libff::edwards_G1 Class Reference

#include <edwards_g1.hpp>

Collaboration diagram for libff::edwards_G1:

Public Types
typedef edwards_Fq	base_field
typedef edwards_Fr	scalar_field

Public Member Functions
	edwards_G1 ()
	edwards_G1 (const edwards_Fq &X, const edwards_Fq &Y)
void	print () const
void	print_coordinates () const
void	to_affine_coordinates ()
void	to_special ()
bool	is_special () const
bool	is_zero () const
bool	operator== (const edwards_G1 &other) const
bool	operator!= (const edwards_G1 &other) const
edwards_G1	operator+ (const edwards_G1 &other) const
edwards_G1	operator- () const
edwards_G1	operator- (const edwards_G1 &other) const
edwards_G1	add (const edwards_G1 &other) const
edwards_G1	mixed_add (const edwards_G1 &other) const
edwards_G1	dbl () const
bool	is_well_formed () const
void	write_uncompressed (std::ostream &) const
void	write_compressed (std::ostream &) const

Static Public Member Functions
static const edwards_G1 &	zero ()
static const edwards_G1 &	one ()
static edwards_G1	random_element ()
static size_t	size_in_bits ()
static bigint< base_field::num_limbs >	base_field_char ()
static bigint< scalar_field::num_limbs >	order ()
static void	read_uncompressed (std::istream &, edwards_G1 &)
static void	read_compressed (std::istream &, edwards_G1 &)
static void	batch_to_special_all_non_zeros (std::vector< edwards_G1 > &vec)

Public Attributes
edwards_Fq	X
edwards_Fq	Y
edwards_Fq	Z

Static Public Attributes
static std::vector< size_t >	wnaf_window_table
static std::vector< size_t >	fixed_base_exp_window_table
static edwards_G1	G1_zero
static edwards_G1	G1_one

Detailed Description

Definition at line 21 of file edwards_g1.hpp.

Member Typedef Documentation

base_field

typedef edwards_Fq libff::edwards_G1::base_field

Definition at line 38 of file edwards_g1.hpp.

scalar_field

typedef edwards_Fr libff::edwards_G1::scalar_field

Definition at line 42 of file edwards_g1.hpp.

Constructor & Destructor Documentation

edwards_G1() [1/2]

libff::edwards_G1::edwards_G1

(

)

Definition at line 23 of file edwards_g1.cpp.

{
    this->X = G1_zero.X;
    this->Y = G1_zero.Y;
    this->Z = G1_zero.Z;
}

Here is the caller graph for this function:

edwards_G1() [2/2]

libff::edwards_G1::edwards_G1 ( const edwards_Fq &  X, const edwards_Fq &  Y  )

inline

Definition at line 44 of file edwards_g1.hpp.

        : X(Y), Y(X), Z(X * Y){};

Member Function Documentation

add()

edwards_G1 libff::edwards_G1::add

(

const edwards_G1 &

other

)

const

Definition at line 165 of file edwards_g1.cpp.

{
#ifdef PROFILE_OP_COUNTS
    this->add_cnt++;
#endif
    // NOTE: does not handle O and pts of order 2,4
    // http://www.hyperelliptic.org/EFD/g1p/auto-edwards-inverted.html#addition-add-2007-bl
 
    // A = Z1*Z2
    edwards_Fq A = (this->Z) * (other.Z);
    // B = d*A^2
    edwards_Fq B = edwards_coeff_d * A.squared();
    // C = X1*X2
    edwards_Fq C = (this->X) * (other.X);
    // D = Y1*Y2
    edwards_Fq D = (this->Y) * (other.Y);
    // E = C*D
    edwards_Fq E = C * D;
    // H = C-D
    edwards_Fq H = C - D;
    // I = (X1+Y1)*(X2+Y2)-C-D
    edwards_Fq I = (this->X + this->Y) * (other.X + other.Y) - C - D;
    // X3 = c*(E+B)*H
    edwards_Fq X3 = (E + B) * H;
    // Y3 = c*(E-B)*I
    edwards_Fq Y3 = (E - B) * I;
    // Z3 = A*H*I
    edwards_Fq Z3 = A * H * I;
 
    return edwards_G1(X3, Y3, Z3);
}

Here is the call graph for this function:

Here is the caller graph for this function:

base_field_char()

static bigint<base_field::num_limbs> libff::edwards_G1::base_field_char ( )

inlinestatic

Definition at line 74 of file edwards_g1.hpp.

    {
        return base_field::field_char();
    }

Here is the call graph for this function:

batch_to_special_all_non_zeros()

void libff::edwards_G1::batch_to_special_all_non_zeros ( std::vector< edwards_G1 > &  vec )

static

Definition at line 388 of file edwards_g1.cpp.

