Clearmatics Libff  0.1
C++ library for Finite Fields and Elliptic Curves
bw6_761_init.cpp
Go to the documentation of this file.
1 // The code below is an implementation of https://eprint.iacr.org/2020/351.pdf
2 // and uses
3 // https://gitlab.inria.fr/zk-curves/bw6-761/-/blob/master/sage/pairing.py and
4 // https://github.com/EYBlockchain/zk-swap-libff/tree/ey/libff/algebra/curves/bw6_761
5 // as references.
6 
7 #include <libff/algebra/curves/bw6_761/bw6_761_g1.hpp>
8 #include <libff/algebra/curves/bw6_761/bw6_761_g2.hpp>
9 #include <libff/algebra/curves/bw6_761/bw6_761_init.hpp>
10 
11 namespace libff
12 {
13 
14 bigint<bw6_761_r_limbs> bw6_761_modulus_r;
15 bigint<bw6_761_q_limbs> bw6_761_modulus_q;
16 
17 bw6_761_Fq bw6_761_coeff_b;
18 bw6_761_Fq bw6_761_twist;
19 bw6_761_Fq bw6_761_twist_coeff_b;
20 
21 bigint<bw6_761_q_limbs> bw6_761_ate_loop_count1;
22 bigint<bw6_761_q_limbs> bw6_761_ate_loop_count2;
23 bool bw6_761_ate_is_loop_count_neg;
24 bigint<bw6_761_q_limbs> bw6_761_final_exponent_z;
25 bool bw6_761_final_exponent_is_z_neg;
26 
27 void init_bw6_761_params()
28 {
29  typedef bigint<bw6_761_r_limbs> bigint_r;
30  typedef bigint<bw6_761_q_limbs> bigint_q;
31 
32  // Montgomery assumes this
33  assert(sizeof(mp_limb_t) == 8 || sizeof(mp_limb_t) == 4);
34 
35  // Parameters for scalar field Fr
36  // r =
37  // 0x1ae3a4617c510eac63b05c06ca1493b1a22d9f300f5138f1ef3622fba094800170b5d44300000008508c00000000001
38  bw6_761_modulus_r =
39  bigint_r("2586644260129690940106527336948935335363935127549146605398842"
40  "62666720468348340822774968888139573360124440321458177");
41  assert(bw6_761_Fr::modulus_is_valid());
42  if (sizeof(mp_limb_t) == 8) {
43  bw6_761_Fr::Rsquared = bigint_r(
44  "661274283768726978163325701168662324052305289846649183196063154202"
45  "33909940404532140033099444330447428417853902114");
46  bw6_761_Fr::Rcubed = bigint_r(
47  "157734475176213061358192738313701451942220138363611391489992831740"
48  "412033225490229541667992423878570205050777755168");
49  bw6_761_Fr::inv = 0x8508bfffffffffff;
50  }
51  if (sizeof(mp_limb_t) == 4) {
52  bw6_761_Fr::Rsquared = bigint_r(
53  "661274283768726978163325701168662324052305289846649183196063154202"
54  "33909940404532140033099444330447428417853902114");
55  bw6_761_Fr::Rcubed = bigint_r(
56  "157734475176213061358192738313701451942220138363611391489992831740"
57  "412033225490229541667992423878570205050777755168");
58  bw6_761_Fr::inv = 0xffffffff;
59  }
60  bw6_761_Fr::num_bits = 377;
61  bw6_761_Fr::euler =
62  bigint_r("1293322130064845470053263668474467667681967563774573302699421"
63  "31333360234174170411387484444069786680062220160729088");
64  bw6_761_Fr::s = 46;
65  bw6_761_Fr::t =
66  bigint_r("3675842578061421676390135839012792950148785745837396071634149"
67  "488243117337281387659330802195819009059");
68  bw6_761_Fr::t_minus_1_over_2 =
69  bigint_r("1837921289030710838195067919506396475074392872918698035817074"
70  "744121558668640693829665401097909504529");
71  bw6_761_Fr::multiplicative_generator = bw6_761_Fr("15");
72  bw6_761_Fr::root_of_unity =
73  bw6_761_Fr("32863578547254505029601261939868325669770508939375122462904"
74  "745766352256812585773382134936404344547323199885654433");
75  bw6_761_Fr::nqr = bw6_761_Fr("5");
76  bw6_761_Fr::nqr_to_t =
77  bw6_761_Fr("33774956008227656219775876656288133547078610493828613777258"
78  "829345740556592044969439504850374928261397247202212840");
79  bw6_761_Fr::static_init();
80 
81  // Parameters for base field Fq
82  // q =
83  // 0x122e824fb83ce0ad187c94004faff3eb926186a81d14688528275ef8087be41707ba638e584e91903cebaff25b423048689c8ed12f9fd9071dcd3dc73ebff2e98a116c25667a8f8160cf8aeeaf0a437e6913e6870000082f49d00000000008b
