From 0e99e6e7517e2f18cdf367780801234a2d4591e4 Mon Sep 17 00:00:00 2001 From: Kittywhiskers Van Gogh <63189531+kwvg@users.noreply.github.com> Date: Wed, 25 Sep 2024 21:20:57 +0000 Subject: [PATCH 1/4] build: annotate relic definitions already present and complete some sets Relic uses definitions that mean different things depending on the context, we only need to define them once and make sure they don't collide with another option for the same param. So, to account for where all these unique definitions have come from, we will annotate them and mention the other available options as comments for completion's sake. If an param doesn't define any new values, it has been omitted for brevity's sake. --- configure.ac | 150 +++++++++++++++++++++++++++++++++++++-------------- 1 file changed, 110 insertions(+), 40 deletions(-) diff --git a/configure.ac b/configure.ac index 16139e5de..ca499c31a 100644 --- a/configure.ac +++ b/configure.ac @@ -266,10 +266,116 @@ dnl Relic: Memory-allocation policies AC_DEFINE([AUTO], [1], [Automatic memory allocation.]) AC_DEFINE([DYNAMIC], [2], [Dynamic memory allocation.]) +dnl Relic (BN): Options for the multiple precision +AC_DEFINE([SINGLE], [1], [A multiple precision integer can store w words.]) +AC_DEFINE([CARRY], [2], [A multiple precision integer can store the result of an addition.]) +AC_DEFINE([DOUBLE], [3], [A multiple precision integer can store the result of a multiplication.]) + +dnl Relic (BN): Greatest Common Divisor +dnl AC_DEFINE([BASIC], [1], [Euclid's standard GCD algorithm.]) +AC_DEFINE([LEHME], [2], [Lehmer's fast GCD Algorithm.]) +AC_DEFINE([STEIN], [3], [Stein's binary GCD Algorithm.]) + +dnl Relic (BN): Integer multiplication +dnl AC_DEFINE([BASIC], [1], [Schoolbook multiplication.]) +dnl AC_DEFINE([COMBA], [3], [Comba multiplication.]) + +dnl Relic (BN): Integer squaring +dnl AC_DEFINE([BASIC], [1], [Schoolbook squaring.]) +dnl AC_DEFINE([COMBA], [3], [Comba squaring.]) +dnl AC_DEFINE([MULTP], [4], [Reuse multiplication for squaring.]) + +dnl Relic (BN): Modular exponentiation +dnl AC_DEFINE([BASIC], [1], [Binary modular exponentiation.]) +AC_DEFINE([SLIDE], [2], [Sliding window modular exponentiation.]) +dnl AC_DEFINE([MONTY], [9], [Sliding window modular exponentiation.]) + +dnl Relic (BN): Prime generation +dnl AC_DEFINE([BASIC], [1], [Basic prime generation.]) +AC_DEFINE([SAFEP], [2], [Safe prime generation.]) +AC_DEFINE([STRON], [3], [Strong prime generation.]) + dnl Relic (CP): Support for faster CRT-based exponentiation in factoring-based cryptosystems AC_DEFINE([PKCS1], [2], [RSA PKCS#1 v1.5 padding.]) AC_DEFINE([PKCS2], [3], [RSA PKCS#1 v2.1 padding.]) +dnl Relic (EB): Fixed-base scalar multiplication +dnl AC_DEFINE([BASIC], [1], [Binary method for fixed point multiplication.]) +AC_DEFINE([COMBS], [2], [Single-table Comb method for fixed point multiplication.]) +AC_DEFINE([COMBD], [3], [Double-table Comb method for fixed point multiplication.]) +AC_DEFINE([LWNAF], [4], [Left-to-right window (T)NAF method.]) + +dnl Relic (EB): Point representation +dnl AC_DEFINE([BASIC], [1], [Affine coordinates.]) +AC_DEFINE([PROJC], [2], [Projective coordinates.]) + +dnl Relic (EB): Variable-base scalar multiplication +dnl AC_DEFINE([BASIC], [1], [Binary double-and-add method.]) +AC_DEFINE([LODAH], [2], [Lopez-Dahab constant-time point multiplication.]) +dnl AC_DEFINE([LWNAF], [4], [Left-to-right window (T)NAF method.]) +AC_DEFINE([RWNAF], [3], [Right-to-left window (T)NAF method.]) +AC_DEFINE([HALVE], [5], [Halving method.]) + +dnl Relic (EB): Variable-base simultaneous scalar multiplication +dnl AC_DEFINE([BASIC], [1], [Multiplication-and-addition simultaneous multiplication.]) +AC_DEFINE([TRICK], [2], [Shamir's trick.]) +AC_DEFINE([INTER], [3], [Interleaving of w-(T)NAFs.]) +AC_DEFINE([JOINT], [4], [Joint sparse form.]) + +dnl Relic (EC): Available elliptic curve methods +AC_DEFINE([PRIME], [1], [Prime curves.]) +AC_DEFINE([CHAR2], [2], [Binary curves.]) +AC_DEFINE([EDDIE], [3], [Prime Edwards curves.]) + +dnl Relic (EC): Prime elliptic Edwards curve methods +dnl AC_DEFINE([BASIC], [1], [Affine coordinates.]) +dnl AC_DEFINE([PROJC], [2], [Simple projective twisted Edwards coordinates.]) +AC_DEFINE([EXTND], [3], [Extended projective twisted Edwards coordinates.]) + +dnl Relic (ED): Variable-base multiplication method +dnl AC_DEFINE([BASIC], [1], [Binary method.]) +dnl AC_DEFINE([SLIDE], [2], [Sliding window method.]) +dnl AC_DEFINE([MONTY], [9], [Montgomery ladder method.]) +dnl AC_DEFINE([LWNAF], [4], [Left-to-right window NAF method.]) +AC_DEFINE([LWREG], [5], [Left-to-right regular recoding method.]) + +dnl Relic (EP): Point representation +dnl AC_DEFINE([BASIC], [1], [Affine coordinates.]) +dnl AC_DEFINE([PROJC], [2], [Homogeneous projective coordinates (complete formula).]) +AC_DEFINE([JACOB], [3], [Jacobian coordinates.]) + +dnl Relic (FB): Field inversion +dnl AC_DEFINE([BASIC], [1], [Inversion by Fermat's Little Theorem.]) +AC_DEFINE([BINAR], [2], [Binary Inversion algorithm.]) +AC_DEFINE([ALMOS], [3], [Inversion by the Amost inverse algorithm.]) +AC_DEFINE([EXGCD], [4], [Inversion by the Extended Euclidean algorithm.]) +AC_DEFINE([ITOHT], [5], [Inversion by Itoh-Tsuji.]) +AC_DEFINE([CTAIA], [6], [Constant-time almost inversion algorithm.]) +AC_DEFINE([BRUCH], [7], [Hardware-friendly inversion by Brunner-Curiger-Hofstetter.]) +AC_DEFINE([LOWER], [8], [Pass inversion to the lower level.]) + +dnl Relic (FP): Field inversion +dnl AC_DEFINE([BASIC], [1], [Inversion by Fermat's Little Theorem.]) +dnl AC_DEFINE([BINAR], [2], [Binary Inversion algorithm.]) +AC_DEFINE([MONTY], [9], [Montgomery inversion.]) +dnl AC_DEFINE([EXGCD], [4], [Inversion by the Extended Euclidean algorithm.]) +dnl AC_DEFINE([LOWER], [8], [Pass inversion to the lower level.]) +AC_DEFINE([DIVST], [10], [Constant-time inversion by division steps.]) + +dnl Relic (FP): Field squaring +AC_DEFINE([BASIC], [1], [Schoolbook multiplication.]) +AC_DEFINE([INTEG], [2], [Integrated modular squaring.]) +AC_DEFINE([COMBA], [3], [Comba squaring.]) +AC_DEFINE([MULTP], [4], [Reuse multiplication for squaring.]) + +dnl Relic (FP): Modular reduction +dnl AC_DEFINE([BASIC], [1], [Division-based reduction.]) +AC_DEFINE([QUICK], [2], [Fast reduction modulo special form prime.]) +dnl AC_DEFINE([MONTY], [9], [Montgomery modular reduction.]) + +dnl Relic (FP): Preferences +AC_DEFINE([PMERS], [4], [Pseudo-Mersenne method.]) + dnl Relic (MD): Available hash functions AC_DEFINE([SH224], [2], [SHA-224 hash function.]) AC_DEFINE([SH256], [3], [SHA-256 hash function.]) @@ -290,50 +396,14 @@ dnl AC_DEFINE([RDRND], [2], [Intel RdRand instruction.]) dnl AC_DEFINE([UDEV], [3], [Operating system underlying generator.]) AC_DEFINE([WCGR], [4], [Use Windows' CryptGenRandom.]) -dnl Relic (BN): Options for the multiple precision -AC_DEFINE([SINGLE], [1], [A multiple precision integer can store w words.]) -AC_DEFINE([CARRY], [2], [A multiple precision integer can store the result of an addition.]) -AC_DEFINE([DOUBLE], [3], [A multiple precision integer can store the result of a multiplication.]) +dnl Relic (PP): Extension field arithmetic +dnl AC_DEFINE([BASIC], [1], [Basic extension field arithmetic.]) +AC_DEFINE([LAZYR], [2], [Lazy-reduced extension field arithmetic.]) -AC_DEFINE([BASIC], [1], [Basic method.]) -AC_DEFINE([PRIME], [1], [Prime curves.]) +dnl Relic (PP): Pairing computation AC_DEFINE([TATEP], [1], [Tate pairing.]) -AC_DEFINE([COMBA], [2], [Comba method.]) -AC_DEFINE([LEHME], [2], [Lehmer's fast GCD Algorithm.]) -AC_DEFINE([SAFEP], [2], [Safe prime generation.]) -AC_DEFINE([QUICK], [2], [Fast reduction modulo special form prime.]) -AC_DEFINE([BINAR], [2], [Binary inversion.]) -AC_DEFINE([LAZYR], [2], [Lazy-reduced extension field arithmetic.]) -AC_DEFINE([LODAH], [2], [Lopez-Dahab multiplication.]) -AC_DEFINE([SLIDE], [2], [Sliding window modular exponentiation.]) -AC_DEFINE([PROJC], [2], [Projective coordinates.]) -AC_DEFINE([COMBS], [2], [Single-table comb method.]) -AC_DEFINE([TRICK], [2], [Shamir's trick.]) -AC_DEFINE([CHAR2], [2], [Binary curves.]) AC_DEFINE([WEILP], [2], [Weil pairing.]) -AC_DEFINE([MONTY], [3], [Montgomery method.]) -AC_DEFINE([STEIN], [3], [Stein's binary GCD Algorithm.]) -AC_DEFINE([STRON], [3], [Strong prime generation.]) -AC_DEFINE([INTEG], [3], [Integrated modular addtion.]) -AC_DEFINE([INTER], [3], [Interleaving of w-(T)NAFs.]) -AC_DEFINE([ALMOS], [3], [Almost inverse algorithm.]) -AC_DEFINE([JACOB], [3], [Jacobian coordinates.]) -AC_DEFINE([COMBD], [3], [Double-table comb method.]) -AC_DEFINE([HALVE], [3], [Halving.]) -AC_DEFINE([EDDIE], [3], [Edwards curves.]) -AC_DEFINE([EXTND], [3], [Extended projective twisted Edwards coordinates.]) AC_DEFINE([OATEP], [3], [Optimal ate pairing.]) -AC_DEFINE([PMERS], [4], [Pseudo-Mersenne method.]) -AC_DEFINE([MULTP], [4], [Reuse multiplication for squaring.]) -AC_DEFINE([EXGCD], [4], [Extended Euclidean algorithm.]) -AC_DEFINE([LWNAF], [4], [Left-to-right Width-w NAF.]) -AC_DEFINE([JOINT], [4], [Joint sparse form.]) -AC_DEFINE([DIVST], [5], [Constant-time inversion by Bernstein-Yang division steps.]) -AC_DEFINE([ITOHT], [5], [Itoh-Tsuji inversion.]) -AC_DEFINE([LWREG], [5], [Left-to-right Width-w NAF.]) -AC_DEFINE([BRUCH], [6], [Hardware-friendly inversion by Brunner-Curiger-Hofstetter.]) -AC_DEFINE([CTAIA], [7], [Constant-time version of almost inverse.]) -AC_DEFINE([LOWER], [8], [Use implementation provided by the lower layer.]) if test x"$use_debug" = x"yes"; then AC_DEFINE([DEBUG], [1], [Define this symbol if debugging support is enabled]) From 25b6dedad161843a9a02e482371c58617b2fbd3a Mon Sep 17 00:00:00 2001 From: Kittywhiskers Van Gogh <63189531+kwvg@users.noreply.github.com> Date: Fri, 4 Oct 2024 20:00:50 +0000 Subject: [PATCH 2/4] Squashed 'depends/relic/' changes from aecdcae7..4140f28e 4140f28e Indentation. 15f82369 Do not ignore GM8 curves. 0e9da713 Fixing bad batch-rename. 3810062a Now it works! 9c03fcc8 Another try. 26c0d147 More fixes. 60f3dab1 Fix. d0564f82 Cycle counter for Apple M1. 94fc34cc Add support to AArch64. b915b6e7 Merge pull request #249 from fominok/fix-unnecessary-setjmp-include 19b2a6c4 fix: include order 5764793a fix: add ifdef for setjmp include c81ba67f Fix date and formatting. 01ee0d0c Typo. 234a0347 Make lazy reduction less agressive. 9a328da1 Add script to iterate through all pairing configurations. 472ee41b Limit extension degree to test/benchmark, generalize extension field arithmetic a bit. 2ffceecc Reach a better middle-ground. 4674dbd3 Simplify code further by removing corner cases. 1226cf51 Remove deprecated piece of ASM. 8082337c One missing place. dc5ec29f Remove fp2_mulc_low() to simplify code and obtain performance. 72657a6c Fix silly bug in reading char 2 polys. 249bfa0e Reduce code duplication in string parsing. 97556e0d Small speedup. d3ea4ceb Bug fix. 109d4422 Make CMLHS more flexible and more const for signature schemes. f506551d Adjust CMLHS benchmarking. 15f035ee Fix padding issue in benchmarks. 877a7b97 Remove printing artifact. d57ec586 Update demo program. 258a52f0 Add type casts. c0d6e3bf Adjust API update. e605e8b9 Make membership test in G2 more conservative. 8ec2d24a Add SSS benchmarks and adjust Lagrange prototypes. 329c83f5 Handle case when g2 == 0, next do it in constant time. fdd77ad4 Throw error when trying to invert 0. 83502818 Now fix for encryption. be9c2632 Bump library version. eb559cd8 Fix BC sign error. 40f24f01 Fix compile error. a73e819c Add extra checks for division by zero. d7dcb228 Better comment. df6c55ee Faster subgroup membership tests. ce57d38b More const stuff. f4333169 Fix prototype. f1ab6d9e Fix const issues. d5d86887 Use const and size_t more. 978420c2 Merge pull request #226 from jgdumas/rand_constmod b15b94d8 Update makefile. a955e8cf Add preset and fix comments. e36acde8 Merge branch 'main' into rand_constmod 830506d2 Merge pull request #240 from tarakby/permute-optimize 695ed3f1 fix the loop end 3fe3bb8f merge array initialization with permutation 4fdc29ba Reverting due to API issues with compression. 1e420db4 Added BLS12-317 curve. ceb475bc One more test for BGN. cd5ded73 Fix referencing on EP4. 260c379c Remove dependence on fp4_sub_dig(). 4dd709b6 Minor touches to preset and EP4. 62fc88dc Add missing stuff to LABEL support. be47a13b Add missing function for LABEL support. 26cb4d1b Faster final exponentiation for BLS24 curves. f2c65889 Minor adjustments. 7797e082 Added BLS24-315 curve and refactoring of backends. 77880ada Fix comment for precision. 700d0d3c Define missing macro. c2c2ad25 Slightly faster final exponentiation in BLS12. c65ae21a Add BLS12-377 curve. 417c5c55 Handle negative values better and add tests (closes #237 again) 70874a48 Reduce restrictions for modular reduction. 24226360 Handle corner cases with negative moduli better (closes #237) f7ea6d64 Handle negative inputs correctly in Lehmer's GCD (close #236). 277a4f02 Parse negative zero correctly (closes #235). 77c37c65 Make linking hacks Mac-specific. c71eaf25 Hardcoded link library path (Mac OS X is weird). 5e5f2c63 Restore OpenMP library linking. b0356fed Add hardcoded include dir. 22969590 Update multi for MacOS. 821d03a8 One more fix. 8c35f31c Fix silly bug in memory alloc. 6d776c73 Fixed memory allocation problem. 8956634c Revert bad idea of moving asm macro here. 1f349b1d Faster `ep2_mul_sim()` using signed representation. a54febf0 PSI optimizaitons. 3e57eba8 Fix free. 90de7630 Switch to dynamic allocation. c34f9709 Better formatting. 6f0de20b Simpler implementation by hardcoding CRS in both sender/receiver. e535105e Only warmup if running multiple benchmarks. 128a11a3 Include parameters from file. f2461dd1 Add one-shot benchmarks. dffc0a86 Further adjustment to the PSI API. 051c7768 Fix Makefile. b10c4761 Add Makefile for demo. 544a0dff Better formatting for PSI benchmarks and new demo. 32eadbdc Avoid cheating on the receiver side. 49bfcaf7 Restoring. eee15016 Trying brew now. d8c85b1f Typo 81365298 Change MacOS environment. 432842d8 Fix compiler switch for Mac OS X. 36f6d932 Trying again. 8d77cf3f Windows is fixed, now Mac OS X. 99a20984 Another attempt at fixing OpenMP in Windows+MAC OS X. fab8e8f2 Fix MULTI=PTHREAD, remove unnecessary linking libs, try to fix MACOSX. 70f2cd66 Uniformize CMake syntax. f4007317 Try again to fix MULTI on Windows. dd3beabc Avoid segmentation faults when core is not initialized. a4e2f865 Better formatting. 3563cb20 Another corner case. f52f80eb Add multithreading target. 384468a2 Fix allocation of intermediate value in Barrett. 3465cfbb Renamed rlc_thread for Windows compatibility. 87cb5953 Fall back to long division if input to Barreto reduction is out of bounds. 69cdd9f2 Fix corner case for reduction modulo 0 in #221. 67590b0e Align preset with the rest. 7cc79d68 Merge branch 'main' into rand_constmod b12da5fa Improve multithreading configuration a bit. 2225e601 Move global pointer to context. 4d2c2b40 Uniformize SHI-PSI and RSA-PSI rounds and statistical security. 7ef3af9e Minor speedups. 0594e94c Refactor CRT support. 7a9ec0f8 Simplify code when e = NULL. bfa06d2f Another try. 94e5653d Minor refactoring of GCD config/algorithms. 47bb7e61 Avoid overflow in bn_rand_mod(). 280b1425 Memory bugs. 1c3d0e92 Memory fix. 180b6892 Update label support. a483dfc7 Restore tests. e3a1af19 Add SHI-PSI protocol, fix tests/benchmarks. 4b7ea245 Implement SHI-PSI protocol. 0e2c4099 Implement permutation within PSI protocols. 58e5c939 Add permutation generation algorithm. f4f840db Better error handling. 1738af46 Better error handling. b15ba275 More accumulator-based PSI protocols. b4088e48 Remove compilation warnings. fa52ec13 put bac kconst on _add 239ee3ae Merge branch 'main' into rand_constmod a019a5ef Measure new function as well. c72e80ec Add homomorphic addition function to PHPE. 9db54243 Allow SSS with threshold of 2. e927c68e Merge branch 'main' into rand_constmod af77aefa Identation. 0a193b72 Restore benchmarks. 70ca8223 Swap G1 and G2 in Laconic PSI protocol. 8355662d Make WITH=ALL. 6d6d289f Merge branch 'main' into rand_constmod 02913670 Minor polish. addd1f26 Fix Shamir's Secret Sharing and memory alloc issue in ETRS. 6e05783c Merge branch 'main' into rand_constmod 526e295c Large rename to match library standard. 37714c3f Minor adjustments to tests. a3875035 Reorganize implementation to use the crt_t type and save some lines of code. 1b782d01 Added first version of Shamir's Secret Sharing. 0a03f11a _print/_size const e3ad5def _low const f822fbeb oups one const too much d762fe6b _fpx const !!! 00200c9e _enc /_dec const 75b6cbf0 print cmp const fce082f1 is_infty const 48e6f001 more const _mul a223bc4e const _mul 434b1ad5 const _add f377c5a6 const in _map 0e6218cf const in cmp/copy a7d78dc6 more const in g?_mul/exp bfcc28fe more const be5c72a6 modulus should be const in rand_mod? 211c3b9d Merge pull request #225 from jgdumas/shpe ba1806ea forgot ->g 6bb15578 inverted p <--> q 1975412f test divisibility in gen factor prime cea524e3 lower case dce585ef put back "protocols from ECC" 6ce0271c Merge branch 'main' into shpe 19bea45f Subgroup Paillier Cryptosystem, bench and test b3776b79 Merge pull request #224 from jgdumas/phpe 0e8509f1 start cp_shpe 198dbec9 comment in include now 3433feb2 bn_gen_factor_prime in header 74209819 Prime generation with prime factor of (p-1) b969060e comment 3fc3232e If g=1+n, save one of the two exponentiations of phpe encryption 394b3d78 With g=1+n, dp and dq can be computed without any exponentiations This should be faster 058a73c9 Test also gt_exp_gen 6309986f Adjust Bezout coefficients and tweak the algorithm (closes #223) fe61f2f9 Hope it's correct now. 9e523429 Fix endos again. 0775da6e Memory issue. 8736a422 Fix endormorphisms. 1f30423e Fix presets. 35ab6d73 Remove these, as they are not needed anymore. 98e4f129 Refactor of Lagrande interpolation. 3350fbfd Minor speedup with simultaneous inversion. 6c18368b Handle upper/lower case in backends a bit better. 1009a1c2 Remove warnings. dea2a3a4 Fix compilation issue. cffbdae9 Simplify subgroup membership tests. 202d9fd2 Several optimizations for ED module and ETRS scheme. bf371297 Merge pull request #219 from Fuzzbawls/2022_remove-redundant-decls ddaeb28a Remove redundant declarations in relic_fpx.h 97081d11 Minor speedup in LaPSI with cool trick on the exponent. 4107d14c Update LABEL support. 499a65a1 Better test and fixed memm alloc issue for PSI. bbe8963e Memory allocation issue. a3533dde Addind pairing-based PSI protocol. e1b388a0 Trim bn_t at the end of copy. 8930b261 Restore benchmarks. e9c681ab Fix bugs in EXTND coordinate system. 49b2a0d1 Respect STRIP. a953d385 Fix symbol name. 5260f210 Build with stripping enabled. 4848f27d Fix problems with compression and blinding on EDDIE. e4dd23d3 Remove redundant assignment. 50935c18 One more fix for EDDIE. 01433d7f Do not zero buffers without need. 2601df77 Make EDDIE compile with STRIP again. 6d29b274 Share more code between jumpdivstep inversion/symbol. 0f4a481f Refactoring of jumpdivstep inversion/symbol to share code. f333841c Add missing present. cb488ee4 Fix preset. 842cb1f8 Giving up again, problem is with GNU as and our macros. 970fac17 Trying again... 5d26c6a8 Fix typo. eb09222d Another attempt at MacOS integration. 83090950 Merge pull request #216 from feandalo/patch-1 64a5e5e0 Update README.md c56f2cc3 Remove MacOS for a while due to GCC shenanigans. 4a5b2527 Trying another compiler for MacOS. 052c1bf6 Fix artifact of the previous merge. f8431f32 Fix syntax. 7d269435 Reorder CMake commands to see if config works. bb278393 Merge pull request #215 from relic-toolkit/symbol 30f5b659 Fix signal on symbol computation as well. 9a001ec7 Fix for small limb sizes. 896022b3 Formatting. 2f081928 Fixed another bug in bn_mul2_low(). 0c50b590 Another bug fixed. a54c32c5 Fix carry issue in shifting functions. 06cff1fa Update LABEL support with new symbol functions. 37af1f4a Clarify this little hack. 0fce7d3f Merge branch 'main' into symbol 5ffc7f8c Fix bugs with divstep config and return value. 536422ad Update interface of the BN symbol functions. c274e2b2 Update presets to complete configuration. 6c046a07 Better formatting. e7a15a36 Remove compilation warning. 11592073 Add more missing files for Legendre. 6a2d8b9b Benchmark missing algorithm. f5f36c07 Add another missing file, fix dates. b7bbfa11 Fix default low-level implementation of Legendre. a545d806 Add missing file. f21d15ca Refactor configuration to include Legendre symbol, improve tests/bench. d4747b69 Remove warning. 0b49c334 Fixed bug when prime is close to power of 2. b06d27e5 Fix documentation of EP methods. 63aa2e29 Bump version for new future release. a269b6db Fix allocation issue. 4ae9c899 Adjust batch size. 66993770 Simplify API and optimize constant-time execution. e3f82e36 Rename workflow run. 0be5e47d Remove warning. df5ce77a Restore commented out function. f1688dd4 Replace dbl_t type with macros. ab40d2f6 Fix typo. 24602b1b Add missing tests, label and benchmarks. bb5a5dba Refactor divstep-based inversion. 1c6ef422 Fix type. 975573ee New jacobi symbol algorithm. acdcf436 Merge pull request #213 from lorenzcat/main 3ab3a08f Fix NETBSD definition 260c9f8b More bug fixes involving inputs/outputs and corner cases for scalars. ecaf98f9 Fix regression. 72e5652a Improve coverage of corner cases in tests. a001e3e0 Simplify handling of scalars out of bounds. 7bc1d747 Make outputs independent of inputs. 156156a5 Fix sign bug in ep2_mul_sim_lot(). 729bbc18 Fix LABEL and add GH Action for detecting regressions. a33d45bd Add SMLERS. dc851e38 Better printing. cb2075dd Simplify code. 06f30d89 Update demo. edd1aa0c Fix more. 89609c9e Fix compile error. cf3a82a7 Add SMLERS and generalize SoK protocol. 64523296 Add bn_mod_inv_sim(), tests and benchmarks. 42790a02 Fix for ED module. 7a80c3e2 Improve documentation and flexibility of ep_mul_sim_lot(). edf5bd94 Merge branch 'main' of github.com:relic-toolkit/relic 804e5b7f Fix compile error with LABEL. 46742aef Add new algorithm. 2f0273c5 Minor fixes. f49ae035 More conservative optimization. 