Clearmatics Libff  0.1
C++ library for Finite Fields and Elliptic Curves
bls12_381_init.cpp
Go to the documentation of this file.
1 #include <libff/algebra/curves/bls12_381/bls12_381_g1.hpp>
2 #include <libff/algebra/curves/bls12_381/bls12_381_g2.hpp>
3 #include <libff/algebra/curves/bls12_381/bls12_381_init.hpp>
4 
5 namespace libff
6 {
7 
8 bigint<bls12_381_r_limbs> bls12_381_modulus_r;
9 bigint<bls12_381_q_limbs> bls12_381_modulus_q;
10 
11 bls12_381_Fq bls12_381_coeff_b;
12 bigint<bls12_381_r_limbs> bls12_381_trace_of_frobenius;
13 bls12_381_Fq2 bls12_381_twist;
14 bls12_381_Fq2 bls12_381_twist_coeff_b;
15 bls12_381_Fq bls12_381_twist_mul_by_b_c0;
16 bls12_381_Fq bls12_381_twist_mul_by_b_c1;
17 bls12_381_Fq2 bls12_381_twist_mul_by_q_X;
18 bls12_381_Fq2 bls12_381_twist_mul_by_q_Y;
19 
20 bigint<bls12_381_q_limbs> bls12_381_ate_loop_count;
21 bool bls12_381_ate_is_loop_count_neg;
22 bigint<12 * bls12_381_q_limbs> bls12_381_final_exponent;
23 bigint<bls12_381_q_limbs> bls12_381_final_exponent_z;
24 bool bls12_381_final_exponent_is_z_neg;
25 
26 void init_bls12_381_params()
27 {
28  typedef bigint<bls12_381_r_limbs> bigint_r;
29  typedef bigint<bls12_381_q_limbs> bigint_q;
30 
31  // Montgomery assumes this
32  assert(sizeof(mp_limb_t) == 8 || sizeof(mp_limb_t) == 4);
33 
34  /* parameters for scalar field Fr */
35 
36  bls12_381_modulus_r = bigint_r("5243587517512619047944774050818596583769055"
37  "2500527637822603658699938581184513");
38  assert(bls12_381_Fr::modulus_is_valid());
39  if (sizeof(mp_limb_t) == 8) {
40  bls12_381_Fr::Rsquared =
41  bigint_r("329490647479426544212979752063071073927857568219980068178"
42  "8903916070560242797");
43  bls12_381_Fr::Rcubed =
44  bigint_r("498292539885403193545507422492760844601274463553159150895"
45  "27227471280320770991");
46  bls12_381_Fr::inv = 0xfffffffeffffffff; // (-1/modulus) mod W
47  }
48  if (sizeof(mp_limb_t) == 4) {
49  bls12_381_Fr::Rsquared =
50  bigint_r("329490647479426544212979752063071073927857568219980068178"
51  "8903916070560242797");
52  bls12_381_Fr::Rcubed =
53  bigint_r("498292539885403193545507422492760844601274463553159150895"
54  "27227471280320770991");
55  bls12_381_Fr::inv = 0xffffffff;
56  }
57  bls12_381_Fr::num_bits = 255;
58  bls12_381_Fr::euler = bigint_r("2621793758756309523972387025409298291884527"
59  "6250263818911301829349969290592256");
60  bls12_381_Fr::s = 32;
61  bls12_381_Fr::t = bigint_r(
62  "12208678567578594777604504606729831043093128246378069236549469339647");
63  bls12_381_Fr::t_minus_1_over_2 = bigint_r(
64  "6104339283789297388802252303364915521546564123189034618274734669823");
65  bls12_381_Fr::multiplicative_generator = bls12_381_Fr("7");
66  bls12_381_Fr::root_of_unity =
67  bls12_381_Fr("102382273577394958236510305758492320625588601802844775411"
68  "89508159991286009131");
69  bls12_381_Fr::nqr = bls12_381_Fr("5");
70  bls12_381_Fr::nqr_to_t =
71  bls12_381_Fr("937917089079007706106976984802249742464848817460758522850"
72  "752807661925904159");
73  bls12_381_Fr::static_init();
74 
75  /* parameters for base field Fq */
76  bls12_381_modulus_q =
77  bigint_q("4002409555221667393417789825735904156556882819939007885332058"
78  "136124031650490837864442687629129015664037894272559787");
79  assert(bls12_381_Fq::modulus_is_valid());
80  if (sizeof(mp_limb_t) == 8) {
81  bls12_381_Fq::Rsquared = bigint_q(
82  "270826391065473017479378762632817651183645519716631767700615429398"
83  "2164122222515399004018013397331347120527951271750"); // k=6
84  bls12_381_Fq::Rcubed = bigint_q(
85  "163906754277462589423671657554808490593875383721159409588363701458"
86  "2201460755008380976950835174037649440777609978336");
87 
88  bls12_381_Fq::inv = 0x89f3fffcfffcfffd;
89  }
90  if (sizeof(mp_limb_t) == 4) {
91  bls12_381_Fq::Rsquared = bigint_q(
92  "270826391065473017479378762632817651183645519716631767700615429398"
93  "2164122222515399004018013397331347120527951271750");
94  bls12_381_Fq::Rcubed = bigint_q(
95  "163906754277462589423671657554808490593875383721159409588363701458"
96  "2201460755008380976950835174037649440777609978336");
97  bls12_381_Fq::inv = 0xfffcfffd;
98  }
99  bls12_381_Fq::num_bits = 381;
100  bls12_381_Fq::euler =
101  bigint_q("2001204777610833696708894912867952078278441409969503942666029"
102  "068062015825245418932221343814564507832018947136279893");
103  bls12_381_Fq::s = 1;
104  bls12_381_Fq::t =
105  bigint_q("2001204777610833696708894912867952078278441409969503942666029"
106  "068062015825245418932221343814564507832018947136279893");
107  bls12_381_Fq::t_minus_1_over_2 =
108  bigint_q("1000602388805416848354447456433976039139220704984751971333014"
109  "534031007912622709466110671907282253916009473568139946");
110  bls12_381_Fq::multiplicative_generator = bls12_381_Fq("2");
111  bls12_381_Fq::root_of_unity = bls12_381_Fq(
112  "4002409555221667393417789825735904156556882819939007885332058136124031"
113  "650490837864442687629129015664037894272559786");
114  bls12_381_Fq::nqr = bls12_381_Fq("2");
115  bls12_381_Fq::nqr_to_t = bls12_381_Fq(
116  "4002409555221667393417789825735904156556882819939007885332058136124031"
117  "650490837864442687629129015664037894272559786");
118  bls12_381_Fq::static_init();