84  bw6_761_modulus_q =
85  bigint_q("6891450384315732539396789682275657542479668912536150109513790"
86  "1602096234222434917360876831832894116876408645677537866134511"
87  "6175912055424775934951169912530159895160509937850885037254363"
88  "1423596795951899700429969112842764913119068299");
89  assert(bw6_761_Fq::modulus_is_valid());
90  if (sizeof(mp_limb_t) == 8) {
91  bw6_761_Fq::Rsquared = bigint_q(
92  "410173710550729835244256131339319232418037181415529408988358678008"
93  "337131002543531210418765667118526087296627284304957029592342298086"
94  "677137781899438438783090920915449892454598380340650741080836049574"
95  "9428678951279422657716620863065");
96  bw6_761_Fq::Rcubed = bigint_q(
97  "297415514632118086526834853439131925910825545338380841392089322640"
98  "624198677430665521626961318971291885148318712859327336480040754936"
99  "765047304839676586453060891603903912680899124818868997690823101153"
100  "644786484398736894438670450156");
101 
102  bw6_761_Fq::inv = 0xa5593568fa798dd;
103  }
104  if (sizeof(mp_limb_t) == 4) {
105  bw6_761_Fq::Rsquared = bigint_q(
106  "410173710550729835244256131339319232418037181415529408988358678008"
107  "337131002543531210418765667118526087296627284304957029592342298086"
108  "677137781899438438783090920915449892454598380340650741080836049574"
109  "9428678951279422657716620863065");
110  bw6_761_Fq::Rcubed = bigint_q(
111  "297415514632118086526834853439131925910825545338380841392089322640"
112  "624198677430665521626961318971291885148318712859327336480040754936"
113  "765047304839676586453060891603903912680899124818868997690823101153"
114  "644786484398736894438670450156");
115  bw6_761_Fq::inv = 0x8fa798dd;
116  }
117  bw6_761_Fq::num_bits = 761;
118  bw6_761_Fq::euler =
119  bigint_q("3445725192157866269698394841137828771239834456268075054756895"
120  "0801048117111217458680438415916447058438204322838768933067255"
121  "8087956027712387967475584956265079947580254968925442518627181"
122  "5711798397975949850214984556421382456559534149");
123  bw6_761_Fq::s = 1;
124  bw6_761_Fq::t =
125  bigint_q("3445725192157866269698394841137828771239834456268075054756895"
126  "0801048117111217458680438415916447058438204322838768933067255"
127  "8087956027712387967475584956265079947580254968925442518627181"
128  "5711798397975949850214984556421382456559534149");
129  bw6_761_Fq::t_minus_1_over_2 =
130  bigint_q("1722862596078933134849197420568914385619917228134037527378447"
131  "5400524058555608729340219207958223529219102161419384466533627"
132  "9043978013856193983737792478132539973790127484462721259313590"
133  "7855899198987974925107492278210691228279767074");
134  bw6_761_Fq::multiplicative_generator = bw6_761_Fq("2");
135  bw6_761_Fq::root_of_unity =
136  bw6_761_Fq("68914503843157325393967896822756575424796689125361501095137"
137  "90160209623422243491736087683183289411687640864567753786613"
138  "45116175912055424775934951169912530159895160509937850885037"
139  "2543631423596795951899700429969112842764913119068298");
140  bw6_761_Fq::nqr = bw6_761_Fq("2");
141  bw6_761_Fq::nqr_to_t =
142  bw6_761_Fq("68914503843157325393967896822756575424796689125361501095137"
143  "90160209623422243491736087683183289411687640864567753786613"
144  "45116175912055424775934951169912530159895160509937850885037"
145  "2543631423596795951899700429969112842764913119068298");
146  bw6_761_Fq::static_init();
147 
148  // Parameters for Fq3
149  bw6_761_Fq3::euler = bigint<3 * bw6_761_q_limbs>(
150  "1636446854262954003249141699409548889559206196373633220512096143268984"
151  "5397014880568641901171928604942518055908462554673180677727867910667998"
152  "4663099143697116161447047621868304705520956489172590015220902479424161"
