Clearmatics Libff  0.1
C++ library for Finite Fields and Elliptic Curves
edwards_init.cpp
Go to the documentation of this file.
1 
8 #include <libff/algebra/curves/edwards/edwards_g1.hpp>
9 #include <libff/algebra/curves/edwards/edwards_g2.hpp>
10 #include <libff/algebra/curves/edwards/edwards_init.hpp>
11 
12 namespace libff
13 {
14 
15 bigint<edwards_r_limbs> edwards_modulus_r;
16 bigint<edwards_q_limbs> edwards_modulus_q;
17 
18 edwards_Fq edwards_coeff_a;
19 edwards_Fq edwards_coeff_d;
20 edwards_Fq3 edwards_twist;
21 edwards_Fq3 edwards_twist_coeff_a;
22 edwards_Fq3 edwards_twist_coeff_d;
23 edwards_Fq edwards_twist_mul_by_a_c0;
24 edwards_Fq edwards_twist_mul_by_a_c1;
25 edwards_Fq edwards_twist_mul_by_a_c2;
26 edwards_Fq edwards_twist_mul_by_d_c0;
27 edwards_Fq edwards_twist_mul_by_d_c1;
28 edwards_Fq edwards_twist_mul_by_d_c2;
29 edwards_Fq edwards_twist_mul_by_q_Y;
30 edwards_Fq edwards_twist_mul_by_q_Z;
31 
32 bigint<edwards_q_limbs> edwards_ate_loop_count;
33 bigint<6 * edwards_q_limbs> edwards_final_exponent;
34 bigint<edwards_q_limbs> edwards_final_exponent_last_chunk_abs_of_w0;
35 bool edwards_final_exponent_last_chunk_is_w0_neg;
36 bigint<edwards_q_limbs> edwards_final_exponent_last_chunk_w1;
37 
38 void init_edwards_params()
39 {
40  typedef bigint<edwards_r_limbs> bigint_r;
41  typedef bigint<edwards_q_limbs> bigint_q;
42 
43  assert(
44  sizeof(mp_limb_t) == 8 ||
45  sizeof(mp_limb_t) == 4); // Montgomery assumes this
46 
47  /* parameters for scalar field Fr */
48 
49  edwards_modulus_r =
50  bigint_r("1552511030102430251236801561344621993261920897571225601");
51  assert(edwards_Fr::modulus_is_valid());
52  if (sizeof(mp_limb_t) == 8) {
53  edwards_Fr::Rsquared =
54  bigint_r("621738487827897760168419760282818735947979812540885779");
55  edwards_Fr::Rcubed =
56  bigint_r("899968968216802386013510389846941393831065658679774050");
57  edwards_Fr::inv = 0xdde553277fffffff;
58  }
59  if (sizeof(mp_limb_t) == 4) {
60  edwards_Fr::Rsquared =
61  bigint_r("621738487827897760168419760282818735947979812540885779");
62  edwards_Fr::Rcubed =
63  bigint_r("899968968216802386013510389846941393831065658679774050");
64  edwards_Fr::inv = 0x7fffffff;
65  }
66  edwards_Fr::num_bits = 181;
67  edwards_Fr::euler =
68  bigint_r("776255515051215125618400780672310996630960448785612800");
69  edwards_Fr::s = 31;
70  edwards_Fr::t = bigint_r("722944284836962004768104088187507350585386575");
71  edwards_Fr::t_minus_1_over_2 =
72  bigint_r("361472142418481002384052044093753675292693287");
73  edwards_Fr::multiplicative_generator = edwards_Fr("19");
74  edwards_Fr::root_of_unity =
75  edwards_Fr("695314865466598274460565335217615316274564719601897184");
76  edwards_Fr::nqr = edwards_Fr("11");
77  edwards_Fr::nqr_to_t =
78  edwards_Fr("1326707053668679463752768729767248251415639579872144553");
79  edwards_Fr::static_init();
80 
81  /* parameters for base field Fq */
82 
83  edwards_modulus_q =
84  bigint_q("6210044120409721004947206240885978274523751269793792001");
85  assert(edwards_Fq::modulus_is_valid());
86  if (sizeof(mp_limb_t) == 8) {
87  edwards_Fq::Rsquared =