7fb584fa Add new symbol computations, more work to be done on the API. git-subtree-dir: depends/relic git-subtree-split: 4140f28e9acb19081f522fe5595d3ddd769ee686 --- .github/workflows/bls12-381.yml | 13 +- .github/workflows/label.yml | 97 ++ .github/workflows/multi.yml | 104 ++ .indent.pro | 3 + CMakeLists.txt | 38 +- README.md | 2 +- bench/bench_bn.c | 167 ++- bench/bench_cp.c | 367 ++++- bench/bench_ed.c | 87 +- bench/bench_epx.c | 12 +- bench/bench_fp.c | 51 + bench/bench_fpx.c | 16 +- bench/bench_mpc.c | 64 +- bench/bench_pc.c | 9 +- cmake/arch.cmake | 11 +- cmake/bn.cmake | 4 +- cmake/ep.cmake | 9 +- cmake/fp.cmake | 30 +- demo/cert-input/test-bench.c | 24 +- demo/ers-etrs/Makefile | 2 +- demo/ers-etrs/test-bench.c | 119 +- demo/link-test/Makefile | 6 +- demo/psi-client-server/Makefile | 15 + demo/psi-client-server/params.h | 4 + demo/psi-client-server/receiver.c | 223 +++ demo/psi-client-server/sender.c | 154 ++ demo/psi-client-server/test-bench.c | 208 +++ demo/public-stats/Makefile | 8 +- demo/public-stats/main.c | 53 +- include/low/relic_bn_low.h | 25 + include/low/relic_fp_low.h | 8 + include/low/relic_fpx_low.h | 55 +- include/relic_bc.h | 8 +- include/relic_bench.h | 4 +- include/relic_bn.h | 175 ++- include/relic_conf.h.in | 31 +- include/relic_core.h | 19 +- include/relic_cp.h | 1312 +++++++++++------ include/relic_dv.h | 2 +- include/relic_ec.h | 11 + include/relic_ed.h | 13 +- include/relic_ep.h | 21 +- include/relic_epx.h | 210 +-- include/relic_err.h | 10 +- include/relic_fbx.h | 10 +- include/relic_fp.h | 79 + include/relic_fpx.h | 676 +++++---- include/relic_label.h | 396 ++++- include/relic_mpc.h | 57 +- include/relic_multi.h | 12 +- include/relic_pc.h | 32 +- include/relic_pp.h | 106 +- include/relic_types.h | 1 + include/relic_util.h | 15 + preset/ardue-ecc-128k.sh | 3 + preset/ardue-pbc-bn254.sh | 2 +- preset/arm-pbc-bn254.sh | 2 +- preset/armdroid-pbc-bn254.sh | 2 +- preset/armduino-ecc-128k.sh | 2 +- preset/armega-pbc-bn254.sh | 2 +- preset/armios-pbc-bn254.sh | 2 +- preset/avr-ecc-80k.sh | 2 +- preset/avr-pbc-80.sh | 2 +- preset/fiat-pbc-bls381.sh | 4 +- preset/gmp-ecc-128.sh | 2 +- preset/gmp-ecc-tweedledum.sh | 4 +- preset/gmp-pbc-bls381.sh | 2 +- preset/gmp-pbc-bn254.sh | 2 +- preset/gmp-pbc-ss1536.sh | 4 +- preset/msp-ecc-128.sh | 2 +- preset/msp-ecc-128k.sh | 2 +- preset/msp-ecc-80.sh | 2 +- preset/msp-ecc-80k.sh | 2 +- preset/msp-pbc-bn158.sh | 2 +- preset/msp-pbc-bn254.sh | 2 +- preset/x64-ecc-128.sh | 4 +- preset/x64-pbc-bls12-377.sh | 2 + preset/x64-pbc-bls12-381.sh | 2 +- preset/x64-pbc-bls12-446.sh | 2 +- preset/x64-pbc-bls12-455.sh | 2 +- preset/x64-pbc-bls12-638.sh | 2 +- preset/x64-pbc-bls24-315.sh | 2 + preset/x64-pbc-bls24-317.sh | 2 + preset/x64-pbc-bls24-509.sh | 2 +- preset/x64-pbc-bls48-575.sh | 2 +- preset/x64-pbc-bn254.sh | 2 +- preset/x64-pbc-bn382.sh | 2 +- preset/x64-pbc-bn446.sh | 2 +- src/CMakeLists.txt | 84 +- src/arch/relic_arch_a64.c | 236 +++ src/arch/relic_arch_x64.c | 24 +- src/arch/relic_arch_x86.c | 23 +- src/bc/relic_bc_aes.c | 27 +- src/bn/relic_bn_gcd.c | 137 +- src/bn/relic_bn_inv.c | 49 +- src/bn/relic_bn_lag.c | 95 ++ src/bn/relic_bn_mod.c | 132 +- src/bn/relic_bn_mxp.c | 104 +- src/bn/relic_bn_prime.c | 42 +- src/bn/relic_bn_rec.c | 17 +- src/bn/relic_bn_smb.c | 37 +- src/bn/relic_bn_util.c | 4 +- src/cp/relic_cp_bbs.c | 5 +- src/cp/relic_cp_bdpe.c | 7 +- src/cp/relic_cp_bgn.c | 14 +- src/cp/relic_cp_bls.c | 4 +- src/cp/relic_cp_cls.c | 34 +- src/cp/relic_cp_cmlhs.c | 91 +- src/cp/relic_cp_ecdh.c | 2 +- src/cp/relic_cp_ecdsa.c | 6 +- src/cp/relic_cp_ecies.c | 12 +- src/cp/relic_cp_ecmqv.c | 4 +- src/cp/relic_cp_ecss.c | 7 +- src/cp/relic_cp_ers.c | 23 +- src/cp/relic_cp_etrs.c | 203 +-- src/cp/relic_cp_ghpe.c | 7 +- src/cp/relic_cp_ibe.c | 23 +- src/cp/relic_cp_mklhs.c | 32 +- src/cp/relic_cp_mpss.c | 74 +- src/cp/relic_cp_pbpsi.c | 199 +++ src/cp/relic_cp_pcdel.c | 38 +- src/cp/relic_cp_phpe.c | 154 +- src/cp/relic_cp_pok.c | 8 +- src/cp/relic_cp_pss.c | 13 +- src/cp/relic_cp_rabin.c | 10 +- src/cp/relic_cp_rsa.c | 144 +- src/cp/relic_cp_rsapsi.c | 189 +++ src/cp/relic_cp_shipsi.c | 213 +++ src/cp/relic_cp_shpe.c | 233 +++ src/cp/relic_cp_smlers.c | 190 +++ src/cp/relic_cp_sok.c | 67 +- src/cp/relic_cp_sokaka.c | 6 +- src/cp/relic_cp_vbnn.c | 11 +- src/cp/relic_cp_zss.c | 12 +- src/dv/relic_dv_util.c | 2 +- src/eb/relic_eb_norm.c | 3 +- src/ed/relic_ed_add.c | 2 +- src/ed/relic_ed_dbl.c | 5 +- src/ed/relic_ed_mul_sim.c | 58 +- src/ed/relic_ed_norm.c | 4 +- src/ed/relic_ed_util.c | 13 +- src/ep/relic_ep_map.c | 7 +- src/ep/relic_ep_mul.c | 30 +- src/ep/relic_ep_mul_fix.c | 30 +- src/ep/relic_ep_mul_sim.c | 542 ++++--- src/ep/relic_ep_norm.c | 3 +- src/ep/relic_ep_param.c | 149 +- src/ep/relic_ep_util.c | 1 - src/epx/relic_ep2_add.c | 14 +- src/epx/relic_ep2_cmp.c | 2 +- src/epx/relic_ep2_curve.c | 31 +- src/epx/relic_ep2_dbl.c | 10 +- src/epx/relic_ep2_frb.c | 2 +- src/epx/relic_ep2_mul.c | 19 +- src/epx/relic_ep2_mul_cof.c | 14 +- src/epx/relic_ep2_mul_fix.c | 135 +- src/epx/relic_ep2_mul_sim.c | 234 ++- src/epx/relic_ep2_neg.c | 2 +- src/epx/relic_ep2_norm.c | 6 +- src/epx/relic_ep2_pck.c | 4 +- src/epx/relic_ep2_util.c | 18 +- src/epx/relic_ep4_add.c | 14 +- src/epx/relic_ep4_cmp.c | 2 +- src/epx/relic_ep4_curve.c | 67 +- src/epx/relic_ep4_dbl.c | 10 +- src/epx/relic_ep4_frb.c | 2 +- src/epx/relic_ep4_map.c | 2 +- src/epx/relic_ep4_mul.c | 18 +- src/epx/relic_ep4_mul_cof.c | 2 +- src/epx/relic_ep4_mul_fix.c | 22 +- src/epx/relic_ep4_mul_sim.c | 30 +- src/epx/relic_ep4_neg.c | 2 +- src/epx/relic_ep4_norm.c | 6 +- src/epx/relic_ep4_util.c | 40 +- src/fb/relic_fb_util.c | 47 +- src/fbx/relic_fb2_inv.c | 2 +- src/fbx/relic_fb2_mul.c | 5 +- src/fbx/relic_fb2_slv.c | 2 +- src/fbx/relic_fb2_sqr.c | 2 +- src/fp/relic_fp_inv.c | 366 ++++- src/fp/relic_fp_param.c | 42 + src/fp/relic_fp_prime.c | 45 +- src/fp/relic_fp_smb.c | 326 ++++ src/fpx/relic_fp12_mul.c | 42 +- src/fpx/relic_fp12_sqr.c | 14 +- src/fpx/relic_fp18_mul.c | 10 +- src/fpx/relic_fp18_sqr.c | 6 +- src/fpx/relic_fp24_mul.c | 69 +- src/fpx/relic_fp24_sqr.c | 14 +- src/fpx/relic_fp2_mul.c | 12 +- src/fpx/relic_fp2_sqr.c | 4 +- src/fpx/relic_fp3_mul.c | 8 +- src/fpx/relic_fp3_sqr.c | 4 +- src/fpx/relic_fp48_mul.c | 8 +- src/fpx/relic_fp48_sqr.c | 12 +- src/fpx/relic_fp4_mul.c | 29 +- src/fpx/relic_fp4_sqr.c | 6 +- src/fpx/relic_fp54_mul.c | 8 +- src/fpx/relic_fp54_sqr.c | 12 +- src/fpx/relic_fp6_mul.c | 37 +- src/fpx/relic_fp6_sqr.c | 23 +- src/fpx/relic_fp8_mul.c | 19 +- src/fpx/relic_fp8_sqr.c | 8 +- src/fpx/relic_fp9_mul.c | 10 +- src/fpx/relic_fp9_sqr.c | 6 +- src/fpx/relic_fpx_add.c | 100 +- src/fpx/relic_fpx_cmp.c | 44 +- src/fpx/relic_fpx_cyc.c | 143 +- src/fpx/relic_fpx_exp.c | 32 +- src/fpx/relic_fpx_field.c | 11 +- src/fpx/relic_fpx_frb.c | 24 +- src/fpx/relic_fpx_inv.c | 48 +- src/fpx/relic_fpx_pck.c | 24 +- src/fpx/relic_fpx_srt.c | 9 +- src/fpx/relic_fpx_util.c | 108 +- src/low/easy/relic_bn_div_low.c | 4 +- src/low/easy/relic_bn_mul_low.c | 27 + src/low/easy/relic_bn_shift_low.c | 16 + src/low/easy/relic_bn_sqr_low.c | 7 +- src/low/easy/relic_fp_smb_low.c | 65 + src/low/easy/relic_fpx_mul_low.c | 44 +- src/low/easy/relic_fpx_sqr_low.c | 20 +- src/low/gmp-sec/relic_bn_mul_low.c | 18 + src/low/gmp-sec/relic_bn_shift_low.c | 13 + src/low/gmp-sec/relic_fp_add_low.c | 4 +- src/low/gmp/relic_bn_mul_low.c | 18 + src/low/gmp/relic_bn_shift_low.c | 13 + src/low/gmp/relic_fp_add_low.c | 8 +- .../CMakeLists.txt | 0 src/low/{x64-asm-638 => x64-asm-10l}/macro.s | 0 .../relic_fp_add_low.s | 0 .../relic_fp_mul_low.c | 0 .../relic_fp_mul_low.s | 0 .../relic_fp_rdc_low.c | 0 .../relic_fp_rdc_low.s | 0 .../relic_fp_sqr_low.c | 0 .../relic_fpx_rdc_low.c | 0 .../relic_fpx_rdc_low.s | 0 src/low/x64-asm-455/relic_fp_inv_low.s | 296 ---- src/low/x64-asm-4l/relic_fpx_mul_low.c | 4 +- src/low/x64-asm-4l/relic_fpx_mul_low.s | 133 -- src/low/x64-asm-4l/relic_fpx_sqr_low.c | 4 +- .../CMakeLists.txt | 0 src/low/{x64-asm-455 => x64-asm-5l}/macro.s | 106 +- .../relic_fp_add_low.s | 486 ++---- .../relic_fp_inv_low.c | 0 .../relic_fp_mul_low.c | 1 - .../relic_fp_mul_low.s | 5 +- .../relic_fp_rdc_low.c | 0 .../relic_fp_rdc_low.s | 1 + .../relic_fp_shift_low.c | 0 .../relic_fp_shift_low.s | 22 +- src/low/x64-asm-5l/relic_fp_smb_low.c | 67 + .../relic_fp_sqr_low.c | 0 src/low/x64-asm-6l/macro.s | 10 +- src/low/x64-asm-6l/relic_fp_smb_low.c | 67 + .../CMakeLists.txt | 0 src/low/{x64-asm-446 => x64-asm-7l}/macro.s | 0 .../relic_fp_add_low.s | 0 .../relic_fp_inv_low.c | 0 .../relic_fp_inv_low.s | 0 .../relic_fp_mul_low.c | 0 .../relic_fp_mul_low.s | 0 .../relic_fp_rdc_low.c | 0 .../relic_fp_rdc_low.s | 0 .../relic_fp_shift_low.c | 0 .../relic_fp_shift_low.s | 0 .../relic_fp_sqr_low.c | 0 .../CMakeLists.txt | 0 src/low/{x64-asm-544 => x64-asm-8.5l}/macro.s | 0 .../relic_fp_add_low.s | 0 .../relic_fp_mul_low.c | 0 .../relic_fp_mul_low.s | 0 .../relic_fp_rdc_low.c | 0 .../relic_fp_rdc_low.s | 0 .../relic_fp_sqr_low.c | 0 .../relic_fpx_add_low.c | 0 .../relic_fpx_mul_low.c | 8 +- .../relic_fpx_rdc_low.c | 0 .../relic_fpx_rdc_low.s | 0 .../relic_fpx_sqr_low.c | 8 +- src/low/x64-asm-8l/macro.s | 12 +- src/low/x64-asm-8l/relic_fp_smb_low.c | 67 + src/low/x64-asm-9l/relic_fp_smb_low.c | 67 + src/mpc/{relic_mt_mpc.c => relic_mpc_mt.c} | 10 +- src/mpc/{relic_pc_mpc.c => relic_mpc_pc.c} | 19 +- src/mpc/relic_mpc_sss.c | 148 ++ src/pc/relic_pc_exp.c | 16 +- src/pc/relic_pc_util.c | 107 +- src/pp/relic_pp_add_k12.c | 21 +- src/pp/relic_pp_add_k2.c | 6 +- src/pp/relic_pp_add_k24.c | 42 +- src/pp/relic_pp_add_k48.c | 9 +- src/pp/relic_pp_add_k54.c | 8 +- src/pp/relic_pp_add_k8.c | 6 +- src/pp/relic_pp_dbl_k12.c | 8 +- src/pp/relic_pp_dbl_k2.c | 6 +- src/pp/relic_pp_dbl_k24.c | 42 +- src/pp/relic_pp_dbl_k48.c | 4 +- src/pp/relic_pp_dbl_k54.c | 4 +- src/pp/relic_pp_dbl_k8.c | 10 +- src/pp/relic_pp_exp_k12.c | 75 +- src/pp/relic_pp_exp_k24.c | 95 +- src/pp/relic_pp_map_k12.c | 12 +- src/pp/relic_pp_map_k2.c | 8 +- src/pp/relic_pp_map_k24.c | 6 +- src/pp/relic_pp_map_k48.c | 15 +- src/pp/relic_pp_map_k54.c | 14 +- src/pp/relic_pp_map_k8.c | 2 +- src/pp/relic_pp_norm.c | 8 +- src/relic_util.c | 11 + test/test_bn.c | 231 ++- test/test_cp.c | 522 +++++-- test/test_ec.c | 14 +- test/test_ed.c | 472 +++--- test/test_ep.c | 82 +- test/test_epx.c | 109 +- test/test_fp.c | 76 + test/test_fpx.c | 41 +- test/test_mpc.c | 84 +- test/test_pc.c | 3 +- ...{relic_gen_label.sh => relic-gen-label.sh} | 13 +- tools/run-pairings.sh | 13 + 323 files changed, 10684 insertions(+), 4918 deletions(-) create mode 100644 .github/workflows/label.yml create mode 100644 .github/workflows/multi.yml create mode 100644 demo/psi-client-server/Makefile create mode 100644 demo/psi-client-server/params.h create mode 100644 demo/psi-client-server/receiver.c create mode 100644 demo/psi-client-server/sender.c create mode 100644 demo/psi-client-server/test-bench.c create mode 100755 preset/ardue-ecc-128k.sh create mode 100755 preset/x64-pbc-bls12-377.sh create mode 100755 preset/x64-pbc-bls24-315.sh create mode 100755 preset/x64-pbc-bls24-317.sh create mode 100644 src/arch/relic_arch_a64.c create mode 100644 src/bn/relic_bn_lag.c mode change 100755 => 100644 src/cp/relic_cp_ecdh.c create mode 100644 src/cp/relic_cp_pbpsi.c create mode 100644 src/cp/relic_cp_rsapsi.c create mode 100644 src/cp/relic_cp_shipsi.c create mode 100644 src/cp/relic_cp_shpe.c create mode 100644 src/cp/relic_cp_smlers.c mode change 100755 => 100644 src/epx/relic_ep2_mul_fix.c create mode 100644 src/fp/relic_fp_smb.c create mode 100644 src/low/easy/relic_fp_smb_low.c rename src/low/{x64-asm-446 => x64-asm-10l}/CMakeLists.txt (100%) rename src/low/{x64-asm-638 => x64-asm-10l}/macro.s (100%) rename src/low/{x64-asm-638 => x64-asm-10l}/relic_fp_add_low.s (100%) rename src/low/{x64-asm-638 => x64-asm-10l}/relic_fp_mul_low.c (100%) rename src/low/{x64-asm-638 => x64-asm-10l}/relic_fp_mul_low.s (100%) rename src/low/{x64-asm-638 => x64-asm-10l}/relic_fp_rdc_low.c (100%) rename src/low/{x64-asm-638 => x64-asm-10l}/relic_fp_rdc_low.s (100%) rename src/low/{x64-asm-455 => x64-asm-10l}/relic_fp_sqr_low.c (100%) rename src/low/{x64-asm-638 => x64-asm-10l}/relic_fpx_rdc_low.c (100%) rename src/low/{x64-asm-638 => x64-asm-10l}/relic_fpx_rdc_low.s (100%) delete mode 100644 src/low/x64-asm-455/relic_fp_inv_low.s rename src/low/{x64-asm-455 => x64-asm-5l}/CMakeLists.txt (100%) mode change 100755 => 100644 rename src/low/{x64-asm-455 => x64-asm-5l}/macro.s (71%) rename src/low/{x64-asm-455 => x64-asm-5l}/relic_fp_add_low.s (51%) rename src/low/{x64-asm-455 => x64-asm-5l}/relic_fp_inv_low.c (100%) rename src/low/{x64-asm-455 => x64-asm-5l}/relic_fp_mul_low.c (95%) rename src/low/{x64-asm-455 => x64-asm-5l}/relic_fp_mul_low.s (93%) rename src/low/{x64-asm-455 => x64-asm-5l}/relic_fp_rdc_low.c (100%) rename src/low/{x64-asm-455 => x64-asm-5l}/relic_fp_rdc_low.s (95%) rename src/low/{x64-asm-455 => x64-asm-5l}/relic_fp_shift_low.c (100%) rename src/low/{x64-asm-455 => x64-asm-5l}/relic_fp_shift_low.s (82%) create mode 100644 src/low/x64-asm-5l/relic_fp_smb_low.c rename src/low/{x64-asm-638 => x64-asm-5l}/relic_fp_sqr_low.c (100%) create mode 100644 src/low/x64-asm-6l/relic_fp_smb_low.c rename src/low/{x64-asm-544 => x64-asm-7l}/CMakeLists.txt (100%) rename src/low/{x64-asm-446 => x64-asm-7l}/macro.s (100%) rename src/low/{x64-asm-446 => x64-asm-7l}/relic_fp_add_low.s (100%) rename src/low/{x64-asm-446 => x64-asm-7l}/relic_fp_inv_low.c (100%) rename src/low/{x64-asm-446 => x64-asm-7l}/relic_fp_inv_low.s (100%) rename src/low/{x64-asm-446 => x64-asm-7l}/relic_fp_mul_low.c (100%) rename src/low/{x64-asm-446 => x64-asm-7l}/relic_fp_mul_low.s (100%) rename src/low/{x64-asm-446 => x64-asm-7l}/relic_fp_rdc_low.c (100%) rename src/low/{x64-asm-446 => x64-asm-7l}/relic_fp_rdc_low.s (100%) rename src/low/{x64-asm-446 => x64-asm-7l}/relic_fp_shift_low.c (100%) rename src/low/{x64-asm-446 => x64-asm-7l}/relic_fp_shift_low.s (100%) rename src/low/{x64-asm-446 => x64-asm-7l}/relic_fp_sqr_low.c (100%) rename src/low/{x64-asm-638 => x64-asm-8.5l}/CMakeLists.txt (100%) rename src/low/{x64-asm-544 => x64-asm-8.5l}/macro.s (100%) rename src/low/{x64-asm-544 => x64-asm-8.5l}/relic_fp_add_low.s (100%) rename src/low/{x64-asm-544 => x64-asm-8.5l}/relic_fp_mul_low.c (100%) rename src/low/{x64-asm-544 => x64-asm-8.5l}/relic_fp_mul_low.s (100%) rename src/low/{x64-asm-544 => x64-asm-8.5l}/relic_fp_rdc_low.c (100%) rename src/low/{x64-asm-544 => x64-asm-8.5l}/relic_fp_rdc_low.s (100%) rename src/low/{x64-asm-544 => x64-asm-8.5l}/relic_fp_sqr_low.c (100%) rename src/low/{x64-asm-544 => x64-asm-8.5l}/relic_fpx_add_low.c (100%) rename src/low/{x64-asm-544 => x64-asm-8.5l}/relic_fpx_mul_low.c (94%) rename src/low/{x64-asm-544 => x64-asm-8.5l}/relic_fpx_rdc_low.c (100%) rename src/low/{x64-asm-544 => x64-asm-8.5l}/relic_fpx_rdc_low.s (100%) rename src/low/{x64-asm-544 => x64-asm-8.5l}/relic_fpx_sqr_low.c (95%) create mode 100644 src/low/x64-asm-8l/relic_fp_smb_low.c create mode 100644 src/low/x64-asm-9l/relic_fp_smb_low.c rename src/mpc/{relic_mt_mpc.c => relic_mpc_mt.c} (91%) rename src/mpc/{relic_pc_mpc.c => relic_mpc_pc.c} (90%) create mode 100644 src/mpc/relic_mpc_sss.c rename tools/{relic_gen_label.sh => relic-gen-label.sh} (96%) create mode 100755 tools/run-pairings.sh diff --git a/.github/workflows/bls12-381.yml b/.github/workflows/bls12-381.yml index dc518a02b..e99f190ac 100644 --- a/.github/workflows/bls12-381.yml +++ b/.github/workflows/bls12-381.yml @@ -34,11 +34,6 @@ jobs: os: ubuntu-latest, cc: "clang", } - - { - name: "MacOS Latest", - os: macos-latest, - cc: "clang", - } steps: - uses: actions/checkout@v2 @@ -70,8 +65,8 @@ jobs: mkdir build cd build cmake -G "MinGW Makefiles" .. - ../preset/x64-pbc-bls12-381.sh . - cmake -DSEED= -DBENCH=0 -DSTBIN=off -DRAND=HASHD . + cmake -DSEED= -DBENCH=0 -DSTBIN=off -DRAND=HASHD .. + ../preset/x64-pbc-bls12-381.sh .. - name: Run CMake (standard) if: ${{ !(runner.os == 'Windows') }} @@ -79,8 +74,8 @@ jobs: run: | mkdir build cd build - ../preset/x64-pbc-bls12-381.sh ../ - cmake -DCMAKE_C_COMPILER=${{ matrix.config.cc }} -DSEED= -DBENCH=0 . + cmake -DCMAKE_C_COMPILER=${{ matrix.config.cc }} -DSEED= -DBENCH=0 .. + ../preset/x64-pbc-bls12-381.sh .. - name: CMake Build run: cmake --build build diff --git a/.github/workflows/label.yml b/.github/workflows/label.yml new file mode 100644 index 000000000..213531326 --- /dev/null +++ b/.github/workflows/label.yml @@ -0,0 +1,97 @@ +name: Basic configuration (LABEL) + +on: + push: + branches: + - '**' # all branches + pull_request: + branches: + - '**' # all branches + +jobs: + build: + name: ${{ matrix.config.name }} + runs-on: ${{ matrix.config.os }} + strategy: + fail-fast: false + matrix: + config: + - { + name: "Windows Latest - MSVC", + artifact: "windows-msvc.tar.xz", + os: windows-latest, + cc: "cl", + } + - { + name: "Windows Latest - MinGW", + artifact: "windows-mingw.tar.xz", + os: windows-latest, + cc: "gcc" + } + - { + name: "Ubuntu Latest - GCC", + artifact: "linux-gcc.tar.xz", + os: ubuntu-latest, + cc: "gcc", + } + - { + name: "Ubuntu Latest - Clang", + artifact: "linux-clang.tar.xz", + os: ubuntu-latest, + cc: "clang", + } + - { + name: "MacOS Latest", + os: macos-latest, + cc: "clang", + } + steps: + - uses: actions/checkout@v2 + + - name: Set Windows enviroment + if: ${{ (runner.os == 'Windows') && (matrix.config.cc == 'cl') }} + uses: ilammy/msvc-dev-cmd@v1 + + - name: Set MinGW enviroment + if: ${{ (runner.os == 'Windows') && (matrix.config.cc == 'gcc') }} + uses: msys2/setup-msys2@v2 + with: + msystem: MINGW64 + install: >- + git + base-devel + gcc + cmake + update: true + + - name: Run CMake (Win) + if: ${{ (runner.os == 'Windows') && (matrix.config.cc == 'cl') }} + shell: bash + run: | + mkdir build + cd build + cmake -DLABEL=default -DSEED= -DBENCH=0 -G "NMake Makefiles" .. + + - name: Run CMake (MingW) + if: ${{ (runner.os == 'Windows') && (matrix.config.cc == 'gcc') }} + shell: bash + run: | + mkdir build + cd build + cmake -DLABEL=default -DSEED= -DBENCH=0 -G "MinGW Makefiles" .. + + - name: Run CMake (standard) + if: ${{ !(runner.os == 'Windows') }} + shell: bash + run: | + mkdir build + cd build + cmake -DCMAKE_C_COMPILER=${{ matrix.config.cc }} -DSEED= -DBENCH=0 .. + + - name: CMake Build + run: cmake --build build + + - name: CMake Test + run: | + cd build + ctest --verbose . diff --git a/.github/workflows/multi.yml b/.github/workflows/multi.yml new file mode 100644 index 000000000..9099b1e80 --- /dev/null +++ b/.github/workflows/multi.yml @@ -0,0 +1,104 @@ +name: Multithreading configuration + +on: + push: + branches: + - '**' # all branches + pull_request: + branches: + - '**' # all branches + +jobs: + build: + name: ${{ matrix.config.name }} + runs-on: ${{ matrix.config.os }} + strategy: + fail-fast: false + matrix: + config: + - { + name: "Windows Latest - MSVC", + artifact: "windows-msvc.tar.xz", + os: windows-latest, + cc: "cl", + } + - { + name: "Windows Latest - MinGW", + artifact: "windows-mingw.tar.xz", + os: windows-latest, + cc: "gcc" + } + - { + name: "Ubuntu Latest - GCC", + artifact: "linux-gcc.tar.xz", + os: ubuntu-latest, + cc: "gcc", + } + - { + name: "Ubuntu Latest - Clang", + artifact: "linux-clang.tar.xz", + os: ubuntu-latest, + cc: "clang", + } + - { + name: "MacOS Latest", + os: macos-latest, + cc: "clang", + } + steps: + - uses: actions/checkout@v2 + + - name: Set Windows enviroment + if: ${{ (runner.os == 'Windows') && (matrix.config.cc == 'cl') }} + uses: ilammy/msvc-dev-cmd@v1 + + - name: Set MinGW enviroment + if: ${{ (runner.os == 'Windows') && (matrix.config.cc == 'gcc') }} + uses: msys2/setup-msys2@v2 + with: + msystem: MINGW64 + install: >- + git + base-devel + gcc + cmake + update: true + + - name: Set MacOS enviroment + if: ${{ (runner.os == 'MacOS') && (matrix.config.cc == 'clang') }} + shell: bash + run: | + curl -O https://mac.r-project.org/openmp/openmp-13.0.0-darwin21-Release.tar.gz + sudo tar fvxz openmp-*.tar.gz -C / + + - name: Run CMake (Win) + if: ${{ (runner.os == 'Windows') && (matrix.config.cc == 'cl') }} + shell: bash + run: | + mkdir build + cd build + cmake -DSEED= -DBENCH=0 -DCORES=2 -DMULTI=OPENMP -G "NMake Makefiles" .. + + - name: Run CMake (MingW) + if: ${{ (runner.os == 'Windows') && (matrix.config.cc == 'gcc') }} + shell: bash + run: | + mkdir build + cd build + cmake -DSEED= -DBENCH=0 -DCORES=2 -DMULTI=OPENMP -G "MinGW Makefiles" .. + + - name: Run CMake (standard) + if: ${{ !(runner.os == 'Windows') }} + shell: bash + run: | + mkdir build + cd build + cmake -DCMAKE_C_COMPILER=${{ matrix.config.cc }} -DSEED= -DBENCH=0 -DCORES=2 -DMULTI=OPENMP .. + + - name: CMake Build + run: cmake --build build + + - name: CMake Test + run: | + cd build + ctest --verbose . diff --git a/.indent.pro b/.indent.pro index 3fa50ae4f..a10fb29b5 100644 --- a/.indent.pro +++ b/.indent.pro @@ -62,3 +62,6 @@ -T dis_t -T rsa_pub_t -T rsa_prv_t +-T ers_t +-T etrs_t +-T smlers_t diff --git a/CMakeLists.txt b/CMakeLists.txt index db5a62507..ae16cfb5b 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -5,7 +5,7 @@ endif() project(RELIC C CXX) set(PROJECT_VERSION_MAJOR "0") -set(PROJECT_VERSION_MINOR "5") +set(PROJECT_VERSION_MINOR "7") set(PROJECT_VERSION_PATCH "0") set(PROJECT_VERSION "${PROJECT_VERSION_MAJOR}.${PROJECT_VERSION_MINOR}.