loop_count);
261 for (long i = NAF.size() - 1; i >= 0; --i)
262 {
263 if (!found_nonzero)
264 {
265 /* this skips the MSB itself */
266 found_nonzero |= (NAF[i] != 0);
267 continue;
268 }
269
270 mnt4_affine_ate_coeffs c;
271 c.old_RX = RX;
272 c.old_RY = RY;
273 mnt4_Fq2 old_RX_2 = c.old_RX.squared();
274 c.gamma = (old_RX_2 + old_RX_2 + old_RX_2 + mnt4_twist_coeff_a) * (c.old_RY + c.old_RY).inverse();
275 c.gamma_twist = c.gamma * mnt4_twist;
276 c.gamma_X = c.gamma * c.old_RX;
277 result.coeffs.push_back(c);
278
279 RX = c.gamma.squared() - (c.old_RX+c.old_RX);
280 RY = c.gamma * (c.old_RX - RX) - c.old_RY;
281
282 if (NAF[i] != 0)
283 {
284 mnt4_affine_ate_coeffs c;
285 c.old_RX = RX;
286 c.old_RY = RY;
287 if (NAF[i] > 0)
288 {
289 c.gamma = (c.old_RY - result.QY) * (c.old_RX - result.QX).inverse();
290 }
291 else
292 {
293 c.gamma = (c.old_RY + result.QY) * (c.old_RX - result.QX).inverse();
294 }
295 c.gamma_twist = c.gamma * mnt4_twist;
296 c.gamma_X = c.gamma * result.QX;
297 result.coeffs.push_back(c);
298
299 RX = c.gamma.squared() - (c.old_RX+result.QX);
300 RY = c.gamma * (c.old_RX - RX) - c.old_RY;
301 }
302 }
303
304 /* TODO: maybe handle neg
305 if (mnt4_ate_is_loop_count_neg)
306 {
307 mnt4_ate_add_coeffs ac;
308 mnt4_affine_ate_dbl_coeffs c;
309 c.old_RX = RX;
310 c.old_RY = -RY;
311 old_RX_2 = c.old_RY.squared();
312 c.gamma = (old_RX_2 + old_RX_2 + old_RX_2 + mnt4_coeff_a) * (c.old_RY + c.old_RY).inverse();
313 c.gamma_twist = c.gamma * mnt4_twist;
314 c.gamma_X = c.gamma * c.old_RX;
315 result.coeffs.push_back(c);
316 }
317 */
318
319 leave_block("Call to mnt4_affine_ate_precompute_G2");
320 return result;
321}
libff::mnt4_G2
Definition mnt4_g2.hpp:26
libff::mnt4_affine_ate_G2_precomputation
Definition mnt4_pairing.hpp:46
Here is the call graph for this function:
Here is the caller graph for this function:

◆ mnt4_affine_reduced_pairing()

mnt4_GT libff::mnt4_affine_reduced_pairing ( const mnt4_G1 & P,
const mnt4_G2 & Q )

Definition at line 731 of file mnt4_pairing.cpp.

733{
734 const mnt4_affine_ate_G1_precomputation prec_P = mnt4_affine_ate_precompute_G1(P);
735 const mnt4_affine_ate_G2_precomputation prec_Q = mnt4_affine_ate_precompute_G2(Q);
736 const mnt4_Fq4 f = mnt4_affine_ate_miller_loop(prec_P, prec_Q);
737 const mnt4_GT result = mnt4_final_exponentiation(f);
738 return result;
739}
libff::mnt4_affine_ate_precompute_G1
mnt4_affine_ate_G1_precomputation mnt4_affine_ate_precompute_G1(const mnt4_G1 &P)
Definition mnt4_pairing.cpp:227
libff::mnt4_affine_ate_miller_loop
mnt4_Fq4 mnt4_affine_ate_miller_loop(const mnt4_affine_ate_G1_precomputation &prec_P, const mnt4_affine_ate_G2_precomputation &prec_Q)
Definition mnt4_pairing.cpp:323
libff::mnt4_final_exponentiation
mnt4_GT mnt4_final_exponentiation(const mnt4_Fq4 &elt)
Definition mnt4_pairing.cpp:213
libff::mnt4_affine_ate_precompute_G2
mnt4_affine_ate_G2_precomputation mnt4_affine_ate_precompute_G2(const mnt4_G2 &Q)
Definition mnt4_pairing.cpp:243
Here is the call graph for this function:
Here is the caller graph for this function:

◆ mnt4_ate_double_miller_loop()

mnt4_Fq4 libff::mnt4_ate_double_miller_loop ( const mnt4_ate_G1_precomp & prec_P1,
const mnt4_ate_G2_precomp & prec_Q1,
const mnt4_ate_G1_precomp & prec_P2,
const mnt4_ate_G2_precomp & prec_Q2 )

Definition at line 600 of file mnt4_pairing.cpp.

604{
605 enter_block("Call to mnt4_ate_double_miller_loop");
606
607 mnt4_Fq2 L1_coeff1 = mnt4_Fq2(prec_P1.PX, mnt4_Fq::zero()) - prec_Q1.QX_over_twist;
608 mnt4_Fq2 L1_coeff2 = mnt4_Fq2(prec_P2.PX, mnt4_Fq::zero()) - prec_Q2.QX_over_twist;
609
610 mnt4_Fq4 f = mnt4_Fq4::one();
611
612 bool found_one = false;
613 size_t dbl_idx = 0;
614 size_t add_idx = 0;
615
616 const bigint<mnt4_Fr::num_limbs> &loop_count = mnt4_ate_loop_count;
617 for (long i = loop_count.max_bits() - 1; i >= 0; --i)
618 {
619 const bool bit = loop_count.test_bit(i);
620
621 if (!found_one)
622 {
623 /* this skips the MSB itself */
624 found_one |= bit;
625 continue;
626 }
627
628 /* code below gets executed for all bits (EXCEPT the MSB itself) of
629 mnt4_param_p (skipping leading zeros) in MSB to LSB
630 order */
631 mnt4_ate_dbl_coeffs dc1 = prec_Q1.dbl_coeffs[dbl_idx];
632 mnt4_ate_dbl_coeffs dc2 = prec_Q2.dbl_coeffs[dbl_idx];
633 ++dbl_idx;
634
635 mnt4_Fq4 g_RR_at_P1 = mnt4_Fq4(- dc1.c_4C - dc1.c_J * prec_P1.PX_twist + dc1.c_L,
636 dc1.c_H * prec_P1.PY_twist);
637
638 mnt4_Fq4 g_RR_at_P2 = mnt4_Fq4(- dc2.c_4C - dc2.c_J * prec_P2.PX_twist + dc2.c_L,
639 dc2.c_H * prec_P2.PY_twist);
640
641 f = f.squared() * g_RR_at_P1 * g_RR_at_P2;
642
643 if (bit)
644 {
645 mnt4_ate_add_coeffs ac1 = prec_Q1.add_coeffs[add_idx];
646 mnt4_ate_add_coeffs ac2 = prec_Q2.add_coeffs[add_idx];
647 ++add_idx;
648
649 mnt4_Fq4 g_RQ_at_P1 = mnt4_Fq4(ac1.c_RZ * prec_P1.PY_twist,
650 -(prec_Q1.QY_over_twist * ac1.c_RZ + L1_coeff1 * ac1.c_L1));
651 mnt4_Fq4 g_RQ_at_P2 = mnt4_Fq4(ac2.c_RZ * prec_P2.PY_twist,
652 -(prec_Q2.QY_over_twist * ac2.c_RZ + L1_coeff2 * ac2.c_L1));
653
654 f = f * g_RQ_at_P1 * g_RQ_at_P2;
655 }
656 }
657
658 if (mnt4_ate_is_loop_count_neg)
659 {
660 mnt4_ate_add_coeffs ac1 = prec_Q1.add_coeffs[add_idx];
661 mnt4_ate_add_coeffs ac2 = prec_Q2.add_coeffs[add_idx];
662 ++add_idx;
663 mnt4_Fq4 g_RnegR_at_P1 = mnt4_Fq4(ac1.c_RZ * prec_P1.PY_twist,
664 -(prec_Q1.QY_over_twist * ac1.c_RZ + L1_coeff1 * ac1.c_L1));
665 mnt4_Fq4 g_RnegR_at_P2 = mnt4_Fq4(ac2.c_RZ * prec_P2.PY_twist,
666 -(prec_Q2.QY_over_twist * ac2.c_RZ + L1_coeff2 * ac2.c_L1));
667
668 f = (f * g_RnegR_at_P1 * g_RnegR_at_P2).inverse();
669 }
670
671 leave_block("Call to mnt4_ate_double_miller_loop");
672
673 return f;
674}
libff::mnt4_ate_G1_precomp::PX_twist
mnt4_Fq2 PX_twist
Definition mnt4_pairing.hpp:63
libff::mnt4_ate_G1_precomp::PX
mnt4_Fq PX
Definition mnt4_pairing.hpp:61
libff::mnt4_ate_G1_precomp::PY_twist
mnt4_Fq2 PY_twist
Definition mnt4_pairing.hpp:64
libff::mnt4_ate_G2_precomp::QX_over_twist
mnt4_Fq2 QX_over_twist
Definition mnt4_pairing.hpp:95
libff::mnt4_ate_G2_precomp::QY_over_twist
mnt4_Fq2 QY_over_twist
Definition mnt4_pairing.hpp:96
libff::mnt4_ate_G2_precomp::add_coeffs
std::vector< mnt4_ate_add_coeffs > add_coeffs
Definition mnt4_pairing.hpp:98
libff::mnt4_ate_G2_precomp::dbl_coeffs
std::vector< mnt4_ate_dbl_coeffs > dbl_coeffs
Definition mnt4_pairing.hpp:97
Here is the call graph for this function:
Here is the caller graph for this function:

◆ mnt4_ate_miller_loop()

mnt4_Fq4 libff::mnt4_ate_miller_loop ( const mnt4_ate_G1_precomp & prec_P,
const mnt4_ate_G2_precomp & prec_Q )

Definition at line 544 of file mnt4_pairing.cpp.

546{
547 enter_block("Call to mnt4_ate_miller_loop");
548
549 mnt4_Fq2 L1_coeff = mnt4_Fq2(prec_P.PX, mnt4_Fq::zero()) - prec_Q.QX_over_twist;
550
551 mnt4_Fq4 f = mnt4_Fq4::one();
552
553 bool found_one = false;
554 size_t dbl_idx = 0;
555 size_t add_idx = 0;
556
557 const bigint<mnt4_Fr::num_limbs> &loop_count = mnt4_ate_loop_count;
558 for (long i = loop_count.max_bits() - 1; i >= 0; --i)
559 {
560 const bool bit = loop_count.test_bit(i);
561
562 if (!found_one)
563 {
564 /* this skips the MSB itself */
565 found_one |= bit;
566 continue;
567 }
568
569 /* code below gets executed for all bits (EXCEPT the MSB itself) of
570 mnt4_param_p (skipping leading zeros) in MSB to LSB
571 order */
572 mnt4_ate_dbl_coeffs dc = prec_Q.dbl_coeffs[dbl_idx++];
573
574 mnt4_Fq4 g_RR_at_P = mnt4_Fq4(- dc.c_4C - dc.c_J * prec_P.PX_twist + dc.c_L,
575 dc.c_H * prec_P.PY_twist);
576 f = f.squared() * g_RR_at_P;
577 if (bit)
578 {
579 mnt4_ate_add_coeffs ac = prec_Q.add_coeffs[add_idx++];
580
581 mnt4_Fq4 g_RQ_at_P = mnt4_Fq4(ac.c_RZ * prec_P.PY_twist,
582 -(prec_Q.QY_over_twist * ac.c_RZ + L1_coeff * ac.c_L1));
583 f = f * g_RQ_at_P;
584 }
585 }
586
587 if (mnt4_ate_is_loop_count_neg)
588 {
589 mnt4_ate_add_coeffs ac = prec_Q.add_coeffs[add_idx++];
590 mnt4_Fq4 g_RnegR_at_P = mnt4_Fq4(ac.c_RZ * prec_P.PY_twist,
591 -(prec_Q.QY_over_twist * ac.c_RZ + L1_coeff * ac.c_L1));
592 f = (f * g_RnegR_at_P).inverse();
593 }
594
595 leave_block("Call to mnt4_ate_miller_loop");
596
597 return f;
598}
Here is the call graph for this function:
Here is the caller graph for this function:

◆ mnt4_ate_pairing()

mnt4_Fq4 libff::mnt4_ate_pairing ( const mnt4_G1 & P,
const mnt4_G2 & Q )

Definition at line 676 of file mnt4_pairing.cpp.

677{
678 enter_block("Call to mnt4_ate_pairing");
679 mnt4_ate_G1_precomp prec_P = mnt4_ate_precompute_G1(P);
680 mnt4_ate_G2_precomp prec_Q = mnt4_ate_precompute_G2(Q);
681 mnt4_Fq4 result = mnt4_ate_miller_loop(prec_P, prec_Q);
682 leave_block("Call to mnt4_ate_pairing");
683 return result;
684}
libff::mnt4_ate_miller_loop
mnt4_Fq4 mnt4_ate_miller_loop(const mnt4_ate_G1_precomp &prec_P, const mnt4_ate_G2_precomp &prec_Q)
Definition mnt4_pairing.cpp:544
libff::mnt4_ate_precompute_G2
mnt4_ate_G2_precomp mnt4_ate_precompute_G2(const mnt4_G2 &Q)
Definition mnt4_pairing.cpp:483
libff::mnt4_ate_precompute_G1
mnt4_ate_G1_precomp mnt4_ate_precompute_G1(const mnt4_G1 &P)
Definition mnt4_pairing.cpp:466
libff::mnt4_ate_G1_precomp
Definition mnt4_pairing.hpp:60
libff::mnt4_ate_G2_precomp
Definition mnt4_pairing.hpp:91
Here is the call graph for this function:
Here is the caller graph for this function:

◆ mnt4_ate_precompute_G1()

mnt4_ate_G1_precomp libff::mnt4_ate_precompute_G1 ( const mnt4_G1 & P)

Definition at line 466 of file mnt4_pairing.cpp.

467{
468 enter_block("Call to mnt4_ate_precompute_G1");
469
470 mnt4_G1 Pcopy = P;
471 Pcopy.to_affine_coordinates();
472
473 mnt4_ate_G1_precomp result;
474 result.PX = Pcopy.X;
475 result.PY = Pcopy.Y;
476 result.PX_twist = Pcopy.X * mnt4_twist;
477 result.PY_twist = Pcopy.Y * mnt4_twist;
478
479 leave_block("Call to mnt4_ate_precompute_G1");
480 return result;
481}
Here is the call graph for this function:
Here is the caller graph for this function:

◆ mnt4_ate_precompute_G2()

mnt4_ate_G2_precomp libff::mnt4_ate_precompute_G2 ( const mnt4_G2 & Q)

Definition at line 483 of file mnt4_pairing.cpp.

484{
485 enter_block("Call to mnt4_ate_precompute_G2");
486
487 mnt4_G2 Qcopy(Q);
488 Qcopy.to_affine_coordinates();
489
490 mnt4_ate_G2_precomp result;
491 result.QX = Qcopy.X;
492 result.QY = Qcopy.Y;
493 result.QY2 = Qcopy.Y.squared();
494 result.QX_over_twist = Qcopy.X * mnt4_twist.inverse();
495 result.QY_over_twist = Qcopy.Y * mnt4_twist.inverse();
496
497 extended_mnt4_G2_projective R;
498 R.X = Qcopy.X;
499 R.Y = Qcopy.Y;
500 R.Z = mnt4_Fq2::one();
501 R.T = mnt4_Fq2::one();
502
503 const bigint<mnt4_Fr::num_limbs> &loop_count = mnt4_ate_loop_count;
504 bool found_one = false;
505
506 for (long i = loop_count.max_bits() - 1; i >= 0; --i)
507 {
508 const bool bit = loop_count.test_bit(i);
509 if (!found_one)
510 {
511 /* this skips the MSB itself */
512 found_one |= bit;
513 continue;
514 }
515
516 mnt4_ate_dbl_coeffs dc;
517 doubling_step_for_flipped_miller_loop(R, dc);
518 result.dbl_coeffs.push_back(dc);
519 if (bit)
520 {
521 mnt4_ate_add_coeffs ac;
522 mixed_addition_step_for_flipped_miller_loop(result.QX, result.QY, result.QY2, R, ac);
523 result.add_coeffs.push_back(ac);
524 }
525 }
526
527 if (mnt4_ate_is_loop_count_neg)
528 {
529 mnt4_Fq2 RZ_inv = R.Z.inverse();
530 mnt4_Fq2 RZ2_inv = RZ_inv.squared();
531 mnt4_Fq2 RZ3_inv = RZ2_inv * RZ_inv;
532 mnt4_Fq2 minus_R_affine_X = R.X * RZ2_inv;
533 mnt4_Fq2 minus_R_affine_Y = - R.Y * RZ3_inv;
534 mnt4_Fq2 minus_R_affine_Y2 = minus_R_affine_Y.squared();
535 mnt4_ate_add_coeffs ac;
536 mixed_addition_step_for_flipped_miller_loop(minus_R_affine_X, minus_R_affine_Y, minus_R_affine_Y2, R, ac);
537 result.add_coeffs.push_back(ac);
538 }
539
540 leave_block("Call to mnt4_ate_precompute_G2");
541 return result;
542}
libff::extended_mnt4_G2_projective
Definition mnt4_pairing.cpp:389
libff::extended_mnt4_G2_projective::X
mnt4_Fq2 X
Definition mnt4_pairing.cpp:390
Here is the call graph for this function:
Here is the caller graph for this function:

◆ mnt4_ate_reduced_pairing()

mnt4_GT libff::mnt4_ate_reduced_pairing ( const mnt4_G1 & P,
const mnt4_G2 & Q )

Definition at line 686 of file mnt4_pairing.cpp.

687{
688 enter_block("Call to mnt4_ate_reduced_pairing");
689 const mnt4_Fq4 f = mnt4_ate_pairing(P, Q);
690 const mnt4_GT result = mnt4_final_exponentiation(f);
691 leave_block("Call to mnt4_ate_reduced_pairing");
692 return result;
693}
libff::mnt4_ate_pairing
mnt4_Fq4 mnt4_ate_pairing(const mnt4_G1 &P, const mnt4_G2 &Q)
Definition mnt4_pairing.cpp:676
Here is the call graph for this function:
Here is the caller graph for this function:

◆ mnt4_double_miller_loop()

mnt4_Fq4 libff::mnt4_double_miller_loop ( const mnt4_G1_precomp & prec_P1,
const mnt4_G2_precomp & prec_Q1,
const mnt4_G1_precomp & prec_P2,
const mnt4_G2_precomp & prec_Q2 )

Definition at line 711 of file mnt4_pairing.cpp.

715{
716 return mnt4_ate_double_miller_loop(prec_P1, prec_Q1, prec_P2, prec_Q2);
717}
libff::mnt4_ate_double_miller_loop
mnt4_Fq4 mnt4_ate_double_miller_loop(const mnt4_ate_G1_precomp &prec_P1, const mnt4_ate_G2_precomp &prec_Q1, const mnt4_ate_G1_precomp &prec_P2, const mnt4_ate_G2_precomp &prec_Q2)
Definition mnt4_pairing.cpp:600
Here is the call graph for this function:
Here is the caller graph for this function:

◆ mnt4_final_exponentiation()

mnt4_GT libff::mnt4_final_exponentiation ( const mnt4_Fq4 & elt)

Definition at line 213 of file mnt4_pairing.cpp.

214{
215 enter_block("Call to mnt4_final_exponentiation");
216 const mnt4_Fq4 elt_inv = elt.inverse();
217 const mnt4_Fq4 elt_to_first_chunk = mnt4_final_exponentiation_first_chunk(elt, elt_inv);
218 const mnt4_Fq4 elt_inv_to_first_chunk = mnt4_final_exponentiation_first_chunk(elt_inv, elt);
219 mnt4_GT result = mnt4_final_exponentiation_last_chunk(elt_to_first_chunk, elt_inv_to_first_chunk);
220 leave_block("Call to mnt4_final_exponentiation");
221
222 return result;
223}
libff::Fp4_model::inverse
Fp4_model inverse() const
libff::mnt4_final_exponentiation_last_chunk
mnt4_Fq4 mnt4_final_exponentiation_last_chunk(const mnt4_Fq4 &elt, const mnt4_Fq4 &elt_inv)
Definition mnt4_pairing.cpp:180
libff::mnt4_final_exponentiation_first_chunk
mnt4_Fq4 mnt4_final_exponentiation_first_chunk(const mnt4_Fq4 &elt, const mnt4_Fq4 &elt_inv)
Definition mnt4_pairing.cpp:198
Here is the call graph for this function:
Here is the caller graph for this function:

◆ mnt4_final_exponentiation_first_chunk()

mnt4_Fq4 libff::mnt4_final_exponentiation_first_chunk ( const mnt4_Fq4 & elt,
const mnt4_Fq4 & elt_inv )

Definition at line 198 of file mnt4_pairing.cpp.