119 
120  /* parameters for twist field Fq2 */
121  bls12_381_Fq2::euler = bigint<2 * bls12_381_q_limbs>(
122  "8009641123864852705971874322159486308847560049665276329931192268492988"
123  "3742456785717003280396510967149874771927700853652655519422698534529681"
124  "0010121051821790554650651713590637900820398474816583070927051183888744"
125  "9985712996744742684");
126  bls12_381_Fq2::s = 3;
127  bls12_381_Fq2::t = bigint<2 * bls12_381_q_limbs>(
128  "2002410280966213176492968580539871577211890012416319082482798067123247"
129  "0935614196429250820099127741787468692981925213413163879855674633632420"
130  "2502530262955447638662662928397659475205099618704145767731762795972186"
131  "2496428249186185671");
132  bls12_381_Fq2::t_minus_1_over_2 = bigint<2 * bls12_381_q_limbs>(
133  "1001205140483106588246484290269935788605945006208159541241399033561623"
134  "5467807098214625410049563870893734346490962606706581939927837316816210"
135  "1251265131477723819331331464198829737602549809352072883865881397986093"
136  "1248214124593092835");
137  bls12_381_Fq2::non_residue = bls12_381_Fq(
138  "4002409555221667393417789825735904156556882819939007885332058136124031"
139  "650490837864442687629129015664037894272559786");
140  bls12_381_Fq2::nqr =
141  bls12_381_Fq2(bls12_381_Fq("1"), bls12_381_Fq("1")); // u+1
142  bls12_381_Fq2::nqr_to_t = bls12_381_Fq2(
143  bls12_381_Fq(
144  "102873214623510634997532447921579527738483993692975789615564311803"
145  "2610843298655225875571310552543014690878354869257"),
146  bls12_381_Fq(
147  "297367740898656104344246534652010887917204288300924998917641501809"
148  "1420807192182638567116318576472649347015917690530"));
149  bls12_381_Fq2::Frobenius_coeffs_c1[0] = bls12_381_Fq("1");
150  bls12_381_Fq2::Frobenius_coeffs_c1[1] = bls12_381_Fq(
151  "4002409555221667393417789825735904156556882819939007885332058136124031"
152  "650490837864442687629129015664037894272559786");
153  bls12_381_Fq2::static_init();
154 
155  /* parameters for Fq6 */
156 
157  bls12_381_Fq6::euler = bigint<6 * bls12_381_q_limbs>(
158  "2055413310034685917547178203792332860309200402936847589812920000288065"
159  "0925292078031236336437155417867098264344518387365893430771451315477306"
160  "7723923870911995741881272581302001907244790574962263945847542833396860"
161  "73743682966778056496"
162  "2327945395707855461784923849488018385374868097169740055671857527378364"
163  "8469851242261268044817816320342666827076722752447529192782544353128746"
164  "1471193084577848300836833318729082346882823602164341569076593462295099"
165  "0371613607731757827"
166  "4075669149520898024347473697702653612215721050521068924301068068177428"
167  "7151859717713146107915044671570816889418683602912643322766216203471482"
168  "2884004062053629214182533388992931530312083763262100940571236423950189"
169  "3128509197213249204");
170  bls12_381_Fq6::s = 3;
171  bls12_381_Fq6::t = bigint<6 * bls12_381_q_limbs>(
172  "5138533275086714793867945509480832150773001007342118974532300000720162"
173  "7313230195078090841092888544667745660861295968414733576928628288693266"
174  "9309809677279989354703181453255004768111976437405659864618857083492151"
175  "8435920741694514124"
176  "0581986348926963865446230962372004596343717024292435013917964381844591"
177  "2117462810565317011204454080085666706769180688111882298195636088282186"
178  "5367798271144462075209208329682270586720705900541085392269148365573774"
179  "7592903401932939456"
180  "8518917287380224506086868424425663403053930262630267231075267017044357"
181  "1787964929428286526978761167892704222354670900728160830691554050867870"
182  "5721001015513407303545633347248232882578020940815525235142809105987547"
183  "3282127299303312301");
184  bls12_381_Fq6::t_minus_1_over_2 = bigint<6 * bls12_381_q_limbs>(
185  "2569266637543357396933972754740416075386500503671059487266150000360081"
186  "3656615097539045420546444272333872830430647984207366788464314144346633"
187  "4654904838639994677351590726627502384055988218702829932309428541746075"
188  "9217960370847257062"
189  "0290993174463481932723115481186002298171858512146217506958982190922295"
190  "6058731405282658505602227040042833353384590344055941149097818044141093"
191  "2683899135572231037604604164841135293360352950270542696134574182786887"
192  "3796451700966469728"
193  "4259458643690112253043434212212831701526965131315133615537633508522178"
194  "5893982464714143263489380583946352111177335450364080415345777025433935"
195  "2860500507756703651772816673624116441289010470407762617571404552993773"
196  "6641063649651656150");
197  bls12_381_Fq6::non_residue =
198  bls12_381_Fq2(bls12_381_Fq("1"), bls12_381_Fq("1"));
199  bls12_381_Fq6::nqr = bls12_381_Fq6(
200  bls12_381_Fq2::one(), bls12_381_Fq2::one(), bls12_381_Fq2::zero());
201  bls12_381_Fq temp_Fq6 = bls12_381_Fq(
202  "2973677408986561043442465346520108879172042883009249989176415018091420"
203  "807192182638567116318576472649347015917690530");
204  bls12_381_Fq6::nqr_to_t = bls12_381_Fq6(
205  bls12_381_Fq2(temp_Fq6, temp_Fq6),
206  bls12_381_Fq2::zero(),
207  bls12_381_Fq2::zero());
208  bls12_381_Fq6::Frobenius_coeffs_c1[0] =
209  bls12_381_Fq2(bls12_381_Fq("1"), bls12_381_Fq("0"));