${PROJECT_VERSION_PATCH}") set(VERSION ${PROJECT_VERSION}) @@ -150,7 +150,11 @@ set(BENCH "100" CACHE STRING "Number of times each benchmark is ran.") set(TESTS "100" CACHE STRING "Number of times each test is ran.") # Number of cores. -set(CORES "1" CACHE STRING "Number of available processor cores.") +set(CORES "1" CACHE STRING "Number of processor cores available to the library.") + +if(NOT CORES STREQUAL "1" AND NOT MULTI) + set(MULTI OPENMP) +endif() # Choose the arithmetic backend. set(ARITH "easy" CACHE STRING "Arithmetic backend") @@ -249,7 +253,7 @@ else() if(DEBUG) if (MSVC) set(DFLAGS "/Z7") - else () + else() set(DFLAGS "-ggdb") endif() endif() @@ -260,13 +264,29 @@ if(AUSAN) set(DFLAGS "${DFLAGS} -ggdb -fsanitize=address -fsanitize=undefined") endif() +# Find OpenMP if(MULTI STREQUAL OPENMP) if (MSVC) set(CFLAGS "${CFLAGS} /openmp") - else () + else() + if (OPSYS STREQUAL MACOSX AND CMAKE_C_COMPILER_ID MATCHES "Clang") + include_directories("/usr/local/include") + link_directories("/usr/local/lib") + set(OpenMP_C "${CMAKE_C_COMPILER}") + set(OpenMP_C_FLAGS "-fopenmp=libomp -Wno-unused-command-line-argument") + set(OpenMP_C_LIB_NAMES "libomp" "libgomp" "libiomp5") + set(OpenMP_CXX "${CMAKE_CXX_COMPILER}") + set(OpenMP_CXX_FLAGS "-fopenmp=libomp -Wno-unused-command-line-argument") + set(OpenMP_CXX_LIB_NAMES "libomp" "libgomp" "libiomp5") + set(OpenMP_libomp_LIBRARY ${OpenMP_C_LIB_NAMES}) + set(OpenMP_libgomp_LIBRARY ${OpenMP_C_LIB_NAMES}) + set(OpenMP_libiomp5_LIBRARY ${OpenMP_C_LIB_NAMES}) + set(CFLAGS "${CFLAGS} -Xclang -fopenmp") + else() + set(CFLAGS "${CFLAGS} -fopenmp") + endif() find_package(OpenMP REQUIRED) - set(CFLAGS "${CFLAGS} -fopenmp") - endif () + endif() set(MULTI "OPENMP" CACHE STRING "Multithreading interface") else() if(MULTI STREQUAL PTHREAD) @@ -300,11 +320,13 @@ set(CMAKE_EXE_LINKER_FLAGS "${LFLAGS}") message(STATUS "Compiler flags: ${CMAKE_C_FLAGS}") message(STATUS "Linker flags: ${CMAKE_EXE_LINKER_FLAGS}") +set(ARITH_COPY ${ARITH}) string(TOUPPER ${ARITH} ARITH) +string(REPLACE "-" "_" ARITH ${ARITH}) configure_file(${CMAKE_CURRENT_SOURCE_DIR}/include/relic_conf.h.in ${CMAKE_CURRENT_BINARY_DIR}/include/relic_conf.h @ONLY) -message(STATUS "Configured ${CMAKE_CURRENT_SOURCE_DIR}/include/relic_conf.h.in") -string(TOLOWER ${ARITH} ARITH) +message(STATUS "Configured ${CMAKE_CURRENT_SOURCE_DIR}/include/relic_conf.h.in with backend " ${ARITH_COPY}) +set(ARITH ${ARITH_COPY}) if (LABEL) set(RELIC "relic_${LABEL}") diff --git a/README.md b/README.md index 9fa6d01b2..c4f3f258b 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -![](https://github.com/relic-toolkit/relic/blob/master/art/rlc_logo.png) +![](https://github.com/relic-toolkit/relic/blob/c56f2cc3529da824e76974ccb5d74cb4ff6cdec7/art/rlc_logo.png) ===== [![Project stats](https://www.openhub.net/p/relic-toolkit/widgets/project_thin_badge.gif)](https://www.openhub.net/p/relic-toolkit) diff --git a/bench/bench_bn.c b/bench/bench_bn.c index 5747351eb..64c977037 100644 --- a/bench/bench_bn.c +++ b/bench/bench_bn.c @@ -281,21 +281,26 @@ static void util(void) { } static void arith(void) { - bn_t a, b, c, d, e; + bn_t a, b, c, d[3], e[3]; + crt_t crt; dig_t f; int len; bn_null(a); bn_null(b); bn_null(c); - bn_null(d); - bn_null(e); + crt_null(crt); bn_new(a); bn_new(b); bn_new(c); - bn_new(d); - bn_new(e); + for (int j = 0; j < 3; j++) { + bn_null(d[j]); + bn_null(e[j]); + bn_new(d[j]); + bn_new(e[j]); + } + crt_new(crt); BENCH_RUN("bn_add") { bn_rand(a, RLC_POS, RLC_BN_BITS); @@ -433,7 +438,7 @@ static void arith(void) { BENCH_RUN("bn_div_rem") { bn_rand(a, RLC_POS, 2 * RLC_BN_BITS - RLC_DIG / 2); bn_rand(b, RLC_POS, RLC_BN_BITS); - BENCH_ADD(bn_div_rem(c, d, a, b)); + BENCH_ADD(bn_div_rem(c, d[0], a, b)); } BENCH_END; @@ -483,9 +488,9 @@ static void arith(void) { if (bn_is_even(b)) { bn_add_dig(b, b, 1); } - bn_mod_pre(d, b); + bn_mod_pre(d[0], b); #endif - BENCH_ADD(bn_mod(c, a, b, d)); + BENCH_ADD(bn_mod(c, a, b, d[0])); } BENCH_END; @@ -501,7 +506,7 @@ static void arith(void) { #if BN_MOD == BARRT || !defined(STRIP) BENCH_RUN("bn_mod_pre_barrt") { bn_rand(b, RLC_POS, RLC_BN_BITS); - BENCH_ADD(bn_mod_pre_barrt(d, b)); + BENCH_ADD(bn_mod_pre_barrt(d[0], b)); } BENCH_END; #endif @@ -510,8 +515,8 @@ static void arith(void) { BENCH_RUN("bn_mod_barrt") { bn_rand(a, RLC_POS, 2 * RLC_BN_BITS - RLC_DIG / 2); bn_rand(b, RLC_POS, RLC_BN_BITS); - bn_mod_pre_barrt(d, b); - BENCH_ADD(bn_mod_barrt(c, a, b, d)); + bn_mod_pre_barrt(d[0], b); + BENCH_ADD(bn_mod_barrt(c, a, b, d[0])); } BENCH_END; #endif @@ -522,7 +527,7 @@ static void arith(void) { if (bn_is_even(b)) { bn_add_dig(b, b, 1); } - BENCH_ADD(bn_mod_pre_monty(d, b)); + BENCH_ADD(bn_mod_pre_monty(d[0], b)); } BENCH_END; @@ -544,8 +549,8 @@ static void arith(void) { bn_add_dig(b, b, 1); } bn_mod(a, a, b); - bn_mod_pre_monty(d, b); - BENCH_ADD(bn_mod_monty(c, a, b, d)); + bn_mod_pre_monty(d[0], b); + BENCH_ADD(bn_mod_monty(c, a, b, d[0])); } BENCH_END; @@ -557,8 +562,8 @@ static void arith(void) { bn_add_dig(b, b, 1); } bn_mod(a, a, b); - bn_mod_pre_monty(d, b); - BENCH_ADD(bn_mod_monty_basic(c, a, b, d)); + bn_mod_pre_monty(d[0], b); + BENCH_ADD(bn_mod_monty_basic(c, a, b, d[0])); } BENCH_END; #endif @@ -571,8 +576,8 @@ static void arith(void) { bn_add_dig(b, b, 1); } bn_mod(a, a, b); - bn_mod_pre_monty(d, b); - BENCH_ADD(bn_mod_monty_comba(c, a, b, d)); + bn_mod_pre_monty(d[0], b); + BENCH_ADD(bn_mod_monty_comba(c, a, b, d[0])); } BENCH_END; #endif @@ -584,7 +589,7 @@ static void arith(void) { bn_add_dig(b, b, 1); } bn_mod(a, a, b); - bn_mod_pre_monty(d, b); + bn_mod_pre_monty(d[0], b); BENCH_ADD(bn_mod_monty_back(c, c, b)); } BENCH_END; @@ -596,7 +601,7 @@ static void arith(void) { bn_set_2b(b, RLC_BN_BITS); bn_rand(c, RLC_POS, RLC_DIG); bn_sub(b, b, c); - BENCH_ADD(bn_mod_pre_pmers(d, b)); + BENCH_ADD(bn_mod_pre_pmers(d[0], b)); } BENCH_END; @@ -605,8 +610,8 @@ static void arith(void) { bn_set_2b(b, RLC_BN_BITS); bn_rand(c, RLC_POS, RLC_DIG); bn_sub(b, b, c); - bn_mod_pre_pmers(d, b); - BENCH_ADD(bn_mod_pmers(c, a, b, d)); + bn_mod_pre_pmers(d[0], b); + BENCH_ADD(bn_mod_pmers(c, a, b, d[0])); } BENCH_END; #endif @@ -656,12 +661,26 @@ static void arith(void) { BENCH_RUN("bn_mxp_dig") { bn_rand(a, RLC_POS, RLC_BN_BITS); - bn_rand(d, RLC_POS, RLC_DIG); - bn_get_dig(&f, d); + bn_rand(d[0], RLC_POS, RLC_DIG); + bn_get_dig(&f, d[0]); BENCH_ADD(bn_mxp_dig(c, a, f, b)); } BENCH_END; + bn_gen_prime(crt->p, RLC_BN_BITS / 2); + bn_gen_prime(crt->q, RLC_BN_BITS / 2); + bn_mul(crt->n, crt->p, crt->q); + bn_mod_inv(crt->qi, crt->q, crt->p); + bn_sub_dig(crt->dp, crt->p, 1); + bn_sub_dig(crt->dq, crt->q, 1); + BENCH_RUN("bn_mxp_crt") { + bn_rand(c, RLC_POS, RLC_BN_BITS); + bn_mod(a, c, crt->dp); + bn_mod(b, c, crt->dq); + BENCH_ADD(bn_mxp_crt(c, c, a, b, crt, 0)); + } + BENCH_END; + BENCH_RUN("bn_srt") { bn_rand(a, RLC_POS, RLC_BN_BITS); BENCH_ADD(bn_srt(b, a)); @@ -693,11 +712,11 @@ static void arith(void) { BENCH_END; #endif -#if BN_GCD == STEIN || !defined(STRIP) - BENCH_RUN("bn_gcd_stein") { +#if BN_GCD == BINAR || !defined(STRIP) + BENCH_RUN("bn_gcd_binar") { bn_rand(a, RLC_POS, RLC_BN_BITS); bn_rand(b, RLC_POS, RLC_BN_BITS); - BENCH_ADD(bn_gcd_stein(c, a, b)); + BENCH_ADD(bn_gcd_binar(c, a, b)); } BENCH_END; #endif @@ -713,7 +732,7 @@ static void arith(void) { BENCH_RUN("bn_gcd_ext") { bn_rand(a, RLC_POS, RLC_BN_BITS); bn_rand(b, RLC_POS, RLC_BN_BITS); - BENCH_ADD(bn_gcd_ext(c, d, e, a, b)); + BENCH_ADD(bn_gcd_ext(c, d[0], d[1], a, b)); } BENCH_END; @@ -721,7 +740,16 @@ static void arith(void) { BENCH_RUN("bn_gcd_ext_basic") { bn_rand(a, RLC_POS, RLC_BN_BITS); bn_rand(b, RLC_POS, RLC_BN_BITS); - BENCH_ADD(bn_gcd_ext_basic(c, d, e, a, b)); + BENCH_ADD(bn_gcd_ext_basic(c, d[0], d[1], a, b)); + } + BENCH_END; +#endif + +#if BN_GCD == BINAR || !defined(STRIP) + BENCH_RUN("bn_gcd_ext_binar") { + bn_rand(a, RLC_POS, RLC_BN_BITS); + bn_rand(b, RLC_POS, RLC_BN_BITS); + BENCH_ADD(bn_gcd_ext_binar(c, d[0], d[1], a, b)); } BENCH_END; #endif @@ -730,16 +758,16 @@ static void arith(void) { BENCH_RUN("bn_gcd_ext_lehme") { bn_rand(a, RLC_POS, RLC_BN_BITS); bn_rand(b, RLC_POS, RLC_BN_BITS); - BENCH_ADD(bn_gcd_ext_lehme(c, d, e, a, b)); + BENCH_ADD(bn_gcd_ext_lehme(c, d[0], d[1], a, b)); } BENCH_END; #endif -#if BN_GCD == STEIN || !defined(STRIP) - BENCH_RUN("bn_gcd_ext_stein") { +#if BN_GCD == BINAR || !defined(STRIP) + BENCH_RUN("bn_gcd_ext_binar") { bn_rand(a, RLC_POS, RLC_BN_BITS); bn_rand(b, RLC_POS, RLC_BN_BITS); - BENCH_ADD(bn_gcd_ext_stein(c, d, e, a, b)); + BENCH_ADD(bn_gcd_ext_binar(c, d[0], d[1], a, b)); } BENCH_END; #endif @@ -747,14 +775,14 @@ static void arith(void) { BENCH_RUN("bn_gcd_ext_mid") { bn_rand(a, RLC_POS, RLC_BN_BITS); bn_rand(b, RLC_POS, RLC_BN_BITS); - BENCH_ADD(bn_gcd_ext_mid(c, c, d, d, a, b)); + BENCH_ADD(bn_gcd_ext_mid(c, c, d[0], d[1], a, b)); } BENCH_END; BENCH_RUN("bn_gcd_ext_dig") { bn_rand(a, RLC_POS, RLC_BN_BITS); bn_rand(b, RLC_POS, RLC_DIG); - BENCH_ADD(bn_gcd_ext_dig(c, d, e, a, b->dp[0])); + BENCH_ADD(bn_gcd_ext_dig(c, d[0], d[1], a, b->dp[0])); } BENCH_END; @@ -769,7 +797,7 @@ static void arith(void) { BENCH_RUN("bn_smb_leg") { bn_rand(a, RLC_POS, RLC_BN_BITS); - BENCH_ADD(bn_smb_leg(c, a, b)); + BENCH_ADD(bn_smb_leg(a, b)); } BENCH_END; @@ -779,7 +807,7 @@ static void arith(void) { if (bn_is_even(b)) { bn_add_dig(b, b, 1); } - BENCH_ADD(bn_smb_jac(c, a, b)); + BENCH_ADD(bn_smb_jac(a, b)); } BENCH_END; @@ -807,11 +835,35 @@ static void arith(void) { /* It should be the case that a is prime here. */ BENCH_RUN("bn_mod_inv") { - bn_rand(b, RLC_POS, RLC_BN_BITS); + bn_rand_mod(b, a); BENCH_ADD(bn_mod_inv(c, b, a)); } BENCH_END; + /* It should be the case that a is prime here. */ + BENCH_RUN("bn_mod_inv_sim (2)") { + bn_rand_mod(d[0], a); + bn_rand_mod(d[1], a); + BENCH_ADD(bn_mod_inv_sim(d, d, a, 2)); + } + BENCH_END; + + BENCH_RUN("bn_lag (2)") { + bn_rand_mod(d[0], a); + bn_rand_mod(d[1], a); + BENCH_ADD(bn_lag(d, d, a, 2)); + } + BENCH_END; + + BENCH_RUN("bn_evl (2)") { + bn_rand_mod(b, a); + bn_rand_mod(d[0], a); + bn_rand_mod(d[1], a); + bn_lag(d, d, a, 2); + BENCH_ADD(bn_evl(c, d, b, a, 2)); + } + BENCH_END; + bn_rand(a, RLC_POS, RLC_BN_BITS); BENCH_ONE("bn_factor", bn_factor(c, a), 1); @@ -850,8 +902,8 @@ static void arith(void) { BENCH_RUN("bn_rec_tnaf") { int8_t tnaf[RLC_FB_BITS + 8]; int len = RLC_BN_BITS + 1; - eb_curve_get_ord(e); - bn_rand_mod(a, e); + eb_curve_get_ord(b); + bn_rand_mod(a, b); if (eb_curve_opt_a() == RLC_ZERO) { BENCH_ADD((len = RLC_FB_BITS + 8, bn_rec_tnaf(tnaf, &len, a, -1, RLC_FB_BITS, 4))); } else { @@ -862,8 +914,8 @@ static void arith(void) { BENCH_RUN("bn_rec_rtnaf") { int8_t tnaf[RLC_FB_BITS + 8]; - eb_curve_get_ord(e); - bn_rand_mod(a, e); + eb_curve_get_ord(b); + bn_rand_mod(a, b); if (eb_curve_opt_a() == RLC_ZERO) { BENCH_ADD((len = RLC_FB_BITS + 8, bn_rec_rtnaf(tnaf, &len, a, -1, RLC_FB_BITS, 4))); } else { @@ -892,36 +944,25 @@ static void arith(void) { #if defined(WITH_EP) && defined(EP_ENDOM) && (EP_MUL == LWNAF || EP_FIX == COMBS || EP_FIX == LWNAF || EP_SIM == INTER || !defined(STRIP)) if (ep_param_set_any_endom() == RLC_OK) { - bn_t v1[3], v2[3]; - - for (int j = 0; j < 3; j++) { - bn_new(v1[j]); - bn_new(v2[j]); - } - BENCH_RUN("bn_rec_glv") { - bn_rand(a, RLC_POS, RLC_FP_BITS); - ep_curve_get_v1(v1); - ep_curve_get_v2(v2); - ep_curve_get_ord(e); - bn_rand_mod(a, e); - BENCH_ADD(bn_rec_glv(b, c, a, e, (const bn_t *)v1, - (const bn_t *)v2)); + ep_curve_get_v1(d); + ep_curve_get_v2(e); + ep_curve_get_ord(c); + bn_rand_mod(a, c); + BENCH_ADD(bn_rec_glv(a, b, a, c, (const bn_t *)d, (const bn_t *)e)); } BENCH_END; - - for (int j = 0; j < 3; j++) { - bn_free(v1[j]); - bn_free(v2[j]); - } } #endif /* WITH_EP && EP_KBLTZ */ bn_free(a); bn_free(b); bn_free(c); - bn_free(d); - bn_free(e); + for (int j = 0; j < 3; j++) { + bn_free(d[j]); + bn_free(e[j]); + } + crt_free(crt); } int main(void) { diff --git a/bench/bench_cp.c b/bench/bench_cp.c index 621df803f..d34d31086 100644 --- a/bench/bench_cp.c +++ b/bench/bench_cp.c @@ -40,7 +40,7 @@ static void rsa(void) { rsa_t pub, prv; uint8_t in[10], new[10], h[RLC_MD_LEN], out[RLC_BN_BITS / 8 + 1]; - int out_len, new_len; + size_t out_len, new_len; rsa_null(pub); rsa_null(prv); @@ -105,7 +105,7 @@ static void rsa(void) { static void rabin(void) { rabin_t pub, prv; uint8_t in[1000], new[1000], out[RLC_BN_BITS / 8 + 1]; - int in_len, out_len, new_len; + size_t in_len, out_len, new_len; rabin_null(pub); rabin_null(prv); @@ -116,7 +116,7 @@ static void rabin(void) { BENCH_ONE("cp_rabin_gen", cp_rabin_gen(pub, prv, RLC_BN_BITS), 1); BENCH_RUN("cp_rabin_enc") { - in_len = bn_size_bin(pub->n) - 9; + in_len = bn_size_bin(pub->n) - 10; out_len = RLC_BN_BITS / 8 + 1; rand_bytes(in, in_len); BENCH_ADD(cp_rabin_enc(out, &out_len, in, in_len, pub)); @@ -124,7 +124,7 @@ static void rabin(void) { } BENCH_END; BENCH_RUN("cp_rabin_dec") { - in_len = bn_size_bin(pub->n) - 9; + in_len = bn_size_bin(pub->n) - 10; new_len = in_len; out_len = RLC_BN_BITS / 8 + 1; rand_bytes(in, in_len); @@ -140,7 +140,7 @@ static void benaloh(void) { bdpe_t pub, prv; dig_t in, new; uint8_t out[RLC_BN_BITS / 8 + 1]; - int out_len; + size_t out_len; bdpe_null(pub); bdpe_null(prv); @@ -174,16 +174,22 @@ static void benaloh(void) { static void paillier(void) { bn_t c, m, pub; phpe_t prv; + shpe_t spub, sprv; bn_null(c); bn_null(m); bn_null(pub); phpe_null(prv); + shpe_null(spub); + shpe_null(sprv); + bn_new(c); bn_new(m); bn_new(pub); phpe_new(prv); + shpe_new(spub); + shpe_new(sprv); BENCH_ONE("cp_phpe_gen", cp_phpe_gen(pub, prv, RLC_BN_BITS / 2), 1); @@ -192,12 +198,42 @@ static void paillier(void) { BENCH_ADD(cp_phpe_enc(c, m, pub)); } BENCH_END; + BENCH_RUN("cp_phpe_add") { + bn_rand_mod(m, pub); + cp_phpe_enc(c, m, pub); + BENCH_ADD(cp_phpe_add(c, c, c, pub)); + } BENCH_END; + BENCH_RUN("cp_phpe_dec") { bn_rand_mod(m, pub); cp_phpe_enc(c, m, pub); BENCH_ADD(cp_phpe_dec(m, c, prv)); } BENCH_END; + BENCH_ONE("cp_shpe_gen", cp_shpe_gen(spub, sprv, RLC_BN_BITS / 10, RLC_BN_BITS / 2), 1); + + BENCH_RUN("cp_shpe_enc") { + bn_rand_mod(m, spub->crt->n); + BENCH_ADD(cp_shpe_enc(c, m, spub)); + } BENCH_END; + + BENCH_RUN("cp_shpe_enc_prv") { + bn_rand_mod(m, spub->crt->n); + BENCH_ADD(cp_shpe_enc_prv(c, m, sprv)); + } BENCH_END; + + BENCH_RUN("cp_shpe_dec (1)") { + bn_rand_mod(m, spub->crt->n); + cp_shpe_enc(c, m, spub); + BENCH_ADD(cp_shpe_dec(m, c, sprv)); + } BENCH_END; + + BENCH_RUN("cp_shpe_dec (2)") { + bn_rand_mod(m, spub->crt->n); + cp_shpe_enc_prv(c, m, sprv); + BENCH_ADD(cp_shpe_dec(m, c, sprv)); + } BENCH_END; + BENCH_ONE("cp_ghpe_gen", cp_ghpe_gen(pub, prv->n, RLC_BN_BITS / 2), 1); BENCH_RUN("cp_ghpe_enc (1)") { @@ -228,6 +264,8 @@ static void paillier(void) { bn_free(m); bn_free(pub); phpe_free(prv); + shpe_free(spub); + shpe_free(sprv); } #endif @@ -296,7 +334,7 @@ static void ecies(void) { ec_t q, r; bn_t d; uint8_t in[10], out[16 + RLC_MD_LEN]; - int in_len, out_len; + size_t in_len, out_len; bn_null(d); ec_null(q); @@ -487,11 +525,11 @@ static void vbnn(void) { #define MIN_KEYS RLC_MIN(BENCH, 16) static void ers(void) { - int size; + size_t size; ec_t pp, pk[MAX_KEYS + 1]; bn_t sk[MAX_KEYS + 1], td; ers_t ring[MAX_KEYS + 1]; - uint8_t m[5] = { 0, 1, 2, 3, 4 }; + const uint8_t m[5] = { 0, 1, 2, 3, 4 }; bn_null(td); ec_null(pp); @@ -541,12 +579,67 @@ static void ers(void) { } } +static void smlers(void) { + size_t size; + ec_t pp, pk[MAX_KEYS + 1]; + bn_t sk[MAX_KEYS + 1], td; + smlers_t ring[MAX_KEYS + 1]; + const uint8_t m[5] = { 0, 1, 2, 3, 4 }; + + bn_null(td); + ec_null(pp); + + bn_new(td); + ec_new(pp); + for (int i = 0; i <= MAX_KEYS; i++) { + bn_null(sk[i]); + bn_new(sk[i]); + ec_null(pk[i]); + ec_new(pk[i]); + smlers_null(ring[i]); + smlers_new(ring[i]); + cp_ers_gen_key(sk[i], pk[i]); + } + + cp_ers_gen(pp); + + BENCH_RUN("cp_smlers_sig") { + BENCH_ADD(cp_smlers_sig(td, ring[0], m, 5, sk[0], pk[0], pp)); + } BENCH_END; + + BENCH_RUN("cp_smlers_ver") { + BENCH_ADD(cp_smlers_ver(td, ring, 1, m, 5, pp)); + } BENCH_END; + + size = 1; + BENCH_FEW("cp_smlers_ext", cp_smlers_ext(td, ring, &size, m, 5, pk[size], pp), 1); + + size = 1; + cp_smlers_sig(td, ring[0], m, 5, sk[0], pk[0], pp); + for (int j = 1; j < MAX_KEYS && size < BENCH; j = j << 1) { + for (int k = 0; k < j && size < BENCH; k++) { + cp_smlers_ext(td, ring, &size, m, 5, pk[size], pp); + } + cp_smlers_ver(td, ring, size, m, 5, pp); + util_print("(%2d exts) ", j); + BENCH_FEW("cp_smlers_ver", cp_smlers_ver(td, ring, size, m, 5, pp), 1); + } + + bn_free(td); + ec_free(pp); + for (int i = 0; i <= MAX_KEYS; i++) { + bn_free(sk[i]); + ec_free(pk[i]); + smlers_free(ring[i]) + } +} + static void etrs(void) { - int size; + size_t size; ec_t pp, pk[MAX_KEYS + 1]; bn_t sk[MAX_KEYS + 1], td[MAX_KEYS + 1], y[MAX_KEYS + 1]; etrs_t ring[MAX_KEYS + 1]; - uint8_t m[5] = { 0, 1, 2, 3, 4 }; + const uint8_t m[5] = { 0, 1, 2, 3, 4 }; ec_null(pp); ec_new(pp); @@ -564,10 +657,10 @@ static void etrs(void) { ec_curve_get_ord(sk[i]); bn_rand_mod(td[i], sk[i]); bn_rand_mod(y[i], sk[i]); - cp_etrs_gen_key(sk[i], pk[i]); + cp_ers_gen_key(sk[i], pk[i]); } - cp_etrs_gen(pp); + cp_ers_gen(pp); BENCH_FEW("cp_etrs_sig", cp_etrs_sig(td, y, MIN_KEYS, ring[0], m, 5, sk[0], pk[0], pp), 1); @@ -857,7 +950,7 @@ static void ibe(void) { g2_t prv; uint8_t in[10], out[10 + 2 * RLC_FP_BYTES + 1]; char *id = "Alice"; - int in_len, out_len; + size_t in_len, out_len; bn_null(s); g1_null(pub); @@ -1065,8 +1158,8 @@ static int cls(void) { g1_t a, A, b, B, c, _A[4], _B[4]; g2_t x, y, z, _z[4]; uint8_t m[5] = { 0, 1, 2, 3, 4 }; - uint8_t *msgs[5] = {m, m, m, m, m}; - int lens[5] = {sizeof(m), sizeof(m), sizeof(m), sizeof(m), sizeof(m)}; + const uint8_t *ms[5] = {m, m, m, m, m}; + const size_t ls[5] = {sizeof(m), sizeof(m), sizeof(m), sizeof(m), sizeof(m)}; bn_null(r); bn_null(t); @@ -1136,11 +1229,11 @@ static int cls(void) { } BENCH_END; BENCH_RUN("cp_clb_sig (5)") { - BENCH_ADD(cp_clb_sig(a, _A, b, _B, c, msgs, lens, t, u, _v, 5)); + BENCH_ADD(cp_clb_sig(a, _A, b, _B, c, ms, ls, t, u, _v, 5)); } BENCH_END; BENCH_RUN("cp_clb_ver (5)") { - BENCH_ADD(cp_clb_ver(a, _A, b, _B, c, msgs, lens, x, y, _z, 5)); + BENCH_ADD(cp_clb_ver(a, _A, b, _B, c, ms, ls, x, y, _z, 5)); } BENCH_END; bn_free(r); @@ -1289,9 +1382,9 @@ static void mpss(void) { } pc_map_tri(t); - mt_gen(tri[0], n); - mt_gen(tri[1], n); - mt_gen(tri[2], n); + mpc_mt_gen(tri[0], n); + mpc_mt_gen(tri[1], n); + mpc_mt_gen(tri[2], n); bn_rand_mod(m[0], n); bn_rand_mod(m[1], n); @@ -1324,9 +1417,9 @@ static void mpss(void) { g1_get_ord(n); pc_map_tri(t); - mt_gen(tri[0], n); - mt_gen(tri[1], n); - mt_gen(tri[2], n); + mpc_mt_gen(tri[0], n); + mpc_mt_gen(tri[1], n); + mpc_mt_gen(tri[2], n); BENCH_RUN("cp_mpsb_gen (10)") { BENCH_ADD(cp_mpsb_gen(u, _v, h, x, _y, 10)); @@ -1348,7 +1441,7 @@ static void mpss(void) { BENCH_ADD(cp_mpsb_ver(r[1], g, s, ms, h, x[0], _y, _v, tri[2], t, 10)); } BENCH_DIV(2); - bn_free(n); + bn_free(n); g1_free(g); g2_free(h); for (int i = 0; i < 2; i++) { @@ -1395,12 +1488,12 @@ static void zss(void) { } BENCH_END; - BENCH_RUN("cp_zss_sign (h = 0)") { + BENCH_RUN("cp_zss_sig (h = 0)") { BENCH_ADD(cp_zss_sig(s, msg, 5, 0, d)); } BENCH_END; - BENCH_RUN("cp_zss_sign (h = 1)") { + BENCH_RUN("cp_zss_sig (h = 1)") { md_map(h, msg, 5); BENCH_ADD(cp_zss_sig(s, h, RLC_MD_LEN, 1, d)); } @@ -1435,11 +1528,11 @@ static void lhs(void) { g1_t a[S][L], c[S][L], r[S][L]; g2_t _s, s[S][L], pk[S], y[S], z[S]; gt_t *hs[S], vk; - char *data = "id"; - char *id[S] = { "0", "1", "2", "3", "4", "5", "6", "7", "8", "9"}; - dig_t ft[S]; - dig_t *f[S]; - int flen[S]; + const char *data = "id"; + const char *id[S] = { "0", "1", "2", "3", "4", "5", "6", "7", "8", "9"}; + dig_t ft[S], *f[S]; + size_t flen[S]; + int label[L]; bn_null(m); bn_null(n); @@ -1512,22 +1605,81 @@ static void lhs(void) { /* Initialize scheme for messages of single components. */ cp_cmlhs_init(h); - BENCH_ONE("cp_cmlhs_gen", + BENCH_ONE("cp_cmlhs_gen (ecdsa)", for (int j = 0; j < S; j++) { - BENCH_ADD(cp_cmlhs_gen(x[j], hs[j], L, k[j], K, sk[j], pk[j], d[j], y[j])); + cp_cmlhs_gen(x[j], hs[j], L, k[j], K, sk[j], pk[j], d[j], y[j], 0); }, S); - int label[L]; + BENCH_FEW("cp_cmlhs_sig (ecdsa)", + /* Compute all signatures. */ + for (int j = 0; j < S; j++) { + for (int l = 0; l < L; l++) { + label[l] = l; + bn_mod(msg[l], msg[l], n); + cp_cmlhs_sig(sig[j], z[j], a[j][l], c[j][l], r[j][l], s[j][l], + msg[l], data, label[l], x[j][l], h, k[j], K, d[j], sk[j], 0); + } + }, + S * L); - BENCH_FEW("cp_cmlhs_sig", + BENCH_RUN("cp_cmlhs_fun") { + for (int j = 0; j < S; j++) { + BENCH_ADD(cp_cmlhs_fun(as[j], cs[j], a[j], c[j], f[j], L)); + } + } BENCH_DIV(S); + + BENCH_RUN("cp_cmlhs_evl") { + cp_cmlhs_evl(_r, _s, r[0], s[0], f[0], L); + for (int j = 1; j < S; j++) { + BENCH_ADD(cp_cmlhs_evl(r[0][0], s[0][0], r[j], s[j], f[j], L)); + g1_add(_r, _r, r[0][0]); + g2_add(_s, _s, s[0][0]); + } + g1_norm(_r, _r); + g2_norm(_s, _s); + } BENCH_DIV(S); + + bn_zero(m); + for (int j = 0; j < L; j++) { + dig_t sum = 0; + for (int l = 0; l < S; l++) { + sum += f[l][j]; + } + bn_mul_dig(msg[j], msg[j], sum); + bn_add(m, m, msg[j]); + bn_mod(m, m, n); + } + + BENCH_RUN("cp_cmlhs_ver (ecdsa)") { + BENCH_ADD(cp_cmlhs_ver(_r, _s, sig, z, as, cs, m, data, h, label, + (const gt_t **)hs, (const dig_t **)f, flen, y, pk, S, 0)); + } BENCH_DIV(S); + + BENCH_RUN("cp_cmlhs_off") { + BENCH_ADD(cp_cmlhs_off(vk, h, label, (const gt_t **)hs, + (const dig_t **)f, flen, S)); + } BENCH_DIV(S); + + BENCH_RUN("cp_cmlhs_onv (ecdsa)") { + BENCH_ADD(cp_cmlhs_onv(_r, _s, sig, z, as, cs, m, data, h, vk, y, + pk, S, 0)); + } BENCH_DIV(S); + + BENCH_ONE("cp_cmlhs_gen (bls)", + for (int j = 0; j < S; j++) { + cp_cmlhs_gen(x[j], hs[j], L, k[j], K, sk[j], pk[j], d[j], y[j], 1); + }, + S); + + BENCH_FEW("cp_cmlhs_sig (bls)", /* Compute all signatures. */ for (int j = 0; j < S; j++) { for (int l = 0; l < L; l++) { label[l] = l; bn_mod(msg[l], msg[l], n); - BENCH_ADD(cp_cmlhs_sig(sig[j], z[j], a[j][l], c[j][l], r[j][l], - s[j][l], msg[l], data, label[l], x[j][l], h, k[j], K, d[j], sk[j])); + cp_cmlhs_sig(sig[j], z[j], a[j][l], c[j][l], r[j][l], s[j][l], + msg[l], data, label[l], x[j][l], h, k[j], K, d[j], sk[j], 1); } }, S * L); @@ -1560,18 +1712,19 @@ static void lhs(void) { bn_mod(m, m, n); } - BENCH_RUN("cp_cmlhs_ver") { - BENCH_ADD(cp_cmlhs_ver(_r, _s, sig, z, as, cs, m, data, h, label, hs, - f, flen, y, pk, S)); + BENCH_RUN("cp_cmlhs_ver (bls)") { + BENCH_ADD(cp_cmlhs_ver(_r, _s, sig, z, as, cs, m, data, h, label, + (const gt_t **)hs, (const dig_t **)f, flen, y, pk, S, 1)); } BENCH_DIV(S); BENCH_RUN("cp_cmlhs_off") { - BENCH_ADD(cp_cmlhs_off(vk, h, label, hs, f, flen, y, pk, S)); + BENCH_ADD(cp_cmlhs_off(vk, h, label, (const gt_t **)hs, + (const dig_t **)f, flen, S)); } BENCH_DIV(S); - BENCH_RUN("cp_cmlhs_onv") { + BENCH_RUN("cp_cmlhs_onv (bls)") { BENCH_ADD(cp_cmlhs_onv(_r, _s, sig, z, as, cs, m, data, h, vk, y, - pk, S)); + pk, S, 1)); } BENCH_DIV(S); #ifdef BENCH_LHS @@ -1666,11 +1819,13 @@ static void lhs(void) { } BENCH_RUN("cp_mklhs_ver") { - BENCH_ADD(cp_mklhs_ver(_r, m, d, data, id, ls, f, flen, pk, S)); + BENCH_ADD(cp_mklhs_ver(_r, m, d, data, id, (const char **)ls, + (const dig_t **)f, flen, pk, S)); } BENCH_DIV(S); BENCH_RUN("cp_mklhs_off") { - BENCH_ADD(cp_mklhs_off(cs, ft, id, ls, f, flen, S)); + BENCH_ADD(cp_mklhs_off(cs, ft, id, (const char **)ls, (const dig_t **)f, + flen, S)); } BENCH_DIV(S); BENCH_RUN("cp_mklhs_onv") { @@ -1750,6 +1905,122 @@ static void lhs(void) { } } +#define M 256 /* Number of server messages (larger). */ +#define N 8 /* Number of client messages. */ + +static void psi(void) { + bn_t g, n, q, r, p[M], x[M], v[N], w[N], y[N], z[M]; + g1_t u[M], ss; + g2_t d[M + 1], s[M + 1]; + gt_t t[M]; + crt_t