153  "5633521368602921395669003930971333893630420619714613478078837246039873"
154  "3124493326270446151854198371345979937646860351442184846671768256523932"
155  "2945704382553665794724881767934477627356011124130848888786345848916593"
156  "9567481576923242781572039862743001907835119097653682898829629358506603"
157  "8893699793468601168791027807574316427084928535262789988925129164000203"
158  "2048904566729137025370148302740362549750397891505412715221417910833483"
159  "274288268810463328915955262815220574933205354950574767449");
160  bw6_761_Fq3::s = 1;
161  bw6_761_Fq3::t = bigint<3 * bw6_761_q_limbs>(
162  "1636446854262954003249141699409548889559206196373633220512096143268984"
163  "5397014880568641901171928604942518055908462554673180677727867910667998"
164  "4663099143697116161447047621868304705520956489172590015220902479424161"
165  "5633521368602921395669003930971333893630420619714613478078837246039873"
166  "3124493326270446151854198371345979937646860351442184846671768256523932"
167  "2945704382553665794724881767934477627356011124130848888786345848916593"
168  "9567481576923242781572039862743001907835119097653682898829629358506603"
169  "8893699793468601168791027807574316427084928535262789988925129164000203"
170  "2048904566729137025370148302740362549750397891505412715221417910833483"
171  "274288268810463328915955262815220574933205354950574767449");
172  bw6_761_Fq3::t_minus_1_over_2 = bigint<3 * bw6_761_q_limbs>(
173  "8182234271314770016245708497047744447796030981868166102560480716344922"
174  "6985074402843209505859643024712590279542312773365903388639339553339992"
175  "3315495718485580807235238109341523527604782445862950076104512397120807"
176  "8167606843014606978345019654856669468152103098573067390394186230199366"
177  "5622466631352230759270991856729899688234301757210924233358841282619661"
178  "4728521912768328973624408839672388136780055620654244443931729244582969"
179  "7837407884616213907860199313715009539175595488268414494148146792533019"
180  "4468498967343005843955139037871582135424642676313949944625645820001016"
181  "0244522833645685126850741513701812748751989457527063576107089554167416"
182  "37144134405231664457977631407610287466602677475287383724");
183  bw6_761_Fq3::nqr =
184  bw6_761_Fq3(bw6_761_Fq("0"), bw6_761_Fq("1"), bw6_761_Fq("0"));
185  bw6_761_Fq3::nqr_to_t = bw6_761_Fq3(
186  bw6_761_Fq("68914503843157325393967896822756575424796689125361501095137"
187  "90160209623422243491736087683183289411687640864567753786613"
188  "45116175912055424775934951169912530159895160509937850885037"
189  "2543631423596795951899700429969112842764913119068298"),
190  bw6_761_Fq("0"),
191  bw6_761_Fq("0"));
192  bw6_761_Fq3::non_residue =
193  bw6_761_Fq("68914503843157325393967896822756575424796689125361501095137"
194  "90160209623422243491736087683183289411687640864567753786613"
195  "45116175912055424775934951169912530159895160509937850885037"
196  "2543631423596795951899700429969112842764913119068295");
197  bw6_761_Fq3::nqr =
198  bw6_761_Fq3(bw6_761_Fq("0"), bw6_761_Fq("1"), bw6_761_Fq("0"));
199  bw6_761_Fq3::nqr_to_t = bw6_761_Fq3(
200  bw6_761_Fq("68914503843157325393967896822756575424796689125361501095137"
201  "90160209623422243491736087683183289411687640864567753786613"
202  "45116175912055424775934951169912530159895160509937850885037"
203  "2543631423596795951899700429969112842764913119068298"),
204  bw6_761_Fq("0"),
205  bw6_761_Fq("0"));
206  bw6_761_Fq3::Frobenius_coeffs_c1[0] = bw6_761_Fq("1");
207  bw6_761_Fq3::Frobenius_coeffs_c1[1] =
208  bw6_761_Fq("49224645602255232421181789425750803910820025302323243810630"
209  "48548642823052024664478336818169867474395270858391911405337"
