1 /*############################################################################
2 # Copyright 2017 Intel Corporation
3 #
4 # Licensed under the Apache License, Version 2.0 (the "License");
5 # you may not use this file except in compliance with the License.
6 # You may obtain a copy of the License at
7 #
8 #     http://www.apache.org/licenses/LICENSE-2.0
9 #
10 # Unless required by applicable law or agreed to in writing, software
11 # distributed under the License is distributed on an "AS IS" BASIS,
12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 # See the License for the specific language governing permissions and
14 # limitations under the License.
15 ############################################################################*/
16 /// Implementation of Fq6 math
17 /*! \file */
18 
19 #include "epid/member/tiny/math/fq6.h"
20 
21 #include "epid/member/tiny/math/fq2.h"
22 #include "epid/member/tiny/math/mathtypes.h"
23 
Fq6Add(Fq6Elem * result,Fq6Elem const * left,Fq6Elem const * right)24 void Fq6Add(Fq6Elem* result, Fq6Elem const* left, Fq6Elem const* right) {
25   Fq2Add(&result->y0, &left->y0, &right->y0);
26   Fq2Add(&result->y1, &left->y1, &right->y1);
27   Fq2Add(&result->y2, &left->y2, &right->y2);
28 }
29 
Fq6Sub(Fq6Elem * result,Fq6Elem const * left,Fq6Elem const * right)30 void Fq6Sub(Fq6Elem* result, Fq6Elem const* left, Fq6Elem const* right) {
31   Fq2Sub(&result->y0, &left->y0, &right->y0);
32   Fq2Sub(&result->y1, &left->y1, &right->y1);
33   Fq2Sub(&result->y2, &left->y2, &right->y2);
34 }
35 
Fq6Mul(Fq6Elem * result,Fq6Elem const * left,Fq6Elem const * right)36 void Fq6Mul(Fq6Elem* result, Fq6Elem const* left, Fq6Elem const* right) {
37   Fq2Elem tmpa;
38   Fq2Elem tmpb;
39   Fq2Elem tmpc;
40   Fq2Elem tmpd;
41   Fq2Elem tmpe;
42   Fq2Elem* temp_a = &tmpa;
43   Fq2Elem* temp_b = &tmpb;
44   Fq2Elem* temp_c = &tmpc;
45   Fq2Elem* temp_d = &tmpd;
46   Fq2Elem* temp_e = &tmpe;
47   Fq2Mul(temp_a, &left->y0, &right->y0);   // temp_a = t0 = a[0] * b[0]
48   Fq2Mul(temp_b, &left->y1, &right->y1);   // temp_b = t1
49   Fq2Mul(temp_c, &left->y2, &right->y2);   // temp_c = t2
50   Fq2Add(temp_d, &left->y1, &left->y2);    // temp_d = t3
51   Fq2Add(temp_e, &right->y1, &right->y2);  // temp_e = t4
52   Fq2Mul(temp_d, temp_d, temp_e);          // temp_d = t3
53   Fq2Sub(temp_d, temp_d, temp_b);
54   Fq2Sub(temp_d, temp_d, temp_c);
55   Fq2MulXi(temp_e, temp_d);
56   Fq2Add(temp_d, &left->y0, &left->y1);
57   Fq2Add(&result->y1, &right->y0, &right->y1);  // &result->y1 = t4
58   Fq2Mul(temp_d, temp_d, &result->y1);
59   Fq2MulXi(&result->y1, temp_c);  // result->y1 = Fq2.mulXi(t2)
60   Fq2Add(&result->y1, &result->y1, temp_d);
61   Fq2Sub(&result->y1, &result->y1, temp_a);
62   Fq2Sub(&result->y1, &result->y1, temp_b);
63   Fq2Add(temp_d, &left->y0, &left->y2);
64   Fq2Sub(temp_b, temp_b, temp_c);
65   Fq2Add(temp_c, &right->y0, &right->y2);
66   Fq2Add(&result->y0, temp_e, temp_a);  // temp_e = e[0], reordered instruction
67   Fq2Mul(temp_d, temp_d, temp_c);
68   Fq2Sub(temp_d, temp_d, temp_a);
69   Fq2Add(&result->y2, temp_d, temp_b);
70 }
71 
Fq6Inv(Fq6Elem * result,Fq6Elem const * in)72 void Fq6Inv(Fq6Elem* result, Fq6Elem const* in) {
73   Fq2Elem tmpa;
74   Fq2Elem tmpb;
75   Fq2Elem tmpc;
76   Fq2Elem tmpd;
77   Fq2Elem* temp_a = &tmpa;
78   Fq2Elem* temp_b = &tmpb;
79   Fq2Elem* temp_c = &tmpc;
80   Fq2Elem* temp_d = &tmpd;
81   Fq2Square(temp_a, &in->y0);
82   Fq2Mul(temp_d, &in->y1, &in->y2);
83   Fq2MulXi(temp_d, temp_d);
84   Fq2Sub(temp_a, temp_a, temp_d);
85   Fq2Square(temp_b, &in->y2);
86   Fq2Mul(temp_d, &in->y0, &in->y1);
87   Fq2MulXi(temp_b, temp_b);
88   Fq2Sub(temp_b, temp_b, temp_d);