crt; + size_t len; + + bn_new(g); + bn_new(n); + bn_new(q); + bn_new(r); + g1_new(ss); + for (int i = 0; i < M; i++) { + bn_null(p[i]); + bn_null(x[i]); + bn_null(z[i]); + g2_null(d[i]); + g2_null(s[i]); + bn_new(p[i]); + bn_new(x[i]); + bn_new(z[i]); + g2_new(d[i]); + g2_new(s[i]); + } + g2_null(d[M]); + g2_new(d[M]); + g2_null(s[M]); + g2_new(s[M]); + for (int i = 0; i < N; i++) { + bn_null(v[i]); + bn_null(w[i]); + bn_null(y[i]); + g1_null(u[i]); + gt_null(t[i]); + bn_new(v[i]); + bn_new(w[i]); + bn_new(y[i]); + g1_new(u[i]); + gt_new(t[i]); + } + crt_new(crt); + + pc_get_ord(q); + for (int j = 0; j < M; j++) { + bn_rand_mod(x[j], q); + } + for (int j = 0; j < N; j++) { + bn_rand_mod(y[j], q); + } + + BENCH_ONE("cp_rsapsi_gen", cp_rsapsi_gen(g, n, RLC_BN_BITS), 1); + + BENCH_RUN("cp_rsapsi_ask (M)") { + BENCH_ADD(cp_rsapsi_ask(q, r, p, g, n, x, M)); + } BENCH_END; + + BENCH_RUN("cp_rsapsi_ans (N)") { + BENCH_ADD(cp_rsapsi_ans(v, w, q, g, n, y, N)); + } BENCH_END; + + BENCH_RUN("cp_rsapsi_int") { + BENCH_ADD(cp_rsapsi_int(z, &len, r, p, n, x, M, v, w, N)); + } BENCH_END; + + BENCH_ONE("cp_shipsi_gen", cp_shipsi_gen(g, crt, RLC_BN_BITS), 1); + + BENCH_RUN("cp_shipsi_ask (M)") { + BENCH_ADD(cp_shipsi_ask(q, r, p, g, crt->n, x, M)); + } BENCH_END; + + BENCH_RUN("cp_shipsi_ans (N)") { + BENCH_ADD(cp_shipsi_ans(v, w[0], q, g, crt, y, N)); + } BENCH_END; + + BENCH_RUN("cp_shipsi_int") { + BENCH_ADD(cp_shipsi_int(z, &len, r, p, crt->n, x, M, v, w[0], N)); + } BENCH_END; + + BENCH_RUN("cp_pbpsi_gen (M)") { + BENCH_ADD(cp_pbpsi_gen(q, ss, s, M)); + } BENCH_END; + + BENCH_RUN("cp_pbpsi_ask (M)") { + BENCH_ADD(cp_pbpsi_ask(d, r, x, s, M)); + } BENCH_END; + + BENCH_RUN("cp_pbpsi_ans (N)") { + BENCH_ADD(cp_pbpsi_ans(t, u, ss, d[0], y, N)); + } BENCH_END; + + BENCH_RUN("cp_pbpsi_int") { + BENCH_ADD(cp_pbpsi_int(z, &len, d, x, M, t, u, N)); + } BENCH_END; + + bn_free(q); + bn_free(r); + g1_free(ss); + for (int i = 0; i < M; i++) { + bn_free(x[i]); + bn_free(z[i]); + g2_free(d[i]); + g2_free(s[i]); + } + g2_free(d[M]); + g2_free(s[M]); + for (int i = 0; i < N; i++) { + bn_free(y[i]); + g1_free(u[i]); + gt_free(t[i]); + } +} + #endif /* WITH_PC */ int main(void) { @@ -1766,8 +2037,8 @@ int main(void) { util_banner("Protocols based on integer factorization:\n", 0); rsa(); rabin(); - benaloh(); paillier(); + benaloh(); #endif #if defined(WITH_EC) @@ -1780,6 +2051,7 @@ int main(void) { ecss(); vbnn(); ers(); + smlers(); etrs(); } #endif @@ -1801,6 +2073,9 @@ int main(void) { #endif zss(); lhs(); + + util_banner("Protocols based on accumulators:\n", 0); + psi(); } #endif diff --git a/bench/bench_ed.c b/bench/bench_ed.c index 7dfa39424..f2db37565 100644 --- a/bench/bench_ed.c +++ b/bench/bench_ed.c @@ -174,7 +174,7 @@ static void util(void) { static void arith(void) { ed_t p, q, r, t[RLC_ED_TABLE_MAX]; - bn_t k, l, n; + bn_t k, l[2], n; ed_null(p); ed_null(q); @@ -188,7 +188,8 @@ static void arith(void) { ed_new(r); bn_new(k); bn_new(n); - bn_new(l); + bn_new(l[0]); + bn_new(l[1]); ed_curve_get_ord(n); @@ -326,7 +327,7 @@ static void arith(void) { BENCH_ADD(ed_sub_extnd(r, p, q)); } BENCH_END; - BENCH_RUN("ed_sub_projc (z2 = 1)") { + BENCH_RUN("ed_sub_extnd (z2 = 1)") { ed_rand(p); ed_rand(q); ed_add_extnd(p, p, q); @@ -335,12 +336,12 @@ static void arith(void) { BENCH_ADD(ed_sub_extnd(r, p, q)); } BENCH_END; - BENCH_RUN("ed_sub_projc (z1,z2 = 1)") { + BENCH_RUN("ed_sub_extnd (z1,z2 = 1)") { ed_rand(p); ed_norm(p, p); ed_rand(q); ed_norm(q, q); - BENCH_ADD(ed_sub_projc(r, p, q)); + BENCH_ADD(ed_sub_extnd(r, p, q)); } BENCH_END; #endif @@ -373,7 +374,7 @@ static void arith(void) { } BENCH_END; #endif -#if ED_ADD == PROJC || !defined(STRIP) +#if ED_ADD == EXTND || !defined(STRIP) BENCH_RUN("ed_dbl_extnd") { ed_rand(p); ed_rand(q); @@ -546,80 +547,77 @@ static void arith(void) { } #endif -#if ED_FIX == LWNAF || !defined(STRIP) - for (int i = 0; i < RLC_ED_TABLE_LWNAF; i++) { - ed_new(t[i]); - } - BENCH_RUN("ed_mul_pre_lwnaf") { - ed_rand(p); - BENCH_ADD(ed_mul_pre_lwnaf(t, p)); - } BENCH_END; - - BENCH_RUN("ed_mul_fix_lwnaf") { - bn_rand_mod(k, n); - ed_rand(p); - ed_mul_pre_lwnaf(t, p); - BENCH_ADD(ed_mul_fix_lwnaf(q, (const ed_t *)t, k)); - } BENCH_END; - for (int i = 0; i < RLC_ED_TABLE_LWNAF; i++) { - ed_free(t[i]); - } -#endif BENCH_RUN("ed_mul_sim") { - bn_rand_mod(k, n); - bn_rand_mod(l, n); + bn_rand_mod(l[0], n); + bn_rand_mod(l[1], n); ed_rand(p); ed_rand(q); - BENCH_ADD(ed_mul_sim(r, p, k, q, l)); + BENCH_ADD(ed_mul_sim(r, p, l[0], q, l[1])); } BENCH_END; #if ED_SIM == BASIC || !defined(STRIP) BENCH_RUN("ed_mul_sim_basic") { - bn_rand_mod(k, n); - bn_rand_mod(l, n); + bn_rand_mod(l[0], n); + bn_rand_mod(l[1], n); ed_rand(p); ed_rand(q); - BENCH_ADD(ed_mul_sim_basic(r, p, k, q, l)); + BENCH_ADD(ed_mul_sim_basic(r, p, l[0], q, l[1])); } BENCH_END; #endif #if ED_SIM == TRICK || !defined(STRIP) BENCH_RUN("ed_mul_sim_trick") { - bn_rand_mod(k, n); - bn_rand_mod(l, n); + bn_rand_mod(l[0], n); + bn_rand_mod(l[1], n); ed_rand(p); ed_rand(q); - BENCH_ADD(ed_mul_sim_trick(r, p, k, q, l)); + BENCH_ADD(ed_mul_sim_trick(r, p, l[0], q, l[1])); } BENCH_END; #endif #if ED_SIM == INTER || !defined(STRIP) BENCH_RUN("ed_mul_sim_inter") { - bn_rand_mod(k, n); - bn_rand_mod(l, n); + bn_rand_mod(l[0], n); + bn_rand_mod(l[1], n); ed_rand(p); ed_rand(q); - BENCH_ADD(ed_mul_sim_inter(r, p, k, q, l)); + BENCH_ADD(ed_mul_sim_inter(r, p, l[0], q, l[1])); } BENCH_END; #endif #if ED_SIM == JOINT || !defined(STRIP) BENCH_RUN("ed_mul_sim_joint") { - bn_rand_mod(k, n); - bn_rand_mod(l, n); + bn_rand_mod(l[0], n); + bn_rand_mod(l[1], n); ed_rand(p); ed_rand(q); - BENCH_ADD(ed_mul_sim_joint(r, p, k, q, l)); + BENCH_ADD(ed_mul_sim_joint(r, p, l[0], q, l[1])); } BENCH_END; #endif BENCH_RUN("ed_mul_sim_gen") { - bn_rand_mod(k, n); - bn_rand_mod(l, n); + bn_rand_mod(l[0], n); + bn_rand_mod(l[1], n); ed_rand(q); - BENCH_ADD(ed_mul_sim_gen(r, k, q, l)); + BENCH_ADD(ed_mul_sim_gen(r, l[0], q, l[1])); } BENCH_END; + for (int i = 0; i < 2; i++) { + ed_new(t[i]); + } + + BENCH_RUN("ed_mul_sim_lot (2)") { + bn_rand_mod(l[0], n); + bn_rand_mod(l[1], n); + ed_rand(t[0]); + ed_rand(t[1]); + BENCH_ADD(ed_mul_sim_lot(r, t, l, 2)); + } BENCH_END; + + for (int i = 0; i < 2; i++) { + ed_free(t[i]); + } + BENCH_RUN("ed_map") { uint8_t msg[5]; rand_bytes(msg, 5); @@ -640,7 +638,8 @@ static void arith(void) { ed_free(q); ed_free(r); bn_free(k); - bn_free(l); + bn_free(l[0]); + bn_free(l[1]); bn_free(n); } diff --git a/bench/bench_epx.c b/bench/bench_epx.c index 487d3dad6..923f7b3ff 100644 --- a/bench/bench_epx.c +++ b/bench/bench_epx.c @@ -35,19 +35,19 @@ #include "relic_bench.h" static void memory2(void) { - ep4_t a[BENCH]; + ep2_t a[BENCH]; - BENCH_FEW("ep4_null", ep4_null(a[i]), 1); + BENCH_FEW("ep2_null", ep4_null(a[i]), 1); - BENCH_FEW("ep4_new", ep4_new(a[i]), 1); + BENCH_FEW("ep2_new", ep4_new(a[i]), 1); for (int i = 0; i < BENCH; i++) { - ep4_free(a[i]); + ep2_free(a[i]); } for (int i = 0; i < BENCH; i++) { - ep4_new(a[i]); + ep2_new(a[i]); } - BENCH_FEW("ep4_free", ep4_free(a[i]), 1); + BENCH_FEW("ep2_free", ep4_free(a[i]), 1); (void)a; } diff --git a/bench/bench_fp.c b/bench/bench_fp.c index c2887f650..39204de2f 100644 --- a/bench/bench_fp.c +++ b/bench/bench_fp.c @@ -526,6 +526,14 @@ static void arith(void) { BENCH_END; #endif +#if FP_INV == JMPDS || !defined(STRIP) + BENCH_RUN("fp_inv_jmpds") { + fp_rand(a); + BENCH_ADD(fp_inv_jmpds(c, a)); + } + BENCH_END; +#endif + #if FP_INV == LOWER || !defined(STRIP) BENCH_RUN("fp_inv_lower") { fp_rand(a); @@ -541,6 +549,49 @@ static void arith(void) { } BENCH_END; + BENCH_RUN("fp_smb") { + fp_rand(a); + fp_sqr(a, a); + BENCH_ADD(fp_smb(a)); + } + BENCH_END; + +#if FP_SMB == BASIC || !defined(STRIP) + BENCH_RUN("fp_smb_basic") { + fp_rand(a); + fp_sqr(a, a); + BENCH_ADD(fp_smb_basic(a)); + } + BENCH_END; +#endif + +#if FP_SMB == DIVST || !defined(STRIP) + BENCH_RUN("fp_smb_divst") { + fp_rand(a); + fp_sqr(a, a); + BENCH_ADD(fp_smb_divst(a)); + } + BENCH_END; +#endif + +#if FP_SMB == JMPDS || !defined(STRIP) + BENCH_RUN("fp_smb_jmpds") { + fp_rand(a); + fp_sqr(a, a); + BENCH_ADD(fp_smb_jmpds(a)); + } + BENCH_END; +#endif + +#if FP_SMB == LOWER || !defined(STRIP) + BENCH_RUN("fp_smb_lower") { + fp_rand(a); + fp_sqr(a, a); + BENCH_ADD(fp_smb_lower(a)); + } + BENCH_END; +#endif + BENCH_RUN("fp_exp") { fp_rand(a); bn_rand(e, RLC_POS, RLC_FP_BITS); diff --git a/bench/bench_fpx.c b/bench/bench_fpx.c index 62ee13cc3..1ee0c9830 100644 --- a/bench/bench_fpx.c +++ b/bench/bench_fpx.c @@ -3273,7 +3273,9 @@ int main(void) { util6(); util_banner("Arithmetic:", 1); arith6(); + } + if (fp_prime_get_qnr() && (ep_param_embed() >= 8)) { util_banner("Octic extension:", 0); util_banner("Utilities:", 1); memory8(); @@ -3282,7 +3284,7 @@ int main(void) { arith8(); } - if (fp_prime_get_cnr()) { + if (fp_prime_get_cnr() && (ep_param_embed() >= 9)) { util_banner("Nonic extension:", 0); util_banner("Utilities:", 1); memory9(); @@ -3291,7 +3293,7 @@ int main(void) { arith9(); } - if (fp_prime_get_qnr()) { + if (fp_prime_get_qnr() && (ep_param_embed() >= 12)) { util_banner("Dodecic extension:", 0); util_banner("Utilities:", 1); memory12(); @@ -3300,8 +3302,8 @@ int main(void) { arith12(); } - if (fp_prime_get_cnr()) { - util_banner("Octodecic extension:", 0); + if (fp_prime_get_cnr() && (ep_param_embed() >= 18)) { + util_banner("Octdecic extension:", 0); util_banner("Utilities:", 1); memory18(); util18(); @@ -3310,14 +3312,16 @@ int main(void) { arith18(); } - if (fp_prime_get_qnr()) { + if (fp_prime_get_qnr() && (ep_param_embed() >= 24)) { util_banner("Extension of degree 24:", 0); util_banner("Utilities:", 1); memory24(); util24(); util_banner("Arithmetic:", 1); arith24(); + } + if (fp_prime_get_qnr() && (ep_param_embed() >= 48)) { util_banner("Extension of degree 48:", 0); util_banner("Utilities:", 1); memory48(); @@ -3326,7 +3330,7 @@ int main(void) { arith48(); } - if (fp_prime_get_cnr()) { + if (fp_prime_get_cnr() && (ep_param_embed() >= 54)) { util_banner("Extension of degree 54:", 0); util_banner("Utilities:", 1); memory54(); diff --git a/bench/bench_mpc.c b/bench/bench_mpc.c index 31cd10359..d42fb1308 100644 --- a/bench/bench_mpc.c +++ b/bench/bench_mpc.c @@ -58,22 +58,22 @@ static void mul_triple(void) { bn_gen_prime(order, RLC_BN_BITS); - BENCH_RUN("mt_gen") { - BENCH_ADD(mt_gen(tri, order)); + BENCH_RUN("mpc_mt_gen") { + BENCH_ADD(mpc_mt_gen(tri, order)); } BENCH_END; - BENCH_RUN("mt_mul_lcl") { - BENCH_ADD(mt_mul_lcl(d[0], e[0], x[0], y[0], order, tri[0])); - BENCH_ADD(mt_mul_lcl(d[1], e[1], x[1], y[1], order, tri[1])); + BENCH_RUN("mpc_mt_lcl") { + BENCH_ADD(mpc_mt_lcl(d[0], e[0], x[0], y[0], order, tri[0])); + BENCH_ADD(mpc_mt_lcl(d[1], e[1], x[1], y[1], order, tri[1])); } BENCH_DIV(2); - BENCH_RUN("mt_mul_bct") { - BENCH_ADD(mt_mul_bct(d, e, order);); + BENCH_RUN("mpc_mt_bct") { + BENCH_ADD(mpc_mt_bct(d, e, order);); } BENCH_END; - BENCH_RUN("mt_mul_mpc") { - BENCH_ADD(mt_mul_mpc(d[0], d[0], e[0], order, tri[0], 0);); - BENCH_ADD(mt_mul_mpc(d[1], d[1], e[1], order, tri[1], 1);); + BENCH_RUN("mpc_mt_mul") { + BENCH_ADD(mpc_mt_mul(d[0], d[0], e[0], order, tri[0], 0);); + BENCH_ADD(mpc_mt_mul(d[1], d[1], e[1], order, tri[1], 1);); } BENCH_DIV(2); bn_free(order); @@ -87,6 +87,43 @@ static void mul_triple(void) { } } +static void shamir(void) { + bn_t q, t, s, x[10], y[10]; + + bn_null(q); + bn_null(t); + bn_null(s); + + bn_new(q); + bn_new(t); + bn_new(s); + for (int j = 0; j < 10; j++) { + bn_null(y[j]); + bn_new(y[j]); + bn_null(x[j]); + bn_new(x[j]); + } + + bn_gen_prime(q, RLC_BN_BITS); + bn_rand_mod(s, q); + + BENCH_RUN("mpc_sss_gen (10)") { + BENCH_ADD(mpc_sss_gen(x, y, s, q, 10, 10)); + } BENCH_END; + + BENCH_RUN("mpc_sss_key (10)") { + BENCH_ADD(mpc_sss_key(t, x, y, q, 10)); + } BENCH_END; + + bn_free(t); + bn_free(q); + bn_free(s); + for (int j = 0; j < 10; j++) { + bn_free(x[j]); + bn_free(y[j]); + } +} + static void pair_triple(void) { g1_t d[2], p[2], _p; g2_t e[2], q[2], _q; @@ -128,7 +165,7 @@ static void pair_triple(void) { g1_get_ord(n); - mt_gen(tri, n); + mpc_mt_gen(tri, n); BENCH_RUN("g1_mul") { /* Generate random inputs. */ g1_rand(p[0]); @@ -163,7 +200,7 @@ static void pair_triple(void) { BENCH_ADD(g1_mul_mpc(d[1], l[1], d[1], tri[1], 1)); } BENCH_DIV(2); - mt_gen(tri, n); + mpc_mt_gen(tri, n); BENCH_RUN("g2_mul") { /* Generate random inputs. */ g2_rand(q[0]); @@ -197,7 +234,7 @@ static void pair_triple(void) { BENCH_ADD(g2_mul_mpc(e[1], l[1], e[1], tri[1], 1)); } BENCH_DIV(2); - mt_gen(tri, n); + mpc_mt_gen(tri, n); BENCH_RUN("gt_exp") { /* Generate random inputs. */ gt_rand(r[0]); @@ -290,6 +327,7 @@ int main(void) { #if defined(WITH_BN) mul_triple(); + shamir(); #endif #if defined(WITH_PC) diff --git a/bench/bench_pc.c b/bench/bench_pc.c index ed805a953..cb5bebf45 100755 --- a/bench/bench_pc.c +++ b/bench/bench_pc.c @@ -557,7 +557,7 @@ static void memory(void) { static void util(void) { gt_t a, b; - uint8_t bin[12 * RLC_PC_BYTES]; + uint8_t bin[24 * RLC_PC_BYTES]; int l; gt_null(a); @@ -688,6 +688,13 @@ static void arith(void) { } BENCH_END; + BENCH_RUN("gt_exp_gen") { + pc_get_ord(d); + bn_rand_mod(e, d); + BENCH_ADD(gt_exp_gen(c, e)); + } + BENCH_END; + BENCH_RUN("gt_exp_sim") { gt_rand(a); gt_rand(b); diff --git a/cmake/arch.cmake b/cmake/arch.cmake index 0b9df7e28..5fec0cd6c 100644 --- a/cmake/arch.cmake +++ b/cmake/arch.cmake @@ -4,6 +4,7 @@ message(" ARCH= No specific architecture (disable some features).") message(" ARCH=AVR Atmel AVR ATMega128 8-bit architecture.") message(" ARCH=MSP TI MSP430 16-bit architecture.") message(" ARCH=ARM ARM 32-bit architecture.") +message(" ARCH=A64 ARM 64-bit architecture.") message(" ARCH=X86 Intel x86-compatible 32-bit architecture.") message(" ARCH=X64 AMD x86_64-compatible 64-bit architecture.\n") @@ -25,20 +26,26 @@ message(" ALIGN=16 Align digit vectors into 128-bit boundaries.\n") if(CMAKE_SYSTEM_PROCESSOR STREQUAL "x86") set(ARCH "X86" CACHE STRING "Architecture") endif() +if(CMAKE_SYSTEM_PROCESSOR STREQUAL "arm") + set(ARCH "ARM" CACHE STRING "Architecture") +endif() if(CMAKE_SYSTEM_PROCESSOR STREQUAL "x86_64" OR CMAKE_SYSTEM_PROCESSOR STREQUAL "AMD64") set(ARCH "X64" CACHE STRING "Architecture") endif() +if(CMAKE_SYSTEM_PROCESSOR STREQUAL "arm64") + set(ARCH "A64" CACHE STRING "Architecture") +endif() if(WORD AND NOT WSIZE) message(FATAL_ERROR "WORD has been replaced with WSIZE. Please update your configuration") endif() if(NOT WSIZE) - if(ARCH STREQUAL X86) + if(ARCH STREQUAL X86 OR ARCH STREQUAL "ARM") set(AFLAGS "-m32") set(WSIZE 32) endif() - if(ARCH STREQUAL X64) + if(ARCH STREQUAL "X64" OR ARCH STREQUAL "A64") set(AFLAGS "-m64") set(WSIZE 64) endif() diff --git a/cmake/bn.cmake b/cmake/bn.cmake index 793027ac4..94f000f9e 100644 --- a/cmake/bn.cmake +++ b/cmake/bn.cmake @@ -32,8 +32,8 @@ message(" BN_METHD=SLIDE Sliding window modular exponentiation.\n") message(" Greatest Common Divisor:") message(" BN_METHD=BASIC Euclid's standard GCD algorithm.") -message(" BN_METHD=LEHME Lehmer's fast GCD algorithm.") -message(" BN_METHD=STEIN Stein's binary GCD algorithm.\n") +message(" BN_METHD=BINAR Binary GCD algorithm.") +message(" BN_METHD=LEHME Lehmer's fast GCD algorithm.\n") message(" Prime generation:") message(" BN_METHD=BASIC Basic prime generation.") diff --git a/cmake/ep.cmake b/cmake/ep.cmake index ec7670804..889887bc4 100644 --- a/cmake/ep.cmake +++ b/cmake/ep.cmake @@ -20,15 +20,16 @@ message(" EP_METHD=PROJC Homogeneous projective coordinates (complete fo message(" EP_METHD=JACOB Jacobian projective coordinates.\n") message(" Variable-base scalar multiplication:") -message(" EP_METHD=BASIC Binary method.") -message(" EP_METHD=LWNAF Left-to-right window NAF method (GLV for Koblitz curves).\n") +message(" EP_METHD=SLIDE Sliding window method.") +message(" EP_METHD=MONTY Montgomery ladder method.") +message(" EP_METHD=LWNAF Left-to-right window NAF method.") +message(" EP_METHD=LWREG Left-to-right regular recoding method (GLV for curves with endomorphisms).\n") message(" Fixed-base scalar multiplication:") message(" EP_METHD=BASIC Binary method for fixed point multiplication.") message(" EP_METHD=COMBS Single-table Comb method for fixed point multiplication.") message(" EP_METHD=COMBD Double-table Comb method for fixed point multiplication.") -message(" EP_METHD=LWNAF Left-to-right window NAF method (GLV for curves with endomorphisms).") -message(" EP_METHD=LWREG Left-to-right regular recoding method (GLV for curves with endomorphisms).\n") +message(" EP_METHD=LWNAF Left-to-right window NAF method (GLV for curves with endomorphisms).\n") message(" Variable-base simultaneous scalar multiplication:") message(" EP_METHD=BASIC Multiplication-and-addition simultaneous multiplication.") diff --git a/cmake/fp.cmake b/cmake/fp.cmake index 781e93635..720b94129 100644 --- a/cmake/fp.cmake +++ b/cmake/fp.cmake @@ -8,29 +8,29 @@ message(" FP_PMERS=[off|on] Prefer Pseudo-Mersenne primes over random prime message(" FP_QNRES=[off|on] Use -1 as quadratic non-residue (make sure that p = 3 mod 8).") message(" FP_WIDTH=w Width w in [2,6] of window processing for exponentiation methods.\n") -message(" ** Available prime field arithmetic methods (default = BASIC;COMBA;COMBA;MONTY;MONTY;SLIDE):") +message(" ** Available prime field arithmetic methods (default = BASIC;COMBA;COMBA;MONTY;MONTY;JMPDS;SLIDE):") -message(" Field addition") +message(" Field addition:") message(" FP_METHD=BASIC Schoolbook addition.") message(" FP_METHD=INTEG Integrated modular addition.\n") -message(" Field multiplication") +message(" Field multiplication:") message(" FP_METHD=BASIC Schoolbook multiplication.") message(" FP_METHD=INTEG Integrated modular multiplication.") message(" FP_METHD=COMBA Comba multiplication.\n") -message(" Field squaring") +message(" Field squaring:") message(" FP_METHD=BASIC Schoolbook squaring.") message(" FP_METHD=INTEG Integrated modular squaring.") message(" FP_METHD=COMBA Comba squaring.") message(" FP_METHD=MULTP Reuse multiplication for squaring.\n") -message(" Modular reduction") +message(" Modular reduction:") message(" FP_METHD=BASIC Division-based reduction.") message(" FP_METHD=QUICK Fast reduction modulo special form prime (2^t - c, c > 0).") message(" FP_METHD=MONTY Montgomery modular reduction.\n") -message(" Field inversion") +message(" Field inversion:") message(" FP_METHD=BASIC Inversion by Fermat's Little Theorem.") message(" FP_METHD=BINAR Binary Inversion algorithm.") message(" FP_METHD=MONTY Montgomery inversion.") @@ -38,7 +38,14 @@ message(" FP_METHD=EXGCD Inversion by the Extended Euclidean algorithm." message(" FP_METHD=DIVST Constant-time inversion by division steps.") message(" FP_METHD=LOWER Pass inversion to the lower level.\n") -message(" Field exponentiation") +message(" Legendre symbol:") +message(" FP_METHD=BASIC Computation by Fermat's Little Theorem.") +message(" FP_METHD=BINAR Binary algorithm.") +message(" FP_METHD=DIVST Constant-time method by division steps.") +message(" FP_METHD=JMPDS Constant-time method by jump division steps.") +message(" FP_METHD=LOWER Pass call to the lower level.\n") + +message(" Field exponentiation:") message(" FP_METHD=BASIC Binary exponentiation.") message(" FP_METHD=SLIDE Sliding window exponentiation.") message(" FP_METHD=MONTY Constant-time Montgomery powering ladder.