Clearmatics Libff  0.1
C++ library for Finite Fields and Elliptic Curves
bn128_init.cpp
Go to the documentation of this file.
1 
8 #include <libff/algebra/curves/bn128/bn128_g1.hpp>
9 #include <libff/algebra/curves/bn128/bn128_g2.hpp>
10 #include <libff/algebra/curves/bn128/bn128_gt.hpp>
11 #include <libff/algebra/curves/bn128/bn128_init.hpp>
12 
13 namespace libff
14 {
15 
16 bigint<bn128_r_limbs> bn128_modulus_r;
17 bigint<bn128_q_limbs> bn128_modulus_q;
18 
19 bn::Fp bn128_coeff_b;
20 size_t bn128_Fq_s;
21 bn::Fp bn128_Fq_nqr_to_t;
22 mie::Vuint bn128_Fq_t_minus_1_over_2;
23 
24 bn::Fp2 bn128_twist_coeff_b;
25 size_t bn128_Fq2_s;
26 bn::Fp2 bn128_Fq2_nqr_to_t;
27 mie::Vuint bn128_Fq2_t_minus_1_over_2;
28 
29 void init_bn128_params()
30 {
31  bn::Param::init(); // init ate-pairing library
32 
33  typedef bigint<bn128_r_limbs> bigint_r;
34  typedef bigint<bn128_q_limbs> bigint_q;
35 
36  assert(
37  sizeof(mp_limb_t) == 8 ||
38  sizeof(mp_limb_t) == 4); // Montgomery assumes this
39 
40  /* parameters for scalar field Fr */
41  bn128_modulus_r = bigint_r("21888242871839275222246405745257275088548364400"
42  "416034343698204186575808495617");
43  assert(bn128_Fr::modulus_is_valid());
44  if (sizeof(mp_limb_t) == 8) {
45  bn128_Fr::Rsquared = bigint_r("9449366811492084466516642542697455484907"
46  "66851729442924617792859073125903783");
47  bn128_Fr::Rcubed = bigint_r("586654854594384522748989487204024472040386"
48  "8105578784105281690076696998248512");
49  bn128_Fr::inv = 0xc2e1f593efffffff;
50  }
51  if (sizeof(mp_limb_t) == 4) {
52  bn128_Fr::Rsquared = bigint_r("9449366811492084466516642542697455484907"
53  "66851729442924617792859073125903783");
54  bn128_Fr::Rcubed = bigint_r("586654854594384522748989487204024472040386"
55  "8105578784105281690076696998248512");
56  bn128_Fr::inv = 0xefffffff;
57  }
58  bn128_Fr::num_bits = 254;
59  bn128_Fr::euler = bigint_r("10944121435919637611123202872628637544274182200"
60  "208017171849102093287904247808");
61  bn128_Fr::s = 28;
62  bn128_Fr::t = bigint_r(
63  "81540058820840996586704275553141814055101440848469862132140264610111");
64  bn128_Fr::t_minus_1_over_2 = bigint_r(
65  "40770029410420498293352137776570907027550720424234931066070132305055");
66  bn128_Fr::multiplicative_generator = bn128_Fr("5");
67  bn128_Fr::root_of_unity =
68  bn128_Fr("1910321906792171394429139282769207003614565195732928631530564"
69  "2004821462161904");
70  bn128_Fr::nqr = bn128_Fr("5");
71  bn128_Fr::nqr_to_t = bn128_Fr("19103219067921713944291392827692070036145651"
72  "957329286315305642004821462161904");
73  bn128_Fr::static_init();
74 
75  /* parameters for base field Fq */
76  bn128_modulus_q = bigint_q("21888242871839275222246405745257275088696311157"
77  "297823662689037894645226208583");
78  assert(bn128_Fq::modulus_is_valid());
79  if (sizeof(mp_limb_t) == 8) {
80  bn128_Fq::Rsquared = bigint_q("3096616502983703923843567936837374451735"
81  "540968419076528771170197431451843209");
82  bn128_Fq::Rcubed = bigint_q("149217865411596481859481527385630809590936"
83  "19838510245177710943249661917737183");
84  bn128_Fq::inv = 0x87d20782e4866389;
85  }
86  if (sizeof(mp_limb_t) == 4) {
87  bn128_Fq::Rsquared = bigint_q("3096616502983703923843567936837374451735"