210  "70724773573982666493944449046954210939153048282672820358254"
211  "9674992333383150446779312029624171857054392282775648");
212  bw6_761_Fq3::Frobenius_coeffs_c1[2] =
213  bw6_761_Fq("19689858240902092972786107397005771513976663823038257284507"
214  "41611566800370218827257750865013421937292370006175842381275"
215  "74391402338072758281990502122958319220742112227265030526782"
216  "2868639090213645505120388400344940985710520836292650");
217  bw6_761_Fq3::Frobenius_coeffs_c2[0] = bw6_761_Fq("1");
218  bw6_761_Fq3::Frobenius_coeffs_c2[1] =
219  bw6_761_Fq("19689858240902092972786107397005771513976663823038257284507"
220  "41611566800370218827257750865013421937292370006175842381275"
221  "74391402338072758281990502122958319220742112227265030526782"
222  "2868639090213645505120388400344940985710520836292650");
223  bw6_761_Fq3::Frobenius_coeffs_c2[2] =
224  bw6_761_Fq("49224645602255232421181789425750803910820025302323243810630"
225  "48548642823052024664478336818169867474395270858391911405337"
226  "70724773573982666493944449046954210939153048282672820358254"
227  "9674992333383150446779312029624171857054392282775648");
228 
229  // Parameters for the field Fq^6
230  bw6_761_Fq6::non_residue =
231  bw6_761_Fq("68914503843157325393967896822756575424796689125361501095137"
232  "90160209623422243491736087683183289411687640864567753786613"
233  "45116175912055424775934951169912530159895160509937850885037"
234  "2543631423596795951899700429969112842764913119068295");
235  bw6_761_Fq6::Frobenius_coeffs_c1[0] = bw6_761_Fq("1");
236  bw6_761_Fq6::Frobenius_coeffs_c1[1] =
237  bw6_761_Fq("49224645602255232421181789425750803910820025302323243810630"
238  "48548642823052024664478336818169867474395270858391911405337"
239  "70724773573982666493944449046954210939153048282672820358254"
240  "9674992333383150446779312029624171857054392282775649");
241  bw6_761_Fq6::Frobenius_coeffs_c1[2] =
242  bw6_761_Fq("49224645602255232421181789425750803910820025302323243810630"
243  "48548642823052024664478336818169867474395270858391911405337"
244  "70724773573982666493944449046954210939153048282672820358254"
245  "9674992333383150446779312029624171857054392282775648");
246  bw6_761_Fq6::Frobenius_coeffs_c1[3] =
247  bw6_761_Fq("68914503843157325393967896822756575424796689125361501095137"
248  "90160209623422243491736087683183289411687640864567753786613"
249  "45116175912055424775934951169912530159895160509937850885037"
250  "2543631423596795951899700429969112842764913119068298");
251  bw6_761_Fq6::Frobenius_coeffs_c1[4] =
252  bw6_761_Fq("19689858240902092972786107397005771513976663823038257284507"
253  "41611566800370218827257750865013421937292370006175842381275"
254  "74391402338072758281990502122958319220742112227265030526782"
255  "2868639090213645505120388400344940985710520836292650");
256  bw6_761_Fq6::Frobenius_coeffs_c1[5] =
257  bw6_761_Fq("19689858240902092972786107397005771513976663823038257284507"
258  "41611566800370218827257750865013421937292370006175842381275"
259  "74391402338072758281990502122958319220742112227265030526782"
260  "2868639090213645505120388400344940985710520836292651");
261 
262  bw6_761_Fq6::my_Fp2::non_residue = bw6_761_Fq3::non_residue;
263 
264  // Choice of short Weierstrass curve and its twist
265  // E: y^2 = x^3 - 1
266  // bw6_761_coeff_b = -1
267  bw6_761_coeff_b =
268  bw6_761_Fq("68914503843157325393967896822756575424796689125361501095137"
269  "90160209623422243491736087683183289411687640864567753786613"
270  "45116175912055424775934951169912530159895160509937850885037"
271  "2543631423596795951899700429969112842764913119068298");
272  // E': y^2 = x^3 - 1 * (-4) = y^2 = x^3 + 4
273  // bw6_761_twist = -4
274  bw6_761_twist =