199{
200 enter_block("Call to mnt4_final_exponentiation_first_chunk");
201
202 /* (q^2-1) */
203
204 /* elt_q2 = elt^(q^2) */
205 const mnt4_Fq4 elt_q2 = elt.Frobenius_map(2);
206 /* elt_q3_over_elt = elt^(q^2-1) */
207 const mnt4_Fq4 elt_q2_over_elt = elt_q2 * elt_inv;
208
209 leave_block("Call to mnt4_final_exponentiation_first_chunk");
210 return elt_q2_over_elt;
211}
libff::Fp4_model::Frobenius_map
Fp4_model Frobenius_map(unsigned long power) const
Here is the call graph for this function:
Here is the caller graph for this function:

◆ mnt4_final_exponentiation_last_chunk()

mnt4_Fq4 libff::mnt4_final_exponentiation_last_chunk ( const mnt4_Fq4 & elt,
const mnt4_Fq4 & elt_inv )

Definition at line 180 of file mnt4_pairing.cpp.

181{
182 enter_block("Call to mnt4_final_exponentiation_last_chunk");
183 const mnt4_Fq4 elt_q = elt.Frobenius_map(1);
184 mnt4_Fq4 w1_part = elt_q.cyclotomic_exp(mnt4_final_exponent_last_chunk_w1);
185 mnt4_Fq4 w0_part;
186 if (mnt4_final_exponent_last_chunk_is_w0_neg)
187 {
188 w0_part = elt_inv.cyclotomic_exp(mnt4_final_exponent_last_chunk_abs_of_w0);
189 } else {
190 w0_part = elt.cyclotomic_exp(mnt4_final_exponent_last_chunk_abs_of_w0);
191 }
192 mnt4_Fq4 result = w1_part * w0_part;
193 leave_block("Call to mnt4_final_exponentiation_last_chunk");
194
195 return result;
196}
libff::Fp4_model::cyclotomic_exp
Fp4_model cyclotomic_exp(const bigint< m > &exponent) const
Here is the call graph for this function:
Here is the caller graph for this function:

◆ mnt4_miller_loop()

mnt4_Fq4 libff::mnt4_miller_loop ( const mnt4_G1_precomp & prec_P,
const mnt4_G2_precomp & prec_Q )

Definition at line 705 of file mnt4_pairing.cpp.

707{
708 return mnt4_ate_miller_loop(prec_P, prec_Q);
709}
Here is the call graph for this function:
Here is the caller graph for this function:

◆ mnt4_pairing()

mnt4_Fq4 libff::mnt4_pairing ( const mnt4_G1 & P,
const mnt4_G2 & Q )

Definition at line 719 of file mnt4_pairing.cpp.

721{
722 return mnt4_ate_pairing(P, Q);
723}
Here is the call graph for this function:
Here is the caller graph for this function:

◆ mnt4_precompute_G1()

mnt4_G1_precomp libff::mnt4_precompute_G1 ( const mnt4_G1 & P)

Definition at line 695 of file mnt4_pairing.cpp.

696{
697 return mnt4_ate_precompute_G1(P);
698}
Here is the call graph for this function:
Here is the caller graph for this function:

◆ mnt4_precompute_G2()

mnt4_G2_precomp libff::mnt4_precompute_G2 ( const mnt4_G2 & Q)

Definition at line 700 of file mnt4_pairing.cpp.

701{
702 return mnt4_ate_precompute_G2(Q);
703}
Here is the call graph for this function:
Here is the caller graph for this function:

◆ mnt4_reduced_pairing()

mnt4_GT libff::mnt4_reduced_pairing ( const mnt4_G1 & P,
const mnt4_G2 & Q )

Definition at line 725 of file mnt4_pairing.cpp.

727{
728 return mnt4_ate_reduced_pairing(P, Q);
729}
libff::mnt4_ate_reduced_pairing
mnt4_GT mnt4_ate_reduced_pairing(const mnt4_G1 &P, const mnt4_G2 &Q)
Definition mnt4_pairing.cpp:686
Here is the call graph for this function:
Here is the caller graph for this function:

◆ mnt6_affine_ate_miller_loop()

mnt6_Fq6 libff::mnt6_affine_ate_miller_loop ( const mnt6_affine_ate_G1_precomputation & prec_P,
const mnt6_affine_ate_G2_precomputation & prec_Q )

Definition at line 328 of file mnt6_pairing.cpp.

330{
331 enter_block("Call to mnt6_affine_ate_miller_loop");
332
333 mnt6_Fq6 f = mnt6_Fq6::one();
334
335 const bigint<mnt6_Fr::num_limbs> &loop_count = mnt6_ate_loop_count;
336 bool found_nonzero = false;
337 size_t idx = 0;
338
339 std::vector<long> NAF = find_wnaf(1, loop_count);
340 for (long i = NAF.size() - 1; i >= 0; --i)
341 {
342 if (!found_nonzero)
343 {
344 /* this skips the MSB itself */
345 found_nonzero |= (NAF[i] != 0);
346 continue;
347 }
348
349 /* code below gets executed for all bits (EXCEPT the MSB itself) of
350 mnt6_param_p (skipping leading zeros) in MSB to LSB
351 order */
352 mnt6_affine_ate_coeffs c = prec_Q.coeffs[idx++];
353
354 mnt6_Fq6 g_RR_at_P = mnt6_Fq6(prec_P.PY_twist_squared,
355 - prec_P.PX * c.gamma_twist + c.gamma_X - c.old_RY);
356 f = f.squared().mul_by_2345(g_RR_at_P);
357
358 if (NAF[i] != 0)
359 {
360 mnt6_affine_ate_coeffs c = prec_Q.coeffs[idx++];
361 mnt6_Fq6 g_RQ_at_P;
362 if (NAF[i] > 0)
363 {
364 g_RQ_at_P = mnt6_Fq6(prec_P.PY_twist_squared,
365 - prec_P.PX * c.gamma_twist + c.gamma_X - prec_Q.QY);
366 }
367 else
368 {
369 g_RQ_at_P = mnt6_Fq6(prec_P.PY_twist_squared,
370 - prec_P.PX * c.gamma_twist + c.gamma_X + prec_Q.QY);
371 }
372 f = f.mul_by_2345(g_RQ_at_P);
373 }
374
375 }
376
377 /* TODO: maybe handle neg
378 if (mnt6_ate_is_loop_count_neg)
379 {
380 // TODO:
381 mnt6_affine_ate_coeffs ac = prec_Q.coeffs[idx++];
382 mnt6_Fq6 g_RnegR_at_P = mnt6_Fq6(prec_P.PY_twist_squared,
383 - prec_P.PX * c.gamma_twist + c.gamma_X - c.old_RY);
384 f = (f * g_RnegR_at_P).inverse();
385 }
386 */
387
388 leave_block("Call to mnt6_affine_ate_miller_loop");
389
390 return f;
391}
libff::mnt6_Fq6
Fp6_2over3_model< mnt6_q_limbs, mnt6_modulus_q > mnt6_Fq6
Definition mnt6_init.hpp:38
libff::mnt6_affine_ate_G1_precomputation::PY_twist_squared
mnt6_Fq3 PY_twist_squared
Definition mnt6_pairing.hpp:34
libff::mnt6_affine_ate_G1_precomputation::PX
mnt6_Fq PX
Definition mnt6_pairing.hpp:32
libff::mnt6_affine_ate_G2_precomputation::QY
mnt6_Fq3 QY
Definition mnt6_pairing.hpp:48
libff::mnt6_affine_ate_G2_precomputation::coeffs
std::vector< mnt6_affine_ate_coeffs > coeffs
Definition mnt6_pairing.hpp:49
Here is the call graph for this function:
Here is the caller graph for this function:

◆ mnt6_affine_ate_precompute_G1()

mnt6_affine_ate_G1_precomputation libff::mnt6_affine_ate_precompute_G1 ( const mnt6_G1 & P)

Definition at line 232 of file mnt6_pairing.cpp.

233{
234 enter_block("Call to mnt6_affine_ate_precompute_G1");
235
236 mnt6_G1 Pcopy = P;
237 Pcopy.to_affine_coordinates();
238
239 mnt6_affine_ate_G1_precomputation result;
240 result.PX = Pcopy.X;
241 result.PY = Pcopy.Y;
242 result.PY_twist_squared = Pcopy.Y * mnt6_twist.squared();
243
244 leave_block("Call to mnt6_affine_ate_precompute_G1");
245 return result;
246}
libff::mnt6_G1
Definition mnt6_g1.hpp:26
libff::mnt6_G1::X
mnt6_Fq X
Definition mnt6_g1.hpp:43
libff::mnt6_G1::to_affine_coordinates
void to_affine_coordinates()
Definition mnt6_g1.cpp:72
libff::mnt6_G1::Y
mnt6_Fq Y
Definition mnt6_g1.hpp:43
libff::mnt6_affine_ate_G1_precomputation
Definition mnt6_pairing.hpp:31
Here is the call graph for this function:
Here is the caller graph for this function:

◆ mnt6_affine_ate_precompute_G2()

mnt6_affine_ate_G2_precomputation libff::mnt6_affine_ate_precompute_G2 ( const mnt6_G2 & Q)

Definition at line 248 of file mnt6_pairing.cpp.

249{
250 enter_block("Call to mnt6_affine_ate_precompute_G2");
251
252 mnt6_G2 Qcopy(Q);
253 Qcopy.to_affine_coordinates();
254
255 mnt6_affine_ate_G2_precomputation result;
256 result.QX = Qcopy.X;
257 result.QY = Qcopy.Y;
258
259 mnt6_Fq3 RX = Qcopy.X;
260 mnt6_Fq3 RY = Qcopy.Y;
261
262 const bigint<mnt6_Fr::num_limbs> &loop_count = mnt6_ate_loop_count;
263 bool found_nonzero = false;
264
265 std::vector<long> NAF = find_wnaf(1, loop_count);
266 for (long i = NAF.size() - 1; i >= 0; --i)
267 {
268 if (!found_nonzero)
269 {
270 /* this skips the MSB itself */
271 found_nonzero |= (NAF[i] != 0);
272 continue;
273 }
274
275 mnt6_affine_ate_coeffs c;
276 c.old_RX = RX;
277 c.old_RY = RY;
278 mnt6_Fq3 old_RX_2 = c.old_RX.squared();
279 c.gamma = (old_RX_2 + old_RX_2 + old_RX_2 + mnt6_twist_coeff_a) * (c.old_RY + c.old_RY).inverse();
280 c.gamma_twist = c.gamma * mnt6_twist;
281 c.gamma_X = c.gamma * c.old_RX;
282 result.coeffs.push_back(c);
283
284 RX = c.gamma.squared() - (c.old_RX+c.old_RX);
285 RY = c.gamma * (c.old_RX - RX) - c.old_RY;
286
287 if (NAF[i] != 0)
288 {
289 mnt6_affine_ate_coeffs c;
290 c.old_RX = RX;
291 c.old_RY = RY;
292 if (NAF[i] > 0)
293 {
294 c.gamma = (c.old_RY - result.QY) * (c.old_RX - result.QX).inverse();
295 }
296 else
297 {
298 c.gamma = (c.old_RY + result.QY) * (c.old_RX - result.QX).inverse();
299 }
300 c.gamma_twist = c.gamma * mnt6_twist;
301 c.gamma_X = c.gamma * result.QX;
302 result.coeffs.push_back(c);
303
304 RX = c.gamma.squared() - (c.old_RX+result.QX);
305 RY = c.gamma * (c.old_RX - RX) - c.old_RY;
306 }
307 }
308
309 /* TODO: maybe handle neg
310 if (mnt6_ate_is_loop_count_neg)
311 {
312 mnt6_ate_add_coeffs ac;
313 mnt6_affine_ate_dbl_coeffs c;
314 c.old_RX = RX;
315 c.old_RY = -RY;
316 old_RX_2 = c.old_RY.squared();
317 c.gamma = (old_RX_2 + old_RX_2 + old_RX_2 + mnt6_coeff_a) * (c.old_RY + c.old_RY).inverse();
318 c.gamma_twist = c.gamma * mnt6_twist;
319 c.gamma_X = c.gamma * c.old_RX;
320 result.coeffs.push_back(c);
321 }
322 */
323
324 leave_block("Call to mnt6_affine_ate_precompute_G2");
325 return result;
326}
libff::mnt6_G2
Definition mnt6_g2.hpp:26
libff::mnt6_affine_ate_G2_precomputation
Definition mnt6_pairing.hpp:46
Here is the call graph for this function:
Here is the caller graph for this function:

◆ mnt6_affine_reduced_pairing()

mnt6_GT libff::mnt6_affine_reduced_pairing ( const mnt6_G1 & P,
const mnt6_G2 & Q )

Definition at line 743 of file mnt6_pairing.cpp.

745{
746 const mnt6_affine_ate_G1_precomputation prec_P = mnt6_affine_ate_precompute_G1(P);
747 const mnt6_affine_ate_G2_precomputation prec_Q = mnt6_affine_ate_precompute_G2(Q);
748 const mnt6_Fq6 f = mnt6_affine_ate_miller_loop(prec_P, prec_Q);
749 const mnt6_GT result = mnt6_final_exponentiation(f);
750 return result;
751}
libff::mnt6_final_exponentiation
mnt6_GT mnt6_final_exponentiation(const mnt6_Fq6 &elt)
Definition mnt6_pairing.cpp:218
libff::mnt6_affine_ate_precompute_G1
mnt6_affine_ate_G1_precomputation mnt6_affine_ate_precompute_G1(const mnt6_G1 &P)
Definition mnt6_pairing.cpp:232
libff::mnt6_affine_ate_miller_loop
mnt6_Fq6 mnt6_affine_ate_miller_loop(const mnt6_affine_ate_G1_precomputation &prec_P, const mnt6_affine_ate_G2_precomputation &prec_Q)
Definition mnt6_pairing.cpp:328
libff::mnt6_affine_ate_precompute_G2
mnt6_affine_ate_G2_precomputation mnt6_affine_ate_precompute_G2(const mnt6_G2 &Q)
Definition mnt6_pairing.cpp:248
Here is the call graph for this function:
Here is the caller graph for this function:

◆ mnt6_ate_double_miller_loop()

mnt6_Fq6 libff::mnt6_ate_double_miller_loop ( const mnt6_ate_G1_precomp & prec_P1,
const mnt6_ate_G2_precomp & prec_Q1,
const mnt6_ate_G1_precomp & prec_P2,
const mnt6_ate_G2_precomp & prec_Q2 )

Definition at line 611 of file mnt6_pairing.cpp.

615{
616 enter_block("Call to mnt6_ate_double_miller_loop");
617
618 mnt6_Fq3 L1_coeff1 = mnt6_Fq3(prec_P1.PX, mnt6_Fq::zero(), mnt6_Fq::zero()) - prec_Q1.QX_over_twist;
619 mnt6_Fq3 L1_coeff2 = mnt6_Fq3(prec_P2.PX, mnt6_Fq::zero(), mnt6_Fq::zero()) - prec_Q2.QX_over_twist;
620
621 mnt6_Fq6 f = mnt6_Fq6::one();
622
623 bool found_one = false;
624 size_t dbl_idx = 0;
625 size_t add_idx = 0;
626
627 const bigint<mnt6_Fr::num_limbs> &loop_count = mnt6_ate_loop_count;
628
629 for (long i = loop_count.max_bits() - 1; i >= 0; --i)
630 {
631 const bool bit = loop_count.test_bit(i);
632
633 if (!found_one)
634 {
635 /* this skips the MSB itself */
636 found_one |= bit;
637 continue;
638 }
639
640 /* code below gets executed for all bits (EXCEPT the MSB itself) of
641 mnt6_param_p (skipping leading zeros) in MSB to LSB
642 order */
643 mnt6_ate_dbl_coeffs dc1 = prec_Q1.dbl_coeffs[dbl_idx];
644 mnt6_ate_dbl_coeffs dc2 = prec_Q2.dbl_coeffs[dbl_idx];
645 ++dbl_idx;
646
647 mnt6_Fq6 g_RR_at_P1 = mnt6_Fq6(- dc1.c_4C - dc1.c_J * prec_P1.PX_twist + dc1.c_L,
648 dc1.c_H * prec_P1.PY_twist);
649
650 mnt6_Fq6 g_RR_at_P2 = mnt6_Fq6(- dc2.c_4C - dc2.c_J * prec_P2.PX_twist + dc2.c_L,
651 dc2.c_H * prec_P2.PY_twist);
652
653 f = f.squared() * g_RR_at_P1 * g_RR_at_P2;
654
655 if (bit)
656 {
657 mnt6_ate_add_coeffs ac1 = prec_Q1.add_coeffs[add_idx];
658 mnt6_ate_add_coeffs ac2 = prec_Q2.add_coeffs[add_idx];
659 ++add_idx;
660
661 mnt6_Fq6 g_RQ_at_P1 = mnt6_Fq6(ac1.c_RZ * prec_P1.PY_twist,
662 -(prec_Q1.QY_over_twist * ac1.c_RZ + L1_coeff1 * ac1.c_L1));
663 mnt6_Fq6 g_RQ_at_P2 = mnt6_Fq6(ac2.c_RZ * prec_P2.PY_twist,
664 -(prec_Q2.QY_over_twist * ac2.c_RZ + L1_coeff2 * ac2.c_L1));
665
666 f = f * g_RQ_at_P1 * g_RQ_at_P2;
667 }
668 }
669
670 if (mnt6_ate_is_loop_count_neg)
671 {
672 mnt6_ate_add_coeffs ac1 = prec_Q1.add_coeffs[add_idx];
673 mnt6_ate_add_coeffs ac2 = prec_Q2.add_coeffs[add_idx];
674 ++add_idx;
675 mnt6_Fq6 g_RnegR_at_P1 = mnt6_Fq6(ac1.c_RZ * prec_P1.PY_twist,
676 -(prec_Q1.QY_over_twist * ac1.c_RZ + L1_coeff1 * ac1.c_L1));
677 mnt6_Fq6 g_RnegR_at_P2 = mnt6_Fq6(ac2.c_RZ * prec_P2.PY_twist,
678 -(prec_Q2.QY_over_twist * ac2.c_RZ + L1_coeff2 * ac2.c_L1));
679
680 f = (f * g_RnegR_at_P1 * g_RnegR_at_P2).inverse();
681 }
682
683 leave_block("Call to mnt6_ate_double_miller_loop");
684
685 return f;
686}
libff::mnt6_ate_G1_precomp::PX
mnt6_Fq PX
Definition mnt6_pairing.hpp:61
libff::mnt6_ate_G1_precomp::PX_twist
mnt6_Fq3 PX_twist
Definition mnt6_pairing.hpp:63
libff::mnt6_ate_G1_precomp::PY_twist
mnt6_Fq3 PY_twist
Definition mnt6_pairing.hpp:64
libff::mnt6_ate_G2_precomp::add_coeffs
std::vector< mnt6_ate_add_coeffs > add_coeffs
Definition mnt6_pairing.hpp:98
libff::mnt6_ate_G2_precomp::QX_over_twist
mnt6_Fq3 QX_over_twist
Definition mnt6_pairing.hpp:95
libff::mnt6_ate_G2_precomp::dbl_coeffs
std::vector< mnt6_ate_dbl_coeffs > dbl_coeffs
Definition mnt6_pairing.hpp:97
libff::mnt6_ate_G2_precomp::QY_over_twist
mnt6_Fq3 QY_over_twist
Definition mnt6_pairing.hpp:96
Here is the call graph for this function:
Here is the caller graph for this function:

◆ mnt6_ate_miller_loop()

mnt6_Fq6 libff::mnt6_ate_miller_loop ( const mnt6_ate_G1_precomp & prec_P,
const mnt6_ate_G2_precomp & prec_Q )

Definition at line 553 of file mnt6_pairing.cpp.

