#include <edwards_g2.hpp>

Collaboration diagram for libff::edwards_G2:

[legend]

Public Types
typedef edwards_Fq	base_field

typedef edwards_Fq3	twist_field

typedef edwards_Fr	scalar_field

Public Member Functions
	edwards_G2 ()

	edwards_G2 (const edwards_Fq3 &X, const edwards_Fq3 &Y)

void	print () const

void	print_coordinates () const

void	to_affine_coordinates ()

void	to_special ()

bool	is_special () const

bool	is_zero () const

bool	operator== (const edwards_G2 &other) const

bool	operator!= (const edwards_G2 &other) const

edwards_G2	operator+ (const edwards_G2 &other) const

edwards_G2	operator- () const

edwards_G2	operator- (const edwards_G2 &other) const

edwards_G2	add (const edwards_G2 &other) const

edwards_G2	mixed_add (const edwards_G2 &other) const

edwards_G2	dbl () const

edwards_G2	mul_by_q () const

bool	is_well_formed () const

void	write_uncompressed (std::ostream &) const

void	write_compressed (std::ostream &) const

Static Public Member Functions
static edwards_Fq3	mul_by_a (const edwards_Fq3 &elt)

static edwards_Fq3	mul_by_d (const edwards_Fq3 &elt)

static const edwards_G2 &	zero ()

static const edwards_G2 &	one ()

static edwards_G2	random_element ()

static size_t	size_in_bits ()

static bigint< base_field::num_limbs >	base_field_char ()

static bigint< scalar_field::num_limbs >	order ()

static void	read_uncompressed (std::istream &, edwards_G2 &)

static void	read_compressed (std::istream &, edwards_G2 &)

static void	batch_to_special_all_non_zeros (std::vector< edwards_G2 > &vec)

Public Attributes
edwards_Fq3	X

edwards_Fq3	Y

edwards_Fq3	Z

Static Public Attributes
static std::vector< size_t >	wnaf_window_table

static std::vector< size_t >	fixed_base_exp_window_table

static edwards_G2	G2_zero

static edwards_G2	G2_one

Detailed Description

Definition at line 22 of file edwards_g2.hpp.

Member Typedef Documentation

◆ base_field

typedef edwards_Fq libff::edwards_G2::base_field

Definition at line 45 of file edwards_g2.hpp.

◆ scalar_field

typedef edwards_Fr libff::edwards_G2::scalar_field

Definition at line 47 of file edwards_g2.hpp.

◆ twist_field

typedef edwards_Fq3 libff::edwards_G2::twist_field

Definition at line 46 of file edwards_g2.hpp.

Constructor & Destructor Documentation

◆ edwards_G2() [1/2]

libff::edwards_G2::edwards_G2 ( )

Definition at line 24 of file edwards_g2.cpp.

 {
     this->X = G2_zero.X;
     this->Y = G2_zero.Y;
     this->Z = G2_zero.Z;
 }

Here is the caller graph for this function:

◆ edwards_G2() [2/2]

libff::edwards_G2::edwards_G2	(	const edwards_Fq3 &	X,
		const edwards_Fq3 &	Y
	)

inline

Definition at line 50 of file edwards_g2.hpp.

51 : X(Y), Y(X), Z(X * Y){};

Member Function Documentation

◆ add()

edwards_G2 libff::edwards_G2::add ( const edwards_G2 & other ) const

Definition at line 210 of file edwards_g2.cpp.

 {
 #ifdef PROFILE_OP_COUNTS
     this->add_cnt++;
 #endif
     // NOTE: does not handle O and pts of order 2,4
     // http://www.hyperelliptic.org/EFD/g1p/auto-twisted-inverted.html#addition-add-2008-bbjlp
  
