Clearmatics Libff  0.1
C++ library for Finite Fields and Elliptic Curves
mnt6_init.cpp
Go to the documentation of this file.
1 
14 #include <libff/algebra/curves/mnt/mnt6/mnt6_g1.hpp>
15 #include <libff/algebra/curves/mnt/mnt6/mnt6_g2.hpp>
16 #include <libff/algebra/curves/mnt/mnt6/mnt6_init.hpp>
17 
18 namespace libff
19 {
20 
21 // bigint<mnt6_r_limbs> mnt6_modulus_r = mnt46_modulus_B;
22 // bigint<mnt6_q_limbs> mnt6_modulus_q = mnt46_modulus_A;
23 
24 mnt6_Fq3 mnt6_twist;
25 mnt6_Fq3 mnt6_twist_coeff_a;
26 mnt6_Fq3 mnt6_twist_coeff_b;
27 mnt6_Fq mnt6_twist_mul_by_a_c0;
28 mnt6_Fq mnt6_twist_mul_by_a_c1;
29 mnt6_Fq mnt6_twist_mul_by_a_c2;
30 mnt6_Fq mnt6_twist_mul_by_b_c0;
31 mnt6_Fq mnt6_twist_mul_by_b_c1;
32 mnt6_Fq mnt6_twist_mul_by_b_c2;
33 mnt6_Fq mnt6_twist_mul_by_q_X;
34 mnt6_Fq mnt6_twist_mul_by_q_Y;
35 
36 bigint<mnt6_q_limbs> mnt6_ate_loop_count;
37 bool mnt6_ate_is_loop_count_neg;
38 bigint<6 * mnt6_q_limbs> mnt6_final_exponent;
39 bigint<mnt6_q_limbs> mnt6_final_exponent_last_chunk_abs_of_w0;
40 bool mnt6_final_exponent_last_chunk_is_w0_neg;
41 bigint<mnt6_q_limbs> mnt6_final_exponent_last_chunk_w1;
42 
43 void init_mnt6_params()
44 {
45  typedef bigint<mnt6_r_limbs> bigint_r;
46  typedef bigint<mnt6_q_limbs> bigint_q;
47 
48  assert(
49  sizeof(mp_limb_t) == 8 ||
50  sizeof(mp_limb_t) == 4); // Montgomery assumes this
51 
52  /* parameters for scalar field Fr */
53  mnt6_modulus_r = bigint_r("475922286169261325753349249653048451545124879242"
54  "694725395555128576210262817955800483758081");
55  assert(mnt6_Fr::modulus_is_valid());
56  if (sizeof(mp_limb_t) == 8) {
57  mnt6_Fr::Rsquared =
58  bigint_r("273000478523237720910981655601160860640083126627235719712"
59  "980612296263966512828033847775776");
60  mnt6_Fr::Rcubed =
61  bigint_r("427298980065529822574935274648041073124704261331681436071"
62  "990730954930769758106792920349077");
63  mnt6_Fr::inv = 0xb071a1b67165ffff;
64  }
65  if (sizeof(mp_limb_t) == 4) {
66  mnt6_Fr::Rsquared =
67  bigint_r("273000478523237720910981655601160860640083126627235719712"
68  "980612296263966512828033847775776");
69  mnt6_Fr::Rcubed =
70  bigint_r("427298980065529822574935274648041073124704261331681436071"
71  "990730954930769758106792920349077");
72  mnt6_Fr::inv = 0x7165ffff;
73  }
74  mnt6_Fr::num_bits = 298;
75  mnt6_Fr::euler = bigint_r("237961143084630662876674624826524225772562439621"
76  "347362697777564288105131408977900241879040");
77  mnt6_Fr::s = 17;
78  mnt6_Fr::t = bigint_r("3630998887399759870554727551674258816109656366292531"
79  "779446068791017229177993437198515");
80  mnt6_Fr::t_minus_1_over_2 =
81  bigint_r("1815499443699879935277363775837129408054828183146265889723034"
82  "395508614588996718599257");
83  mnt6_Fr::multiplicative_generator = mnt6_Fr("17");
84  mnt6_Fr::root_of_unity =
85  mnt6_Fr("26470625057180008075806930236965430553012567552126397603405487"
86  "8017580902343339784464690243");
87  mnt6_Fr::nqr = mnt6_Fr("17");
88  mnt6_Fr::nqr_to_t = mnt6_Fr("2647062505718000807580693023696543055301256755"
