#include <bn128_g1.hpp>

Collaboration diagram for libff::bn128_G1:

Public Types
typedef bn128_Fq	base_field

typedef bn128_Fr	scalar_field

Public Member Functions
void	fill_coord (bn::Fp coord[3]) const

	bn128_G1 ()

	bn128_G1 (bn::Fp coord[3])

void	print () const

void	print_coordinates () const

void	to_affine_coordinates ()

void	to_special ()

bool	is_special () const

bool	is_zero () const

bool	operator== (const bn128_G1 &other) const

bool	operator!= (const bn128_G1 &other) const

bn128_G1	operator+ (const bn128_G1 &other) const

bn128_G1	operator- () const

bn128_G1	operator- (const bn128_G1 &other) const

bn128_G1	add (const bn128_G1 &other) const

bn128_G1	mixed_add (const bn128_G1 &other) const

bn128_G1	dbl () const

bn128_G1	mul_by_cofactor () const

bool	is_well_formed () const

bool	is_in_safe_subgroup () const

void	write_uncompressed (std::ostream &) const

void	write_compressed (std::ostream &) const

Static Public Member Functions
static const bn128_G1 &	zero ()

static const bn128_G1 &	one ()

static bn128_G1	random_element ()

static size_t	size_in_bits ()

static bigint< base_field::num_limbs >	base_field_char ()

static bigint< scalar_field::num_limbs >	order ()

static void	read_uncompressed (std::istream &, bn128_G1 &)

static void	read_compressed (std::istream &, bn128_G1 &)

static void	batch_to_special_all_non_zeros (std::vector< bn128_G1 > &vec)

Public Attributes
bn::Fp	X

bn::Fp	Y

bn::Fp	Z

Static Public Attributes
static std::vector< size_t >	wnaf_window_table

static std::vector< size_t >	fixed_base_exp_window_table

static bn128_G1	G1_zero

static bn128_G1	G1_one

static const mp_size_t	h_bitcount = 1

static const mp_size_t	h_limbs

static bigint< h_limbs >	h

Detailed Description

Definition at line 23 of file bn128_g1.hpp.

Member Typedef Documentation

◆ base_field

typedef bn128_Fq libff::bn128_G1::base_field

Definition at line 38 of file bn128_g1.hpp.

◆ scalar_field

typedef bn128_Fr libff::bn128_G1::scalar_field

Definition at line 39 of file bn128_g1.hpp.

Constructor & Destructor Documentation

◆ bn128_G1() [1/2]

libff::bn128_G1::bn128_G1 ( )

Definition at line 72 of file bn128_g1.cpp.

 {
     this->X = G1_zero.X;
     this->Y = G1_zero.Y;
     this->Z = G1_zero.Z;
 }

◆ bn128_G1() [2/2]

libff::bn128_G1::bn128_G1 ( bn::Fp coord[3] )

inline

Definition at line 57 of file bn128_g1.hpp.

57 : X(coord[0]), Y(coord[1]), Z(coord[2]){};

Member Function Documentation

◆ add()

bn128_G1 libff::bn128_G1::add ( const bn128_G1 & other ) const

Definition at line 195 of file bn128_g1.cpp.

 {
 #ifdef PROFILE_OP_COUNTS
     this->add_cnt++;
 #endif
  
     bn::Fp this_coord[3], other_coord[3], result_coord[3];
     this->fill_coord(this_coord);
     other.fill_coord(other_coord);
     bn::ecop::ECAdd(result_coord, this_coord, other_coord);
  
     bn128_G1 result(result_coord);
     return result;
 }

Here is the call graph for this function:

Here is the caller graph for this function:

◆ base_field_char()

static bigint<base_field::num_limbs> libff::bn128_G1::base_field_char ( )

inlinestatic

Definition at line 88 of file bn128_g1.hpp.

     {
         return base_field::field_char();
     }

Here is the call graph for this function:

◆ batch_to_special_all_non_zeros()

void libff::bn128_G1::batch_to_special_all_non_zeros ( std::vector< bn128_G1 > & vec )

static

Definition at line 469 of file bn128_g1.cpp.

 {
     std::vector<bn::Fp> Z_vec;
     Z_vec.reserve(vec.size());
  
     for (auto &el : vec) {
         Z_vec.emplace_back(el.Z);
     }
     bn_batch_invert<bn::Fp>(Z_vec);
  
     const bn::Fp one = 1;
  
     for (size_t i = 0; i < vec.size(); ++i) {
         bn::Fp Z2, Z3;
         bn::Fp::square(Z2, Z_vec[i]);
         bn::Fp::mul(Z3, Z2, Z_vec[i]);
  
         bn::Fp::mul(vec[i].X, vec[i].X, Z2);
         bn::Fp::mul(vec[i].Y, vec[i].Y, Z3);
         vec[i].Z = one;
     }
 }

Here is the call graph for this function:

◆ dbl()

bn128_G1 libff::bn128_G1::dbl ( ) const

Definition at line 294 of file bn128_g1.cpp.