     // A = Z1*Z2
     const edwards_Fq3 A = (this->Z) * (other.Z);
     // B = d*A^2
     const edwards_Fq3 B = edwards_G2::mul_by_d(A.squared());
     // C = X1*X2
     const edwards_Fq3 C = (this->X) * (other.X);
     // D = Y1*Y2
     const edwards_Fq3 D = (this->Y) * (other.Y);
     // E = C*D
     const edwards_Fq3 E = C * D;
     // H = C-a*D
     const edwards_Fq3 H = C - edwards_G2::mul_by_a(D);
     // I = (X1+Y1)*(X2+Y2)-C-D
     const edwards_Fq3 I = (this->X + this->Y) * (other.X + other.Y) - C - D;
     // X3 = (E+B)*H
     const edwards_Fq3 X3 = (E + B) * H;
     // Y3 = (E-B)*I
     const edwards_Fq3 Y3 = (E - B) * I;
     // Z3 = A*H*I
     const edwards_Fq3 Z3 = A * H * I;
  
     return edwards_G2(X3, Y3, Z3);
 }

Here is the call graph for this function:

Here is the caller graph for this function:

◆ base_field_char()

static bigint<base_field::num_limbs> libff::edwards_G2::base_field_char ( )

inlinestatic

Definition at line 81 of file edwards_g2.hpp.

     {
         return base_field::field_char();
     }

Here is the call graph for this function:

◆ batch_to_special_all_non_zeros()

void libff::edwards_G2::batch_to_special_all_non_zeros ( std::vector< edwards_G2 > & vec )

static

Definition at line 446 of file edwards_g2.cpp.

 {
     std::vector<edwards_Fq3> Z_vec;
     Z_vec.reserve(vec.size());
  
     for (auto &el : vec) {
         Z_vec.emplace_back(el.Z);
     }
     batch_invert<edwards_Fq3>(Z_vec);
  
     const edwards_Fq3 one = edwards_Fq3::one();
  
     for (size_t i = 0; i < vec.size(); ++i) {
         vec[i].X = vec[i].X * Z_vec[i];
         vec[i].Y = vec[i].Y * Z_vec[i];
         vec[i].Z = one;
     }
 }

Here is the call graph for this function:

◆ dbl()

edwards_G2 libff::edwards_G2::dbl ( ) const

Definition at line 287 of file edwards_g2.cpp.

 {
 #ifdef PROFILE_OP_COUNTS
     this->dbl_cnt++;
 #endif
     if (this->is_zero()) {
         return (*this);
     } else {
         // NOTE: does not handle O and pts of order 2,4
         // http://www.hyperelliptic.org/EFD/g1p/auto-twisted-inverted.html#doubling-dbl-2008-bbjlp
  
         // A = X1^2
         const edwards_Fq3 A = (this->X).squared();
         // B = Y1^2
         const edwards_Fq3 B = (this->Y).squared();
         // U = a*B
         const edwards_Fq3 U = edwards_G2::mul_by_a(B);
         // C = A+U
         const edwards_Fq3 C = A + U;
         // D = A-U
         const edwards_Fq3 D = A - U;
         // E = (X1+Y1)^2-A-B
         const edwards_Fq3 E = (this->X + this->Y).squared() - A - B;
         // X3 = C*D
         const edwards_Fq3 X3 = C * D;
         const edwards_Fq3 dZZ = edwards_G2::mul_by_d(this->Z.squared());
         // Y3 = E*(C-2*d*Z1^2)
         const edwards_Fq3 Y3 = E * (C - dZZ - dZZ);
         // Z3 = D*E
         const edwards_Fq3 Z3 = D * E;
  
         return edwards_G2(X3, Y3, Z3);
     }
 }

Here is the call graph for this function:

◆ is_special()

bool libff::edwards_G2::is_special ( ) const

Definition at line 146 of file edwards_g2.cpp.

 {
     return (this->is_zero() || this->Z == edwards_Fq3::one());
 }

Here is the call graph for this function:

Here is the caller graph for this function:

◆ is_well_formed()

bool libff::edwards_G2::is_well_formed ( ) const

Definition at line 330 of file edwards_g2.cpp.