210  bls12_381_Fq6::Frobenius_coeffs_c1[1] = bls12_381_Fq2(
211  bls12_381_Fq("0"),
212  bls12_381_Fq(
213  "400240955522166739262431043500668864393550311830558643827117139584"
214  "2971157480381377015405980053539358417135540939436"));
215  bls12_381_Fq6::Frobenius_coeffs_c1[2] = bls12_381_Fq2(
216  bls12_381_Fq("793479390729215512621379701633421447060886740281060493010"
217  "456487427281649075476305620758731620350"),
218  bls12_381_Fq("0"));
219  bls12_381_Fq6::Frobenius_coeffs_c1[3] =
220  bls12_381_Fq2(bls12_381_Fq("0"), bls12_381_Fq("1"));
221  bls12_381_Fq6::Frobenius_coeffs_c1[4] = bls12_381_Fq2(
222  bls12_381_Fq(
223  "400240955522166739262431043500668864393550311830558643827117139584"
224  "2971157480381377015405980053539358417135540939436"),
225  bls12_381_Fq("0"));
226  bls12_381_Fq6::Frobenius_coeffs_c1[5] = bls12_381_Fq2(
227  bls12_381_Fq("0"),
228  bls12_381_Fq("793479390729215512621379701633421447060886740281060493010"
229  "456487427281649075476305620758731620350"));
230  bls12_381_Fq6::Frobenius_coeffs_c2[0] =
231  bls12_381_Fq2(bls12_381_Fq("1"), bls12_381_Fq("0"));
232  bls12_381_Fq6::Frobenius_coeffs_c2[1] = bls12_381_Fq2(
233  bls12_381_Fq(
234  "400240955522166739262431043500668864393550311830558643827117139584"
235  "2971157480381377015405980053539358417135540939437"),
236  bls12_381_Fq("0"));
237  bls12_381_Fq6::Frobenius_coeffs_c2[2] = bls12_381_Fq2(
238  bls12_381_Fq(
239  "400240955522166739262431043500668864393550311830558643827117139584"
240  "2971157480381377015405980053539358417135540939436"),
241  bls12_381_Fq("0"));
242  bls12_381_Fq6::Frobenius_coeffs_c2[3] = bls12_381_Fq2(
243  bls12_381_Fq(
244  "400240955522166739341778982573590415655688281993900788533205813612"
245  "4031650490837864442687629129015664037894272559786"),
246  bls12_381_Fq("0"));
247  bls12_381_Fq6::Frobenius_coeffs_c2[4] = bls12_381_Fq2(
248  bls12_381_Fq("793479390729215512621379701633421447060886740281060493010"
249  "456487427281649075476305620758731620350"),
250  bls12_381_Fq("0"));
251  bls12_381_Fq6::Frobenius_coeffs_c2[5] = bls12_381_Fq2(
252  bls12_381_Fq("793479390729215512621379701633421447060886740281060493010"
253  "456487427281649075476305620758731620351"),
254  bls12_381_Fq("0"));
255 
256  /* parameters for Fq12 */
257 
258  bls12_381_Fq12::euler = bigint<12 * bls12_381_q_limbs>(
259  "8449447750135487786386536757818793037762212639342076082205056847631733"
260  "7611486762037414270042798116043101246277209976512094361633120467161014"
261  "0655544453405655390597288113542772613560509732197200272091941904878386"
262  "92659063939320510475"
263  "6684686564553744540192748080653129821509884735609423581664936489210967"
264  "0440467529068420483514604958227574975684523172972030890413264728910407"
265  "5914291222737139398079433126860286068573844453009747181852522430304241"
266  "3280382576694575299"
267  "4243167774120254336745536274773695755236419654903551716949533916736161"
268  "3569172920059467104043034274069321829696761906239463005630083855610676"
269  "3024021975665415739763789028633084871968346012196283360672552982454440"
270  "6779592032379877481"
271  "1619354467715920346231349235866829244117661464414438262378914602649540"
272  "0686951521638441608423046735329190594695892803338108752058997137128797"
273  "3778883772765769448885014782339635406211030364946185240866112535299846"
274  "0333970628572435583"
275  "1757875201144654542881444863180645429521461839597984159381168059700378"
276  "1998317840382782546961827784098634063653000816109224177006797686172283"
277  "6524688010589950951561114449900951002753319232147895757766930045754791"
278  "8189673190852298371"
279  "5647603567520167155789018111526068121587518840305926270907547770597694"
280  "1239754628313695901797410453781873141027101200728931074856266540267317"
281  "2430117685618695762741237977291546454709306808974723155022101617076402"
282  "8215685592439765640");
283  bls12_381_Fq12::s = 4;
284  bls12_381_Fq12::t = bigint<12 * bls12_381_q_limbs>(
285  "1056180968766935973298317094727349129720276579917759510275632105953966"
286  "7201435845254676783755349764505387655784651247064011795204140058395126"
287  "7581943056675706923824661014192846576695063716524650034011492738109798"
288  "36582382992415063809"
289  "4585585820569218067524093510081641227688735591951177947708117061151370"
290  "8805058441133552560439325619778446871960565396621503861301658091113800"
291  "9489286402842142424759929140857535758571730556626218397731565303788030"
292  "1660047822086821912"
293  "4280395971765031792093192034346711969404552456862943964618691739592020"
294  "1696146615007433388005379284258665228712095238279932875703760481951334"
295  "5378002746958176967470473628579135608996043251524535420084069122806805"
296  "0847449004047484685"
297  "1452419308464490043278918654483353655514707683051804782797364325331192"
298  "5085868940204805201052880841916148824336986600417263594007374642141099"
299  "6722360471595721181110626847792454425776378795618273155108264066912480"
300  "7541746328571554447"
301  "8969734400143081817860180607897580678690182729949748019922646007462547"
302  "2749789730047847818370228473012329257956625102013653022125849710771535"