555{
556 enter_block("Call to mnt6_ate_miller_loop");
557
558 mnt6_Fq3 L1_coeff = mnt6_Fq3(prec_P.PX, mnt6_Fq::zero(), mnt6_Fq::zero()) - prec_Q.QX_over_twist;
559
560 mnt6_Fq6 f = mnt6_Fq6::one();
561
562 bool found_one = false;
563 size_t dbl_idx = 0;
564 size_t add_idx = 0;
565
566 const bigint<mnt6_Fr::num_limbs> &loop_count = mnt6_ate_loop_count;
567
568 for (long i = loop_count.max_bits() - 1; i >= 0; --i)
569 {
570 const bool bit = loop_count.test_bit(i);
571
572 if (!found_one)
573 {
574 /* this skips the MSB itself */
575 found_one |= bit;
576 continue;
577 }
578
579 /* code below gets executed for all bits (EXCEPT the MSB itself) of
580 mnt6_param_p (skipping leading zeros) in MSB to LSB
581 order */
582 mnt6_ate_dbl_coeffs dc = prec_Q.dbl_coeffs[dbl_idx++];
583
584 mnt6_Fq6 g_RR_at_P = mnt6_Fq6(- dc.c_4C - dc.c_J * prec_P.PX_twist + dc.c_L,
585 dc.c_H * prec_P.PY_twist);
586 f = f.squared() * g_RR_at_P;
587
588 if (bit)
589 {
590 mnt6_ate_add_coeffs ac = prec_Q.add_coeffs[add_idx++];
591 mnt6_Fq6 g_RQ_at_P = mnt6_Fq6(ac.c_RZ * prec_P.PY_twist,
592 -(prec_Q.QY_over_twist * ac.c_RZ + L1_coeff * ac.c_L1));
593 f = f * g_RQ_at_P;
594 }
595
596 }
597
598 if (mnt6_ate_is_loop_count_neg)
599 {
600 mnt6_ate_add_coeffs ac = prec_Q.add_coeffs[add_idx++];
601 mnt6_Fq6 g_RnegR_at_P = mnt6_Fq6(ac.c_RZ * prec_P.PY_twist,
602 -(prec_Q.QY_over_twist * ac.c_RZ + L1_coeff * ac.c_L1));
603 f = (f * g_RnegR_at_P).inverse();
604 }
605
606 leave_block("Call to mnt6_ate_miller_loop");
607
608 return f;
609}
Here is the call graph for this function:
Here is the caller graph for this function:

◆ mnt6_ate_pairing()

mnt6_Fq6 libff::mnt6_ate_pairing ( const mnt6_G1 & P,
const mnt6_G2 & Q )

Definition at line 688 of file mnt6_pairing.cpp.

689{
690 enter_block("Call to mnt6_ate_pairing");
691 mnt6_ate_G1_precomp prec_P = mnt6_ate_precompute_G1(P);
692 mnt6_ate_G2_precomp prec_Q = mnt6_ate_precompute_G2(Q);
693 mnt6_Fq6 result = mnt6_ate_miller_loop(prec_P, prec_Q);
694 leave_block("Call to mnt6_ate_pairing");
695 return result;
696}
libff::mnt6_ate_miller_loop
mnt6_Fq6 mnt6_ate_miller_loop(const mnt6_ate_G1_precomp &prec_P, const mnt6_ate_G2_precomp &prec_Q)
Definition mnt6_pairing.cpp:553
libff::mnt6_ate_precompute_G1
mnt6_ate_G1_precomp mnt6_ate_precompute_G1(const mnt6_G1 &P)
Definition mnt6_pairing.cpp:472
libff::mnt6_ate_precompute_G2
mnt6_ate_G2_precomp mnt6_ate_precompute_G2(const mnt6_G2 &Q)
Definition mnt6_pairing.cpp:489
libff::mnt6_ate_G1_precomp
Definition mnt6_pairing.hpp:60
libff::mnt6_ate_G2_precomp
Definition mnt6_pairing.hpp:91
Here is the call graph for this function:
Here is the caller graph for this function:

◆ mnt6_ate_precompute_G1()

mnt6_ate_G1_precomp libff::mnt6_ate_precompute_G1 ( const mnt6_G1 & P)

Definition at line 472 of file mnt6_pairing.cpp.

473{
474 enter_block("Call to mnt6_ate_precompute_G1");
475
476 mnt6_G1 Pcopy = P;
477 Pcopy.to_affine_coordinates();
478
479 mnt6_ate_G1_precomp result;
480 result.PX = Pcopy.X;
481 result.PY = Pcopy.Y;
482 result.PX_twist = Pcopy.X * mnt6_twist;
483 result.PY_twist = Pcopy.Y * mnt6_twist;
484
485 leave_block("Call to mnt6_ate_precompute_G1");
486 return result;
487}
Here is the call graph for this function:
Here is the caller graph for this function:

◆ mnt6_ate_precompute_G2()

mnt6_ate_G2_precomp libff::mnt6_ate_precompute_G2 ( const mnt6_G2 & Q)

Definition at line 489 of file mnt6_pairing.cpp.

490{
491 enter_block("Call to mnt6_ate_precompute_G2");
492
493 mnt6_G2 Qcopy(Q);
494 Qcopy.to_affine_coordinates();
495
496 mnt6_Fq3 mnt6_twist_inv = mnt6_twist.inverse(); // could add to global params if needed
497
498 mnt6_ate_G2_precomp result;
499 result.QX = Qcopy.X;
500 result.QY = Qcopy.Y;
501 result.QY2 = Qcopy.Y.squared();
502 result.QX_over_twist = Qcopy.X * mnt6_twist_inv;
503 result.QY_over_twist = Qcopy.Y * mnt6_twist_inv;
504
505 extended_mnt6_G2_projective R;
506 R.X = Qcopy.X;
507 R.Y = Qcopy.Y;
508 R.Z = mnt6_Fq3::one();
509 R.T = mnt6_Fq3::one();
510
511 const bigint<mnt6_Fr::num_limbs> &loop_count = mnt6_ate_loop_count;
512 bool found_one = false;
513 for (long i = loop_count.max_bits() - 1; i >= 0; --i)
514 {
515 const bool bit = loop_count.test_bit(i);
516
517 if (!found_one)
518 {
519 /* this skips the MSB itself */
520 found_one |= bit;
521 continue;
522 }
523
524 mnt6_ate_dbl_coeffs dc;
525 doubling_step_for_flipped_miller_loop(R, dc);
526 result.dbl_coeffs.push_back(dc);
527
528 if (bit)
529 {
530 mnt6_ate_add_coeffs ac;
531 mixed_addition_step_for_flipped_miller_loop(result.QX, result.QY, result.QY2, R, ac);
532 result.add_coeffs.push_back(ac);
533 }
534 }
535
536 if (mnt6_ate_is_loop_count_neg)
537 {
538 mnt6_Fq3 RZ_inv = R.Z.inverse();
539 mnt6_Fq3 RZ2_inv = RZ_inv.squared();
540 mnt6_Fq3 RZ3_inv = RZ2_inv * RZ_inv;
541 mnt6_Fq3 minus_R_affine_X = R.X * RZ2_inv;
542 mnt6_Fq3 minus_R_affine_Y = - R.Y * RZ3_inv;
543 mnt6_Fq3 minus_R_affine_Y2 = minus_R_affine_Y.squared();
544 mnt6_ate_add_coeffs ac;
545 mixed_addition_step_for_flipped_miller_loop(minus_R_affine_X, minus_R_affine_Y, minus_R_affine_Y2, R, ac);
546 result.add_coeffs.push_back(ac);
547 }
548
549 leave_block("Call to mnt6_ate_precompute_G2");
550 return result;
551}
libff::extended_mnt6_G2_projective
Definition mnt6_pairing.cpp:395
libff::extended_mnt6_G2_projective::X
mnt6_Fq3 X
Definition mnt6_pairing.cpp:396
Here is the call graph for this function:
Here is the caller graph for this function:

◆ mnt6_ate_reduced_pairing()

mnt6_GT libff::mnt6_ate_reduced_pairing ( const mnt6_G1 & P,
const mnt6_G2 & Q )

Definition at line 698 of file mnt6_pairing.cpp.

699{
700 enter_block("Call to mnt6_ate_reduced_pairing");
701 const mnt6_Fq6 f = mnt6_ate_pairing(P, Q);
702 const mnt6_GT result = mnt6_final_exponentiation(f);
703 leave_block("Call to mnt6_ate_reduced_pairing");
704 return result;
705}
libff::mnt6_ate_pairing
mnt6_Fq6 mnt6_ate_pairing(const mnt6_G1 &P, const mnt6_G2 &Q)
Definition mnt6_pairing.cpp:688
Here is the call graph for this function:
Here is the caller graph for this function:

◆ mnt6_double_miller_loop()

mnt6_Fq6 libff::mnt6_double_miller_loop ( const mnt6_G1_precomp & prec_P1,
const mnt6_G2_precomp & prec_Q1,
const mnt6_G1_precomp & prec_P2,
const mnt6_G2_precomp & prec_Q2 )

Definition at line 723 of file mnt6_pairing.cpp.

727{
728 return mnt6_ate_double_miller_loop(prec_P1, prec_Q1, prec_P2, prec_Q2);
729}
libff::mnt6_ate_double_miller_loop
mnt6_Fq6 mnt6_ate_double_miller_loop(const mnt6_ate_G1_precomp &prec_P1, const mnt6_ate_G2_precomp &prec_Q1, const mnt6_ate_G1_precomp &prec_P2, const mnt6_ate_G2_precomp &prec_Q2)
Definition mnt6_pairing.cpp:611
Here is the call graph for this function:
Here is the caller graph for this function:

◆ mnt6_final_exponentiation()

mnt6_GT libff::mnt6_final_exponentiation ( const mnt6_Fq6 & elt)

Definition at line 218 of file mnt6_pairing.cpp.

219{
220 enter_block("Call to mnt6_final_exponentiation");
221 const mnt6_Fq6 elt_inv = elt.inverse();
222 const mnt6_Fq6 elt_to_first_chunk = mnt6_final_exponentiation_first_chunk(elt, elt_inv);
223 const mnt6_Fq6 elt_inv_to_first_chunk = mnt6_final_exponentiation_first_chunk(elt_inv, elt);
224 mnt6_GT result = mnt6_final_exponentiation_last_chunk(elt_to_first_chunk, elt_inv_to_first_chunk);
225 leave_block("Call to mnt6_final_exponentiation");
226
227 return result;
228}
libff::mnt6_final_exponentiation_last_chunk
mnt6_Fq6 mnt6_final_exponentiation_last_chunk(const mnt6_Fq6 &elt, const mnt6_Fq6 &elt_inv)
Definition mnt6_pairing.cpp:182
libff::mnt6_final_exponentiation_first_chunk
mnt6_Fq6 mnt6_final_exponentiation_first_chunk(const mnt6_Fq6 &elt, const mnt6_Fq6 &elt_inv)
Definition mnt6_pairing.cpp:200
Here is the call graph for this function:
Here is the caller graph for this function:

◆ mnt6_final_exponentiation_first_chunk()

mnt6_Fq6 libff::mnt6_final_exponentiation_first_chunk ( const mnt6_Fq6 & elt,
const mnt6_Fq6 & elt_inv )

Definition at line 200 of file mnt6_pairing.cpp.

201{
202 enter_block("Call to mnt6_final_exponentiation_first_chunk");
203
204 /* (q^3-1)*(q+1) */
205
206 /* elt_q3 = elt^(q^3) */
207 const mnt6_Fq6 elt_q3 = elt.Frobenius_map(3);
208 /* elt_q3_over_elt = elt^(q^3-1) */
209 const mnt6_Fq6 elt_q3_over_elt = elt_q3 * elt_inv;
210 /* alpha = elt^((q^3-1) * q) */
211 const mnt6_Fq6 alpha = elt_q3_over_elt.Frobenius_map(1);
212 /* beta = elt^((q^3-1)*(q+1) */
213 const mnt6_Fq6 beta = alpha * elt_q3_over_elt;
214 leave_block("Call to mnt6_final_exponentiation_first_chunk");
215 return beta;
216}
Here is the call graph for this function:
Here is the caller graph for this function:

◆ mnt6_final_exponentiation_last_chunk()

mnt6_Fq6 libff::mnt6_final_exponentiation_last_chunk ( const mnt6_Fq6 & elt,
const mnt6_Fq6 & elt_inv )

Definition at line 182 of file mnt6_pairing.cpp.

183{
184 enter_block("Call to mnt6_final_exponentiation_last_chunk");
185 const mnt6_Fq6 elt_q = elt.Frobenius_map(1);
186 mnt6_Fq6 w1_part = elt_q.cyclotomic_exp(mnt6_final_exponent_last_chunk_w1);
187 mnt6_Fq6 w0_part;
188 if (mnt6_final_exponent_last_chunk_is_w0_neg)
189 {
190 w0_part = elt_inv.cyclotomic_exp(mnt6_final_exponent_last_chunk_abs_of_w0);
191 } else {
192 w0_part = elt.cyclotomic_exp(mnt6_final_exponent_last_chunk_abs_of_w0);
193 }
194 mnt6_Fq6 result = w1_part * w0_part;
195 leave_block("Call to mnt6_final_exponentiation_last_chunk");
196
197 return result;
198}
Here is the call graph for this function:
Here is the caller graph for this function:

◆ mnt6_miller_loop()

mnt6_Fq6 libff::mnt6_miller_loop ( const mnt6_G1_precomp & prec_P,
const mnt6_G2_precomp & prec_Q )

Definition at line 717 of file mnt6_pairing.cpp.

719{
720 return mnt6_ate_miller_loop(prec_P, prec_Q);
721}
Here is the call graph for this function:
Here is the caller graph for this function:

◆ mnt6_pairing()

mnt6_Fq6 libff::mnt6_pairing ( const mnt6_G1 & P,
const mnt6_G2 & Q )

Definition at line 731 of file mnt6_pairing.cpp.

733{
734 return mnt6_ate_pairing(P, Q);
735}
Here is the call graph for this function:
Here is the caller graph for this function:

◆ mnt6_precompute_G1()

mnt6_G1_precomp libff::mnt6_precompute_G1 ( const mnt6_G1 & P)

Definition at line 707 of file mnt6_pairing.cpp.

708{
709 return mnt6_ate_precompute_G1(P);
710}
Here is the call graph for this function:
Here is the caller graph for this function:

◆ mnt6_precompute_G2()

mnt6_G2_precomp libff::mnt6_precompute_G2 ( const mnt6_G2 & Q)

Definition at line 712 of file mnt6_pairing.cpp.

713{
714 return mnt6_ate_precompute_G2(Q);
715}
Here is the call graph for this function:
Here is the caller graph for this function:

◆ mnt6_reduced_pairing()

mnt6_GT libff::mnt6_reduced_pairing ( const mnt6_G1 & P,
const mnt6_G2 & Q )

Definition at line 737 of file mnt6_pairing.cpp.

739{
740 return mnt6_ate_reduced_pairing(P, Q);
741}
libff::mnt6_ate_reduced_pairing
mnt6_GT mnt6_ate_reduced_pairing(const mnt6_G1 &P, const mnt6_G2 &Q)
Definition mnt6_pairing.cpp:698
Here is the call graph for this function:
Here is the caller graph for this function:

◆ multi_exp()

template<typename T , typename FieldT , multi_exp_method Method>
T libff::multi_exp ( typename std::vector< T >::const_iterator vec_start,
typename std::vector< T >::const_iterator vec_end,
typename std::vector< FieldT >::const_iterator scalar_start,
typename std::vector< FieldT >::const_iterator scalar_end,
const size_t chunks )

Computes the sum \sum_i scalar_start[i] * vec_start[i] using the selected method. Input is split into the given number of chunks, and, when compiled with MULTICORE, the chunks are processed in parallel.

Here is the caller graph for this function:

◆ multi_exp_with_mixed_addition()

template<typename T , typename FieldT , multi_exp_method Method>
T libff::multi_exp_with_mixed_addition ( typename std::vector< T >::const_iterator vec_start,
typename std::vector< T >::const_iterator vec_end,
typename std::vector< FieldT >::const_iterator scalar_start,
typename std::vector< FieldT >::const_iterator scalar_end,
const size_t chunks )

A variant of multi_exp that takes advantage of the method mixed_add (instead of the operator '+'). Assumes input is in special form, and includes special pre-processing for scalars equal to 0 or 1.

◆ op_profiling_enter()

void libff::op_profiling_enter ( const std::string & msg)

Definition at line 237 of file profiling.cpp.

238{
239 for (std::pair<std::string, long long*> p : op_data_points)
240 {
241 op_counts[std::make_pair(msg, p.first)] = *(p.second);
242 }
243}
libff::op_counts
std::map< std::pair< std::string, std::string >, long long > op_counts
Definition profiling.cpp:71
Here is the caller graph for this function:

◆ operator*() [1/30]

template<mp_size_t m>
alt_bn128_G1 libff::operator* ( const bigint< m > & lhs,
const alt_bn128_G1 & rhs )

Definition at line 79 of file alt_bn128_g1.hpp.

80{
81 return scalar_mul<alt_bn128_G1, m>(rhs, lhs);
82}
Here is the call graph for this function:

◆ operator*() [2/30]

template<mp_size_t m>
alt_bn128_G2 libff::operator* ( const bigint< m > & lhs,
const alt_bn128_G2 & rhs )

Definition at line 83 of file alt_bn128_g2.hpp.

84{
85 return scalar_mul<alt_bn128_G2, m>(rhs, lhs);
86}
Here is the call graph for this function:

◆ operator*() [3/30]

template<mp_size_t m>
bn128_G1 libff::operator* ( const bigint< m > & lhs,
const bn128_G1 & rhs )

Definition at line 83 of file bn128_g1.hpp.

84{
85 return scalar_mul<bn128_G1, m>(rhs, lhs);
86}
Here is the call graph for this function:

◆ operator*() [4/30]

template<mp_size_t m>
bn128_G2 libff::operator* ( const bigint< m > & lhs,
const bn128_G2 & rhs )

Definition at line 84 of file bn128_g2.hpp.

85{
86 return scalar_mul<bn128_G2, m>(rhs, lhs);
87}
Here is the call graph for this function:

◆ operator*() [5/30]

template<mp_size_t m>
edwards_G1 libff::operator* ( const bigint< m > & lhs,
const edwards_G1 & rhs )

Definition at line 81 of file edwards_g1.hpp.

82{
83 return scalar_mul<edwards_G1, m>(rhs, lhs);
84}
Here is the call graph for this function:

◆ operator*() [6/30]

template<mp_size_t m>
edwards_G2 libff::operator* ( const bigint< m > & lhs,
const edwards_G2 & rhs )

Definition at line 87 of file edwards_g2.hpp.

88{
89 return scalar_mul<edwards_G2, m>(rhs, lhs);
90}
Here is the call graph for this function:

◆ operator*() [7/30]

template<mp_size_t m>
mnt4_G1 libff::operator* ( const bigint< m > & lhs,
const mnt4_G1 & rhs )

Definition at line 87 of file mnt4_g1.hpp.

88{
89 return scalar_mul<mnt4_G1, m>(rhs, lhs);
90}
Here is the call graph for this function:

◆ operator*() [8/30]

template<mp_size_t m>
mnt4_G2 libff::operator* ( const bigint< m > & lhs,
const mnt4_G2 & rhs )

Definition at line 92 of file mnt4_g2.hpp.

93{
94 return scalar_mul<mnt4_G2, m>(rhs, lhs);
95}
Here is the call graph for this function:

◆ operator*() [9/30]

template<mp_size_t m>
mnt6_G1 libff::operator* ( const bigint< m > & lhs,
const mnt6_G1 & rhs )

Definition at line 87 of file mnt6_g1.hpp.

88{
89 return scalar_mul<mnt6_G1, m>(rhs, lhs);
90}
Here is the call graph for this function:

◆ operator*() [10/30]

template<mp_size_t m>
mnt6_G2 libff::operator* ( const bigint< m > & lhs,
const mnt6_G2 & rhs )

Definition at line 92 of file mnt6_g2.hpp.

93{
94 return scalar_mul<mnt6_G2, m>(rhs, lhs);
95}
Here is the call graph for this function:

◆ operator*() [11/30]

template<mp_size_t n, const bigint< n > & modulus>
Fp12_2over3over2_model< n, modulus > libff::operator* ( const Fp2_model< n, modulus > & lhs,
const Fp12_2over3over2_model< n, modulus > & rhs )

◆ operator*() [12/30]

template<mp_size_t n, const bigint< n > & modulus>
Fp4_model< n, modulus > libff::operator* ( const Fp2_model< n, modulus > & lhs,
const Fp4_model< n, modulus > & rhs )

◆ operator*() [13/30]

template<mp_size_t n, const bigint< n > & modulus>
Fp6_3over2_model< n, modulus > libff::operator* ( const Fp2_model< n, modulus > & lhs,
const Fp6_3over2_model< n, modulus > & rhs )

◆ operator*() [14/30]

template<mp_size_t n, const bigint< n > & modulus>
Fp12_2over3over2_model< n, modulus > libff::operator* ( const Fp6_3over2_model< n, modulus > & lhs,
const Fp12_2over3over2_model< n, modulus > & rhs )

◆ operator*() [15/30]

template<mp_size_t m, const bigint< m > & modulus_p>
alt_bn128_G1 libff::operator* ( const Fp_model< m, modulus_p > & lhs,
const alt_bn128_G1 & rhs )

Definition at line 85 of file alt_bn128_g1.hpp.

86{
87 return scalar_mul<alt_bn128_G1, m>(rhs, lhs.as_bigint());
88}
libff::Fp_model::as_bigint
bigint< n > as_bigint() const
Here is the call graph for this function:

◆ operator*() [16/30]

template<mp_size_t m, const bigint< m > & modulus_p>
alt_bn128_G2 libff::operator* ( const Fp_model< m, modulus_p > & lhs,
const alt_bn128_G2 & rhs )

Definition at line 89 of file alt_bn128_g2.hpp.

