Wire Sysio Wire Sysion 1.0.0
Loading...
Searching...
No Matches
sample.cpp
Go to the documentation of this file.
1/*
2 a tiny sample of optimal ate pairing
3*/
4#include "bn.h"
5#include "test_point.hpp"
6
7static int errNum = 0;
8
9template<class T, class S>
10void verify(const char *msg, const T& a, const S& b)
11{
12 if (a == b) {
13 printf("%s : ok\n", msg);
14 } else {
15 printf("%s : ng\n", msg);
16 PUT(a);
17 PUT(b);
18 errNum++;
19 }
20}
21
22void sample1(const bn::CurveParam& cp)
23{
24 using namespace bn;
25 // init my library
26 Param::init(cp);
27 // prepair a generator
28 const Point& pt = selectPoint(cp);
29 const Fp2 g2[3] = {
30 Fp2(Fp(pt.g2.aa), Fp(pt.g2.ab)),
31 Fp2(Fp(pt.g2.ba), Fp(pt.g2.bb)),
32 Fp2(1, 0),
33 };
34 const Fp g1[3] = { pt.g1.a, pt.g1.b, 1 };
35 // verify g2 and g1 on curve
36 verify("g1 is on EC", ecop::isOnECJac3(g1), true);
37 verify("g2 is on twist EC", ecop::isOnTwistECJac3(g2), true);
38 puts("order of group");
39 PUT(Param::r);
40 PUT(Param::p);
41 PUT(Param::t);
42 {
43 Fp t[3];
44 ecop::ScalarMult(t, g1, Param::r);
45 // (x, y, 0) means 0 at Jacobi coordinate
46 verify("orgder of g1 == r", t[2], 0);
47 }
48 {
49 Fp2 t[3];
50 ecop::ScalarMult(t, g2, Param::r);
51 verify("order of g2 == r", t[2], 0);
52 }
53 const char *aStr = "123456789012345";
54 const char *bStr = "998752342342342342424242421";
55 const mie::Vuint a(aStr);
56 const mie::Vuint b(bStr);
57
58 // scalar-multiplication sample
59 {
60 Fp Pa[3];
61 Fp Pb[3];
62 Fp Pc[3];
63 Fp out[3];
64 const mie::Vuint c = a + b;
65
66 ecop::ScalarMult(Pa, g1, a); // Pa = g1 * a
67 ecop::ScalarMult(Pb, g1, b); // Pb = g1 * b
68 ecop::ScalarMult(Pc, g1, c); // Pc = g1 * (a + b)
69 ecop::ECAdd(out, Pa, Pb); // g1 * a + g1 * b
70 ecop::NormalizeJac(Pc, Pc);
71 ecop::NormalizeJac(out, out);
72 std::cout << std::hex;
73 verify("check g1 * c = g1 * a + g1 * b", Pc[0] == out[0] && Pc[1] == out[1] && Pc[2] == out[2], true);
74
75#ifdef MIE_ATE_USE_GMP
76 {
77 mpz_class aa(aStr);
78 mpz_class bb(bStr);
79 mpz_class cc = aa + bb;
80 Fp Paa[3];
81 Fp Pbb[3];
82 Fp Pcc[3];
83 ecop::ScalarMult(Paa, g1, aa); // Pa = g1 * a
84 ecop::ScalarMult(Pbb, g1, bb); // Pb = g1 * b
85 ecop::ScalarMult(Pcc, g1, cc); // Pc = g1 * (a + b)
86 ecop::NormalizeJac(Pcc, Pcc);
87 verify("gmp Paa == Pa", Paa[0] == Pa[0] && Paa[1] == Pa[1] && Paa[2] == Pa[2], true);
88 verify("gmp Pbb == Pb", Pbb[0] == Pb[0] && Pbb[1] == Pb[1] && Pbb[2] == Pb[2], true);
89 verify("gmp Pcc == Pc", Pcc[0] == Pc[0] && Pcc[1] == Pc[1] && Pcc[2] == Pc[2], true);
90 }
91#endif
92 }
93
94 Fp12 e;
95 // calc e : G2 x G1 -> G3 pairing
96 opt_atePairingJac<Fp>(e, g2, g1); // e = e(g2, g1)
97 PUT(e);
98 {
99 Fp12 t = power(e, Param::r);
100 verify("order of e == r", t, 1);
101 }
102 Fp2 g2a[3];
103 ecop::ScalarMult(g2a, g2, a); // g2a = g2 * a
104 Fp12 ea1;
105 opt_atePairingJac<Fp>(ea1, g2a, g1); // ea1 = e(g2a, g1)
106 Fp12 ea2 = power(e, a); // ea2 = e^a
107 verify("e(g2 * a, g1) = e(g2, g1)^a", ea1, ea2);
108
109 Fp g1b[3];
110 ecop::ScalarMult(g1b, g1, b); // g1b = g1 * b
111 Fp12 eb1;