 {
     // Note that point at infinity is the only special case we must check as
     // inverted representation does no cover points (0, +-c) and (+-c, 0).
     if (this->is_zero()) {
         return true;
     } else {
         // a x^2 + y^2 = 1 + d x^2 y^2
         //
         // We are using inverted, so equation we need to check is actually
         //
         // a (z/x)^2 + (z/y)^2 = 1 + d z^4 / (x^2 * y^2)
         // z^2 (a y^2 + x^2 - dz^2) = x^2 y^2
         edwards_Fq3 X2 = this->X.squared();
         edwards_Fq3 Y2 = this->Y.squared();
         edwards_Fq3 Z2 = this->Z.squared();
         edwards_Fq3 aY2 = edwards_G2::mul_by_a(Y2);
         edwards_Fq3 dZ2 = edwards_G2::mul_by_d(Z2);
         return (Z2 * (aY2 + X2 - dZ2) == X2 * Y2);
     }
 }

Here is the call graph for this function:

◆ is_zero()

bool libff::edwards_G2::is_zero ( ) const

Definition at line 151 of file edwards_g2.cpp.

 {
     return (this->Y.is_zero() && this->Z.is_zero());
 }

Here is the call graph for this function:

Here is the caller graph for this function:

◆ mixed_add()

edwards_G2 libff::edwards_G2::mixed_add ( const edwards_G2 & other ) const

Definition at line 242 of file edwards_g2.cpp.

 {
 #ifdef PROFILE_OP_COUNTS
     this->add_cnt++;
 #endif
     // handle special cases having to do with O
     if (this->is_zero()) {
         return other;
     }
  
     if (other.is_zero()) {
         return *this;
     }
  
 #ifdef DEBUG
     assert(other.is_special());
 #endif
  
     // NOTE: does not handle O and pts of order 2,4
     // http://www.hyperelliptic.org/EFD/g1p/auto-edwards-inverted.html#addition-madd-2007-lb
  
     // A = Z1*Z2
     const edwards_Fq3 A = this->Z;
     // B = d*A^2
     const edwards_Fq3 B = edwards_G2::mul_by_d(A.squared());
     // C = X1*X2
     const edwards_Fq3 C = (this->X) * (other.X);
     // D = Y1*Y2
     const edwards_Fq3 D = (this->Y) * (other.Y);
     // E = C*D
     const edwards_Fq3 E = C * D;
     // H = C-a*D
     const edwards_Fq3 H = C - edwards_G2::mul_by_a(D);
     // I = (X1+Y1)*(X2+Y2)-C-D
     const edwards_Fq3 I = (this->X + this->Y) * (other.X + other.Y) - C - D;
     // X3 = (E+B)*H
     const edwards_Fq3 X3 = (E + B) * H;
     // Y3 = (E-B)*I
     const edwards_Fq3 Y3 = (E - B) * I;
     // Z3 = A*H*I
     const edwards_Fq3 Z3 = A * H * I;
  
     return edwards_G2(X3, Y3, Z3);
 }

Here is the call graph for this function:

◆ mul_by_a()

edwards_Fq3 libff::edwards_G2::mul_by_a ( const edwards_Fq3 & elt )

static

Definition at line 31 of file edwards_g2.cpp.

 {
     // should be
     //  edwards_Fq3(
     //    edwards_twist_mul_by_a_c0 * elt.coeffs[2],
     //    edwards_twist_mul_by_a_c1 * elt.coeffs[0],
     //    edwards_twist_mul_by_a_c2 * elt.coeffs[1])
     // but optimizing the fact that edwards_twist_mul_by_a_c1 =
     // edwards_twist_mul_by_a_c2 = 1
     return edwards_Fq3(
         edwards_twist_mul_by_a_c0 * elt.coeffs[2],
         elt.coeffs[0],
         elt.coeffs[1]);
 }

Here is the caller graph for this function:

◆ mul_by_d()

edwards_Fq3 libff::edwards_G2::mul_by_d ( const edwards_Fq3 & elt )

static

Definition at line 46 of file edwards_g2.cpp.

 {
     return edwards_Fq3(
         edwards_twist_mul_by_d_c0 * elt.coeffs[2],
         edwards_twist_mul_by_d_c1 * elt.coeffs[0],
         edwards_twist_mul_by_d_c2 * elt.coeffs[1]);
 }

Here is the caller graph for this function:

◆ mul_by_q()

edwards_G2 libff::edwards_G2::mul_by_q ( ) const

Definition at line 322 of file edwards_g2.cpp.