90{
91 return scalar_mul<alt_bn128_G2, m>(rhs, lhs.as_bigint());
92}
Here is the call graph for this function:

◆ operator*() [17/30]

template<mp_size_t m, const bigint< m > & modulus_p>
bn128_G1 libff::operator* ( const Fp_model< m, modulus_p > & lhs,
const bn128_G1 & rhs )

Definition at line 89 of file bn128_g1.hpp.

90{
91 return scalar_mul<bn128_G1, m>(rhs, lhs.as_bigint());
92}
Here is the call graph for this function:

◆ operator*() [18/30]

template<mp_size_t m, const bigint< m > & modulus_p>
bn128_G2 libff::operator* ( const Fp_model< m, modulus_p > & lhs,
const bn128_G2 & rhs )

Definition at line 90 of file bn128_g2.hpp.

91{
92 return scalar_mul<bn128_G2, m>(rhs, lhs.as_bigint());
93}
Here is the call graph for this function:

◆ operator*() [19/30]

template<mp_size_t m, const bigint< m > & modulus_p>
edwards_G1 libff::operator* ( const Fp_model< m, modulus_p > & lhs,
const edwards_G1 & rhs )

Definition at line 87 of file edwards_g1.hpp.

88{
89 return scalar_mul<edwards_G1, m>(rhs, lhs.as_bigint());
90}
Here is the call graph for this function:

◆ operator*() [20/30]

template<mp_size_t m, const bigint< m > & modulus_p>
edwards_G2 libff::operator* ( const Fp_model< m, modulus_p > & lhs,
const edwards_G2 & rhs )

Definition at line 93 of file edwards_g2.hpp.

94{
95 return scalar_mul<edwards_G2, m>(rhs, lhs.as_bigint());
96}
Here is the call graph for this function:

◆ operator*() [21/30]

template<mp_size_t m, const bigint< m > & modulus_p>
mnt4_G1 libff::operator* ( const Fp_model< m, modulus_p > & lhs,
const mnt4_G1 & rhs )

Definition at line 93 of file mnt4_g1.hpp.

94{
95 return scalar_mul<mnt4_G1, m>(rhs, lhs.as_bigint());
96}
Here is the call graph for this function:

◆ operator*() [22/30]

template<mp_size_t m, const bigint< m > & modulus_p>
mnt4_G2 libff::operator* ( const Fp_model< m, modulus_p > & lhs,
const mnt4_G2 & rhs )

Definition at line 98 of file mnt4_g2.hpp.

99{
100 return scalar_mul<mnt4_G2, m>(rhs, lhs.as_bigint());
101}
Here is the call graph for this function:

◆ operator*() [23/30]

template<mp_size_t m, const bigint< m > & modulus_p>
mnt6_G1 libff::operator* ( const Fp_model< m, modulus_p > & lhs,
const mnt6_G1 & rhs )

Definition at line 93 of file mnt6_g1.hpp.

94{
95 return scalar_mul<mnt6_G1, m>(rhs, lhs.as_bigint());
96}
Here is the call graph for this function:

◆ operator*() [24/30]

template<mp_size_t m, const bigint< m > & modulus_p>
mnt6_G2 libff::operator* ( const Fp_model< m, modulus_p > & lhs,
const mnt6_G2 & rhs )

Definition at line 98 of file mnt6_g2.hpp.

99{
100 return scalar_mul<mnt6_G2, m>(rhs, lhs.as_bigint());
101}
Here is the call graph for this function:

◆ operator*() [25/30]

template<mp_size_t n, const bigint< n > & modulus>
Fp12_2over3over2_model< n, modulus > libff::operator* ( const Fp_model< n, modulus > & lhs,
const Fp12_2over3over2_model< n, modulus > & rhs )

◆ operator*() [26/30]

template<mp_size_t n, const bigint< n > & modulus>
Fp2_model< n, modulus > libff::operator* ( const Fp_model< n, modulus > & lhs,
const Fp2_model< n, modulus > & rhs )

◆ operator*() [27/30]

template<mp_size_t n, const bigint< n > & modulus>
Fp3_model< n, modulus > libff::operator* ( const Fp_model< n, modulus > & lhs,
const Fp3_model< n, modulus > & rhs )

◆ operator*() [28/30]

template<mp_size_t n, const bigint< n > & modulus>
Fp4_model< n, modulus > libff::operator* ( const Fp_model< n, modulus > & lhs,
const Fp4_model< n, modulus > & rhs )

◆ operator*() [29/30]

template<mp_size_t n, const bigint< n > & modulus>
Fp6_2over3_model< n, modulus > libff::operator* ( const Fp_model< n, modulus > & lhs,
const Fp6_2over3_model< n, modulus > & rhs )

◆ operator*() [30/30]

template<mp_size_t n, const bigint< n > & modulus>
Fp6_3over2_model< n, modulus > libff::operator* ( const Fp_model< n, modulus > & lhs,
const Fp6_3over2_model< n, modulus > & rhs )

◆ operator<<() [1/51]

template<mp_size_t n, const bigint< n > & modulus>
std::ostream & libff::operator<< ( std::ostream & ,
const Fp12_2over3over2_model< n, modulus > &  )

◆ operator<<() [2/51]

template<mp_size_t n, const bigint< n > & modulus>
std::ostream & libff::operator<< ( std::ostream & ,
const Fp2_model< n, modulus > &  )

◆ operator<<() [3/51]

template<mp_size_t n, const bigint< n > & modulus>
std::ostream & libff::operator<< ( std::ostream & ,
const Fp3_model< n, modulus > &  )

◆ operator<<() [4/51]

template<mp_size_t n, const bigint< n > & modulus>
std::ostream & libff::operator<< ( std::ostream & ,
const Fp4_model< n, modulus > &  )

◆ operator<<() [5/51]

template<mp_size_t n, const bigint< n > & modulus>
std::ostream & libff::operator<< ( std::ostream & ,
const Fp6_2over3_model< n, modulus > &  )

◆ operator<<() [6/51]

template<mp_size_t n, const bigint< n > & modulus>
std::ostream & libff::operator<< ( std::ostream & ,
const Fp6_3over2_model< n, modulus > &  )

◆ operator<<() [7/51]

template<mp_size_t n, const bigint< n > & modulus>
std::ostream & libff::operator<< ( std::ostream & ,
const Fp_model< n, modulus > &  )

◆ operator<<() [8/51]

std::ostream & libff::operator<< ( std::ostream & out,
const alt_bn128_ate_ell_coeffs & c )

Definition at line 47 of file alt_bn128_pairing.cpp.

48{
49 out << c.ell_0 << OUTPUT_SEPARATOR << c.ell_VW << OUTPUT_SEPARATOR << c.ell_VV;
50 return out;
51}
OUTPUT_SEPARATOR
#define OUTPUT_SEPARATOR
Definition serialization.hpp:68

◆ operator<<() [9/51]

std::ostream & libff::operator<< ( std::ostream & out,
const alt_bn128_ate_G1_precomp & prec_P )

Definition at line 24 of file alt_bn128_pairing.cpp.

25{
26 out << prec_P.PX << OUTPUT_SEPARATOR << prec_P.PY;
27
28 return out;
29}

◆ operator<<() [10/51]

std::ostream & libff::operator<< ( std::ostream & out,
const alt_bn128_ate_G2_precomp & prec_Q )

Definition at line 71 of file alt_bn128_pairing.cpp.

72{
73 out << prec_Q.QX << OUTPUT_SEPARATOR << prec_Q.QY << "\n";
74 out << prec_Q.coeffs.size() << "\n";
75 for (const alt_bn128_ate_ell_coeffs &c : prec_Q.coeffs)
76 {
77 out << c << OUTPUT_NEWLINE;
78 }
79 return out;
80}
OUTPUT_NEWLINE
#define OUTPUT_NEWLINE
Definition serialization.hpp:67
libff::alt_bn128_ate_G2_precomp::QX
alt_bn128_Fq2 QX
Definition alt_bn128_pairing.hpp:42
libff::alt_bn128_ate_G2_precomp::QY
alt_bn128_Fq2 QY
Definition alt_bn128_pairing.hpp:43

◆ operator<<() [11/51]

std::ostream & libff::operator<< ( std::ostream & out,
const alt_bn128_G1 & g )

Definition at line 408 of file alt_bn128_g1.cpp.

409{
410 alt_bn128_G1 copy(g);
411 copy.to_affine_coordinates();
412
413 out << (copy.is_zero() ? 1 : 0) << OUTPUT_SEPARATOR;
414#ifdef NO_PT_COMPRESSION
415 out << copy.X << OUTPUT_SEPARATOR << copy.Y;
416#else
417 /* storing LSB of Y */
418 out << copy.X << OUTPUT_SEPARATOR << (copy.Y.as_bigint().data[0] & 1);
419#endif
420
421 return out;
422}

◆ operator<<() [12/51]

std::ostream & libff::operator<< ( std::ostream & out,
const alt_bn128_G2 & g )

Definition at line 422 of file alt_bn128_g2.cpp.

423{
424 alt_bn128_G2 copy(g);
425 copy.to_affine_coordinates();
426 out << (copy.is_zero() ? 1 : 0) << OUTPUT_SEPARATOR;
427#ifdef NO_PT_COMPRESSION
428 out << copy.X << OUTPUT_SEPARATOR << copy.Y;
429#else
430 /* storing LSB of Y */
431 out << copy.X << OUTPUT_SEPARATOR << (copy.Y.c0.as_bigint().data[0] & 1);
432#endif
433
434 return out;
435}

◆ operator<<() [13/51]

template<mp_size_t n>
std::ostream & libff::operator<< ( std::ostream & out,
const bigint< n > & b )

◆ operator<<() [14/51]

std::ostream & libff::operator<< ( std::ostream & out,
const bn128_ate_G1_precomp & prec_P )

Definition at line 29 of file bn128_pairing.cpp.

30{
31 for (size_t i = 0; i < 3; ++i)
32 {
33#ifndef BINARY_OUTPUT
34 out << prec_P.P[i] << "\n";
35#else
36 out.write((char*) &prec_P.P[i], sizeof(prec_P.P[i]));
37#endif
38 }
39 return out;
40}

◆ operator<<() [15/51]

std::ostream & libff::operator<< ( std::ostream & out,
const bn128_ate_G2_precomp & prec_Q )

Definition at line 81 of file bn128_pairing.cpp.

82{
83 for (size_t i = 0; i < 3; ++i)
84 {
85#ifndef BINARY_OUTPUT
86 out << prec_Q.Q[i].a_ << "\n";
87 out << prec_Q.Q[i].b_ << "\n";
88#else
89 out.write((char*) &prec_Q.Q[i].a_, sizeof(prec_Q.Q[i].a_));
90 out.write((char*) &prec_Q.Q[i].b_, sizeof(prec_Q.Q[i].b_));
91#endif
92 }
93
94 out << prec_Q.coeffs.size() << "\n";
95
96 for (size_t i = 0; i < prec_Q.coeffs.size(); ++i)
97 {
98#ifndef BINARY_OUTPUT
99 out << prec_Q.coeffs[i].a_.a_ << "\n";
100 out << prec_Q.coeffs[i].a_.b_ << "\n";
101 out << prec_Q.coeffs[i].b_.a_ << "\n";
102 out << prec_Q.coeffs[i].b_.b_ << "\n";
103 out << prec_Q.coeffs[i].c_.a_ << "\n";
104 out << prec_Q.coeffs[i].c_.b_ << "\n";
105#else
106 out.write((char*) &prec_Q.coeffs[i].a_.a_, sizeof(prec_Q.coeffs[i].a_.a_));
107 out.write((char*) &prec_Q.coeffs[i].a_.b_, sizeof(prec_Q.coeffs[i].a_.b_));
108 out.write((char*) &prec_Q.coeffs[i].b_.a_, sizeof(prec_Q.coeffs[i].b_.a_));
109 out.write((char*) &prec_Q.coeffs[i].b_.b_, sizeof(prec_Q.coeffs[i].b_.b_));
110 out.write((char*) &prec_Q.coeffs[i].c_.a_, sizeof(prec_Q.coeffs[i].c_.a_));
111 out.write((char*) &prec_Q.coeffs[i].c_.b_, sizeof(prec_Q.coeffs[i].c_.b_));
112#endif
113 }
114
115 return out;
116}
bn::Fp2T::a_
Fp a_
Definition bn.h:350
bn::Fp2T::b_
Fp b_
Definition bn.h:350
libff::bn128_ate_G2_precomp::Q
bn::Fp2 Q[3]
Definition bn128_pairing.hpp:32

◆ operator<<() [16/51]

std::ostream & libff::operator<< ( std::ostream & out,
const bn128_G1 & g )

Definition at line 355 of file bn128_g1.cpp.

356{
357 bn128_G1 gcopy(g);
358 gcopy.to_affine_coordinates();
359
360 out << (gcopy.is_zero() ? '1' : '0') << OUTPUT_SEPARATOR;
361
362#ifdef NO_PT_COMPRESSION
363 /* no point compression case */
364#ifndef BINARY_OUTPUT
365 out << gcopy.X << OUTPUT_SEPARATOR << gcopy.Y;
366#else
367 out.write((char*) &gcopy.X, sizeof(gcopy.X));
368 out.write((char*) &gcopy.Y, sizeof(gcopy.Y));
369#endif
370
371#else
372 /* point compression case */
373#ifndef BINARY_OUTPUT
374 out << gcopy.X;
375#else
376 out.write((char*) &gcopy.X, sizeof(gcopy.X));
377#endif
378 out << OUTPUT_SEPARATOR << (((unsigned char*)&gcopy.Y)[0] & 1 ? '1' : '0');
379#endif
380
381 return out;
382}
libff::bn128_G1
Definition bn128_g1.hpp:23

◆ operator<<() [17/51]

std::ostream & libff::operator<< ( std::ostream & out,
const bn128_G2 & g )

Definition at line 386 of file bn128_g2.cpp.

387{
388 bn128_G2 gcopy(g);
389 gcopy.to_affine_coordinates();
390
391 out << (gcopy.is_zero() ? '1' : '0') << OUTPUT_SEPARATOR;
392
393#ifdef NO_PT_COMPRESSION
394 /* no point compression case */
395#ifndef BINARY_OUTPUT
396 out << gcopy.X.a_ << OUTPUT_SEPARATOR << gcopy.X.b_ << OUTPUT_SEPARATOR;
397 out << gcopy.Y.a_ << OUTPUT_SEPARATOR << gcopy.Y.b_;
398#else
399 out.write((char*) &gcopy.X.a_, sizeof(gcopy.X.a_));
400 out.write((char*) &gcopy.X.b_, sizeof(gcopy.X.b_));
401 out.write((char*) &gcopy.Y.a_, sizeof(gcopy.Y.a_));
402 out.write((char*) &gcopy.Y.b_, sizeof(gcopy.Y.b_));
403#endif
404
405#else
406 /* point compression case */
407#ifndef BINARY_OUTPUT
408 out << gcopy.X.a_ << OUTPUT_SEPARATOR << gcopy.X.b_;
409#else
410 out.write((char*) &gcopy.X.a_, sizeof(gcopy.X.a_));
411 out.write((char*) &gcopy.X.b_, sizeof(gcopy.X.b_));
412#endif
413 out << OUTPUT_SEPARATOR << (((unsigned char*)&gcopy.Y.a_)[0] & 1 ? '1' : '0');
414#endif
415
416 return out;
417}
libff::bn128_G2
Definition bn128_g2.hpp:24

◆ operator<<() [18/51]

std::ostream & libff::operator<< ( std::ostream & out,
const bn128_GT & g )

Definition at line 47 of file bn128_gt.cpp.

48{
49#ifndef BINARY_OUTPUT
50 out << g.elem.a_ << OUTPUT_SEPARATOR << g.elem.b_;
51#else
52 out.write((char*) &g.elem.a_, sizeof(g.elem.a_));
53 out.write((char*) &g.elem.b_, sizeof(g.elem.b_));
54#endif
55 return out;
56}
bn::Fp12T::a_
Fp6 a_
Definition bn.h:1371
bn::Fp12T::b_
Fp6 b_
Definition bn.h:1371

◆ operator<<() [19/51]

std::ostream & libff::operator<< ( std::ostream & out,
const edwards_ate_G1_precomp & prec_P )

Definition at line 156 of file edwards_pairing.cpp.

157{
158 out << prec_P.P_XY << OUTPUT_SEPARATOR << prec_P.P_XZ << OUTPUT_SEPARATOR << prec_P.P_ZZplusYZ;
159
160 return out;
161}

◆ operator<<() [20/51]

std::ostream & libff::operator<< ( std::ostream & out,
const edwards_ate_G2_precomp & prec_Q )

Definition at line 116 of file edwards_pairing.cpp.

117{
118 out << prec_Q.size() << "\n";
119 for (const edwards_Fq3_conic_coefficients &cc : prec_Q)
120 {
121 out << cc << OUTPUT_NEWLINE;
122 }
123
124 return out;
125}
libff::edwards_Fq3_conic_coefficients
Definition edwards_pairing.hpp:61

◆ operator<<() [21/51]

std::ostream & libff::operator<< ( std::ostream & out,
const edwards_Fq3_conic_coefficients & cc )

Definition at line 100 of file edwards_pairing.cpp.

101{
102 out << cc.c_ZZ << OUTPUT_SEPARATOR << cc.c_XY << OUTPUT_SEPARATOR << cc.c_XZ;
103 return out;
104}

◆ operator<<() [22/51]

std::ostream & libff::operator<< ( std::ostream & out,
const edwards_Fq_conic_coefficients & cc )

Definition at line 25 of file edwards_pairing.cpp.

26{
27 out << cc.c_ZZ << OUTPUT_SEPARATOR << cc.c_XY << OUTPUT_SEPARATOR << cc.c_XZ;
28 return out;
29}

◆ operator<<() [23/51]

std::ostream & libff::operator<< ( std::ostream & out,
const edwards_G1 & g )

Definition at line 307 of file edwards_g1.cpp.

308{
309 edwards_G1 copy(g);
310 copy.to_affine_coordinates();
311#ifdef NO_PT_COMPRESSION
312 out << copy.X << OUTPUT_SEPARATOR << copy.Y;
313#else
314 /* storing LSB of Y */
315 out << copy.X << OUTPUT_SEPARATOR << (copy.Y.as_bigint().data[0] & 1);
316#endif
317
318 return out;
319}

◆ operator<<() [24/51]

std::ostream & libff::operator<< ( std::ostream & out,
const edwards_G2 & g )

Definition at line 339 of file edwards_g2.cpp.

340{
341 edwards_G2 copy(g);
342 copy.to_affine_coordinates();
343#ifdef NO_PT_COMPRESSION
344 out << copy.X << OUTPUT_SEPARATOR << copy.Y;
345#else
346 /* storing LSB of Y */
347 out << copy.X << OUTPUT_SEPARATOR << (copy.Y.c0.as_bigint().data[0] & 1);
348#endif
349 return out;
350}

◆ operator<<() [25/51]

std::ostream & libff::operator<< ( std::ostream & out,
const edwards_tate_G1_precomp & prec_P )

Definition at line 41 of file edwards_pairing.cpp.

42{
43 out << prec_P.size() << "\n";
44 for (const edwards_Fq_conic_coefficients &cc : prec_P)
45 {
46 out << cc << OUTPUT_NEWLINE;
47 }
48
49 return out;
50}
libff::edwards_Fq_conic_coefficients
Definition edwards_pairing.hpp:26

◆ operator<<() [26/51]

std::ostream & libff::operator<< ( std::ostream & out,
const edwards_tate_G2_precomp & prec_Q )

Definition at line 79 of file edwards_pairing.cpp.

80{
81 out << prec_Q.y0 << OUTPUT_SEPARATOR << prec_Q.eta;
82 return out;
83}

◆ operator<<() [27/51]

std::ostream & libff::operator<< ( std::ostream & out,
const mnt4_ate_add_coeffs & ac )

Definition at line 86 of file mnt4_pairing.cpp.

87{
88 out << ac.c_L1 << OUTPUT_SEPARATOR << ac.c_RZ;
89 return out;
90}

◆ operator<<() [28/51]

std::ostream & libff::operator<< ( std::ostream & out,
const mnt4_ate_dbl_coeffs & dc )

Definition at line 61 of file mnt4_pairing.cpp.

62{
63 out << dc.c_H << OUTPUT_SEPARATOR << dc.c_4C << OUTPUT_SEPARATOR << dc.c_J << OUTPUT_SEPARATOR << dc.c_L;
64 return out;
65}

◆ operator<<() [29/51]

std::ostream & libff::operator<< ( std::ostream & out,
const mnt4_ate_G1_precomp & prec_P )

Definition at line 33 of file mnt4_pairing.cpp.