89  "21263976034054878017580902343339784464690243");
90  mnt6_Fr::static_init();
91 
92  /* parameters for base field Fq */
93  mnt6_modulus_q = bigint_q("475922286169261325753349249653048451545124878552"
94  "823515553267735739164647307408490559963137");
95  assert(mnt6_Fq::modulus_is_valid());
96  if (sizeof(mp_limb_t) == 8) {
97  mnt6_Fq::Rsquared =
98  bigint_q("163983144722506446826715124368972380525894397127205577781"
99  "234305496325861831001705438796139");
100  mnt6_Fq::Rcubed =
101  bigint_q("207236281459091063710247635236340312578688659363066707916"
102  "716212805695955118593239854980171");
103  mnt6_Fq::inv = 0xbb4334a3ffffffff;
104  }
105  if (sizeof(mp_limb_t) == 4) {
106  mnt6_Fq::Rsquared =
107  bigint_q("163983144722506446826715124368972380525894397127205577781"
108  "234305496325861831001705438796139");
109  mnt6_Fq::Rcubed =
110  bigint_q("207236281459091063710247635236340312578688659363066707916"
111  "716212805695955118593239854980171");
112  mnt6_Fq::inv = 0xffffffff;
113  }
114  mnt6_Fq::num_bits = 298;
115  mnt6_Fq::euler = bigint_q("237961143084630662876674624826524225772562439276"
116  "411757776633867869582323653704245279981568");
117  mnt6_Fq::s = 34;
118  mnt6_Fq::t = bigint_q("2770232305450256248897344628657729199302411164115319"
119  "9339359284829066871159442729");
120  mnt6_Fq::t_minus_1_over_2 =
121  bigint_q("1385116152725128124448672314328864599651205582057659966967964"
122  "2414533435579721364");
123  mnt6_Fq::multiplicative_generator = mnt6_Fq("10");
124  mnt6_Fq::root_of_unity =
125  mnt6_Fq("12063881782691317345876882948569009984537700803089161801010977"
126  "2937363554409782252579816313");
127  mnt6_Fq::nqr = mnt6_Fq("5");
128  mnt6_Fq::nqr_to_t = mnt6_Fq("4062206042430904010564294587302981459372625525"
129  "08985450684842547562990900634752279902740880");
130  mnt6_Fq::static_init();
131 
132  /* parameters for twist field Fq3 */
133  mnt6_Fq3::euler = bigint<3 * mnt6_q_limbs>(
134  "5389868017855495171539724515479603613946389158900147862919313636912491"
135  "5637741423690184935056189295242736833704290747216410090671804540908400"
136  "2107789344621296256462630953983234857955575512841902241668515716158341"
137  "94321908328559167529729507439069424158411618728014749106176");
138  mnt6_Fq3::s = 34;
139  mnt6_Fq3::t = bigint<3 * mnt6_q_limbs>(
140  "6274632199033507112809136178669989590936327770934612330653836993631547"
141  "7403976749268110067416202853483540045218880692515999649967770721889566"
142  "8755040206738394052328810740708414066996862544726932237004530285669423"
143  "1080113482726640944570478452261237446033817102203");
144  mnt6_Fq3::t_minus_1_over_2 = bigint<3 * mnt6_q_limbs>(
145  "3137316099516753556404568089334994795468163885467306165326918496815773"
146  "8701988374634055033708101426741770022609440346257999824983885360944783"
147  "4377520103369197026164405370354207033498431272363466118502265142834711"
148  "5540056741363320472285239226130618723016908551101");
149  mnt6_Fq3::non_residue = mnt6_Fq("5");
150  mnt6_Fq3::nqr = mnt6_Fq3(mnt6_Fq("5"), mnt6_Fq("0"), mnt6_Fq("0"));