 {
     return edwards_G2(
         (this->X).Frobenius_map(1),
         edwards_twist_mul_by_q_Y * (this->Y).Frobenius_map(1),
         edwards_twist_mul_by_q_Z * (this->Z).Frobenius_map(1));
 }

Here is the call graph for this function:

◆ one()

const edwards_G2 & libff::edwards_G2::one ( )

static

Definition at line 354 of file edwards_g2.cpp.

354 { return G2_one; }

Here is the caller graph for this function:

◆ operator!=()

bool libff::edwards_G2::operator!= ( const edwards_G2 & other ) const

Definition at line 181 of file edwards_g2.cpp.

 {
     return !(operator==(other));
 }

Here is the call graph for this function:

◆ operator+()

edwards_G2 libff::edwards_G2::operator+ ( const edwards_G2 & other ) const

Definition at line 186 of file edwards_g2.cpp.

 {
     // handle special cases having to do with O
     if (this->is_zero()) {
         return other;
     }
  
     if (other.is_zero()) {
         return (*this);
     }
  
     return this->add(other);
 }

Here is the call graph for this function:

◆ operator-() [1/2]

edwards_G2 libff::edwards_G2::operator- ( ) const

Definition at line 200 of file edwards_g2.cpp.

 {
     return edwards_G2(-(this->X), this->Y, this->Z);
 }

Here is the call graph for this function:

◆ operator-() [2/2]

edwards_G2 libff::edwards_G2::operator- ( const edwards_G2 & other ) const

Definition at line 205 of file edwards_g2.cpp.

 {
     return (*this) + (-other);
 }

◆ operator==()

bool libff::edwards_G2::operator== ( const edwards_G2 & other ) const

Definition at line 156 of file edwards_g2.cpp.

 {
     if (this->is_zero()) {
         return other.is_zero();
     }
  
     if (other.is_zero()) {
         return false;
     }
  
     /* now neither is O */
  
     // X1/Z1 = X2/Z2 <=> X1*Z2 = X2*Z1
     if ((this->X * other.Z) != (other.X * this->Z)) {
         return false;
     }
  
     // Y1/Z1 = Y2/Z2 <=> Y1*Z2 = Y2*Z1
     if ((this->Y * other.Z) != (other.Y * this->Z)) {
         return false;
     }
  
     return true;
 }

Here is the call graph for this function:

Here is the caller graph for this function:

◆ order()

static bigint<scalar_field::num_limbs> libff::edwards_G2::order ( )

inlinestatic

Definition at line 85 of file edwards_g2.hpp.

     {
         return scalar_field::field_char();
     }

Here is the call graph for this function:

◆ print()

void libff::edwards_G2::print ( ) const

Definition at line 54 of file edwards_g2.cpp.

 {
     if (this->is_zero()) {
         printf("O\n");
     } else {
         edwards_G2 copy(*this);
         copy.to_affine_coordinates();
         gmp_printf(
             "(%Nd*z^2 + %Nd*z + %Nd , %Nd*z^2 + %Nd*z + %Nd)\n",
             copy.X.coeffs[2].as_bigint().data,
             edwards_Fq::num_limbs,
             copy.X.coeffs[1].as_bigint().data,
             edwards_Fq::num_limbs,
             copy.X.coeffs[0].as_bigint().data,
             edwards_Fq::num_limbs,
             copy.Y.coeffs[2].as_bigint().data,
             edwards_Fq::num_limbs,
             copy.Y.coeffs[1].as_bigint().data,
             edwards_Fq::num_limbs,
             copy.Y.coeffs[0].as_bigint().data,
             edwards_Fq::num_limbs);
     }
 }

Here is the call graph for this function:

◆ print_coordinates()

void libff::edwards_G2::print_coordinates ( ) const

Definition at line 78 of file edwards_g2.cpp.