275  bw6_761_Fq("68914503843157325393967896822756575424796689125361501095137"
276  "90160209623422243491736087683183289411687640864567753786613"
277  "45116175912055424775934951169912530159895160509937850885037"
278  "2543631423596795951899700429969112842764913119068295");
279  // We use a M-twist here, hence:
280  // bw6_761_twist_coeff_b = bw6_761_coeff_b * bw6_761_twist;
281  bw6_761_twist_coeff_b = bw6_761_Fq("4");
282 
283  // Choice of group G1
284  // Identities
285  bw6_761_G1::G1_zero =
286  bw6_761_G1(bw6_761_Fq::zero(), bw6_761_Fq::one(), bw6_761_Fq::zero());
287  bw6_761_G1::G1_one = bw6_761_G1(
288  bw6_761_Fq("62387722575946793680321456936228128387790058097608247331387"
289  "87810501188623461307351759238099287535516224314149266511977"
290  "13214082863595094002179048950761175436631780181109081136794"
291  "5064510304504157188661901055903167026722666149426237"),
292  bw6_761_Fq("21017351265208974239115045622158349511481275559133679971627"
293  "89335052900271653517958562461315794228241561913734371411178"
294  "22693652768320387955309393418595047097184897208532179795812"
295  "4416462268292467002957525517188485984766314758624099"),
296  bw6_761_Fq::one());
297 
298  // Curve coeffs
299  bw6_761_G1::coeff_a = bw6_761_Fq::zero();
300  bw6_761_G1::coeff_b = bw6_761_coeff_b;
301 
302  // Cofactor
303  bw6_761_G1::h = bigint<bw6_761_G1::h_limbs>(
304  "2664243587933581668398767770148807386775111827005265065594210250231297"
305  "7592501693353047140953112195348280268661194876");
306 
307  // WNAF
308  //
309  // Below we use the same `wnaf_window_table` as used for alt_bn_128
310  // TODO: Adjust the `wnaf_window_table` and `fixed_base_exp_window_table`
311  bw6_761_G1::wnaf_window_table.resize(0);
312  bw6_761_G1::wnaf_window_table.push_back(11);
313  bw6_761_G1::wnaf_window_table.push_back(24);
314  bw6_761_G1::wnaf_window_table.push_back(60);
315  bw6_761_G1::wnaf_window_table.push_back(127);
316 
317  // Fixed-base exponentiation table
318  bw6_761_G1::fixed_base_exp_window_table.resize(0);
319  // window 1 is unbeaten in [-inf, 4.99]
320  bw6_761_G1::fixed_base_exp_window_table.push_back(1);
321  // window 2 is unbeaten in [4.99, 10.99]
322  bw6_761_G1::fixed_base_exp_window_table.push_back(5);
323  // window 3 is unbeaten in [10.99, 32.29]
324  bw6_761_G1::fixed_base_exp_window_table.push_back(11);
325  // window 4 is unbeaten in [32.29, 55.23]
326  bw6_761_G1::fixed_base_exp_window_table.push_back(32);
327  // window 5 is unbeaten in [55.23, 162.03]
328  bw6_761_G1::fixed_base_exp_window_table.push_back(55);
329  // window 6 is unbeaten in [162.03, 360.15]
330  bw6_761_G1::fixed_base_exp_window_table.push_back(162);
331  // window 7 is unbeaten in [360.15, 815.44]
332  bw6_761_G1::fixed_base_exp_window_table.push_back(360);
333  // window 8 is unbeaten in [815.44, 2373.07]
334  bw6_761_G1::fixed_base_exp_window_table.push_back(815);
335  // window 9 is unbeaten in [2373.07, 6977.75]
336  bw6_761_G1::fixed_base_exp_window_table.push_back(2373);
337  // window 10 is unbeaten in [6977.75, 7122.23]
338  bw6_761_G1::fixed_base_exp_window_table.push_back(6978);
339  // window 11 is unbeaten in [7122.23, 57818.46]
340  bw6_761_G1::fixed_base_exp_window_table.push_back(7122);
341  // window 12 is never the best
342  bw6_761_G1::fixed_base_exp_window_table.push_back(0);
343  // window 13 is unbeaten in [57818.46, 169679.14]
344  bw6_761_G1::fixed_base_exp_window_table.push_back(57818);
345  // window 14 is never the best
346  bw6_761_G1::fixed_base_exp_window_table.push_back(0);
347  // window 15 is unbeaten in [169679.14, 439758.91]
348  bw6_761_G1::fixed_base_exp_window_table.push_back(169679);
349  // window 16 is unbeaten in [439758.91, 936073.41]