88  "540968419076528771170197431451843209");
89  bn128_Fq::Rcubed = bigint_q("149217865411596481859481527385630809590936"
90  "19838510245177710943249661917737183");
91  bn128_Fq::inv = 0xe4866389;
92  }
93  bn128_Fq::num_bits = 254;
94  bn128_Fq::euler = bigint_q("10944121435919637611123202872628637544348155578"
95  "648911831344518947322613104291");
96  bn128_Fq::s = 1;
97  bn128_Fq::t = bigint_q("109441214359196376111232028726286375443481555786489"
98  "11831344518947322613104291");
99  bn128_Fq::t_minus_1_over_2 =
100  bigint_q("5472060717959818805561601436314318772174077789324455915672259"
101  "473661306552145");
102  bn128_Fq::multiplicative_generator = bn128_Fq("3");
103  bn128_Fq::root_of_unity =
104  bn128_Fq("2188824287183927522224640574525727508869631115729782366268903"
105  "7894645226208582");
106  bn128_Fq::nqr = bn128_Fq("3");
107  bn128_Fq::nqr_to_t = bn128_Fq("21888242871839275222246405745257275088696311"
108  "157297823662689037894645226208582");
109  bn128_Fq::static_init();
110 
111  /* additional parameters for square roots in Fq/Fq2 */
112  bn128_coeff_b = bn::Fp(3);
113  bn128_Fq_s = 1;
114  bn128_Fq_nqr_to_t = bn::Fp("21888242871839275222246405745257275088696311157"
115  "297823662689037894645226208582");
116  bn128_Fq_t_minus_1_over_2 =
117  mie::Vuint("54720607179598188055616014363143187721740777893244559156722"
118  "59473661306552145");
119 
120  bn128_twist_coeff_b = bn::Fp2(
121  bn::Fp("194858747517593547710242392610217205057906184693017210655646312"
122  "96452457478373"),
123  bn::Fp("266929791119991161246907387137283842545076965332900288569378510"
124  "910307636690"));
125  bn128_Fq2_s = 4;
126  bn128_Fq2_nqr_to_t = bn::Fp2(
127  bn::Fp("503350371626262426731249255837998268717520073493487759859901148"
128  "5707452665730"),
129  bn::Fp("314498342015008975724433667930697407966947188435857772134235984"
130  "660852259084"));
131  bn128_Fq2_t_minus_1_over_2 =
132  mie::Vuint("14971724250519463826312126413021210649976634891596900701138"
133  "99382043969042769931992024503286935743349909963225983790938"
134  "3182382988566862092145199781964621");
135 
136  /* choice of group G1 */
137  // Identities
138  bn128_G1::G1_zero.X = bn::Fp(1);
139  bn128_G1::G1_zero.Y = bn::Fp(1);
140  bn128_G1::G1_zero.Z = bn::Fp(0);
141 
142  bn128_G1::G1_one.X = bn::Fp(1);
143  bn128_G1::G1_one.Y = bn::Fp(2);
144  bn128_G1::G1_one.Z = bn::Fp(1);
145 
146  // Cofactor
147  bn128_G1::h = bigint<bn128_G1::h_limbs>("1");
148 
149  // WNAF
150  bn128_G1::wnaf_window_table.resize(0);
151  bn128_G1::wnaf_window_table.push_back(10);
152  bn128_G1::wnaf_window_table.push_back(24);
153  bn128_G1::wnaf_window_table.push_back(40);
154  bn128_G1::wnaf_window_table.push_back(132);
155 
156  bn128_G1::fixed_base_exp_window_table.resize(0);
157  // window 1 is unbeaten in [-inf, 4.24]
158  bn128_G1::fixed_base_exp_window_table.push_back(1);
159  // window 2 is unbeaten in [4.24, 10.43]
160  bn128_G1::fixed_base_exp_window_table.push_back(4);
161  // window 3 is unbeaten in [10.43, 24.88]
162  bn128_G1::fixed_base_exp_window_table.push_back(10);
163  // window 4 is unbeaten in [24.88, 62.10]
164  bn128_G1::fixed_base_exp_window_table.push_back(25);
165  // window 5 is unbeaten in [62.10, 157.80]