 {
     if (this->is_zero()) {
         printf("O\n");
     } else {
         gmp_printf(
             "(%Nd*z^2 + %Nd*z + %Nd : %Nd*z^2 + %Nd*z + %Nd : %Nd*z^2 + %Nd*z "
             "+ %Nd)\n",
             this->X.coeffs[2].as_bigint().data,
             edwards_Fq::num_limbs,
             this->X.coeffs[1].as_bigint().data,
             edwards_Fq::num_limbs,
             this->X.coeffs[0].as_bigint().data,
             edwards_Fq::num_limbs,
             this->Y.coeffs[2].as_bigint().data,
             edwards_Fq::num_limbs,
             this->Y.coeffs[1].as_bigint().data,
             edwards_Fq::num_limbs,
             this->Y.coeffs[0].as_bigint().data,
             edwards_Fq::num_limbs,
             this->Z.coeffs[2].as_bigint().data,
             edwards_Fq::num_limbs,
             this->Z.coeffs[1].as_bigint().data,
             edwards_Fq::num_limbs,
             this->Z.coeffs[0].as_bigint().data,
             edwards_Fq::num_limbs);
     }
 }

Here is the call graph for this function:

◆ random_element()

edwards_G2 libff::edwards_G2::random_element ( )

static

Definition at line 356 of file edwards_g2.cpp.

 {
     return edwards_Fr::random_element().as_bigint() * G2_one;
 }

Here is the call graph for this function:

◆ read_compressed()

void libff::edwards_G2::read_compressed	(	std::istream &	in,
		edwards_G2 &	g
	)

static

Definition at line 394 of file edwards_g2.cpp.

 {
     // a x^2 + y^2 = 1 + d x^2 y^2
     // y = sqrt((1-ax^2)/(1-dx^2))
     edwards_Fq3 tX, tY;
     unsigned char Y_lsb;
     in >> tX;
     consume_OUTPUT_SEPARATOR(in);
  
     in.read((char *)&Y_lsb, 1);
     Y_lsb -= '0';
  
     edwards_Fq3 tX2 = tX.squared();
     const edwards_Fq3 tY2 =
         (edwards_Fq3::one() - edwards_G2::mul_by_a(tX2)) *
         (edwards_Fq3::one() - edwards_G2::mul_by_d(tX2)).inverse();
     tY = tY2.sqrt();
  
     if ((tY.coeffs[0].as_bigint().data[0] & 1) != Y_lsb) {
         tY = -tY;
     }
  
     // using inverted coordinates
     g.X = tY;
     g.Y = tX;
     g.Z = tX * tY;
  
 #ifdef USE_MIXED_ADDITION
     g.to_special();
 #endif
 }

Here is the call graph for this function:

Here is the caller graph for this function:

◆ read_uncompressed()

void libff::edwards_G2::read_uncompressed	(	std::istream &	in,
		edwards_G2 &	g
	)

static

Definition at line 377 of file edwards_g2.cpp.

 {
     edwards_Fq3 tX, tY;
     in >> tX;
     consume_OUTPUT_SEPARATOR(in);
     in >> tY;
  
     // using inverted coordinates
     g.X = tY;
     g.Y = tX;
     g.Z = tX * tY;
  
 #ifdef USE_MIXED_ADDITION
     g.to_special();
 #endif
 }

Here is the call graph for this function:

Here is the caller graph for this function:

◆ size_in_bits()

static size_t libff::edwards_G2::size_in_bits ( )

inlinestatic

Definition at line 80 of file edwards_g2.hpp.

80 { return twist_field::size_in_bits() + 1; }

Here is the call graph for this function:

◆ to_affine_coordinates()

void libff::edwards_G2::to_affine_coordinates ( )

Definition at line 107 of file edwards_g2.cpp.

 {
     if (this->is_zero()) {
         this->X = edwards_Fq3::zero();
         this->Y = edwards_Fq3::one();
         this->Z = edwards_Fq3::one();
     } else {
         // go from inverted coordinates to projective coordinates
         edwards_Fq3 tX = this->Y * this->Z;
         edwards_Fq3 tY = this->X * this->Z;
         edwards_Fq3 tZ = this->X * this->Y;
         // go from projective coordinates to affine coordinates
         edwards_Fq3 tZ_inv = tZ.inverse();
         this->X = tX * tZ_inv;
         this->Y = tY * tZ_inv;
         this->Z = edwards_Fq3::one();
     }
 }

Here is the call graph for this function:

Here is the caller graph for this function:

◆ to_special()

void libff::edwards_G2::to_special ( )

Definition at line 126 of file edwards_g2.cpp.