350  bw6_761_G1::fixed_base_exp_window_table.push_back(439759);
351  // window 17 is unbeaten in [936073.41, 4666554.74]
352  bw6_761_G1::fixed_base_exp_window_table.push_back(936073);
353  // window 18 is never the best
354  bw6_761_G1::fixed_base_exp_window_table.push_back(0);
355  // window 19 is unbeaten in [4666554.74, 7580404.42]
356  bw6_761_G1::fixed_base_exp_window_table.push_back(4666555);
357  // window 20 is unbeaten in [7580404.42, 34552892.20]
358  bw6_761_G1::fixed_base_exp_window_table.push_back(7580404);
359  // window 21 is never the best
360  bw6_761_G1::fixed_base_exp_window_table.push_back(0);
361  // window 22 is unbeaten in [34552892.20, inf]
362  bw6_761_G1::fixed_base_exp_window_table.push_back(34552892);
363 
364  // Choice of group G2
365  // Identities
366  bw6_761_G2::G2_zero =
367  bw6_761_G2(bw6_761_Fq::zero(), bw6_761_Fq::one(), bw6_761_Fq::zero());
368  bw6_761_G2::G2_one = bw6_761_G2(
369  bw6_761_Fq("64453329105969793360358881527740716268988861397741013649339"
370  "48236926875073754470830732273879639675437155036544153105017"
371  "72959260056063167855429956276229474392791242909663615640117"
372  "1909259073181112518725201388196280039960074422214428"),
373  bw6_761_Fq("56292365808953971938692216344454738775758653474108026394695"
374  "34015951552119346305989993003963171041825980447937581532149"
375  "72605680357108252243146746187917218885078195819486220416605"
376  "630144001533548163105316661692978285266378674355041"),
377  bw6_761_Fq::one());
378 
379  // Curve coeffs
380  bw6_761_G2::coeff_a = bw6_761_Fq::zero();
381  bw6_761_G2::coeff_b = bw6_761_twist_coeff_b;
382 
383  // Cofactor
384  bw6_761_G2::h = bigint<bw6_761_G2::h_limbs>(
385  "2664243587933581668398767770148807386775111827005265065594210250231297"
386  "7592501693353047140953112195348280268661194869");
387 
388  // wNAF window table
389  bw6_761_G2::wnaf_window_table.resize(0);
390  bw6_761_G2::wnaf_window_table.push_back(5);
391  bw6_761_G2::wnaf_window_table.push_back(15);
392  bw6_761_G2::wnaf_window_table.push_back(39);
393  bw6_761_G2::wnaf_window_table.push_back(109);
394 
395  // Fixed-base exponentiation table
396  bw6_761_G2::fixed_base_exp_window_table.resize(0);
397  // window 1 is unbeaten in [-inf, 5.10]
398  bw6_761_G2::fixed_base_exp_window_table.push_back(1);
399  // window 2 is unbeaten in [5.10, 10.43]
400  bw6_761_G2::fixed_base_exp_window_table.push_back(5);
401  // window 3 is unbeaten in [10.43, 25.28]
402  bw6_761_G2::fixed_base_exp_window_table.push_back(10);
403  // window 4 is unbeaten in [25.28, 59.00]
404  bw6_761_G2::fixed_base_exp_window_table.push_back(25);
405  // window 5 is unbeaten in [59.00, 154.03]
406  bw6_761_G2::fixed_base_exp_window_table.push_back(59);
407  // window 6 is unbeaten in [154.03, 334.25]
408  bw6_761_G2::fixed_base_exp_window_table.push_back(154);
409  // window 7 is unbeaten in [334.25, 742.58]
410  bw6_761_G2::fixed_base_exp_window_table.push_back(334);
411  // window 8 is unbeaten in [742.58, 2034.40]
412  bw6_761_G2::fixed_base_exp_window_table.push_back(743);
413  // window 9 is unbeaten in [2034.40, 4987.56]
414  bw6_761_G2::fixed_base_exp_window_table.push_back(2034);
415  // window 10 is unbeaten in [4987.56, 8888.27]
416  bw6_761_G2::fixed_base_exp_window_table.push_back(4988);
417  // window 11 is unbeaten in [8888.27, 26271.13]
418  bw6_761_G2::fixed_base_exp_window_table.push_back(8888);
419  // window 12 is unbeaten in [26271.13, 39768.20]
420  bw6_761_G2::fixed_base_exp_window_table.push_back(26271);
421  // window 13 is unbeaten in [39768.20, 106275.75]
422  bw6_761_G2::fixed_base_exp_window_table.push_back(39768);
423  // window 14 is unbeaten in [106275.75, 141703.40]
