http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/src/pair192.c.in ---------------------------------------------------------------------- diff --git a/src/pair192.c.in b/src/pair192.c.in new file mode 100644 index 0000000..a3b6e32 --- /dev/null +++ b/src/pair192.c.in @@ -0,0 +1,652 @@ +/* +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +*/ + +/* AMCL BLS Curve pairing functions */ + +//#define HAS_MAIN + +#include "pair192_ZZZ.h" + + +/* Line function */ +static void PAIR_ZZZ_line(FP24_YYY *v,ECP4_ZZZ *A,ECP4_ZZZ *B,FP_YYY *Qx,FP_YYY *Qy) +{ + FP4_YYY X1,Y1,T1,T2; + FP4_YYY XX,YY,ZZ,YZ; + FP8_YYY a,b,c; + + if (A==B) + { + /* doubling */ + FP4_YYY_copy(&XX,&(A->x)); //FP4_YYY XX=new FP4_YYY(A.getx()); //X + FP4_YYY_copy(&YY,&(A->y)); //FP4_YYY YY=new FP4_YYY(A.gety()); //Y + FP4_YYY_copy(&ZZ,&(A->z)); //FP4_YYY ZZ=new FP4_YYY(A.getz()); //Z + + + FP4_YYY_copy(&YZ,&YY); //FP4_YYY YZ=new FP4_YYY(YY); //Y + FP4_YYY_mul(&YZ,&YZ,&ZZ); //YZ.mul(ZZ); //YZ + FP4_YYY_sqr(&XX,&XX); //XX.sqr(); //X^2 + FP4_YYY_sqr(&YY,&YY); //YY.sqr(); //Y^2 + FP4_YYY_sqr(&ZZ,&ZZ); //ZZ.sqr(); //Z^2 + + FP4_YYY_imul(&YZ,&YZ,4); //YZ.imul(4); + FP4_YYY_neg(&YZ,&YZ); //YZ.neg(); + FP4_YYY_norm(&YZ); //YZ.norm(); //-4YZ + + FP4_YYY_imul(&XX,&XX,6); //6X^2 + FP4_YYY_qmul(&XX,&XX,Qx); //6X^2.Xs + + FP4_YYY_imul(&ZZ,&ZZ,3*CURVE_B_I_ZZZ); //3Bz^2 + + FP4_YYY_qmul(&YZ,&YZ,Qy); //-4YZ.Ys + +#if SEXTIC_TWIST_ZZZ==D_TYPE + FP4_YYY_div_2i(&ZZ); //6(b/i)z^2 +#endif +#if SEXTIC_TWIST_ZZZ==M_TYPE + FP4_YYY_times_i(&ZZ); + FP4_YYY_add(&ZZ,&ZZ,&ZZ); // 6biz^2 + FP4_YYY_times_i(&YZ); + FP4_YYY_norm(&YZ); +#endif + FP4_YYY_norm(&ZZ); // 6bi.Z^2 + + FP4_YYY_add(&YY,&YY,&YY); // 2y^2 + FP4_YYY_sub(&ZZ,&ZZ,&YY); // + FP4_YYY_norm(&ZZ); // 6b.Z^2-2Y^2 + + FP8_YYY_from_FP4s(&a,&YZ,&ZZ); // -4YZ.Ys | 6b.Z^2-2Y^2 | 6X^2.Xs +#if SEXTIC_TWIST_ZZZ==D_TYPE + FP8_YYY_from_FP4(&b,&XX); + FP8_YYY_zero(&c); +#endif +#if SEXTIC_TWIST_ZZZ==M_TYPE + FP8_YYY_zero(&b); + FP8_YYY_from_FP4H(&c,&XX); +#endif + + ECP4_ZZZ_dbl(A); //A.dbl(); + } + else + { + /* addition */ + + FP4_YYY_copy(&X1,&(A->x)); //FP4_YYY X1=new FP4_YYY(A.getx()); // X1 + FP4_YYY_copy(&Y1,&(A->y)); //FP4_YYY Y1=new FP4_YYY(A.gety()); // Y1 + FP4_YYY_copy(&T1,&(A->z)); //FP4_YYY T1=new FP4_YYY(A.getz()); // Z1 + + FP4_YYY_copy(&T2,&T1); //FP4_YYY T2=new FP4_YYY(A.getz()); // Z1 + + FP4_YYY_mul(&T1,&T1,&(B->y)); //T1.mul(B.gety()); // T1=Z1.Y2 + FP4_YYY_mul(&T2,&T2,&(B->x)); //T2.mul(B.getx()); // T2=Z1.X2 + + FP4_YYY_sub(&X1,&X1,&T2); //X1.sub(T2); + FP4_YYY_norm(&X1); //X1.norm(); // X1=X1-Z1.X2 + FP4_YYY_sub(&Y1,&Y1,&T1); //Y1.sub(T1); + FP4_YYY_norm(&Y1); //Y1.norm(); // Y1=Y1-Z1.Y2 + + FP4_YYY_copy(&T1,&X1); //T1.copy(X1); // T1=X1-Z1.X2 + + FP4_YYY_qmul(&X1,&X1,Qy); //X1.pmul(Qy); // X1=(X1-Z1.X2).Ys +#if SEXTIC_TWIST_ZZZ==M_TYPE + FP4_YYY_times_i(&X1); + FP4_YYY_norm(&X1); +#endif + + FP4_YYY_mul(&T1,&T1,&(B->y)); //T1.mul(B.gety()); // T1=(X1-Z1.X2).Y2 + + FP4_YYY_copy(&T2,&Y1); //T2.copy(Y1); // T2=Y1-Z1.Y2 + FP4_YYY_mul(&T2,&T2,&(B->x)); //T2.mul(B.getx()); // T2=(Y1-Z1.Y2).X2 + FP4_YYY_sub(&T2,&T2,&T1); //T2.sub(T1); + FP4_YYY_norm(&T2); //T2.norm(); // T2=(Y1-Z1.Y2).X2 - (X1-Z1.X2).Y2 + FP4_YYY_qmul(&Y1,&Y1,Qx); //Y1.pmul(Qx); + FP4_YYY_neg(&Y1,&Y1); //Y1.neg(); + FP4_YYY_norm(&Y1); //Y1.norm(); // Y1=-(Y1-Z1.Y2).Xs + + FP8_YYY_from_FP4s(&a,&X1,&T2); // (X1-Z1.X2).Ys | (Y1-Z1.Y2).X2 - (X1-Z1.X2).Y2 | - (Y1-Z1.Y2).Xs +#if SEXTIC_TWIST_ZZZ==D_TYPE + FP8_YYY_from_FP4(&b,&Y1); //b=new FP4(Y1); + FP8_YYY_zero(&c); +#endif +#if SEXTIC_TWIST_ZZZ==M_TYPE + FP8_YYY_zero(&b); + FP8_YYY_from_FP4H(&c,&Y1); //b=new FP4(Y1); +#endif + ECP4_ZZZ_add(A,B); //A.add(B); + } + + FP24_YYY_from_FP8s(v,&a,&b,&c); +} + +/* Optimal R-ate pairing r=e(P,Q) */ +void PAIR_ZZZ_ate(FP24_YYY *r,ECP4_ZZZ *P,ECP_ZZZ *Q) +{ + BIG_XXX x,n,n3; + FP_YYY Qx,Qy; + int i,j,nb,bt; + ECP4_ZZZ A; + FP24_YYY lv; + + BIG_XXX_rcopy(x,CURVE_Bnx_ZZZ); + + BIG_XXX_copy(n,x); + + BIG_XXX_pmul(n3,n,3); + BIG_XXX_norm(n3); + + FP_YYY_copy(&Qx,&(Q->x)); + FP_YYY_copy(&Qy,&(Q->y)); + + ECP4_ZZZ_copy(&A,P); + FP24_YYY_one(r); + nb=BIG_XXX_nbits(n3); // n3 + + j=0; + /* Main Miller Loop */ + for (i=nb-2; i>=1; i--) + { + j++; + FP24_YYY_sqr(r,r); + PAIR_ZZZ_line(&lv,&A,&A,&Qx,&Qy); + FP24_YYY_smul(r,&lv,SEXTIC_TWIST_ZZZ); + bt= BIG_XXX_bit(n3,i)-BIG_XXX_bit(n,i); + if (bt==1) + { + PAIR_ZZZ_line(&lv,&A,P,&Qx,&Qy); + FP24_YYY_smul(r,&lv,SEXTIC_TWIST_ZZZ); + } + if (bt==-1) + { + ECP4_ZZZ_neg(P); + PAIR_ZZZ_line(&lv,&A,P,&Qx,&Qy); + FP24_YYY_smul(r,&lv,SEXTIC_TWIST_ZZZ); + ECP4_ZZZ_neg(P); + } + + } + +#if SIGN_OF_X_ZZZ==NEGATIVEX + FP24_YYY_conj(r,r); +#endif + +} + +/* Optimal R-ate double pairing e(P,Q).e(R,S) */ +void PAIR_ZZZ_double_ate(FP24_YYY *r,ECP4_ZZZ *P,ECP_ZZZ *Q,ECP4_ZZZ *R,ECP_ZZZ *S) +{ + BIG_XXX x,n,n3; + FP_YYY Qx,Qy,Sx,Sy; + int i,nb,bt; + ECP4_ZZZ A,B; + FP24_YYY lv; + + BIG_XXX_rcopy(x,CURVE_Bnx_ZZZ); + BIG_XXX_copy(n,x); + + BIG_XXX_pmul(n3,n,3); + BIG_XXX_norm(n3); + + FP_YYY_copy(&Qx,&(Q->x)); + FP_YYY_copy(&Qy,&(Q->y)); + + FP_YYY_copy(&Sx,&(S->x)); + FP_YYY_copy(&Sy,&(S->y)); + + ECP4_ZZZ_copy(&A,P); + ECP4_ZZZ_copy(&B,R); + FP24_YYY_one(r); + nb=BIG_XXX_nbits(n3); + + /* Main Miller Loop */ + for (i=nb-2; i>=1; i--) + { + FP24_YYY_sqr(r,r); + PAIR_ZZZ_line(&lv,&A,&A,&Qx,&Qy); + FP24_YYY_smul(r,&lv,SEXTIC_TWIST_ZZZ); + + PAIR_ZZZ_line(&lv,&B,&B,&Sx,&Sy); + FP24_YYY_smul(r,&lv,SEXTIC_TWIST_ZZZ); + + bt=BIG_XXX_bit(n3,i)-BIG_XXX_bit(n,i); + if (bt==1) + { + PAIR_ZZZ_line(&lv,&A,P,&Qx,&Qy); + FP24_YYY_smul(r,&lv,SEXTIC_TWIST_ZZZ); + + PAIR_ZZZ_line(&lv,&B,R,&Sx,&Sy); + FP24_YYY_smul(r,&lv,SEXTIC_TWIST_ZZZ); + } + if (bt==-1) + { + ECP4_ZZZ_neg(P); + PAIR_ZZZ_line(&lv,&A,P,&Qx,&Qy); + FP24_YYY_smul(r,&lv,SEXTIC_TWIST_ZZZ); + ECP4_ZZZ_neg(P); + ECP4_ZZZ_neg(R); + PAIR_ZZZ_line(&lv,&B,R,&Sx,&Sy); + FP24_YYY_smul(r,&lv,SEXTIC_TWIST_ZZZ); + ECP4_ZZZ_neg(R); + } + } + + + +#if SIGN_OF_X_ZZZ==NEGATIVEX + FP24_YYY_conj(r,r); +#endif + +} + +/* final exponentiation - keep separate for multi-pairings and to avoid thrashing stack */ + +void PAIR_ZZZ_fexp(FP24_YYY *r) +{ + FP2_YYY X; + BIG_XXX x; + FP_YYY a,b; + FP24_YYY t0,t1,t2,t3,t4,t5,t6,t7; // could lose one of these - r=t3 + + BIG_XXX_rcopy(x,CURVE_Bnx_ZZZ); + FP_YYY_rcopy(&a,Fra_YYY); + FP_YYY_rcopy(&b,Frb_YYY); + FP2_YYY_from_FPs(&X,&a,&b); + + /* Easy part of final exp - r^(p^12-1)(p^4+1)*/ + + FP24_YYY_inv(&t0,r); + FP24_YYY_conj(r,r); + + FP24_YYY_mul(r,&t0); + FP24_YYY_copy(&t0,r); + + FP24_YYY_frob(r,&X,4); + + FP24_YYY_mul(r,&t0); + + // Ghamman & Fouotsa Method - (completely garbled in https://eprint.iacr.org/2016/130) + + FP24_YYY_usqr(&t7,r); // t7=f^2 + FP24_YYY_pow(&t1,&t7,x); // t1=t7^u + + BIG_XXX_fshr(x,1); + FP24_YYY_pow(&t2,&t1,x); // t2=t1^(u/2) + BIG_XXX_fshl(x,1); // x must be even + +#if SIGN_OF_X_ZZZ==NEGATIVEX + FP24_YYY_conj(&t1,&t1); +#endif + + FP24_YYY_conj(&t3,&t1); // t3=1/t1 + FP24_YYY_mul(&t2,&t3); // t2=t1*t3 + FP24_YYY_mul(&t2,r); // t2=t2*f + + + FP24_YYY_pow(&t3,&t2,x); // t3=t2^u + FP24_YYY_pow(&t4,&t3,x); // t4=t3^u + FP24_YYY_pow(&t5,&t4,x); // t5=t4^u + +#if SIGN_OF_X_ZZZ==NEGATIVEX + FP24_YYY_conj(&t3,&t3); + FP24_YYY_conj(&t5,&t5); +#endif + + FP24_YYY_frob(&t3,&X,6); + FP24_YYY_frob(&t4,&X,5); + + FP24_YYY_mul(&t3,&t4); // t3=t3.t4 + + + FP24_YYY_pow(&t6,&t5,x); // t6=t5^u +#if SIGN_OF_X_ZZZ==NEGATIVEX + FP24_YYY_conj(&t6,&t6); +#endif + + + FP24_YYY_frob(&t5,&X,4); + FP24_YYY_mul(&t3,&t5); // ?? + + + FP24_YYY_conj(&t0,&t2); // t0=1/t2 + FP24_YYY_mul(&t6,&t0); // t6=t6*t0 + + FP24_YYY_copy(&t5,&t6); + FP24_YYY_frob(&t5,&X,3); + + FP24_YYY_mul(&t3,&t5); // t3=t3*t5 + FP24_YYY_pow(&t5,&t6,x); // t5=t6^x + FP24_YYY_pow(&t6,&t5,x); // t6=t5^x + +#if SIGN_OF_X_ZZZ==NEGATIVEX + FP24_YYY_conj(&t5,&t5); +#endif + + FP24_YYY_copy(&t0,&t5); + FP24_YYY_frob(&t0,&X,2); + FP24_YYY_mul(&t3,&t0); // t3=t3*t0 + FP24_YYY_copy(&t0,&t6); // + FP24_YYY_frob(&t0,&X,1); + + FP24_YYY_mul(&t3,&t0); // t3=t3*t0 + FP24_YYY_pow(&t5,&t6,x); // t5=t6*x + +#if SIGN_OF_X_ZZZ==NEGATIVEX + FP24_YYY_conj(&t5,&t5); +#endif + + FP24_YYY_frob(&t2,&X,7); + + FP24_YYY_mul(&t5,&t7); // t5=t5*t7 + FP24_YYY_mul(&t3,&t2); // t3=t3*t2 + FP24_YYY_mul(&t3,&t5); // t3=t3*t5 + + FP24_YYY_mul(r,&t3); + FP24_YYY_reduce(r); + +} + +#ifdef USE_GLV_ZZZ +/* GLV method */ +static void glv(BIG_XXX u[2],BIG_XXX e) +{ + // -(x^4).P = (Beta.x,y) + BIG_XXX x,x2,q; + BIG_XXX_rcopy(x,CURVE_Bnx_ZZZ); + BIG_XXX_smul(x2,x,x); + BIG_XXX_smul(x,x2,x2); + BIG_XXX_copy(u[0],e); + BIG_XXX_mod(u[0],x); + BIG_XXX_copy(u[1],e); + BIG_XXX_sdiv(u[1],x); + + BIG_XXX_rcopy(q,CURVE_Order_ZZZ); + BIG_XXX_sub(u[1],q,u[1]); + + return; +} +#endif // USE_GLV + +/* Galbraith & Scott Method */ +static void gs(BIG_XXX u[8],BIG_XXX e) +{ + int i; + + BIG_XXX x,w,q; + BIG_XXX_rcopy(q,CURVE_Order_ZZZ); + BIG_XXX_rcopy(x,CURVE_Bnx_ZZZ); + BIG_XXX_copy(w,e); + + for (i=0; i<7; i++) + { + BIG_XXX_copy(u[i],w); + BIG_XXX_mod(u[i],x); + BIG_XXX_sdiv(w,x); + } + BIG_XXX_copy(u[7],w); + +#if SIGN_OF_X_ZZZ==NEGATIVEX + BIG_XXX_modneg(u[1],u[1],q); + BIG_XXX_modneg(u[3],u[3],q); + BIG_XXX_modneg(u[5],u[5],q); + BIG_XXX_modneg(u[7],u[7],q); +#endif + + + return; +} + +/* Multiply P by e in group G1 */ +void PAIR_ZZZ_G1mul(ECP_ZZZ *P,BIG_XXX e) +{ +#ifdef USE_GLV_ZZZ /* Note this method is patented */ + int np,nn; + ECP_ZZZ Q; + FP_YYY cru; + BIG_XXX t,q; + BIG_XXX u[2]; + + BIG_XXX_rcopy(q,CURVE_Order_ZZZ); + glv(u,e); + + ECP_ZZZ_affine(P); + ECP_ZZZ_copy(&Q,P); + FP_YYY_rcopy(&cru,CURVE_Cru_ZZZ); + FP_YYY_mul(&(Q.x),&(Q.x),&cru); + + /* note that -a.B = a.(-B). Use a or -a depending on which is smaller */ + + np=BIG_XXX_nbits(u[0]); + BIG_XXX_modneg(t,u[0],q); + nn=BIG_XXX_nbits(t); + if (nn<np) + { + BIG_XXX_copy(u[0],t); + ECP_ZZZ_neg(P); + } + + np=BIG_XXX_nbits(u[1]); + BIG_XXX_modneg(t,u[1],q); + nn=BIG_XXX_nbits(t); + if (nn<np) + { + BIG_XXX_copy(u[1],t); + ECP_ZZZ_neg(&Q); + } + BIG_XXX_norm(u[0]); + BIG_XXX_norm(u[1]); + ECP_ZZZ_mul2(P,&Q,u[0],u[1]); + +#else + ECP_ZZZ_mul(P,e); +#endif +} + +/* Multiply P by e in group G2 */ +void PAIR_ZZZ_G2mul(ECP4_ZZZ *P,BIG_XXX e) +{ +#ifdef USE_GS_G2_ZZZ /* Well I didn't patent it :) */ + int i,np,nn; + ECP4_ZZZ Q[8]; + FP2_YYY X[3]; + BIG_XXX x,y,u[8]; + + ECP4_ZZZ_frob_constants(X); + + BIG_XXX_rcopy(y,CURVE_Order_ZZZ); + gs(u,e); + + ECP4_ZZZ_affine(P); + + ECP4_ZZZ_copy(&Q[0],P); + for (i=1; i<8; i++) + { + ECP4_ZZZ_copy(&Q[i],&Q[i-1]); + ECP4_ZZZ_frob(&Q[i],X,1); + } + + for (i=0; i<8; i++) + { + np=BIG_XXX_nbits(u[i]); + BIG_XXX_modneg(x,u[i],y); + nn=BIG_XXX_nbits(x); + if (nn<np) + { + BIG_XXX_copy(u[i],x); + ECP4_ZZZ_neg(&Q[i]); + } + BIG_XXX_norm(u[i]); + } + + ECP4_ZZZ_mul8(P,Q,u); + +#else + ECP4_ZZZ_mul(P,e); +#endif +} + +/* f=f^e */ +void PAIR_ZZZ_GTpow(FP24_YYY *f,BIG_XXX e) +{ +#ifdef USE_GS_GT_ZZZ /* Note that this option requires a lot of RAM! Maybe better to use compressed XTR method, see FP8.c */ + int i,np,nn; + FP24_YYY g[8]; + FP2_YYY X; + BIG_XXX t,q; + FP_YYY fx,fy; + BIG_XXX u[8]; + + FP_YYY_rcopy(&fx,Fra_YYY); + FP_YYY_rcopy(&fy,Frb_YYY); + FP2_YYY_from_FPs(&X,&fx,&fy); + + BIG_XXX_rcopy(q,CURVE_Order_ZZZ); + gs(u,e); + + FP24_YYY_copy(&g[0],f); + for (i=1; i<8; i++) + { + FP24_YYY_copy(&g[i],&g[i-1]); + FP24_YYY_frob(&g[i],&X,1); + } + + for (i=0; i<8; i++) + { + np=BIG_XXX_nbits(u[i]); + BIG_XXX_modneg(t,u[i],q); + nn=BIG_XXX_nbits(t); + if (nn<np) + { + BIG_XXX_copy(u[i],t); + FP24_YYY_conj(&g[i],&g[i]); + } + BIG_XXX_norm(u[i]); + } + FP24_YYY_pow8(f,g,u); + +#else + FP24_YYY_pow(f,f,e); +#endif +} + +#ifdef HAS_MAIN +// g++ -O2 pair192_BLS24.cpp ecp4_BLS24.cpp fp24_BLS24.cpp fp8_BLS24.cpp fp4_BLS24.cpp fp2_BLS24.cpp ecp_BLS24.cpp fp_BLS24.cpp big_XXX.cpp rom_curve_BLS24.cpp rom_field_BLS24.cpp rand.cpp hash.cpp oct.cpp -o pair192_BLS24.exe + +int main() +{ + int i; + char byt[32]; + csprng rng; + BIG_XXX xa,xb,ya,yb,w,a,b,t1,q,u[2],v[4],m,r,xx,x2,x4,p; + ECP4_ZZZ P,G; + ECP_ZZZ Q,R; + FP24_YYY g,gp; + FP8_YYY t,c,cp,cpm1,cpm2; + FP4_YYY X,Y; + FP2_YYY x,y,f,Aa,Bb; + FP_YYY cru; + + for (i=0; i<32; i++) + byt[i]=i+9; + RAND_seed(&rng,32,byt); + + BIG_XXX_rcopy(r,CURVE_Order); + BIG_XXX_rcopy(p,Modulus); + + + BIG_XXX_rcopy(xa,CURVE_Gx); + BIG_XXX_rcopy(ya,CURVE_Gy); + + ECP_ZZZ_set(&Q,xa,ya); + if (Q.inf) printf("Failed to set - point not on curve\n"); + else printf("G1 set success\n"); + + printf("Q= "); + ECP_ZZZ_output(&Q); + printf("\n"); + + ECP4_ZZZ_generator(&P); + + if (P.inf) printf("Failed to set - point not on curve\n"); + else printf("G2 set success\n"); + + BIG_XXX_rcopy(a,Fra); + BIG_XXX_rcopy(b,Frb); + FP2_YYY from_BIGs(&f,a,b); + + PAIR_ZZZ_ate(&g,&P,&Q); + + printf("gb= "); + FP24_YYY_output(&g); + printf("\n"); + PAIR_ZZZ_fexp(&g); + + printf("g= "); + FP24_YYY_output(&g); + printf("\n"); + + ECP_ZZZ_copy(&R,&Q); + ECP4_ZZZ_copy(&G,&P); + + ECP4_ZZZ_dbl(&G); + ECP_ZZZ_dbl(&R); + ECP_ZZZ_affine(&R); + + PAIR_ZZZ_ate(&g,&G,&Q); + PAIR_ZZZ_fexp(&g); + + printf("g1= "); + FP24_YYY_output(&g); + printf("\n"); + + PAIR_ZZZ_ate(&g,&P,&R); + PAIR_ZZZ_fexp(&g); + + printf("g2= "); + FP24_YYY_output(&g); + printf("\n"); + + + PAIR_ZZZ_G1mul(&Q,r); + printf("rQ= "); + ECP_ZZZ_output(&Q); + printf("\n"); + + PAIR_ZZZ_G2mul(&P,r); + printf("rP= "); + ECP4_ZZZ_output(&P); + printf("\n"); + + BIG_XXX_randomnum(w,r,&rng); + + FP24_YYY_copy(&gp,&g); + + PAIR_ZZZ_GTpow(&g,w); + + FP24_YYY_trace(&t,&g); + + printf("g^r= "); + FP8_YYY_output(&t); + printf("\n"); + + FP24_compow(&t,&gp,w,r); + + printf("t(g)= "); + FP8_YYY_output(&t); + printf("\n"); +} +#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/src/pair256.c.in ---------------------------------------------------------------------- diff --git a/src/pair256.c.in b/src/pair256.c.in new file mode 100644 index 0000000..3530593 --- /dev/null +++ b/src/pair256.c.in @@ -0,0 +1,730 @@ +/* +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +*/ + +/* AMCL BLS Curve pairing functions */ + +//#define HAS_MAIN + +#include "pair256_ZZZ.h" + +/* Line function */ +static void PAIR_ZZZ_line(FP48_YYY *v,ECP8_ZZZ *A,ECP8_ZZZ *B,FP_YYY *Qx,FP_YYY *Qy) +{ + //FP2_YYY t; + + FP8_YYY X1,Y1,T1,T2; + FP8_YYY XX,YY,ZZ,YZ; + FP16_YYY a,b,c; + + if (A==B) + { + /* doubling */ + FP8_YYY_copy(&XX,&(A->x)); //FP8_YYY XX=new FP8_YYY(A.getx()); //X + FP8_YYY_copy(&YY,&(A->y)); //FP8_YYY YY=new FP8_YYY(A.gety()); //Y + FP8_YYY_copy(&ZZ,&(A->z)); //FP8_YYY ZZ=new FP8_YYY(A.getz()); //Z + + + FP8_YYY_copy(&YZ,&YY); //FP8_YYY YZ=new FP8_YYY(YY); //Y + FP8_YYY_mul(&YZ,&YZ,&ZZ); //YZ.mul(ZZ); //YZ + FP8_YYY_sqr(&XX,&XX); //XX.sqr(); //X^2 + FP8_YYY_sqr(&YY,&YY); //YY.sqr(); //Y^2 + FP8_YYY_sqr(&ZZ,&ZZ); //ZZ.sqr(); //Z^2 + + FP8_YYY_imul(&YZ,&YZ,4); //YZ.imul(4); + FP8_YYY_neg(&YZ,&YZ); //YZ.neg(); + FP8_YYY_norm(&YZ); //YZ.norm(); //-4YZ + + FP8_YYY_imul(&XX,&XX,6); //6X^2 + FP8_YYY_tmul(&XX,&XX,Qx); //6X^2.Xs + + FP8_YYY_imul(&ZZ,&ZZ,3*CURVE_B_I_ZZZ); //3Bz^2 + FP8_YYY_tmul(&YZ,&YZ,Qy); //-4YZ.Ys + +#if SEXTIC_TWIST_ZZZ==D_TYPE + FP8_YYY_div_2i(&ZZ); //6(b/i)z^2 +#endif +#if SEXTIC_TWIST_ZZZ==M_TYPE + FP8_YYY_times_i(&ZZ); + FP8_YYY_add(&ZZ,&ZZ,&ZZ); // 6biz^2 + FP8_YYY_times_i(&YZ); + FP8_YYY_norm(&YZ); +#endif + FP8_YYY_norm(&ZZ); // 6bi.Z^2 + + FP8_YYY_add(&YY,&YY,&YY); // 2y^2 + FP8_YYY_sub(&ZZ,&ZZ,&YY); // + FP8_YYY_norm(&ZZ); // 6b.Z^2-2Y^2 + + FP16_YYY_from_FP8s(&a,&YZ,&ZZ); // -4YZ.Ys | 6b.Z^2-2Y^2 | 6X^2.Xs +#if SEXTIC_TWIST_ZZZ==D_TYPE + FP16_YYY_from_FP8(&b,&XX); + FP16_YYY_zero(&c); +#endif +#if SEXTIC_TWIST_ZZZ==M_TYPE + FP16_YYY_zero(&b); + FP16_YYY_from_FP8H(&c,&XX); +#endif + + ECP8_ZZZ_dbl(A); //A.dbl(); + } + else + { + /* addition */ + FP8_YYY_copy(&X1,&(A->x)); //FP8_YYY X1=new FP8_YYY(A.getx()); // X1 + FP8_YYY_copy(&Y1,&(A->y)); //FP8_YYY Y1=new FP8_YYY(A.gety()); // Y1 + FP8_YYY_copy(&T1,&(A->z)); //FP8_YYY T1=new FP8_YYY(A.getz()); // Z1 + + FP8_YYY_copy(&T2,&T1); //FP8_YYY T2=new FP8_YYY(A.getz()); // Z1 + + FP8_YYY_mul(&T1,&T1,&(B->y)); //T1.mul(B.gety()); // T1=Z1.Y2 + FP8_YYY_mul(&T2,&T2,&(B->x)); //T2.mul(B.getx()); // T2=Z1.X2 + + FP8_YYY_sub(&X1,&X1,&T2); //X1.sub(T2); + FP8_YYY_norm(&X1); //X1.norm(); // X1=X1-Z1.X2 + FP8_YYY_sub(&Y1,&Y1,&T1); //Y1.sub(T1); + FP8_YYY_norm(&Y1); //Y1.norm(); // Y1=Y1-Z1.Y2 + + FP8_YYY_copy(&T1,&X1); //T1.copy(X1); // T1=X1-Z1.X2 + FP8_YYY_tmul(&X1,&X1,Qy); //X1.pmul(Qy); // X1=(X1-Z1.X2).Ys +#if SEXTIC_TWIST_ZZZ==M_TYPE + FP8_YYY_times_i(&X1); + FP8_YYY_norm(&X1); +#endif + FP8_YYY_mul(&T1,&T1,&(B->y)); //T1.mul(B.gety()); // T1=(X1-Z1.X2).Y2 + + FP8_YYY_copy(&T2,&Y1); //T2.copy(Y1); // T2=Y1-Z1.Y2 + FP8_YYY_mul(&T2,&T2,&(B->x)); //T2.mul(B.getx()); // T2=(Y1-Z1.Y2).X2 + FP8_YYY_sub(&T2,&T2,&T1); //T2.sub(T1); + FP8_YYY_norm(&T2); //T2.norm(); // T2=(Y1-Z1.Y2).X2 - (X1-Z1.X2).Y2 + FP8_YYY_tmul(&Y1,&Y1,Qx); //Y1.pmul(Qx); + FP8_YYY_neg(&Y1,&Y1); //Y1.neg(); + FP8_YYY_norm(&Y1); //Y1.norm(); // Y1=-(Y1-Z1.Y2).Xs + + FP16_YYY_from_FP8s(&a,&X1,&T2); // (X1-Z1.X2).Ys | (Y1-Z1.Y2).X2 - (X1-Z1.X2).Y2 | - (Y1-Z1.Y2).Xs +#if SEXTIC_TWIST_ZZZ==D_TYPE + FP16_YYY_from_FP8(&b,&Y1); //b=new FP4(Y1); + FP16_YYY_zero(&c); +#endif +#if SEXTIC_TWIST_ZZZ==M_TYPE + FP16_YYY_zero(&b); + FP16_YYY_from_FP8H(&c,&Y1); //b=new FP4(Y1); +#endif + ECP8_ZZZ_add(A,B); // A.add(B); + } + + FP48_YYY_from_FP16s(v,&a,&b,&c); +} + +/* Optimal R-ate pairing r=e(P,Q) */ +void PAIR_ZZZ_ate(FP48_YYY *r,ECP8_ZZZ *P,ECP_ZZZ *Q) +{ + BIG_XXX x,n,n3; + FP_YYY Qx,Qy; + int i,j,nb,bt; + ECP8_ZZZ A; + FP48_YYY lv; + + BIG_XXX_rcopy(x,CURVE_Bnx_ZZZ); + + BIG_XXX_copy(n,x); + + BIG_XXX_pmul(n3,n,3); + BIG_XXX_norm(n3); + + FP_YYY_copy(&Qx,&(Q->x)); + FP_YYY_copy(&Qy,&(Q->y)); + + ECP8_ZZZ_copy(&A,P); + FP48_YYY_one(r); + nb=BIG_XXX_nbits(n3); // n3 + + j=0; + /* Main Miller Loop */ + for (i=nb-2; i>=1; i--) + { + j++; + FP48_YYY_sqr(r,r); + PAIR_ZZZ_line(&lv,&A,&A,&Qx,&Qy); + FP48_YYY_smul(r,&lv,SEXTIC_TWIST_ZZZ); + bt= BIG_XXX_bit(n3,i)-BIG_XXX_bit(n,i); + if (bt==1) + { + PAIR_ZZZ_line(&lv,&A,P,&Qx,&Qy); + FP48_YYY_smul(r,&lv,SEXTIC_TWIST_ZZZ); + } + if (bt==-1) + { + ECP8_ZZZ_neg(P); + PAIR_ZZZ_line(&lv,&A,P,&Qx,&Qy); + FP48_YYY_smul(r,&lv,SEXTIC_TWIST_ZZZ); + ECP8_ZZZ_neg(P); + } + + } + +#if SIGN_OF_X_ZZZ==NEGATIVEX + FP48_YYY_conj(r,r); +#endif + +} + +/* Optimal R-ate double pairing e(P,Q).e(R,S) */ +void PAIR_ZZZ_double_ate(FP48_YYY *r,ECP8_ZZZ *P,ECP_ZZZ *Q,ECP8_ZZZ *R,ECP_ZZZ *S) +{ + BIG_XXX x,n,n3; + FP_YYY Qx,Qy,Sx,Sy; + int i,nb,bt; + ECP8_ZZZ A,B; + FP48_YYY lv; + + BIG_XXX_rcopy(x,CURVE_Bnx_ZZZ); + BIG_XXX_copy(n,x); + BIG_XXX_pmul(n3,n,3); + BIG_XXX_norm(n3); + + FP_YYY_copy(&Qx,&(Q->x)); + FP_YYY_copy(&Qy,&(Q->y)); + + FP_YYY_copy(&Sx,&(S->x)); + FP_YYY_copy(&Sy,&(S->y)); + + ECP8_ZZZ_copy(&A,P); + ECP8_ZZZ_copy(&B,R); + FP48_YYY_one(r); + nb=BIG_XXX_nbits(n3); + + /* Main Miller Loop */ + for (i=nb-2; i>=1; i--) + { + FP48_YYY_sqr(r,r); + PAIR_ZZZ_line(&lv,&A,&A,&Qx,&Qy); + FP48_YYY_smul(r,&lv,SEXTIC_TWIST_ZZZ); + + PAIR_ZZZ_line(&lv,&B,&B,&Sx,&Sy); + FP48_YYY_smul(r,&lv,SEXTIC_TWIST_ZZZ); + + bt=BIG_XXX_bit(n3,i)-BIG_XXX_bit(n,i); + if (bt==1) + { + PAIR_ZZZ_line(&lv,&A,P,&Qx,&Qy); + FP48_YYY_smul(r,&lv,SEXTIC_TWIST_ZZZ); + + PAIR_ZZZ_line(&lv,&B,R,&Sx,&Sy); + FP48_YYY_smul(r,&lv,SEXTIC_TWIST_ZZZ); + } + if (bt==-1) + { + ECP8_ZZZ_neg(P); + PAIR_ZZZ_line(&lv,&A,P,&Qx,&Qy); + FP48_YYY_smul(r,&lv,SEXTIC_TWIST_ZZZ); + ECP8_ZZZ_neg(P); + ECP8_ZZZ_neg(R); + PAIR_ZZZ_line(&lv,&B,R,&Sx,&Sy); + FP48_YYY_smul(r,&lv,SEXTIC_TWIST_ZZZ); + ECP8_ZZZ_neg(R); + } + } + + + +#if SIGN_OF_X_ZZZ==NEGATIVEX + FP48_YYY_conj(r,r); +#endif + +} + +/* final exponentiation - keep separate for multi-pairings and to avoid thrashing stack */ + +void PAIR_ZZZ_fexp(FP48_YYY *r) +{ + FP2_YYY X; + BIG_XXX x; + FP_YYY a,b; + FP48_YYY t1,t2,t3,t7; + + BIG_XXX_rcopy(x,CURVE_Bnx_ZZZ); + FP_YYY_rcopy(&a,Fra_YYY); + FP_YYY_rcopy(&b,Frb_YYY); + FP2_YYY_from_FPs(&X,&a,&b); + + /* Easy part of final exp - r^(p^24-1)(p^8+1)*/ + + FP48_YYY_inv(&t7,r); + FP48_YYY_conj(r,r); + + FP48_YYY_mul(r,&t7); + FP48_YYY_copy(&t7,r); + + FP48_YYY_frob(r,&X,8); + + FP48_YYY_mul(r,&t7); + + // f^e0.f^e1^p.f^e2^p^2.. .. f^e14^p^14.f^e15^p^15 + + FP48_YYY_usqr(&t7,r); // t7=f^2 + FP48_YYY_pow(&t1,&t7,x); // t1=f^2u + + BIG_XXX_fshr(x,1); + FP48_YYY_pow(&t2,&t1,x); // t2=f^2u^(u/2) = f^u^2 + BIG_XXX_fshl(x,1); // x must be even + +#if SIGN_OF_X_ZZZ==NEGATIVEX + FP48_YYY_conj(&t1,&t1); +#endif + + FP48_YYY_conj(&t3,&t1); // t3=f^-2u + FP48_YYY_mul(&t2,&t3); // t2=f^u^2.f^-2u + FP48_YYY_mul(&t2,r); // t2=f^u^2.f^-2u.f = f^(u^2-2u+1) = f^e15 + + FP48_YYY_mul(r,&t7); // f^3 + + FP48_YYY_pow(&t1,&t2,x); // f^e15^u = f^(u.e15) = f^(u^3-2u^2+u) = f^(e14) +#if SIGN_OF_X_ZZZ==NEGATIVEX + FP48_YYY_conj(&t1,&t1); +#endif + FP48_YYY_copy(&t3,&t1); + FP48_YYY_frob(&t3,&X,14); // f^(u^3-2u^2+u)^p^14 + FP48_YYY_mul(r,&t3); // f^3.f^(u^3-2u^2+u)^p^14 + + FP48_YYY_pow(&t1,&t1,x); // f^(u.e14) = f^(u^4-2u^3+u^2) = f^(e13) +#if SIGN_OF_X_ZZZ==NEGATIVEX + FP48_YYY_conj(&t1,&t1); +#endif + FP48_YYY_copy(&t3,&t1); + FP48_YYY_frob(&t3,&X,13); // f^(e13)^p^13 + FP48_YYY_mul(r,&t3); // f^3.f^(u^3-2u^2+u)^p^14.f^(u^4-2u^3+u^2)^p^13 + + FP48_YYY_pow(&t1,&t1,x); // f^(u.e13) +#if SIGN_OF_X_ZZZ==NEGATIVEX + FP48_YYY_conj(&t1,&t1); +#endif + FP48_YYY_copy(&t3,&t1); + FP48_YYY_frob(&t3,&X,12); // f^(e12)^p^12 + FP48_YYY_mul(r,&t3); + + FP48_YYY_pow(&t1,&t1,x); // f^(u.e12) +#if SIGN_OF_X_ZZZ==NEGATIVEX + FP48_YYY_conj(&t1,&t1); +#endif + FP48_YYY_copy(&t3,&t1); + FP48_YYY_frob(&t3,&X,11); // f^(e11)^p^11 + FP48_YYY_mul(r,&t3); + + FP48_YYY_pow(&t1,&t1,x); // f^(u.e11) +#if SIGN_OF_X_ZZZ==NEGATIVEX + FP48_YYY_conj(&t1,&t1); +#endif + FP48_YYY_copy(&t3,&t1); + FP48_YYY_frob(&t3,&X,10); // f^(e10)^p^10 + FP48_YYY_mul(r,&t3); + + FP48_YYY_pow(&t1,&t1,x); // f^(u.e10) +#if SIGN_OF_X_ZZZ==NEGATIVEX + FP48_YYY_conj(&t1,&t1); +#endif + FP48_YYY_copy(&t3,&t1); + FP48_YYY_frob(&t3,&X,9); // f^(e9)^p^9 + FP48_YYY_mul(r,&t3); + + FP48_YYY_pow(&t1,&t1,x); // f^(u.e9) +#if SIGN_OF_X_ZZZ==NEGATIVEX + FP48_YYY_conj(&t1,&t1); +#endif + FP48_YYY_copy(&t3,&t1); + FP48_YYY_frob(&t3,&X,8); // f^(e8)^p^8 + FP48_YYY_mul(r,&t3); + + FP48_YYY_pow(&t1,&t1,x); // f^(u.e8) +#if SIGN_OF_X_ZZZ==NEGATIVEX + FP48_YYY_conj(&t1,&t1); +#endif + FP48_YYY_conj(&t3,&t2); + FP48_YYY_mul(&t1,&t3); // f^(u.e8).f^-e15 + FP48_YYY_copy(&t3,&t1); + FP48_YYY_frob(&t3,&X,7); // f^(e7)^p^7 + FP48_YYY_mul(r,&t3); + + FP48_YYY_pow(&t1,&t1,x); // f^(u.e7) +#if SIGN_OF_X_ZZZ==NEGATIVEX + FP48_YYY_conj(&t1,&t1); +#endif + FP48_YYY_copy(&t3,&t1); + FP48_YYY_frob(&t3,&X,6); // f^(e6)^p^6 + FP48_YYY_mul(r,&t3); + + FP48_YYY_pow(&t1,&t1,x); // f^(u.e6) +#if SIGN_OF_X_ZZZ==NEGATIVEX + FP48_YYY_conj(&t1,&t1); +#endif + FP48_YYY_copy(&t3,&t1); + FP48_YYY_frob(&t3,&X,5); // f^(e5)^p^5 + FP48_YYY_mul(r,&t3); + + FP48_YYY_pow(&t1,&t1,x); // f^(u.e5) +#if SIGN_OF_X_ZZZ==NEGATIVEX + FP48_YYY_conj(&t1,&t1); +#endif + FP48_YYY_copy(&t3,&t1); + FP48_YYY_frob(&t3,&X,4); // f^(e4)^p^4 + FP48_YYY_mul(r,&t3); + + FP48_YYY_pow(&t1,&t1,x); // f^(u.e4) +#if SIGN_OF_X_ZZZ==NEGATIVEX + FP48_YYY_conj(&t1,&t1); +#endif + FP48_YYY_copy(&t3,&t1); + FP48_YYY_frob(&t3,&X,3); // f^(e3)^p^3 + FP48_YYY_mul(r,&t3); + + FP48_YYY_pow(&t1,&t1,x); // f^(u.e3) +#if SIGN_OF_X_ZZZ==NEGATIVEX + FP48_YYY_conj(&t1,&t1); +#endif + FP48_YYY_copy(&t3,&t1); + FP48_YYY_frob(&t3,&X,2); // f^(e2)^p^2 + FP48_YYY_mul(r,&t3); + + FP48_YYY_pow(&t1,&t1,x); // f^(u.e2) +#if SIGN_OF_X_ZZZ==NEGATIVEX + FP48_YYY_conj(&t1,&t1); +#endif + FP48_YYY_copy(&t3,&t1); + FP48_YYY_frob(&t3,&X,1); // f^(e1)^p^1 + FP48_YYY_mul(r,&t3); + + FP48_YYY_pow(&t1,&t1,x); // f^(u.e1) +#if SIGN_OF_X_ZZZ==NEGATIVEX + FP48_YYY_conj(&t1,&t1); +#endif + FP48_YYY_mul(r,&t1); // r.f^e0 + + FP48_YYY_frob(&t2,&X,15); // f^(e15.p^15) + FP48_YYY_mul(r,&t2); + + + FP48_YYY_reduce(r); + +} + +#ifdef USE_GLV_ZZZ +/* GLV method */ +static void glv(BIG_XXX u[2],BIG_XXX e) +{ + // -(x^8).P = (Beta.x,y) + + BIG_XXX x,x2,q; + BIG_XXX_rcopy(x,CURVE_Bnx_ZZZ); + + BIG_XXX_smul(x2,x,x); + BIG_XXX_smul(x,x2,x2); + BIG_XXX_smul(x2,x,x); + + BIG_XXX_copy(u[0],e); + BIG_XXX_mod(u[0],x2); + BIG_XXX_copy(u[1],e); + BIG_XXX_sdiv(u[1],x2); + + BIG_XXX_rcopy(q,CURVE_Order_ZZZ); + BIG_XXX_sub(u[1],q,u[1]); + + return; +} +#endif // USE_GLV + +/* Galbraith & Scott Method */ +static void gs(BIG_XXX u[16],BIG_XXX e) +{ + int i; + + BIG_XXX x,w,q; + BIG_XXX_rcopy(q,CURVE_Order_ZZZ); + BIG_XXX_rcopy(x,CURVE_Bnx_ZZZ); + BIG_XXX_copy(w,e); + + for (i=0; i<15; i++) + { + BIG_XXX_copy(u[i],w); + BIG_XXX_mod(u[i],x); + BIG_XXX_sdiv(w,x); + } + BIG_XXX_copy(u[15],w); + + /* */ +#if SIGN_OF_X_ZZZ==NEGATIVEX + BIG_XXX_modneg(u[1],u[1],q); + BIG_XXX_modneg(u[3],u[3],q); + BIG_XXX_modneg(u[5],u[5],q); + BIG_XXX_modneg(u[7],u[7],q); + BIG_XXX_modneg(u[9],u[9],q); + BIG_XXX_modneg(u[11],u[11],q); + BIG_XXX_modneg(u[13],u[13],q); + BIG_XXX_modneg(u[15],u[15],q); +#endif + + + return; +} + +/* Multiply P by e in group G1 */ +void PAIR_ZZZ_G1mul(ECP_ZZZ *P,BIG_XXX e) +{ +#ifdef USE_GLV_ZZZ /* Note this method is patented */ + int np,nn; + ECP_ZZZ Q; + FP_YYY cru; + BIG_XXX t,q; + BIG_XXX u[2]; + + BIG_XXX_rcopy(q,CURVE_Order_ZZZ); + glv(u,e); + + ECP_ZZZ_affine(P); + ECP_ZZZ_copy(&Q,P); + FP_YYY_rcopy(&cru,CURVE_Cru_ZZZ); + FP_YYY_mul(&(Q.x),&(Q.x),&cru); + + /* note that -a.B = a.(-B). Use a or -a depending on which is smaller */ + + np=BIG_XXX_nbits(u[0]); + BIG_XXX_modneg(t,u[0],q); + nn=BIG_XXX_nbits(t); + if (nn<np) + { + BIG_XXX_copy(u[0],t); + ECP_ZZZ_neg(P); + } + + np=BIG_XXX_nbits(u[1]); + BIG_XXX_modneg(t,u[1],q); + nn=BIG_XXX_nbits(t); + if (nn<np) + { + BIG_XXX_copy(u[1],t); + ECP_ZZZ_neg(&Q); + } + BIG_XXX_norm(u[0]); + BIG_XXX_norm(u[1]); + ECP_ZZZ_mul2(P,&Q,u[0],u[1]); + +#else + ECP_ZZZ_mul(P,e); +#endif +} + +/* Multiply P by e in group G2 */ +void PAIR_ZZZ_G2mul(ECP8_ZZZ *P,BIG_XXX e) +{ +#ifdef USE_GS_G2_ZZZ /* Well I didn't patent it :) */ + int i,np,nn; + ECP8_ZZZ Q[16]; + FP2_YYY X[3]; + BIG_XXX x,y,u[16]; + + ECP8_ZZZ_frob_constants(X); + + BIG_XXX_rcopy(y,CURVE_Order_ZZZ); + gs(u,e); + + ECP8_ZZZ_affine(P); + + ECP8_ZZZ_copy(&Q[0],P); + for (i=1; i<16; i++) + { + ECP8_ZZZ_copy(&Q[i],&Q[i-1]); + ECP8_ZZZ_frob(&Q[i],X,1); + } + + for (i=0; i<16; i++) + { + np=BIG_XXX_nbits(u[i]); + BIG_XXX_modneg(x,u[i],y); + nn=BIG_XXX_nbits(x); + if (nn<np) + { + BIG_XXX_copy(u[i],x); + ECP8_ZZZ_neg(&Q[i]); + } + BIG_XXX_norm(u[i]); + } + + ECP8_ZZZ_mul16(P,Q,u); + +#else + ECP8_ZZZ_mul(P,e); +#endif +} + +/* f=f^e */ +void PAIR_ZZZ_GTpow(FP48_YYY *f,BIG_XXX e) +{ +#ifdef USE_GS_GT_ZZZ /* Note that this option requires a lot of RAM! Maybe better to use compressed XTR method, see FP16.cpp */ + int i,np,nn; + FP48_YYY g[16]; + FP2_YYY X; + BIG_XXX t,q; + FP_YYY fx,fy; + BIG_XXX u[16]; + + FP_YYY_rcopy(&fx,Fra_YYY); + FP_YYY_rcopy(&fy,Frb_YYY); + FP2_YYY_from_FPs(&X,&fx,&fy); + + BIG_XXX_rcopy(q,CURVE_Order_ZZZ); + gs(u,e); + + FP48_YYY_copy(&g[0],f); + for (i=1; i<16; i++) + { + FP48_YYY_copy(&g[i],&g[i-1]); + FP48_YYY_frob(&g[i],&X,1); + } + + for (i=0; i<16; i++) + { + np=BIG_XXX_nbits(u[i]); + BIG_XXX_modneg(t,u[i],q); + nn=BIG_XXX_nbits(t); + if (nn<np) + { + BIG_XXX_copy(u[i],t); + FP48_YYY_conj(&g[i],&g[i]); + } + BIG_XXX_norm(u[i]); + } + FP48_YYY_pow16(f,g,u); + +#else + FP48_YYY_pow(f,f,e); +#endif +} + +#ifdef HAS_MAIN + +// g++ -O2 pair256_BLS48.cpp ecp8_BLS48.cpp fp48_BLS48.cpp fp16_BLS48.cpp fp8_BLS48.cpp fp4_BLS48.cpp fp2_BLS48.cpp ecp_BLS48.cpp fp_BLS48.cpp big_B560_29.cpp rom_curve_BLS48.cpp rom_field_BLS48.cpp rand.cpp hash.cpp oct.cpp -o pair256_BLS48.exe + +int main() +{ + int i; + char byt[32]; + csprng rng; + BIG_XXX xa,xb,ya,yb,w,a,b,t1,q,u[2],v[4],m,r,xx,x2,x4,p; + ECP8_ZZZ P,G; + ECP_ZZZ Q,R; + FP48_YYY g,gp; + FP16_YYY t,c,cp,cpm1,cpm2; + FP8_YYY X,Y; + FP2_YYY x,y,f,Aa,Bb; + FP_YYY cru; + + for (i=0; i<32; i++) + byt[i]=i+9; + RAND_seed(&rng,32,byt); + + BIG_XXX_rcopy(r,CURVE_Order); + BIG_XXX_rcopy(p,Modulus); + + + BIG_XXX_rcopy(xa,CURVE_Gx_ZZZ); + BIG_XXX_rcopy(ya,CURVE_Gy_ZZZ); + + ECP_ZZZ_set(&Q,xa,ya); + if (Q.inf) printf("Failed to set - point not on curve\n"); + else printf("G1 set success\n"); + + printf("Q= "); + ECP_ZZZ_output(&Q); + printf("\n"); + + ECP8_ZZZ_generator(&P); + + if (P.inf) printf("Failed to set - point not on curve\n"); + else printf("G2 set success\n"); + + BIG_XXX_rcopy(a,Fra); + BIG_XXX_rcopy(b,Frb); + FP2_YYY_from_BIGs(&f,a,b); + + PAIR_ZZZ_ate(&g,&P,&Q); + + printf("gb= "); + FP48_YYY_output(&g); + printf("\n"); + PAIR_ZZZ_fexp(&g); + + printf("g= "); + FP48_YYY_output(&g); + printf("\n"); + + ECP_ZZZ_copy(&R,&Q); + ECP8_copy(&G,&P); + + ECP8_ZZZ_dbl(&G); + ECP_ZZZ_dbl(&R); + ECP_ZZZ_affine(&R); + + PAIR_ZZZ_ate(&g,&G,&Q); + PAIR_ZZZ_fexp(&g); + + printf("g1= "); + FP48_YYY_output(&g); + printf("\n"); + + PAIR_ZZZ_ate(&g,&P,&R); + PAIR_ZZZ_fexp(&g); + + printf("g2= "); + FP48_YYY_output(&g); + printf("\n"); + + + PAIR_ZZZ_G1mul(&Q,r); + printf("rQ= "); + ECP_ZZZ_output(&Q); + printf("\n"); + + PAIR_ZZZ_G2mul(&P,r); + printf("rP= "); + ECP8_ZZZ_output(&P); + printf("\n"); + + PAIR_ZZZ_GTpow(&g,r); + printf("g^r= "); + FP48_YYY_output(&g); + printf("\n"); + + + BIG_XXX_randomnum(w,r,&rng); + + FP48_YYY_copy(&gp,&g); + + PAIR_ZZZ_GTpow(&g,w); + + FP48_YYY_trace(&t,&g); + + printf("g^r= "); + FP16_YYY_output(&t); + printf("\n"); + + FP48_compow(&t,&gp,w,r); + + printf("t(g)= "); + FP16_YYY_output(&t); + printf("\n"); +} +#endif http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/src/pbc_support.c ---------------------------------------------------------------------- diff --git a/src/pbc_support.c b/src/pbc_support.c new file mode 100644 index 0000000..64896bc --- /dev/null +++ b/src/pbc_support.c @@ -0,0 +1,177 @@ +/* +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +*/ + +/* Symmetric crypto support functions Functions */ + +#include <stdio.h> +#include <string.h> +#include <stdlib.h> +#include <time.h> + +#include "pbc_support.h" + +/* general purpose hash function w=hash(p|n|x|y) */ +void mhashit(int sha,int n,octet *x,octet *w) +{ + int i,c[4],hlen; + hash256 sha256; + hash512 sha512; + char hh[64]; + + switch (sha) + { + case SHA256: + HASH256_init(&sha256); + break; + case SHA384: + HASH384_init(&sha512); + break; + case SHA512: + HASH512_init(&sha512); + break; + } + + hlen=sha; + + if (n>0) + { + c[0]=(n>>24)&0xff; + c[1]=(n>>16)&0xff; + c[2]=(n>>8)&0xff; + c[3]=(n)&0xff; + for (i=0; i<4; i++) + { + switch(sha) + { + case SHA256: + HASH256_process(&sha256,c[i]); + break; + case SHA384: + HASH384_process(&sha512,c[i]); + break; + case SHA512: + HASH512_process(&sha512,c[i]); + break; + } + } + } + + if (x!