88  bigint_q("5943559676554581037560514598978484097352477055348195432");
89  edwards_Fq::Rcubed =
90  bigint_q("1081560488703514202058739223469726982199727506489234349");
91  edwards_Fq::inv = 0x76eb690b7fffffff;
92  }
93  if (sizeof(mp_limb_t) == 4) {
94  edwards_Fq::Rsquared =
95  bigint_q("5943559676554581037560514598978484097352477055348195432");
96  edwards_Fq::Rcubed =
97  bigint_q("1081560488703514202058739223469726982199727506489234349");
98  edwards_Fq::inv = 0x7fffffff;
99  }
100  edwards_Fq::num_bits = 183;
101  edwards_Fq::euler =
102  bigint_q("3105022060204860502473603120442989137261875634896896000");
103  edwards_Fq::s = 31;
104  edwards_Fq::t = bigint_q("2891777139347848019072416350658041552884388375");
105  edwards_Fq::t_minus_1_over_2 =
106  bigint_q("1445888569673924009536208175329020776442194187");
107  edwards_Fq::multiplicative_generator = edwards_Fq("61");
108  edwards_Fq::root_of_unity =
109  edwards_Fq("4692813029219384139894873043933463717810008194158530536");
110  edwards_Fq::nqr = edwards_Fq("23");
111  edwards_Fq::nqr_to_t =
112  edwards_Fq("2626736066325740702418554487368721595489070118548299138");
113  edwards_Fq::static_init();
114 
115  /* parameters for twist field Fq3 */
116 
117  edwards_Fq3::euler = bigint<3 * edwards_q_limbs>(
118  "1197440827139715029629926131910678366982050433739789489038399345641529"
119  "9485805128465854550297120332503183164742441311116131831414476564652505"
120  "7914792711854057586688000");
121  edwards_Fq3::s = 31;
122  edwards_Fq3::t = bigint<3 * edwards_q_limbs>(
123  "1115203674081447561858153093523046343570622088145268605126439915636116"
124  "5908915110366283497118503164968623933142462103735778323760700006645643"
125  "8894190557165125");
126  edwards_Fq3::t_minus_1_over_2 = bigint<3 * edwards_q_limbs>(
127  "5576018370407237809290765467615231717853110440726343025632199578180582"
128  "9544575551831417485592515824843119665712310518678891618803500033228219"
129  "447095278582562");
130  edwards_Fq3::non_residue = edwards_Fq("61");
131  edwards_Fq3::nqr =
132  edwards_Fq3(edwards_Fq("23"), edwards_Fq("0"), edwards_Fq("0"));
133  edwards_Fq3::nqr_to_t = edwards_Fq3(
134  edwards_Fq("104810943629412208121981114244673004633270996333237516"),
135  edwards_Fq("0"),
136  edwards_Fq("0"));
137  edwards_Fq3::Frobenius_coeffs_c1[0] = edwards_Fq("1");
138  edwards_Fq3::Frobenius_coeffs_c1[1] =
139  edwards_Fq("1073752683758513276629212192812154536507607213288832061");
140  edwards_Fq3::Frobenius_coeffs_c1[2] =
141  edwards_Fq("5136291436651207728317994048073823738016144056504959939");
142  edwards_Fq3::Frobenius_coeffs_c2[0] = edwards_Fq("1");
143  edwards_Fq3::Frobenius_coeffs_c2[1] =
144  edwards_Fq("5136291436651207728317994048073823738016144056504959939");
145  edwards_Fq3::Frobenius_coeffs_c2[2] =
146  edwards_Fq("1073752683758513276629212192812154536507607213288832061");
147 
148  /* parameters for Fq6 */
149 
150  edwards_Fq6::non_residue = edwards_Fq("61");
151  edwards_Fq6::Frobenius_coeffs_c1[0] = edwards_Fq("1");
152  edwards_Fq6::Frobenius_coeffs_c1[1] =
153  edwards_Fq("1073752683758513276629212192812154536507607213288832062");
154  edwards_Fq6::Frobenius_coeffs_c1[2] =
