Implement Chung-Hasan SQR3

2020-04-15 03:18:23 +02:00 · 2020-04-15 03:18:23 +02:00 · 4ccea4fcff
parent aff44f4d8e
commit 4ccea4fcff
1 changed files with 62 additions and 14 deletions
--- a/constantine/tower_field_extensions/cubic_extensions.nim
+++ b/constantine/tower_field_extensions/cubic_extensions.nim
@ -13,22 +13,37 @@ import
 # Commutative ring implementation for Cubic Extension Fields
 # -------------------------------------------------------------------
 # Cubic extensions can use specific squaring procedures
 # beyond Schoolbook and Karatsuba:
 # - Chung-Hasan (3 different algorithms)
 # - Toom-Cook-3x
 #
 # Chung-Hasan papers
 # http://cacr.uwaterloo.ca/techreports/2006/cacr2006-24.pdf
 # https://www.lirmm.fr/arith18/papers/Chung-Squaring.pdf
 #
 # The papers focus on polynomial squaring, they have been adapted
 # to towered extension fields with the relevant costs in
 #
 # - Multiplication and Squaring on Pairing-Friendly Fields
 #   Augusto Jun Devegili and Colm Ó hÉigeartaigh and Michael Scott and Ricardo Dahab, 2006
 #   https://eprint.iacr.org/2006/471
 #
 # Costs in the underlying field
 # M: Mul, S: Square, A: Add/Sub, B: Mul by non-residue
 #
 # | Method      | > Linear | Linear            |
 # |-------------|----------|-------------------|
 # | Schoolbook  | 3M + 3S  | 6A + 2B           |
 # | Karatsuba   | 6S       | 13A + 2B          |
 # | Tom-Cook-3x | 5S       | 33A + 2B          |
 # | CH-SQR1     | 3M + 2S  | 11A + 2B          |
 # | CH-SQR2     | 2M + 3S  | 10A + 2B          |
 # | CH-SQR3     | 1M + 4S  | 11A + 2B + 1 Div2 |
 # | CH-SQR3x    | 1M + 4S  | 14A + 2B          |
-func square*(r: var CubicExt, a: CubicExt) =
+func square_Chung_Hasan_SQR2(r: var CubicExt, a: CubicExt) =
  ## Returns r = a²
  # Algorithm is Chung-Hasan Squaring SQR2
  # http://cacr.uwaterloo.ca/techreports/2006/cacr2006-24.pdf
  # https://www.lirmm.fr/arith18/papers/Chung-Squaring.pdf
  #
  # Cost in base field operation
  # M -> Mul, S -> Square, B -> Bitshift (doubling/div2), A -> Add
  #
  # SQR1:        3M + 2S + 5B + 9A
  # SQR2:        2M + 3S + 5B + 11A
  # SQR3:        1M + 4S + 6B + 15A
  # Schoolbook:  3S + 3M + 6B + 2A
  #
  # TODO: Implement all variants, bench and select one depending on number of limbs and extension degree.
  mixin prod, square, sum
  var v3{.noInit.}, v4{.noInit.}, v5{.noInit.}: typeof(r.c0)
@ -50,6 +65,39 @@ func square*(r: var CubicExt, a: CubicExt) =
  r.c2 += v5
  r.c2 -= v3
 func square_Chung_Hasan_SQR3(r: var CubicExt, a: CubicExt) =
  ## Returns r = a²
  mixin prod, square, sum
  var v0{.noInit.}, v2{.noInit.}: typeof(r.c0)
  r.c1.sum(a.c0, a.c2)  # r1 = a0 + a2
  v2.diff(r.c1, a.c1)   # v2 = a0 - a1 + a2
  r.c1 += a.c1          # r1 = a0 + a1 + a2
  r.c1.square()         # r1 = (a0 + a1 + a2)²
  v2.square()           # v2 = (a0 - a1 + a2)²
  r.c2.sum(r.c1, v2)    # r2 = (a0 + a1 + a2)² + (a0 - a1 + a2)²
  r.c2.div2()           # r2 = ((a0 + a1 + a2)² + (a0 - a1 + a2)²)/2
  r.c0.prod(a.c1, a.c2) # r0 = a1 a2
  r.c0.double()         # r0 = 2 a1 a2
  v2.square(a.c2)       # v2 = a2²
  r.c1 += β * v2        # r1 = (a0 + a1 + a2)² + β a2²
  r.c1 -= r.c0          # r1 = (a0 + a1 + a2)² - 2 a1 a2 + β a2²
  r.c1 -= r.c2          # r1 = (a0 + a1 + a2)² - 2 a1 a2 - ((a0 + a1 + a2)² + (a0 - a1 + a2)²)/2 + β a2²
  v0.square(a.c0)       # v0 = a0²
  r.c0 *= β             # r0 = β 2 a1 a2
  r.c0 += v0            # r0 = a0² + β 2 a1 a2
  r.c2 -= v0            # r2 = ((a0 + a1 + a2)² + (a0 - a1 + a2)²)/2 - a0²
  r.c2 -= v2            # r2 = ((a0 + a1 + a2)² + (a0 - a1 + a2)²)/2 - a0² - a2²
 func square*(r: var CubicExt, a: CubicExt) {.inline.} =
  ## Returns r = a²
  square_Chung_Hasan_SQR3(r, a)
 func prod*(r: var CubicExt, a, b: CubicExt) =
  ## Returns r = a * b
  ##