166  bn128_G1::fixed_base_exp_window_table.push_back(62);
167  // window 6 is unbeaten in [157.80, 362.05]
168  bn128_G1::fixed_base_exp_window_table.push_back(158);
169  // window 7 is unbeaten in [362.05, 806.67]
170  bn128_G1::fixed_base_exp_window_table.push_back(362);
171  // window 8 is unbeaten in [806.67, 2090.34]
172  bn128_G1::fixed_base_exp_window_table.push_back(807);
173  // window 9 is unbeaten in [2090.34, 4459.58]
174  bn128_G1::fixed_base_exp_window_table.push_back(2090);
175  // window 10 is unbeaten in [4459.58, 9280.12]
176  bn128_G1::fixed_base_exp_window_table.push_back(4460);
177  // window 11 is unbeaten in [9280.12, 43302.64]
178  bn128_G1::fixed_base_exp_window_table.push_back(9280);
179  // window 12 is unbeaten in [43302.64, 210998.73]
180  bn128_G1::fixed_base_exp_window_table.push_back(43303);
181  // window 13 is never the best
182  bn128_G1::fixed_base_exp_window_table.push_back(0);
183  // window 14 is never the best
184  bn128_G1::fixed_base_exp_window_table.push_back(0);
185  // window 15 is unbeaten in [210998.73, 506869.47]
186  bn128_G1::fixed_base_exp_window_table.push_back(210999);
187  // window 16 is unbeaten in [506869.47, 930023.36]
188  bn128_G1::fixed_base_exp_window_table.push_back(506869);
189  // window 17 is unbeaten in [930023.36, 8350812.20]
190  bn128_G1::fixed_base_exp_window_table.push_back(930023);
191  // window 18 is never the best
192  bn128_G1::fixed_base_exp_window_table.push_back(0);
193  // window 19 is never the best
194  bn128_G1::fixed_base_exp_window_table.push_back(0);
195  // window 20 is unbeaten in [8350812.20, 21708138.87]
196  bn128_G1::fixed_base_exp_window_table.push_back(8350812);
197  // window 21 is unbeaten in [21708138.87, 29482995.52]
198  bn128_G1::fixed_base_exp_window_table.push_back(21708139);
199  // window 22 is unbeaten in [29482995.52, inf]
200  bn128_G1::fixed_base_exp_window_table.push_back(29482996);
201 
202  /* choice of group G2 */
203  // Identities
204  bn128_G2::G2_zero.X = bn::Fp2(bn::Fp(1), bn::Fp(0));
205  bn128_G2::G2_zero.Y = bn::Fp2(bn::Fp(1), bn::Fp(0));
206  bn128_G2::G2_zero.Z = bn::Fp2(bn::Fp(0), bn::Fp(0));
207 
208  bn128_G2::G2_one.X = bn::Fp2(
209  bn::Fp("152678028847935503835587060391656210502900897759612088243037657"
210  "53922461897946"),
211  bn::Fp("903449356601974233940237867046189777450996766956261078811321598"
212  "8055021632533"));
213  bn128_G2::G2_one.Y = bn::Fp2(
214  bn::Fp("644888581738283025171396578091639672120333224302184904896215738"
215  "366765861164"),
216  bn::Fp("205328750812034486954487442552245436619595163613273857798784767"
217  "09582931298750"));
218  bn128_G2::G2_one.Z = bn::Fp2(bn::Fp(1), bn::Fp(0));
219 
220  // Cofactor
221  bn128_G2::h =
222  bigint<bn128_G2::h_limbs>("21888242871839275222246405745257275088844257"
223  "914179612981679871602714643921549");
224 
225  // WNAF
226  bn128_G2::wnaf_window_table.resize(0);
227  bn128_G2::wnaf_window_table.push_back(7);
228  bn128_G2::wnaf_window_table.push_back(18);
229  bn128_G2::wnaf_window_table.push_back(35);
230  bn128_G2::wnaf_window_table.push_back(116);
231 
232  bn128_G2::fixed_base_exp_window_table.resize(0);
233  // window 1 is unbeaten in [-inf, 4.13]