155  edwards_Fq("1073752683758513276629212192812154536507607213288832061");
156  edwards_Fq6::Frobenius_coeffs_c1[3] =
157  edwards_Fq("6210044120409721004947206240885978274523751269793792000");
158  edwards_Fq6::Frobenius_coeffs_c1[4] =
159  edwards_Fq("5136291436651207728317994048073823738016144056504959939");
160  edwards_Fq6::Frobenius_coeffs_c1[5] =
161  edwards_Fq("5136291436651207728317994048073823738016144056504959940");
162  edwards_Fq6::my_Fp2::non_residue = edwards_Fq3::non_residue;
163 
164  /* choice of Edwards curve and its twist */
165 
166  edwards_coeff_a = edwards_Fq::one();
167  edwards_coeff_d =
168  edwards_Fq("600581931845324488256649384912508268813600056237543024");
169  edwards_twist =
170  edwards_Fq3(edwards_Fq::zero(), edwards_Fq::one(), edwards_Fq::zero());
171  edwards_twist_coeff_a = edwards_coeff_a * edwards_twist;
172  edwards_twist_coeff_d = edwards_coeff_d * edwards_twist;
173  edwards_twist_mul_by_a_c0 = edwards_coeff_a * edwards_Fq3::non_residue;
174  edwards_twist_mul_by_a_c1 = edwards_coeff_a;
175  edwards_twist_mul_by_a_c2 = edwards_coeff_a;
176  edwards_twist_mul_by_d_c0 = edwards_coeff_d * edwards_Fq3::non_residue;
177  edwards_twist_mul_by_d_c1 = edwards_coeff_d;
178  edwards_twist_mul_by_d_c2 = edwards_coeff_d;
179  edwards_twist_mul_by_q_Y =
180  edwards_Fq("1073752683758513276629212192812154536507607213288832062");
181  edwards_twist_mul_by_q_Z =
182  edwards_Fq("1073752683758513276629212192812154536507607213288832062");
183 
184  /* choice of group G1 */
185 
186  edwards_G1::G1_zero = edwards_G1(edwards_Fq::zero(), edwards_Fq::one());
187  edwards_G1::G1_one = edwards_G1(
188  edwards_Fq("3713709671941291996998665608188072510389821008693530490"),
189  edwards_Fq("4869953702976555123067178261685365085639705297852816679"));
190 
191  edwards_G1::wnaf_window_table.resize(0);
192  edwards_G1::wnaf_window_table.push_back(9);
193  edwards_G1::wnaf_window_table.push_back(14);
194  edwards_G1::wnaf_window_table.push_back(24);
195  edwards_G1::wnaf_window_table.push_back(117);
196 
197  edwards_G1::fixed_base_exp_window_table.resize(0);
198  // window 1 is unbeaten in [-inf, 4.10]
199  edwards_G1::fixed_base_exp_window_table.push_back(1);
200  // window 2 is unbeaten in [4.10, 9.69]
201  edwards_G1::fixed_base_exp_window_table.push_back(4);
202  // window 3 is unbeaten in [9.69, 25.21]
203  edwards_G1::fixed_base_exp_window_table.push_back(10);
204  // window 4 is unbeaten in [25.21, 60.00]
205  edwards_G1::fixed_base_exp_window_table.push_back(25);
206  // window 5 is unbeaten in [60.00, 149.33]
207  edwards_G1::fixed_base_exp_window_table.push_back(60);
208  // window 6 is unbeaten in [149.33, 369.61]
209  edwards_G1::fixed_base_exp_window_table.push_back(149);
210  // window 7 is unbeaten in [369.61, 849.07]
211  edwards_G1::fixed_base_exp_window_table.push_back(370);
212  // window 8 is unbeaten in [849.07, 1764.94]
213  edwards_G1::fixed_base_exp_window_table.push_back(849);
214  // window 9 is unbeaten in [1764.94, 4429.59]
215  edwards_G1::fixed_base_exp_window_table.push_back(1765);
216  // window 10 is unbeaten in [4429.59, 13388.78]