151  mnt6_Fq3::nqr_to_t = mnt6_Fq3(
152  mnt6_Fq("15436144967878350507698415627597793765433110336117446963234623"
153  "0549735979552469642799720052"),
154  mnt6_Fq("0"),
155  mnt6_Fq("0"));
156  mnt6_Fq3::Frobenius_coeffs_c1[0] = mnt6_Fq("1");
157  mnt6_Fq3::Frobenius_coeffs_c1[1] =
158  mnt6_Fq("47173889896752102913304085131844916599730410872955897377007731"
159  "9830005517129946578866686956");
160  mnt6_Fq3::Frobenius_coeffs_c1[2] =
161  mnt6_Fq("41833872017402966203083983345992855478207698232645417831904159"
162  "09159130177461911693276180");
163  mnt6_Fq3::Frobenius_coeffs_c2[0] = mnt6_Fq("1");
164  mnt6_Fq3::Frobenius_coeffs_c2[1] =
165  mnt6_Fq("41833872017402966203083983345992855478207698232645417831904159"
166  "09159130177461911693276180");
167  mnt6_Fq3::Frobenius_coeffs_c2[2] =
168  mnt6_Fq("47173889896752102913304085131844916599730410872955897377007731"
169  "9830005517129946578866686956");
170 
171  /* parameters for Fq6 */
172  mnt6_Fq6::non_residue = mnt6_Fq("5");
173  mnt6_Fq6::Frobenius_coeffs_c1[0] = mnt6_Fq("1");
174  mnt6_Fq6::Frobenius_coeffs_c1[1] =
175  mnt6_Fq("47173889896752102913304085131844916599730410872955897377007731"
176  "9830005517129946578866686957");
177  mnt6_Fq6::Frobenius_coeffs_c1[2] =
178  mnt6_Fq("47173889896752102913304085131844916599730410872955897377007731"
179  "9830005517129946578866686956");
180  mnt6_Fq6::Frobenius_coeffs_c1[3] =
181  mnt6_Fq("47592228616926132575334924965304845154512487855282351555326773"
182  "5739164647307408490559963136");
183  mnt6_Fq6::Frobenius_coeffs_c1[4] =
184  mnt6_Fq("41833872017402966203083983345992855478207698232645417831904159"
185  "09159130177461911693276180");
186  mnt6_Fq6::Frobenius_coeffs_c1[5] =
187  mnt6_Fq("41833872017402966203083983345992855478207698232645417831904159"
188  "09159130177461911693276181");
189  mnt6_Fq6::my_Fp2::non_residue = mnt6_Fq3::non_residue;
190 
191  /* choice of short Weierstrass curve and its twist */
192  mnt6_G1::coeff_a = mnt6_Fq("11");
193  mnt6_G1::coeff_b = mnt6_Fq("10670008051085173567796731963258535225645425120"
194  "1367587890185989362936000262606668469523074");
195  mnt6_twist = mnt6_Fq3(mnt6_Fq::zero(), mnt6_Fq::one(), mnt6_Fq::zero());
196  mnt6_twist_coeff_a =
197  mnt6_Fq3(mnt6_Fq::zero(), mnt6_Fq::zero(), mnt6_G1::coeff_a);
198  mnt6_twist_coeff_b = mnt6_Fq3(
199  mnt6_G1::coeff_b * mnt6_Fq3::non_residue,
200  mnt6_Fq::zero(),
201  mnt6_Fq::zero());
202  mnt6_G2::twist = mnt6_twist;
203  mnt6_G2::coeff_a = mnt6_twist_coeff_a;
204  mnt6_G2::coeff_b = mnt6_twist_coeff_b;
205  mnt6_twist_mul_by_a_c0 = mnt6_G1::coeff_a * mnt6_Fq3::non_residue;
206  mnt6_twist_mul_by_a_c1 = mnt6_G1::coeff_a * mnt6_Fq3::non_residue;
207  mnt6_twist_mul_by_a_c2 = mnt6_G1::coeff_a;
208  mnt6_twist_mul_by_b_c0 = mnt6_G1::coeff_b * mnt6_Fq3::non_residue;
209  mnt6_twist_mul_by_b_c1 = mnt6_G1::coeff_b * mnt6_Fq3::non_residue;
210  mnt6_twist_mul_by_b_c2 = mnt6_G1::coeff_b * mnt6_Fq3::non_residue;
211  mnt6_twist_mul_by_q_X =
212  mnt6_Fq("41833872017402966203083983345992855478207698232645417831904159"