{
    std::vector<edwards_Fq> Z_vec;
    Z_vec.reserve(vec.size());
 
    for (auto &el : vec) {
        Z_vec.emplace_back(el.Z);
    }
    batch_invert<edwards_Fq>(Z_vec);
 
    const edwards_Fq one = edwards_Fq::one();
 
    for (size_t i = 0; i < vec.size(); ++i) {
        vec[i].X = vec[i].X * Z_vec[i];
        vec[i].Y = vec[i].Y * Z_vec[i];
        vec[i].Z = one;
    }
}

Here is the call graph for this function:

dbl()

edwards_G1 libff::edwards_G1::dbl

(

)

const

Definition at line 242 of file edwards_g1.cpp.

{
#ifdef PROFILE_OP_COUNTS
    this->dbl_cnt++;
#endif
    if (this->is_zero()) {
        return (*this);
    } else {
        // NOTE: does not handle O and pts of order 2,4
        // http://www.hyperelliptic.org/EFD/g1p/auto-edwards-inverted.html#doubling-dbl-2007-bl
 
        // A = X1^2
        edwards_Fq A = (this->X).squared();
        // B = Y1^2
        edwards_Fq B = (this->Y).squared();
        // C = A+B
        edwards_Fq C = A + B;
        // D = A-B
        edwards_Fq D = A - B;
        // E = (X1+Y1)^2-C
        edwards_Fq E = (this->X + this->Y).squared() - C;
        // X3 = C*D
        edwards_Fq X3 = C * D;
        edwards_Fq dZZ = edwards_coeff_d * this->Z.squared();
        // Y3 = E*(C-2*d*Z1^2)
        edwards_Fq Y3 = E * (C - dZZ - dZZ);
        // Z3 = D*E
        edwards_Fq Z3 = D * E;
 
        return edwards_G1(X3, Y3, Z3);
    }
}

Here is the call graph for this function:

is_special()

bool libff::edwards_G1::is_special

(

)

const

Definition at line 101 of file edwards_g1.cpp.

{
    return (this->is_zero() || this->Z == edwards_Fq::one());
}

Here is the call graph for this function:

Here is the caller graph for this function:

is_well_formed()

bool libff::edwards_G1::is_well_formed

(

)

const

Definition at line 275 of file edwards_g1.cpp.

{
    /* Note that point at infinity is the only special case we must check as
       inverted representation does no cover points (0, +-c) and (+-c, 0). */
    if (this->is_zero()) {
        return true;
    } else {
        // a x^2 + y^2 = 1 + d x^2 y^2
        //
        // We are using inverted, so equation we need to check is actually
        //
        // a (z/x)^2 + (z/y)^2 = 1 + d z^4 / (x^2 * y^2)
        // z^2 (a y^2 + x^2 - dz^2) = x^2 y^2
        edwards_Fq X2 = this->X.squared();
        edwards_Fq Y2 = this->Y.squared();
        edwards_Fq Z2 = this->Z.squared();
 
        // for G1 a = 1
        return (Z2 * (Y2 + X2 - edwards_coeff_d * Z2) == X2 * Y2);
    }
}

Here is the call graph for this function:

is_zero()

bool libff::edwards_G1::is_zero

(

)

const

Definition at line 106 of file edwards_g1.cpp.

{
    return (this->Y.is_zero() && this->Z.is_zero());
}

Here is the call graph for this function:

Here is the caller graph for this function:

mixed_add()

edwards_G1 libff::edwards_G1::mixed_add

(

const edwards_G1 &

other

)

const

Definition at line 197 of file edwards_g1.cpp.

{
#ifdef PROFILE_OP_COUNTS
    this->add_cnt++;
#endif
    // handle special cases having to do with O
    if (this->is_zero()) {
        return other;
    }
 
    if (other.is_zero()) {
        return *this;
    }
 
#ifdef DEBUG
    assert(other.is_special());
#endif
 
    // NOTE: does not handle O and pts of order 2,4
    // http://www.hyperelliptic.org/EFD/g1p/auto-edwards-inverted.html#addition-madd-2007-lb
 
    // A = Z1
    edwards_Fq A = this->Z;
    // B = d*A^2
    edwards_Fq B = edwards_coeff_d * A.squared();
    // C = X1*X2
    edwards_Fq C = (this->X) * (other.X);
    // D = Y1*Y2
    edwards_Fq D = (this->Y) * (other.Y);
    // E = C*D
    edwards_Fq E = C * D;
    // H = C-D
    edwards_Fq H = C - D;
    // I = (X1+Y1)*(X2+Y2)-C-D
    edwards_Fq I = (this->X + this->Y) * (other.X + other.Y) - C - D;
    // X3 = c*(E+B)*H
    edwards_Fq X3 = (E + B) * H;
    // Y3 = c*(E-B)*I
    edwards_Fq Y3 = (E - B) * I;
    // Z3 = A*H*I
    edwards_Fq Z3 = A * H * I;
 
    return edwards_G1(X3, Y3, Z3);
}

Here is the call graph for this function:

one()

const edwards_G1 & libff::edwards_G1::one ( )

static

Definition at line 299 of file edwards_g1.cpp.