217  edwards_G1::fixed_base_exp_window_table.push_back(4430);
218  // window 11 is unbeaten in [13388.78, 15368.00]
219  edwards_G1::fixed_base_exp_window_table.push_back(13389);
220  // window 12 is unbeaten in [15368.00, 74912.07]
221  edwards_G1::fixed_base_exp_window_table.push_back(15368);
222  // window 13 is unbeaten in [74912.07, 438107.20]
223  edwards_G1::fixed_base_exp_window_table.push_back(74912);
224  // window 14 is never the best
225  edwards_G1::fixed_base_exp_window_table.push_back(0);
226  // window 15 is unbeaten in [438107.20, 1045626.18]
227  edwards_G1::fixed_base_exp_window_table.push_back(438107);
228  // window 16 is never the best
229  edwards_G1::fixed_base_exp_window_table.push_back(0);
230  // window 17 is unbeaten in [1045626.18, 1577434.48]
231  edwards_G1::fixed_base_exp_window_table.push_back(1045626);
232  // window 18 is unbeaten in [1577434.48, 17350594.23]
233  edwards_G1::fixed_base_exp_window_table.push_back(1577434);
234  // window 19 is never the best
235  edwards_G1::fixed_base_exp_window_table.push_back(0);
236  // window 20 is never the best
237  edwards_G1::fixed_base_exp_window_table.push_back(0);
238  // window 21 is unbeaten in [17350594.23, inf]
239  edwards_G1::fixed_base_exp_window_table.push_back(17350594);
240  // window 22 is never the best
241  edwards_G1::fixed_base_exp_window_table.push_back(0);
242 
243  /* choice of group G2 */
244 
245  edwards_G2::G2_zero = edwards_G2(edwards_Fq3::zero(), edwards_Fq3::one());
246  edwards_G2::G2_one = edwards_G2(
247  edwards_Fq3(
248  edwards_Fq(
249  "4531683359223370252210990718516622098304721701253228128"),
250  edwards_Fq(
251  "5339624155305731263217400504407647531329993548123477368"),
252  edwards_Fq(
253  "3964037981777308726208525982198654699800283729988686552")),
254  edwards_Fq3(
255  edwards_Fq(
256  "364634864866983740775341816274081071386963546650700569"),
257  edwards_Fq(
258  "3264380230116139014996291397901297105159834497864380415"),
259  edwards_Fq(
260  "3504781284999684163274269077749440837914479176282903747")));
261 
262  edwards_G2::wnaf_window_table.resize(0);
263  edwards_G2::wnaf_window_table.push_back(6);
264  edwards_G2::wnaf_window_table.push_back(12);
265  edwards_G2::wnaf_window_table.push_back(42);
266  edwards_G2::wnaf_window_table.push_back(97);
267 
268  edwards_G2::fixed_base_exp_window_table.resize(0);
269  // window 1 is unbeaten in [-inf, 4.74]
270  edwards_G2::fixed_base_exp_window_table.push_back(1);
271  // window 2 is unbeaten in [4.74, 10.67]
272  edwards_G2::fixed_base_exp_window_table.push_back(5);
273  // window 3 is unbeaten in [10.67, 25.53]
274  edwards_G2::fixed_base_exp_window_table.push_back(11);
275  // window 4 is unbeaten in [25.53, 60.67]
276  edwards_G2::fixed_base_exp_window_table.push_back(26);
277  // window 5 is unbeaten in [60.67, 145.77]
278  edwards_G2::fixed_base_exp_window_table.push_back(61);
279  // window 6 is unbeaten in [145.77, 356.76]
280  edwards_G2::fixed_base_exp_window_table.push_back(146);
281  // window 7 is unbeaten in [356.76, 823.08]
282  edwards_G2::fixed_base_exp_window_table.push_back(357);