213  "09159130177461911693276180");
214  mnt6_twist_mul_by_q_Y =
215  mnt6_Fq("47592228616926132575334924965304845154512487855282351555326773"
216  "5739164647307408490559963136");
217 
218  /* choice of group G1 */
219  // Identities
220  mnt6_G1::G1_zero =
221  mnt6_G1(mnt6_Fq::zero(), mnt6_Fq::one(), mnt6_Fq::zero());
222  mnt6_G1::G1_one = mnt6_G1(
223  mnt6_Fq("33668575288308222810928984635393710418569820937140417834296883"
224  "8739115829740084426881123453"),
225  mnt6_Fq("40259629013978098970933270771656892077762203207376274986234237"
226  "4583908837063963736098549800"),
227  mnt6_Fq::one());
228 
229  // Cofactor
230  mnt6_G1::h = bigint<mnt6_G1::h_limbs>("1");
231 
232  // WNAF
233  mnt6_G1::wnaf_window_table.resize(0);
234  mnt6_G1::wnaf_window_table.push_back(11);
235  mnt6_G1::wnaf_window_table.push_back(24);
236  mnt6_G1::wnaf_window_table.push_back(60);
237  mnt6_G1::wnaf_window_table.push_back(127);
238 
239  mnt6_G1::fixed_base_exp_window_table.resize(0);
240  // window 1 is unbeaten in [-inf, 3.96]
241  mnt6_G1::fixed_base_exp_window_table.push_back(1);
242  // window 2 is unbeaten in [3.96, 9.67]
243  mnt6_G1::fixed_base_exp_window_table.push_back(4);
244  // window 3 is unbeaten in [9.67, 25.13]
245  mnt6_G1::fixed_base_exp_window_table.push_back(10);
246  // window 4 is unbeaten in [25.13, 60.31]
247  mnt6_G1::fixed_base_exp_window_table.push_back(25);
248  // window 5 is unbeaten in [60.31, 146.07]
249  mnt6_G1::fixed_base_exp_window_table.push_back(60);
250  // window 6 is unbeaten in [146.07, 350.09]
251  mnt6_G1::fixed_base_exp_window_table.push_back(146);
252  // window 7 is unbeaten in [350.09, 844.54]
253  mnt6_G1::fixed_base_exp_window_table.push_back(350);
254  // window 8 is unbeaten in [844.54, 1839.64]
255  mnt6_G1::fixed_base_exp_window_table.push_back(845);
256  // window 9 is unbeaten in [1839.64, 3904.26]
257  mnt6_G1::fixed_base_exp_window_table.push_back(1840);
258  // window 10 is unbeaten in [3904.26, 11309.42]
259  mnt6_G1::fixed_base_exp_window_table.push_back(3904);
260  // window 11 is unbeaten in [11309.42, 24015.57]
261  mnt6_G1::fixed_base_exp_window_table.push_back(11309);
262  // window 12 is unbeaten in [24015.57, 72288.57]
263  mnt6_G1::fixed_base_exp_window_table.push_back(24016);
264  // window 13 is unbeaten in [72288.57, 138413.22]
265  mnt6_G1::fixed_base_exp_window_table.push_back(72289);
266  // window 14 is unbeaten in [138413.22, 156390.30]
267  mnt6_G1::fixed_base_exp_window_table.push_back(138413);
268  // window 15 is unbeaten in [156390.30, 562560.50]
269  mnt6_G1::fixed_base_exp_window_table.push_back(156390);
270  // window 16 is unbeaten in [562560.50, 1036742.02]
271  mnt6_G1::fixed_base_exp_window_table.push_back(562560);
272  // window 17 is unbeaten in [1036742.02, 2053818.86]
273  mnt6_G1::fixed_base_exp_window_table.push_back(1036742);
274  // window 18 is unbeaten in [2053818.86, 4370223.95]
275  mnt6_G1::fixed_base_exp_window_table.push_back(2053819);
276  // window 19 is unbeaten in [4370223.95, 8215703.81]