112 opt_atePairingJac<Fp>(eb1, g2, g1b); // eb1 = e(g2, g1b)
113 Fp12 eb2 = power(e, b); // eb2 = e^b
114 verify("e(g2a, g1 * b) = e(g2, g1)^b", eb1, eb2);
115
116 Fp q1[3];
117 ecop::ScalarMult(q1, g1, 12345);
118
119 verify("q1 is on EC", ecop::isOnECJac3(q1), true);
120 Fp12 e1, e2;
121 opt_atePairingJac<Fp>(e1, g2, g1); // e1 = e(g2, g1)
122 opt_atePairingJac<Fp>(e2, g2, q1); // e2 = e(g2, q1)
123 Fp q2[3];
124 ecop::ECAdd(q2, g1, q1); // q2 = g1 + q1
125 opt_atePairingJac<Fp>(e, g2, q2); // e = e(g2, q2)
126 verify("e = e1 * e2", e, e1 * e2);
127}
128
129void sample2(const bn::CurveParam& cp)
130{
131 using namespace bn;
132 // init my library
133 Param::init(cp);
134 const Point& pt = selectPoint(cp);
135 const Ec2 g2(
136 Fp2(Fp(pt.g2.aa), Fp(pt.g2.ab)),
137 Fp2(Fp(pt.g2.ba), Fp(pt.g2.bb))
138 );
139 const Ec1 g1(pt.g1.a, pt.g1.b);
140 // verify g2 and g1 on curve
141 verify("g1 is on EC", g1.isValid(), true);
142 verify("g2 is on twist EC", g2.isValid(), true);
143 puts("order of group");
144 PUT(Param::r);
145 {
146 Ec1 t = g1 * Param::r;
147 // Ec1::mul(t, g1, Param::r);
148 verify("orgder of g1 == r", t.isZero(), true);
149 }
150 {
151 Ec2 t = g2 * Param::r;
152 // Ec2::mul(t, g2, Param::r);
153 verify("order of g2 == r", t.isZero(), true);
154 }
155 const char *aStr = "123456789012345";
156 const char *bStr = "998752342342342342424242421";
157 const mie::Vuint a(aStr);
158 const mie::Vuint b(bStr);
159
160 // scalar-multiplication sample
161 {
162 const mie::Vuint c = a + b;
163 Ec1 Pa = g1 * a;
164 Ec1 Pb = g1 * b;
165 Ec1 Pc = g1 * c;
166 Ec1 out = Pa + Pb;
167
168 verify("check g1 * c = g1 * a + g1 * b", Pc, out);
169#ifdef MIE_ATE_USE_GMP
170 {
171 mpz_class aa(aStr);
172 mpz_class bb(bStr);
173 mpz_class cc = aa + bb;
174 Ec1 Paa = g1 * aa;
175 Ec1 Pbb = g1 * bb;
176 Ec1 Pcc = g1 * cc;
177 verify("gmp Paa == Pa", Paa, Pa);
178 verify("gmp Pbb == Pb", Pbb, Pb);
179 verify("gmp Pcc == Pc", Pcc, Pc);
180 }
181#endif
182 }
183
184 Fp12 e;
185 // calc e : G2 x G1 -> G3 pairing
186 opt_atePairing(e, g2, g1); // e = e(g2, g1)
187 PUT(e);
188 {
189 Fp12 t = power(e, Param::r);
190 verify("order of e == r", t, 1);
191 }
192 Ec2 g2a = g2 * a;
193 // Ec2::mul(g2a, g2, a);
194 Fp12 ea1;
195 opt_atePairing(ea1, g2a, g1); // ea1 = e(g2a, g1)
196 Fp12 ea2 = power(e, a); // ea2 = e^a
197 verify("e(g2 * a, g1) = e(g2, g1)^a", ea1, ea2);
198
199 Ec1 g1b = g1 * b;
200 // Ec1::mul(g1b, g1, b);
201 Fp12 eb1;
202 opt_atePairing(eb1, g2, g1b); // eb1 = e(g2, g1b)
203 Fp12 eb2 = power(e, b); // eb2 = e^b
204 verify("e(g2a, g1 * b) = e(g2, g1)^b", eb1, eb2);
205
206 Ec1 q1 = g1 * 12345;
207 verify("q1 is on EC", q1.isValid(), true);
208 Fp12 e1, e2;
209 opt_atePairing(e1, g2, g1); // e1 = e(g2, g1)
210 opt_atePairing(e2, g2, q1); // e2 = e(g2, q1)
211 Ec1 q2 = g1 + q1;
212 opt_atePairing(e, g2, q2); // e = e(g2, q2)
213 verify("e = e1 * e2", e, e1 * e2);
214
215 /*
216 reduce one copy as the following
217 */
218 Ec2::mul(g2a, g2, a); // g2a = g2 * a
219 Ec1::mul(g1b, g1, b);
220 verify("g2a == g2 * a", g2a, g2 * a);
221 verify("g1b == g1 * b", g1b, g1 * b);