234  bn128_G2::fixed_base_exp_window_table.push_back(1);
235  // window 2 is unbeaten in [4.13, 10.72]
236  bn128_G2::fixed_base_exp_window_table.push_back(4);
237  // window 3 is unbeaten in [10.72, 25.60]
238  bn128_G2::fixed_base_exp_window_table.push_back(11);
239  // window 4 is unbeaten in [25.60, 60.99]
240  bn128_G2::fixed_base_exp_window_table.push_back(26);
241  // window 5 is unbeaten in [60.99, 153.66]
242  bn128_G2::fixed_base_exp_window_table.push_back(61);
243  // window 6 is unbeaten in [153.66, 353.13]
244  bn128_G2::fixed_base_exp_window_table.push_back(154);
245  // window 7 is unbeaten in [353.13, 771.87]
246  bn128_G2::fixed_base_exp_window_table.push_back(353);
247  // window 8 is unbeaten in [771.87, 2025.85]
248  bn128_G2::fixed_base_exp_window_table.push_back(772);
249  // window 9 is unbeaten in [2025.85, 4398.65]
250  bn128_G2::fixed_base_exp_window_table.push_back(2026);
251  // window 10 is unbeaten in [4398.65, 10493.42]
252  bn128_G2::fixed_base_exp_window_table.push_back(4399);
253  // window 11 is unbeaten in [10493.42, 37054.73]
254  bn128_G2::fixed_base_exp_window_table.push_back(10493);
255  // window 12 is unbeaten in [37054.73, 49928.78]
256  bn128_G2::fixed_base_exp_window_table.push_back(37055);
257  // window 13 is unbeaten in [49928.78, 114502.82]
258  bn128_G2::fixed_base_exp_window_table.push_back(49929);
259  // window 14 is unbeaten in [114502.82, 161445.26]
260  bn128_G2::fixed_base_exp_window_table.push_back(114503);
261  // window 15 is unbeaten in [161445.26, 470648.01]
262  bn128_G2::fixed_base_exp_window_table.push_back(161445);
263  // window 16 is unbeaten in [470648.01, 1059821.87]
264  bn128_G2::fixed_base_exp_window_table.push_back(470648);
265  // window 17 is unbeaten in [1059821.87, 5450848.25]
266  bn128_G2::fixed_base_exp_window_table.push_back(1059822);
267  // window 18 is never the best
268  bn128_G2::fixed_base_exp_window_table.push_back(0);
269  // window 19 is unbeaten in [5450848.25, 5566795.57]
270  bn128_G2::fixed_base_exp_window_table.push_back(5450848);
271  // window 20 is unbeaten in [5566795.57, 33055217.52]
272  bn128_G2::fixed_base_exp_window_table.push_back(5566796);
273  // window 21 is never the best
274  bn128_G2::fixed_base_exp_window_table.push_back(0);
275  // window 22 is unbeaten in [33055217.52, inf]
276  bn128_G2::fixed_base_exp_window_table.push_back(33055218);
277 
278  bn128_GT::GT_one.elem = bn::Fp12(1);
279 }
280 } // namespace libff
libff::bn128_G2::Z
bn::Fp2 Z
Definition: bn128_g2.hpp:48
libff::bn128_Fq2_nqr_to_t
bn::Fp2 bn128_Fq2_nqr_to_t
Definition: bn128_init.cpp:26
libff::bn128_Fq
Fp_model< bn128_q_limbs, bn128_modulus_q > bn128_Fq
Definition: bn128_init.hpp:40
libff::bn128_G1::G1_zero
static bn128_G1 G1_zero
Definition: bn128_g1.hpp:35
libff
Definition: ffi.cpp:8
libff::bn128_G2::wnaf_window_table
static std::vector< size_t > wnaf_window_table
Definition: bn128_g2.hpp:34
libff::Fp_model::nqr
static Fp_model< n, modulus > nqr
a quadratic nonresidue
Definition: fp.hpp:70
libff::bn128_Fq2_s
size_t bn128_Fq2_s
Definition: bn128_init.cpp:25
libff::bn128_coeff_b
bn::Fp bn128_coeff_b
Definition: bn128_init.cpp:19
libff::bn128_modulus_r
bigint< bn128_r_limbs > bn128_modulus_r
Definition: bn128_init.cpp:16