89   Fq2Square(temp_c, &in->y1);
90   Fq2Mul(temp_d, &in->y0, &in->y2);
91   Fq2Sub(temp_c, temp_c, temp_d);
92   // using the results as temporary variables
93   Fq2Mul(&result->y0, &in->y0, temp_a);
94   Fq2Mul(&result->y1, &in->y1, temp_c);
95   Fq2Mul(&result->y2, &in->y2, temp_b);
96   Fq2MulXi(&result->y1, &result->y1);
97   Fq2MulXi(&result->y2, &result->y2);
98   Fq2Add(temp_d, &result->y0, &result->y1);
99   Fq2Add(temp_d, temp_d, &result->y2);
100   Fq2Inv(temp_d, temp_d);
101   Fq2Mul(&result->y0, temp_a, temp_d);
102   Fq2Mul(&result->y1, temp_b, temp_d);
103   Fq2Mul(&result->y2, temp_c, temp_d);
104 }
105 
Fq6Neg(Fq6Elem * result,Fq6Elem const * in)106 void Fq6Neg(Fq6Elem* result, Fq6Elem const* in) {
107   Fq2Neg(&result->y0, &in->y0);
108   Fq2Neg(&result->y1, &in->y1);
109   Fq2Neg(&result->y2, &in->y2);
110 }
111 
Fq6Clear(Fq6Elem * result)112 void Fq6Clear(Fq6Elem* result) {
113   Fq2Clear(&result->y0);
114   Fq2Clear(&result->y1);
115   Fq2Clear(&result->y2);
116 }
117 
Fq6MulScalar(Fq6Elem * result,Fq6Elem const * in,Fq2Elem const * scalar)118 void Fq6MulScalar(Fq6Elem* result, Fq6Elem const* in, Fq2Elem const* scalar) {
119   Fq2Mul(&result->y0, &in->y0, scalar);
120   Fq2Mul(&result->y1, &in->y1, scalar);
121   Fq2Mul(&result->y2, &in->y2, scalar);
122 }
123 
Fq6MulV(Fq6Elem * result,Fq6Elem const * in)124 void Fq6MulV(Fq6Elem* result, Fq6Elem const* in) {
125   Fq2Elem tmp;
126   Fq2Elem* temp = &tmp;
127   Fq2MulXi(temp, &in->y2);
128   Fq2Cp(&result->y2, &in->y1);
129   Fq2Cp(&result->y1, &in->y0);
130   Fq2Cp(&result->y0, temp);
131 }
132 
Fq6Eq(Fq6Elem const * left,Fq6Elem const * right)133 int Fq6Eq(Fq6Elem const* left, Fq6Elem const* right) {
134   return Fq2Eq(&left->y0, &right->y0) && Fq2Eq(&left->y1, &right->y1) &&
135          Fq2Eq(&left->y2, &right->y2);
136 }
137 
Fq6IsZero(Fq6Elem const * in)138 int Fq6IsZero(Fq6Elem const* in) {
139   return Fq2IsZero(&in->y0) && Fq2IsZero(&in->y1) && Fq2IsZero(&in->y2);
140 }
141 
Fq6Square(Fq6Elem * result,Fq6Elem const * in)142 void Fq6Square(Fq6Elem* result, Fq6Elem const* in) {
143   Fq2Elem T0;
144   Fq2Elem T2;
145   Fq2Elem T3;
146   Fq2Elem* t0 = &T0;
147   Fq2Elem* t1 = &result->y1;
148   Fq2Elem* t2 = &T2;
149   Fq2Elem* t3 = &T3;
150   Fq2Add(t0, &in->y1, &in->y2);
151   Fq2Square(t3, &in->y1);
152   Fq2Add(t1, &in->y0, &in->y1);
153   Fq2Add(t2, &in->y0, &in->y2);
154   Fq2Square(t0, t0);
155   Fq2Square(t1, t1);
156   Fq2Square(t2, t2);
157 
158   // using result from Fq2Square(t3, in->y1):
159   Fq2Sub(t0, t0, t3);
160   Fq2Sub(t1, t1, t3);
161   Fq2Add(t2, t2, t3);
162 
163   Fq2Square(t3, &in->y2);
164   Fq2Sub(t0, t0, t3);
165   Fq2Sub(t2, t2, t3);
166   Fq2MulXi(t3, t3);
167   Fq2Add(t1, t1, t3);
168 
169   Fq2Square(t3, &in->y0);
170   Fq2MulXi(t0, t0);
171   Fq2Add(&result->y0, t0, t3);
172   Fq2Sub(&result->y1, t1, t3);
173   Fq2Sub(&result->y2, t2, t3);
174 }
175 
Fq6Cp(Fq6Elem * result,Fq6Elem const * in)176 void Fq6Cp(Fq6Elem* result, Fq6Elem const* in) {
177   Fq2Cp(&result->y0, &in->y0);
178   Fq2Cp(&result->y1, &in->y1);
179   Fq2Cp(&result->y2, &in->y2);
180 }
181 
Fq6CondSet(Fq6Elem * result,Fq6Elem const * true_val,Fq6Elem const * false_val,int truth_val)182 void Fq6CondSet(Fq6Elem* result, Fq6Elem const* true_val,
183                 Fq6Elem const* false_val, int truth_val) {
184   Fq2CondSet(&result->y0, &true_val->y0, &false_val->y0, truth_val);
185   Fq2CondSet(&result->y1, &true_val->y1, &false_val->y1, truth_val);
186   Fq2CondSet(&result->y2, &true_val->y2, &false_val->y2, truth_val);
187 }
188 
Fq6Set(Fq6Elem * result,uint32_t in)189 void Fq6Set(Fq6Elem* result, uint32_t in) {
190   Fq6Clear(result);
191   Fq2Set(&result->y0, in);
192 }
193