{ return G1_one; }

Here is the caller graph for this function:

operator!=()

bool libff::edwards_G1::operator!=

(

const edwards_G1 &

other

)

const

Definition at line 136 of file edwards_g1.cpp.

{
    return !(operator==(other));
}

Here is the call graph for this function:

operator+()

edwards_G1 libff::edwards_G1::operator+

(

const edwards_G1 &

other

)

const

Definition at line 141 of file edwards_g1.cpp.

{
    // handle special cases having to do with O
    if (this->is_zero()) {
        return other;
    }
 
    if (other.is_zero()) {
        return (*this);
    }
 
    return this->add(other);
}

Here is the call graph for this function:

operator-() [1/2]

edwards_G1 libff::edwards_G1::operator-

(

)

const

Definition at line 155 of file edwards_g1.cpp.

{
    return edwards_G1(-(this->X), this->Y, this->Z);
}

Here is the call graph for this function:

operator-() [2/2]

edwards_G1 libff::edwards_G1::operator-

(

const edwards_G1 &

other

)

const

Definition at line 160 of file edwards_g1.cpp.

{
    return (*this) + (-other);
}

operator==()

bool libff::edwards_G1::operator==

(

const edwards_G1 &

other

)

const

Definition at line 111 of file edwards_g1.cpp.

{
    if (this->is_zero()) {
        return other.is_zero();
    }
 
    if (other.is_zero()) {
        return false;
    }
 
    // now neither is O
 
    // X1/Z1 = X2/Z2 <=> X1*Z2 = X2*Z1
    if ((this->X * other.Z) != (other.X * this->Z)) {
        return false;
    }
 
    // Y1/Z1 = Y2/Z2 <=> Y1*Z2 = Y2*Z1
    if ((this->Y * other.Z) != (other.Y * this->Z)) {
        return false;
    }
 
    return true;
}

Here is the call graph for this function:

Here is the caller graph for this function:

order()

static bigint<scalar_field::num_limbs> libff::edwards_G1::order ( )

inlinestatic

Definition at line 78 of file edwards_g1.hpp.

    {
        return scalar_field::field_char();
    }

Here is the call graph for this function:

print()

void libff::edwards_G1::print

(

)

const

Definition at line 30 of file edwards_g1.cpp.

{
    if (this->is_zero()) {
        printf("O\n");
    } else {
        edwards_G1 copy(*this);
        copy.to_affine_coordinates();
        gmp_printf(
            "(%Nd , %Nd)\n",
            copy.X.as_bigint().data,
            edwards_Fq::num_limbs,
            copy.Y.as_bigint().data,
            edwards_Fq::num_limbs);
    }
}

Here is the call graph for this function:

print_coordinates()

void libff::edwards_G1::print_coordinates

(

)

const

Definition at line 46 of file edwards_g1.cpp.

{
    if (this->is_zero()) {
        printf("O\n");
    } else {
        gmp_printf(
            "(%Nd : %Nd : %Nd)\n",
            this->X.as_bigint().data,
            edwards_Fq::num_limbs,
            this->Y.as_bigint().data,
            edwards_Fq::num_limbs,
            this->Z.as_bigint().data,
            edwards_Fq::num_limbs);
    }
}

Here is the call graph for this function:

random_element()

edwards_G1 libff::edwards_G1::random_element ( )

static

Definition at line 301 of file edwards_g1.cpp.

{
    return edwards_Fr::random_element().as_bigint() * G1_one;
}

Here is the call graph for this function:

read_compressed()

void libff::edwards_G1::read_compressed ( std::istream &  in, edwards_G1 &  g  )

static

Definition at line 337 of file edwards_g1.cpp.

{
    // a x^2 + y^2 = 1 + d x^2 y^2
    // y = sqrt((1-ax^2)/(1-dx^2))
    edwards_Fq tX, tY;
    unsigned char Y_lsb;
    in >> tX;
 
    consume_OUTPUT_SEPARATOR(in);
    in.read((char *)&Y_lsb, 1);
    Y_lsb -= '0';
 
    edwards_Fq tX2 = tX.squared();
    edwards_Fq tY2 = (edwards_Fq::one() - tX2) * // a = 1 for G1 (not a twist)
                     (edwards_Fq::one() - edwards_coeff_d * tX2).inverse();
    tY = tY2.sqrt();
 
    if ((tY.as_bigint().data[0] & 1) != Y_lsb) {
        tY = -tY;
    }
 
    // using inverted coordinates
    g.X = tY;
    g.Y = tX;
    g.Z = tX * tY;
 
#ifdef USE_MIXED_ADDITION
    g.to_special();
#endif
}

Here is the call graph for this function:

Here is the caller graph for this function:

read_uncompressed()

void libff::edwards_G1::read_uncompressed ( std::istream &  in, edwards_G1 &  g  )

static

Definition at line 320 of file edwards_g1.cpp.