424  bw6_761_G2::fixed_base_exp_window_table.push_back(106276);
425  // window 15 is unbeaten in [141703.40, 462422.97]
426  bw6_761_G2::fixed_base_exp_window_table.push_back(141703);
427  // window 16 is unbeaten in [462422.97, 926871.84]
428  bw6_761_G2::fixed_base_exp_window_table.push_back(462423);
429  // window 17 is unbeaten in [926871.84, 4873049.17]
430  bw6_761_G2::fixed_base_exp_window_table.push_back(926872);
431  // window 18 is never the best
432  bw6_761_G2::fixed_base_exp_window_table.push_back(0);
433  // window 19 is unbeaten in [4873049.17, 5706707.88]
434  bw6_761_G2::fixed_base_exp_window_table.push_back(4873049);
435  // window 20 is unbeaten in [5706707.88, 31673814.95]
436  bw6_761_G2::fixed_base_exp_window_table.push_back(5706708);
437  // window 21 is never the best
438  bw6_761_G2::fixed_base_exp_window_table.push_back(0);
439  // window 22 is unbeaten in [31673814.95, inf]
440  bw6_761_G2::fixed_base_exp_window_table.push_back(31673815);
441 
442  // Pairing parameters
443  // See Algorithm 5 for Miller Loop: https://eprint.iacr.org/2020/351.pdf
444  // ate_opt(P,Q) = (f_{u^3-u^2-u,Q}(P)f^{q}_{u+1,Q}(P))^(q^6 - 1)/r
445  //
446  // u+1
447  bw6_761_ate_loop_count1 = bigint_q("9586122913090633730");
448  // u^3-u^2-u
449  bw6_761_ate_loop_count2 =
450  bigint_q("880904806456922042166256752416502360955572640081583800319");
451  bw6_761_ate_is_loop_count_neg = false;
452  // u
453  bw6_761_final_exponent_z = bigint_q("9586122913090633729");
454  bw6_761_final_exponent_is_z_neg = false;
455 }
456 
457 } // namespace libff
libff::Fp3_model::nqr_to_t
static Fp3_model< n, modulus > nqr_to_t
nqr^t
Definition: fp3.hpp:53
libff::bw6_761_G1::fixed_base_exp_window_table
static std::vector< size_t > fixed_base_exp_window_table
Definition: bw6_761_g1.hpp:22
libff::Fp3_model::Frobenius_coeffs_c1
static my_Fp Frobenius_coeffs_c1[3]
non_residue^((modulus^i-1)/3) for i=0,1,2
Definition: fp3.hpp:55
libff::bw6_761_G2::G2_zero
static bw6_761_G2 G2_zero
Definition: bw6_761_g2.hpp:24
libff::Fp3_model::euler
static bigint< 3 *n > euler
(modulus^3-1)/2
Definition: fp3.hpp:40
libff::bw6_761_ate_is_loop_count_neg
bool bw6_761_ate_is_loop_count_neg
Definition: bw6_761_init.cpp:23
libff::bw6_761_twist
bw6_761_Fq bw6_761_twist
Definition: bw6_761_init.cpp:18
libff::bw6_761_modulus_r
bigint< bls12_377_q_limbs > bw6_761_modulus_r
Definition: bw6_761_init.cpp:14
libff::Fp3_model::s
static size_t s
modulus^3 = 2^s * t + 1
Definition: fp3.hpp:42
libff
Definition: ffi.cpp:8
libff::bw6_761_G1::G1_zero
static bw6_761_G1 G1_zero
Definition: bw6_761_g1.hpp:23
libff::bw6_761_G2
Definition: bw6_761_g2.hpp:15
libff::bw6_761_Fr
Fp_model< bw6_761_r_limbs, bw6_761_modulus_r > bw6_761_Fr
Definition: bw6_761_init.hpp:23
libff::bw6_761_G1::coeff_b
static bw6_761_Fq coeff_b
Definition: bw6_761_g1.hpp:26
libff::bw6_761_G1::wnaf_window_table
static std::vector< size_t > wnaf_window_table
Definition: bw6_761_g1.hpp:21
libff::Fp_model::nqr
static Fp_model< n, modulus > nqr
a quadratic nonresidue
Definition: fp.hpp:70
libff::bw6_761_Fq
Fp_model< bw6_761_q_limbs, bw6_761_modulus_q > bw6_761_Fq
Definition: bw6_761_init.hpp:24
libff::Fp_model< bw6_761_q_limbs, bw6_761_modulus_q >::zero
static const Fp_model< n, modulus > & zero()
libff::Fp3_model::t_minus_1_over_2
static bigint< 3 *n > t_minus_1_over_2
(t-1)/2
Definition: fp3.hpp:46
libff::Fp_model::t
static bigint< n > t
with t odd
Definition: fp.hpp:66
libff::Fp_model::s
static size_t s
modulus = 2^s * t + 1
Definition: fp.hpp:64
libff::bw6_761_ate_loop_count2
bigint< bw6_761_q_limbs > bw6_761_ate_loop_count2
Definition: bw6_761_init.cpp:22
libff::Fp_model::euler
static bigint< n > euler
(modulus-1)/2