303  "4565586001323743868945139306237618875344164904018486969720866255719348"
304  "9773709148856537296"
305  "4455950445940020894473627263940758515198439855038240783863443471324711"
306  "7654969328539211987724676306722734142628387650091116384357033317533414"
307  "6553764710702336970342654747161443306838663351121840394377762702134550"
308  "3526960699054970705");
309  bls12_381_Fq12::t_minus_1_over_2 = bigint<12 * bls12_381_q_limbs>(
310  "5280904843834679866491585473636745648601382899588797551378160529769833"
311  "6007179226273383918776748822526938278923256235320058976020700291975633"
312  "7909715283378534619123305070964232883475318582623250170057463690548991"
313  "8291191496207531904"
314  "7292792910284609033762046755040820613844367795975588973854058530575685"
315  "4402529220566776280219662809889223435980282698310751930650829045556900"
316  "4744643201421071212379964570428767879285865278313109198865782651894015"
317  "0830023911043410956"
318  "2140197985882515896046596017173355984702276228431471982309345869796010"
319  "0848073307503716694002689642129332614356047619139966437851880240975667"
320  "2689001373479088483735236814289567804498021625762267710042034561403402"
321  "5423724502023742342"
322  "5726209654232245021639459327241676827757353841525902391398682162665596"
323  "2542934470102402600526440420958074412168493300208631797003687321070549"
324  "8361180235797860590555313423896227212888189397809136577554132033456240"
325  "3770873164285777223"
326  "9484867200071540908930090303948790339345091364974874009961323003731273"
327  "6374894865023923909185114236506164628978312551006826511062924855385767"
328  "7282793000661871934472569653118809437672082452009243484860433127859674"
329  "4886854574428268648"
330  "2227975222970010447236813631970379257599219927519120391931721735662355"
331  "8827484664269605993862338153361367071314193825045558192178516658766707"
332  "3276882355351168485171327373580721653419331675560920197188881351067275"
333  "1763480349527485352");
334  bls12_381_Fq12::non_residue =
335  bls12_381_Fq2(bls12_381_Fq("1"), bls12_381_Fq("1"));
336  bls12_381_Fq12::nqr =
337  bls12_381_Fq12(bls12_381_Fq6::zero(), bls12_381_Fq6::one());
338  bls12_381_Fq temp_Fq12 = bls12_381_Fq(
339  "3357996710086603428986649435961018971596863377125478091385687488711898"
340  "724126407611022502097010210262797519903698974");
341  bls12_381_Fq12::nqr_to_t = bls12_381_Fq12(
342  bls12_381_Fq6::zero(),
343  bls12_381_Fq6(
344  bls12_381_Fq2::zero(),
345  bls12_381_Fq2(temp_Fq12, temp_Fq12),
346  bls12_381_Fq2::zero()));
347  bls12_381_Fq12::Frobenius_coeffs_c1[0] =
348  bls12_381_Fq2(bls12_381_Fq("1"), bls12_381_Fq("0"));
349  bls12_381_Fq12::Frobenius_coeffs_c1[1] = bls12_381_Fq2(
350  bls12_381_Fq(
351  "385075437003716901195214707605136405715880742097068243867605052261"
352  "3628423219637725072182697113062777891589506424760"),
353  bls12_381_Fq(
354  "151655185184498381465642749684540099398075398968325446656007613510"
355  "403227271200139370504932015952886146304766135027"));
356  bls12_381_Fq12::Frobenius_coeffs_c1[2] = bls12_381_Fq2(
357  bls12_381_Fq("793479390729215512621379701633421447060886740281060493010"
358  "456487427281649075476305620758731620351"),
359  bls12_381_Fq("0"));
360  bls12_381_Fq12::Frobenius_coeffs_c1[3] = bls12_381_Fq2(
361  bls12_381_Fq(
362  "297367740898656104344246534652010887917204288300924998917641501809"
363  "1420807192182638567116318576472649347015917690530"),
364  bls12_381_Fq(
365  "102873214623510634997532447921579527738483993692975789615564311803"
366  "2610843298655225875571310552543014690878354869257"));
367  bls12_381_Fq12::Frobenius_coeffs_c1[4] = bls12_381_Fq2(
368  bls12_381_Fq("793479390729215512621379701633421447060886740281060493010"
369  "456487427281649075476305620758731620350"),
370  bls12_381_Fq("0"));
371  bls12_381_Fq12::Frobenius_coeffs_c1[5] = bls12_381_Fq2(
372  bls12_381_Fq(
373  "312533259417105942490810809620464897857011828197757543583242263160"
374  "1824034463382777937621250592425535493320683825557"),
375  bls12_381_Fq(
376  "877076961050607968509681729531255177986764537961432449499635504522"
377  "207616027455086505066378536590128544573588734230"));
378  bls12_381_Fq12::Frobenius_coeffs_c1[6] = bls12_381_Fq2(
379  bls12_381_Fq(
380  "400240955522166739341778982573590415655688281993900788533205813612"
381  "4031650490837864442687629129015664037894272559786"),
382  bls12_381_Fq("0"));
383  bls12_381_Fq12::Frobenius_coeffs_c1[7] = bls12_381_Fq2(
384  bls12_381_Fq(
385  "151655185184498381465642749684540099398075398968325446656007613510"
386  "403227271200139370504932015952886146304766135027"),
387  bls12_381_Fq(
388  "385075437003716901195214707605136405715880742097068243867605052261"
389  "3628423219637725072182697113062777891589506424760"));
390  bls12_381_Fq12::Frobenius_coeffs_c1[8] = bls12_381_Fq2(
391  bls12_381_Fq(
392  "400240955522166739262431043500668864393550311830558643827117139584"
393  "2971157480381377015405980053539358417135540939436"),
394  bls12_381_Fq("0"));
395  bls12_381_Fq12::Frobenius_coeffs_c1[9] = bls12_381_Fq2(
396  bls12_381_Fq(
397  "102873214623510634997532447921579527738483993692975789615564311803"