{
    edwards_Fq tX, tY;
    in >> tX;
    consume_OUTPUT_SEPARATOR(in);
    in >> tY;
 
    // using inverted coordinates
    g.X = tY;
    g.Y = tX;
    g.Z = tX * tY;
 
#ifdef USE_MIXED_ADDITION
    g.to_special();
#endif
}

Here is the call graph for this function:

Here is the caller graph for this function:

size_in_bits()

static size_t libff::edwards_G1::size_in_bits ( )

inlinestatic

Definition at line 73 of file edwards_g1.hpp.

{ return edwards_Fq::size_in_bits() + 1; }

Here is the call graph for this function:

to_affine_coordinates()

void libff::edwards_G1::to_affine_coordinates

(

)

Definition at line 62 of file edwards_g1.cpp.

{
    if (this->is_zero()) {
        this->X = edwards_Fq::zero();
        this->Y = edwards_Fq::one();
        this->Z = edwards_Fq::one();
    } else {
        // go from inverted coordinates to projective coordinates
        edwards_Fq tX = this->Y * this->Z;
        edwards_Fq tY = this->X * this->Z;
        edwards_Fq tZ = this->X * this->Y;
        // go from projective coordinates to affine coordinates
        edwards_Fq tZ_inv = tZ.inverse();
        this->X = tX * tZ_inv;
        this->Y = tY * tZ_inv;
        this->Z = edwards_Fq::one();
    }
}

Here is the call graph for this function:

Here is the caller graph for this function:

to_special()

void libff::edwards_G1::to_special

(

)

Definition at line 81 of file edwards_g1.cpp.

{
    if (this->Z.is_zero()) {
        return;
    }
 
#ifdef DEBUG
    const edwards_G1 copy(*this);
#endif
 
    edwards_Fq Z_inv = this->Z.inverse();
    this->X = this->X * Z_inv;
    this->Y = this->Y * Z_inv;
    this->Z = edwards_Fq::one();
 
#ifdef DEBUG
    assert((*this) == copy);
#endif
}

Here is the call graph for this function:

Here is the caller graph for this function:

write_compressed()

void libff::edwards_G1::write_compressed

(

std::ostream &

out

)

const

Definition at line 313 of file edwards_g1.cpp.

{
    edwards_G1 copy(*this);
    copy.to_affine_coordinates();
    out << copy.X << OUTPUT_SEPARATOR << (copy.Y.as_bigint().data[0] & 1);
}

Here is the call graph for this function:

Here is the caller graph for this function:

write_uncompressed()

void libff::edwards_G1::write_uncompressed

(

std::ostream &

out

)

const

Definition at line 306 of file edwards_g1.cpp.

{
    edwards_G1 copy(*this);
    copy.to_affine_coordinates();
    out << copy.X << OUTPUT_SEPARATOR << copy.Y;
}

Here is the call graph for this function:

Here is the caller graph for this function:

zero()

const edwards_G1 & libff::edwards_G1::zero ( )

static

Definition at line 297 of file edwards_g1.cpp.

{ return G1_zero; }

Member Data Documentation

fixed_base_exp_window_table

std::vector< size_t > libff::edwards_G1::fixed_base_exp_window_table

static

Definition at line 29 of file edwards_g1.hpp.

G1_one

edwards_G1 libff::edwards_G1::G1_one

static

Definition at line 31 of file edwards_g1.hpp.

G1_zero

edwards_G1 libff::edwards_G1::G1_zero

static

Definition at line 30 of file edwards_g1.hpp.

wnaf_window_table

std::vector< size_t > libff::edwards_G1::wnaf_window_table

static

Definition at line 28 of file edwards_g1.hpp.

X

edwards_Fq libff::edwards_G1::X

Definition at line 33 of file edwards_g1.hpp.

Y

edwards_Fq libff::edwards_G1::Y

Definition at line 33 of file edwards_g1.hpp.

Z

edwards_Fq libff::edwards_G1::Z

Definition at line 33 of file edwards_g1.hpp.

---

The documentation for this class was generated from the following files:

• /home/runner/work/libff/libff/libff/algebra/curves/edwards/edwards_g1.hpp
• /home/runner/work/libff/libff/libff/algebra/curves/edwards/edwards_g1.cpp