 {
 #ifdef PROFILE_OP_COUNTS
     this->dbl_cnt++;
 #endif
  
     bn::Fp this_coord[3], result_coord[3];
     this->fill_coord(this_coord);
     bn::ecop::ECDouble(result_coord, this_coord);
  
     bn128_G1 result(result_coord);
     return result;
 }

Here is the call graph for this function:

Here is the caller graph for this function:

◆ fill_coord()

void libff::bn128_G1::fill_coord ( bn::Fp coord[3] ) const

inline

Definition at line 48 of file bn128_g1.hpp.

     {
         coord[0] = this->X;
         coord[1] = this->Y;
         coord[2] = this->Z;
         return;
     };

Here is the caller graph for this function:

◆ is_in_safe_subgroup()

bool libff::bn128_G1::is_in_safe_subgroup ( ) const

Definition at line 352 of file bn128_g1.cpp.

352 { return true; }

◆ is_special()

bool libff::bn128_G1::is_special ( ) const

Definition at line 121 of file bn128_g1.cpp.

121 { return (this->is_zero() || this->Z == 1); }

Here is the call graph for this function:

Here is the caller graph for this function:

◆ is_well_formed()

bool libff::bn128_G1::is_well_formed ( ) const

Definition at line 323 of file bn128_g1.cpp.

 {
     if (this->is_zero()) {
         return true;
     } else {
         /*
           y^2 = x^3 + b
  
           We are using Jacobian coordinates, so equation we need to check is
           actually
  
           (y/z^3)^2 = (x/z^2)^3 + b
           y^2 / z^6 = x^3 / z^6 + b
           y^2 = x^3 + b z^6
         */
         bn::Fp X2, Y2, Z2;
         bn::Fp::square(X2, this->X);
         bn::Fp::square(Y2, this->Y);
         bn::Fp::square(Z2, this->Z);
  
         bn::Fp X3, Z3, Z6;
         bn::Fp::mul(X3, X2, this->X);
         bn::Fp::mul(Z3, Z2, this->Z);
         bn::Fp::square(Z6, Z3);
  
         return (Y2 == X3 + bn128_coeff_b * Z6);
     }
 }

Here is the call graph for this function:

◆ is_zero()

bool libff::bn128_G1::is_zero ( ) const

Definition at line 123 of file bn128_g1.cpp.

123 { return Z.isZero(); }

Here is the caller graph for this function:

◆ mixed_add()

bn128_G1 libff::bn128_G1::mixed_add ( const bn128_G1 & other ) const

Definition at line 210 of file bn128_g1.cpp.

 {
     if (this->is_zero()) {
         return other;
     }
  
     if (other.is_zero()) {
         return *this;
     }
  
     // no need to handle points of order 2,4
     // (they cannot exist in a prime-order subgroup)
  
 #ifdef DEBUG
     assert(other.is_special());
 #endif
  
     // check for doubling case
  
     // using Jacobian coordinates so:
     // (X1:Y1:Z1) = (X2:Y2:Z2)
     // iff
     // X1/Z1^2 == X2/Z2^2 and Y1/Z1^3 == Y2/Z2^3
     // iff
     // X1 * Z2^2 == X2 * Z1^2 and Y1 * Z2^3 == Y2 * Z1^3
  
     // we know that Z2 = 1
  
     bn::Fp Z1Z1;
     bn::Fp::square(Z1Z1, this->Z);
     const bn::Fp &U1 = this->X;
     bn::Fp U2;
     bn::Fp::mul(U2, other.X, Z1Z1);
     bn::Fp Z1_cubed;
     bn::Fp::mul(Z1_cubed, this->Z, Z1Z1);
  
     const bn::Fp &S1 = this->Y;
     bn::Fp S2;
     bn::Fp::mul(S2, other.Y, Z1_cubed); // S2 = Y2*Z1*Z1Z1
  
     if (U1 == U2 && S1 == S2) {
         // dbl case; nothing of above can be reused
         return this->dbl();
     }
  