398  "2610843298655225875571310552543014690878354869257"),
399  bls12_381_Fq(
400  "297367740898656104344246534652010887917204288300924998917641501809"
401  "1420807192182638567116318576472649347015917690530"));
402  bls12_381_Fq12::Frobenius_coeffs_c1[10] = bls12_381_Fq2(
403  bls12_381_Fq(
404  "400240955522166739262431043500668864393550311830558643827117139584"
405  "2971157480381377015405980053539358417135540939437"),
406  bls12_381_Fq("0"));
407  bls12_381_Fq12::Frobenius_coeffs_c1[11] = bls12_381_Fq2(
408  bls12_381_Fq(
409  "877076961050607968509681729531255177986764537961432449499635504522"
410  "207616027455086505066378536590128544573588734230"),
411  bls12_381_Fq(
412  "312533259417105942490810809620464897857011828197757543583242263160"
413  "1824034463382777937621250592425535493320683825557"));
414 
415  // Choice of short Weierstrass curve and its twist
416  // E(Fq): y^2 = x^3 + 4
417 
418  bls12_381_coeff_b = bls12_381_Fq("4");
419  bls12_381_twist = bls12_381_Fq2(bls12_381_Fq("1"), bls12_381_Fq("1"));
420  bls12_381_twist_coeff_b = bls12_381_coeff_b * bls12_381_twist;
421  bls12_381_twist_mul_by_b_c0 =
422  bls12_381_coeff_b * bls12_381_Fq2::non_residue;
423  bls12_381_twist_mul_by_b_c1 =
424  bls12_381_coeff_b * bls12_381_Fq2::non_residue;
425  bls12_381_twist_mul_by_q_X = bls12_381_Fq2(
426  bls12_381_Fq("0"),
427  bls12_381_Fq(
428  "400240955522166739262431043500668864393550311830558643827117139584"
429  "2971157480381377015405980053539358417135540939437"));
430  bls12_381_twist_mul_by_q_Y = bls12_381_Fq2(
431  bls12_381_Fq(
432  "297367740898656104344246534652010887917204288300924998917641501809"
433  "1420807192182638567116318576472649347015917690530"),
434  bls12_381_Fq(
435  "102873214623510634997532447921579527738483993692975789615564311803"
436  "2610843298655225875571310552543014690878354869257"));
437 
438  /* choice of group G1 */
439  bls12_381_G1::G1_zero = bls12_381_G1(
440  bls12_381_Fq::zero(), bls12_381_Fq::one(), bls12_381_Fq::zero());
441  bls12_381_G1::G1_one = bls12_381_G1(
442  bls12_381_Fq(
443  "368541675371338701678108831518307775796162079578254640989457837868"
444  "8607592378376318836054947676345821548104185464507"),
445  bls12_381_Fq(
446  "133950654494447647302047137994192122158493387593834962042654373641"
447  "6511423956333506472724655353366534992391756441569"),
448  bls12_381_Fq::one());
449 
450  // Curve coeffs
451  bls12_381_G1::coeff_a = bls12_381_Fq::zero();
452  bls12_381_G1::coeff_b = bls12_381_coeff_b;
453 
454  // Cofactor
455  bls12_381_G1::h =
456  bigint<bls12_381_G1::h_limbs>("76329603384216526031706109802092473003");
457 
458  // TODO: wNAF window table
459  bls12_381_G1::wnaf_window_table.resize(0);
460  bls12_381_G1::wnaf_window_table.push_back(11);
461  bls12_381_G1::wnaf_window_table.push_back(24);
462  bls12_381_G1::wnaf_window_table.push_back(60);
463  bls12_381_G1::wnaf_window_table.push_back(127);
464 
465  // TODO: fixed-base exponentiation table
466  bls12_381_G1::fixed_base_exp_window_table.resize(0);
467  // window 1 is unbeaten in [-inf, 4.99]
468  bls12_381_G1::fixed_base_exp_window_table.push_back(1);
469  // window 2 is unbeaten in [4.99, 10.99]
470  bls12_381_G1::fixed_base_exp_window_table.push_back(5);
471  // window 3 is unbeaten in [10.99, 32.29]
472  bls12_381_G1::fixed_base_exp_window_table.push_back(11);
473  // window 4 is unbeaten in [32.29, 55.23]
474  bls12_381_G1::fixed_base_exp_window_table.push_back(32);
475  // window 5 is unbeaten in [55.23, 162.03]
476  bls12_381_G1::fixed_base_exp_window_table.push_back(55);
477  // window 6 is unbeaten in [162.03, 360.15]
478  bls12_381_G1::fixed_base_exp_window_table.push_back(162);
479  // window 7 is unbeaten in [360.15, 815.44]
480  bls12_381_G1::fixed_base_exp_window_table.push_back(360);
481  // window 8 is unbeaten in [815.44, 2373.07]
482  bls12_381_G1::fixed_base_exp_window_table.push_back(815);
483  // window 9 is unbeaten in [2373.07, 6977.75]
484  bls12_381_G1::fixed_base_exp_window_table.push_back(2373);
485  // window 10 is unbeaten in [6977.75, 7122.23]
486  bls12_381_G1::fixed_base_exp_window_table.push_back(6978);
487  // window 11 is unbeaten in [7122.23, 57818.46]
488  bls12_381_G1::fixed_base_exp_window_table.push_back(7122);
489  // window 12 is never the best
490  bls12_381_G1::fixed_base_exp_window_table.push_back(0);
491  // window 13 is unbeaten in [57818.46, 169679.14]
492  bls12_381_G1::fixed_base_exp_window_table.push_back(57818);
493  // window 14 is never the best
494  bls12_381_G1::fixed_base_exp_window_table.push_back(0);
495  // window 15 is unbeaten in [169679.14, 439758.91]
496  bls12_381_G1::fixed_base_exp_window_table.push_back(169679);
497  // window 16 is unbeaten in [439758.91, 936073.41]
498  bls12_381_G1::fixed_base_exp_window_table.push_back(439759);
499  // window 17 is unbeaten in [936073.41, 4666554.74]
500  bls12_381_G1::fixed_base_exp_window_table.push_back(936073);
501  // window 18 is never the best
502  bls12_381_G1::fixed_base_exp_window_table.push_back(0);
503  // window 19 is unbeaten in [4666554.74, 7580404.42]
504  bls12_381_G1::fixed_base_exp_window_table.push_back(4666555);
505  // window 20 is unbeaten in [7580404.42, 34552892.20]