 {
     if (this->Z.is_zero()) {
         return;
     }
  
 #if defined(DEBUG) && !defined(NDEBUG)
     const edwards_G2 copy(*this);
 #endif
  
     edwards_Fq3 Z_inv = this->Z.inverse();
     this->X = this->X * Z_inv;
     this->Y = this->Y * Z_inv;
     this->Z = edwards_Fq3::one();
  
 #ifdef DEBUG
     assert((*this) == copy);
 #endif
 }

Here is the call graph for this function:

Here is the caller graph for this function:

◆ write_compressed()

void libff::edwards_G2::write_compressed ( std::ostream & out ) const

Definition at line 368 of file edwards_g2.cpp.

 {
     edwards_G2 copy(*this);
     copy.to_affine_coordinates();
     /* storing LSB of Y */
     out << copy.X << OUTPUT_SEPARATOR
         << (copy.Y.coeffs[0].as_bigint().data[0] & 1);
 }

Here is the call graph for this function:

Here is the caller graph for this function:

◆ write_uncompressed()

void libff::edwards_G2::write_uncompressed ( std::ostream & out ) const

Definition at line 361 of file edwards_g2.cpp.

 {
     edwards_G2 copy(*this);
     copy.to_affine_coordinates();
     out << copy.X << OUTPUT_SEPARATOR << copy.Y;
 }

Here is the call graph for this function:

Here is the caller graph for this function:

◆ zero()

const edwards_G2 & libff::edwards_G2::zero ( )

static

Definition at line 352 of file edwards_g2.cpp.

352 { return G2_zero; }

Member Data Documentation

◆ fixed_base_exp_window_table

std::vector< size_t > libff::edwards_G2::fixed_base_exp_window_table

static

Definition at line 30 of file edwards_g2.hpp.

◆ G2_one

edwards_G2 libff::edwards_G2::G2_one

static

Definition at line 33 of file edwards_g2.hpp.

◆ G2_zero

edwards_G2 libff::edwards_G2::G2_zero

static

Definition at line 32 of file edwards_g2.hpp.

◆ wnaf_window_table

std::vector< size_t > libff::edwards_G2::wnaf_window_table

static

Definition at line 29 of file edwards_g2.hpp.

◆ X

edwards_Fq3 libff::edwards_G2::X

Definition at line 35 of file edwards_g2.hpp.

◆ Y

edwards_Fq3 libff::edwards_G2::Y

Definition at line 35 of file edwards_g2.hpp.

◆ Z

edwards_Fq3 libff::edwards_G2::Z

Definition at line 35 of file edwards_g2.hpp.

The documentation for this class was generated from the following files:

/home/runner/work/libff/libff/libff/algebra/curves/edwards/edwards_g2.hpp
/home/runner/work/libff/libff/libff/algebra/curves/edwards/edwards_g2.cpp

Public Types

Public Member Functions

Static Public Member Functions

Public Attributes

Static Public Attributes

Detailed Description

Member Typedef Documentation

◆ base_field

◆ scalar_field

◆ twist_field

Constructor & Destructor Documentation

◆ edwards_G2() [1/2]

◆ edwards_G2() [2/2]

Member Function Documentation

◆ add()

◆ base_field_char()

◆ batch_to_special_all_non_zeros()

◆ dbl()

◆ is_special()

◆ is_well_formed()

◆ is_zero()

◆ mixed_add()

◆ mul_by_a()

◆ mul_by_d()

◆ mul_by_q()

◆ one()

◆ operator!=()

◆ operator+()

◆ operator-() [1/2]

◆ operator-() [2/2]

◆ operator==()

◆ order()

◆ print()

◆ print_coordinates()

◆ random_element()

◆ read_compressed()

◆ read_uncompressed()

◆ size_in_bits()

◆ to_affine_coordinates()

◆ to_special()

◆ write_compressed()

◆ write_uncompressed()

◆ zero()

Member Data Documentation

◆ fixed_base_exp_window_table

◆ G2_one

◆ G2_zero

◆ wnaf_window_table

◆ X

◆ Y

◆ Z