=NULL) for (i=0; i<x->len; i++) + { + switch(sha) + { + case SHA256: + HASH256_process(&sha256,x->val[i]); + + break; + case SHA384: + HASH384_process(&sha512,x->val[i]); + break; + case SHA512: + HASH512_process(&sha512,x->val[i]); + break; + } + } + + for (i=0; i<hlen; i++) hh[i]=0; + switch (sha) + { + case SHA256: + HASH256_hash(&sha256,hh); + break; + case SHA384: + HASH384_hash(&sha512,hh); + break; + case SHA512: + HASH512_hash(&sha512,hh); + break; + } + + OCT_empty(w); + + if (hlen>=w->max) + OCT_jbytes(w,hh,w->max); + else + { + OCT_jbyte(w,0,w->max-hlen); + OCT_jbytes(w,hh,hlen); + } +} + +unsign32 today(void) +{ + /* return time in slots since epoch */ + unsign32 ti=(unsign32)time(NULL); + return (uint32_t)(ti/(60*TIME_SLOT_MINUTES)); +} + +/* Hash the M-Pin transcript - new */ + +void HASH_ALL(int sha,octet *HID,octet *xID,octet *xCID,octet *SEC,octet *Y,octet *R,octet *W,octet *H) +{ + char t[1284]; // assumes max modulus of 1024-bits + octet T= {0,sizeof(t),t}; + + OCT_joctet(&T,HID); + if (xCID!=NULL) OCT_joctet(&T,xCID); + else OCT_joctet(&T,xID); + OCT_joctet(&T,SEC); + OCT_joctet(&T,Y); + OCT_joctet(&T,R); + OCT_joctet(&T,W); + + mhashit(sha,0,&T,H); +} + +void HASH_ID(int sha,octet *ID,octet *HID) +{ + mhashit(sha,0,ID,HID); +} + +unsign32 GET_TIME(void) +{ + return (unsign32)time(NULL); +} + +/* AES-GCM Encryption of octets, K is key, H is header, + P is plaintext, C is ciphertext, T is authentication tag */ +void AES_GCM_ENCRYPT(octet *K,octet *IV,octet *H,octet *P,octet *C,octet *T) +{ + gcm g; + GCM_init(&g,K->len,K->val,IV->len,IV->val); + GCM_add_header(&g,H->val,H->len); + GCM_add_plain(&g,C->val,P->val,P->len); + C->len=P->len; + GCM_finish(&g,T->val); + T->len=16; +} + +/* AES-GCM Decryption of octets, K is key, H is header, + P is plaintext, C is ciphertext, T is authentication tag */ +void AES_GCM_DECRYPT(octet *K,octet *IV,octet *H,octet *C,octet *P,octet *T) +{ + gcm g; + GCM_init(&g,K->len,K->val,IV->len,IV->val); + GCM_add_header(&g,H->val,H->len); + GCM_add_cipher(&g,P->val,C->val,C->len); + P->len=C->len; + GCM_finish(&g,T->val); + T->len=16; +} + http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/src/rand.c ---------------------------------------------------------------------- diff --git a/src/rand.c b/src/rand.c new file mode 100644 index 0000000..e04adc0 --- /dev/null +++ b/src/rand.c @@ -0,0 +1,171 @@ +/* +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +*/ + +/* + * Cryptographic strong random number generator + * + * Unguessable seed -> SHA -> PRNG internal state -> SHA -> random numbers + * Slow - but secure + * + * See ftp://ftp.rsasecurity.com/pub/pdfs/bull-1.pdf for a justification + */ +/* SU=m, m is Stack Usage */ + +#include "amcl.h" + +/* SU= 20 */ +static unsign32 sbrand(csprng *rng) +{ + /* Marsaglia & Zaman random number generator */ + int i,k; + unsign32 pdiff,t; + rng->rndptr++; + if (rng->rndptr<NK) return rng->ira[rng->rndptr]; + rng->rndptr=0; + for (i=0,k=NK-NJ; i<NK; i++,k++) + { + /* calculate next NK values */ + if (k==NK) k=0; + t=rng->ira[k]; + pdiff=t - rng->ira[i] - rng->borrow; + + if (pdiff<t) rng->borrow=0; + if (pdiff>t) rng->borrow=1; + rng->ira[i]=pdiff; + } + return rng->ira[0]; +} + +/* SU= 20 */ +static void sirand(csprng* rng,unsign32 seed) +{ + /* initialise random number system */ + /* modified so that a subsequent call "stirs" in another seed value */ + /* in this way as many seed bits as desired may be used */ + int i,in; + unsign32 t,m=1; + rng->borrow=0L; + rng->rndptr=0; + rng->ira[0]^=seed; + for (i=1; i<NK; i++) + { + /* fill initialization vector */ + in=(NV*i)%NK; + rng->ira[in]^=m; /* note XOR */ + t=m; + m=seed-m; + seed=t; + } + for (i=0; i<10000; i++) sbrand(rng ); /* "warm-up" & stir the generator */ +} + +/* SU= 312 */ +static void fill_pool(csprng *rng) +{ + /* hash down output of RNG to re-fill the pool */ + int i; + hash256 sh; + HASH256_init(&sh); + for (i=0; i<128; i++) HASH256_process(&sh,sbrand(rng)); + HASH256_hash(&sh,rng->pool); + rng->pool_ptr=0; +} + +static unsign32 pack(const uchar *b) +{ + /* pack bytes into a 32-bit Word */ + return ((unsign32)b[3]<<24)|((unsign32)b[2]<<16)|((unsign32)b[1]<<8)|(unsign32)b[0]; +} + +/* SU= 360 */ +/* Initialize RNG with some real entropy from some external source */ +void RAND_seed(csprng *rng,int rawlen,char *raw) +{ + /* initialise from at least 128 byte string of raw * + * random (keyboard?) input, and 32-bit time-of-day */ + int i; + char digest[32]; + uchar b[4]; + hash256 sh; + rng->pool_ptr=0; + for (i=0; i<NK; i++) rng->ira[i]=0; + if (rawlen>0) + { + HASH256_init(&sh); + for (i=0; i<rawlen; i++) + HASH256_process(&sh,raw[i]); + HASH256_hash(&sh,digest); + + /* initialise PRNG from distilled randomness */ + + for (i=0; i<8; i++) + { + b[0]=digest[4*i]; + b[1]=digest[4*i+1]; + b[2]=digest[4*i+2]; + b[3]=digest[4*i+3]; + sirand(rng,pack(b)); + } + } + fill_pool(rng); +} + +/* Terminate and clean up */ +void RAND_clean(csprng *rng) +{ + /* kill internal state */ + int i; + rng->pool_ptr=rng->rndptr=0; + for (i=0; i<32; i++) rng->pool[i]=0; + for (i=0; i<NK; i++) rng->ira[i]=0; + rng->borrow=0; +} + +/* get random byte */ +/* SU= 8 */ +int RAND_byte(csprng *rng) +{ + int r; + r=rng->pool[rng->pool_ptr++]; + if (rng->pool_ptr>=32) fill_pool(rng); + return (r&0xff); +} + +/* test main program */ +/* +#include <stdio.h> +#include <string.h> + +void main() +{ + int i; + char raw[256]; + csprng rng; + + RAND_clean(&rng); + + + for (i=0;i<256;i++) raw[i]=(char)i; + RAND_seed(&rng,256,raw); + + for (i=0;i<1000;i++) + printf("%02x ",(unsigned char)RAND_byte(&rng)); +} + +*/ http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/src/randapi.c ---------------------------------------------------------------------- diff --git a/src/randapi.c b/src/randapi.c new file mode 100644 index 0000000..9b32efb --- /dev/null +++ b/src/randapi.c @@ -0,0 +1,15 @@ +#include "randapi.h" + +/* Initialise a Cryptographically Strong Random Number Generator from + an octet of raw random data */ + +void CREATE_CSPRNG(csprng *RNG,octet *RAW) +{ + RAND_seed(RNG,RAW->len,RAW->val); +} + +void KILL_CSPRNG(csprng *RNG) +{ + RAND_clean(RNG); +} + http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/src/rom_curve_ANSSI.c ---------------------------------------------------------------------- diff --git a/src/rom_curve_ANSSI.c b/src/rom_curve_ANSSI.c new file mode 100644 index 0000000..6448210 --- /dev/null +++ b/src/rom_curve_ANSSI.c @@ -0,0 +1,34 @@ +#include "arch.h" +#include "ecp_ANSSI.h" + +/* ANSSI Curve */ + +#if CHUNK==16 + +#error Not supported + +#endif + +#if CHUNK==32 + +const int CURVE_Cof_I_ANSSI= 1; +const BIG_256_28 CURVE_Cof_ANSSI= {0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}; +const int CURVE_A_ANSSI= -3; +const int CURVE_B_I_ANSSI= 0; +const BIG_256_28 CURVE_B_ANSSI= {0xB7BB73F,0x75ED967,0x1A18030,0xC9AE4B,0xFDFEC,0x754A44C,0xD4ABA,0x5428A93,0xE353FCA,0xE}; +const BIG_256_28 CURVE_Order_ANSSI= {0x6D655E1,0xFDD459C,0x2BF941F,0x67E140D,0x35B53DC,0xE8CE424,0xF10126D,0xB3AD58,0x1FD178C,0xF}; +const BIG_256_28 CURVE_Gx_ANSSI= {0x98F5CFF,0xC97A2DD,0x8B70164,0xD2DCAF9,0x3958C27,0x4749D42,0xB31183D,0x56C139E,0x6B3D4C3,0xB}; +const BIG_256_28 CURVE_Gy_ANSSI= {0x4062CFB,0x115A155,0x4C9E183,0xC307E8E,0xF8C2701,0xF0F3ECE,0x11F9271,0xC8B2049,0x142E0F7,0x6}; +#endif + +#if CHUNK==64 + +const int CURVE_Cof_I_ANSSI= 1; +const BIG_256_56 CURVE_Cof_ANSSI= {0x1L,0x0L,0x0L,0x0L,0x0L}; +const int CURVE_A_ANSSI= -3; +const int CURVE_B_I_ANSSI= 0; +const BIG_256_56 CURVE_B_ANSSI= {0x75ED967B7BB73FL,0xC9AE4B1A18030L,0x754A44C00FDFECL,0x5428A9300D4ABAL,0xEE353FCAL}; +const BIG_256_56 CURVE_Order_ANSSI= {0xFDD459C6D655E1L,0x67E140D2BF941FL,0xE8CE42435B53DCL,0xB3AD58F10126DL,0xF1FD178CL}; +const BIG_256_56 CURVE_Gx_ANSSI= {0xC97A2DD98F5CFFL,0xD2DCAF98B70164L,0x4749D423958C27L,0x56C139EB31183DL,0xB6B3D4C3L}; +const BIG_256_56 