283  // window 8 is unbeaten in [823.08, 1589.45]
284  edwards_G2::fixed_base_exp_window_table.push_back(823);
285  // window 9 is unbeaten in [1589.45, 4135.70]
286  edwards_G2::fixed_base_exp_window_table.push_back(1589);
287  // window 10 is unbeaten in [4135.70, 14297.74]
288  edwards_G2::fixed_base_exp_window_table.push_back(4136);
289  // window 11 is unbeaten in [14297.74, 16744.85]
290  edwards_G2::fixed_base_exp_window_table.push_back(14298);
291  // window 12 is unbeaten in [16744.85, 51768.98]
292  edwards_G2::fixed_base_exp_window_table.push_back(16745);
293  // window 13 is unbeaten in [51768.98, 99811.01]
294  edwards_G2::fixed_base_exp_window_table.push_back(51769);
295  // window 14 is unbeaten in [99811.01, 193306.72]
296  edwards_G2::fixed_base_exp_window_table.push_back(99811);
297  // window 15 is unbeaten in [193306.72, 907184.68]
298  edwards_G2::fixed_base_exp_window_table.push_back(193307);
299  // window 16 is never the best
300  edwards_G2::fixed_base_exp_window_table.push_back(0);
301  // window 17 is unbeaten in [907184.68, 1389682.59]
302  edwards_G2::fixed_base_exp_window_table.push_back(907185);
303  // window 18 is unbeaten in [1389682.59, 6752695.74]
304  edwards_G2::fixed_base_exp_window_table.push_back(1389683);
305  // window 19 is never the best
306  edwards_G2::fixed_base_exp_window_table.push_back(0);
307  // window 20 is unbeaten in [6752695.74, 193642894.51]
308  edwards_G2::fixed_base_exp_window_table.push_back(6752696);
309  // window 21 is unbeaten in [193642894.51, 226760202.29]
310  edwards_G2::fixed_base_exp_window_table.push_back(193642895);
311  // window 22 is unbeaten in [226760202.29, inf]
312  edwards_G2::fixed_base_exp_window_table.push_back(226760202);
313 
314  /* pairing parameters */
315 
316  edwards_ate_loop_count = bigint_q("4492509698523932320491110403");
317  edwards_final_exponent = bigint<6 * edwards_q_limbs>(
318  "3694310717796169464961879734644687013874865157861174841512820742949159"
319  "3976636391130175425245705674550269561361208979548749447898941828686017"
320  "7657304194168755396159416512697939289624688998560831692274575039424707"
321  "21108165443528513330156264699608120624990672333642644221591552000");
322  edwards_final_exponent_last_chunk_abs_of_w0 =
323  bigint_q("17970038794095729281964441603");
324  edwards_final_exponent_last_chunk_is_w0_neg = true;
325  edwards_final_exponent_last_chunk_w1 = bigint_q("4");
326 }
327 } // namespace libff
libff::Fp3_model< edwards_q_limbs, edwards_modulus_q >::nqr_to_t
static Fp3_model< n, modulus > nqr_to_t
nqr^t
Definition: fp3.hpp:53
libff::edwards_twist_mul_by_d_c0
edwards_Fq edwards_twist_mul_by_d_c0
Definition: edwards_init.cpp:26
libff::edwards_G1::G1_one
static edwards_G1 G1_one
Definition: edwards_g1.hpp:31
libff::Fp3_model< edwards_q_limbs, edwards_modulus_q >::Frobenius_coeffs_c1
static my_Fp Frobenius_coeffs_c1[3]
non_residue^((modulus^i-1)/3) for i=0,1,2
Definition: fp3.hpp:55
libff::edwards_G2
Definition: edwards_g2.hpp:22
libff::edwards_final_exponent_last_chunk_w1
bigint< edwards_q_limbs > edwards_final_exponent_last_chunk_w1
Definition: edwards_init.cpp:36
libff::Fp3_model< edwards_q_limbs, edwards_modulus_q >::euler