277  mnt6_G1::fixed_base_exp_window_table.push_back(4370224);
278  // window 20 is unbeaten in [8215703.81, 42682375.43]
279  mnt6_G1::fixed_base_exp_window_table.push_back(8215704);
280  // window 21 is never the best
281  mnt6_G1::fixed_base_exp_window_table.push_back(0);
282  // window 22 is unbeaten in [42682375.43, inf]
283  mnt6_G1::fixed_base_exp_window_table.push_back(42682375);
284 
285  /* choice of group G2 */
286  // Identities
287  mnt6_G2::G2_zero =
288  mnt6_G2(mnt6_Fq3::zero(), mnt6_Fq3::one(), mnt6_Fq3::zero());
289  mnt6_G2::G2_one = mnt6_G2(
290  mnt6_Fq3(
291  mnt6_Fq("4214564357728118462568265615939083222885091154891199075603"
292  "82401870203318738334702321297427"),
293  mnt6_Fq("1030729274385485024635270099613449150211675847064399454049"
294  "59058962657261178393635706405114"),
295  mnt6_Fq("1430291721437318526270029263247351838097683633011490092048"
296  "49580478324784395590388826052558")),
297  mnt6_Fq3(
298  mnt6_Fq("4646735966686894631300992275756395125412181334453888693838"
299  "93594087634649237515554342751377"),
300  mnt6_Fq("1006429075019773751845750759671180718078211179601527433356"
301  "03284583254620685343989304941678"),
302  mnt6_Fq("1230198555029698960269405457158411813002751801572880446630"
303  "51565390506010149881373807142903")),
304  mnt6_Fq3::one());
305 
306  // Cofactor
307  mnt6_G2::h = bigint<mnt6_G2::h_limbs>(
308  "2265020224725762701964986904983084617918287627326025861622075353519602"
309  "7008271269497733337236154908221451925226173504813188901850140437785678"
310  "6623430385820659037970876666767495659520");
311 
312  // WNAF
313  mnt6_G2::wnaf_window_table.resize(0);
314  mnt6_G2::wnaf_window_table.push_back(5);
315  mnt6_G2::wnaf_window_table.push_back(15);
316  mnt6_G2::wnaf_window_table.push_back(39);
317  mnt6_G2::wnaf_window_table.push_back(109);
318 
319  mnt6_G2::fixed_base_exp_window_table.resize(0);
320  // window 1 is unbeaten in [-inf, 4.25]
321  mnt6_G2::fixed_base_exp_window_table.push_back(1);
322  // window 2 is unbeaten in [4.25, 10.22]
323  mnt6_G2::fixed_base_exp_window_table.push_back(4);
324  // window 3 is unbeaten in [10.22, 24.85]
325  mnt6_G2::fixed_base_exp_window_table.push_back(10);
326  // window 4 is unbeaten in [24.85, 60.06]
327  mnt6_G2::fixed_base_exp_window_table.push_back(25);
328  // window 5 is unbeaten in [60.06, 143.61]
329  mnt6_G2::fixed_base_exp_window_table.push_back(60);
330  // window 6 is unbeaten in [143.61, 345.66]
331  mnt6_G2::fixed_base_exp_window_table.push_back(144);
332  // window 7 is unbeaten in [345.66, 818.56]
333  mnt6_G2::fixed_base_exp_window_table.push_back(346);
334  // window 8 is unbeaten in [818.56, 1782.06]
335  mnt6_G2::fixed_base_exp_window_table.push_back(819);
336  // window 9 is unbeaten in [1782.06, 4002.45]
337  mnt6_G2::fixed_base_exp_window_table.push_back(1782);
338  // window 10 is unbeaten in [4002.45, 10870.18]
339  mnt6_G2::fixed_base_exp_window_table.push_back(4002);
340  // window 11 is unbeaten in [10870.18, 18022.51]
341  mnt6_G2::fixed_base_exp_window_table.push_back(10870);