libff::bn128_GT::elem
bn::Fp12 elem
Definition: bn128_gt.hpp:27
libff::Fp_model::t
static bigint< n > t
with t odd
Definition: fp.hpp:66
bn128_gt.hpp
libff::bn128_Fq_nqr_to_t
bn::Fp bn128_Fq_nqr_to_t
Definition: bn128_init.cpp:21
libff::Fp_model::s
static size_t s
modulus = 2^s * t + 1
Definition: fp.hpp:64
libff::bn128_G2::h
static bigint< h_limbs > h
Definition: bn128_g2.hpp:46
libff::Fp_model::euler
static bigint< n > euler
(modulus-1)/2
Definition: fp.hpp:62
libff::bn128_G2::X
bn::Fp2 X
Definition: bn128_g2.hpp:48
libff::Fp_model::modulus_is_valid
static bool modulus_is_valid()
Definition: fp.hpp:84
libff::bn128_G2::G2_one
static bn128_G2 G2_one
Definition: bn128_g2.hpp:37
libff::bn128_G2::Y
bn::Fp2 Y
Definition: bn128_g2.hpp:48
libff::Fp_model::t_minus_1_over_2
static bigint< n > t_minus_1_over_2
(t-1)/2
Definition: fp.hpp:68
libff::bn128_Fq_s
size_t bn128_Fq_s
Definition: bn128_init.cpp:20
libff::bigint
Definition: bigint.hpp:20
libff::Fp_model::static_init
static void static_init()
libff::Fp_model::root_of_unity
static Fp_model< n, modulus > root_of_unity
generator^((modulus-1)/2^s)
Definition: fp.hpp:76
bn128_g1.hpp
libff::bn128_G1::Z
bn::Fp Z
Definition: bn128_g1.hpp:47
libff::bn128_G1::fixed_base_exp_window_table
static std::vector< size_t > fixed_base_exp_window_table
Definition: bn128_g1.hpp:34
bn128_init.hpp
libff::bn128_G1::Y
bn::Fp Y
Definition: bn128_g1.hpp:47
libff::bn128_twist_coeff_b
bn::Fp2 bn128_twist_coeff_b
Definition: bn128_init.cpp:24
libff::init_bn128_params
void init_bn128_params()
Definition: bn128_init.cpp:29
libff::bn128_G2::G2_zero
static bn128_G2 G2_zero
Definition: bn128_g2.hpp:36
libff::Fp_model::nqr_to_t
static Fp_model< n, modulus > nqr_to_t
nqr^t
Definition: fp.hpp:72
libff::bn128_G1::h
static bigint< h_limbs > h
Definition: bn128_g1.hpp:45
libff::Fp_model::multiplicative_generator
static Fp_model< n, modulus > multiplicative_generator
generator of Fp^*
Definition: fp.hpp:74
libff::bn128_G2::fixed_base_exp_window_table
static std::vector< size_t > fixed_base_exp_window_table
Definition: bn128_g2.hpp:35
libff::Fp_model::num_bits
static size_t num_bits
Definition: fp.hpp:60
libff::bn128_Fq2_t_minus_1_over_2
mie::Vuint bn128_Fq2_t_minus_1_over_2
Definition: bn128_init.cpp:27
libff::Fp_model::inv
static mp_limb_t inv
-modulus^(-1) mod W, where W = 2^(word size)
Definition: fp.hpp:78
libff::bn128_modulus_q
bigint< bn128_q_limbs > bn128_modulus_q
Definition: bn128_init.cpp:17
bn128_g2.hpp
libff::Fp_model::Rsquared
static bigint< n > Rsquared
R^2, where R = W^k, where k = ??
Definition: fp.hpp:80
libff::bn128_G1::G1_one
static bn128_G1 G1_one
Definition: bn128_g1.hpp:36
libff::bn128_G1::wnaf_window_table
static std::vector< size_t > wnaf_window_table
Definition: bn128_g1.hpp:33
libff::bn128_Fr
Fp_model< bn128_r_limbs, bn128_modulus_r > bn128_Fr
Definition: bn128_init.hpp:39
libff::Fp_model::Rcubed
static bigint< n > Rcubed
R^3.
Definition: fp.hpp:82
libff::bn128_G1::X
bn::Fp X
Definition: bn128_g1.hpp:47
libff::bn128_GT::GT_one
static bn128_GT GT_one
Definition: bn128_gt.hpp:26
libff::bn128_Fq_t_minus_1_over_2
mie::Vuint bn128_Fq_t_minus_1_over_2
Definition: bn128_init.cpp:22
Generated on Thu Aug 18 2022 12:42:18 for Clearmatics Libff by   doxygen 1.8.17