506  bls12_381_G1::fixed_base_exp_window_table.push_back(7580404);
507  // window 21 is never the best
508  bls12_381_G1::fixed_base_exp_window_table.push_back(0);
509  // window 22 is unbeaten in [34552892.20, inf]
510  bls12_381_G1::fixed_base_exp_window_table.push_back(34552892);
511 
512  /* choice of group G2 */
513  bls12_381_G2::G2_zero = bls12_381_G2(
514  bls12_381_Fq2::zero(), bls12_381_Fq2::one(), bls12_381_Fq2::zero());
515 
516  // simple G2 generator
517  bls12_381_G2::G2_one = bls12_381_G2(
518  bls12_381_Fq2(
519  bls12_381_Fq(
520  "35270106958746661818713911601106014489002995279277524021990864"
521  "4239793785735715026873347600343865175952761926303160"),
522  bls12_381_Fq(
523  "30591443442442137099712598147537816369864703254766475586593732"
524  "06291635324768958432433509563104347017837885763365758")),
525  bls12_381_Fq2(
526  bls12_381_Fq(
527  "19851506022872919355680545211771716383008689782156557308593786"
528  "65066344726373823718423869104263333984641494340347905"),
529  bls12_381_Fq(
530  "92755366549233245574720196577603788075774019345359297002502797"
531  "8793976877002675564980949289727957565575433344219582")),
532  bls12_381_Fq2::one());
533 
534  // Curve twist coeffs
535  bls12_381_G2::coeff_a = bls12_381_Fq2::zero();
536  bls12_381_G2::coeff_b = bls12_381_twist_coeff_b;
537 
538  // Cofactor
539  bls12_381_G2::h = bigint<bls12_381_G2::h_limbs>(
540  "3055023339312683442009997531931215042144660192541881426676640329822676"
541  "0418297188402650742735925997784783227283904161666128580382337837209635"
542  "5777062779109");
543 
544  // TODO: wNAF window table
545  bls12_381_G2::wnaf_window_table.resize(0);
546  bls12_381_G2::wnaf_window_table.push_back(5);
547  bls12_381_G2::wnaf_window_table.push_back(15);
548  bls12_381_G2::wnaf_window_table.push_back(39);
549  bls12_381_G2::wnaf_window_table.push_back(109);
550 
551  // TODO: fixed-base exponentiation table
552  bls12_381_G2::fixed_base_exp_window_table.resize(0);
553  // window 1 is unbeaten in [-inf, 5.10]
554  bls12_381_G2::fixed_base_exp_window_table.push_back(1);
555  // window 2 is unbeaten in [5.10, 10.43]
556  bls12_381_G2::fixed_base_exp_window_table.push_back(5);
557  // window 3 is unbeaten in [10.43, 25.28]
558  bls12_381_G2::fixed_base_exp_window_table.push_back(10);
559  // window 4 is unbeaten in [25.28, 59.00]
560  bls12_381_G2::fixed_base_exp_window_table.push_back(25);
561  // window 5 is unbeaten in [59.00, 154.03]
562  bls12_381_G2::fixed_base_exp_window_table.push_back(59);
563  // window 6 is unbeaten in [154.03, 334.25]
564  bls12_381_G2::fixed_base_exp_window_table.push_back(154);
565  // window 7 is unbeaten in [334.25, 742.58]
566  bls12_381_G2::fixed_base_exp_window_table.push_back(334);
567  // window 8 is unbeaten in [742.58, 2034.40]
568  bls12_381_G2::fixed_base_exp_window_table.push_back(743);
569  // window 9 is unbeaten in [2034.40, 4987.56]
570  bls12_381_G2::fixed_base_exp_window_table.push_back(2034);
571  // window 10 is unbeaten in [4987.56, 8888.27]
572  bls12_381_G2::fixed_base_exp_window_table.push_back(4988);
573  // window 11 is unbeaten in [8888.27, 26271.13]
574  bls12_381_G2::fixed_base_exp_window_table.push_back(8888);
575  // window 12 is unbeaten in [26271.13, 39768.20]
576  bls12_381_G2::fixed_base_exp_window_table.push_back(26271);
577  // window 13 is unbeaten in [39768.20, 106275.75]
578  bls12_381_G2::fixed_base_exp_window_table.push_back(39768);
579  // window 14 is unbeaten in [106275.75, 141703.40]
580  bls12_381_G2::fixed_base_exp_window_table.push_back(106276);
581  // window 15 is unbeaten in [141703.40, 462422.97]
582  bls12_381_G2::fixed_base_exp_window_table.push_back(141703);
583  // window 16 is unbeaten in [462422.97, 926871.84]
584  bls12_381_G2::fixed_base_exp_window_table.push_back(462423);
585  // window 17 is unbeaten in [926871.84, 4873049.17]
586  bls12_381_G2::fixed_base_exp_window_table.push_back(926872);
587  // window 18 is never the best
588  bls12_381_G2::fixed_base_exp_window_table.push_back(0);
589  // window 19 is unbeaten in [4873049.17, 5706707.88]
590  bls12_381_G2::fixed_base_exp_window_table.push_back(4873049);
591  // window 20 is unbeaten in [5706707.88, 31673814.95]
592  bls12_381_G2::fixed_base_exp_window_table.push_back(5706708);
593  // window 21 is never the best
594  bls12_381_G2::fixed_base_exp_window_table.push_back(0);
595  // window 22 is unbeaten in [31673814.95, inf]
596  bls12_381_G2::fixed_base_exp_window_table.push_back(31673815);
597 
598  /* pairing parameters */
599 
600  bls12_381_ate_loop_count =
601  bigint<bls12_381_q_limbs>("15132376222941642752");
602  bls12_381_ate_is_loop_count_neg = true;
603  bls12_381_final_exponent = bigint<12 * bls12_381_q_limbs>(
604  "3222773615169341404628915645865101399083799695148284942183666880252886"
605  "6104110468279499868049758000889997324981410444769277898820837677957381"
606  "9485263026159588510513834876303014016798809919343532899164848730280942"
607  "6099566709175656181158672873996232868132703579017315101881499343633603"
608  "8161450133408682544227192007936328995451056537537844370437299488140679"
609  "7882676971082200626541916413184642520269678897559532260949334760604962"