 #ifdef PROFILE_OP_COUNTS
     this->add_cnt++;
 #endif
  
     bn128_G1 result;
     bn::Fp H, HH, I, J, r, V, tmp;
     // H = U2-X1
     bn::Fp::sub(H, U2, this->X);
     // HH = H^2
     bn::Fp::square(HH, H);
     // I = 4*HH
     bn::Fp::add(tmp, HH, HH);
     bn::Fp::add(I, tmp, tmp);
     // J = H*I
     bn::Fp::mul(J, H, I);
     // r = 2*(S2-Y1)
     bn::Fp::sub(tmp, S2, this->Y);
     bn::Fp::add(r, tmp, tmp);
     // V = X1*I
     bn::Fp::mul(V, this->X, I);
     // X3 = r^2-J-2*V
     bn::Fp::square(result.X, r);
     bn::Fp::sub(result.X, result.X, J);
     bn::Fp::sub(result.X, result.X, V);
     bn::Fp::sub(result.X, result.X, V);
     // Y3 = r*(V-X3)-2*Y1*J
     bn::Fp::sub(tmp, V, result.X);
     bn::Fp::mul(result.Y, r, tmp);
     bn::Fp::mul(tmp, this->Y, J);
     bn::Fp::sub(result.Y, result.Y, tmp);
     bn::Fp::sub(result.Y, result.Y, tmp);
     // Z3 = (Z1+H)^2-Z1Z1-HH
     bn::Fp::add(tmp, this->Z, H);
     bn::Fp::square(result.Z, tmp);
     bn::Fp::sub(result.Z, result.Z, Z1Z1);
     bn::Fp::sub(result.Z, result.Z, HH);
     return result;
 }

Here is the call graph for this function:

◆ mul_by_cofactor()

bn128_G1 libff::bn128_G1::mul_by_cofactor ( ) const

Definition at line 308 of file bn128_g1.cpp.

 {
     // Cofactor = 1
     return (*this);
 }

◆ one()

const bn128_G1 & libff::bn128_G1::one ( )

static

Definition at line 316 of file bn128_g1.cpp.

316 { return G1_one; }

Here is the caller graph for this function:

◆ operator!=()

bool libff::bn128_G1::operator!= ( const bn128_G1 & other ) const

Definition at line 156 of file bn128_g1.cpp.

 {
     return !(operator==(other));
 }

Here is the call graph for this function:

◆ operator+()

bn128_G1 libff::bn128_G1::operator+ ( const bn128_G1 & other ) const

Definition at line 161 of file bn128_g1.cpp.

 {
     // handle special cases having to do with O
     if (this->is_zero()) {
         return other;
     }
  
     if (other.is_zero()) {
         return *this;
     }
  
     // no need to handle points of order 2,4
     // (they cannot exist in a prime-order subgroup)
  
     // handle double case, and then all the rest
     if (this->operator==(other)) {
         return this->dbl();
     } else {
         return this->add(other);
     }
 }

Here is the call graph for this function:

◆ operator-() [1/2]

bn128_G1 libff::bn128_G1::operator- ( ) const

Definition at line 183 of file bn128_g1.cpp.

 {
     bn128_G1 result(*this);
     bn::Fp::neg(result.Y, result.Y);
     return result;
 }

◆ operator-() [2/2]

bn128_G1 libff::bn128_G1::operator- ( const bn128_G1 & other ) const

Definition at line 190 of file bn128_g1.cpp.

 {
     return (*this) + (-other);
 }

◆ operator==()

bool libff::bn128_G1::operator== ( const bn128_G1 & other ) const

Definition at line 125 of file bn128_g1.cpp.

 {
     if (this->is_zero()) {
         return other.is_zero();
     }
  
     if (other.is_zero()) {
         return false;
     }
  
     /* now neither is O */
  
     bn::Fp Z1sq, Z2sq, lhs, rhs;
     bn::Fp::square(Z1sq, this->Z);
     bn::Fp::square(Z2sq, other.Z);
     bn::Fp::mul(lhs, Z2sq, this->X);
     bn::Fp::mul(rhs, Z1sq, other.X);
  
     if (lhs != rhs) {
         return false;
     }
  
     bn::Fp Z1cubed, Z2cubed;
     bn::Fp::mul(Z1cubed, Z1sq, this->Z);
     bn::Fp::mul(Z2cubed, Z2sq, other.Z);
     bn::Fp::mul(lhs, Z2cubed, this->Y);
     bn::Fp::mul(rhs, Z1cubed, other.Y);
  
     return (lhs == rhs);
 }

Here is the call graph for this function:

Here is the caller graph for this function:

◆ order()

static bigint<scalar_field::num_limbs> libff::bn128_G1::order ( )

inlinestatic

Definition at line 92 of file bn128_g1.hpp.