\n") @@ -65,17 +72,18 @@ option(FP_QNRES "Use -1 as quadratic non-residue." off) # Choose the arithmetic methods. if (NOT FP_METHD) - set(FP_METHD "INTEG;INTEG;INTEG;MONTY;MONTY;SLIDE") + set(FP_METHD "INTEG;INTEG;INTEG;MONTY;MONTY;JMPDS;SLIDE") endif(NOT FP_METHD) list(LENGTH FP_METHD FP_LEN) -if (FP_LEN LESS 6) +if (FP_LEN LESS 7) message(FATAL_ERROR "Incomplete FP_METHD specification: ${FP_METHD}") -endif(FP_LEN LESS 6) +endif(FP_LEN LESS 7) list(GET FP_METHD 0 FP_ADD) list(GET FP_METHD 1 FP_MUL) list(GET FP_METHD 2 FP_SQR) list(GET FP_METHD 3 FP_RDC) list(GET FP_METHD 4 FP_INV) -list(GET FP_METHD 5 FP_EXP) +list(GET FP_METHD 5 FP_SMB) +list(GET FP_METHD 6 FP_EXP) set(FP_METHD ${FP_METHD} CACHE STRING "Method for prime field arithmetic.") diff --git a/demo/cert-input/test-bench.c b/demo/cert-input/test-bench.c index a90a0381a..b12bf5c09 100644 --- a/demo/cert-input/test-bench.c +++ b/demo/cert-input/test-bench.c @@ -171,9 +171,9 @@ static int test_mpss(void) { TEST_CASE("multi-party pointcheval-sanders simple signature is correct") { pc_map_tri(t); - mt_gen(tri[0], n); - mt_gen(tri[1], n); - mt_gen(tri[2], n); + mpc_mt_gen(tri[0], n); + mpc_mt_gen(tri[1], n); + mpc_mt_gen(tri[2], n); TEST_ASSERT(cp_mpss_gen(u, v, h, x, y) == RLC_OK, end); TEST_ASSERT(cp_mpss_bct(x, y) == RLC_OK, end); /* Compute signature in MPC. */ @@ -193,9 +193,9 @@ static int test_mpss(void) { TEST_CASE("multi-party pointcheval-sanders block signature is correct") { g1_get_ord(n); pc_map_tri(t); - mt_gen(tri[0], n); - mt_gen(tri[1], n); - mt_gen(tri[2], n); + mpc_mt_gen(tri[0], n); + mpc_mt_gen(tri[1], n); + mpc_mt_gen(tri[2], n); TEST_ASSERT(cp_mpsb_gen(u, _v, h, x, _y, MSGS) == RLC_OK, end); TEST_ASSERT(cp_mpsb_bct(x, _y, MSGS) == RLC_OK, end); /* Compute signature in MPC. */ @@ -364,9 +364,9 @@ static void bench_mpss(void) { } pc_map_tri(t); - mt_gen(tri[0], n); - mt_gen(tri[1], n); - mt_gen(tri[2], n); + mpc_mt_gen(tri[0], n); + mpc_mt_gen(tri[1], n); + mpc_mt_gen(tri[2], n); bn_rand_mod(m[0], n); bn_rand_mod(m[1], n); @@ -393,9 +393,9 @@ static void bench_mpss(void) { g1_get_ord(n); pc_map_tri(t); - mt_gen(tri[0], n); - mt_gen(tri[1], n); - mt_gen(tri[2], n); + mpc_mt_gen(tri[0], n); + mpc_mt_gen(tri[1], n); + mpc_mt_gen(tri[2], n); BENCH_RUN("cp_mpsb_gen") { BENCH_ADD(cp_mpsb_gen(u, _v, h, x, _y, MSGS)); diff --git a/demo/ers-etrs/Makefile b/demo/ers-etrs/Makefile index 7d02f50aa..5f625d7de 100644 --- a/demo/ers-etrs/Makefile +++ b/demo/ers-etrs/Makefile @@ -7,7 +7,7 @@ all: lib lib: mkdir -p target - cd target; ${RELIC_ROOT}/../preset/x64-ecc-128.sh ${RELIC_ROOT}/../; cmake -DEP_METHD='JACOB;LWNAF;COMBS;INTER' -DBN_METHD=' COMBA;COMBA;MONTY;SLIDE;LEHME;BASIC' .; make + cd target; ${RELIC_ROOT}/../preset/x64-ecc-128.sh ${RELIC_ROOT}/../; cmake -DEP_METHD='JACOB;LWNAF;COMBS;INTER' -DEP_ENDOM=off -DBN_METHD=' COMBA;COMBA;MONTY;SLIDE;LEHME;BASIC' -DWITH="MD;BC;DV;BN;FP;EP;ED;EC;CP" .; make clean: rm -rf target *.o test-bench diff --git a/demo/ers-etrs/test-bench.c b/demo/ers-etrs/test-bench.c index 22ea4c461..796e62b70 100644 --- a/demo/ers-etrs/test-bench.c +++ b/demo/ers-etrs/test-bench.c @@ -117,6 +117,93 @@ static void ers(void) { } } +static void smlers(void) { + int size; + ec_t pp, pk[MAX_KEYS], *ptr; + bn_t sk[MAX_KEYS], td[MAX_KEYS], y[MAX_KEYS]; + smlers_t ring[MAX_KEYS]; + uint8_t m[5] = { 0, 1, 2, 3, 4 }; + + ec_null(pp); + ec_new(pp); + for (int i = 0; i < MAX_KEYS; i++) { + bn_null(y[i]); + bn_new(y[i]); + bn_null(td[i]); + bn_new(td[i]); + bn_null(sk[i]); + bn_new(sk[i]); + ec_null(pk[i]); + ec_new(pk[i]); + smlers_null(ring[i]); + smlers_new(ring[i]); + cp_ers_gen_key(sk[i], pk[i]); + } + + cp_ers_gen(pp); + + for (int l = 1; l <= 8; l = l << 1) { + util_print("{"); + for (int j = l; j <= MAX_KEYS; j = j << 1) { + bench_reset(); + bench_before(); + size = 1; + for (int k = 0; k < l; k++) { + cp_smlers_sig(td[0], ring[0], m, 5, sk[0], pk[0], pp); + } + for (int k = l; k < j; k++) { + cp_smlers_ext(td[0], ring, &size, m, 5, pk[size], pp); + } + bench_after(); + bench_compute(1); + util_print("\"%d\": {\"time\": %lf, \"size\": null}", j, bench_total()/(double)1000000); + if (j < MAX_KEYS) { + util_print(", "); + } + for (int k = 0; k < l; k++) { + assert(cp_smlers_ver(td[0], ring, size, m, 5, pp)); + } + } + util_print("}\n\n"); + } + + for (int l = 1; l <= 8; l = l << 1) { + util_print("{"); + for (int j = l; j <= MAX_KEYS; j = j << 1) { + size = 1; + for (int k = 0; k < l; k++) { + cp_smlers_sig(td[0], ring[0], m, 5, sk[0], pk[0], pp); + } + for (int k = l; k < l; k++) { + cp_smlers_ext(td[0], ring, &size, m, 5, pk[size], pp); + } + bench_reset(); + bench_before(); + for (int i = 0; i < BENCH; i++) { + for (int k = 0; k < j; k++) { + cp_smlers_ver(td[0], ring, size, m, 5, pp); + } + } + bench_after(); + bench_compute(BENCH); + util_print("\"%d\": {\"time\": %lf, \"size\": null}", j, bench_total()/(double)1000000); + if (j < MAX_KEYS) { + util_print(", "); + } + } + util_print("}\n\n"); + } + + ec_free(pp); + for (int i = 0; i < MAX_KEYS; i++) { + bn_free(td[i]); + bn_free(y[i]); + bn_free(sk[i]); + ec_free(pk[i]); + smlers_free(ring[i]); + } +} + #undef MAX_KEYS #define MAX_KEYS 2048 #define MIN_KEYS 64 @@ -141,13 +228,21 @@ static void etrs(void) { ec_new(pk[i]); ers_null(ring[i]); ers_new(ring[i]); - cp_etrs_gen_key(sk[i], pk[i]); + cp_ers_gen_key(sk[i], pk[i]); } cp_ers_gen(pp); util_print("{"); - for (int j = 1; j <= MAX_KEYS; j = j << 1) { + bench_reset(); + for (int i = 0; i < BENCH; i++) { + BENCH_ADD(cp_etrs_sig(td, y, 1, ring[0], m, 5, sk[0], pk[0], pp)); + } + bench_compute(BENCH * BENCH); + util_print("\"1\": {\"time\": %lf, \"size\": null}", bench_total()/(double)1000000); + assert(cp_etrs_ver(1, td, y, 1, ring, 1, m, 5, pp)); + + for (int j = 2; j <= MAX_KEYS; j = j << 1) { bench_reset(); bench_before(); for (int i = 0; i < BENCH; i++) { @@ -155,12 +250,13 @@ static void etrs(void) { } bench_after(); bench_compute(BENCH); - util_print("\"%d\": {\"time\": %lf, \"size\": null}, ", j, bench_total()/(double)1000000); + util_print(", \"%d\": {\"time\": %lf, \"size\": null}", j, bench_total()/(double)1000000); assert(cp_etrs_ver(1, td, y, j, ring, 1, m, 5, pp)); } util_print("}\n\n"); for (int l = 2; l <= 8; l = l << 1) { + util_print("{"); for (int j = l; j <= MAX_KEYS; j = j << 1) { bench_reset(); bench_before(); @@ -171,13 +267,17 @@ static void etrs(void) { } bench_after(); bench_compute(1); - util_print("\"%d\": {\"time\": %lf, \"size\": null}, ", j, bench_total()/(double)1000000); + util_print("\"%d\": {\"time\": %lf, \"size\": null}", j, bench_total()/(double)1000000); + if (j < MAX_KEYS) { + util_print(", "); + } assert(cp_etrs_ver(1, td+size-1, y+size-1, j-size+1, ring, size, m, 5, pp)); } util_print("}\n\n"); } for (int l = 1; l <= 8; l = l << 1) { + util_print("{"); for (int j = l; j <= MAX_KEYS; j = j << 1) { size = 1; cp_etrs_sig(td, y, j, ring[0], m, 5, sk[0], pk[0], pp); @@ -191,7 +291,10 @@ static void etrs(void) { } bench_after(); bench_compute(BENCH); - util_print(", \"%d\": {\"time\": %lf, \"size\": null}", j, bench_total()/(double)1000000); + util_print("\"%d\": {\"time\": %lf, \"size\": null}", j, bench_total()/(double)1000000); + if (j < MAX_KEYS) { + util_print(", "); + } } util_print("}\n\n"); } @@ -215,8 +318,12 @@ int main(void) { conf_print(); if (ec_param_set_any() == RLC_OK) { - etrs(); + util_banner("ERS module", 1); ers(); + util_banner("SMLERS module", 1); + smlers(); + util_banner("ETRS module", 1); + etrs(); } else { RLC_THROW(ERR_NO_CURVE); } diff --git a/demo/link-test/Makefile b/demo/link-test/Makefile index da9ef8a41..e361b52fa 100644 --- a/demo/link-test/Makefile +++ b/demo/link-test/Makefile @@ -1,9 +1,9 @@ RELIC_ROOT = ../../.. all: type1 type3 - gcc -c test1.c -o test1.o -I /usr/local/include/relic_type1 - gcc -c test2.c -o test2.o -I /usr/local/include/relic_type3 - gcc -o test test.c test1.o test2.o /usr/local/lib/librelic_s_*.a -lgmp + gcc -ggdb -c test1.c -o test1.o -I /usr/local/include/relic_type1 + gcc -ggdb -c test2.c -o test2.o -I /usr/local/include/relic_type3 + gcc -ggdb -o test test.c test1.o test2.o /usr/local/lib/librelic_s_*.a -lgmp type1: mkdir -p target-type1 diff --git a/demo/psi-client-server/Makefile b/demo/psi-client-server/Makefile new file mode 100644 index 000000000..1b3fc7f1a --- /dev/null +++ b/demo/psi-client-server/Makefile @@ -0,0 +1,15 @@ +CFLAGS=-O3 -march=native -mtune=native -ggdb -I ${RELIC_ROOT}/include -I target/include +LIBS=target/lib/librelic_s.a -lgmp +RELIC_ROOT = ../.. + +all: lib + gcc ${CFLAGS} -o test-bench test-bench.c ${LIBS} + gcc ${CFLAGS} sender.c -o sender ${LIBS} + gcc ${CFLAGS} receiver.c -o receiver ${LIBS} + +lib: + mkdir -p target + cd target; ${RELIC_ROOT}/../preset/x64-pbc-bls12-381.sh ${RELIC_ROOT}/../; cmake -DTIMER=HREAL -DBN_PRECI=3072 -DBENCH=1 -DMULTI=PTHREAD -DEP_METHD='JACOB;LWNAF;COMBS;INTER' .; make + +clean: + rm -rf target *.o test-bench receiver sender diff --git a/demo/psi-client-server/params.h b/demo/psi-client-server/params.h new file mode 100644 index 000000000..61320dd27 --- /dev/null +++ b/demo/psi-client-server/params.h @@ -0,0 +1,4 @@ +#define M (1 << 8) +#define N (1 << 8) + +#define SK "258B8F5E39671B337C1E3B87559B579D3F878E5293DF2B01DE1B9E10CA9EC9D0" diff --git a/demo/psi-client-server/receiver.c b/demo/psi-client-server/receiver.c new file mode 100644 index 000000000..e24eab5c7 --- /dev/null +++ b/demo/psi-client-server/receiver.c @@ -0,0 +1,223 @@ +#include +#include +#include +#include +#include +#include +#include // for open +#include // for close +#include + +#include "relic.h" +#include "params.h" + +pthread_mutex_t lock = PTHREAD_MUTEX_INITIALIZER; + +static int cp_pbpsi_inth(bn_t z[], int *len, g2_t d[], bn_t x[], int m, + uint8_t *t, g1_t u[], int n) { + int j, k, result = RLC_OK; + gt_t e; + uint8_t h[RLC_MD_LEN], buffer[12 * RLC_PC_BYTES]; + + gt_null(e); + + RLC_TRY { + gt_new(e); + + *len = 0; + if (m > 0) { + for (k = 0; k < m; k++) { + for (j = 0; j < n; j++) { + pc_map(e, u[j], d[k + 1]); + gt_write_bin(buffer, 12 * RLC_PC_BYTES, e, 0); + md_map(h, buffer, sizeof(buffer)); + if (memcmp(h, t + j * RLC_MD_LEN, RLC_MD_LEN) == RLC_EQ && + !gt_is_unity(e)) { + bn_copy(z[*len], x[k]); + (*len)++; + } + } + } + } + } + RLC_CATCH_ANY { + result = RLC_ERR; + } + RLC_FINALLY { + gt_free(e); + } + return result; +} + +bn_t sk; +g1_t ss; +g2_t *s; + +void *socketThread(void *arg) { + uint8_t buffer[4 * RLC_PC_BYTES + 1]; + + if (core_init() != RLC_OK) { + goto end; + } + + if (pc_param_set_any() != RLC_OK) { + goto end; + } + + bn_t q, r, *x = (bn_t *)RLC_ALLOCA(bn_t, M); + g1_t *u = (g1_t *) RLC_ALLOCA(g1_t, N); + g2_t *d = (g2_t *) RLC_ALLOCA(g2_t, (M + 1)); + uint8_t *t = (uint8_t *)RLC_ALLOCA(uint8_t, N * RLC_MD_LEN); + int len = 0; + + bn_null(q); + bn_null(r); + + bn_new(q); + bn_new(r); + for (int i = 0; i < N; i++) { + g1_null(u[i]); + g1_new(u[i]); + } + for (int i = 0; i < M; i++) { + bn_null(x[i]); + g2_null(d[i]); + bn_new(x[i]); + g2_new(d[i]); + } + g2_null(d[M]); + g2_new(d[M]); + + int newSocket = *((int *)arg); + + pc_get_ord(q); + bn_set_dig(x[0], 1); + for (int j = 1; j < M; j++) { + bn_rand_mod(x[j], q); + } + + cp_pbpsi_ask(d, r, x, s, M); + + bench_reset(); + bench_before(); + + send(newSocket, "Hello", strlen("Hello"), 0); + + // Send accumulator to the client socket + g2_write_bin(buffer, 4 * RLC_PC_BYTES + 1, d[0], 0); + send(newSocket, buffer, 4 * RLC_PC_BYTES + 1, 0); + + for (int i = 0; i < N; i++) { + recv(newSocket, buffer, RLC_MD_LEN + RLC_PC_BYTES + 1, 0); + memcpy(t + i * RLC_MD_LEN, buffer, RLC_MD_LEN); + g1_read_bin(u[i], buffer + RLC_MD_LEN, RLC_PC_BYTES + 1); + } + + cp_pbpsi_inth(x, &len, d, x, M, t, u, N); + printf("%d\n", len); + + bench_after(); + bench_compute(1); + printf("Receiver: "); + bench_print(); + + end: + close(newSocket); + + bn_free(q); + bn_free(r); + for (int i = 0; i <= M; i++) { + g2_free(d[i]); + } + RLC_FREE(x); + RLC_FREE(u); + RLC_FREE(d); + RLC_FREE(t); + core_clean(); + + pthread_exit(NULL); +} + +int main() { + int serverSocket, newSocket; + struct sockaddr_in serverAddr; + struct sockaddr_storage serverStorage; + socklen_t addr_size; + + core_init(); + + bn_new(sk); + g1_new(ss); + s = (g2_t *) RLC_ALLOCA(g2_t, (M + 1)); + for (int i = 0; i <= M; i++) { + g2_new(s[i]); + } + + pc_param_set_any(); + /* Compute the CRS explicitly. */ + bn_read_str(sk, SK, strlen(SK), 16); + g1_mul_gen(ss, sk); + g2_get_gen(s[0]); + for (int i = 1; i <= M; i++) { + g2_mul(s[i], s[i - 1], sk); + } + + //Create the socket. + serverSocket = socket(PF_INET, SOCK_STREAM, 0); + + // Configure settings of the server address struct + // Address family = Internet + serverAddr.sin_family = AF_INET; + + //Set port number, using htons function to use proper byte order + serverAddr.sin_port = htons(1337); + + //Set IP address to localhost + serverAddr.sin_addr.s_addr = inet_addr("127.0.0.1"); + + //Set all bits of the padding field to 0 + memset(serverAddr.sin_zero, '\0', sizeof serverAddr.sin_zero); + + //Bind the address struct to the socket + bind(serverSocket, (struct sockaddr *)&serverAddr, sizeof(serverAddr)); + + //Listen on the socket, with 40 max connection requests queued + if (listen(serverSocket, 50) == 0) { + printf("Listening\n"); + } else { + printf("Error\n"); + } + + pthread_t tid[60]; + int i = 0; + while (1) { + //Accept call creates a new socket for the incoming connection + addr_size = sizeof serverStorage; + newSocket = + accept(serverSocket, (struct sockaddr *)&serverStorage, + &addr_size); + + //for each client request creates a thread and assign the client request to it to process + //so the main thread can entertain next request + if (pthread_create(&tid[i++], NULL, socketThread, &newSocket) != 0) { + printf("Failed to create thread\n"); + } + + if (i >= 50) { + i = 0; + while (i < 50) { + pthread_join(tid[i++], NULL); + } + i = 0; + } + } + + bn_free(sk); + g1_free(ss); + for (int i = 0; i <= M; i++) { + g2_free(s[i]); + } + RLC_FREE(s); + core_clean(); + return 0; +} diff --git a/demo/psi-client-server/sender.c b/demo/psi-client-server/sender.c new file mode 100644 index 000000000..c4d955c33 --- /dev/null +++ b/demo/psi-client-server/sender.c @@ -0,0 +1,154 @@ +#include +#include +#include +#include +#include +#include +#include // for open +#include // for close +#include + +#include "relic.h" +#include "params.h" + +#define INSTANCES 1 + +void *clientThread(void *arg) { + printf("In thread\n"); + int clientSocket; + struct sockaddr_in serverAddr; + socklen_t addr_size; + + uint8_t buffer[4 * RLC_PC_BYTES + 1]; + uint8_t tmp[12 * RLC_PC_BYTES]; + bn_t q, *y = (bn_t *)RLC_ALLOCA(bn_t, N); + g1_t ss, *u = (g1_t *)RLC_ALLOCA(g1_t, N); + g2_t d, *s = (g2_t *)RLC_ALLOCA(g2_t, (M + 1)); + gt_t *t = (gt_t *) RLC_ALLOCA(gt_t, N); + + // Create the socket. + clientSocket = socket(PF_INET, SOCK_STREAM, 0); + + //Configure settings of the server address + // Address family is Internet + serverAddr.sin_family = AF_INET; + + //Set port number, using htons function + serverAddr.sin_port = htons(1337); + + //Set IP address to localhost + serverAddr.sin_addr.s_addr = inet_addr("127.0.0.1"); + memset(serverAddr.sin_zero, '\0', sizeof serverAddr.sin_zero); + + if (core_init() != RLC_OK) { + goto end; + } + + if (pc_param_set_any() != RLC_OK) { + goto end; + } + + bn_null(q); + bn_new(q); + g1_null(ss); + g1_new(ss); + g2_null(d); + g2_new(d); + for (int i = 0; i < N; i++) { + bn_null(y[i]); + g1_null(u[i]); + gt_null(t[i]); + bn_new(y[i]); + g1_new(u[i]); + gt_new(t[i]); + } + for (int i = 0; i <= M; i++) { + g2_null(s[i]); + g2_new(s[i]); + } + + /* Compute the CRS explicitly. */ + bn_read_str(q, SK, strlen(SK), 16); + g1_mul_gen(ss, q); + g2_get_gen(s[0]); + for (int i = 1; i <= M; i++) { + g2_mul(s[i], s[i - 1], q); + } + + pc_get_ord(q); + bn_set_dig(y[0], 1); + for (int j = 1; j < N; j++) { + bn_rand_mod(y[j], q); + } + + //Connect the socket to the server using the address + addr_size = sizeof serverAddr; + connect(clientSocket, (struct sockaddr *)&serverAddr, addr_size); + + //Read the message from the server into the buffer + if (recv(clientSocket, buffer, strlen("Hello"), 0) < 0) { + printf("Receive failed\n"); + } + + bench_reset(); + bench_before(); + + //Read the message from the server into the buffer + if (recv(clientSocket, buffer, 4 * RLC_PC_BYTES + 1, 0) < 0) { + printf("Receive failed\n"); + } + g2_read_bin(d, buffer, 4 * RLC_PC_BYTES + 1); + + cp_pbpsi_ans(t, u, ss, d, y, N); + + for (int i = 0; i < N; i++) { + gt_write_bin(tmp, 12 * RLC_PC_BYTES, t[i], 0); + md_map(buffer, tmp, 12 * RLC_PC_BYTES); + g1_write_bin(buffer + RLC_MD_LEN, RLC_PC_BYTES + 1, u[i], 1); + if (send(clientSocket, buffer, RLC_MD_LEN + RLC_PC_BYTES + 1, 0) < 0) { + printf("Send failed\n"); + } + } + + bench_after(); + bench_compute(1); + printf("Sender: "); + bench_print(); + + end: + close(clientSocket); + + bn_free(q); + g1_free(ss); + for (int i = 0; i < N; i++) { + bn_free(y[i]); + g1_free(u[i]); + gt_free(t[i]); + } + for (int i = 0; i <= M; i++) { + g2_free(s[i]); + } + core_clean(); + RLC_FREE(y); + RLC_FREE(u); + RLC_FREE(s); + RLC_FREE(t); + + pthread_exit(NULL); +} + +int main() { + pthread_t tid[INSTANCES + 1]; + + for (int i = 0; i < INSTANCES; i++) { + if (pthread_create(&tid[i], NULL, clientThread, NULL) != 0) { + printf("Failed to create thread\n"); + } + } + + for (int i = 0; i < INSTANCES; i++) { + pthread_join(tid[i], NULL); + } + + return 0; +} diff --git a/demo/psi-client-server/test-bench.c b/demo/psi-client-server/test-bench.c new file mode 100644 index 000000000..bcb906334 --- /dev/null +++ b/demo/psi-client-server/test-bench.c @@ -0,0 +1,208 @@ +#include +#include + +#include "relic.h" +#include "relic_test.h" + +#define M 5 /* Number of server messages (larger). */ +#define N 2 /* Number of client messages. */ + +static int test(void) { + int len, result, code = RLC_ERR; + bn_t g, n, q, r, p[M], x[M], v[N], w[N], y[N], z[M]; + g1_t u[M], ss; + g2_t d[M + 1], s[M + 1]; + gt_t t[M]; + crt_t crt; + + bn_null(n); + bn_null(q); + g1_null(ss); + crt_null(crt); + + RLC_TRY { + bn_new(n); + bn_new(q); + g1_new(ss); + for (int i = 0; i < M; i++) { + bn_null(p[i]); + bn_null(x[i]); + bn_null(z[i]); + g2_null(d[i]); + g2_null(s[i]); + bn_new(p[i]); + bn_new(x[i]); + bn_new(z[i]); + g2_new(d[i]); + g2_new(s[i]); + } + g2_null(d[M]); + g2_new(d[M]); + g2_null(s[M]); + g2_new(s[M]); + for (int i = 0; i < N; i++) { + bn_null(v[i]); + bn_null(w[i]); + bn_null(y[i]); + g1_null(u[i]); + gt_null(t[i]); + bn_new(v[i]); + bn_new(w[i]); + bn_new(y[i]); + g1_new(u[i]); + gt_new(t[i]); + } + + TEST_CASE("pairing-based laconic private set intersection is correct") { + pc_get_ord(q); + for (int j = 0; j < M; j++) { + bn_rand_mod(x[j], q); + } + for (int j = 0; j < N; j++) { + bn_rand_mod(y[j], q); + } + TEST_ASSERT(cp_pbpsi_gen(q, ss, s, M) == RLC_OK, end); + TEST_ASSERT(cp_pbpsi_ask(d, r, x, s, M) == RLC_OK, end); + for (int k = 0; k <= N; k++) { + for (int j = 0; j < k; j++) { + bn_copy(y[j], x[j]); + } + TEST_ASSERT(cp_pbpsi_ans(t, u, ss, d[0], y, N) == RLC_OK, end); + TEST_ASSERT(cp_pbpsi_int(z, &len, d, x, M, t, u, N) == RLC_OK, end); + TEST_ASSERT(len == k, end); + } + } TEST_END; + } + RLC_CATCH_ANY { + RLC_ERROR(end); + } + code = RLC_OK; + end: + bn_free(n); + bn_free(q); + g1_free(ss); + for (int i = 0; i < M; i++) { + bn_free(p[i]); + bn_free(x[i]); + bn_free(z[i]); + g2_free(d[i]); + g2_free(s[i]); + } + g2_free(d[M]); + g2_free(s[M]); + for (int i = 0; i < N; i++) { + bn_free(v[i]); + bn_free(w[i]); + bn_free(y[i]); + g1_free(u[i]); + gt_free(t[i]); + } + crt_free(crt); + return code; +} + +#undef M +#undef N +#include "params.h" + +static void bench(void) { + bn_t g, n, q, r, p[M], x[M], v[N], w[N], y[N], z[M]; + g1_t u[N], ss; + g2_t d[M + 1], s[M + 1]; + gt_t t[N]; + crt_t crt; + int len; + + bn_null(n); + bn_null(q); + g1_null(ss); + crt_null(crt); + + bn_new(n); + bn_new(q); + g1_new(ss); + for (int i = 0; i < M; i++) { + bn_null(p[i]); + bn_null(x[i]); + bn_null(z[i]); + g2_null(d[i]); + g2_null(s[i]); + bn_new(p[i]); + bn_new(x[i]); + bn_new(z[i]); + g2_new(d[i]); + g2_new(s[i]); + } + g2_null(d[M]); + g2_new(d[M]); + g2_null(s[M]); + g2_new(s[M]); + for (int i = 0; i < N; i++) { + bn_null(v[i]); + bn_null(w[i]); + bn_null(y[i]); + g1_null(u[i]); + gt_null(t[i]); + bn_new(v[i]); + bn_new(w[i]); + bn_new(y[i]); + g1_new(u[i]); + gt_new(t[i]); + } + crt_new(crt); + + pc_get_ord(q); + for (int j = 0; j < M; j++) { + bn_rand_mod(x[j], q); + } + for (int j = 0; j < N; j++) { + bn_rand_mod(y[j], q); + } + + BENCH_RUN("cp_pbpsi_gen") { + BENCH_ADD(cp_pbpsi_gen(q, ss, s, M)); + } BENCH_END; + + BENCH_RUN("cp_pbpsi_ask") { + BENCH_ADD(cp_pbpsi_ask(d, r, x, s, M)); + } BENCH_END; + + BENCH_RUN("cp_pbpsi_ans") { + BENCH_ADD(cp_pbpsi_ans(t, u, ss, d[0], y, N)); + } BENCH_END; + + BENCH_RUN("cp_pbpsi_int") { + BENCH_ADD(cp_pbpsi_int(z, &len, d, x, M, t, u, N)); + } BENCH_END; + + bn_free(q); + bn_free(r); + g1_free(ss); + for (int i = 0; i < M; i++) { + bn_free(x[i]); + bn_free(z[i]); + g2_free(d[i]); + g2_free(s[i]); + } + g2_free(d[M]); + g2_free(s[M]); + for (int i = 0; i < N; i++) { + bn_free(y[i]); + g1_free(u[i]); + gt_free(t[i]); + } +} + +int main(int argc, char *argv[]) { + int m, n; + core_init(); + if (pc_param_set_any() == RLC_OK) { + if (test() != RLC_OK) { + core_clean(); + return 1; + } + + bench(); + } + core_clean(); +} diff --git a/demo/public-stats/Makefile b/demo/public-stats/Makefile index 81a4b72d5..f52bd9ab9 100644 --- a/demo/public-stats/Makefile +++ b/demo/public-stats/Makefile @@ -4,17 +4,17 @@ RELIC_ROOT = ../.. all: lib data.csv gcc ${CFLAGS} -c main.c -o main.o -I ${RELIC_ROOT}/include -I target/include gcc ${CFLAGS} -c csv.c -o csv.o -I ${RELIC_ROOT}/include -I target/include - gcc ${CFLAGS} -o main csv.o main.o target/lib/librelic_s.a -lgmp + gcc ${CFLAGS} -o main csv.o main.o target/lib/librelic_s.a -lgmp -lm lib: mkdir -p target cd target; ${RELIC_ROOT}/../preset/x64-pbc-bls12-381.sh ${RELIC_ROOT}/../; cmake -DEP_METHD='JACOB;LWNAF;COMBS;INTER' .; make -data.csv: +data.csv: wget -c https://raw.githubusercontent.com/TheEconomist/covid-19-excess-deaths-tracker/master/source-data/spain/archive/spain_total_source_2020_04_13.csv mv spain_total_source_2020_04_13.csv data_04_13.csv - wget -c https://momo.isciii.es/public/momo/data - mv data data.csv + wget -c https://raw.githubusercontent.com/TheEconomist/covid-19-excess-deaths-tracker/master/source-data/spain/spain_total_source_latest.csv + mv spain_total_source_latest.csv data.csv clean: rm -rf target *.o main diff --git a/demo/public-stats/main.c b/demo/public-stats/main.c index ae75fa1d7..799e25570 100644 --- a/demo/public-stats/main.c +++ b/demo/public-stats/main.c @@ -35,6 +35,7 @@ #include "relic.h" #include "csv.h" +#include #include #include #include @@ -43,33 +44,33 @@ #define STATES 19 #define GROUPS 3 -#define DAYS 90 +#define DAYS 180 #define FACTOR (1000000) #define FIXED ((uint64_t)100000) #define DATABASE "COVID19-Spain" #define BEG_2018 "27/03/2018" -#define END_2018 "25/06/2018" +#define END_2018 "23/09/2018" #define BEG_2019 "27/03/2019" -#define END_2019 "25/06/2019" +#define END_2019 "23/09/2019" #define BEG_2020 "2020-03-27" -#define END_2020 "2020-06-25" +#define END_2020 "2020-09-23" /* First value is population in each of the autonomous communities in 2020. */ -uint64_t populations[STATES] = { +const uint64_t populations[STATES] = { 8405294, 1316064, 1024381, 1176627, 2188626, 580997, 2410819, 2030807, 7516544, 4948411, 1067272, 2699299, 6587711, 1479098, 646197, 2172591, 312719, 84913, 84667 }; /* Total population per age group in 2019. */ -uint64_t pyramid[GROUPS] = { 37643844, 4482743, 4566276 }; +const uint64_t pyramid[GROUPS] = { 37643844, 4482743, 4566276 }; -char *acronyms[STATES] = { +const char *acronyms[STATES] = { "AN", "AR", "AS", "IB", "CN", "CB", "CL", "CM", "CT", "VC", "EX", "GA", "MD", "MC", "NC", "PV", "RI", "CE", "ML" }; -char *acs[STATES] = { +const char *acs[STATES] = { "Andalusia", "Aragón", "Asturias", "Balearics", "Canary Islands", "Cantabria", "Castile & León", "Castile-La Mancha", "Catalonia", "Valencia", "Extremadura", "Galicia", "Madrid", "Murcia", @@ -77,7 +78,7 @@ char *acs[STATES] = { }; /* Population pyramids for autonomous communities, taken from countryeconomy.com */ -double pyramids[STATES][GROUPS] = { +const double pyramids[STATES][GROUPS] = { {15.86 + 66.98, 9.06, 17.16 - 9.06}, {14.12 + 64.23, 10.26, 21.65 - 10.26}, {10.97 + 63.37, 12.82, 25.66 - 12.82}, @@ -110,8 +111,8 @@ void read_region(g1_t s[], char *l[], bn_t m[], int *counter, char str[3]; char label[100] = { 0 }; dig_t n; + uint64_t acc[3] = { 0 }; - found = 0; sprintf(str, "%d", region); while (fgets(line, 1024, stream)) { if (strstr(line, start) != NULL) { @@ -123,10 +124,9 @@ void read_region(g1_t s[], char *l[], bn_t m[], int *counter, char **tmp = parse_csv(line); char **ptr = tmp; - if (found && !strcmp(ptr[2], str) && !strcmp(ptr[5], "todos") && - strcmp(ptr[7], "todos")) { - n = atoi(ptr[9]); - //printf("%s\n", line); + if (found && !strcmp(ptr[0], "ccaa") && !strcmp(ptr[2], str) && + !strcmp(ptr[5], "todos") && strcmp(ptr[7], "todos")) { + n = round(atof(ptr[9])); if (strcmp(ptr[6], "menos_65") == 0) { //printf("< 65 = %s\n", ptr[9]); metric[0] += n; @@ -164,7 +164,7 @@ int main(int argc, char *argv[]) { g2_t pk[STATES]; char *l[STATES][3 * GROUPS * DAYS]; dig_t *f[STATES]; - int flen[STATES]; + size_t