34{
35 out << prec_P.PX << OUTPUT_SEPARATOR << prec_P.PY << OUTPUT_SEPARATOR << prec_P.PX_twist << OUTPUT_SEPARATOR << prec_P.PY_twist;
36
37 return out;
38}
libff::mnt4_ate_G1_precomp::PY
mnt4_Fq PY
Definition mnt4_pairing.hpp:62

◆ operator<<() [30/51]

std::ostream & libff::operator<< ( std::ostream & out,
const mnt4_ate_G2_precomp & prec_Q )

Definition at line 111 of file mnt4_pairing.cpp.

112{
113 out << prec_Q.QX << OUTPUT_SEPARATOR
114 << prec_Q.QY << OUTPUT_SEPARATOR
115 << prec_Q.QY2 << OUTPUT_SEPARATOR
116 << prec_Q.QX_over_twist << OUTPUT_SEPARATOR
117 << prec_Q.QY_over_twist << "\n";
118 out << prec_Q.dbl_coeffs.size() << "\n";
119 for (const mnt4_ate_dbl_coeffs &dc : prec_Q.dbl_coeffs)
120 {
121 out << dc << OUTPUT_NEWLINE;
122 }
123 out << prec_Q.add_coeffs.size() << "\n";
124 for (const mnt4_ate_add_coeffs &ac : prec_Q.add_coeffs)
125 {
126 out << ac << OUTPUT_NEWLINE;
127 }
128
129 return out;
130}
libff::mnt4_ate_G2_precomp::QY
mnt4_Fq2 QY
Definition mnt4_pairing.hpp:93
libff::mnt4_ate_G2_precomp::QY2
mnt4_Fq2 QY2
Definition mnt4_pairing.hpp:94
libff::mnt4_ate_G2_precomp::QX
mnt4_Fq2 QX
Definition mnt4_pairing.hpp:92
libff::mnt4_ate_dbl_coeffs
Definition mnt4_pairing.hpp:71

◆ operator<<() [31/51]

std::ostream & libff::operator<< ( std::ostream & out,
const mnt4_G1 & g )

Definition at line 393 of file mnt4_g1.cpp.

394{
395 mnt4_G1 copy(g);
396 copy.to_affine_coordinates();
397
398 out << (copy.is_zero() ? 1 : 0) << OUTPUT_SEPARATOR;
399#ifdef NO_PT_COMPRESSION
400 out << copy.X << OUTPUT_SEPARATOR << copy.Y;
401#else
402 /* storing LSB of Y */
403 out << copy.X << OUTPUT_SEPARATOR << (copy.Y.as_bigint().data[0] & 1);
404#endif
405
406 return out;
407}

◆ operator<<() [32/51]

std::ostream & libff::operator<< ( std::ostream & out,
const mnt4_G2 & g )

Definition at line 417 of file mnt4_g2.cpp.

418{
419 mnt4_G2 copy(g);
420 copy.to_affine_coordinates();
421
422 out << (copy.is_zero() ? 1 : 0) << OUTPUT_SEPARATOR;
423#ifdef NO_PT_COMPRESSION
424 out << copy.X << OUTPUT_SEPARATOR << copy.Y;
425#else
426 /* storing LSB of Y */
427 out << copy.X << OUTPUT_SEPARATOR << (copy.Y.c0.as_bigint().data[0] & 1);
428#endif
429
430 return out;
431}

◆ operator<<() [33/51]

std::ostream & libff::operator<< ( std::ostream & out,
const mnt6_ate_add_coeffs & ac )

Definition at line 86 of file mnt6_pairing.cpp.

87{
88 out << ac.c_L1 << OUTPUT_SEPARATOR << ac.c_RZ;
89 return out;
90}

◆ operator<<() [34/51]

std::ostream & libff::operator<< ( std::ostream & out,
const mnt6_ate_dbl_coeffs & dc )

Definition at line 61 of file mnt6_pairing.cpp.

62{
63 out << dc.c_H << OUTPUT_SEPARATOR << dc.c_4C << OUTPUT_SEPARATOR << dc.c_J << OUTPUT_SEPARATOR << dc.c_L;
64 return out;
65}

◆ operator<<() [35/51]

std::ostream & libff::operator<< ( std::ostream & out,
const mnt6_ate_G1_precomp & prec_P )

Definition at line 33 of file mnt6_pairing.cpp.

34{
35 out << prec_P.PX << OUTPUT_SEPARATOR << prec_P.PY << OUTPUT_SEPARATOR << prec_P.PX_twist << OUTPUT_SEPARATOR << prec_P.PY_twist;
36
37 return out;
38}
libff::mnt6_ate_G1_precomp::PY
mnt6_Fq PY
Definition mnt6_pairing.hpp:62

◆ operator<<() [36/51]

std::ostream & libff::operator<< ( std::ostream & out,
const mnt6_ate_G2_precomp & prec_Q )

Definition at line 113 of file mnt6_pairing.cpp.

114{
115 out << prec_Q.QX << OUTPUT_SEPARATOR
116 << prec_Q.QY << OUTPUT_SEPARATOR
117 << prec_Q.QY2 << OUTPUT_SEPARATOR
118 << prec_Q.QX_over_twist << OUTPUT_SEPARATOR
119 << prec_Q.QY_over_twist << "\n";
120 out << prec_Q.dbl_coeffs.size() << "\n";
121 for (const mnt6_ate_dbl_coeffs &dc : prec_Q.dbl_coeffs)
122 {
123 out << dc << OUTPUT_NEWLINE;
124 }
125 out << prec_Q.add_coeffs.size() << "\n";
126 for (const mnt6_ate_add_coeffs &ac : prec_Q.add_coeffs)
127 {
128 out << ac << OUTPUT_NEWLINE;
129 }
130
131 return out;
132}
libff::mnt6_ate_G2_precomp::QX
mnt6_Fq3 QX
Definition mnt6_pairing.hpp:92
libff::mnt6_ate_G2_precomp::QY2
mnt6_Fq3 QY2
Definition mnt6_pairing.hpp:94
libff::mnt6_ate_G2_precomp::QY
mnt6_Fq3 QY
Definition mnt6_pairing.hpp:93
libff::mnt6_ate_dbl_coeffs
Definition mnt6_pairing.hpp:71

◆ operator<<() [37/51]

std::ostream & libff::operator<< ( std::ostream & out,
const mnt6_G1 & g )

Definition at line 393 of file mnt6_g1.cpp.

394{
395 mnt6_G1 copy(g);
396 copy.to_affine_coordinates();
397
398 out << (copy.is_zero() ? 1 : 0) << OUTPUT_SEPARATOR;
399#ifdef NO_PT_COMPRESSION
400 out << copy.X << OUTPUT_SEPARATOR << copy.Y;
401#else
402 /* storing LSB of Y */
403 out << copy.X << OUTPUT_SEPARATOR << (copy.Y.as_bigint().data[0] & 1);
404#endif
405
406 return out;
407}

◆ operator<<() [38/51]

std::ostream & libff::operator<< ( std::ostream & out,
const mnt6_G2 & g )

Definition at line 424 of file mnt6_g2.cpp.

425{
426 mnt6_G2 copy(g);
427 copy.to_affine_coordinates();
428
429 out << (copy.is_zero() ? 1 : 0) << OUTPUT_SEPARATOR;
430#ifdef NO_PT_COMPRESSION
431 out << copy.X << OUTPUT_SEPARATOR << copy.Y;
432#else
433 /* storing LSB of Y */
434 out << copy.X << OUTPUT_SEPARATOR << (copy.Y.c0.as_bigint().data[0] & 1);
435#endif
436
437 return out;
438}

◆ operator<<() [39/51]

template<typename T1 , typename T2 >
std::ostream & libff::operator<< ( std::ostream & out,
const std::map< T1, T2 > & m )

◆ operator<<() [40/51]

template<typename T >
std::ostream & libff::operator<< ( std::ostream & out,
const std::set< T > & s )

◆ operator<<() [41/51]

std::ostream & libff::operator<< ( std::ostream & out,
const std::vector< alt_bn128_G1 > & v )

Definition at line 471 of file alt_bn128_g1.cpp.

472{
473 out << v.size() << "\n";
474 for (const alt_bn128_G1& t : v)
475 {
476 out << t << OUTPUT_NEWLINE;
477 }
478
479 return out;
480}

◆ operator<<() [42/51]

std::ostream & libff::operator<< ( std::ostream & out,
const std::vector< bn128_G1 > & v )

Definition at line 476 of file bn128_g1.cpp.

477{
478 out << v.size() << "\n";
479 for (const bn128_G1& t : v)
480 {
481 out << t << OUTPUT_NEWLINE;
482 }
483 return out;
484}

◆ operator<<() [43/51]

std::ostream & libff::operator<< ( std::ostream & out,
const std::vector< edwards_G1 > & v )

Definition at line 364 of file edwards_g1.cpp.

365{
366 out << v.size() << "\n";
367 for (const edwards_G1& t : v)
368 {
369 out << t << OUTPUT_NEWLINE;
370 }
371
372 return out;
373}

◆ operator<<() [44/51]

template<mp_size_t n, const bigint< n > & modulus>
std::ostream & libff::operator<< ( std::ostream & out,
const std::vector< Fp12_2over3over2_model< n, modulus > > & v )

◆ operator<<() [45/51]

template<mp_size_t n, const bigint< n > & modulus>
std::ostream & libff::operator<< ( std::ostream & out,
const std::vector< Fp2_model< n, modulus > > & v )

◆ operator<<() [46/51]

template<mp_size_t n, const bigint< n > & modulus>
std::ostream & libff::operator<< ( std::ostream & out,
const std::vector< Fp3_model< n, modulus > > & v )

◆ operator<<() [47/51]

template<mp_size_t n, const bigint< n > & modulus>
std::ostream & libff::operator<< ( std::ostream & out,
const std::vector< Fp6_2over3_model< n, modulus > > & v )

◆ operator<<() [48/51]

template<mp_size_t n, const bigint< n > & modulus>
std::ostream & libff::operator<< ( std::ostream & out,
const std::vector< Fp6_3over2_model< n, modulus > > & v )

◆ operator<<() [49/51]

std::ostream & libff::operator<< ( std::ostream & out,
const std::vector< mnt4_G1 > & v )

Definition at line 456 of file mnt4_g1.cpp.

457{
458 out << v.size() << "\n";
459 for (const mnt4_G1& t : v)
460 {
461 out << t << OUTPUT_NEWLINE;
462 }
463
464 return out;
465}

◆ operator<<() [50/51]

std::ostream & libff::operator<< ( std::ostream & out,
const std::vector< mnt6_G1 > & v )

Definition at line 456 of file mnt6_g1.cpp.

457{
458 out << v.size() << "\n";
459 for (const mnt6_G1& t : v)
460 {
461 out << t << OUTPUT_NEWLINE;
462 }
463
464 return out;
465}

◆ operator<<() [51/51]

template<typename T >
std::ostream & libff::operator<< ( std::ostream & out,
const std::vector< T > & v )

◆ operator>>() [1/51]

std::istream & libff::operator>> ( std::istream & in,
alt_bn128_ate_ell_coeffs & c )

Definition at line 53 of file alt_bn128_pairing.cpp.

54{
55 in >> c.ell_0;
56 consume_OUTPUT_SEPARATOR(in);
57 in >> c.ell_VW;
58 consume_OUTPUT_SEPARATOR(in);
59 in >> c.ell_VV;
60
61 return in;
62}
libff::consume_OUTPUT_SEPARATOR
void consume_OUTPUT_SEPARATOR(std::istream &in)

◆ operator>>() [2/51]

std::istream & libff::operator>> ( std::istream & in,
alt_bn128_ate_G1_precomp & prec_P )

Definition at line 31 of file alt_bn128_pairing.cpp.

32{
33 in >> prec_P.PX;
34 consume_OUTPUT_SEPARATOR(in);
35 in >> prec_P.PY;
36
37 return in;
38}

◆ operator>>() [3/51]

std::istream & libff::operator>> ( std::istream & in,
alt_bn128_ate_G2_precomp & prec_Q )

Definition at line 82 of file alt_bn128_pairing.cpp.

83{
84 in >> prec_Q.QX;
85 consume_OUTPUT_SEPARATOR(in);
86 in >> prec_Q.QY;
87 consume_newline(in);
88
89 prec_Q.coeffs.clear();
90 size_t s;
91 in >> s;
92
93 consume_newline(in);
94
95 prec_Q.coeffs.reserve(s);
96
97 for (size_t i = 0; i < s; ++i)
98 {
99 alt_bn128_ate_ell_coeffs c;
100 in >> c;
101 consume_OUTPUT_NEWLINE(in);
102 prec_Q.coeffs.emplace_back(c);
103 }
104
105 return in;
106}
libff::consume_OUTPUT_NEWLINE
void consume_OUTPUT_NEWLINE(std::istream &in)
libff::consume_newline
void consume_newline(std::istream &in)
s
char * s
Definition yubihsm_pkcs11.c:524

◆ operator>>() [4/51]

std::istream & libff::operator>> ( std::istream & in,
alt_bn128_G1 & g )

Definition at line 424 of file alt_bn128_g1.cpp.

425{
426 char is_zero;
427 alt_bn128_Fq tX, tY;
428
429#ifdef NO_PT_COMPRESSION
430 in >> is_zero >> tX >> tY;
431 is_zero -= '0';
432#else
433 in.read((char*)&is_zero, 1); // this reads is_zero;
434 is_zero -= '0';
435 consume_OUTPUT_SEPARATOR(in);
436
437 unsigned char Y_lsb;
438 in >> tX;
439 consume_OUTPUT_SEPARATOR(in);
440 in.read((char*)&Y_lsb, 1);
441 Y_lsb -= '0';
442
443 // y = +/- sqrt(x^3 + b)
444 if (!is_zero)
445 {
446 alt_bn128_Fq tX2 = tX.squared();
447 alt_bn128_Fq tY2 = tX2*tX + alt_bn128_coeff_b;
448 tY = tY2.sqrt();
449
450 if ((tY.as_bigint().data[0] & 1) != Y_lsb)
451 {
452 tY = -tY;
453 }
454 }
455#endif
456 // using Jacobian coordinates
457 if (!is_zero)
458 {
459 g.X = tX;
460 g.Y = tY;
461 g.Z = alt_bn128_Fq::one();
462 }
463 else
464 {
465 g = alt_bn128_G1::zero();
466 }
467
468 return in;
469}
libff::Fp_model::sqrt
Fp_model sqrt() const
libff::alt_bn128_G1::Z
alt_bn128_Fq Z
Definition alt_bn128_g1.hpp:36

◆ operator>>() [5/51]

std::istream & libff::operator>> ( std::istream & in,
alt_bn128_G2 & g )

Definition at line 437 of file alt_bn128_g2.cpp.

438{
439 char is_zero;
440 alt_bn128_Fq2 tX, tY;
441
442#ifdef NO_PT_COMPRESSION
443 in >> is_zero >> tX >> tY;
444 is_zero -= '0';
445#else
446 in.read((char*)&is_zero, 1); // this reads is_zero;
447 is_zero -= '0';
448 consume_OUTPUT_SEPARATOR(in);
449
450 unsigned char Y_lsb;
451 in >> tX;
452 consume_OUTPUT_SEPARATOR(in);
453 in.read((char*)&Y_lsb, 1);
454 Y_lsb -= '0';
455
456 // y = +/- sqrt(x^3 + b)
457 if (!is_zero)
458 {
459 alt_bn128_Fq2 tX2 = tX.squared();
460 alt_bn128_Fq2 tY2 = tX2 * tX + alt_bn128_twist_coeff_b;
461 tY = tY2.sqrt();
462
463 if ((tY.c0.as_bigint().data[0] & 1) != Y_lsb)
464 {
465 tY = -tY;
466 }
467 }
468#endif
469 // using projective coordinates
470 if (!is_zero)
471 {
472 g.X = tX;
473 g.Y = tY;
474 g.Z = alt_bn128_Fq2::one();
475 }
476 else
477 {
478 g = alt_bn128_G2::zero();
479 }
480
481 return in;
482}
libff::Fp2_model::c0
my_Fp c0
Definition fp2.hpp:49
libff::Fp2_model::sqrt
Fp2_model sqrt() const
libff::alt_bn128_G2::Z
alt_bn128_Fq2 Z
Definition alt_bn128_g2.hpp:37
libff::alt_bn128_G2::Y
alt_bn128_Fq2 Y
Definition alt_bn128_g2.hpp:37

◆ operator>>() [6/51]

template<mp_size_t n>
std::istream & libff::operator>> ( std::istream & in,
bigint< n > & b )

◆ operator>>() [7/51]

std::istream & libff::operator>> ( std::istream & in,
bn128_ate_G1_precomp & prec_P )

Definition at line 42 of file bn128_pairing.cpp.

43{
44 for (size_t i = 0; i < 3; ++i)
45 {
46#ifndef BINARY_OUTPUT
47 in >> prec_P.P[i];
48 consume_newline(in);
49#else
50 in.read((char*) &prec_P.P[i], sizeof(prec_P.P[i]));
51#endif
52 }
53 return in;
54}

◆ operator>>() [8/51]

std::istream & libff::operator>> ( std::istream & in,
bn128_ate_G2_precomp & prec_Q )

Definition at line 118 of file bn128_pairing.cpp.

119{
120 for (size_t i = 0; i < 3; ++i)
121 {
122#ifndef BINARY_OUTPUT
123 in >> prec_Q.Q[i].a_;
124 consume_newline(in);
125 in >> prec_Q.Q[i].b_;
126 consume_newline(in);
127#else
128 in.read((char*) &prec_Q.Q[i].a_, sizeof(prec_Q.Q[i].a_));
129 in.read((char*) &prec_Q.Q[i].b_, sizeof(prec_Q.Q[i].b_));
130#endif
131 }
132
133 size_t count;
134 in >> count;
135 consume_newline(in);
136 prec_Q.coeffs.resize(count);
137 for (size_t i = 0; i < count; ++i)
138 {
139#ifndef BINARY_OUTPUT
140 in >> prec_Q.coeffs[i].a_.a_;
141 consume_newline(in);
142 in >> prec_Q.coeffs[i].a_.b_;
143 consume_newline(in);
144 in >> prec_Q.coeffs[i].b_.a_;
145 consume_newline(in);
146 in >> prec_Q.coeffs[i].b_.b_;
147 consume_newline(in);
148 in >> prec_Q.coeffs[i].c_.a_;
149 consume_newline(in);
150 in >> prec_Q.coeffs[i].c_.b_;
151 consume_newline(in);
152#else
153 in.read((char*) &prec_Q.coeffs[i].a_.a_, sizeof(prec_Q.coeffs[i].a_.a_));
154 in.read((char*) &prec_Q.coeffs[i].a_.b_, sizeof(prec_Q.coeffs[i].a_.b_));
155 in.read((char*) &prec_Q.coeffs[i].b_.a_, sizeof(prec_Q.coeffs[i].b_.a_));
156 in.read((char*) &prec_Q.coeffs[i].b_.b_, sizeof(prec_Q.coeffs[i].b_.b_));
157 in.read((char*) &prec_Q.coeffs[i].c_.a_, sizeof(prec_Q.coeffs[i].c_.a_));
158 in.read((char*) &prec_Q.coeffs[i].c_.b_, sizeof(prec_Q.coeffs[i].c_.b_));
159#endif
160 }
161 return in;
162}
count
int * count
Definition gmock_stress_test.cc:177

◆ operator>>() [9/51]

std::istream & libff::operator>> ( std::istream & in,
bn128_G1 & g )

Definition at line 415 of file bn128_g1.cpp.

416{
417 char is_zero;
418 in.read((char*)&is_zero, 1); // this reads is_zero;
419 is_zero -= '0';
420 consume_OUTPUT_SEPARATOR(in);
421
422#ifdef NO_PT_COMPRESSION
423 /* no point compression case */
424#ifndef BINARY_OUTPUT
425 in >> g.X;
426 consume_OUTPUT_SEPARATOR(in);
427 in >> g.Y;
428#else
429 in.read((char*) &g.X, sizeof(g.X));
430 in.read((char*) &g.Y, sizeof(g.Y));
431#endif
432
433#else
434 /* point compression case */
435 bn::Fp tX;
436#ifndef BINARY_OUTPUT
437 in >> tX;
438#else
439 in.read((char*)&tX, sizeof(tX));
440#endif
441 consume_OUTPUT_SEPARATOR(in);
442 unsigned char Y_lsb;
443 in.read((char*)&Y_lsb, 1);
444 Y_lsb -= '0';
445
446 // y = +/- sqrt(x^3 + b)
447 if (!is_zero)
448 {
449 g.X = tX;
450 bn::Fp tX2, tY2;
451 bn::Fp::square(tX2, tX);
452 bn::Fp::mul(tY2, tX2, tX);
453 bn::Fp::add(tY2, tY2, bn128_coeff_b);
454
455 g.Y = bn128_G1::sqrt(tY2);
456 if ((((unsigned char*)&g.Y)[0] & 1) != Y_lsb)
457 {
458 bn::Fp::neg(g.Y, g.Y);
459 }
460 }
461#endif
462
463 /* finalize */
464 if (!is_zero)
465 {
466 g.Z = bn::Fp(1);
467 }
468 else
469 {
470 g = bn128_G1::zero();
471 }
472
473 return in;
474}
libff::bn128_G1::Z
bn::Fp Z
Definition bn128_g1.hpp:40
libff::bn128_G1::Y
bn::Fp Y
Definition bn128_g1.hpp:40
libff::bn128_G1::X
bn::Fp X
Definition bn128_g1.hpp:40
mie::Fp::add
static void(* add)(Fp &out, const Fp &x, const Fp &y)
Definition zm2.h:83
mie::Fp::mul
static void(* mul)(Fp &out, const Fp &x, const Fp &y)
Definition zm2.h:93
mie::Fp::neg
static void(* neg)(Fp &out, const Fp &x)
Definition zm2.h:92
mie::Fp::square
static void square(Fp &out, const Fp &x)
Definition zm2.h:282

◆ operator>>() [10/51]

std::istream & libff::operator>> ( std::istream & in,
bn128_G2 & g )

Definition at line 419 of file bn128_g2.cpp.