Definition: fp.hpp:62
libff::Fp_model::modulus_is_valid
static bool modulus_is_valid()
Definition: fp.hpp:84
libff::bw6_761_modulus_q
bigint< bw6_761_q_limbs > bw6_761_modulus_q
Definition: bw6_761_init.cpp:15
libff::Fp_model< bw6_761_q_limbs, bw6_761_modulus_q >::one
static const Fp_model< n, modulus > & one()
libff::bw6_761_final_exponent_is_z_neg
bool bw6_761_final_exponent_is_z_neg
Definition: bw6_761_init.cpp:25
libff::bw6_761_G1::coeff_a
static bw6_761_Fq coeff_a
Definition: bw6_761_g1.hpp:25
libff::bw6_761_G2::coeff_b
static bw6_761_Fq coeff_b
Definition: bw6_761_g2.hpp:27
libff::Fp3_model::Frobenius_coeffs_c2
static my_Fp Frobenius_coeffs_c2[3]
non_residue^((2*modulus^i-2)/3) for i=0,1,2
Definition: fp3.hpp:57
libff::Fp_model::t_minus_1_over_2
static bigint< n > t_minus_1_over_2
(t-1)/2
Definition: fp.hpp:68
bw6_761_g2.hpp
libff::bw6_761_G2::G2_one
static bw6_761_G2 G2_one
Definition: bw6_761_g2.hpp:25
libff::bigint
Definition: bigint.hpp:20
libff::init_bw6_761_params
void init_bw6_761_params()
Definition: bw6_761_init.cpp:27
libff::Fp6_2over3_model::non_residue
static my_Fp non_residue
Definition: fp6_2over3.hpp:42
libff::Fp3_model::nqr
static Fp3_model< n, modulus > nqr
a quadratic nonresidue in Fp3
Definition: fp3.hpp:51
libff::Fp_model::static_init
static void static_init()
libff::Fp_model::root_of_unity
static Fp_model< n, modulus > root_of_unity
generator^((modulus-1)/2^s)
Definition: fp.hpp:76
bw6_761_init.hpp
libff::bw6_761_G2::fixed_base_exp_window_table
static std::vector< size_t > fixed_base_exp_window_table
Definition: bw6_761_g2.hpp:23
libff::Fp2_model::non_residue
static my_Fp non_residue
Definition: fp2.hpp:55
libff::bw6_761_coeff_b
bw6_761_Fq bw6_761_coeff_b
Definition: bw6_761_init.cpp:17
libff::bw6_761_G2::h
static bigint< h_limbs > h
Definition: bw6_761_g2.hpp:37
libff::Fp6_2over3_model::Frobenius_coeffs_c1
static my_Fp Frobenius_coeffs_c1[6]
non_residue^((modulus^i-1)/6) for i=0,1,2,3,4,5
Definition: fp6_2over3.hpp:44
libff::Fp_model
Definition: fp.hpp:20
libff::bw6_761_final_exponent_z
bigint< bw6_761_q_limbs > bw6_761_final_exponent_z
Definition: bw6_761_init.cpp:24
libff::Fp_model::nqr_to_t
static Fp_model< n, modulus > nqr_to_t
nqr^t
Definition: fp.hpp:72
libff::Fp_model::multiplicative_generator
static Fp_model< n, modulus > multiplicative_generator
generator of Fp^*
Definition: fp.hpp:74
libff::bw6_761_G1::h
static bigint< h_limbs > h
Definition: bw6_761_g1.hpp:35
libff::bw6_761_G1::G1_one
static bw6_761_G1 G1_one
Definition: bw6_761_g1.hpp:24
libff::bw6_761_G2::coeff_a
static bw6_761_Fq coeff_a
Definition: bw6_761_g2.hpp:26
libff::Fp_model::num_bits
static size_t num_bits
Definition: fp.hpp:60
libff::Fp3_model::non_residue
static my_Fp non_residue
Definition: fp3.hpp:49
bw6_761_g1.hpp
libff::Fp_model::inv
static mp_limb_t inv
-modulus^(-1) mod W, where W = 2^(word size)
Definition: fp.hpp:78
libff::bw6_761_twist_coeff_b
bw6_761_Fq bw6_761_twist_coeff_b
Definition: bw6_761_init.cpp:19
libff::Fp_model::Rsquared
static bigint< n > Rsquared
R^2, where R = W^k, where k = ??
Definition: fp.hpp:80
libff::bw6_761_G1
Definition: bw6_761_g1.hpp:14
libff::bw6_761_G2::wnaf_window_table
static std::vector< size_t > wnaf_window_table
Definition: bw6_761_g2.hpp:22
libff::bw6_761_Fq3
Fp3_model< bw6_761_q_limbs, bw6_761_modulus_q > bw6_761_Fq3
Definition: bw6_761_init.hpp:25
libff::Fp_model::Rcubed
static bigint< n > Rcubed
R^3.
Definition: fp.hpp:82
libff::Fp3_model::t
static bigint< 3 *n > t
with t odd
Definition: fp3.hpp:44
libff::bw6_761_ate_loop_count1
bigint< bw6_761_q_limbs > bw6_761_ate_loop_count1
Definition: bw6_761_init.cpp:21
Generated on Thu Aug 18 2022 12:42:18 for Clearmatics Libff by   doxygen 1.8.17