static bigint< 3 *n > euler
(modulus^3-1)/2
Definition: fp3.hpp:40
libff::edwards_G1::wnaf_window_table
static std::vector< size_t > wnaf_window_table
Definition: edwards_g1.hpp:28
libff::Fp3_model< edwards_q_limbs, edwards_modulus_q >::s
static size_t s
modulus^3 = 2^s * t + 1
Definition: fp3.hpp:42
libff
Definition: ffi.cpp:8
libff::edwards_G2::G2_one
static edwards_G2 G2_one
Definition: edwards_g2.hpp:33
libff::edwards_twist_coeff_d
edwards_Fq3 edwards_twist_coeff_d
Definition: edwards_init.cpp:22
libff::Fp3_model< edwards_q_limbs, edwards_modulus_q >::one
static Fp3_model< n, modulus > one()
libff::edwards_G2::G2_zero
static edwards_G2 G2_zero
Definition: edwards_g2.hpp:32
libff::edwards_twist
edwards_Fq3 edwards_twist
Definition: edwards_init.cpp:20
libff::Fp_model::nqr
static Fp_model< n, modulus > nqr
a quadratic nonresidue
Definition: fp.hpp:70
libff::Fp_model< edwards_q_limbs, edwards_modulus_q >::zero
static const Fp_model< n, modulus > & zero()
libff::edwards_twist_coeff_a
edwards_Fq3 edwards_twist_coeff_a
Definition: edwards_init.cpp:21
libff::Fp3_model< edwards_q_limbs, edwards_modulus_q >::t_minus_1_over_2
static bigint< 3 *n > t_minus_1_over_2
(t-1)/2
Definition: fp3.hpp:46
edwards_g2.hpp
libff::Fp_model::t
static bigint< n > t
with t odd
Definition: fp.hpp:66
libff::Fp_model::s
static size_t s
modulus = 2^s * t + 1
Definition: fp.hpp:64
libff::edwards_twist_mul_by_q_Z
edwards_Fq edwards_twist_mul_by_q_Z
Definition: edwards_init.cpp:30
libff::edwards_G1::G1_zero
static edwards_G1 G1_zero
Definition: edwards_g1.hpp:30
libff::edwards_final_exponent_last_chunk_is_w0_neg
bool edwards_final_exponent_last_chunk_is_w0_neg
Definition: edwards_init.cpp:35
libff::edwards_Fr
Fp_model< edwards_r_limbs, edwards_modulus_r > edwards_Fr
Definition: edwards_init.hpp:29
libff::edwards_final_exponent_last_chunk_abs_of_w0
bigint< edwards_q_limbs > edwards_final_exponent_last_chunk_abs_of_w0
Definition: edwards_init.cpp:34
libff::Fp_model::euler
static bigint< n > euler
(modulus-1)/2
Definition: fp.hpp:62
libff::Fp_model::modulus_is_valid
static bool modulus_is_valid()
Definition: fp.hpp:84
libff::edwards_ate_loop_count
bigint< edwards_q_limbs > edwards_ate_loop_count
Definition: edwards_init.cpp:32
libff::edwards_twist_mul_by_a_c1
edwards_Fq edwards_twist_mul_by_a_c1
Definition: edwards_init.cpp:24
libff::edwards_final_exponent
bigint< 6 *edwards_q_limbs > edwards_final_exponent
Definition: edwards_init.cpp:33
libff::Fp_model< edwards_q_limbs, edwards_modulus_q >::one
static const Fp_model< n, modulus > & one()
libff::edwards_G2::wnaf_window_table
static std::vector< size_t > wnaf_window_table
Definition: edwards_g2.hpp:29
libff::Fp3_model< edwards_q_limbs, edwards_modulus_q >::Frobenius_coeffs_c2
static my_Fp Frobenius_coeffs_c2[3]
non_residue^((2*modulus^i-2)/3) for i=0,1,2
Definition: fp3.hpp:57
edwards_init.hpp
libff::edwards_modulus_r
bigint< edwards_r_limbs > edwards_modulus_r
Definition: edwards_init.cpp:15
libff::Fp_model::t_minus_1_over_2
static bigint< n > t_minus_1_over_2
(t-1)/2
Definition: fp.hpp:68
libff::bigint
Definition: bigint.hpp:20