420{
421 char is_zero;
422 in.read((char*)&is_zero, 1); // this reads is_zero;
423 is_zero -= '0';
424 consume_OUTPUT_SEPARATOR(in);
425
426#ifdef NO_PT_COMPRESSION
427 /* no point compression case */
428#ifndef BINARY_OUTPUT
429 in >> g.X.a_;
430 consume_OUTPUT_SEPARATOR(in);
431 in >> g.X.b_;
432 consume_OUTPUT_SEPARATOR(in);
433 in >> g.Y.a_;
434 consume_OUTPUT_SEPARATOR(in);
435 in >> g.Y.b_;
436#else
437 in.read((char*) &g.X.a_, sizeof(g.X.a_));
438 in.read((char*) &g.X.b_, sizeof(g.X.b_));
439 in.read((char*) &g.Y.a_, sizeof(g.Y.a_));
440 in.read((char*) &g.Y.b_, sizeof(g.Y.b_));
441#endif
442
443#else
444 /* point compression case */
445 bn::Fp2 tX;
446#ifndef BINARY_OUTPUT
447 in >> tX.a_;
448 consume_OUTPUT_SEPARATOR(in);
449 in >> tX.b_;
450#else
451 in.read((char*)&tX.a_, sizeof(tX.a_));
452 in.read((char*)&tX.b_, sizeof(tX.b_));
453#endif
454 consume_OUTPUT_SEPARATOR(in);
455 unsigned char Y_lsb;
456 in.read((char*)&Y_lsb, 1);
457 Y_lsb -= '0';
458
459 // y = +/- sqrt(x^3 + b)
460 if (!is_zero)
461 {
462 g.X = tX;
463 bn::Fp2 tX2, tY2;
464 bn::Fp2::square(tX2, tX);
465 bn::Fp2::mul(tY2, tX2, tX);
466 bn::Fp2::add(tY2, tY2, bn128_twist_coeff_b);
467
468 g.Y = bn128_G2::sqrt(tY2);
469 if ((((unsigned char*)&g.Y.a_)[0] & 1) != Y_lsb)
470 {
471 bn::Fp2::neg(g.Y, g.Y);
472 }
473 }
474#endif
475
476 /* finalize */
477 if (!is_zero)
478 {
479 g.Z = bn::Fp2(bn::Fp(1), bn::Fp(0));
480 }
481 else
482 {
483 g = bn128_G2::zero();
484 }
485
486 return in;
487}
libff::bn128_G2::X
bn::Fp2 X
Definition bn128_g2.hpp:41
libff::bn128_G2::Z
bn::Fp2 Z
Definition bn128_g2.hpp:41
libff::bn128_G2::Y
bn::Fp2 Y
Definition bn128_g2.hpp:41
bn::Fp2T::neg
static void neg(Fp2T &z, const Fp2T &x)
Definition bn.h:400
bn::Fp2T::square
static void(* square)(Fp2T &z, const Fp2T &x)
Definition bn.h:373
bn::Fp2T::add
static void(* add)(Fp2T &z, const Fp2T &x, const Fp2T &y)
Definition bn.h:368
bn::Fp2T::mul
static void(* mul)(Fp2T &z, const Fp2T &x, const Fp2T &y)
Definition bn.h:372

◆ operator>>() [11/51]

std::istream & libff::operator>> ( std::istream & in,
bn128_GT & g )

Definition at line 58 of file bn128_gt.cpp.

59{
60#ifndef BINARY_OUTPUT
61 in >> g.elem.a_;
62 consume_OUTPUT_SEPARATOR(in);
63 in >> g.elem.b_;
64#else
65 in.read((char*) &g.elem.a_, sizeof(g.elem.a_));
66 in.read((char*) &g.elem.b_, sizeof(g.elem.b_));
67#endif
68 return in;
69}

◆ operator>>() [12/51]

std::istream & libff::operator>> ( std::istream & in,
edwards_ate_G1_precomp & prec_P )

Definition at line 163 of file edwards_pairing.cpp.

164{
165 in >> prec_P.P_XY >> prec_P.P_XZ >> prec_P.P_ZZplusYZ;
166
167 return in;
168}

◆ operator>>() [13/51]

std::istream & libff::operator>> ( std::istream & in,
edwards_ate_G2_precomp & prec_Q )

Definition at line 127 of file edwards_pairing.cpp.

128{
129 prec_Q.clear();
130
131 size_t s;
132 in >> s;
133
134 consume_newline(in);
135
136 prec_Q.reserve(s);
137
138 for (size_t i = 0; i < s; ++i)
139 {
140 edwards_Fq3_conic_coefficients cc;
141 in >> cc;
142 consume_OUTPUT_NEWLINE(in);
143 prec_Q.emplace_back(cc);
144 }
145
146 return in;
147}
Here is the call graph for this function:

◆ operator>>() [14/51]

std::istream & libff::operator>> ( std::istream & in,
edwards_Fq3_conic_coefficients & cc )

Definition at line 106 of file edwards_pairing.cpp.

107{
108 in >> cc.c_ZZ;
109 consume_OUTPUT_SEPARATOR(in);
110 in >> cc.c_XY;
111 consume_OUTPUT_SEPARATOR(in);
112 in >> cc.c_XZ;
113 return in;
114}

◆ operator>>() [15/51]

std::istream & libff::operator>> ( std::istream & in,
edwards_Fq_conic_coefficients & cc )

Definition at line 31 of file edwards_pairing.cpp.

32{
33 in >> cc.c_ZZ;
34 consume_OUTPUT_SEPARATOR(in);
35 in >> cc.c_XY;
36 consume_OUTPUT_SEPARATOR(in);
37 in >> cc.c_XZ;
38 return in;
39}

◆ operator>>() [16/51]

std::istream & libff::operator>> ( std::istream & in,
edwards_G1 & g )

Definition at line 321 of file edwards_g1.cpp.

322{
323 edwards_Fq tX, tY;
324
325#ifdef NO_PT_COMPRESSION
326 in >> tX;
327 consume_OUTPUT_SEPARATOR(in);
328 in >> tY;
329#else
330 /*
331 a x^2 + y^2 = 1 + d x^2 y^2
332 y = sqrt((1-ax^2)/(1-dx^2))
333 */
334 unsigned char Y_lsb;
335 in >> tX;
336
337 consume_OUTPUT_SEPARATOR(in);
338 in.read((char*)&Y_lsb, 1);
339 Y_lsb -= '0';
340
341 edwards_Fq tX2 = tX.squared();
342 edwards_Fq tY2 = (edwards_Fq::one() - tX2) * // a = 1 for G1 (not a twist)
343 (edwards_Fq::one() - edwards_coeff_d * tX2).inverse();
344 tY = tY2.sqrt();
345
346 if ((tY.as_bigint().data[0] & 1) != Y_lsb)
347 {
348 tY = -tY;
349 }
350#endif
351
352 // using inverted coordinates
353 g.X = tY;
354 g.Y = tX;
355 g.Z = tX * tY;
356
357#ifdef USE_MIXED_ADDITION
358 g.to_special();
359#endif
360
361 return in;
362}
libff::edwards_G1::to_special
void to_special()
Definition edwards_g1.cpp:86

◆ operator>>() [17/51]

std::istream & libff::operator>> ( std::istream & in,
edwards_G2 & g )

Definition at line 352 of file edwards_g2.cpp.

353{
354 edwards_Fq3 tX, tY;
355
356#ifdef NO_PT_COMPRESSION
357 in >> tX;
358 consume_OUTPUT_SEPARATOR(in);
359 in >> tY;
360#else
361 /*
362 a x^2 + y^2 = 1 + d x^2 y^2
363 y = sqrt((1-ax^2)/(1-dx^2))
364 */
365 unsigned char Y_lsb;
366 in >> tX;
367 consume_OUTPUT_SEPARATOR(in);
368
369 in.read((char*)&Y_lsb, 1);
370 Y_lsb -= '0';
371
372 edwards_Fq3 tX2 = tX.squared();
373 const edwards_Fq3 tY2 =
374 (edwards_Fq3::one() - edwards_G2::mul_by_a(tX2)) *
375 (edwards_Fq3::one() - edwards_G2::mul_by_d(tX2)).inverse();
376 tY = tY2.sqrt();
377
378 if ((tY.c0.as_bigint().data[0] & 1) != Y_lsb)
379 {
380 tY = -tY;
381 }
382#endif
383
384 // using inverted coordinates
385 g.X = tY;
386 g.Y = tX;
387 g.Z = tX * tY;
388
389#ifdef USE_MIXED_ADDITION
390 g.to_special();
391#endif
392
393 return in;
394}
libff::Fp3_model::sqrt
Fp3_model sqrt() const
libff::Fp3_model::c0
my_Fp c0
Definition fp3.hpp:50
libff::edwards_G2::to_special
void to_special()
Definition edwards_g2.cpp:110

◆ operator>>() [18/51]

std::istream & libff::operator>> ( std::istream & in,
edwards_tate_G1_precomp & prec_P )

Definition at line 52 of file edwards_pairing.cpp.

53{
54 prec_P.clear();
55
56 size_t s;
57 in >> s;
58
59 consume_newline(in);
60 prec_P.reserve(s);
61
62 for (size_t i = 0; i < s; ++i)
63 {
64 edwards_Fq_conic_coefficients cc;
65 in >> cc;
66 consume_OUTPUT_NEWLINE(in);
67 prec_P.emplace_back(cc);
68 }
69
70 return in;
71}
Here is the call graph for this function:

◆ operator>>() [19/51]

std::istream & libff::operator>> ( std::istream & in,
edwards_tate_G2_precomp & prec_Q )

Definition at line 85 of file edwards_pairing.cpp.

86{
87 in >> prec_Q.y0;
88 consume_OUTPUT_SEPARATOR(in);
89 in >> prec_Q.eta;
90 return in;
91}

◆ operator>>() [20/51]

template<mp_size_t n, const bigint< n > & modulus>
std::istream & libff::operator>> ( std::istream & in,
Fp12_2over3over2_model< n, modulus > & el )

◆ operator>>() [21/51]

template<mp_size_t n, const bigint< n > & modulus>
std::istream & libff::operator>> ( std::istream & in,
Fp2_model< n, modulus > & el )

◆ operator>>() [22/51]

template<mp_size_t n, const bigint< n > & modulus>
std::istream & libff::operator>> ( std::istream & in,
Fp3_model< n, modulus > & el )

◆ operator>>() [23/51]

template<mp_size_t n, const bigint< n > & modulus>
std::istream & libff::operator>> ( std::istream & in,
Fp4_model< n, modulus > & el )

◆ operator>>() [24/51]

template<mp_size_t n, const bigint< n > & modulus>
std::istream & libff::operator>> ( std::istream & in,
Fp6_2over3_model< n, modulus > & el )

◆ operator>>() [25/51]

template<mp_size_t n, const bigint< n > & modulus>
std::istream & libff::operator>> ( std::istream & in,
Fp6_3over2_model< n, modulus > & el )

◆ operator>>() [26/51]

template<mp_size_t n, const bigint< n > & modulus>
std::istream & libff::operator>> ( std::istream & in,
Fp_model< n, modulus > & p )

◆ operator>>() [27/51]

std::istream & libff::operator>> ( std::istream & in,
mnt4_ate_add_coeffs & ac )

Definition at line 92 of file mnt4_pairing.cpp.

93{
94 in >> ac.c_L1;
95 consume_OUTPUT_SEPARATOR(in);
96 in >> ac.c_RZ;
97 return in;
98}

◆ operator>>() [28/51]

std::istream & libff::operator>> ( std::istream & in,
mnt4_ate_dbl_coeffs & dc )

Definition at line 67 of file mnt4_pairing.cpp.

68{
69 in >> dc.c_H;
70 consume_OUTPUT_SEPARATOR(in);
71 in >> dc.c_4C;
72 consume_OUTPUT_SEPARATOR(in);
73 in >> dc.c_J;
74 consume_OUTPUT_SEPARATOR(in);
75 in >> dc.c_L;
76
77 return in;
78}

◆ operator>>() [29/51]

std::istream & libff::operator>> ( std::istream & in,
mnt4_ate_G1_precomp & prec_P )

Definition at line 40 of file mnt4_pairing.cpp.

41{
42 in >> prec_P.PX;
43 consume_OUTPUT_SEPARATOR(in);
44 in >> prec_P.PY;
45 consume_OUTPUT_SEPARATOR(in);
46 in >> prec_P.PX_twist;
47 consume_OUTPUT_SEPARATOR(in);
48 in >> prec_P.PY_twist;
49
50 return in;
51}

◆ operator>>() [30/51]

std::istream & libff::operator>> ( std::istream & in,
mnt4_ate_G2_precomp & prec_Q )

Definition at line 132 of file mnt4_pairing.cpp.

133{
134 in >> prec_Q.QX;
135 consume_OUTPUT_SEPARATOR(in);
136 in >> prec_Q.QY;
137 consume_OUTPUT_SEPARATOR(in);
138 in >> prec_Q.QY2;
139 consume_OUTPUT_SEPARATOR(in);
140 in >> prec_Q.QX_over_twist;
141 consume_OUTPUT_SEPARATOR(in);
142 in >> prec_Q.QY_over_twist;
143 consume_newline(in);
144
145 prec_Q.dbl_coeffs.clear();
146 size_t dbl_s;
147 in >> dbl_s;
148 consume_newline(in);
149
150 prec_Q.dbl_coeffs.reserve(dbl_s);
151
152 for (size_t i = 0; i < dbl_s; ++i)
153 {
154 mnt4_ate_dbl_coeffs dc;
155 in >> dc;
156 consume_OUTPUT_NEWLINE(in);
157 prec_Q.dbl_coeffs.emplace_back(dc);
158 }
159
160 prec_Q.add_coeffs.clear();
161 size_t add_s;
162 in >> add_s;
163 consume_newline(in);
164
165 prec_Q.add_coeffs.reserve(add_s);
166
167 for (size_t i = 0; i < add_s; ++i)
168 {
169 mnt4_ate_add_coeffs ac;
170 in >> ac;
171 consume_OUTPUT_NEWLINE(in);
172 prec_Q.add_coeffs.emplace_back(ac);
173 }
174
175 return in;
176}

◆ operator>>() [31/51]

std::istream & libff::operator>> ( std::istream & in,
mnt4_G1 & g )

Definition at line 409 of file mnt4_g1.cpp.

410{
411 char is_zero;
412 mnt4_Fq tX, tY;
413
414#ifdef NO_PT_COMPRESSION
415 in >> is_zero >> tX >> tY;
416 is_zero -= '0';
417#else
418 in.read((char*)&is_zero, 1);
419 is_zero -= '0';
420 consume_OUTPUT_SEPARATOR(in);
421
422 unsigned char Y_lsb;
423 in >> tX;
424 consume_OUTPUT_SEPARATOR(in);
425 in.read((char*)&Y_lsb, 1);
426 Y_lsb -= '0';
427
428 // y = +/- sqrt(x^3 + a*x + b)
429 if (!is_zero)
430 {
431 mnt4_Fq tX2 = tX.squared();
432 mnt4_Fq tY2 = (tX2 + mnt4_G1::coeff_a) * tX + mnt4_G1::coeff_b;
433 tY = tY2.sqrt();
434
435 if ((tY.as_bigint().data[0] & 1) != Y_lsb)
436 {
437 tY = -tY;
438 }
439 }
440#endif
441 // using projective coordinates
442 if (!is_zero)
443 {
444 g.X = tX;
445 g.Y = tY;
446 g.Z = mnt4_Fq::one();
447 }
448 else
449 {
450 g = mnt4_G1::zero();
451 }
452
453 return in;
454}
libff::mnt4_G1::Z
mnt4_Fq Z
Definition mnt4_g1.hpp:43

◆ operator>>() [32/51]

std::istream & libff::operator>> ( std::istream & in,
mnt4_G2 & g )

Definition at line 433 of file mnt4_g2.cpp.

434{
435 char is_zero;
436 mnt4_Fq2 tX, tY;
437
438#ifdef NO_PT_COMPRESSION
439 in >> is_zero >> tX >> tY;
440 is_zero -= '0';
441#else
442 in.read((char*)&is_zero, 1); // this reads is_zero;
443 is_zero -= '0';
444 consume_OUTPUT_SEPARATOR(in);
445
446 unsigned char Y_lsb;
447 in >> tX;
448 consume_OUTPUT_SEPARATOR(in);
449 in.read((char*)&Y_lsb, 1);
450 Y_lsb -= '0';
451
452 // y = +/- sqrt(x^3 + a*x + b)
453 if (!is_zero)
454 {
455 mnt4_Fq2 tX2 = tX.squared();
456 mnt4_Fq2 tY2 = (tX2 + mnt4_twist_coeff_a ) * tX + mnt4_twist_coeff_b;
457 tY = tY2.sqrt();
458
459 if ((tY.c0.as_bigint().data[0] & 1) != Y_lsb)
460 {
461 tY = -tY;
462 }
463 }
464#endif
465 // using projective coordinates
466 if (!is_zero)
467 {
468 g.X = tX;
469 g.Y = tY;
470 g.Z = mnt4_Fq2::one();
471 }
472 else
473 {
474 g = mnt4_G2::zero();
475 }
476
477 return in;
478}
libff::mnt4_G2::Y
mnt4_Fq2 Y
Definition mnt4_g2.hpp:45
libff::mnt4_G2::X
mnt4_Fq2 X
Definition mnt4_g2.hpp:45
libff::mnt4_G2::Z
mnt4_Fq2 Z
Definition mnt4_g2.hpp:45

◆ operator>>() [33/51]

std::istream & libff::operator>> ( std::istream & in,
mnt6_ate_add_coeffs & ac )

Definition at line 92 of file mnt6_pairing.cpp.

93{
94 in >> ac.c_L1;
95 consume_OUTPUT_SEPARATOR(in);
96 in >> ac.c_RZ;
97
98 return in;
99}

◆ operator>>() [34/51]

std::istream & libff::operator>> ( std::istream & in,
mnt6_ate_dbl_coeffs & dc )

Definition at line 67 of file mnt6_pairing.cpp.

68{
69 in >> dc.c_H;
70 consume_OUTPUT_SEPARATOR(in);
71 in >> dc.c_4C;
72 consume_OUTPUT_SEPARATOR(in);
73 in >> dc.c_J;
74 consume_OUTPUT_SEPARATOR(in);
75 in >> dc.c_L;
76
77 return in;
78}

◆ operator>>() [35/51]

std::istream & libff::operator>> ( std::istream & in,
mnt6_ate_G1_precomp & prec_P )

Definition at line 40 of file mnt6_pairing.cpp.

41{
42 in >> prec_P.PX;
43 consume_OUTPUT_SEPARATOR(in);
44 in >> prec_P.PY;
45 consume_OUTPUT_SEPARATOR(in);
46 in >> prec_P.PX_twist;
47 consume_OUTPUT_SEPARATOR(in);
48 in >> prec_P.PY_twist;
49
50 return in;
51}

◆ operator>>() [36/51]

std::istream & libff::operator>> ( std::istream & in,
mnt6_ate_G2_precomp & prec_Q )

Definition at line 134 of file mnt6_pairing.cpp.

135{
136 in >> prec_Q.QX;
137 consume_OUTPUT_SEPARATOR(in);
138 in >> prec_Q.QY;
139 consume_OUTPUT_SEPARATOR(in);
140 in >> prec_Q.QY2;
141 consume_OUTPUT_SEPARATOR(in);
142 in >> prec_Q.QX_over_twist;
143 consume_OUTPUT_SEPARATOR(in);
144 in >> prec_Q.QY_over_twist;
145 consume_newline(in);
146
147 prec_Q.dbl_coeffs.clear();
148 size_t dbl_s;
149 in >> dbl_s;
150 consume_newline(in);
151
152 prec_Q.dbl_coeffs.reserve(dbl_s);
153
154 for (size_t i = 0; i < dbl_s; ++i)
155 {
156 mnt6_ate_dbl_coeffs dc;
157 in >> dc;
158 consume_OUTPUT_NEWLINE(in);
159 prec_Q.dbl_coeffs.emplace_back(dc);
160 }
161
162 prec_Q.add_coeffs.clear();
163 size_t add_s;
164 in >> add_s;
165 consume_newline(in);
166
167 prec_Q.add_coeffs.reserve(add_s);
168
169 for (size_t i = 0; i < add_s; ++i)
170 {
171 mnt6_ate_add_coeffs ac;
172 in >> ac;
173 consume_OUTPUT_NEWLINE(in);
174 prec_Q.add_coeffs.emplace_back(ac);
175 }
176
177 return in;
178}

◆ operator>>() [37/51]

std::istream & libff::operator>> ( std::istream & in,
mnt6_G1 & g )

Definition at line 409 of file mnt6_g1.cpp.