CURVE_Gy_ANSSI= {0x115A1554062CFBL,0xC307E8E4C9E183L,0xF0F3ECEF8C2701L,0xC8B204911F9271L,0x6142E0F7L}; +#endif http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/src/rom_curve_BLS24.c ---------------------------------------------------------------------- diff --git a/src/rom_curve_BLS24.c b/src/rom_curve_BLS24.c new file mode 100644 index 0000000..b11332c --- /dev/null +++ b/src/rom_curve_BLS24.c @@ -0,0 +1,64 @@ +#include "arch.h" +#include "ecp_BLS24.h" + +/* Curve BLS24 - Pairing friendly BLS24 curve */ + +#if CHUNK==16 + +#error Not supported + +#endif + +#if CHUNK==32 +// Base Bits= 29 +const int CURVE_Cof_I_BLS24= 0; +const int CURVE_A_BLS24= 0; +const int CURVE_B_I_BLS24= 19; +const BIG_480_29 CURVE_B_BLS24= {0x13,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}; +const BIG_480_29 CURVE_Order_BLS24= {0x10000001,0xD047FF,0x1FD54464,0x1E3CE067,0xE322DDA,0x1D356F3F,0x7433B44,0x49091F9,0x1729CC2,0x250286C,0x16E62ED,0xB403E1E,0x1001000,0x80,0x0,0x0,0x0}; +const BIG_480_29 CURVE_Gx_BLS24= {0xBE3CCD4,0x33B07AF,0x1B67D159,0x3DFC5B5,0xEBA1FCC,0x1A3C1F84,0x56BE204,0xEF8DF1B,0x11AE2D84,0x5FEE546,0x161B3BF9,0x183B20EE,0x1EA5D99B,0x14F0C5BF,0xBE521B7,0x17C682F9,0x1AB2}; +const BIG_480_29 CURVE_Gy_BLS24= {0x121E5245,0x65D2E56,0x11577DB1,0x16DACC11,0x14F39746,0x459F694,0x12483FCF,0xC828B04,0xFD63E5A,0x7B1D52,0xAFDE738,0xF349254,0x1A4529FF,0x10E53353,0xF91DEE1,0x16E18D8A,0x47FC}; + +const BIG_480_29 CURVE_Bnx_BLS24= {0x11FF80,0x80010,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}; +const BIG_480_29 CURVE_Cof_BLS24= {0x19F415AB,0x1E0FFDFF,0x15AAADFF,0xAA,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}; +const BIG_480_29 CURVE_Cru_BLS24= {0xDD794A9,0x1DE138A3,0x2BCCE90,0xC746127,0x15223DDC,0x1DD8890B,0xED08DB7,0xE24B9F,0xE379CE6,0x37011AC,0x11BAC820,0x1EEFAD01,0x200860F,0x147218A6,0xF16A209,0xF0079,0x555C}; +const BIG_480_29 CURVE_Pxaa_BLS24= {0x14E24678,0x1F149A9B,0x9609022,0x1C186868,0xCDEFC69,0x1C87BB2E,0x14A2235F,0x7586755,0x5896747,0x159BFE92,0x3B5572E,0x1710A521,0x71EB14A,0xC643C33,0x12581DE5,0x1BCA747D,0x959}; +const BIG_480_29 CURVE_Pxab_BLS24= {0x1FB099B8,0x3FCF5D7,0x4A91C0E,0xC6EEB40,0x11FC2385,0x11B5AE8D,0x1A9CC3E7,0x194FE144,0x185DB2A5,0x930E1C7,0x14F85F9A,0x1F2ED4E,0x1D1BE5AD,0xF26169C,0xCF7F194,0x1DA1062E,0x3B0D}; +const BIG_480_29 CURVE_Pxba_BLS24= {0x11AD15D3,0xD0E6F38,0x17DB85BB,0x30A62F1,0x1EA3E09A,0x17B25FA1,0x1B7959AC,0x1165B19A,0x6C74FDB,0x18F790E1,0x12278FDA,0x1E008F79,0x103F329,0x14619FF1,0x1EBCAA8,0xFF5A9CA,0x3EC2}; +const BIG_480_29 CURVE_Pxbb_BLS24= {0x1EE0F480,0x3D5943A,0xF5B12E3,0x128AADC8,0x180E1CB9,0x1EFD916F,0x48BC7F,0x1D5EE1FA,0x5698EF5,0x11D6AED9,0x1386BC6E,0x196E900B,0x1CE2E465,0xC2A8ED3,0x1E67DF99,0x71B7940,0xA5B}; +const BIG_480_29 CURVE_Pyaa_BLS24= {0x14781AA0,0xC324C98,0xEDC2AC,0x16C13B46,0x145FC44B,0x12529530,0x1310A8C4,0x1768C5C0,0xE19AE68,0x56E1C1D,0x13DAF93F,0x17E94366,0xF901AD0,0x76800CC,0x10250D8B,0x1E6BAE6D,0x5057}; +const BIG_480_29 CURVE_Pyab_BLS24= {0xEAE08FA,0xDDF62BF,0xA97E5AB,0xF0EE97,0x99A42CA,0x1C326578,0xF33DC11,0x8B913F7,0xFEF8552,0x19F35B90,0x58DDBDE,0xFC32FF2,0x1587B5DF,0xB5EB07A,0x1A258DE0,0x1692CC3D,0x2CE2}; +const BIG_480_29 CURVE_Pyba_BLS24= {0x5F0CC41,0xB9813B5,0x14C2A87D,0xFF1264A,0x19AF8A14,0x6CE6C3,0x2A7F8A2,0x121DCA7D,0x7D37153,0x19D21078,0x15466DC7,0x1362982B,0x1DD3CB5B,0x1CFC0D1C,0x18C69AF8,0x8CC7DC,0x1807}; +const BIG_480_29 CURVE_Pybb_BLS24= {0x115C1CAE,0x78D9732,0x16C26237,0x5A81A6A,0x1C38A777,0x56121FE,0x4DAD9D7,0x1BEBA670,0xA1D72FC,0xD60B274,0x19734258,0x1D621775,0x4691771,0x14206B68,0x17B22DE4,0x29D5B37,0x499D}; +const BIG_480_29 CURVE_W_BLS24[2]= {{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}}; +const BIG_480_29 CURVE_SB_BLS24[2][2]= {{{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}}}; +const BIG_480_29 CURVE_WB_BLS24[4]= {{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}}; +const BIG_480_29 CURVE_BB_BLS24[4][4]= {{{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0 ,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}}}; +#endif + +#if CHUNK==64 +// Base Bits= 56 +const int CURVE_Cof_I_BLS24= 0; +const int CURVE_A_BLS24= 0; +const int CURVE_B_I_BLS24= 19; +const BIG_480_56 CURVE_B_BLS24= {0x13L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}; +const BIG_480_56 CURVE_Order_BLS24= {0x1A08FFF0000001L,0x1E7033FF551190L,0x6ADE7EE322DDAFL,0x848FC9D0CED13AL,0x50D81729CC224L,0x1F0F05B98BB44AL,0x10010010005A0L,0x0L,0x0L}; +const BIG_480_56 CURVE_Gx_BLS24= {0x6760F5EBE3CCD4L,0xEFE2DAED9F4564L,0x783F08EBA1FCC1L,0xC6F8D95AF88134L,0xDCA8D1AE2D8477L,0x9077586CEFE4BFL,0x8B7FEA5D99BC1DL,0x17CAF9486DE9E1L,0x1AB2BE34L}; +const BIG_480_56 CURVE_Gy_BLS24= {0xCBA5CAD21E5245L,0x6D6608C55DF6C4L,0xB3ED294F39746BL,0x145824920FF3C8L,0x63AA4FD63E5A64L,0x492A2BF79CE00FL,0x66A7A4529FF79AL,0x6C53E477B861CAL,0x47FCB70CL}; + +const BIG_480_56 CURVE_Bnx_BLS24= {0x100020011FF80L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}; +const BIG_480_56 CURVE_Cof_BLS24= {0xC1FFBFF9F415ABL,0x5556AAB7FFL,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}; +const BIG_480_56 CURVE_Cru_BLS24= {0xBC27146DD794A9L,0x3A30938AF33A43L,0xB112175223DDC6L,0x125CFBB4236DFBL,0x2358E379CE607L,0xD680C6EB20806EL,0x314C200860FF77L,0x3CBC5A88268E4L,0x555C0078L}; +const BIG_480_56 CURVE_Pxaa_BLS24= {0xE2935374E24678L,0xC34342582408BL,0xF765CCDEFC69EL,0xC33AAD2888D7F9L,0x7FD2458967473AL,0x52908ED55CBAB3L,0x786671EB14AB88L,0xA3EC96077958C8L,0x959DE53L}; +const BIG_480_56 CURVE_Pxab_BLS24= {0x7F9EBAFFB099B8L,0x3775A012A47038L,0x6B5D1B1FC23856L,0x7F0A26A730F9E3L,0x1C38F85DB2A5CAL,0x76A753E17E6926L,0x2D39D1BE5AD0F9L,0x31733DFC651E4CL,0x3B0DED08L}; +const BIG_480_56 CURVE_Pxba_BLS24= {0xA1CDE711AD15D3L,0x853178DF6E16EDL,0x64BF43EA3E09A1L,0x2D8CD6DE566B2FL,0xF21C26C74FDB8BL,0x47BCC89E3F6B1EL,0x3FE2103F329F00L,0x4E507AF2AA28C3L,0x3EC27FADL}; +const BIG_480_56 CURVE_Pxbb_BLS24= {0x7AB2875EE0F480L,0x4556E43D6C4B8CL,0xFB22DF80E1CB99L,0xF70FD0122F1FFDL,0xD5DB25698EF5EAL,0x4805CE1AF1BA3AL,0x1DA7CE2E465CB7L,0xCA0799F7E65855L,0xA5B38DBL}; +const BIG_480_56 CURVE_Pyaa_BLS24= {0x86499314781AA0L,0x609DA303B70AB1L,0xA52A6145FC44BBL,0x462E04C42A3124L,0xC383AE19AE68BBL,0xA1B34F6BE4FCADL,0x198F901AD0BF4L,0x736C094362CED0L,0x5057F35DL}; +const BIG_480_56 CURVE_Pyab_BLS24= {0xBBEC57EEAE08FAL,0x78774BAA5F96ADL,0x64CAF099A42CA0L,0xC89FBBCCF70478L,0x6B720FEF855245L,0x97F916376F7B3EL,0x60F5587B5DF7E1L,0x61EE89637816BDL,0x2CE2B496L}; +const BIG_480_56 CURVE_Pyba_BLS24= {0x730276A5F0CC41L,0xF89325530AA1F5L,0xD9CD879AF8A147L,0xEE53E8A9FE2880L,0x420F07D3715390L,0x4C15D519B71F3AL,0x1A39DD3CB5B9B1L,0x3EE631A6BE39F8L,0x18070466L}; +const BIG_480_56 CURVE_Pybb_BLS24= {0xF1B2E6515C1CAEL,0xD40D355B0988DCL,0xC243FDC38A7772L,0x5D338136B675CAL,0x164E8A1D72FCDFL,0xBBAE5CD0961ACL,0xD6D04691771EB1L,0xD9BDEC8B792840L,0x499D14EAL}; +const BIG_480_56 CURVE_W_BLS24[2]= {{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}}; +const BIG_480_56 CURVE_SB_BLS24[2][2]= {{{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}},{{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}}}; +const BIG_480_56 CURVE_WB_BLS24[4]= {{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}}; +const BIG_480_56 CURVE_BB_BLS24[4][4]= {{{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}},{{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}},{{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}},{{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}}}; +#endif http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/src/rom_curve_BLS381.c ---------------------------------------------------------------------- diff --git a/src/rom_curve_BLS381.c b/src/rom_curve_BLS381.c new file mode 100644 index 0000000..23a7f44 --- /dev/null +++ b/src/rom_curve_BLS381.c @@ -0,0 +1,56 @@ +#include "arch.h" +#include "ecp_BLS381.h" + +/* Curve BLS381 - Pairing friendly BLS curve */ + +#if CHUNK==16 + +#error Not supported + +#endif + +#if CHUNK==32 + +const int CURVE_Cof_I_BLS381= 0; +const int CURVE_A_BLS381= 0; +const int CURVE_B_I_BLS381= 4; +const BIG_384_29 CURVE_B_BLS381= {0x4,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}; +const BIG_384_29 CURVE_Order_BLS381= {0x1,0x1FFFFFF8,0x1F96FFBF,0x1B4805FF,0x1D80553B,0xC0404D0,0x1520CCE7,0xA6533AF,0x73EDA7,0x0,0x0,0x0,0x0,0x0}; +const BIG_384_29 CURVE_Gx_BLS381= {0x1B22C6BB,0x19D78056,0x1E86BBFE,0xBD07FF2,0x1AC586C5,0x1D1F8B8D,0x4168538,0x9F2EE97,0xFC3688C,0x27D4D60,0x9A558E3,0x32FAF28,0x1F1D3A73,0xB}; +const BIG_384_29 CURVE_Gy_BLS381= {0x6C5E7E1,0x551194A,0x222B903,0x198E8945,0xB3EDD03,0xC659602,0xBD8036C,0x12BABA01,0x4FCF5E0,0xBA0EC57,0x8278C3B,0x75541E3,0xB3F481E,0x4}; + +const BIG_384_29 CURVE_Bnx_BLS381= {0x10000,0x10080000,0x34,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}; +const BIG_384_29 CURVE_Cof_BLS381= {0xAAAB,0x55558,0x157855A3,0x191800AA,0x396,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}; +const BIG_384_29 CURVE_Cru_BLS381= {0x1FFEFFFE,0x100FFFFF,0x280008B,0xFB026C4,0x9688DE1,0x149DF37C,0x1FAB76CE,0xED41EE,0x11BA69C6,0x1EFBB672,0x17C659CB,0x0,0x0,0x0}; +const BIG_384_29 CURVE_Pxa_BLS381= {0x121BDB8,0x402B646,0x16EFBF5,0x18064D50,0x1D1770BA,0x5B23D71,0xC0AD144,0x1A9F4807,0x11C6E47A,0x196E2882,0x9820149,0x11E1522,0x4AA2B2F,0x1}; +const BIG_384_29 CURVE_Pxb_BLS381= {0x1D042B7E,0xD63E82A,0x51755F9,0x19E22427,0x15049334,0x10DDEE3F,0x186AD769,0x1A132416,0x5596BD0,0x4413A7B,0x1F6B34E8,0x4E33EC0,0x1E02B605,0x9}; +const BIG_384_29 CURVE_Pya_BLS381= {0x8B82801,0xC9AA430,0xB28A278,0x15939877,0xD12C923,0xD34A8B0,0xE9DB50A,0x155197BA,0x1AADFD9B,0x16D171A8,0x3327371,0x4FADC23,0xE5D5277,0x6}; +const BIG_384_29 CURVE_Pyb_BLS381= {0x105F79BE,0x15483AFF,0x1B07686A,0xE1A4EB9,0x99AB3F3,0x955AB97,0xEBC99D2,0xFD0B4EC,0x19CB3E28,0x15E145C,0xCAB34AC,0x1D4E6998,0x6C4A02,0x3}; +const BIG_384_29 CURVE_W_BLS381[2]= {{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}}; +const BIG_384_29 CURVE_SB_BLS381[2][2]= {{{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}}}; +const BIG_384_29 CURVE_WB_BLS381[4]= {{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}}; +const BIG_384_29 CURVE_BB_BLS381[4][4]= {{{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}}}; +#endif + +#if CHUNK==64 + +const int CURVE_Cof_I_BLS381= 0; +const int CURVE_A_BLS381= 0; +const int CURVE_B_I_BLS381= 4; +const BIG_384_58 CURVE_B_BLS381= {0x4L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}; +const BIG_384_58 CURVE_Order_BLS381= {0x3FFFFFF00000001L,0x36900BFFF96FFBFL,0x180809A1D80553BL,0x14CA675F520CCE7L,0x73EDA7L,0x0L,0x0L}; +const BIG_384_58 CURVE_Gx_BLS381= {0x33AF00ADB22C6BBL,0x17A0FFE5E86BBFEL,0x3A3F171BAC586C5L,0x13E5DD2E4168538L,0x4FA9AC0FC3688CL,0x65F5E509A558E3L,0x17F1D3A73L}; +const BIG_384_58 CURVE_Gy_BLS381= {0xAA232946C5E7E1L,0x331D128A222B903L,0x18CB2C04B3EDD03L,0x25757402BD8036CL,0x1741D8AE4FCF5E0L,0xEAA83C68278C3BL,0x8B3F481EL}; + +const BIG_384_58 CURVE_Bnx_BLS381= {0x201000000010000L,0x34L,0x0L,0x0L,0x0L,0x0L,0x0L}; +const BIG_384_58 CURVE_Cof_BLS381= {0xAAAB0000AAABL,0x3230015557855A3L,0x396L,0x0L,0x0L,0x0L,0x0L}; +const BIG_384_58 CURVE_Cru_BLS381= {0x201FFFFFFFEFFFEL,0x1F604D88280008BL,0x293BE6F89688DE1L,0x1DA83DDFAB76CEL,0x3DF76CE51BA69C6L,0x17C659CBL,0x0L}; +const BIG_384_58 CURVE_Pxa_BLS381= {0x8056C8C121BDB8L,0x300C9AA016EFBF5L,0xB647AE3D1770BAL,0x353E900EC0AD144L,0x32DC51051C6E47AL,0x23C2A449820149L,0x24AA2B2FL}; +const BIG_384_58 CURVE_Pxb_BLS381= {0x1AC7D055D042B7EL,0x33C4484E51755F9L,0x21BBDC7F5049334L,0x3426482D86AD769L,0x88274F65596BD0L,0x9C67D81F6B34E8L,0x13E02B605L}; +const BIG_384_58 CURVE_Pya_BLS381= {0x193548608B82801L,0x2B2730EEB28A278L,0x1A695160D12C923L,0x2AA32F74E9DB50AL,0x2DA2E351AADFD9BL,0x9F5B8463327371L,0xCE5D5277L}; +const BIG_384_58 CURVE_Pyb_BLS381= {0x2A9075FF05F79BEL,0x1C349D73B07686AL,0x12AB572E99AB3F3L,0x1FA169D8EBC99D2L,0x2BC28B99CB3E28L,0x3A9CD330CAB34ACL,0x606C4A02L}; +const BIG_384_58 CURVE_W_BLS381[2]= {{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}}; +const BIG_384_58 CURVE_SB_BLS381[2][2]= {{{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}},{{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}}}; +const BIG_384_58 CURVE_WB_BLS381[4]= {{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}}; +const BIG_384_58 CURVE_BB_BLS381[4][4]= {{{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}},{{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}},{{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}},{{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}}}; +#endif http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/src/rom_curve_BLS383.c ---------------------------------------------------------------------- diff --git a/src/rom_curve_BLS383.c b/src/rom_curve_BLS383.c new file mode 100644 index 0000000..4178f0d --- /dev/null +++ b/src/rom_curve_BLS383.c @@ -0,0 +1,56 @@ +#include "arch.h" +#include "ecp_BLS383.h" + +/* Curve BLS383 - Pairing friendly BLS curve */ + +#if CHUNK==16 + +#error Not supported + +#endif + +#if CHUNK==32 +// Base Bits= 29 +const int CURVE_A_BLS383= 0; +const int CURVE_Cof_I_BLS383= 0; +const BIG_384_29 CURVE_Cof_BLS383= {0x15169EAB,0xA82AB0A,0xAAEFFED,0x15558001,0x555,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}; +const int CURVE_B_I_BLS383= 15; +const BIG_384_29 CURVE_B_BLS383= {0xF,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}; +const BIG_384_29 CURVE_Order_BLS383= {0x1EBC0001,0x1904CF5F,0x834E5CE,0xBE12B42,0xB381DE0,0xE40B4C,0x270110,0x10018017,0x1002001,0x0,0x0,0x0,0x0,0x0}; +const BIG_384_29 CURVE_Gx_BLS383= {0x8734573,0x623B9C8,0x1D1DC11E,0xBB7E107,0x1E3445C5,0x1D6C2578,0x10B0BE1E,0xED6103E,0x10F31D9F,0x296ED82,0x18E0D7D0,0x12F3D9C9,0x1FCBA55B,0x20}; +const BIG_384_29 CURVE_Gy_BLS383= {0x3F224,0x968B2F4,0x1FE63F48,0xFA93D90,0x14D2DDE5,0x54A56F5,0x12441D4C,0x18CD76C8,0x199D0DAD,0xE18E236,0x92BA73,0x99F6600,0x8F16727,0x3}; + +const BIG_384_29 CURVE_Bnx_BLS383= {0x1001200,0x400000,0x40,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}; +const BIG_384_29 CURVE_Cru_BLS383= {0xEAAC2A9,0x61B3A81,0x17D974B7,0xBED0345,0xA341BC2,0x17A51A6F,0x5738948,0x69B7BAE,0x14605445,0x374A43,0x8116AD1,0x956DD69,0x16556956,0x2A}; +const BIG_384_29 CURVE_Pxa_BLS383= {0xD7F2D86,0x1E59DB1,0x17474F85,0x1FB56CF2,0x572EE81,0xE487AB1,0x96F51FC,0x190A5AAE,0x6432501,0x13E58F3A,0x101E6425,0xFD807D1,0x34D2240,0x3}; +const BIG_384_29 CURVE_Pxb_BLS383= {0x452DE15,0x1ECF20F6,0x1FF9837B,0x95651AA,0xD5D75B5,0x5D44749,0x12277F66,0x1DB3A0B9,0x1D24F498,0x19441B0E,0x1CDE9DC5,0x2C975,0xD78006,0x18}; +const BIG_384_29 CURVE_Pya_BLS383= {0x1408CB41,0x34785DC,0x3586597,0x13DBC9E4,0x1A2E75B4,0x1D65489,0xCF9A25E,0x1ACE7933,0x1B6E990E,0x19FF31A3,0x12527615,0x1A44A68F,0x1792CF93,0x19}; +const BIG_384_29 CURVE_Pyb_BLS383= {0x1F479093,0x16C2321B,0x1889218E,0x87961BC,0x1BC98B01,0x197A24FB,0xA3DEBC2,0x88D67DF,0x1CE0D,0x1E8AD3D7,0x93B9EE9,0x59B18D6,0xE5247DD,0x10}; +const BIG_384_29 CURVE_W_BLS383[2]= {{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}}; +const BIG_384_29 CURVE_SB_BLS383[2][2]= {{{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}}}; +const BIG_384_29 CURVE_WB_BLS383[4]= {{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}}; +const BIG_384_29 CURVE_BB_BLS383[4][4]= {{{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}}}; +#endif + +#if CHUNK==64 +// Base Bits= 58 +const int CURVE_A_BLS383= 0; +const int CURVE_Cof_I_BLS383= 0; +const BIG_384_58 