342  // window 12 is unbeaten in [18022.51, 43160.74]
343  mnt6_G2::fixed_base_exp_window_table.push_back(18023);
344  // window 13 is unbeaten in [43160.74, 149743.32]
345  mnt6_G2::fixed_base_exp_window_table.push_back(43161);
346  // window 14 is never the best
347  mnt6_G2::fixed_base_exp_window_table.push_back(0);
348  // window 15 is unbeaten in [149743.32, 551844.13]
349  mnt6_G2::fixed_base_exp_window_table.push_back(149743);
350  // window 16 is unbeaten in [551844.13, 1041827.91]
351  mnt6_G2::fixed_base_exp_window_table.push_back(551844);
352  // window 17 is unbeaten in [1041827.91, 1977371.53]
353  mnt6_G2::fixed_base_exp_window_table.push_back(1041828);
354  // window 18 is unbeaten in [1977371.53, 3703619.51]
355  mnt6_G2::fixed_base_exp_window_table.push_back(1977372);
356  // window 19 is unbeaten in [3703619.51, 7057236.87]
357  mnt6_G2::fixed_base_exp_window_table.push_back(3703620);
358  // window 20 is unbeaten in [7057236.87, 38554491.67]
359  mnt6_G2::fixed_base_exp_window_table.push_back(7057237);
360  // window 21 is never the best
361  mnt6_G2::fixed_base_exp_window_table.push_back(0);
362  // window 22 is unbeaten in [38554491.67, inf]
363  mnt6_G2::fixed_base_exp_window_table.push_back(38554492);
364 
365  /* pairing parameters */
366  mnt6_ate_loop_count =
367  bigint_q("689871209842287392837045615510547309923794944");
368  mnt6_ate_is_loop_count_neg = true;
369  mnt6_final_exponent = bigint<6 * mnt6_q_limbs>(
370  "2441632013809050969789059541431343876835397748986254393590401071543906"
371  "6975957855922532159264213056712140358746422742237328406558352706591021"
372  "6422306180605028554512640453974447931868761990152567816487468886255270"
373  "7546606307501130780086217376423631134210521168112142693161684363521585"
374  "2236649271569251468773714424208521977615548771268520882870120900360322"
375  "0442188067120277293518453076904749855025875277538472001305920580983636"
376  "41559341826790559426614919168");
377  mnt6_final_exponent_last_chunk_abs_of_w0 =
378  bigint_q("689871209842287392837045615510547309923794944");
379  mnt6_final_exponent_last_chunk_is_w0_neg = true;
380  mnt6_final_exponent_last_chunk_w1 = bigint_q("1");
381 }
382 
383 } // namespace libff
libff::Fp3_model< mnt6_q_limbs, mnt6_modulus_q >::nqr_to_t
static Fp3_model< n, modulus > nqr_to_t
nqr^t
Definition: fp3.hpp:53
libff::Fp3_model< mnt6_q_limbs, mnt6_modulus_q >::Frobenius_coeffs_c1
static my_Fp Frobenius_coeffs_c1[3]
non_residue^((modulus^i-1)/3) for i=0,1,2
Definition: fp3.hpp:55
libff::mnt6_ate_loop_count
bigint< mnt6_q_limbs > mnt6_ate_loop_count
Definition: mnt6_init.cpp:36
libff::mnt6_twist_mul_by_a_c0
mnt6_Fq mnt6_twist_mul_by_a_c0
Definition: mnt6_init.cpp:27
libff::mnt6_twist_mul_by_b_c2
mnt6_Fq mnt6_twist_mul_by_b_c2
Definition: mnt6_init.cpp:32
libff::mnt6_G1::coeff_a
static mnt6_Fq coeff_a
Definition: mnt6_g1.hpp:37
libff::mnt6_G2::coeff_b
static mnt6_Fq3 coeff_b
Definition: mnt6_g2.hpp:39
libff::Fp3_model< mnt6_q_limbs, mnt6_modulus_q >::euler
static bigint< 3 *n > euler
(modulus^3-1)/2
Definition: fp3.hpp:40