610  "0863488981189822488426343796375986654688177690758785554937522144927901"
611  "2278585020295757520017608420442275148595733646547232481098283363849090"
612  "4279282696134323072515220044451592646885410572234451732790590013479358"
613  "3438412200741748482217220170835978720176385141031741227848439255783704"
614  "3084352295960009567628572373704943834654475316891297497679152853527631"
615  "7256904336520179281145394686565050419250614107803233314658825463117900"
616  "2507011991815292059423631593257659918194339143039088604607205814082013"
617  "7316404777379482541101192230582006561112154456180841405530221205747139"
618  "5719432072209245600258134364584636810093520285711072578721435517884103"
619  "5264838327332898024261573015427444767400084947803633543051169788056206"
620  "7146707140071135883955337534072489973546048014459978201490658654381329"
621  "2157922220645089192130209334926661588737007768565838519456601560804957"
622  "985667880395221049249803753582637708560");
623  bls12_381_final_exponent_z =
624  bigint<bls12_381_q_limbs>("15132376222941642752");
625  bls12_381_final_exponent_is_z_neg = true;
626 }
627 
628 } // namespace libff
libff::Fp2_model< bls12_381_q_limbs, bls12_381_modulus_q >::euler
static bigint< 2 *n > euler
(modulus^2-1)/2
Definition: fp2.hpp:46
libff::Fp6_3over2_model::nqr_to_t
static Fp6_3over2_model< n, modulus > nqr_to_t
Definition: fp6_3over2.hpp:50
libff::bls12_381_G1::coeff_a
static bls12_381_Fq coeff_a
Definition: bls12_381_g1.hpp:32
libff::Fp2_model< bls12_381_q_limbs, bls12_381_modulus_q >::nqr_to_t
static Fp2_model< n, modulus > nqr_to_t
nqr^t
Definition: fp2.hpp:59
libff::bls12_381_ate_is_loop_count_neg
bool bls12_381_ate_is_loop_count_neg
Definition: bls12_381_init.cpp:21
libff::bls12_381_twist_mul_by_b_c1
bls12_381_Fq bls12_381_twist_mul_by_b_c1
Definition: bls12_381_init.cpp:16
libff::bls12_381_final_exponent_z
bigint< bls12_381_q_limbs > bls12_381_final_exponent_z
Definition: bls12_381_init.cpp:23
libff::bls12_381_ate_loop_count
bigint< bls12_381_q_limbs > bls12_381_ate_loop_count
Definition: bls12_381_init.cpp:20
libff::bls12_381_Fr
Fp_model< bls12_381_r_limbs, bls12_381_modulus_r > bls12_381_Fr
Definition: bls12_381_init.hpp:30
libff::bls12_381_G1::h
static bigint< h_limbs > h
Definition: bls12_381_g1.hpp:42
libff::Fp6_3over2_model::one
static Fp6_3over2_model< n, modulus > one()
libff::Fp6_3over2_model::zero
static Fp6_3over2_model< n, modulus > zero()
libff::Fp2_model< bls12_381_q_limbs, bls12_381_modulus_q >::t_minus_1_over_2
static bigint< 2 *n > t_minus_1_over_2
(t-1)/2
Definition: fp2.hpp:52
libff
Definition: ffi.cpp:8
libff::Fp2_model< bls12_381_q_limbs, bls12_381_modulus_q >::one
static const Fp2_model< n, modulus > & one()
libff::bls12_381_twist_coeff_b
bls12_381_Fq2 bls12_381_twist_coeff_b
Definition: bls12_381_init.cpp:14
libff::bls12_381_Fq2
Fp2_model< bls12_381_q_limbs, bls12_381_modulus_q > bls12_381_Fq2
Definition: bls12_381_init.hpp:32
libff::bls12_381_G2::h
static bigint< h_limbs > h
Definition: bls12_381_g2.hpp:43
libff::bls12_381_twist_mul_by_q_X
bls12_381_Fq2 bls12_381_twist_mul_by_q_X
Definition: bls12_381_init.cpp:17
libff::bls12_381_G1::wnaf_window_table
static std::vector< std::size_t > wnaf_window_table
Definition: bls12_381_g1.hpp:28
libff::Fp_model::nqr
static Fp_model< n, modulus > nqr
a quadratic nonresidue
Definition: fp.hpp:70
libff::bls12_381_Fq
Fp_model< bls12_381_q_limbs, bls12_381_modulus_q > bls12_381_Fq
Definition: bls12_381_init.hpp:31
libff::Fp_model< bls12_381_q_limbs, bls12_381_modulus_q >::zero
static const Fp_model< n, modulus > & zero()
libff::Fp6_3over2_model::euler
static bigint< 6 *n > euler
Definition: fp6_3over2.hpp:40
libff::Fp12_2over3over2_model::non_residue
static Fp2_model< n, modulus > non_residue
Definition: fp12_2over3over2.hpp:56
libff::Fp12_2over3over2_model::Frobenius_coeffs_c1
static Fp2_model< n, modulus > Frobenius_coeffs_c1[12]
non_residue^((modulus^i-1)/6) for i=0,...,11
Definition: fp12_2over3over2.hpp:58
libff::bls12_381_G2::wnaf_window_table
static std::vector< std::size_t > wnaf_window_table
Definition: bls12_381_g2.hpp:28
libff::bls12_381_G1
Definition: bls12_381_g1.hpp:21
libff::Fp_model::t
static bigint< n > t
with t odd
Definition: fp.hpp:66
libff::bls12_381_twist_mul_by_q_Y
bls12_381_Fq2 bls12_381_twist_mul_by_q_Y
Definition: bls12_381_init.cpp:18
libff::bls12_381_G1::fixed_base_exp_window_table
static std::vector< std::size_t > fixed_base_exp_window_table
Definition: bls12_381_g1.hpp:29
libff::Fp_model::s
static size_t s
modulus = 2^s * t + 1
Definition: fp.hpp:64
libff::Fp6_3over2_model::nqr
static Fp6_3over2_model< n, modulus > nqr
Definition: fp6_3over2.hpp:48
libff::Fp12_2over3over2_model::t_minus_1_over_2
static bigint< 12 *n > t_minus_1_over_2
Definition: fp12_2over3over2.hpp:46
libff::Fp12_2over3over2_model::euler
static bigint< 12 *n > euler
Definition: fp12_2over3over2.hpp:40
libff::Fp6_3over2_model::t_minus_1_over_2
static bigint< 6 *n > t_minus_1_over_2
Definition: fp6_3over2.hpp:46
libff::init_bls12_381_params
void init_bls12_381_params()
Definition: bls12_381_init.cpp:26
libff::bls12_381_G2::G2_one
static bls12_381_G2 G2_one
Definition: bls12_381_g2.hpp:31
