codex-storage
/
constantine
mirror of https://github.com/codex-storage/constantine.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Frobenius map over fp12 (works for power 1 and 3 but not 2)

This commit is contained in:
Mamy André-Ratsimbazafy 2020-09-23 01:21:35 +02:00
parent 406d999a9b
commit 0c18f4436c
No known key found for this signature in database
GPG Key ID: 7B88AD1FE79492E1
4 changed files with 65 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
constantine/isogeny/frobenius.nim
View File

@ -47,13 +47,13 @@ template mulCheckSparse[Fp2](a: var Fp2, b: Fp2) =
when b.c0.isOne().bool and b.c1.isZero().bool: when b.c0.isOne().bool and b.c1.isZero().bool:
discard discard
elif b.c0.isZero().bool and b.c1.isOne().bool: elif b.c0.isZero().bool and b.c1.isOne().bool:
var t {.noInit.}: type(b.c0) var t {.noInit.}: type(a.c0)
when fromComplexExtension(b.c0): when fromComplexExtension(b):
t.neg(a.c1) t.neg(a.c1)
a.c1 = a.c0 a.c1 = a.c0
a.c0 = t a.c0 = t
else: else:
t = a.c1 * NonResidue t = NonResidue * a.c1
a.c1 = a.c0 a.c1 = a.c0
a.c0 = t a.c0 = t
elif b.c0.isZero().bool: elif b.c0.isZero().bool:
@ -153,6 +153,21 @@ func frobenius_map*(r: var Fp4, a: Fp4, k: static int = 1) {.inline.} =
r.c1.frobenius_map(a.c1, k) r.c1.frobenius_map(a.c1, k)
r.c1.mulCheckSparse FrobMapConst_BLS12_381[k-1][4-1] r.c1.mulCheckSparse FrobMapConst_BLS12_381[k-1][4-1]
func frobenius_map*(r: var Fp12, a: Fp12, k: static int = 1) {.inline.} =
## Computes a^(p^k)
## The p-power frobenius automorphism on 𝔽p4
static: doAssert r.c0 is Fp4
for r_fp4, a_fp4 in fields(r, a):
for r_fp2, a_fp2 in fields(r_fp4, a_fp4):
r_fp2.frobenius_map(a_fp2)
r.c0.c0.mulCheckSparse FrobMapConst_BLS12_381[k-1][0]
r.c0.c1.mulCheckSparse FrobMapConst_BLS12_381[k-1][3]
r.c1.c0.mulCheckSparse FrobMapConst_BLS12_381[k-1][1]
r.c1.c1.mulCheckSparse FrobMapConst_BLS12_381[k-1][4]
r.c2.c0.mulCheckSparse FrobMapConst_BLS12_381[k-1][2]
r.c2.c1.mulCheckSparse FrobMapConst_BLS12_381[k-1][5]
# ψ (Psi) - Untwist-Frobenius-Twist Endomorphisms on twisted curves # ψ (Psi) - Untwist-Frobenius-Twist Endomorphisms on twisted curves
# ----------------------------------------------------------------- # -----------------------------------------------------------------
# TODO: generate those constants via Sage in a Json file # TODO: generate those constants via Sage in a Json file

13
constantine/pairing/README.md
View File

@ -10,11 +10,24 @@
### Research ### Research
- Compressed Pairings\
Scott, Barreto, 2004\
https://eprint.iacr.org/2004/032.pdf
- On the Implementation of Pairing-based Cryptosystems\ - On the Implementation of Pairing-based Cryptosystems\
PhD Thesis\ PhD Thesis\
Ben Lynn, 2007\ Ben Lynn, 2007\
https://crypto.stanford.edu/pbc/thesis.pdf https://crypto.stanford.edu/pbc/thesis.pdf
- On the final exponentiation for calculating\
pairings on ordinary elliptic curves\
Scott, Benger, Charlemagne, Perez, Kachisa, 2008\
https://eprint.iacr.org/2008/490.pdf
- Faster Squaring in the Cyclotomic Subgroup ofSixth Degree Extensions\
Granger, Scott, 2009\
https://eprint.iacr.org/2009/565.pdf
- Faster Pairing Computations on Curves with High-Degree Twists - Faster Pairing Computations on Curves with High-Degree Twists
Craig Costello, Tanja Lange, and Michael Naehrig, 2009 Craig Costello, Tanja Lange, and Michael Naehrig, 2009
https://eprint.iacr.org/2009/615.pdf https://eprint.iacr.org/2009/615.pdf

33
tests/t_fp12_frobenius.nim Normal file
View File

@ -0,0 +1,33 @@
# Constantine
# Copyright (c) 2018-2019 Status Research & Development GmbH
# Copyright (c) 2020-Present Mamy André-Ratsimbazafy
# Licensed and distributed under either of
# * MIT license (license terms in the root directory or at http://opensource.org/licenses/MIT).
# * Apache v2 license (license terms in the root directory or at http://www.apache.org/licenses/LICENSE-2.0).
# at your option. This file may not be copied, modified, or distributed except according to those terms.
import
# Internals
../constantine/towers,
../constantine/config/curves,
# Test utilities
./t_fp_tower_frobenius_template
const TestCurves = [
# BN254_Nogami
# BN254_Snarks,
# BLS12_377,
BLS12_381,
# BN446
# FKM12_447
# BLS12_461
# BN462
]
runFrobeniusTowerTests(
ExtDegree = 12,
Iters = 8,
TestCurves = TestCurves,
moduleName = "test_fp12_frobenius",
testSuiteDesc = "𝔽p12 Frobenius map: Frobenius(a, k) = a^(p^k) (mod p^12)"
)

8
tests/t_fp_tower_frobenius_template.nim
View File

@ -83,22 +83,16 @@ proc runFrobeniusTowerTests*[N](
test "Frobenius(a, 2) = a^(p^2) (mod p^" & $ExtDegree & ")": test "Frobenius(a, 2) = a^(p^2) (mod p^" & $ExtDegree & ")":
proc test(Field: typedesc, Iters: static int, gen: RandomGen) = proc test(Field: typedesc, Iters: static int, gen: RandomGen) =
for _ in 0 ..< 1: for _ in 0 ..< Iters:
var a = rng.random_elem(Field, gen) var a = rng.random_elem(Field, gen)
var fa {.noInit.}: typeof(a) var fa {.noInit.}: typeof(a)
fa.frobenius_map(a, k = 2) fa.frobenius_map(a, k = 2)
var fa2 {.noInit.}: typeof(a)
fa2.frobenius_map(a, k = 1)
fa2.frobenius_map(fa2, k = 1)
a.powUnsafeExponent(Field.C.Mod, window = 3) a.powUnsafeExponent(Field.C.Mod, window = 3)
a.powUnsafeExponent(Field.C.Mod, window = 3) a.powUnsafeExponent(Field.C.Mod, window = 3)
check: check:
bool(a == fa) bool(a == fa)
bool(a == fa2)
bool(fa == fa2)
staticFor(curve, TestCurves): staticFor(curve, TestCurves):
test(ExtField(ExtDegree, curve), Iters, gen = Uniform) test(ExtField(ExtDegree, curve), Iters, gen = Uniform)