410{
411 char is_zero;
412 mnt6_Fq tX, tY;
413
414#ifdef NO_PT_COMPRESSION
415 in >> is_zero >> tX >> tY;
416 is_zero -= '0';
417#else
418 in.read((char*)&is_zero, 1); // this reads is_zero;
419 is_zero -= '0';
420 consume_OUTPUT_SEPARATOR(in);
421
422 unsigned char Y_lsb;
423 in >> tX;
424 consume_OUTPUT_SEPARATOR(in);
425 in.read((char*)&Y_lsb, 1);
426 Y_lsb -= '0';
427
428 // y = +/- sqrt(x^3 + a*x + b)
429 if (!is_zero)
430 {
431 mnt6_Fq tX2 = tX.squared();
432 mnt6_Fq tY2 = (tX2 + mnt6_G1::coeff_a) * tX + mnt6_G1::coeff_b;
433 tY = tY2.sqrt();
434
435 if ((tY.as_bigint().data[0] & 1) != Y_lsb)
436 {
437 tY = -tY;
438 }
439 }
440#endif
441 // using projective coordinates
442 if (!is_zero)
443 {
444 g.X = tX;
445 g.Y = tY;
446 g.Z = mnt6_Fq::one();
447 }
448 else
449 {
450 g = mnt6_G1::zero();
451 }
452
453 return in;
454}
libff::mnt6_G1::Z
mnt6_Fq Z
Definition mnt6_g1.hpp:43

◆ operator>>() [38/51]

std::istream & libff::operator>> ( std::istream & in,
mnt6_G2 & g )

Definition at line 440 of file mnt6_g2.cpp.

441{
442 char is_zero;
443 mnt6_Fq3 tX, tY;
444
445#ifdef NO_PT_COMPRESSION
446 in >> is_zero >> tX >> tY;
447 is_zero -= '0';
448#else
449 in.read((char*)&is_zero, 1); // this reads is_zero;
450 is_zero -= '0';
451 consume_OUTPUT_SEPARATOR(in);
452
453 unsigned char Y_lsb;
454 in >> tX;
455 consume_OUTPUT_SEPARATOR(in);
456 in.read((char*)&Y_lsb, 1);
457 Y_lsb -= '0';
458
459 // y = +/- sqrt(x^3 + a*x + b)
460 if (!is_zero)
461 {
462 const mnt6_Fq3 tX2 = tX.squared();
463 const mnt6_Fq3 tY2 = (tX2 + mnt6_twist_coeff_a) * tX + mnt6_twist_coeff_b;
464 tY = tY2.sqrt();
465
466 if ((tY.c0.as_bigint().data[0] & 1) != Y_lsb)
467 {
468 tY = -tY;
469 }
470 }
471#endif
472 // using projective coordinates
473 if (!is_zero)
474 {
475 g.X = tX;
476 g.Y = tY;
477 g.Z = mnt6_Fq3::one();
478 }
479 else
480 {
481 g = mnt6_G2::zero();
482 }
483
484 return in;
485}
libff::mnt6_G2::Z
mnt6_Fq3 Z
Definition mnt6_g2.hpp:45
libff::mnt6_G2::X
mnt6_Fq3 X
Definition mnt6_g2.hpp:45
libff::mnt6_G2::Y
mnt6_Fq3 Y
Definition mnt6_g2.hpp:45

◆ operator>>() [39/51]

template<typename T1 , typename T2 >
std::istream & libff::operator>> ( std::istream & in,
std::map< T1, T2 > & m )

◆ operator>>() [40/51]

template<typename T >
std::istream & libff::operator>> ( std::istream & in,
std::set< T > & s )

◆ operator>>() [41/51]

std::istream & libff::operator>> ( std::istream & in,
std::vector< alt_bn128_G1 > & v )

Definition at line 482 of file alt_bn128_g1.cpp.

483{
484 v.clear();
485
486 size_t s;
487 in >> s;
488 consume_newline(in);
489
490 v.reserve(s);
491
492 for (size_t i = 0; i < s; ++i)
493 {
494 alt_bn128_G1 g;
495 in >> g;
496 consume_OUTPUT_NEWLINE(in);
497 v.emplace_back(g);
498 }
499
500 return in;
501}
Here is the call graph for this function:

◆ operator>>() [42/51]

std::istream & libff::operator>> ( std::istream & in,
std::vector< bn128_G1 > & v )

Definition at line 486 of file bn128_g1.cpp.

487{
488 v.clear();
489
490 size_t s;
491 in >> s;
492 consume_newline(in);
493 v.reserve(s);
494
495 for (size_t i = 0; i < s; ++i)
496 {
497 bn128_G1 g;
498 in >> g;
499 consume_OUTPUT_NEWLINE(in);
500 v.emplace_back(g);
501 }
502 return in;
503}
Here is the call graph for this function:

◆ operator>>() [43/51]

std::istream & libff::operator>> ( std::istream & in,
std::vector< edwards_G1 > & v )

Definition at line 375 of file edwards_g1.cpp.

376{
377 v.clear();
378
379 size_t s;
380 in >> s;
381 v.reserve(s);
382 consume_newline(in);
383
384 for (size_t i = 0; i < s; ++i)
385 {
386 edwards_G1 g;
387 in >> g;
388 v.emplace_back(g);
389 consume_OUTPUT_NEWLINE(in);
390 }
391
392 return in;
393}
Here is the call graph for this function:

◆ operator>>() [44/51]

template<mp_size_t n, const bigint< n > & modulus>
std::istream & libff::operator>> ( std::istream & in,
std::vector< Fp12_2over3over2_model< n, modulus > > & v )

◆ operator>>() [45/51]

template<mp_size_t n, const bigint< n > & modulus>
std::istream & libff::operator>> ( std::istream & in,
std::vector< Fp2_model< n, modulus > > & v )

◆ operator>>() [46/51]

template<mp_size_t n, const bigint< n > & modulus>
std::istream & libff::operator>> ( std::istream & in,
std::vector< Fp3_model< n, modulus > > & v )

◆ operator>>() [47/51]

template<mp_size_t n, const bigint< n > & modulus>
std::istream & libff::operator>> ( std::istream & in,
std::vector< Fp6_2over3_model< n, modulus > > & v )

◆ operator>>() [48/51]

template<mp_size_t n, const bigint< n > & modulus>
std::istream & libff::operator>> ( std::istream & in,
std::vector< Fp6_3over2_model< n, modulus > > & v )

◆ operator>>() [49/51]

std::istream & libff::operator>> ( std::istream & in,
std::vector< mnt4_G1 > & v )

Definition at line 467 of file mnt4_g1.cpp.

468{
469 v.clear();
470
471 size_t s;
472 in >> s;
473
474 consume_newline(in);
475
476 v.reserve(s);
477
478 for (size_t i = 0; i < s; ++i)
479 {
480 mnt4_G1 g;
481 in >> g;
482 consume_OUTPUT_NEWLINE(in);
483 v.emplace_back(g);
484 }
485
486 return in;
487}
Here is the call graph for this function:

◆ operator>>() [50/51]

std::istream & libff::operator>> ( std::istream & in,
std::vector< mnt6_G1 > & v )

Definition at line 467 of file mnt6_g1.cpp.

468{
469 v.clear();
470
471 size_t s;
472 in >> s;
473 consume_newline(in);
474
475 v.reserve(s);
476
477 for (size_t i = 0; i < s; ++i)
478 {
479 mnt6_G1 g;
480 in >> g;
481 consume_OUTPUT_NEWLINE(in);
482 v.emplace_back(g);
483 }
484
485 return in;
486}
Here is the call graph for this function:

◆ operator>>() [51/51]

template<typename T >
std::istream & libff::operator>> ( std::ostream & out,
std::vector< T > & v )

◆ operator^() [1/8]

template<mp_size_t m>
bn128_GT libff::operator^ ( const bn128_GT & rhs,
const bigint< m > & lhs )

Definition at line 44 of file bn128_gt.hpp.

45{
46 return power<bn128_GT, m>(rhs, lhs);
47}
Here is the call graph for this function:

◆ operator^() [2/8]

template<mp_size_t m, const bigint< m > & modulus_p>
bn128_GT libff::operator^ ( const bn128_GT & rhs,
const Fp_model< m, modulus_p > & lhs )

Definition at line 51 of file bn128_gt.hpp.

52{
53 return power<bn128_GT, m>(rhs, lhs.as_bigint());
54}
Here is the call graph for this function:

◆ operator^() [3/8]

template<mp_size_t n, const bigint< n > & modulus, mp_size_t m>
Fp12_2over3over2_model< n, modulus > libff::operator^ ( const Fp12_2over3over2_model< n, modulus > & self,
const bigint< m > & exponent )

◆ operator^() [4/8]

template<mp_size_t n, const bigint< n > & modulus, mp_size_t m, const bigint< m > & exp_modulus>
Fp12_2over3over2_model< n, modulus > libff::operator^ ( const Fp12_2over3over2_model< n, modulus > & self,
const Fp_model< m, exp_modulus > & exponent )

◆ operator^() [5/8]

template<mp_size_t n, const bigint< n > & modulus, mp_size_t m>
Fp4_model< n, modulus > libff::operator^ ( const Fp4_model< n, modulus > & self,
const bigint< m > & exponent )

◆ operator^() [6/8]

template<mp_size_t n, const bigint< n > & modulus, mp_size_t m, const bigint< m > & modulus_p>
Fp4_model< n, modulus > libff::operator^ ( const Fp4_model< n, modulus > & self,
const Fp_model< m, modulus_p > & exponent )

◆ operator^() [7/8]

template<mp_size_t n, const bigint< n > & modulus, mp_size_t m>
Fp6_2over3_model< n, modulus > libff::operator^ ( const Fp6_2over3_model< n, modulus > & self,
const bigint< m > & exponent )

◆ operator^() [8/8]

template<mp_size_t n, const bigint< n > & modulus, mp_size_t m, const bigint< m > & exp_modulus>
Fp6_2over3_model< n, modulus > libff::operator^ ( const Fp6_2over3_model< n, modulus > & self,
const Fp_model< m, exp_modulus > & exponent )

◆ opt_window_wnaf_exp()

template<typename T , mp_size_t n>
T libff::opt_window_wnaf_exp ( const T & base,
const bigint< n > & scalar,
const size_t scalar_bits )

In additive notation, use wNAF exponentiation (with the window size determined by T) to compute scalar * base.

◆ output_bool()

void libff::output_bool ( std::ostream & out,
const bool b )
inline

◆ output_bool_vector()

void libff::output_bool_vector ( std::ostream & out,
const std::vector< bool > & v )
inline

◆ pack_bit_vector_into_field_element_vector() [1/2]

template<typename FieldT >
std::vector< FieldT > libff::pack_bit_vector_into_field_element_vector ( const bit_vector & v)

◆ pack_bit_vector_into_field_element_vector() [2/2]

template<typename FieldT >
std::vector< FieldT > libff::pack_bit_vector_into_field_element_vector ( const bit_vector & v,
const size_t chunk_bits )

◆ pack_int_vector_into_field_element_vector()

template<typename FieldT >
std::vector< FieldT > libff::pack_int_vector_into_field_element_vector ( const std::vector< size_t > & v,
const size_t w )

◆ power() [1/2]

template<typename FieldT , mp_size_t m>
FieldT libff::power ( const FieldT & base,
const bigint< m > & exponent )
Here is the caller graph for this function:

◆ power() [2/2]

template<typename FieldT >
FieldT libff::power ( const FieldT & base,
const unsigned long exponent )

◆ print_compilation_info()

void libff::print_compilation_info ( )

Definition at line 351 of file profiling.cpp.

352{
353#ifdef __GNUC__
354 printf("g++ version: %s\n", __VERSION__);
355 printf("Compiled on %s %s\n", __DATE__, __TIME__);
356#endif
357#ifdef STATIC
358 printf("STATIC: yes\n");
359#else
360 printf("STATIC: no\n");
361#endif
362#ifdef MULTICORE
363 printf("MULTICORE: yes\n");
364#else
365 printf("MULTICORE: no\n");
366#endif
367#ifdef DEBUG
368 printf("DEBUG: yes\n");
369#else
370 printf("DEBUG: no\n");
371#endif
372#ifdef PROFILE_OP_COUNTS
373 printf("PROFILE_OP_COUNTS: yes\n");
374#else
375 printf("PROFILE_OP_COUNTS: no\n");
376#endif
377#ifdef _GLIBCXX_DEBUG
378 printf("_GLIBCXX_DEBUG: yes\n");
379#else
380 printf("_GLIBCXX_DEBUG: no\n");
381#endif
382}
Here is the caller graph for this function:

◆ print_cumulative_op_counts()

void libff::print_cumulative_op_counts ( const bool only_fq)

Definition at line 123 of file profiling.cpp.

124{
125#ifdef PROFILE_OP_COUNTS
126 printf("Dumping operation counts:\n");
127 for (auto& msg : invocation_counts)
128 {
129 printf(" %-45s: ", msg.first.c_str());
130 bool first = true;
131 for (auto& data_point : op_data_points)
132 {
133 if (only_fq && data_point.first.compare(0, 2, "Fq") != 0)
134 {
135 continue;
136 }
137
138 if (!first)
139 {
140 printf(", ");
141 }
142 printf("%-5s = %7.0f (%3zu)",
143 data_point.first.c_str(),
144 1. * cumulative_op_counts[std::make_pair(msg.first, data_point.first)] / msg.second,
145 msg.second);
146 first = false;
147 }
148 printf("\n");
149 }
150#else
151 UNUSED(only_fq);
152#endif
153}
UNUSED
#define UNUSED(x)
Definition yubihsm_pkcs11.c:46

◆ print_cumulative_time_entry()

void libff::print_cumulative_time_entry ( const std::string & key,
const long long factor )

Definition at line 106 of file profiling.cpp.

107{
108 const double total_ms = (cumulative_times.at(key) * 1e-6);
109 const size_t cnt = invocation_counts.at(key);
110 const double avg_ms = total_ms / cnt;
111 printf(" %-45s: %12.5fms = %lld * %0.5fms (%zu invocations, %0.5fms = %lld * %0.5fms per invocation)\n", key.c_str(), total_ms, factor, total_ms/factor, cnt, avg_ms, factor, avg_ms/factor);
112}
Here is the caller graph for this function:

◆ print_cumulative_times()

void libff::print_cumulative_times ( const long long factor)

Definition at line 114 of file profiling.cpp.

115{
116 printf("Dumping times:\n");
117 for (auto& kv : cumulative_times)
118 {
119 print_cumulative_time_entry(kv.first, factor);
120 }
121}
libff::print_cumulative_time_entry
void print_cumulative_time_entry(const std::string &key, const long long factor)
Definition profiling.cpp:106
Here is the call graph for this function:

◆ print_header()

void libff::print_header ( const char * msg)

Definition at line 222 of file profiling.cpp.

223{
224 printf("\n================================================================================\n");
225 printf("%s\n", msg);
226 printf("================================================================================\n\n");
227}

◆ print_indent()

void libff::print_indent ( )

Definition at line 229 of file profiling.cpp.

230{
231 for (size_t i = 0; i < indentation; ++i)
232 {
233 printf(" ");
234 }
235}
Here is the caller graph for this function:

◆ print_mem()

void libff::print_mem ( const std::string & s)

Definition at line 333 of file profiling.cpp.

334{
335#ifndef NO_PROCPS
336 struct proc_t usage;
337 look_up_our_self(&usage);
338 if (s.empty())
339 {
340 printf("* Peak vsize (physical memory+swap) in mebibytes: %lu\n", usage.vsize >> 20);
341 }
342 else
343 {
344 printf("* Peak vsize (physical memory+swap) in mebibytes (%s): %lu\n", s.c_str(), usage.vsize >> 20);
345 }
346#else
347 printf("* Memory profiling not supported in NO_PROCPS mode\n");
348#endif
349}

◆ print_op_profiling()

void libff::print_op_profiling ( const std::string & msg)

Definition at line 155 of file profiling.cpp.

156{
157#ifdef PROFILE_OP_COUNTS
158 printf("\n");
159 print_indent();
160
161 printf("(opcounts) = (");
162 bool first = true;
163 for (std::pair<std::string, long long*> p : op_data_points)
164 {
165 if (!first)
166 {
167 printf(", ");
168 }
169
170 printf("%s=%lld", p.first.c_str(), *(p.second)-op_counts[std::make_pair(msg, p.first)]);
171 first = false;
172 }
173 printf(")");
174#else
175 UNUSED(msg);
176#endif
177}
Here is the call graph for this function:
Here is the caller graph for this function:

◆ print_time()

void libff::print_time ( const char * msg)

Definition at line 200 of file profiling.cpp.

201{
202 if (inhibit_profiling_info)
203 {
204 return;
205 }
206
207 long long now = get_nsec_time();
208 long long cpu_now = get_nsec_cpu_time();
209
210 printf("%-35s\t", msg);
211 print_times_from_last_and_start(now, last_time, cpu_now, last_cpu_time);
212#ifdef PROFILE_OP_COUNTS
213 print_op_profiling(msg);
214#endif
215 printf("\n");
216
217 fflush(stdout);
218 last_time = now;
219 last_cpu_time = cpu_now;
220}
Here is the call graph for this function:

◆ reserialize()

template<typename T >
T libff::reserialize ( const T & obj)
Here is the caller graph for this function:

◆ scalar_mul()

template<typename GroupT , mp_size_t m>
GroupT libff::scalar_mul ( const GroupT & base,
const bigint< m > & scalar )
Here is the caller graph for this function:

◆ serialize_bit_vector()

void libff::serialize_bit_vector ( std::ostream & out,
const bit_vector & v )

Definition at line 108 of file utils.cpp.

109{
110 out << v.size() << "\n";
111 for (size_t i = 0; i < v.size(); ++i)
112 {
113 out << v[i] << "\n";
114 }
115}

◆ SHA512_rng()

template<typename FieldT >
FieldT libff::SHA512_rng ( const uint64_t idx)
Here is the caller graph for this function:

◆ size_in_bits()

template<typename T >
size_t libff::size_in_bits ( const std::vector< T > & v)

◆ start_profiling()

void libff::start_profiling ( )

Definition at line 56 of file profiling.cpp.

57{
58 printf("Reset time counters for profiling\n");
59
60 last_time = start_time = get_nsec_time();
61 last_cpu_time = start_cpu_time = get_nsec_cpu_time();
62}
libff::last_cpu_time
long long last_cpu_time
Definition profiling.cpp:54
libff::start_cpu_time
long long start_cpu_time
Definition profiling.cpp:54
libff::last_time
long long last_time
Definition profiling.cpp:53
libff::get_nsec_time
long long get_nsec_time()
Definition profiling.cpp:32
libff::get_nsec_cpu_time
long long get_nsec_cpu_time()
Definition profiling.cpp:39
libff::start_time
long long start_time
Definition profiling.cpp:53
Here is the call graph for this function:
Here is the caller graph for this function:

◆ to_twos_complement()

size_t libff::to_twos_complement ( int i,
size_t w )

Definition at line 47 of file utils.cpp.

48{
49 assert(i >= -(1l<<(w-1)));
50 assert(i < (1l<<(w-1)));
51 return (i >= 0) ? i : i + (1l<<w);
52}

◆ UNUSED()

template<typename ... Types>
void libff::UNUSED ( Types && ...)

Definition at line 43 of file utils.hpp.

43{}

◆ windowed_exp()

template<typename T , typename FieldT >
T libff::windowed_exp ( const size_t scalar_size,
const size_t window,
const window_table< T > & powers_of_g,
const FieldT & pow )

Variable Documentation

◆ alt_bn128_ate_is_loop_count_neg

bool libff::alt_bn128_ate_is_loop_count_neg

Definition at line 26 of file alt_bn128_init.cpp.

◆ alt_bn128_ate_loop_count

bigint< alt_bn128_q_limbs > libff::alt_bn128_ate_loop_count

Definition at line 25 of file alt_bn128_init.cpp.

◆ alt_bn128_coeff_b

alt_bn128_Fq libff::alt_bn128_coeff_b

Definition at line 17 of file alt_bn128_init.cpp.

◆ alt_bn128_final_exponent

bigint< 12 *alt_bn128_q_limbs > libff::alt_bn128_final_exponent

Definition at line 27 of file alt_bn128_init.cpp.