libff::Fp_model::euler
static bigint< n > euler
(modulus-1)/2
Definition: fp.hpp:62
libff::bls12_381_trace_of_frobenius
bigint< bls12_381_r_limbs > bls12_381_trace_of_frobenius
Definition: bls12_381_init.cpp:12
libff::bls12_381_G2::coeff_a
static bls12_381_Fq2 coeff_a
Definition: bls12_381_g2.hpp:32
libff::Fp6_3over2_model::Frobenius_coeffs_c1
static my_Fp2 Frobenius_coeffs_c1[6]
non_residue^((modulus^i-1)/3) for i=0,1,2,3,4,5
Definition: fp6_3over2.hpp:54
libff::Fp_model::modulus_is_valid
static bool modulus_is_valid()
Definition: fp.hpp:84
libff::Fp12_2over3over2_model::nqr_to_t
static Fp12_2over3over2_model< n, modulus > nqr_to_t
Definition: fp12_2over3over2.hpp:50
libff::Fp_model< bls12_381_q_limbs, bls12_381_modulus_q >::one
static const Fp_model< n, modulus > & one()
libff::Fp6_3over2_model::Frobenius_coeffs_c2
static my_Fp2 Frobenius_coeffs_c2[6]
non_residue^((2*modulus^i-2)/3) for i=0,1,2,3,4,5
Definition: fp6_3over2.hpp:56
libff::Fp2_model< bls12_381_q_limbs, bls12_381_modulus_q >::Frobenius_coeffs_c1
static my_Fp Frobenius_coeffs_c1[2]
non_residue^((modulus^i-1)/2) for i=0,1
Definition: fp2.hpp:61
libff::bls12_381_G1::G1_one
static bls12_381_G1 G1_one
Definition: bls12_381_g1.hpp:31
libff::bls12_381_modulus_q
bigint< bls12_381_q_limbs > bls12_381_modulus_q
Definition: bls12_381_init.cpp:9
libff::Fp12_2over3over2_model::nqr
static Fp12_2over3over2_model< n, modulus > nqr
Definition: fp12_2over3over2.hpp:48
libff::Fp2_model< bls12_381_q_limbs, bls12_381_modulus_q >::nqr
static Fp2_model< n, modulus > nqr
a quadratic nonresidue in Fp2
Definition: fp2.hpp:57
libff::bls12_381_twist_mul_by_b_c0
bls12_381_Fq bls12_381_twist_mul_by_b_c0
Definition: bls12_381_init.cpp:15
libff::bls12_381_Fq6
Fp6_3over2_model< bls12_381_q_limbs, bls12_381_modulus_q > bls12_381_Fq6
Definition: bls12_381_init.hpp:33
libff::Fp12_2over3over2_model::s
static std::size_t s
Definition: fp12_2over3over2.hpp:42
libff::Fp2_model< bls12_381_q_limbs, bls12_381_modulus_q >::static_init
static void static_init()
libff::Fp_model::t_minus_1_over_2
static bigint< n > t_minus_1_over_2
(t-1)/2
Definition: fp.hpp:68
libff::bls12_381_modulus_r
bigint< bls12_381_r_limbs > bls12_381_modulus_r
Definition: bls12_381_init.cpp:8
libff::bigint
Definition: bigint.hpp:20
libff::Fp_model::static_init
static void static_init()
libff::Fp_model::root_of_unity
static Fp_model< n, modulus > root_of_unity
generator^((modulus-1)/2^s)
Definition: fp.hpp:76
libff::Fp2_model< bls12_381_q_limbs, bls12_381_modulus_q >::non_residue
static my_Fp non_residue
Definition: fp2.hpp:55
libff::bls12_381_final_exponent
bigint< 12 *bls12_381_q_limbs > bls12_381_final_exponent
Definition: bls12_381_init.cpp:22
libff::bls12_381_G2::G2_zero
static bls12_381_G2 G2_zero
Definition: bls12_381_g2.hpp:30
libff::bls12_381_G1::G1_zero
static bls12_381_G1 G1_zero
Definition: bls12_381_g1.hpp:30
libff::Fp_model< bls12_381_q_limbs, bls12_381_modulus_q >
libff::bls12_381_G1::coeff_b
static bls12_381_Fq coeff_b
Definition: bls12_381_g1.hpp:33
libff::Fp_model::nqr_to_t
static Fp_model< n, modulus > nqr_to_t
nqr^t
Definition: fp.hpp:72
libff::Fp_model::multiplicative_generator
static Fp_model< n, modulus > multiplicative_generator
generator of Fp^*
Definition: fp.hpp:74
bls12_381_g2.hpp
bls12_381_init.hpp
libff::Fp_model::num_bits
static size_t num_bits
Definition: fp.hpp:60
libff::Fp2_model
Definition: fp2.hpp:18
libff::Fp_model::inv
static mp_limb_t inv
-modulus^(-1) mod W, where W = 2^(word size)
Definition: fp.hpp:78
libff::bls12_381_Fq12
Fp12_2over3over2_model< bls12_381_q_limbs, bls12_381_modulus_q > bls12_381_Fq12
Definition: bls12_381_init.hpp:35
libff::bls12_381_coeff_b
bls12_381_Fq bls12_381_coeff_b
Definition: bls12_381_init.cpp:11
libff::Fp6_3over2_model::non_residue
static my_Fp2 non_residue
Definition: fp6_3over2.hpp:52
libff::bls12_381_twist
bls12_381_Fq2 bls12_381_twist
Definition: bls12_381_init.cpp:13
libff::Fp12_2over3over2_model::t
static bigint< 12 *n > t
Definition: fp12_2over3over2.hpp:44
libff::Fp2_model< bls12_381_q_limbs, bls12_381_modulus_q >::zero
static const Fp2_model< n, modulus > & zero()
libff::Fp6_3over2_model::t
static bigint< 6 *n > t
Definition: fp6_3over2.hpp:44
libff::Fp_model::Rsquared
static bigint< n > Rsquared
R^2, where R = W^k, where k = ??
Definition: fp.hpp:80
libff::bls12_381_G2::fixed_base_exp_window_table
static std::vector< std::size_t > fixed_base_exp_window_table
Definition: bls12_381_g2.hpp:29
libff::Fp2_model< bls12_381_q_limbs, bls12_381_modulus_q >::t
static bigint< 2 *n > t
with t odd
Definition: fp2.hpp:50
libff::Fp6_3over2_model::s
static std::size_t s
Definition: fp6_3over2.hpp:42
libff::bls12_381_final_exponent_is_z_neg
bool bls12_381_final_exponent_is_z_neg
Definition: bls12_381_init.cpp:24
libff::Fp2_model< bls12_381_q_limbs, bls12_381_modulus_q >::s
static size_t s
modulus^2 = 2^s * t + 1
Definition: fp2.hpp:48
libff::Fp_model::Rcubed
static bigint< n > Rcubed
R^3.
Definition: fp.hpp:82
libff::bls12_381_G2::coeff_b
static bls12_381_Fq2 coeff_b
Definition: bls12_381_g2.hpp:33
bls12_381_g1.hpp
libff::bls12_381_G2
Definition: bls12_381_g2.hpp:21
Generated on Thu Aug 18 2022 12:42:18 for Clearmatics Libff by   doxygen 1.8.17