libff::edwards_G1::fixed_base_exp_window_table
static std::vector< size_t > fixed_base_exp_window_table
Definition: edwards_g1.hpp:29
edwards_g1.hpp
libff::Fp6_2over3_model::non_residue
static my_Fp non_residue
Definition: fp6_2over3.hpp:42
libff::edwards_coeff_d
edwards_Fq edwards_coeff_d
Definition: edwards_init.cpp:19
libff::Fp3_model< edwards_q_limbs, edwards_modulus_q >::nqr
static Fp3_model< n, modulus > nqr
a quadratic nonresidue in Fp3
Definition: fp3.hpp:51
libff::Fp_model::static_init
static void static_init()
libff::Fp_model::root_of_unity
static Fp_model< n, modulus > root_of_unity
generator^((modulus-1)/2^s)
Definition: fp.hpp:76
libff::Fp2_model::non_residue
static my_Fp non_residue
Definition: fp2.hpp:55
libff::edwards_twist_mul_by_a_c0
edwards_Fq edwards_twist_mul_by_a_c0
Definition: edwards_init.cpp:23
libff::edwards_coeff_a
edwards_Fq edwards_coeff_a
Definition: edwards_init.cpp:18
libff::Fp3_model
Definition: fp3.hpp:18
libff::Fp6_2over3_model::Frobenius_coeffs_c1
static my_Fp Frobenius_coeffs_c1[6]
non_residue^((modulus^i-1)/6) for i=0,1,2,3,4,5
Definition: fp6_2over3.hpp:44
libff::edwards_Fq3
Fp3_model< edwards_q_limbs, edwards_modulus_q > edwards_Fq3
Definition: edwards_init.hpp:31
libff::edwards_twist_mul_by_q_Y
edwards_Fq edwards_twist_mul_by_q_Y
Definition: edwards_init.cpp:29
libff::Fp_model< edwards_q_limbs, edwards_modulus_q >
libff::edwards_Fq
Fp_model< edwards_q_limbs, edwards_modulus_q > edwards_Fq
Definition: edwards_init.hpp:30
libff::edwards_twist_mul_by_d_c1
edwards_Fq edwards_twist_mul_by_d_c1
Definition: edwards_init.cpp:27
libff::Fp_model::nqr_to_t
static Fp_model< n, modulus > nqr_to_t
nqr^t
Definition: fp.hpp:72
libff::Fp_model::multiplicative_generator
static Fp_model< n, modulus > multiplicative_generator
generator of Fp^*
Definition: fp.hpp:74
libff::Fp_model::num_bits
static size_t num_bits
Definition: fp.hpp:60
libff::Fp3_model< edwards_q_limbs, edwards_modulus_q >::non_residue
static my_Fp non_residue
Definition: fp3.hpp:49
libff::Fp_model::inv
static mp_limb_t inv
-modulus^(-1) mod W, where W = 2^(word size)
Definition: fp.hpp:78
libff::edwards_G1
Definition: edwards_g1.hpp:21
libff::edwards_twist_mul_by_d_c2
edwards_Fq edwards_twist_mul_by_d_c2
Definition: edwards_init.cpp:28
libff::edwards_modulus_q
bigint< edwards_q_limbs > edwards_modulus_q
Definition: edwards_init.cpp:16
libff::Fp_model::Rsquared
static bigint< n > Rsquared
R^2, where R = W^k, where k = ??
Definition: fp.hpp:80
libff::init_edwards_params
void init_edwards_params()
Definition: edwards_init.cpp:38
libff::edwards_G2::fixed_base_exp_window_table
static std::vector< size_t > fixed_base_exp_window_table
Definition: edwards_g2.hpp:30
libff::edwards_twist_mul_by_a_c2
edwards_Fq edwards_twist_mul_by_a_c2
Definition: edwards_init.cpp:25
libff::Fp_model::Rcubed
static bigint< n > Rcubed
R^3.
Definition: fp.hpp:82
libff::Fp3_model< edwards_q_limbs, edwards_modulus_q >::zero
static Fp3_model< n, modulus > zero()
libff::Fp3_model< edwards_q_limbs, edwards_modulus_q >::t
static bigint< 3 *n > t
with t odd
Definition: fp3.hpp:44
Generated on Thu Aug 18 2022 12:42:18 for Clearmatics Libff by   doxygen 1.8.17