     {
         return scalar_field::field_char();
     }

Here is the call graph for this function:

◆ print()

void libff::bn128_G1::print ( ) const

Definition at line 79 of file bn128_g1.cpp.

 {
     if (this->is_zero()) {
         printf("O\n");
     } else {
         bn128_G1 copy(*this);
         copy.to_affine_coordinates();
         std::cout << "(" << copy.X.toString(10) << " : " << copy.Y.toString(10)
                   << " : " << copy.Z.toString(10) << ")\n";
     }
 }

Here is the call graph for this function:

◆ print_coordinates()

void libff::bn128_G1::print_coordinates ( ) const

Definition at line 91 of file bn128_g1.cpp.

 {
     if (this->is_zero()) {
         printf("O\n");
     } else {
         std::cout << "(" << X.toString(10) << " : " << Y.toString(10) << " : "
                   << Z.toString(10) << ")\n";
     }
 }

Here is the call graph for this function:

◆ random_element()

bn128_G1 libff::bn128_G1::random_element ( )

static

Definition at line 318 of file bn128_g1.cpp.

 {
     return bn128_Fr::random_element().as_bigint() * G1_one;
 }

Here is the call graph for this function:

◆ read_compressed()

void libff::bn128_G1::read_compressed	(	std::istream &	in,
		bn128_G1 &	g
	)

static

Definition at line 408 of file bn128_g1.cpp.

 {
     char is_zero;
     // this reads is_zero;
     in.read((char *)&is_zero, 1);
     is_zero -= '0';
     consume_OUTPUT_SEPARATOR(in);
  
     bn::Fp tX;
 #ifndef BINARY_OUTPUT
     in >> tX;
 #else
     in.read((char *)&tX, sizeof(tX));
 #endif
     consume_OUTPUT_SEPARATOR(in);
     unsigned char Y_lsb;
     in.read((char *)&Y_lsb, 1);
     Y_lsb -= '0';
  
     // y = +/- sqrt(x^3 + b)
     if (!is_zero) {
         g.X = tX;
         bn::Fp tX2, tY2;
         bn::Fp::square(tX2, tX);
         bn::Fp::mul(tY2, tX2, tX);
         bn::Fp::add(tY2, tY2, bn128_coeff_b);
  
         g.Y = bn128_G1::sqrt(tY2);
         if ((((unsigned char *)&g.Y)[0] & 1) != Y_lsb) {
             bn::Fp::neg(g.Y, g.Y);
         }
     }
  
     /* finalize */
     if (!is_zero) {
         g.Z = bn::Fp(1);
     } else {
         g = bn128_G1::zero();
     }
 }

Here is the call graph for this function:

Here is the caller graph for this function:

◆ read_uncompressed()

void libff::bn128_G1::read_uncompressed	(	std::istream &	in,
		bn128_G1 &	g
	)

static

Definition at line 384 of file bn128_g1.cpp.

 {
     char is_zero;
     in.read((char *)&is_zero, 1); // this reads is_zero;
     is_zero -= '0';
     consume_OUTPUT_SEPARATOR(in);
  
 #ifndef BINARY_OUTPUT
     in >> g.X;
     consume_OUTPUT_SEPARATOR(in);
     in >> g.Y;
 #else
     in.read((char *)&g.X, sizeof(g.X));
     in.read((char *)&g.Y, sizeof(g.Y));
 #endif
  
     /* finalize */
     if (!is_zero) {
         g.Z = bn::Fp(1);
     } else {
         g = bn128_G1::zero();
     }
 }

Here is the call graph for this function:

Here is the caller graph for this function:

◆ size_in_bits()

static size_t libff::bn128_G1::size_in_bits ( )

inlinestatic

Definition at line 87 of file bn128_g1.hpp.

87 { return bn128_Fq::size_in_bits() + 1; }

Here is the call graph for this function:

◆ to_affine_coordinates()

void libff::bn128_G1::to_affine_coordinates ( )

Definition at line 101 of file bn128_g1.cpp.

 {
     if (this->is_zero()) {
         X = 0;
         Y = 1;
         Z = 0;
     } else {
         bn::Fp r;
         r = Z;
         r.inverse();
         bn::Fp::square(Z, r);
         X *= Z;
         r *= Z;
         Y *= r;
         Z = 1;
     }
 }

Here is the call graph for this function:

Here is the caller graph for this function:

◆ to_special()

void libff::bn128_G1::to_special ( )

Definition at line 119 of file bn128_g1.cpp.

119 { this->to_affine_coordinates(); }

Here is the call graph for this function:

◆ write_compressed()

void libff::bn128_G1::write_compressed ( std::ostream & out ) const

Definition at line 369 of file bn128_g1.cpp.

