diff --git a/constantine/arithmetic/finite_fields_square_root.nim b/constantine/arithmetic/finite_fields_square_root.nim index 24d07e2..588270d 100644 --- a/constantine/arithmetic/finite_fields_square_root.nim +++ b/constantine/arithmetic/finite_fields_square_root.nim @@ -7,9 +7,9 @@ # at your option. This file may not be copied, modified, or distributed except according to those terms. import - std/macros, ../primitives, ../config/[common, type_fp, curves], + ../curves/addchain_square_roots, ../io/[io_bigints, io_fields], ./bigints, ./finite_fields, ./limbs_montgomery @@ -112,25 +112,11 @@ func sqrt_if_square_p3mod4[C](a: var Fp[C]): SecretBool {.inline.} = # Tonelli Shanks for any prime # ------------------------------------------------------------ -const - # with e = 2adicity - # p == s * 2^e + 1 - # root_of_unity = smallest_quadratic_nonresidue^s - # exponent = (p-1-2^e)/2^e / 2 - TonelliShanks_exponent_BLS12_377 = BigInt[330].fromHex"0x35c748c2f8a21d58c760b80d94292763445b3e601ea271e3de6c45f741290002e16ba88600000010a11" - TonelliShanks_twoAdicity_BLS12_377 = 46 - TonelliShanks_root_of_unity_BLS12_377 = Fp[BLS12_377].fromHex"0x382d3d99cdbc5d8fe9dee6aa914b0ad14fcaca7022110ec6eaa2bc56228ac41ea03d28cc795186ba6b5ef26b00bbe8" - -{.experimental: "dynamicBindSym".} - -macro tsGet(C: static Curve, value: untyped): untyped = - return bindSym("TonelliShanks_" & $value & "_" & $C) - func precompute_tonelli_shanks[C]( a_pre_exp: var Fp[C], a: Fp[C]) = a_pre_exp = a - a_pre_exp.powUnsafeExponent(C.tsGet(exponent)) + a_pre_exp.powUnsafeExponent(C.tonelliShanks(exponent)) func isSquare_tonelli_shanks[C]( a, a_pre_exp: Fp[C]): SecretBool = @@ -139,7 +125,7 @@ func isSquare_tonelli_shanks[C]( ## Tonelli-Shanks based square root and inverse square root ## ## a^((p-1-2^e)/(2*2^e)) - const e = C.tsGet(twoAdicity) + const e = C.tonelliShanks(twoAdicity) var r {.noInit.}: Fp[C] r.square(a_pre_exp) # a^(2(q-1-2^e)/(2*2^e)) = a^((q-1)/2^e - 1) r *= a # a^((q-1)/2^e) @@ -169,13 +155,13 @@ func sqrt_invsqrt_tonelli_shanks[C]( template z: untyped = a_pre_exp template r: untyped = invsqrt var t {.noInit.}: Fp[C] - const e = C.tsGet(twoAdicity) + const e = C.tonelliShanks(twoAdicity) t.square(z) t *= a r = z var b = t - var root = C.tsGet(root_of_unity) + var root = C.tonelliShanks(root_of_unity) var buf {.noInit.}: Fp[C] diff --git a/constantine/curves/addchain_square_roots.nim b/constantine/curves/addchain_square_roots.nim new file mode 100644 index 0000000..23081f0 --- /dev/null +++ b/constantine/curves/addchain_square_roots.nim @@ -0,0 +1,17 @@ +# Constantine +# Copyright (c) 2018-2019 Status Research & Development GmbH +# Copyright (c) 2020-Present Mamy André-Ratsimbazafy +# Licensed and distributed under either of +# * MIT license (license terms in the root directory or at http://opensource.org/licenses/MIT). +# * Apache v2 license (license terms in the root directory or at http://www.apache.org/licenses/LICENSE-2.0). +# at your option. This file may not be copied, modified, or distributed except according to those terms. + +import + std/macros, + ../config/curves, + ./bls12_377_square_root + +{.experimental: "dynamicBindSym".} + +macro tonelliShanks*(C: static Curve, value: untyped): untyped = + return bindSym($C & "_TonelliShanks_" & $value) diff --git a/constantine/curves/bls12_377_square_root.nim b/constantine/curves/bls12_377_square_root.nim new file mode 100644 index 0000000..8f74af7 --- /dev/null +++ b/constantine/curves/bls12_377_square_root.nim @@ -0,0 +1,20 @@ +# Constantine +# Copyright (c) 2018-2019 Status Research & Development GmbH +# Copyright (c) 2020-Present Mamy André-Ratsimbazafy +# Licensed and distributed under either of +# * MIT license (license terms in the root directory or at http://opensource.org/licenses/MIT). +# * Apache v2 license (license terms in the root directory or at http://www.apache.org/licenses/LICENSE-2.0). +# at your option. This file may not be copied, modified, or distributed except according to those terms. + +import + ../config/[curves, type_bigint, type_fp], + ../io/[io_bigints, io_fields] + +const + # with e = 2adicity + # p == s * 2^e + 1 + # root_of_unity = smallest_quadratic_nonresidue^s + # exponent = (p-1-2^e)/2^e / 2 + BLS12_377_TonelliShanks_exponent* = BigInt[330].fromHex"0x35c748c2f8a21d58c760b80d94292763445b3e601ea271e3de6c45f741290002e16ba88600000010a11" + BLS12_377_TonelliShanks_twoAdicity* = 46 + BLS12_377_TonelliShanks_root_of_unity* = Fp[BLS12_377].fromHex"0x382d3d99cdbc5d8fe9dee6aa914b0ad14fcaca7022110ec6eaa2bc56228ac41ea03d28cc795186ba6b5ef26b00bbe8"