flen[STATES]; int counter; uint64_t total; uint64_t excess; @@ -236,8 +236,8 @@ int main(int argc, char *argv[]) { printf("%s -- %s:\n", acronyms[i], acs[i]); for (int j = 0; j < GROUPS; j++) { - //expected[j] = (FIXED * ratios[i][j]/(2*pyramid[j])) * baseline[j]; - expected[j] = mortality[j] * ratios[i][j] / (FIXED * FACTOR); + expected[j] = (FIXED * ratios[i][j]/(2*pyramid[j])) * baseline[j]; + //expected[j] = mortality[j] * ratios[i][j] / (FIXED * FACTOR); } printf("\texpected : %lu %lu %lu\n", expected[0], expected[1], @@ -246,7 +246,7 @@ int main(int argc, char *argv[]) { observed[i][2]); printf("\ttotal expected: %lu\n", - (expected[0] + expected[1] + expected[2]) / FIXED); + expected[0] + expected[1] + expected[2]); printf("\ttotal observed: %lu\n", observed[i][0] + observed[i][1] + observed[i][2]); @@ -262,7 +262,7 @@ int main(int argc, char *argv[]) { pyramid[1] / FACTOR, pyramid[2] / FACTOR); printf("Mortality: %6lu %6lu %6lu\n", mortality[0] / FIXED, mortality[1] / FIXED, mortality[2] / FIXED); - printf("Total Expected: %6lu\n", total); + printf("Total Expected: %6lu\n", total / FIXED); printf("Total Observed: %6lu\n", excess); util_banner("Authenticated computation:", 1); @@ -288,8 +288,8 @@ int main(int argc, char *argv[]) { g1_add(sig, sig, u); } g1_norm(sig, sig); - assert(cp_mklhs_ver(sig, res, t, DATABASE, acs, l[0], f, flen, - pk, STATES)); + assert(cp_mklhs_ver(sig, res, t, DATABASE, acs, (const char **)l[0], + (const dig_t **)f, (const size_t *)flen, pk, STATES)); printf("Total Expected: %6lu\n", res->dp[0] / FIXED); @@ -313,14 +313,17 @@ int main(int argc, char *argv[]) { printf("Total Observed: %6lu\n", res->dp[0]); assert(cp_mklhs_ver(sig, res, t, DATABASE, acs, - &l[0][2 * GROUPS * DAYS], f, flen, pk, STATES)); + (const char **)&l[0][2 * GROUPS * DAYS], (const dig_t **)f, + (const size_t *)flen, pk, STATES)); BENCH_ONE("Time elapsed", cp_mklhs_ver(sig, res, t, DATABASE, acs, - &l[0][2 * GROUPS * DAYS], f, flen, pk, STATES)); + (const char **)&l[0][2 * GROUPS * DAYS], (const dig_t **)f, + (const size_t *)flen, pk, STATES), 1); - cp_mklhs_off(cs, ft, acs, &l[0][2 * GROUPS * DAYS], f, flen, STATES); + cp_mklhs_off(cs, ft, acs, (const char **)&l[0][2 * GROUPS * DAYS], + (const dig_t **)f, (const size_t *)flen, STATES); assert(cp_mklhs_onv(sig, res, t, DATABASE, acs, cs, ft, pk, STATES)); BENCH_ONE("Time with precomputation", cp_mklhs_onv(sig, res, t, - DATABASE, acs, cs, ft, pk, STATES)); + DATABASE, acs, cs, ft, pk, STATES), 1); } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); diff --git a/include/low/relic_bn_low.h b/include/low/relic_bn_low.h index d8b4226e7..7c1747c0d 100644 --- a/include/low/relic_bn_low.h +++ b/include/low/relic_bn_low.h @@ -172,6 +172,18 @@ dig_t bn_rsh1_low(dig_t *c, const dig_t *a, int size); */ dig_t bn_rshb_low(dig_t *c, const dig_t *a, int size, int bits); +/** + * Shifts a signed digit vector to the right by an amount smaller than a digit. + * Computes c = a >> bits. + * + * @param[out] c - the result + * @param[in] a - the signed digit vector to shift. + * @param[in] size - the number of digits to shift. + * @param[in] bits - the shift amount. + * @return the carry of the last digit shift. + */ +dig_t bn_rshs_low(dig_t *c, const dig_t *a, int size, int bits); + /** * Multiplies a digit vector by a digit and adds this result to another digit * vector. Computes c = c + a * digit. @@ -196,6 +208,19 @@ dig_t bn_mula_low(dig_t *c, const dig_t *a, dig_t digit, int size); */ dig_t bn_mul1_low(dig_t *c, const dig_t *a, dig_t digit, int size); +/** + * Multiplies a signed digit vector by a signed digit and stores this result in + * another digit vector. Computes c = (-1)^sa * a * digit. + * + * @param[out] c - the result. + * @param[in] a - the first digit vector to multiply. + * @param[in] sa - the sign of the first digit vector. + * @param[in] digit - the digit to multiply. + * @param[in] size - the number of digits to multiply. + * @return the most significant digit. + */ +dig_t bn_muls_low(dig_t *c, const dig_t *a, dig_t sa, dis_t digit, int size); + /** * Multiplies two digit vectors of the same size. Computes c = a * b. * diff --git a/include/low/relic_fp_low.h b/include/low/relic_fp_low.h index cad9bb766..f31f305f0 100644 --- a/include/low/relic_fp_low.h +++ b/include/low/relic_fp_low.h @@ -321,6 +321,14 @@ void fp_rdcn_low(dig_t *c, dig_t *a); */ void fp_invm_low(dig_t *c, const dig_t *a); +/** + * Computes the Legendre symbol of a digit vector and the configured prime. + * + * @param[in] a - the digit vector to invert. + * @return the result. + */ +int fp_smbm_low(const dig_t *a); + #endif /* ASM */ #endif /* !RLC_FP_LOW_H */ diff --git a/include/low/relic_fpx_low.h b/include/low/relic_fpx_low.h index 42cbf7b47..d8bd0fba0 100644 --- a/include/low/relic_fpx_low.h +++ b/include/low/relic_fpx_low.h @@ -46,7 +46,7 @@ * @param[in] a - the first field element to add. * @param[in] b - the second field element to add. */ -void fp2_addn_low(fp2_t c, fp2_t a, fp2_t b); +void fp2_addn_low(fp2_t c, const fp2_t a, const fp2_t b); /** * Adds two quadratic extension field elements of the same size with integrated @@ -56,7 +56,7 @@ void fp2_addn_low(fp2_t c, fp2_t a, fp2_t b); * @param[in] a - the first field element to add. * @param[in] b - the second field element to add. */ -void fp2_addm_low(fp2_t c, fp2_t a, fp2_t b); +void fp2_addm_low(fp2_t c, const fp2_t a, const fp2_t b); /** * Adds two double-precision quadratic extension field elements of the same @@ -87,7 +87,7 @@ void fp2_addc_low(dv2_t c, dv2_t a, dv2_t b); * @param[in] a - the first field element. * @param[in] b - the field element to subtract. */ -void fp2_subn_low(fp2_t c, fp2_t a, fp2_t b); +void fp2_subn_low(fp2_t c, const fp2_t a, const fp2_t b); /** * Subtracts a quadratic extension field element from another of the same size @@ -97,7 +97,7 @@ void fp2_subn_low(fp2_t c, fp2_t a, fp2_t b); * @param[in] a - the first field element. * @param[in] b - the field element to subtract. */ -void fp2_subm_low(fp2_t c, fp2_t a, fp2_t b); +void fp2_subm_low(fp2_t c, const fp2_t a, const fp2_t b); /** * Subtracts a double-precision quadratic extension field element from another @@ -126,7 +126,7 @@ void fp2_subc_low(dv2_t c, dv2_t a, dv2_t b); * @param[out] c - the result. * @param[in] a - the first field element to multiply. */ -void fp2_dbln_low(fp2_t c, fp2_t a); +void fp2_dbln_low(fp2_t c, const fp2_t a); /** * Doubles a quadratic extension field element with integrated modular @@ -135,7 +135,7 @@ void fp2_dbln_low(fp2_t c, fp2_t a); * @param[out] c - the result. * @param[in] a - the field element to double. */ -void fp2_dblm_low(fp2_t c, fp2_t a); +void fp2_dblm_low(fp2_t c, const fp2_t a); /** * Multiplies a quadratic extension field element by the quadratic @@ -144,7 +144,7 @@ void fp2_dblm_low(fp2_t c, fp2_t a); * @param[out] c - the result. * @param[in] a - the field element to multiply. */ -void fp2_norm_low(fp2_t c, fp2_t a); +void fp2_norm_low(fp2_t c, const fp2_t a); /** * Multiplies a double-precision quadratic extension field element by the @@ -173,18 +173,7 @@ void fp2_nord_low(dv2_t c, dv2_t a); * @param[in] a - the first field element to multiply. * @param[in] b - the second field element to multiply. */ -void fp2_muln_low(dv2_t c, fp2_t a, fp2_t b); - -/** - * Multiplies two quadratic extension elements of the same size and corrects - * the result by adding (2^(RLC_FP_DIGS * WSIZE) * p)/4. This function should - * be used when the RLC_FP_ROOM optimization is detected. Computes c = a * b. - * - * @param[out] c - the result. - * @param[in] a - the first field element to multiply. - * @param[in] b - the second field element to multiply. - */ -void fp2_mulc_low(dv2_t c, fp2_t a, fp2_t b); +void fp2_muln_low(dv2_t c, const fp2_t a, const fp2_t b); /** * Multiplies two quadratic extension field elements of the same size with @@ -194,7 +183,7 @@ void fp2_mulc_low(dv2_t c, fp2_t a, fp2_t b); * @param[in] a - the first field element to multiply. * @param[in] b - the second field element to multiply. */ -void fp2_mulm_low(fp2_t c, fp2_t a, fp2_t b); +void fp2_mulm_low(fp2_t c, const fp2_t a, const fp2_t b); /** * Squares a quadratic extension element. Computes c = a * a. @@ -202,7 +191,7 @@ void fp2_mulm_low(fp2_t c, fp2_t a, fp2_t b); * @param[out] c - the result. * @param[in] a - the field element to square. */ -void fp2_sqrn_low(dv2_t c, fp2_t a); +void fp2_sqrn_low(dv2_t c, const fp2_t a); /** * Squares a quadratic extension field element with integrated modular @@ -211,7 +200,7 @@ void fp2_sqrn_low(dv2_t c, fp2_t a); * @param[out] c - the result. * @param[in] a - the field element to square. */ -void fp2_sqrm_low(fp2_t c, fp2_t a); +void fp2_sqrm_low(fp2_t c, const fp2_t a); /** * Reduces a quadratic extension element modulo the configured prime p. @@ -230,7 +219,7 @@ void fp2_rdcn_low(fp2_t c, dv2_t a); * @param[in] a - the first field element to add. * @param[in] b - the second field element to add. */ -void fp3_addn_low(fp3_t c, fp3_t a, fp3_t b); +void fp3_addn_low(fp3_t c, const fp3_t a, const fp3_t b); /** * Adds two cubic extension field elements of the same size with integrated @@ -240,7 +229,7 @@ void fp3_addn_low(fp3_t c, fp3_t a, fp3_t b); * @param[in] a - the first field element to add. * @param[in] b - the second field element to add. */ -void fp3_addm_low(fp3_t c, fp3_t a, fp3_t b); +void fp3_addm_low(fp3_t c, const fp3_t a, const fp3_t b); /** * Adds two double-precision cubic extension field elements of the same @@ -271,7 +260,7 @@ void fp3_addc_low(dv3_t c, dv3_t a, dv3_t b); * @param[in] a - the first field element. * @param[in] b - the field element to subtract. */ -void fp3_subn_low(fp3_t c, fp3_t a, fp3_t b); +void fp3_subn_low(fp3_t c, const fp3_t a, const fp3_t b); /** * Subtracts a cubic extension field element from another of the same size @@ -281,7 +270,7 @@ void fp3_subn_low(fp3_t c, fp3_t a, fp3_t b); * @param[in] a - the first field element. * @param[in] b - the field element to subtract. */ -void fp3_subm_low(fp3_t c, fp3_t a, fp3_t b); +void fp3_subm_low(fp3_t c, const fp3_t a, const fp3_t b); /** * Subtracts a double-precision cubic extension field element from another @@ -310,7 +299,7 @@ void fp3_subc_low(dv3_t c, dv3_t a, dv3_t b); * @param[out] c - the result. * @param[in] a - the first field element to multiply. */ -void fp3_dbln_low(fp3_t c, fp3_t a); +void fp3_dbln_low(fp3_t c, const fp3_t a); /** * Doubles a cubic extension field element with integrated modular @@ -319,7 +308,7 @@ void fp3_dbln_low(fp3_t c, fp3_t a); * @param[out] c - the result. * @param[in] a - the field element to double. */ -void fp3_dblm_low(fp3_t c, fp3_t a); +void fp3_dblm_low(fp3_t c, const fp3_t a); /** * Multiplies a double-precision cubic extension field element by the @@ -338,7 +327,7 @@ void fp3_nord_low(dv3_t c, dv3_t a); * @param[in] a - the first field element to multiply. * @param[in] b - the second field element to multiply. */ -void fp3_muln_low(dv3_t c, fp3_t a, fp3_t b); +void fp3_muln_low(dv3_t c, const fp3_t a, const fp3_t b); /** * Multiplies two cubic extension elements of the same size and corrects @@ -349,7 +338,7 @@ void fp3_muln_low(dv3_t c, fp3_t a, fp3_t b); * @param[in] a - the first field element to multiply. * @param[in] b - the second field element to multiply. */ -void fp3_mulc_low(dv3_t c, fp3_t a, fp3_t b); +void fp3_mulc_low(dv3_t c, const fp3_t a, const fp3_t b); /** * Multiplies two cubic extension field elements of the same size with @@ -359,7 +348,7 @@ void fp3_mulc_low(dv3_t c, fp3_t a, fp3_t b); * @param[in] a - the first field element to multiply. * @param[in] b - the second field element to multiply. */ -void fp3_mulm_low(fp3_t c, fp3_t a, fp3_t b); +void fp3_mulm_low(fp3_t c, const fp3_t a, const fp3_t b); /** * Squares a cubic extension element. Computes c = a * a. @@ -367,7 +356,7 @@ void fp3_mulm_low(fp3_t c, fp3_t a, fp3_t b); * @param[out] c - the result. * @param[in] a - the field element to square. */ -void fp3_sqrn_low(dv3_t c, fp3_t a); +void fp3_sqrn_low(dv3_t c, const fp3_t a); /** * Squares a cubic extension field element with integrated modular @@ -376,7 +365,7 @@ void fp3_sqrn_low(dv3_t c, fp3_t a); * @param[out] c - the result. * @param[in] a - the field element to square. */ -void fp3_sqrm_low(fp3_t c, fp3_t a); +void fp3_sqrm_low(fp3_t c, const fp3_t a); /** * Reduces a cubic extension element modulo the configured prime p. diff --git a/include/relic_bc.h b/include/relic_bc.h index 29196eb64..d998e3baa 100644 --- a/include/relic_bc.h +++ b/include/relic_bc.h @@ -64,8 +64,8 @@ * @param[in] key_len - the key size in bytes. * @return RLC_OK if no errors occurred, RLC_ERR otherwise. */ -int bc_aes_cbc_enc(uint8_t *out, int *out_len, uint8_t *in, - int in_len, uint8_t *key, int key_len, uint8_t *iv); +int bc_aes_cbc_enc(uint8_t *out, size_t *out_len, const uint8_t *in, + size_t in_len, const uint8_t *key, size_t key_len, const uint8_t *iv); /** * Decrypts with AES in CBC mode. @@ -78,7 +78,7 @@ int bc_aes_cbc_enc(uint8_t *out, int *out_len, uint8_t *in, * @param[in] key_len - the key size in bytes. * @return RLC_OK if no errors occurred, RLC_ERR otherwise. */ -int bc_aes_cbc_dec(uint8_t *out, int *out_len, uint8_t *in, - int in_len, uint8_t *key, int key_len, uint8_t *iv); +int bc_aes_cbc_dec(uint8_t *out, size_t *out_len, const uint8_t *in, + size_t in_len, const uint8_t *key, size_t key_len, const uint8_t *iv); #endif /* !RLC_BC_H */ diff --git a/include/relic_bench.h b/include/relic_bench.h index 5d5167706..383512ff9 100644 --- a/include/relic_bench.h +++ b/include/relic_bench.h @@ -121,7 +121,7 @@ * @param[in] FUNCTION - the function executed. */ #define BENCH_ADD(FUNCTION) \ - FUNCTION; \ + if (BENCH > 1) FUNCTION; \ bench_before(); \ for (int _b = 0; _b < BENCH; _b++) { \ FUNCTION; \ @@ -157,7 +157,7 @@ typedef struct timeval ben_t; #else /* TIMER == CYCLE || TIMER == PERF */ -typedef unsigned long long ben_t; +typedef ull_t ben_t; #endif diff --git a/include/relic_bn.h b/include/relic_bn.h index 6ab7e4f97..c93fa4c4f 100644 --- a/include/relic_bn.h +++ b/include/relic_bn.h @@ -121,6 +121,30 @@ typedef bn_st *bn_t; #endif #endif +/** + * Represents a pair of moduli for using the Chinese Remainder Theorem (CRT). + */ +typedef struct { + /** The modulus n = pq. */ + bn_t n; + /** The first prime p. */ + bn_t p; + /** The second prime q. */ + bn_t q; + /** The precomputed constant for the first prime. */ + bn_t dp; + /** The precomputed constant for the second prime. */ + bn_t dq; + /** The inverse of q modulo p. */ + bn_t qi; +} crt_st; + +#if ALLOC == AUTO +typedef crt_st crt_t[1]; +#else +typedef crt_st *crt_t; +#endif + /*============================================================================*/ /* Macro definitions */ /*============================================================================*/ @@ -198,6 +222,65 @@ typedef bn_st *bn_t; #endif +/** + * Initializes a CRT moduli set with a null value. + * + * @param[out] A - the moduli to initialize. + */ +#define crt_null(A) RLC_NULL(A) + +/** + * Calls a function to allocate and initialize a Rabin key pair. + * + * @param[out] A - the new key pair. + */ +#if ALLOC == DYNAMIC +#define crt_new(A) \ + A = (crt_t)calloc(1, sizeof(crt_st)); \ + if (A == NULL) { \ + RLC_THROW(ERR_NO_MEMORY); \ + } \ + bn_new((A)->n); \ + bn_new((A)->dp); \ + bn_new((A)->dq); \ + bn_new((A)->p); \ + bn_new((A)->q); \ + bn_new((A)->qi); \ + +#elif ALLOC == AUTO +#define crt_new(A) \ + bn_new((A)->n); \ + bn_new((A)->dp); \ + bn_new((A)->dq); \ + bn_new((A)->p); \ + bn_new((A)->q); \ + bn_new((A)->qi); \ + +#endif + +/** + * Calls a function to clean and free a Rabin key pair. + * + * @param[out] A - the key pair to clean and free. + */ +#if ALLOC == DYNAMIC +#define crt_free(A) \ + if (A != NULL) { \ + bn_free((A)->n); \ + bn_free((A)->dp); \ + bn_free((A)->dq); \ + bn_free((A)->p); \ + bn_free((A)->q); \ + bn_free((A)->qi); \ + free(A); \ + A = NULL; \ + } + +#elif ALLOC == AUTO +#define crt_free(A) /* empty */ + +#endif + /** * Multiples two multiple precision integers. Computes c = a * b. * @@ -324,8 +407,8 @@ typedef bn_st *bn_t; #define bn_gcd(C, A, B) bn_gcd_basic(C, A, B) #elif BN_GCD == LEHME #define bn_gcd(C, A, B) bn_gcd_lehme(C, A, B) -#elif BN_GCD == STEIN -#define bn_gcd(C, A, B) bn_gcd_stein(C, A, B) +#elif BN_GCD == BINAR +#define bn_gcd(C, A, B) bn_gcd_binar(C, A, B) #endif /** @@ -343,8 +426,8 @@ typedef bn_st *bn_t; #define bn_gcd_ext(C, D, E, A, B) bn_gcd_ext_basic(C, D, E, A, B) #elif BN_GCD == LEHME #define bn_gcd_ext(C, D, E, A, B) bn_gcd_ext_lehme(C, D, E, A, B) -#elif BN_GCD == STEIN -#define bn_gcd_ext(C, D, E, A, B) bn_gcd_ext_stein(C, D, E, A, B) +#elif BN_GCD == BINAR +#define bn_gcd_ext(C, D, E, A, B) bn_gcd_ext_binar(C, D, E, A, B) #endif /** @@ -534,7 +617,7 @@ void bn_rand(bn_t a, int sign, int bits); * @param[out] a - the multiple precision integer to assign. * @param[in] b - the modulus. */ -void bn_rand_mod(bn_t a, bn_t b); +void bn_rand_mod(bn_t a, const bn_t b); /** * Prints a multiple precision integer to standard output. @@ -857,6 +940,17 @@ void bn_div_rem_dig(bn_t c, dig_t *d, const bn_t a, const dig_t b); */ void bn_mod_inv(bn_t c, const bn_t a, const bn_t b); +/** + * Computes the modular inverse of multiple precision integers simultaneously. + * Computes c_i such that a_i * c_i mod b = 1. + * + * @param[out] c - the results. + * @param[in] a - the elements to invert. + * param[in] b - the modulus. + * @param[in] n - the number of elements. + */ +void bn_mod_inv_sim(bn_t *c, const bn_t *a, const bn_t b, int n); + /** * Reduces a multiple precision integer modulo a power of 2. Computes * c = a mod 2^b. @@ -1019,6 +1113,20 @@ void bn_mxp_monty(bn_t c, const bn_t a, const bn_t b, const bn_t m); */ void bn_mxp_dig(bn_t c, const bn_t a, dig_t b, const bn_t m); +/* + * Computes a modular exponentiation of a multiple precision integer using the + * Chinese Remainder Theorem, given the moduli. + * + * @param[out] d - the result. + * @param[in] a - the basis. + * @param[in] b - the exponent modulo p. + * @param[in] c - the exponent modulo q. + * @param[in] crt - the set of moduli. + * @param[in] sqr - the flag to indicate if modulo n or n^2. + */ +void bn_mxp_crt(bn_t d, const bn_t a, const bn_t b, const bn_t c, + const crt_t crt, int sqr); + /** * Extracts an approximate integer square-root of a multiple precision integer. * @@ -1051,13 +1159,13 @@ void bn_gcd_lehme(bn_t c, const bn_t a, const bn_t b); /** * Computes the greatest common divisor of two multiple precision integers - * using Stein's binary GCD algorithm. + * using the Binary GCD algorithm. * * @param[out] c - the result; * @param[in] a - the first multiple precision integer. * @param[in] b - the second multiple precision integer. */ -void bn_gcd_stein(bn_t c, const bn_t a, const bn_t b); +void bn_gcd_binar(bn_t c, const bn_t a, const bn_t b); /** * Computes the greatest common divisor of a multiple precision integer and a @@ -1095,7 +1203,7 @@ void bn_gcd_ext_lehme(bn_t c, bn_t d, bn_t e, const bn_t a, const bn_t b); /** * Computes the greatest common divisor of two multiple precision integers - * using Stein's binary algorithm. + * using the Binary algorithm. * * @param[out] c - the result; * @param[out] d - the cofactor of the first operand, can be NULL. @@ -1103,7 +1211,7 @@ void bn_gcd_ext_lehme(bn_t c, bn_t d, bn_t e, const bn_t a, const bn_t b); * @param[in] a - the first multiple precision integer. * @param[in] b - the second multiple precision integer. */ -void bn_gcd_ext_stein(bn_t c, bn_t d, bn_t e, const bn_t a, const bn_t b); +void bn_gcd_ext_binar(bn_t c, bn_t d, bn_t e, const bn_t a, const bn_t b); /** * Computes the extended greatest common divisor of two multiple precision @@ -1145,20 +1253,22 @@ void bn_lcm(bn_t c, const bn_t a, const bn_t b); /** * Computes the Legendre symbol c = (a|b), b prime. * - * @param[out] c - the result. * @param[in] a - the first parameter. * @param[in] b - the second parameter. + * @throw ERR_NO_VALID - if there input is negative. + * @return the result. */ -void bn_smb_leg(bn_t c, const bn_t a, const bn_t b); +int bn_smb_leg(const bn_t a, const bn_t b); /** * Computes the Jacobi symbol c = (a|b). * - * @param[out] c - the result. * @param[in] a - the first parameter. * @param[in] b - the second parameter. + * @throw ERR_NO_VALID - if there input is even or negative. + * @return the result. */ -void bn_smb_jac(bn_t c, const bn_t a, const bn_t b); +int bn_smb_jac(const bn_t a, const bn_t b); /** * Returns a small precomputed prime from a given position in the list of prime @@ -1228,6 +1338,18 @@ void bn_gen_prime_safep(bn_t a, int bits); */ void bn_gen_prime_stron(bn_t a, int bits); +/** + * Generates a probable prime number b, with (b-1) divisible by a probable large + * prime a. + * + * @param[out] a - the prime factor of (b-1). + * @param[out] b - the prime result b. + * @param[in] abits - the length of the factor a in bits. + * @param[in] bbits - the length of the result in bits. + */ +int bn_gen_prime_factor(bn_t a, bn_t b, int abits, int bbits); + + /** * Tries to factorize an integer using Pollard (p - 1) factoring algorithm. * The maximum length of the returned factor is 16 bits. @@ -1383,9 +1505,34 @@ void bn_rec_glv(bn_t k0, bn_t k1, const bn_t k, const bn_t n, const bn_t v1[], * @param[in] k - the scalar to recode. * @param[in] x - the elliptic curve parameter. * @param[in] n - the elliptic curve group order. - * @param[in] bls - flag to indicate if it is a BLS12 curve. + * @param[in] cof - flag to indicate if it is a curve with cofactor 1. */ void bn_rec_frb(bn_t *ki, int sub, const bn_t k, const bn_t x, const bn_t n, int bls); +/** + * Computes the coefficients of the polynomial representing the Lagrange + * interpolation for a modulus and a given set of roots. + * Computes c(x) = \prod_{0 <= i < n}(x - ai) mod q. + * + * @param[out] c - the coefficients of the polynomial. + * @param[in] a - the set of roots. + * @param[in] b - the modulus. + * @param[in] n - the number of roots to interpolate. + */ +void bn_lag(bn_t *c, const bn_t *a, const bn_t b, size_t n); + +/** + * Evaluates an interpolated n-degree polynomial over a value in a modular way, + * given the (n+1) coefficients of the polynomial and the modulus. + * Computes c = a(x) mod q. + * + * @param[out] c - the result of the