222}
223
224void multi(const bn::CurveParam& cp)
225{
226 using namespace bn;
227 // init my library
228 Param::init(cp);
229 const Point& pt = selectPoint(cp);
230 const Ec2 g2(
231 Fp2(Fp(pt.g2.aa), Fp(pt.g2.ab)),
232 Fp2(Fp(pt.g2.ba), Fp(pt.g2.bb))
233 );
234 const Ec1 g1(pt.g1.a, pt.g1.b);
235 const size_t N = 10;
236 const int c = 234567;
237 std::vector<Ec1> g1s;
238 g1s.resize(N);
239
240 for (size_t i = 0; i < N; i++) {
241 Ec1::mul(g1s[i], g1, c + i);
242 g1s[i] = g1 * (c + i);
243 g1s[i].normalize();
244 }
245 std::vector<Fp6> Qcoeff;
246 Fp2 precQ[3];
247 bn::components::precomputeG2(Qcoeff, precQ, g2.p);
248 for (size_t i = 0; i < N; i++) {
249 Fp12 e1;
250 bn::components::millerLoop(e1, Qcoeff, g1s[i].p);
251 e1.final_exp();
252 Fp12 e2;
253 opt_atePairing(e2, g2, g1s[i]);
254 if (e1 != e2) {
255 printf("err multi %d\n", (int)i);
256 }
257 }
258}
259
260int main(int argc, char *argv[])
261{
262#ifdef BN_SUPPORT_SNARK
263 int b = 3;
264 if (argc >= 2) {
265 b = atoi(argv[1]);
266 if (b != 3 && b != 82) {
267 printf("not support b=%d\n", b);
268 return 1;
269 }
270 }
271 printf("SNARK b = %d\n", b);
272 bn::CurveParam cp = bn::CurveSNARK1;
273 cp.b = b;
274#else
275 if (argc > 1 && argv[1]) {
276 printf("not support\n");
277 return 1;
278 }
279 bn::CurveParam cp = bn::CurveFp254BNb;
280#endif
281 puts("sample1");
282 sample1(cp);
283 puts("sample2");
284 sample2(cp);
285 puts("multi");
286 multi(cp);
287 printf("errNum = %d\n", errNum);
288}
p
const mie::Vuint & p
Definition bn.cpp:27
bn.h
BN parameter.
Ec1::isZero
bool isZero() const
Definition bn254_if.hpp:186
Ec1::isValid
bool isValid() const
Definition bn254_if.hpp:165
Ec1::mul
void mul(const Mpz &rhs)
Definition bn254_if.hpp:192
Ec2::isValid
bool isValid() const
Definition bn254_if.hpp:212
Ec2::mul
void mul(const Mpz &rhs)
Definition bn254_if.hpp:239
Ec2::isZero
bool isZero() const
Definition bn254_if.hpp:233
argv
char ** argv
Definition hello_driver.cpp:52
PUT
#define PUT(x)
Definition java_api.cpp:8
bn::components::millerLoop
void millerLoop(Fp12 &f, const std::vector< Fp6 > &Qcoeff, const Fp precP[2])
Definition bn.h:3060
bn::components::precomputeG2
void precomputeG2(std::vector< Fp6 > &coeff, Fp2 Q[3], const Fp2 inQ[3])
Definition bn.h:2997
bn
Definition bn.h:56
bn::CurveFp254BNb
const CurveParam CurveFp254BNb
Definition bn.h:84
main
int main()
Definition platform_timer_posix_test.c:5
a
const GenericPointer< typename T::ValueType > T2 T::AllocatorType & a
Definition pointer.h:1181
T
#define T(meth, val, expected)
N
const int N
Definition quantize.cpp:54
verify
void verify(const char *msg, const T &a, const S &b)
Definition sample.cpp:10
sample1
void sample1(const bn::CurveParam &cp)
Definition sample.cpp:22
sample2
void sample2(const bn::CurveParam &cp)
Definition sample.cpp:129
multi
void multi(const bn::CurveParam &cp)
Definition sample.cpp:224
Point::g2
struct Point::G2 g2
Point::g1
struct Point::G1 g1
bn::CurveParam::b
int b
Definition bn.h:67
test_point.hpp
selectPoint
const Point & selectPoint(const bn::CurveParam &cp)
Definition test_point.hpp:59