 {
     bn128_G1 gcopy(*this);
     gcopy.to_affine_coordinates();
  
     out << (gcopy.is_zero() ? '1' : '0') << OUTPUT_SEPARATOR;
  
 #ifndef BINARY_OUTPUT
     out << gcopy.X;
 #else
     out.write((char *)&gcopy.X, sizeof(gcopy.X));
 #endif
     out << OUTPUT_SEPARATOR << (((unsigned char *)&gcopy.Y)[0] & 1 ? '1' : '0');
 }

Here is the call graph for this function:

Here is the caller graph for this function:

◆ write_uncompressed()

void libff::bn128_G1::write_uncompressed ( std::ostream & out ) const

Definition at line 354 of file bn128_g1.cpp.

 {
     bn128_G1 gcopy(*this);
     gcopy.to_affine_coordinates();
  
     out << (gcopy.is_zero() ? '1' : '0') << OUTPUT_SEPARATOR;
  
 #ifndef BINARY_OUTPUT
     out << gcopy.X << OUTPUT_SEPARATOR << gcopy.Y;
 #else
     out.write((char *)&gcopy.X, sizeof(gcopy.X));
     out.write((char *)&gcopy.Y, sizeof(gcopy.Y));
 #endif
 }

Here is the call graph for this function:

Here is the caller graph for this function:

◆ zero()

const bn128_G1 & libff::bn128_G1::zero ( )

static

Definition at line 314 of file bn128_g1.cpp.

314 { return G1_zero; }

Here is the caller graph for this function:

Member Data Documentation

◆ fixed_base_exp_window_table

std::vector< size_t > libff::bn128_G1::fixed_base_exp_window_table

static

Definition at line 34 of file bn128_g1.hpp.

◆ G1_one

bn128_G1 libff::bn128_G1::G1_one

static

Definition at line 36 of file bn128_g1.hpp.

◆ G1_zero

bn128_G1 libff::bn128_G1::G1_zero

static

Definition at line 35 of file bn128_g1.hpp.

◆ h

bigint< bn128_G1::h_limbs > libff::bn128_G1::h

static

Definition at line 45 of file bn128_g1.hpp.

◆ h_bitcount

const mp_size_t libff::bn128_G1::h_bitcount = 1

static

Definition at line 42 of file bn128_g1.hpp.

◆ h_limbs

const mp_size_t libff::bn128_G1::h_limbs

static

Initial value:

=

(h_bitcount + GMP_NUMB_BITS - 1) / GMP_NUMB_BITS

Definition at line 43 of file bn128_g1.hpp.

◆ wnaf_window_table

std::vector< size_t > libff::bn128_G1::wnaf_window_table

static

Definition at line 33 of file bn128_g1.hpp.

◆ X

bn::Fp libff::bn128_G1::X

Definition at line 47 of file bn128_g1.hpp.

◆ Y

bn::Fp libff::bn128_G1::Y

Definition at line 47 of file bn128_g1.hpp.

◆ Z

bn::Fp libff::bn128_G1::Z

Definition at line 47 of file bn128_g1.hpp.

The documentation for this class was generated from the following files:

/home/runner/work/libff/libff/libff/algebra/curves/bn128/bn128_g1.hpp
/home/runner/work/libff/libff/libff/algebra/curves/bn128/bn128_g1.cpp

Public Types

Public Member Functions

Static Public Member Functions

Public Attributes

Static Public Attributes

Detailed Description

Member Typedef Documentation

◆ base_field

◆ scalar_field

Constructor & Destructor Documentation

◆ bn128_G1() [1/2]

◆ bn128_G1() [2/2]

Member Function Documentation

◆ add()

◆ base_field_char()

◆ batch_to_special_all_non_zeros()

◆ dbl()

◆ fill_coord()

◆ is_in_safe_subgroup()

◆ is_special()

◆ is_well_formed()

◆ is_zero()

◆ mixed_add()

◆ mul_by_cofactor()

◆ one()

◆ operator!=()

◆ operator+()

◆ operator-() [1/2]

◆ operator-() [2/2]

◆ operator==()

◆ order()

◆ print()

◆ print_coordinates()

◆ random_element()

◆ read_compressed()

◆ read_uncompressed()

◆ size_in_bits()

◆ to_affine_coordinates()

◆ to_special()

◆ write_compressed()

◆ write_uncompressed()

◆ zero()

Member Data Documentation

◆ fixed_base_exp_window_table

◆ G1_one

◆ G1_zero

◆ h

◆ h_bitcount

◆ h_limbs

◆ wnaf_window_table

◆ X

◆ Y

◆ Z