CURVE_Cof_BLS383= {0x150556155169EABL,0x2AAB0002AAEFFEDL,0x555L,0x0L,0x0L,0x0L,0x0L}; +const int CURVE_B_I_BLS383= 15; +const BIG_384_58 CURVE_B_BLS383= {0xFL,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}; +const BIG_384_58 CURVE_Order_BLS383= {0x32099EBFEBC0001L,0x17C25684834E5CEL,0x1C81698B381DE0L,0x2003002E0270110L,0x1002001L,0x0L,0x0L}; +const BIG_384_58 CURVE_Gx_BLS383= {0xC4773908734573L,0x176FC20FD1DC11EL,0x3AD84AF1E3445C5L,0x1DAC207D0B0BE1EL,0x52DDB050F31D9FL,0x25E7B3938E0D7D0L,0x41FCBA55BL}; +const BIG_384_58 CURVE_Gy_BLS383= {0x12D165E8003F224L,0x1F527B21FE63F48L,0xA94ADEB4D2DDE5L,0x319AED912441D4CL,0x1C31C46D99D0DADL,0x133ECC00092BA73L,0x68F16727L}; + +const BIG_384_58 CURVE_Bnx_BLS383= {0x8000001001200L,0x40L,0x0L,0x0L,0x0L,0x0L,0x0L}; +const BIG_384_58 CURVE_Cru_BLS383= {0xC367502EAAC2A9L,0x17DA068B7D974B7L,0x2F4A34DEA341BC2L,0xD36F75C5738948L,0x6E94874605445L,0x12ADBAD28116AD1L,0x556556956L}; +const BIG_384_58 CURVE_Pxa_BLS383= {0x3CB3B62D7F2D86L,0x3F6AD9E57474F85L,0x1C90F562572EE81L,0x3214B55C96F51FCL,0x27CB1E746432501L,0x1FB00FA301E6425L,0x634D2240L}; +const BIG_384_58 CURVE_Pxb_BLS383= {0x3D9E41EC452DE15L,0x12ACA355FF9837BL,0xBA88E92D5D75B5L,0x3B6741732277F66L,0x3288361DD24F498L,0x592EBCDE9DC5L,0x300D78006L}; +const BIG_384_58 CURVE_Pya_BLS383= {0x68F0BB9408CB41L,0x27B793C83586597L,0x3ACA913A2E75B4L,0x359CF266CF9A25EL,0x33FE6347B6E990EL,0x34894D1F2527615L,0x33792CF93L}; +const BIG_384_58 CURVE_Pyb_BLS383= {0x2D846437F479093L,0x10F2C379889218EL,0x32F449F7BC98B01L,0x111ACFBEA3DEBC2L,0x3D15A7AE001CE0DL,0xB3631AC93B9EE9L,0x20E5247DDL}; +const BIG_384_58 CURVE_W_BLS383[2]= {{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}}; +const BIG_384_58 CURVE_SB_BLS383[2][2]= {{{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}},{{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}}}; +const BIG_384_58 CURVE_WB_BLS383[4]= {{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}}; +const BIG_384_58 CURVE_BB_BLS383[4][4]= {{{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}},{{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}},{{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}},{{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}}}; +#endif http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/src/rom_curve_BLS461.c ---------------------------------------------------------------------- diff --git a/src/rom_curve_BLS461.c b/src/rom_curve_BLS461.c new file mode 100644 index 0000000..0dedf32 --- /dev/null +++ b/src/rom_curve_BLS461.c @@ -0,0 +1,56 @@ +#include "arch.h" +#include "ecp_BLS461.h" + +/* Curve BLS383 - Pairing friendly BLS curve */ + +#if CHUNK==16 + +#error Not supported + +#endif + +#if CHUNK==32 + +const int CURVE_Cof_I_BLS461= 0; +const int CURVE_A_BLS461= 0; +const int CURVE_B_I_BLS461= 9; +const BIG_464_28 CURVE_B_BLS461= {0x9,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}; +const BIG_464_28 CURVE_Order_BLS461= {0x1,0x0,0xFFFFC00,0x7FEFFFE,0x110000,0x7FFC800,0x801FC01,0x5FD000E,0x17FE0,0xFFFC018,0xFFFFFF7,0x0,0x0,0x0,0x0,0x0,0x0}; +const BIG_464_28 CURVE_Gx_BLS461= {0xADEE93D,0x4D026A8,0x74B7411,0xD9C00EE,0x31AC7F2,0xC3981B5,0x9218229,0xD3564DC,0xA096650,0x6F7C292,0x9743616,0xBE922B1,0x12CF668,0xC81327,0x463B73A,0xE74E99B,0xAD0}; +const BIG_464_28 CURVE_Gy_BLS461= {0xAD1D465,0xF763157,0xC4FF470,0x17884C8,0xB8D215D,0xA819E66,0xF4959D0,0xE5C3245,0xB84910A,0xB8BFA40,0xBE96EEC,0x8BF9F8C,0xF277ACC,0x5F1C3F2,0x5F68C9,0xCDB14B3,0x77B}; + +const BIG_464_28 CURVE_Bnx_BLS461= {0x0,0xFBFFFE0,0x1FFFFF,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}; +const BIG_464_28 CURVE_Cof_BLS461= {0xAAAAAAB,0xA7FFFEA,0x1556AA,0xD55AAAB,0x554FFFF,0x1555,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}; +const BIG_464_28 CURVE_Cru_BLS461= {0xFFFFFFE,0x40001F,0xFE00000,0xFFE7FFF,0xF0FFF6F,0x7200C47,0x7BCC604,0x15796DB,0xCF47771,0x9875433,0x613F0E8,0x5000502,0xEBFFF60,0x1FFFFF,0x0,0x0,0x0}; +const BIG_464_28 CURVE_Pxa_BLS461= {0x6D0A37C,0x5B50318,0x75DCC46,0xC2E492E,0xD6878A9,0xE01F919,0xF92F564,0x86DB74F,0x66803F0,0x46D581A,0x7ED78D,0x2F97C29,0xC270C89,0xF679453,0x6A50A9A,0x54138A0,0x10CC}; +const BIG_464_28 CURVE_Pxb_BLS461= {0x2C1C0AD,0xF85CA8C,0x25CADE9,0x6CD66C4,0xA289609,0xC612951,0xEE2401A,0x529ABEB,0xF65B17D,0xBA09D33,0xD4C5AF5,0x4D4371E,0x46A672E,0xA279D22,0xACEA37C,0x1FB4FE5,0x95C}; +const BIG_464_28 CURVE_Pya_BLS461= {0x2FB006,0xCCD0C1B,0xA12A337,0x3D194A4,0xC92C895,0x4960CFC,0x39FC68B,0x3A9B00F,0xED1BA0F,0xA7DBBC5,0xA9CDFD8,0x27CC2F7,0x4E73ED2,0x6070F4F,0xEBA7E67,0xAC848E7,0x226}; +const BIG_464_28 CURVE_Pyb_BLS461= {0xDF1457C,0xA506ADF,0x4C20A8,0xD6A31DC,0x36E3FB4,0xEA9A8F1,0x92F5668,0x3C3BE44,0x67A1297,0x74BEABA,0x56A20BE,0x4C42E38,0x45157F0,0x2AB1D00,0xBB402EA,0x101B4FA,0xE38}; +const BIG_464_28 CURVE_W_BLS461[2]= {{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}}; +const BIG_464_28 CURVE_SB_BLS461[2][2]= {{{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}}}; +const BIG_464_28 CURVE_WB_BLS461[4]= {{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}}; +const BIG_464_28 CURVE_BB_BLS461[4][4]= {{{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x 0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}}}; +#endif + +#if CHUNK==64 + +const int CURVE_Cof_I_BLS461= 0; +const int CURVE_A_BLS461= 0; +const int CURVE_B_I_BLS461= 9; +const BIG_464_60 CURVE_B_BLS461= {0x9L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}; +const BIG_464_60 CURVE_Order_BLS461= {0x1L,0x7FEFFFEFFFFC0L,0xC017FFC80001100L,0x7FE05FD000E801FL,0xFFFF7FFFC018001L,0xFFL,0x0L,0x0L}; +const BIG_464_60 CURVE_Gx_BLS461= {0x14D026A8ADEE93DL,0xF2D9C00EE74B741L,0x229C3981B531AC7L,0x6650D3564DC9218L,0x436166F7C292A09L,0x2CF668BE922B197L,0x463B73A0C813271L,0xAD0E74E99BL}; +const BIG_464_60 CURVE_Gy_BLS461= {0xF763157AD1D465L,0x5D17884C8C4FF47L,0x9D0A819E66B8D21L,0x910AE5C3245F495L,0x96EECB8BFA40B84L,0x277ACC8BF9F8CBEL,0x5F68C95F1C3F2FL,0x77BCDB14B3L}; + +const BIG_464_60 CURVE_Bnx_BLS461= {0xFFBFFFE00000000L,0x1FFFFL,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}; +const BIG_464_60 CURVE_Cof_BLS461= {0xAA7FFFEAAAAAAABL,0xFFD55AAAB01556AL,0x1555554FFL,0x0L,0x0L,0x0L,0x0L,0x0L}; +const BIG_464_60 CURVE_Cru_BLS461= {0x40001FFFFFFFEL,0x6FFFE7FFFFE0000L,0x6047200C47F0FFFL,0x777115796DB7BCCL,0x3F0E89875433CF4L,0xBFFF60500050261L,0x1FFFFFEL,0x0L}; +const BIG_464_60 CURVE_Pxa_BLS461= {0x65B503186D0A37CL,0xA9C2E492E75DCC4L,0x564E01F919D6878L,0x3F086DB74FF92FL,0xED78D46D581A668L,0x270C892F97C2907L,0x6A50A9AF679453CL,0x10CC54138A0L}; +const BIG_464_60 CURVE_Pxb_BLS461= {0x9F85CA8C2C1C0ADL,0x96CD66C425CADEL,0x1AC612951A2896L,0xB17D529ABEBEE24L,0xC5AF5BA09D33F65L,0x6A672E4D4371ED4L,0xACEA37CA279D224L,0x95C1FB4FE5L}; +const BIG_464_60 CURVE_Pya_BLS461= {0x7CCD0C1B02FB006L,0x953D194A4A12A33L,0x68B4960CFCC92C8L,0xBA0F3A9B00F39FCL,0xCDFD8A7DBBC5ED1L,0xE73ED227CC2F7A9L,0xEBA7E676070F4F4L,0x226AC848E7L}; +const BIG_464_60 CURVE_Pyb_BLS461= {0x8A506ADFDF1457CL,0xB4D6A31DC04C20AL,0x668EA9A8F136E3FL,0x12973C3BE4492F5L,0xA20BE74BEABA67AL,0x5157F04C42E3856L,0xBB402EA2AB1D004L,0xE38101B4FAL}; +const BIG_464_60 CURVE_W_BLS461[2]= {{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}}; +const BIG_464_60 CURVE_SB_BLS461[2][2]= {{{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}},{{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}}}; +const BIG_464_60 CURVE_WB_BLS461[4]= {{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}}; +const BIG_464_60 CURVE_BB_BLS461[4][4]= {{{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}},{{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}},{{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}},{{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}}}; +#endif
