mirror of
https://github.com/status-im/eth2.0-specs.git
synced 2025-01-28 03:15:17 +00:00
Merge pull request #509 from ethereum/vbuterin-patch-6
Modular squareroot clarification
This commit is contained in:
commit
61e0cc8a81
@ -86,19 +86,23 @@ def hash_to_G2(message: bytes32, domain: uint64) -> [uint384]:
|
|||||||
|
|
||||||
### `modular_squareroot`
|
### `modular_squareroot`
|
||||||
|
|
||||||
`modular_squareroot(x)` returns a solution `y` to `y**2 % q == x`, and `None` if none exists. If there are two solutions the one with higher imaginary component is favored; if both solutions have equal imaginary component the one with higher real component is favored.
|
`modular_squareroot(x)` returns a solution `y` to `y**2 % q == x`, and `None` if none exists. If there are two solutions the one with higher imaginary component is favored; if both solutions have equal imaginary component the one with higher real component is favored (note that this is equivalent to saying that the single solution with either imaginary component > p/2 or imaginary component zero and real component > p/2 is favored).
|
||||||
|
|
||||||
|
The following is a sample implementation; implementers are free to implement modular square roots as they wish. Note that `x2 = -x1` is an _additive modular inverse_ so real and imaginary coefficients remain in `[0 .. q-1]`. `coerce_to_int(element: Fq) -> int` is a function that takes Fq element `element` (ie. integers `mod q`) and converts it to a regular integer.
|
||||||
|
|
||||||
```python
|
```python
|
||||||
Fq2_order = q ** 2 - 1
|
Fq2_order = q ** 2 - 1
|
||||||
eighth_roots_of_unity = [Fq2([1,1]) ** ((Fq2_order * k) // 8) for k in range(8)]
|
eighth_roots_of_unity = [Fq2([1,1]) ** ((Fq2_order * k) // 8) for k in range(8)]
|
||||||
|
|
||||||
def modular_squareroot(value: int) -> int:
|
def modular_squareroot(value: Fq2) -> Fq2:
|
||||||
candidate_squareroot = value ** ((Fq2_order + 8) // 16)
|
candidate_squareroot = value ** ((Fq2_order + 8) // 16)
|
||||||
check = candidate_squareroot ** 2 / value
|
check = candidate_squareroot ** 2 / value
|
||||||
if check in eighth_roots_of_unity[::2]:
|
if check in eighth_roots_of_unity[::2]:
|
||||||
x1 = candidate_squareroot / eighth_roots_of_unity[eighth_roots_of_unity.index(check) // 2]
|
x1 = candidate_squareroot / eighth_roots_of_unity[eighth_roots_of_unity.index(check) // 2]
|
||||||
x2 = -x1
|
x2 = -x1
|
||||||
return x1 if (x1.coeffs[1].n, x1.coeffs[0].n) > (x2.coeffs[1].n, x2.coeffs[0].n) else x2
|
x1_re, x1_im = coerce_to_int(x1.coeffs[0]), coerce_to_int(x1.coeffs[1])
|
||||||
|
x2_re, x2_im = coerce_to_int(x2.coeffs[0]), coerce_to_int(x2.coeffs[1])
|
||||||
|
return x1 if (x1_im > x2_im or (x1_im == x2_im and x1_re > x2_re)) else x2
|
||||||
return None
|
return None
|
||||||
```
|
```
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user