◆ alt_bn128_final_exponent_is_z_neg

bool libff::alt_bn128_final_exponent_is_z_neg

Definition at line 29 of file alt_bn128_init.cpp.

◆ alt_bn128_final_exponent_z

bigint< alt_bn128_q_limbs > libff::alt_bn128_final_exponent_z

Definition at line 28 of file alt_bn128_init.cpp.

◆ alt_bn128_modulus_q

bigint< alt_bn128_q_limbs > libff::alt_bn128_modulus_q

Definition at line 15 of file alt_bn128_init.cpp.

◆ alt_bn128_modulus_r

bigint< alt_bn128_r_limbs > libff::alt_bn128_modulus_r

Definition at line 14 of file alt_bn128_init.cpp.

◆ alt_bn128_q_bitcount

const mp_size_t libff::alt_bn128_q_bitcount = 254

Definition at line 19 of file alt_bn128_init.hpp.

◆ alt_bn128_q_limbs

const mp_size_t libff::alt_bn128_q_limbs = (alt_bn128_q_bitcount+GMP_NUMB_BITS-1)/GMP_NUMB_BITS

Definition at line 22 of file alt_bn128_init.hpp.

◆ alt_bn128_r_bitcount

const mp_size_t libff::alt_bn128_r_bitcount = 254

Definition at line 18 of file alt_bn128_init.hpp.

◆ alt_bn128_r_limbs

const mp_size_t libff::alt_bn128_r_limbs = (alt_bn128_r_bitcount+GMP_NUMB_BITS-1)/GMP_NUMB_BITS

Definition at line 21 of file alt_bn128_init.hpp.

◆ alt_bn128_twist

alt_bn128_Fq2 libff::alt_bn128_twist

Definition at line 18 of file alt_bn128_init.cpp.

◆ alt_bn128_twist_coeff_b

alt_bn128_Fq2 libff::alt_bn128_twist_coeff_b

Definition at line 19 of file alt_bn128_init.cpp.

◆ alt_bn128_twist_mul_by_b_c0

alt_bn128_Fq libff::alt_bn128_twist_mul_by_b_c0

Definition at line 20 of file alt_bn128_init.cpp.

◆ alt_bn128_twist_mul_by_b_c1

alt_bn128_Fq libff::alt_bn128_twist_mul_by_b_c1

Definition at line 21 of file alt_bn128_init.cpp.

◆ alt_bn128_twist_mul_by_q_X

alt_bn128_Fq2 libff::alt_bn128_twist_mul_by_q_X

Definition at line 22 of file alt_bn128_init.cpp.

◆ alt_bn128_twist_mul_by_q_Y

alt_bn128_Fq2 libff::alt_bn128_twist_mul_by_q_Y

Definition at line 23 of file alt_bn128_init.cpp.

◆ block_names

std::vector<std::string> libff::block_names

Definition at line 76 of file profiling.cpp.

◆ bn128_coeff_b

bn::Fp libff::bn128_coeff_b

Definition at line 18 of file bn128_init.cpp.

◆ bn128_Fq2_nqr_to_t

bn::Fp2 libff::bn128_Fq2_nqr_to_t

Definition at line 25 of file bn128_init.cpp.

◆ bn128_Fq2_s

size_t libff::bn128_Fq2_s

Definition at line 24 of file bn128_init.cpp.

◆ bn128_Fq2_t_minus_1_over_2

mie::Vuint libff::bn128_Fq2_t_minus_1_over_2

Definition at line 26 of file bn128_init.cpp.

◆ bn128_Fq_nqr_to_t

bn::Fp libff::bn128_Fq_nqr_to_t

Definition at line 20 of file bn128_init.cpp.

◆ bn128_Fq_s

size_t libff::bn128_Fq_s

Definition at line 19 of file bn128_init.cpp.

◆ bn128_Fq_t_minus_1_over_2

mie::Vuint libff::bn128_Fq_t_minus_1_over_2

Definition at line 21 of file bn128_init.cpp.

◆ bn128_modulus_q

bigint< bn128_q_limbs > libff::bn128_modulus_q

Definition at line 16 of file bn128_init.cpp.

◆ bn128_modulus_r

bigint< bn128_r_limbs > libff::bn128_modulus_r

Definition at line 15 of file bn128_init.cpp.

◆ bn128_q_bitcount

const mp_size_t libff::bn128_q_bitcount = 254

Definition at line 18 of file bn128_init.hpp.

◆ bn128_q_limbs

const mp_size_t libff::bn128_q_limbs = (bn128_q_bitcount+GMP_NUMB_BITS-1)/GMP_NUMB_BITS

Definition at line 21 of file bn128_init.hpp.

◆ bn128_r_bitcount

const mp_size_t libff::bn128_r_bitcount = 254

Definition at line 17 of file bn128_init.hpp.

◆ bn128_r_limbs

const mp_size_t libff::bn128_r_limbs = (bn128_r_bitcount+GMP_NUMB_BITS-1)/GMP_NUMB_BITS

Definition at line 20 of file bn128_init.hpp.

◆ bn128_twist_coeff_b

bn::Fp2 libff::bn128_twist_coeff_b

Definition at line 23 of file bn128_init.cpp.

◆ cumulative_op_counts

std::map<std::pair<std::string, std::string>, long long> libff::cumulative_op_counts

Definition at line 72 of file profiling.cpp.

◆ cumulative_times

std::map< std::string, long long > libff::cumulative_times

Definition at line 67 of file profiling.cpp.

◆ edwards_ate_loop_count

bigint< edwards_q_limbs > libff::edwards_ate_loop_count

Definition at line 31 of file edwards_init.cpp.

◆ edwards_coeff_a

edwards_Fq libff::edwards_coeff_a

Definition at line 17 of file edwards_init.cpp.

◆ edwards_coeff_d

edwards_Fq libff::edwards_coeff_d

Definition at line 18 of file edwards_init.cpp.

◆ edwards_final_exponent

bigint< 6 *edwards_q_limbs > libff::edwards_final_exponent

Definition at line 32 of file edwards_init.cpp.

◆ edwards_final_exponent_last_chunk_abs_of_w0

bigint< edwards_q_limbs > libff::edwards_final_exponent_last_chunk_abs_of_w0

Definition at line 33 of file edwards_init.cpp.

◆ edwards_final_exponent_last_chunk_is_w0_neg

bool libff::edwards_final_exponent_last_chunk_is_w0_neg

Definition at line 34 of file edwards_init.cpp.

◆ edwards_final_exponent_last_chunk_w1

bigint< edwards_q_limbs > libff::edwards_final_exponent_last_chunk_w1

Definition at line 35 of file edwards_init.cpp.

◆ edwards_modulus_q

bigint< edwards_q_limbs > libff::edwards_modulus_q

Definition at line 15 of file edwards_init.cpp.

◆ edwards_modulus_r

bigint< edwards_r_limbs > libff::edwards_modulus_r

Definition at line 14 of file edwards_init.cpp.

◆ edwards_q_bitcount

const mp_size_t libff::edwards_q_bitcount = 183

Definition at line 18 of file edwards_init.hpp.

◆ edwards_q_limbs

const mp_size_t libff::edwards_q_limbs = (edwards_q_bitcount+GMP_NUMB_BITS-1)/GMP_NUMB_BITS

Definition at line 21 of file edwards_init.hpp.

◆ edwards_r_bitcount

const mp_size_t libff::edwards_r_bitcount = 181

Definition at line 17 of file edwards_init.hpp.

◆ edwards_r_limbs

const mp_size_t libff::edwards_r_limbs = (edwards_r_bitcount+GMP_NUMB_BITS-1)/GMP_NUMB_BITS

Definition at line 20 of file edwards_init.hpp.

◆ edwards_twist

edwards_Fq3 libff::edwards_twist

Definition at line 19 of file edwards_init.cpp.

◆ edwards_twist_coeff_a

edwards_Fq3 libff::edwards_twist_coeff_a

Definition at line 20 of file edwards_init.cpp.

◆ edwards_twist_coeff_d

edwards_Fq3 libff::edwards_twist_coeff_d

Definition at line 21 of file edwards_init.cpp.

◆ edwards_twist_mul_by_a_c0

edwards_Fq libff::edwards_twist_mul_by_a_c0

Definition at line 22 of file edwards_init.cpp.

◆ edwards_twist_mul_by_a_c1

edwards_Fq libff::edwards_twist_mul_by_a_c1

Definition at line 23 of file edwards_init.cpp.

◆ edwards_twist_mul_by_a_c2

edwards_Fq libff::edwards_twist_mul_by_a_c2

Definition at line 24 of file edwards_init.cpp.

◆ edwards_twist_mul_by_d_c0

edwards_Fq libff::edwards_twist_mul_by_d_c0

Definition at line 25 of file edwards_init.cpp.

◆ edwards_twist_mul_by_d_c1

edwards_Fq libff::edwards_twist_mul_by_d_c1

Definition at line 26 of file edwards_init.cpp.

◆ edwards_twist_mul_by_d_c2

edwards_Fq libff::edwards_twist_mul_by_d_c2

Definition at line 27 of file edwards_init.cpp.

◆ edwards_twist_mul_by_q_Y

edwards_Fq libff::edwards_twist_mul_by_q_Y

Definition at line 28 of file edwards_init.cpp.

◆ edwards_twist_mul_by_q_Z

edwards_Fq libff::edwards_twist_mul_by_q_Z

Definition at line 29 of file edwards_init.cpp.

◆ enter_cpu_times

std::map<std::string, long long> libff::enter_cpu_times

Definition at line 69 of file profiling.cpp.

◆ enter_times

std::map<std::string, long long> libff::enter_times

Definition at line 65 of file profiling.cpp.

◆ indentation

size_t libff::indentation = 0

Definition at line 74 of file profiling.cpp.

◆ inhibit_profiling_counters

bool libff::inhibit_profiling_counters = false

Definition at line 96 of file profiling.cpp.

◆ inhibit_profiling_info

bool libff::inhibit_profiling_info = false

Definition at line 95 of file profiling.cpp.

◆ invocation_counts

std::map< std::string, size_t > libff::invocation_counts

Definition at line 64 of file profiling.cpp.

◆ last_cpu_time

long long libff::last_cpu_time

Definition at line 54 of file profiling.cpp.

◆ last_cpu_times

std::map<std::string, long long> libff::last_cpu_times

Definition at line 70 of file profiling.cpp.

◆ last_time

long long libff::last_time

Definition at line 53 of file profiling.cpp.

◆ last_times

std::map< std::string, long long > libff::last_times

Definition at line 66 of file profiling.cpp.

◆ mnt46_A_bitcount

const mp_size_t libff::mnt46_A_bitcount = 298

Definition at line 19 of file mnt46_common.hpp.

◆ mnt46_A_limbs

const mp_size_t libff::mnt46_A_limbs = (mnt46_A_bitcount+GMP_NUMB_BITS-1)/GMP_NUMB_BITS

Definition at line 22 of file mnt46_common.hpp.

◆ mnt46_B_bitcount

const mp_size_t libff::mnt46_B_bitcount = 298

Definition at line 20 of file mnt46_common.hpp.

◆ mnt46_B_limbs

const mp_size_t libff::mnt46_B_limbs = (mnt46_B_bitcount+GMP_NUMB_BITS-1)/GMP_NUMB_BITS

Definition at line 23 of file mnt46_common.hpp.

◆ mnt46_modulus_A

bigint< mnt46_A_limbs > libff::mnt46_modulus_A

Definition at line 18 of file mnt46_common.cpp.

◆ mnt46_modulus_B

bigint< mnt46_B_limbs > libff::mnt46_modulus_B

Definition at line 19 of file mnt46_common.cpp.

◆ mnt4_ate_is_loop_count_neg

bool libff::mnt4_ate_is_loop_count_neg

Definition at line 34 of file mnt4_init.cpp.

◆ mnt4_ate_loop_count

bigint< mnt4_q_limbs > libff::mnt4_ate_loop_count

Definition at line 33 of file mnt4_init.cpp.

◆ mnt4_final_exponent

bigint< 4 *mnt4_q_limbs > libff::mnt4_final_exponent

Definition at line 35 of file mnt4_init.cpp.

◆ mnt4_final_exponent_last_chunk_abs_of_w0

bigint< mnt4_q_limbs > libff::mnt4_final_exponent_last_chunk_abs_of_w0

Definition at line 36 of file mnt4_init.cpp.

◆ mnt4_final_exponent_last_chunk_is_w0_neg

bool libff::mnt4_final_exponent_last_chunk_is_w0_neg

Definition at line 37 of file mnt4_init.cpp.

◆ mnt4_final_exponent_last_chunk_w1

bigint< mnt4_q_limbs > libff::mnt4_final_exponent_last_chunk_w1

Definition at line 38 of file mnt4_init.cpp.

◆ mnt4_modulus_q

bigint<mnt4_q_limbs> libff::mnt4_modulus_q
extern

◆ mnt4_modulus_r

bigint<mnt4_r_limbs> libff::mnt4_modulus_r
extern

◆ mnt4_q_bitcount

const mp_size_t libff::mnt4_q_bitcount = mnt46_B_bitcount

Definition at line 27 of file mnt4_init.hpp.

◆ mnt4_q_limbs

const mp_size_t libff::mnt4_q_limbs = mnt46_B_limbs

Definition at line 30 of file mnt4_init.hpp.

◆ mnt4_r_bitcount

const mp_size_t libff::mnt4_r_bitcount = mnt46_A_bitcount

Definition at line 26 of file mnt4_init.hpp.

◆ mnt4_r_limbs

const mp_size_t libff::mnt4_r_limbs = mnt46_A_limbs

Definition at line 29 of file mnt4_init.hpp.

◆ mnt4_twist

mnt4_Fq2 libff::mnt4_twist

Definition at line 23 of file mnt4_init.cpp.

◆ mnt4_twist_coeff_a

mnt4_Fq2 libff::mnt4_twist_coeff_a

Definition at line 24 of file mnt4_init.cpp.

◆ mnt4_twist_coeff_b

mnt4_Fq2 libff::mnt4_twist_coeff_b

Definition at line 25 of file mnt4_init.cpp.

◆ mnt4_twist_mul_by_a_c0

mnt4_Fq libff::mnt4_twist_mul_by_a_c0

Definition at line 26 of file mnt4_init.cpp.

◆ mnt4_twist_mul_by_a_c1

mnt4_Fq libff::mnt4_twist_mul_by_a_c1

Definition at line 27 of file mnt4_init.cpp.

◆ mnt4_twist_mul_by_b_c0

mnt4_Fq libff::mnt4_twist_mul_by_b_c0

Definition at line 28 of file mnt4_init.cpp.

◆ mnt4_twist_mul_by_b_c1

mnt4_Fq libff::mnt4_twist_mul_by_b_c1

Definition at line 29 of file mnt4_init.cpp.

◆ mnt4_twist_mul_by_q_X

mnt4_Fq libff::mnt4_twist_mul_by_q_X

Definition at line 30 of file mnt4_init.cpp.

◆ mnt4_twist_mul_by_q_Y

mnt4_Fq libff::mnt4_twist_mul_by_q_Y

Definition at line 31 of file mnt4_init.cpp.

◆ mnt6_ate_is_loop_count_neg

bool libff::mnt6_ate_is_loop_count_neg

Definition at line 36 of file mnt6_init.cpp.

◆ mnt6_ate_loop_count

bigint< mnt6_q_limbs > libff::mnt6_ate_loop_count

Definition at line 35 of file mnt6_init.cpp.

◆ mnt6_final_exponent

bigint< 6 *mnt6_q_limbs > libff::mnt6_final_exponent

Definition at line 37 of file mnt6_init.cpp.

◆ mnt6_final_exponent_last_chunk_abs_of_w0

bigint< mnt6_q_limbs > libff::mnt6_final_exponent_last_chunk_abs_of_w0

Definition at line 38 of file mnt6_init.cpp.

◆ mnt6_final_exponent_last_chunk_is_w0_neg

bool libff::mnt6_final_exponent_last_chunk_is_w0_neg

Definition at line 39 of file mnt6_init.cpp.

◆ mnt6_final_exponent_last_chunk_w1

bigint< mnt6_q_limbs > libff::mnt6_final_exponent_last_chunk_w1

Definition at line 40 of file mnt6_init.cpp.

◆ mnt6_modulus_q

bigint<mnt6_q_limbs> libff::mnt6_modulus_q
extern

◆ mnt6_modulus_r

bigint<mnt6_r_limbs> libff::mnt6_modulus_r
extern

◆ mnt6_q_bitcount

const mp_size_t libff::mnt6_q_bitcount = mnt46_A_bitcount

Definition at line 27 of file mnt6_init.hpp.

◆ mnt6_q_limbs

const mp_size_t libff::mnt6_q_limbs = mnt46_A_limbs

Definition at line 30 of file mnt6_init.hpp.

◆ mnt6_r_bitcount

const mp_size_t libff::mnt6_r_bitcount = mnt46_B_bitcount

Definition at line 26 of file mnt6_init.hpp.

◆ mnt6_r_limbs

const mp_size_t libff::mnt6_r_limbs = mnt46_B_limbs

Definition at line 29 of file mnt6_init.hpp.

◆ mnt6_twist

mnt6_Fq3 libff::mnt6_twist

Definition at line 23 of file mnt6_init.cpp.

◆ mnt6_twist_coeff_a

mnt6_Fq3 libff::mnt6_twist_coeff_a

Definition at line 24 of file mnt6_init.cpp.

◆ mnt6_twist_coeff_b

mnt6_Fq3 libff::mnt6_twist_coeff_b

Definition at line 25 of file mnt6_init.cpp.

◆ mnt6_twist_mul_by_a_c0

mnt6_Fq libff::mnt6_twist_mul_by_a_c0

Definition at line 26 of file mnt6_init.cpp.

◆ mnt6_twist_mul_by_a_c1

mnt6_Fq libff::mnt6_twist_mul_by_a_c1

Definition at line 27 of file mnt6_init.cpp.

◆ mnt6_twist_mul_by_a_c2

mnt6_Fq libff::mnt6_twist_mul_by_a_c2

Definition at line 28 of file mnt6_init.cpp.

◆ mnt6_twist_mul_by_b_c0

mnt6_Fq libff::mnt6_twist_mul_by_b_c0

Definition at line 29 of file mnt6_init.cpp.

◆ mnt6_twist_mul_by_b_c1

mnt6_Fq libff::mnt6_twist_mul_by_b_c1

Definition at line 30 of file mnt6_init.cpp.

◆ mnt6_twist_mul_by_b_c2

mnt6_Fq libff::mnt6_twist_mul_by_b_c2

Definition at line 31 of file mnt6_init.cpp.

◆ mnt6_twist_mul_by_q_X

mnt6_Fq libff::mnt6_twist_mul_by_q_X

Definition at line 32 of file mnt6_init.cpp.

◆ mnt6_twist_mul_by_q_Y

mnt6_Fq libff::mnt6_twist_mul_by_q_Y

Definition at line 33 of file mnt6_init.cpp.

◆ op_counts

std::map<std::pair<std::string, std::string>, long long> libff::op_counts

Definition at line 71 of file profiling.cpp.

◆ op_data_points

std::list<std::pair<std::string, long long*> > libff::op_data_points
Initial value:
= {
}

Definition at line 78 of file profiling.cpp.

78 {
79#ifdef PROFILE_OP_COUNTS
80 std::make_pair("Fradd", &Fr<default_ec_pp>::add_cnt),
81 std::make_pair("Frsub", &Fr<default_ec_pp>::sub_cnt),
82 std::make_pair("Frmul", &Fr<default_ec_pp>::mul_cnt),
83 std::make_pair("Frinv", &Fr<default_ec_pp>::inv_cnt),
84 std::make_pair("Fqadd", &Fq<default_ec_pp>::add_cnt),
85 std::make_pair("Fqsub", &Fq<default_ec_pp>::sub_cnt),
86 std::make_pair("Fqmul", &Fq<default_ec_pp>::mul_cnt),
87 std::make_pair("Fqinv", &Fq<default_ec_pp>::inv_cnt),
88 std::make_pair("G1add", &G1<default_ec_pp>::add_cnt),
89 std::make_pair("G1dbl", &G1<default_ec_pp>::dbl_cnt),
90 std::make_pair("G2add", &G2<default_ec_pp>::add_cnt),
91 std::make_pair("G2dbl", &G2<default_ec_pp>::dbl_cnt)
92#endif
93};
libff::Fq
typename EC_ppT::Fq_type Fq
Definition public_params.hpp:86
libff::G1
typename EC_ppT::G1_type G1
Definition public_params.hpp:74
libff::Fr
typename EC_ppT::Fp_type Fr
Definition public_params.hpp:72

◆ PI

const double libff::PI = 3.141592653589793238460264338328L

Definition at line 22 of file double.cpp.

◆ start_cpu_time

long long libff::start_cpu_time

Definition at line 54 of file profiling.cpp.

◆ start_time

long long libff::start_time

Definition at line 53 of file profiling.cpp.