libff::mnt6_G2::coeff_a
static mnt6_Fq3 coeff_a
Definition: mnt6_g2.hpp:38
libff::Fp3_model< mnt6_q_limbs, mnt6_modulus_q >::s
static size_t s
modulus^3 = 2^s * t + 1
Definition: fp3.hpp:42
libff
Definition: ffi.cpp:8
libff::Fp3_model< mnt6_q_limbs, mnt6_modulus_q >::one
static Fp3_model< n, modulus > one()
libff::mnt6_final_exponent_last_chunk_w1
bigint< mnt6_q_limbs > mnt6_final_exponent_last_chunk_w1
Definition: mnt6_init.cpp:41
libff::mnt6_G1::G1_one
static mnt6_G1 G1_one
Definition: mnt6_g1.hpp:36
libff::mnt6_Fq
Fp_model< mnt6_q_limbs, mnt6_modulus_q > mnt6_Fq
Definition: mnt6_init.hpp:37
libff::mnt6_twist_mul_by_b_c1
mnt6_Fq mnt6_twist_mul_by_b_c1
Definition: mnt6_init.cpp:31
libff::mnt6_twist_mul_by_q_Y
mnt6_Fq mnt6_twist_mul_by_q_Y
Definition: mnt6_init.cpp:34
libff::Fp_model::nqr
static Fp_model< n, modulus > nqr
a quadratic nonresidue
Definition: fp.hpp:70
libff::Fp_model< mnt6_q_limbs, mnt6_modulus_q >::zero
static const Fp_model< n, modulus > & zero()
libff::Fp3_model< mnt6_q_limbs, mnt6_modulus_q >::t_minus_1_over_2
static bigint< 3 *n > t_minus_1_over_2
(t-1)/2
Definition: fp3.hpp:46
libff::mnt6_twist_mul_by_a_c1
mnt6_Fq mnt6_twist_mul_by_a_c1
Definition: mnt6_init.cpp:28
libff::Fp_model::t
static bigint< n > t
with t odd
Definition: fp.hpp:66
libff::mnt6_twist_mul_by_q_X
mnt6_Fq mnt6_twist_mul_by_q_X
Definition: mnt6_init.cpp:33
libff::init_mnt6_params
void init_mnt6_params()
Definition: mnt6_init.cpp:43
libff::Fp_model::s
static size_t s
modulus = 2^s * t + 1
Definition: fp.hpp:64
libff::mnt6_twist_coeff_b
mnt6_Fq3 mnt6_twist_coeff_b
Definition: mnt6_init.cpp:26
libff::mnt6_G2::G2_zero
static mnt6_G2 G2_zero
Definition: mnt6_g2.hpp:35
libff::mnt6_G1::G1_zero
static mnt6_G1 G1_zero
Definition: mnt6_g1.hpp:35
libff::Fp_model::euler
static bigint< n > euler
(modulus-1)/2
Definition: fp.hpp:62
libff::Fp_model::modulus_is_valid
static bool modulus_is_valid()
Definition: fp.hpp:84
libff::mnt6_G1::coeff_b
static mnt6_Fq coeff_b
Definition: mnt6_g1.hpp:38
libff::Fp_model< mnt6_q_limbs, mnt6_modulus_q >::one
static const Fp_model< n, modulus > & one()
libff::mnt6_twist
mnt6_Fq3 mnt6_twist
Definition: mnt6_init.cpp:24
libff::mnt6_G2
Definition: mnt6_g2.hpp:26
libff::mnt6_G1::wnaf_window_table
static std::vector< size_t > wnaf_window_table
Definition: mnt6_g1.hpp:33
libff::Fp3_model< mnt6_q_limbs, mnt6_modulus_q >::Frobenius_coeffs_c2
static my_Fp Frobenius_coeffs_c2[3]
non_residue^((2*modulus^i-2)/3) for i=0,1,2
Definition: fp3.hpp:57
libff::mnt6_twist_coeff_a
mnt6_Fq3 mnt6_twist_coeff_a
Definition: mnt6_init.cpp:25
libff::mnt6_G1::h
static bigint< h_limbs > h
Definition: mnt6_g1.hpp:47
libff::mnt6_G1::fixed_base_exp_window_table
static std::vector< size_t > fixed_base_exp_window_table
Definition: mnt6_g1.hpp:34
libff::Fp_model::t_minus_1_over_2
static bigint< n > t_minus_1_over_2
(t-1)/2
Definition: fp.hpp:68
mnt6_g2.hpp
libff::bigint
Definition: bigint.hpp:20
libff::mnt6_G2::twist
static mnt6_Fq3 twist
Definition: mnt6_g2.hpp:37
libff::mnt6_G2::G2_one
static mnt6_G2 G2_one
Definition: mnt6_g2.hpp:36
libff::Fp6_2over3_model::non_residue
static my_Fp non_residue
Definition: fp6_2over3.hpp:42
libff::Fp3_model< mnt6_q_limbs, mnt6_modulus_q >::nqr
static Fp3_model< n, modulus > nqr
a quadratic nonresidue in Fp3
Definition: fp3.hpp:51
libff::Fp_model::static_init
static void static_init()
libff::mnt6_Fq3
Fp3_model< mnt6_q_limbs, mnt6_modulus_q > mnt6_Fq3
Definition: mnt6_init.hpp:38
libff::Fp_model::root_of_unity
static Fp_model< n, modulus > root_of_unity
generator^((modulus-1)/2^s)
Definition: fp.hpp:76
libff::mnt6_G2::fixed_base_exp_window_table
static std::vector< size_t > fixed_base_exp_window_table
Definition: mnt6_g2.hpp:34
libff::Fp2_model::non_residue
static my_Fp non_residue
Definition: fp2.hpp:55
libff::mnt6_twist_mul_by_a_c2
mnt6_Fq mnt6_twist_mul_by_a_c2
Definition: mnt6_init.cpp:29
libff::mnt6_Fr
Fp_model< mnt6_r_limbs, mnt6_modulus_r > mnt6_Fr
Definition: mnt6_init.hpp:36
libff::mnt6_G1
Definition: mnt6_g1.hpp:26
libff::Fp3_model
Definition: fp3.hpp:18
libff::Fp6_2over3_model::Frobenius_coeffs_c1
static my_Fp Frobenius_coeffs_c1[6]
non_residue^((modulus^i-1)/6) for i=0,1,2,3,4,5
Definition: fp6_2over3.hpp:44
libff::mnt6_G2::wnaf_window_table
static std::vector< size_t > wnaf_window_table
Definition: mnt6_g2.hpp:33
libff::Fp_model< mnt6_q_limbs, mnt6_modulus_q >
libff::mnt6_G2::h
static bigint< h_limbs > h
Definition: mnt6_g2.hpp:49
libff::Fp_model::nqr_to_t
static Fp_model< n, modulus > nqr_to_t
nqr^t
Definition: fp.hpp:72
libff::Fp_model::multiplicative_generator
static Fp_model< n, modulus > multiplicative_generator
generator of Fp^*
Definition: fp.hpp:74
mnt6_init.hpp
libff::Fp_model::num_bits
static size_t num_bits
Definition: fp.hpp:60
libff::Fp3_model< mnt6_q_limbs, mnt6_modulus_q >::non_residue
static my_Fp non_residue
Definition: fp3.hpp:49
libff::Fp_model::inv
static mp_limb_t inv
-modulus^(-1) mod W, where W = 2^(word size)
Definition: fp.hpp:78
mnt6_g1.hpp
libff::mnt6_modulus_r
bigint< mnt6_r_limbs > mnt6_modulus_r
libff::mnt6_modulus_q
bigint< mnt6_q_limbs > mnt6_modulus_q
libff::mnt6_ate_is_loop_count_neg
bool mnt6_ate_is_loop_count_neg
Definition: mnt6_init.cpp:37
libff::Fp_model::Rsquared
static bigint< n > Rsquared
R^2, where R = W^k, where k = ??
Definition: fp.hpp:80
libff::mnt6_final_exponent
bigint< 6 *mnt6_q_limbs > mnt6_final_exponent
Definition: mnt6_init.cpp:38
libff::mnt6_final_exponent_last_chunk_is_w0_neg
bool mnt6_final_exponent_last_chunk_is_w0_neg
Definition: mnt6_init.cpp:40
libff::mnt6_final_exponent_last_chunk_abs_of_w0
bigint< mnt6_q_limbs > mnt6_final_exponent_last_chunk_abs_of_w0
Definition: mnt6_init.cpp:39
libff::Fp_model::Rcubed
static bigint< n > Rcubed
R^3.
Definition: fp.hpp:82
libff::Fp3_model< mnt6_q_limbs, mnt6_modulus_q >::zero
static Fp3_model< n, modulus > zero()
libff::mnt6_twist_mul_by_b_c0
mnt6_Fq mnt6_twist_mul_by_b_c0
Definition: mnt6_init.cpp:30
libff::Fp3_model< mnt6_q_limbs, mnt6_modulus_q >::t
static bigint< 3 *n > t
with t odd
Definition: fp3.hpp:44
Generated on Thu Aug 18 2022 12:42:19 for Clearmatics Libff by   doxygen 1.8.17