evaluation. + * @param[in] a - the coefficients of the polynomial. + * @param[in] x - the value to evaluate. + * @param[in] b - the modulus. + * @param[in] n - the degree of the polynomial. + */ +void bn_evl(bn_t c, const bn_t *a, const bn_t x, const bn_t b, size_t n); + #endif /* !RLC_BN_H */ diff --git a/include/relic_conf.h.in b/include/relic_conf.h.in index 7db6f5b50..6992a4a6c 100644 --- a/include/relic_conf.h.in +++ b/include/relic_conf.h.in @@ -74,10 +74,12 @@ #define MSP 2 /** ARM 32-bit architecture. */ #define ARM 3 +/** ARM 64-bit architecture. */ +#define A64 4 /** Intel x86-compatible 32-bit architecture. */ -#define X86 4 +#define X86 5 /** AMD64-compatible 64-bit architecture. */ -#define X64 5 +#define X64 6 /** Architecture. */ #cmakedefine ARCH @ARCH@ @@ -178,10 +180,10 @@ /** Basic Euclidean GCD Algorithm. */ #define BASIC 1 +/** Binary GCD Algorithm. */ +#define BINAR 2 /** Lehmer's fast GCD Algorithm. */ -#define LEHME 2 -/** Stein's binary GCD Algorithm. */ -#define STEIN 3 +#define LEHME 3 /** Chosen multiple precision greatest common divisor method. */ #define BN_GCD @BN_GCD@ @@ -254,11 +256,26 @@ #define EXGCD 4 /** Constant-time inversion by Bernstein-Yang division steps. */ #define DIVST 5 +/** Constant-time inversion by Bernstein-Yang jump division steps. */ +#define JMPDS 6 /** Use implementation provided by the lower layer. */ #define LOWER 8 /** Chosen prime field inversion method. */ #define FP_INV @FP_INV@ +/** Legendre by Fermat's Little Theorem. */ +#define BASIC 1 +/** Binary method. */ +#define BINAR 2 +/** Constant-time inversion by Bernstein-Yang division steps. */ +#define DIVST 5 +/** Constant-time inversion by Bernstein-Yang jump division steps. */ +#define JMPDS 6 +/** Use implementation provided by the lower layer. */ +#define LOWER 8 +/** Chosen prime field inversion method. */ +#define FP_SMB @FP_SMB@ + /** Binary modular exponentiation. */ #define BASIC 1 /** Sliding window modular exponentiation. */ @@ -671,8 +688,8 @@ #define DROID 5 /** Arduino platform. */ #define DUINO 6 -/** OpenBSD operating system. */ -#define OPENBSD 7 +/** NetBSD operating system. */ +#define NETBSD 7 /** Detected operation system. */ #cmakedefine OPSYS @OPSYS@ diff --git a/include/relic_core.h b/include/relic_core.h index 544c37bb7..8b4127834 100644 --- a/include/relic_core.h +++ b/include/relic_core.h @@ -228,6 +228,10 @@ typedef struct _ctx_t { /** Value of constant one in Montgomery form. */ bn_st one; #endif /* FP_RDC == MONTY */ +#if FP_INV == JUMPDS || !defined(STRIP) + /** Value of constant for divstep-based inversion. */ + bn_st inv; +#endif /* FP_INV */ /** Prime modulus modulo 8. */ dig_t mod8; /** Value derived from the prime used for modular reduction. */ @@ -389,6 +393,7 @@ typedef struct _ctx_t { /** Constants for computing Frobenius maps in higher extensions. @{ */ fp2_st fp2_p1[5]; fp2_st fp2_p2[3]; + int frb4; fp2_st fp4_p1; /** @} */ /** Constants for computing Frobenius maps in higher extensions. @{ */ @@ -409,10 +414,10 @@ typedef struct _ctx_t { /** Stores the time measured after the execution of the benchmark. */ ben_t after; /** Stores the sum of timings for the current benchmark. */ - long long total; + ull_t total; #ifdef OVERH /** Benchmarking overhead to be measured and subtracted from benchmarks. */ - long long over; + ull_t over; #endif #endif @@ -434,6 +439,13 @@ typedef struct _ctx_t { /** Buffer for storing perf data, */ struct perf_event_mmap_page *perf_buf; #endif + + /** Function pointer to underlying lznct implementation. */ +#if ARCH == X86 + unsigned int (*lzcnt_ptr)(unsigned int); +#elif ARCH == X64 || ARCH == A64 + unsigned int (*lzcnt_ptr)(ull_t); +#endif } ctx_t; /*============================================================================*/ @@ -469,6 +481,9 @@ ctx_t *core_get(void); void core_set(ctx_t *ctx); #if defined(MULTI) + +#include "relic_multi.h" + /** * Set an initializer function which is called when the context * is uninitialized. This function is called for every thread. diff --git a/include/relic_cp.h b/include/relic_cp.h index 1acb5b2e5..7872f19e8 100644 --- a/include/relic_cp.h +++ b/include/relic_cp.h @@ -48,30 +48,6 @@ /* Type definitions. */ /*============================================================================*/ -/** - * Represents a pair of moduli for using the Chinese Remainder Theorem (CRT). - */ -typedef struct { - /** The modulus n = pq. */ - bn_t n; - /** The first prime p. */ - bn_t p; - /** The second prime q. */ - bn_t q; - /** The precomputed costant for the first prime. */ - bn_t dp; - /** The precomputed costant for the second prime. */ - bn_t dq; - /** The inverse of q modulo p. */ - bn_t qi; -} crt_st; - -#if ALLOC == AUTO -typedef crt_st crt_t[1]; -#else -typedef crt_st *crt_t; -#endif - /** * Represents an RSA key pair. */ @@ -111,6 +87,32 @@ typedef crt_st phpe_t[1]; typedef crt_st *phpe_t; #endif + +/** + * Represents a Subgroup Paillier's Probabilistic Encryption key pair. + */ +typedef struct { + /** The subgroup order. */ + bn_t a; + /** The subgroup size. */ + bn_t b; + /** The generator ((1+n)^b) mod n^2. */ + bn_t g; + /** The precomputed ((1+n)^b)^n mod n^2. */ + bn_t gn; + /** The CRT parameters. */ + crt_t crt; +} shpe_st; + +/** + * Pointer to a Subgroup-Paillier's Homomorphic Probabilistic Encryption key pair. + */ +#if ALLOC == AUTO +typedef shpe_st shpe_t[1]; +#else +typedef shpe_st *shpe_t; +#endif + /** * Represents a Benaloh's Dense Probabilistic Encryption key pair. */ @@ -205,15 +207,35 @@ typedef struct _ers_st { /** * Pointer to an extendable ring signature. */ -/** - * Pointer to a Boneh-Goh-Nissim cryptosystem key pair. - */ #if ALLOC == AUTO typedef ers_st ers_t[1]; #else typedef ers_st *ers_t; #endif +/** + * Represents an extendable ring signature. + */ +typedef struct _smlers_st { + /** The extendable ring signature. */ + ers_t sig; + /** The linkability tag. */ + ec_t tau; + /** The first component of the signature of knowledge. */ + bn_t c[2]; + /** The second component of the signature of knowledge. */ + bn_t r[2]; +} smlers_st; + +/** + * Pointer to an extendable ring signature. + */ +#if ALLOC == AUTO +typedef smlers_st smlers_t[1]; +#else +typedef smlers_st *smlers_t; +#endif + /** * Represents an extendable threshold ring signature. */ @@ -233,9 +255,6 @@ typedef struct _etrs_st { /** * Pointer to an extendable ring signature. */ -/** - * Pointer to a Boneh-Goh-Nissim cryptosystem key pair. - */ #if ALLOC == AUTO typedef etrs_st etrs_t[1]; #else @@ -248,61 +267,58 @@ typedef etrs_st *etrs_t; /*============================================================================*/ /** - * Initializes a CRT moduli set with a null value. + * Initializes a Subgroup Paillier key pair with a null value. * * @param[out] A - the moduli to initialize. */ -#define crt_null(A) RLC_NULL(A) +#define shpe_null(A) RLC_NULL(A) /** - * Calls a function to allocate and initialize a Rabin key pair. + * Calls a function to allocate and initialize a Subgroup Paillier key pair. * * @param[out] A - the new key pair. */ #if ALLOC == DYNAMIC -#define crt_new(A) \ - A = (crt_t)calloc(1, sizeof(crt_st)); \ +#define shpe_new(A) \ + A = (shpe_t)calloc(1, sizeof(shpe_st)); \ if (A == NULL) { \ RLC_THROW(ERR_NO_MEMORY); \ } \ - bn_new((A)->n); \ - bn_new((A)->dp); \ - bn_new((A)->dq); \ - bn_new((A)->p); \ - bn_new((A)->q); \ - bn_new((A)->qi); \ + bn_new((A)->a); \ + bn_new((A)->b); \ + bn_new((A)->g); \ + bn_new((A)->gn); \ + crt_new((A)->crt); \ #elif ALLOC == AUTO -#define crt_new(A) \ - bn_new((A)->n); \ - bn_new((A)->dp); \ - bn_new((A)->dq); \ - bn_new((A)->p); \ - bn_new((A)->q); \ - bn_new((A)->qi); \ +#define shpe_new(A) \ + bn_new((A)->a); \ + bn_new((A)->b); \ + bn_new((A)->g); \ + bn_new((A)->gn); \ + crt_new((A)->crt); \ #endif /** - * Calls a function to clean and free a Rabin key pair. + * Calls a function to clean and free a Subgroup Paillier key pair. * * @param[out] A - the key pair to clean and free. */ #if ALLOC == DYNAMIC -#define crt_free(A) \ +#define shpe_free(A) \ if (A != NULL) { \ - bn_free((A)->n); \ - bn_free((A)->dp); \ - bn_free((A)->dq); \ - bn_free((A)->p); \ - bn_free((A)->q); \ - bn_free((A)->qi); \ + bn_free((A)->a); \ + bn_free((A)->b); \ + bn_free((A)->g); \ + bn_free((A)->gn); \ + crt_free((A)->crt); \ free(A); \ A = NULL; \ } #elif ALLOC == AUTO -#define crt_free(A) /* empty */ +#define shpe_free(A) /* empty */ #endif @@ -606,6 +622,57 @@ typedef etrs_st *etrs_t; #define ers_free(A) /* empty */ #endif +/** + * Initializes a BGN key pair with a null value. + * + * @param[out] A - the key pair to initialize. + */ +#define smlers_null(A) RLC_NULL(A) + +/** + * Calls a function to allocate and initialize an extendable signature ring. + * + * @param[out] A - the new signature ring. + */ +#if ALLOC == DYNAMIC +#define smlers_new(A) \ + A = (smlers_t)calloc(1, sizeof(ers_st)); \ + if (A == NULL) { \ + RLC_THROW(ERR_NO_MEMORY); \ + } \ + ers_new((A)->sig); \ + ec_new((A)->tau); \ + bn_new((A)->c[0]); \ + bn_new((A)->c[1]); \ + bn_new((A)->r[0]); \ + bn_new((A)->r[1]); \ + +#elif ALLOC == AUTO +#define smlers_new(A) /* empty */ +#endif + +/** + * Calls a function to clean and free an extendable signature ring. + * + * @param[out] A - the signature ring to clean and free. + */ +#if ALLOC == DYNAMIC +#define smlers_free(A) \ + if (A != NULL) { \ + ers_free((A)->sig); \ + ec_free((A)->tau); \ + bn_free((A)->c[0]); \ + bn_free((A)->c[1]); \ + bn_free((A)->r[0]); \ + bn_free((A)->r[1]); \ + free(A); \ + A = NULL; \ + } + +#elif ALLOC == AUTO +#define smlers_free(A) /* empty */ +#endif + /** * Initializes a BGN key pair with a null value. * @@ -633,7 +700,7 @@ typedef etrs_st *etrs_t; bn_new((A)->r[1]); \ #elif ALLOC == AUTO -#define etrs_new(A) /* empty */ +#define etrs_new(A) /* empty */ #endif @@ -657,7 +724,7 @@ typedef etrs_st *etrs_t; } #elif ALLOC == AUTO -#define etrs_free(A) /* empty */ +#define etrs_free(A) /* empty */ #endif /*============================================================================*/ @@ -685,7 +752,8 @@ int cp_rsa_gen(rsa_t pub, rsa_t prv, int bits); * @param[in] pub - the public key. * @return RLC_OK if no errors occurred, RLC_ERR otherwise. */ -int cp_rsa_enc(uint8_t *out, int *out_len, uint8_t *in, int in_len, rsa_t pub); +int cp_rsa_enc(uint8_t *out, size_t *out_len, const uint8_t *in, size_t in_len, + const rsa_t pub); /** * Decrypts using the RSA cryptosystem. Uses the CRT optimization if @@ -698,7 +766,8 @@ int cp_rsa_enc(uint8_t *out, int *out_len, uint8_t *in, int in_len, rsa_t pub); * @param[in] prv - the private key. * @return RLC_OK if no errors occurred, RLC_ERR otherwise. */ -int cp_rsa_dec(uint8_t *out, int *out_len, uint8_t *in, int in_len, rsa_t prv); +int cp_rsa_dec(uint8_t *out, size_t *out_len, const uint8_t *in, size_t in_len, + const rsa_t prv); /** * Signs using the basic RSA signature algorithm. The flag must be non-zero if @@ -713,8 +782,8 @@ int cp_rsa_dec(uint8_t *out, int *out_len, uint8_t *in, int in_len, rsa_t prv); * @param[in] prv - the private key. * @return RLC_OK if no errors occurred, RLC_ERR otherwise. */ -int cp_rsa_sig(uint8_t *sig, int *sig_len, uint8_t *msg, int msg_len, - int hash, rsa_t prv); +int cp_rsa_sig(uint8_t *sig, size_t *sig_len, const uint8_t *msg, + size_t msg_len, int hash, const rsa_t prv); /** * Verifies an RSA signature. The flag must be non-zero if the message being @@ -728,8 +797,8 @@ int cp_rsa_sig(uint8_t *sig, int *sig_len, uint8_t *msg, int msg_len, * @param[in] pub - the public key. * @return a boolean value indicating if the signature is valid. */ -int cp_rsa_ver(uint8_t *sig, int sig_len, uint8_t *msg, int msg_len, int hash, - rsa_t pub); +int cp_rsa_ver(uint8_t *sig, size_t sig_len, const uint8_t *msg, size_t msg_len, + int hash, const rsa_t pub); /** * Generates a key pair for the Rabin cryptosystem. @@ -739,7 +808,7 @@ int cp_rsa_ver(uint8_t *sig, int sig_len, uint8_t *msg, int msg_len, int hash, * @param[in] bits - the key length in bits. * @return RLC_OK if no errors occurred, RLC_ERR otherwise. */ -int cp_rabin_gen(rabin_t pub, rabin_t prv, int bits); +int cp_rabin_gen(rabin_t pub, rabin_t prv, size_t bits); /** * Encrypts using the Rabin cryptosystem. @@ -751,8 +820,8 @@ int cp_rabin_gen(rabin_t pub, rabin_t prv, int bits); * @param[in] pub - the public key. * @return RLC_OK if no errors occurred, RLC_ERR otherwise. */ -int cp_rabin_enc(uint8_t *out, int *out_len, uint8_t *in, int in_len, - rabin_t pub); +int cp_rabin_enc(uint8_t *out, size_t *out_len, const uint8_t *in, + size_t in_len, const rabin_t pub); /** * Decrypts using the Rabin cryptosystem. @@ -764,8 +833,8 @@ int cp_rabin_enc(uint8_t *out, int *out_len, uint8_t *in, int in_len, * @param[in] prv - the private key. * @return RLC_OK if no errors occurred, RLC_ERR otherwise. */ -int cp_rabin_dec(uint8_t *out, int *out_len, uint8_t *in, int in_len, - rabin_t prv); +int cp_rabin_dec(uint8_t *out, size_t *out_len, const uint8_t *in, + size_t in_len, const rabin_t prv); /** * Generates a key pair for Benaloh's Dense Probabilistic Encryption. @@ -776,7 +845,7 @@ int cp_rabin_dec(uint8_t *out, int *out_len, uint8_t *in, int in_len, * @param[in] bits - the key length in bits. * @return RLC_OK if no errors occurred, RLC_ERR otherwise. */ -int cp_bdpe_gen(bdpe_t pub, bdpe_t prv, dig_t block, int bits); +int cp_bdpe_gen(bdpe_t pub, bdpe_t prv, dig_t block, size_t bits); /** * Encrypts using Benaloh's cryptosystem. @@ -787,7 +856,7 @@ int cp_bdpe_gen(bdpe_t pub, bdpe_t prv, dig_t block, int bits); * @param[in] pub - the public key. * @return RLC_OK if no errors occurred, RLC_ERR otherwise. */ -int cp_bdpe_enc(uint8_t *out, int *out_len, dig_t in, bdpe_t pub); +int cp_bdpe_enc(uint8_t *out, size_t *out_len, dig_t in, const bdpe_t pub); /** * Decrypts using Benaloh's cryptosystem. @@ -798,7 +867,7 @@ int cp_bdpe_enc(uint8_t *out, int *out_len, dig_t in, bdpe_t pub); * @param[in] prv - the private key. * @return RLC_OK if no errors occurred, RLC_ERR otherwise. */ -int cp_bdpe_dec(dig_t *out, uint8_t *in, int in_len, bdpe_t prv); +int cp_bdpe_dec(dig_t *out, const uint8_t *in, size_t in_len, const bdpe_t prv); /** * Generates a key pair for Paillier's Homomorphic Probabilistic Encryption. @@ -808,17 +877,28 @@ int cp_bdpe_dec(dig_t *out, uint8_t *in, int in_len, bdpe_t prv); * @param[in] bits - the key length in bits. * @return RLC_OK if no errors occurred, RLC_ERR otherwise. */ -int cp_phpe_gen(bn_t pub, phpe_t prv, int bits); +int cp_phpe_gen(bn_t pub, phpe_t prv, size_t bits); /** * Encrypts using the Paillier cryptosystem. * - * @param[out] c - the ciphertex, represented as an integer. + * @param[out] c - the ciphertext, represented as an integer. * @param[in] m - the plaintext as an integer. * @param[in] pub - the public key. * @return RLC_OK if no errors occurred, RLC_ERR otherwise. */ -int cp_phpe_enc(bn_t c, bn_t m, bn_t pub); +int cp_phpe_enc(bn_t c, const bn_t m, const bn_t pub); + +/** + * Evaluated a homomorphic addition using the Paillier cryptosystem. + * + * @param[out] r - the resulting ciphertext. + * @param[in] c - the first ciphertext as an integer to multiply. + * @param[in] d - the second ciphertext as an integer to multiply. + * @param[in] pub - the public key. + * @return RLC_OK if no errors occurred, RLC_ERR otherwise. + */ +int cp_phpe_add(bn_t r, const bn_t c, const bn_t d, const bn_t pub); /** * Decrypts using the Paillier cryptosystem. @@ -828,7 +908,48 @@ int cp_phpe_enc(bn_t c, bn_t m, bn_t pub); * @param[in] prv - the private key. * @return RLC_OK if no errors occurred, RLC_ERR otherwise. */ -int cp_phpe_dec(bn_t m, bn_t c, phpe_t prv); +int cp_phpe_dec(bn_t m, const bn_t c, const phpe_t prv); + +/** + * Generates a key pair for Paillier's Subgroup Homomorphic Probabilistic Encryption. + * + * @param[out] pub - the public key. + * @param[out] prv - the private key. + * @param[in] sbits - the subgroup order in bits. + * @param[in] nbits - the key length in bits. + * @return RLC_OK if no errors occurred, RLC_ERR otherwise. + */ +int cp_shpe_gen(shpe_t pub, shpe_t prv, size_t sbits, size_t nbits); + +/** + * Encrypts using the Subgroup Paillier cryptosystem. + * + * @param[out] c - the ciphertext, represented as an integer. + * @param[in] m - the plaintext as an integer. + * @param[in] pub - the public key. + * @return RLC_OK if no errors occurred, RLC_ERR otherwise. + */ +int cp_shpe_enc(bn_t c, const bn_t m, const shpe_t pub); + +/** + * Encrypts faster using the Subgroup Paillier cryptosystem if the private key is known. + * + * @param[out] c - the ciphertext represented as an integer. + * @param[in] m - the plaintext as an integer. + * @param[in] prv - the private key. + * @return RLC_OK if no errors occurred, RLC_ERR otherwise. + */ +int cp_shpe_enc_prv(bn_t c, const bn_t m, const shpe_t prv); + +/** + * Decrypts using the Subgroup Paillier cryptosystem. + * + * @param[out] m - the plaintext, represented as an integer. + * @param[in] c - the ciphertex as an integer. + * @param[in] prv - the private key. + * @return RLC_OK if no errors occurred, RLC_ERR otherwise. + */ +int cp_shpe_dec(bn_t m, const bn_t c, const shpe_t prv); /** * Generates a key pair for Genealized Homomorphic Probabilistic Encryption. @@ -838,7 +959,7 @@ int cp_phpe_dec(bn_t m, bn_t c, phpe_t prv); * @param[in] bits - the key length in bits. * @return RLC_OK if no errors occurred, RLC_ERR otherwise. */ -int cp_ghpe_gen(bn_t pub, bn_t prv, int bits); +int cp_ghpe_gen(bn_t pub, bn_t prv, size_t bits); /** * Encrypts using the Generalized Paillier cryptosystem. @@ -846,10 +967,10 @@ int cp_ghpe_gen(bn_t pub, bn_t prv, int bits); * @param[out] c - the ciphertext. * @param[in] m - the plaintext. * @param[in] pub - the public key. - * @param[in] s - the block length parameter. + * @param[in] s - the block length parameter. * @return RLC_OK if no errors occurred, RLC_ERR otherwise. */ -int cp_ghpe_enc(bn_t c, bn_t m, bn_t pub, int s); +int cp_ghpe_enc(bn_t c, const bn_t m, const bn_t pub, size_t s); /** * Decrypts using the Generalized Paillier cryptosystem. @@ -857,10 +978,10 @@ int cp_ghpe_enc(bn_t c, bn_t m, bn_t pub, int s); * @param[out] m - the plaintext. * @param[in] c - the ciphertext. * @param[in] pub - the public key. - * @param[in] s - the block length parameter. + * @param[in] s - the block length parameter. * @return RLC_OK if no errors occurred, RLC_ERR otherwise. */ -int cp_ghpe_dec(bn_t m, bn_t c, bn_t pub, bn_t prv, int s); +int cp_ghpe_dec(bn_t m, const bn_t c, const bn_t pub, const bn_t prv, size_t s); /** * Generates an ECDH key pair. @@ -880,7 +1001,7 @@ int cp_ecdh_gen(bn_t d, ec_t q); * @param[in] q - the point received from the other party. * @return RLC_OK if no errors occurred, RLC_ERR otherwise. */ -int cp_ecdh_key(uint8_t *key, int key_len, bn_t d, ec_t q); +int cp_ecdh_key(uint8_t *key, size_t key_len, const bn_t d, const ec_t q); /** * Generate an ECMQV key pair. @@ -905,8 +1026,8 @@ int cp_ecmqv_gen(bn_t d, ec_t q); * @param[in] q2v - the ephemeral point received from the party. * @return RLC_OK if no errors occurred, RLC_ERR otherwise. */ -int cp_ecmqv_key(uint8_t *key, int key_len, bn_t d1, bn_t d2, ec_t q2u, - ec_t q1v, ec_t q2v); +int cp_ecmqv_key(uint8_t *key, size_t key_len, const bn_t d1, const bn_t d2, + const ec_t q2u, const ec_t q1v, const ec_t q2v); /** * Generates an ECIES key pair. @@ -920,17 +1041,17 @@ int cp_ecies_gen(bn_t d, ec_t q); /** * Encrypts using the ECIES cryptosystem. * - * @param[out] r - the resulting elliptic curve point. + * @param[out] r - the resulting elliptic curve point. * @param[out] out - the output buffer. * @param[in, out] out_len - the buffer capacity and number of bytes written. * @param[in] in - the input buffer. * @param[in] in_len - the number of bytes to encrypt. - * @param[in] iv - the block cipher initialization vector. + * @param[in] iv - the block cipher initialization vector. * @param[in] q - the public key. * @return RLC_OK if no errors occurred, RLC_ERR otherwise. */ -int cp_ecies_enc(ec_t r, uint8_t *out, int *out_len, uint8_t *in, int in_len, - ec_t q); +int cp_ecies_enc(ec_t r, uint8_t *out, size_t *out_len, const uint8_t *in, + size_t in_len, const ec_t q); /** * Decrypts using the ECIES cryptosystem. @@ -939,12 +1060,12 @@ int cp_ecies_enc(ec_t r, uint8_t *out, int *out_len, uint8_t *in, int in_len, * @param[in, out] out_len - the buffer capacity and number of bytes written. * @param[in] in - the input buffer. * @param[in] in_len - the number of bytes to encrypt. - * @param[in] iv - the block cipher initialization vector. + * @param[in] iv - the block cipher initialization vector. * @param[in] d - the private key. * @return RLC_OK if no errors occurred, RLC_ERR otherwise. */ -int cp_ecies_dec(uint8_t *out, int *out_len, ec_t r, uint8_t *in, int in_len, - bn_t d); +int cp_ecies_dec(uint8_t *out, size_t *out_len, const ec_t r, const uint8_t *in, + size_t in_len, const bn_t d); /** * Generates an ECDSA key pair. @@ -966,7 +1087,8 @@ int cp_ecdsa_gen(bn_t d, ec_t q); * @param[in] d - the private key. * @return RLC_OK if no errors occurred, RLC_ERR otherwise. */ -int cp_ecdsa_sig(bn_t r, bn_t s, uint8_t *msg, int len, int hash, bn_t d); +int cp_ecdsa_sig(bn_t r, bn_t s, const uint8_t *msg, size_t len, int hash, + const bn_t d); /** * Verifies a message signed with ECDSA using the basic method. @@ -979,7 +1101,8 @@ int cp_ecdsa_sig(bn_t r, bn_t s, uint8_t *msg, int len, int hash, bn_t d); * @param[in] q - the public key. * @return a boolean value indicating if the signature is valid. */ -int cp_ecdsa_ver(bn_t r, bn_t s, uint8_t *msg, int len, int hash, ec_t q); +int cp_ecdsa_ver(const bn_t r, const bn_t s, const uint8_t *msg, size_t len, + int hash, const ec_t q); /** * Generates an Elliptic Curve Schnorr Signature key pair. @@ -1000,7 +1123,7 @@ int cp_ecss_gen(bn_t d, ec_t q); * @param[in] d - the private key. * @return RLC_OK if no errors occurred, RLC_ERR otherwise. */ -int cp_ecss_sig(bn_t e, bn_t s, uint8_t *msg, int len, bn_t d); +int cp_ecss_sig(bn_t e, bn_t s, const uint8_t *msg, size_t len, const bn_t d); /** * Verifies a message signed with the Elliptic Curve Schnorr Signature using the @@ -1013,14 +1136,14 @@ int cp_ecss_sig(bn_t e, bn_t s, uint8_t *msg, int len, bn_t d); * @param[in] q - the public key. * @return a boolean value indicating if the signature is valid. */ -int cp_ecss_ver(bn_t e, bn_t s, uint8_t *msg, int len, ec_t q); +int cp_ecss_ver(bn_t e, bn_t s, const uint8_t *msg, size_t len, const ec_t q); /** * Generate parameters for the DCKKS pairing delegation protocol described at * "Secure and Efficient Delegationof Pairings with Online Inputs" (CARDIS 2020) * - * @param[out] c - the challenge. - * @param[out] r - the randomness. + * @param[out] c - the challenge. + * @param[out] r - the randomness. * @param[out] u1 - the U1 precomputed value in G_1. * @param[out] u2 - the U2 precomputed value in G_2. * @param[out] v2 - the image of the randomness in G_2. @@ -1036,15 +1159,15 @@ int cp_pdpub_gen(bn_t c, bn_t r, g1_t u1, g2_t u2, g2_t v2, gt_t e); * @param[out] w2 - the blinded element in G_2. * @param[in] p - the first argument of the pairing. * @param[in] q - the second argument of the pairing. - * @param[in] c - the challenge. - * @param[in] r - the randomness. + * @param[in] c - the challenge. + * @param[in] r - the randomness. * @param[in] u1 - the U1 precomputed value in G_1. * @param[in] u2 - the U2 precomputed value in G_2. * @param[in] v2 - the image of the randomness in G_2. * @return RLC_OK if no errors occurred, RLC_ERR otherwise. */ -int cp_pdpub_ask(g1_t v1, g2_t w2, g1_t p, g2_t q, bn_t c, bn_t r, g1_t u1, - g2_t u2, g2_t v2); +int cp_pdpub_ask(g1_t v1, g2_t w2, const g1_t p, const g2_t q, const bn_t c, + const bn_t r, const g1_t u1, const g2_t u2, const g2_t v2); /** * Execute the server-side response for the DCKKS pairing delegation protocol. @@ -1057,25 +1180,26 @@ int cp_pdpub_ask(g1_t v1, g2_t w2, g1_t p, g2_t q, bn_t c, bn_t r, g1_t u1, * @param[in] w2 - the blinded element in G_2. * @return RLC_OK if no errors occurred, RLC_ERR otherwise. */ -int cp_pdpub_ans(gt_t g[3], g1_t p, g2_t q, g1_t v1, g2_t v2, g2_t w2); +int cp_pdpub_ans(gt_t g[3], const g1_t p, const g2_t q, const g1_t v1, + const g2_t v2, const g2_t w2); /** * Verifies the result of the DCKKS pairing delegation protocol. * * @param[out] r - the result of the computation. * @param[in] g - the group elements returned by the server. - * @param[in] c - the challenge. - * @param[out] e - the precomputed values e(U1, U2). + * @param[in] c - the challenge. + * @param[in] e - the precomputed values e(U1, U2). * @return a boolean value indicating if the computation is correct. */ -int cp_pdpub_ver(gt_t r, gt_t g[3], bn_t c, gt_t e); +int cp_pdpub_ver(gt_t r, const gt_t g[3], const bn_t c, const gt_t e); /** * Generate parameters for the DCKKS pairing delegation protocol described at * "Secure and Efficient Delegationof Pairings with Online Inputs" (CARDIS 2020) * - * @param[out] c - the challenge. - * @param[out] r - the randomness. + * @param[out] c - the challenge. + * @param[out] r - the randomness. * @param[out] u1 - the U1 precomputed value in G_1. * @param[out] u2 - the U2 precomputed value in G_2. * @param[out] v2 - the image of the randomness in G_2. @@ -1092,15 +1216,16 @@ int cp_pdprv_gen(bn_t c, bn_t r[3], g1_t u1[2], g2_t u2[2], g2_t v2[4], * @param[out] w2 - the blinded element in G_2. * @param[in] p - the first argument of the pairing. * @param[in] q - the second argument of the pairing. - * @param[in] c - the challenge. - * @param[in] r - the randomness. + * @param[in] c - the challenge. + * @param[in] r - the randomness. * @param[in] u1 - the U1 precomputed value in G_1. * @param[in] u2 - the U2 precomputed value in G_2. * @param[in] v2 - the image of the randomness in G_2. * @return RLC_OK if no errors occurred, RLC_ERR otherwise. */ -int cp_pdprv_ask(g1_t v1[3], g2_t w2[4], g1_t p, g2_t q, bn_t c, bn_t r[3], - g1_t u1[2], g2_t u2[2], g2_t v2[4]); +int cp_pdprv_ask(g1_t v1[3], g2_t w2[4], const g1_t p, const g2_t q, + const bn_t c, const bn_t r[3], const g1_t u1[2], const g2_t u2[2], + const g2_t v2[4]); /** * Execute the server-side response for the DCKKS pairing delegation protocol. @@ -1113,24 +1238,24 @@ int cp_pdprv_ask(g1_t v1[3], g2_t w2[4], g1_t p, g2_t q, bn_t c, bn_t r[3], * @param[in] w2 - the blinded element in G_2. * @return RLC_OK if no errors occurred, RLC_ERR otherwise. */ -int cp_pdprv_ans(gt_t g[4], g1_t v1[3], g2_t w2[4]); +int cp_pdprv_ans(gt_t g[4], const g1_t v1[3], const g2_t w2[4]); /** * Verifies the result of the DCKKS pairing delegation protocol. * * @param[out] r - the result of the computation. * @param[in] g - the group elements returned by the server. - * @param[in] c - the challenge. - * @param[out] e - the precomputed values e(U1, U2). + * @param[in] c - the challenge. + * @param[in] e - the precomputed values e(U1, U2). * @return a boolean value indicating if the computation is correct. */ -int cp_pdprv_ver(gt_t r, gt_t g[4], bn_t c, gt_t e[2]); +int cp_pdprv_ver(gt_t r, const gt_t g[4], const bn_t c, const gt_t e[2]); /** - * Generate parameters for the AMORE pairing delegation protocol with public + * Generate parameters for the LOVE pairing delegation protocol with public * inputs. * - * @param[out] r - the randomness. + * @param[out] r - the randomness. * @param[out] u1 - the U1 precomputed value in G_1. * @param[out] u2 - the U2 precomputed value in G_2. * @param[out] v2 - the image of the randomness in G_2. @@ -1140,25 +1265,25 @@ int cp_pdprv_ver(gt_t r, gt_t g[4], bn_t c, gt_t e[2]); int cp_lvpub_gen(bn_t r, g1_t u1, g2_t u2, g2_t v2, gt_t e); /** - * Execute the client-side request for the AMORE pairing delegation protocol. + * Execute the client-side request for the LOVE pairing delegation protocol. * - * @param[out] c - the challenge. + * @param[out] c - the challenge. * @param[out] v1 - the blinded element in G_1. * @param[out] w2 - the blinded element in G_2. * @param[in] p - the first argument of the pairing. * @param[in] q - the second argument of the pairing. - * @param[in] c - the challenge. - * @param[in] r - the randomness. + * @param[in] c - the challenge. + * @param[in] r - the randomness. * @param[in] u1 - the U1 precomputed value in G_1. * @param[in] u2 - the U2 precomputed value in G_2. * @param[in] v2 - the image of the randomness in G_2. * @return RLC_OK if no errors occurred, RLC_ERR otherwise. */ -int cp_lvpub_ask(bn_t c, g1_t v1, g2_t w2, g1_t p, g2_t q, bn_t r, g1_t u1, - g2_t u2, g2_t v2); +int cp_lvpub_ask(bn_t c, g1_t v1, g2_t w2, const g1_t p, const g2_t q, + const bn_t r, const g1_t u1, const g2_t u2, const g2_t v2); /** - * Execute the server-side response for the AMORE pairing delegation protocol. + * Execute the server-side response for the LOVE pairing delegation protocol. * * @param[out] g - the group elements computed by the server. * @param[in] p - the first argument of the pairing. @@ -1168,25 +1293,26 @@ int cp_lvpub_ask(bn_t c, g1_t v1, g2_t w2, g1_t p, g2_t q, bn_t r, g1_t u1, * @param[in] w2 - the blinded element in G_2. * @return RLC_OK if no errors occurred, RLC_ERR otherwise. */ -int cp_lvpub_ans(gt_t g[2], g1_t p, g2_t q, g1_t v1, g2_t v2, g2_t w2); +int cp_lvpub_ans(gt_t g[2], const g1_t p, const g2_t q, const g1_t v1, + const g2_t v2, const g2_t w2); /** - * Verifies the result of the AMORE pairing delegation protocol. + * Verifies the result of the LOVE pairing delegation protocol. * * @param[out] r - the result of the computation. * @param[in] g - the group elements returned by the server. - * @param[in] c - the challenge. - * @param[out] e - the precomputed values e(U1, U2). + * @param[in] c - the challenge. + * @param[in] e - the precomputed values e(U1, U2). * @return a boolean value indicating if the computation is correct. */ -int cp_lvpub_ver(gt_t r, gt_t g[2], bn_t c, gt_t e); +int cp_lvpub_ver(gt_t r, const gt_t g[2], const bn_t c, const gt_t e); /** - * Generate parameters for the AMORE pairing delegation protocol with private + * Generate parameters for the LOVE pairing delegation protocol with private * inputs. * - * @param[out] c - the challenge. - * @param[out] r - the randomness. + * @param[out] c - the challenge. + * @param[out] r - the randomness. * @param[out] u1 - the U1 precomputed value in G_1. * @param[out] u2 - the U2 precomputed value in G_2. * @param[out] v2 - the image of the randomness in G_2. @@ -1197,24 +1323,25 @@ int cp_lvprv_gen(bn_t c, bn_t r[3], g1_t u1[2], g2_t u2[2], g2_t v2[4], gt_t e[2]); /** - * Execute the client-side request for the AMORE pairing delegation protocol. + * Execute the client-side request for the LOVE pairing delegation protocol. * * @param[out] v1 - the blinded element in G_1. * @param[out] w2 - the blinded element in G_2. * @param[in] p - the first argument of the pairing. * @param[in] q - the second argument of the pairing. - * @param[in] c - the challenge. - * @param[in] r - the randomness. + * @param[in] c - the challenge. + * @param[in] r - the randomness. * @param[in] u1 - the U1 precomputed value in G_1. * @param[in] u2 - the U2 precomputed value in G_2. * @param[in] v2 - the image of the randomness in G_2. * @return RLC_OK if no errors occurred, RLC_ERR otherwise. */ -int cp_lvprv_ask(g1_t v1[3], g2_t w2[4], g1_t p, g2_t q, bn_t c, bn_t r[3], - g1_t u1[2], g2_t u2[2], g2_t v2[4]); +int cp_lvprv_ask(g1_t v1[3], g2_t w2[4], const g1_t p, const g2_t q, + const bn_t c, const bn_t r[3], const g1_t u1[2], const g2_t u2[2], + const g2_t v2[4]); /** - * Execute the server-side response for the AMORE pairing delegation protocol. + * Execute the server-side response for the LOVE pairing delegation protocol. * * @param[out] g - the group elements computed by the server. * @param[in] p - the first argument of the pairing. @@ -1224,18 +1351,18 @@ int cp_lvprv_ask(g1_t v1[3], g2_t w2[4], g1_t p, g2_t q, bn_t c, bn_t r[3], * @param[in] w2 - the blinded element in G_2. * @return RLC_OK if no errors occurred, RLC_ERR otherwise. */ -int cp_lvprv_ans(gt_t g[4], g1_t v1[3], g2_t w2[4]); +int cp_lvprv_ans(gt_t g[4], const g1_t v1[3], const g2_t w2[4]); /** - * Verifies the result of the AMORE pairing delegation protocol. + * Verifies the result of the LOVE pairing delegation protocol. * * @param[out] r - the result of the computation. * @param[in] g - the group elements returned by the server. - * @param[in] c - the challenge. - * @param[out] e - the precomputed values e(U1, U2). + * @param[in] c - the challenge. + * @param[in] e - the precomputed values e(U1, U2). * @return a boolean value indicating if the computation is correct. */ -int cp_lvprv_ver(gt_t r, gt_t g[4], bn_t c, gt_t e[2]); +int cp_lvprv_ver(gt_t r, const gt_t g[4], const bn_t c, const gt_t e[2]); /** * Generates a master key for the SOKAKA identity-based non-interactive @@ -1254,7 +1381,7 @@ int cp_sokaka_gen(bn_t master); * @param[in] master - the master key. * @return RLC_OK if no errors occurred, RLC_ERR otherwise. */ -int cp_sokaka_gen_prv(sokaka_t k, char *id, bn_t master); +int cp_sokaka_gen_prv(sokaka_t k, const char *id, bn_t master); /** * Computes a shared key between two entities. @@ -1266,14 +1393,14 @@ int cp_sokaka_gen_prv(sokaka_t k, char *id, bn_t master); * @param[in] id2 - the second identity. * @return RLC_OK if no errors occurred, RLC_ERR otherwise. */ -int cp_sokaka_key(uint8_t *key, unsigned int key_len, char *id1, - sokaka_t k, char *id2); +int cp_sokaka_key(uint8_t *key, size_t key_len, const char *id1, + const sokaka_t k, const char *id2); /** * Generates a key pair for the Boneh-Go-Nissim (BGN) cryptosystem. * - * @param[out] pub - the public key. - * @param[out] prv - the private key. + * @param[out] pub - the public key. + * @param[out] prv - the private key. * @return RLC_OK if no errors occurred, RLC_ERR otherwise. */ int cp_bgn_gen(bgn_t pub, bgn_t prv); @@ -1281,79 +1408,79 @@ int cp_bgn_gen(bgn_t pub, bgn_t prv); /** * Encrypts in G_1 using the BGN cryptosystem. * - * @param[out] out - the ciphertext. - * @param[in] in - the plaintext as a small integer. - * @param[in] pub - the public key. + * @param[out] out - the ciphertext. + * @param[in] in - the plaintext as a small integer. + * @param[in] pub - the public key. * @return RLC_OK if no errors occurred, RLC_ERR otherwise. */ -int cp_bgn_enc1(g1_t out[2], dig_t in, bgn_t pub); +int cp_bgn_enc1(g1_t out[2], const dig_t in, const bgn_t pub); /** * Decrypts in G_1 using the BGN cryptosystem. * - * @param[out] out - the decrypted small integer. - * @param[in] in - the ciphertext. - * @param[in] prv - the private key. + * @param[out] out - the decrypted small integer. + * @param[in] in - the ciphertext. + * @param[in] prv - the private key. * @return RLC_OK if no errors occurred, RLC_ERR otherwise. */ -int cp_bgn_dec1(dig_t *out, g1_t in[2], bgn_t prv); +int cp_bgn_dec1(dig_t *out, const g1_t in[2], const bgn_t prv); /** * Encrypts in G_2 using the BGN cryptosystem. * - * @param[out] c - the ciphertext. - * @param[in] m - the plaintext as a small integer. - * @param[in] pub - the public key. + * @param[out] c - the ciphertext. + * @param[in] m - the plaintext as a small integer. + * @param[in] pub - the public key. * @return RLC_OK if no errors occurred, RLC_ERR otherwise. */ -int cp_bgn_enc2(g2_t out[2], dig_t in, bgn_t pub); +int cp_bgn_enc2(g2_t out[2], const dig_t in, const bgn_t pub); /** * Decrypts in G_2 using the BGN cryptosystem. * - * @param[out] out - the decrypted small integer. - * @param[in] c - the ciphertext. - * @param[in] prv - the private key. + * @param[out] out - the decrypted small integer. + * @param[in] c - the ciphertext. + * @param[in] prv - the private key. * @return RLC_OK if no errors occurred, RLC_ERR otherwise. */ -int cp_bgn_dec2(dig_t *out, g2_t in[2], bgn_t prv); +int cp_bgn_dec2(dig_t *out, const g2_t in[2], const bgn_t prv); /** * Adds homomorphically two BGN ciphertexts in G_T. * - * @param[out] e - the resulting ciphertext. - * @param[in] c - the first ciphertext to add. - * @param[in] d - the second ciphertext to add. + * @param[out] e - the resulting ciphertext. + * @param[in] c - the first ciphertext to add. + * @param[in] d - the second ciphertext to add. * @return RLC_OK if no errors occurred, RLC_ERR otherwise. */ -int cp_bgn_add(gt_t e[4], gt_t c[4], gt_t d[4]); +int cp_bgn_add(gt_t e[4], const gt_t c[4], const gt_t d[4]); /** * Multiplies homomorphically two BGN ciphertexts in G_T. * - * @param[out] e - the resulting ciphertext. - * @param[in] c - the first ciphertext to add. - * @param[in] d - the second ciphertext to add. + * @param[out] e - the resulting ciphertext. + * @param[in] c - the first ciphertext to add. + * @param[in] d - the second ciphertext to add. * @return RLC_OK if no errors occurred, RLC_ERR otherwise. */ -int cp_bgn_mul(gt_t e[4], g1_t c[2], g2_t d[2]); +int cp_bgn_mul(gt_t e[4], const g1_t c[2], const g2_t d[2]); /** * Decrypts in G_T using the BGN cryptosystem. * - * @param[out] out - the decrypted small integer. - * @param[in] c - the ciphertext. - * @param[in] prv - the private key. + * @param[out] out - the decrypted small integer. + * @param[in] c - the ciphertext. + * @param[in] prv - the private key. * @return RLC_OK if no errors occurred, RLC_ERR otherwise. */ -int cp_bgn_dec(dig_t *out, gt_t in[4], bgn_t prv); +int cp_bgn_dec(dig_t *out, const gt_t in[4], const bgn_t prv); /** * Generates a master key for a Private Key Generator (PKG) in the * Boneh-Franklin Identity-Based Encryption (BF-IBE). * * @param[out] master - the master key. - * @param[out] pub - the public key of the private key generator. + * @param[out] pub - the public key of the private key generator. * @return RLC_OK if no errors occurred, RLC_ERR otherwise. */ int cp_ibe_gen(bn_t master, g1_t pub); @@ -1366,7 +1493,7 @@ int cp_ibe_gen(bn_t master, g1_t pub); * @param[in] s - the master key. * @return RLC_OK if no errors occurred, RLC_ERR otherwise. */ -int cp_ibe_gen_prv(g2_t prv, char *id, bn_t master); +int cp_ibe_gen_prv(g2_t prv, const char *id, const bn_t master); /** * Encrypts a message using the BF-IBE protocol. @@ -1379,8 +1506,8 @@ int cp_ibe_gen_prv(g2_t prv, char *id, bn_t master); * @param[in] pub - the public key of the PKG. * @return RLC_OK if no errors occurred, RLC_ERR otherwise. */ -int cp_ibe_enc(uint8_t *out, int *out_len, uint8_t *in, int in_len, char *id, - g1_t pub); +int cp_ibe_enc(uint8_t *out, size_t *out_len, const uint8_t *in, size_t in_len, + const char *id, const g1_t pub); /** * Decrypts a message using the BF-IBE protocol. @@ -1392,7 +1519,8 @@ int cp_ibe_enc(uint8_t *out, int *out_len, uint8_t *in, int in_len, char *id, * @param[in] pub - the private key of the user. * @return RLC_OK if no errors occurred, RLC_ERR otherwise. */ -int cp_ibe_dec(uint8_t *out, int *out_len, uint8_t *in, int in_len, g2_t prv); +int cp_ibe_dec(uint8_t *out, size_t *out_len, const uint8_t *in, size_t in_len, + const g2_t prv); /** * Generates a key pair for the Boneh-Lynn-Schacham (BLS) signature protocol. @@ -1412,7 +1540,7 @@ int cp_bls_gen(bn_t d, g2_t q); * @param[in] d - the private key. * @return RLC_OK if no errors occurred, RLC_ERR otherwise. */ -int cp_bls_sig(g1_t s, uint8_t *msg, int len, bn_t d); +int cp_bls_sig(g1_t s, const uint8_t *msg, int len, const bn_t d); /** * Verifies a message signed with BLS protocol. @@ -1423,7 +1551,7 @@ int cp_bls_sig(g1_t s, uint8_t *msg, int len, bn_t d); * @param[in] q - the public key. * @return a boolean value indicating if the signature is valid. */ -int cp_bls_ver(g1_t s, uint8_t *msg, int len, g2_t q); +int cp_bls_ver(const g1_t s, const uint8_t *msg, size_t len, const g2_t q); /** * Generates a key pair for the Boneh-Boyen (BB) signature protocol. @@ -1445,7 +1573,7 @@ int cp_bbs_gen(bn_t d, g2_t q, gt_t z); * @param[in] d - the private key. * @return RLC_OK if no errors occurred, RLC_ERR otherwise. */ -int cp_bbs_sig(g1_t s, uint8_t *msg, int len, int hash, bn_t d); +int cp_bbs_sig(g1_t s, const uint8_t *msg, size_t len, int hash, const bn_t d); /** * Verifies a message signed with the BB protocol. @@ -1458,7 +1586,8 @@ int cp_bbs_sig(g1_t s, uint8_t *msg, int len, int hash, bn_t d); * @param[out] z - the second component of the public key. * @return a boolean value indicating the verification result. */ -int cp_bbs_ver(g1_t s, uint8_t *msg, int len, int hash, g2_t q, gt_t z); +int cp_bbs_ver(g1_t s, const uint8_t *msg, size_t len, int hash, const g2_t q, + const gt_t z); /** * Generates a key pair for the Camenisch-Lysyanskaya simple signature (CLS) @@ -1484,7 +1613,8 @@ int cp_cls_gen(bn_t u, bn_t v, g2_t x, g2_t y); * @param[in] v - the second part of the private key. * @return RLC_OK if no errors occurred, RLC_ERR otherwise. */ -int cp_cls_sig(g1_t a, g1_t b, g1_t c, uint8_t *msg, int len, bn_t u, bn_t v); +int cp_cls_sig(g1_t a, g1_t b, g1_t c, const uint8_t *msg, size_t len, + const bn_t u, const bn_t v); /** ** Verifies a signature using the CLS protocol. @@ -1498,7 +1628,8 @@ int cp_cls_sig(g1_t a, g1_t b, g1_t c, uint8_t *msg, int len, bn_t u, bn_t v); * @param[in] v - the second part of the public key. * @return a boolean value indicating the verification result. */ -int cp_cls_ver(g1_t a, g1_t b, g1_t c, uint8_t *msg, int len, g2_t x, g2_t y); +int cp_cls_ver(const g1_t a, const g1_t b, const g1_t c, const uint8_t *msg, + size_t len, const g2_t x, const g2_t y); /** * Generates a key pair for the Camenisch-Lysyanskaya message-independent (CLI) @@ -1530,8 +1661,8 @@ int cp_cli_gen(bn_t t, bn_t u, bn_t v, g2_t x, g2_t y, g2_t z); * @param[in] v - the third part of the private key. * @return RLC_OK if no errors occurred, RLC_ERR otherwise. */ -int cp_cli_sig(g1_t a, g1_t A, g1_t b, g1_t B, g1_t c, uint8_t *msg, int len, - bn_t r, bn_t t, bn_t u, bn_t v); +int cp_cli_sig(g1_t a, g1_t A, g1_t b, g1_t B, g1_t c, const uint8_t *msg, + size_t len, const bn_t r, const bn_t t, const bn_t u, const bn_t v); /** * Verifies a message signed using the CLI protocol. @@ -1549,8 +1680,8 @@ int cp_cli_sig(g1_t a, g1_t A, g1_t b, g1_t B, g1_t c, uint8_t *msg, int len, * @param[in] z - the third part of the public key. * @return a boolean value indicating the verification result. */ -int cp_cli_ver(g1_t a, g1_t A, g1_t b, g1_t B, g1_t c, uint8_t *msg, int len, - bn_t r, g2_t x, g2_t y, g2_t z); +int cp_cli_ver(g1_t a, g1_t A, g1_t b, g1_t B, g1_t c, const uint8_t *msg, + size_t len, const bn_t r, const g2_t x, const g2_t y, const g2_t z); /** * Generates a key pair for the Camenisch-Lysyanskaya message-block (CLB) @@ -1562,10 +1693,10 @@ int cp_cli_ver(g1_t a, g1_t A, g1_t b, g1_t B, g1_t c, uint8_t *msg, int len, * @param[out] x - the first part of the public key. * @param[out] y - the second part of the public key. * @param[out] z - the remaining (l - 1) parts of the public key. - * @param[in] l - the number of messages to sign. + * @param[in] l - the number of messages to sign. * @return RLC_OK if no errors occurred, RLC_ERR otherwise. */ -int cp_clb_gen(bn_t t, bn_t u, bn_t v[], g2_t x, g2_t y, g2_t z[], int l); +int cp_clb_gen(bn_t t, bn_t u, bn_t v[], g2_t x, g2_t y, g2_t z[], size_t l); /** * Signs a block of messages using the CLB protocol. @@ -1575,16 +1706,17 @@ int cp_clb_gen(bn_t t, bn_t u, bn_t v[], g2_t x, g2_t y, g2_t z[], int l); * @param[out] b - the next component of the signature. * @param[out] B - the (l - 1) next components of the signature. * @param[out] c - the last component of the signature. - * @param[in] msgs - the l messages to sign. - * @param[in] lens - the l message lengths in bytes. + * @param[in] ms - the l messages to sign. + * @param[in] ls - the l message lengths in bytes. * @param[in] t - the first part of the private key. * @param[in] u - the second part of the private key. * @param[in] v - the remaining (l - 1) parts of the private key. - * @param[in] l - the number of messages to sign. + * @param[in] l - the number of messages to sign. * @return RLC_OK if no errors occurred, RLC_ERR otherwise. */ -int cp_clb_sig(g1_t a, g1_t A[], g1_t b, g1_t B[], g1_t c, uint8_t *msgs[], - int lens[], bn_t t, bn_t u, bn_t v[], int l); +int cp_clb_sig(g1_t a, g1_t A[], g1_t b, g1_t B[], g1_t c, const uint8_t *ms[], + const size_t ls[], const bn_t t, const bn_t u, const bn_t v[], + const size_t l); /** * Verifies a block of messages signed using the CLB protocol. @@ -1594,16 +1726,17 @@ int cp_clb_sig(g1_t a, g1_t A[], g1_t b, g1_t B[], g1_t c, uint8_t *msgs[], * @param[out] b - the next component of the signature. * @param[out] B - the (l - 1) next components of the signature. * @param[out] c - the last component of the signature. - * @param[in] msgs - the l messages to sign. - * @param[in] lens - the l message lengths in bytes. + * @param[in] ms - the l messages to sign. + * @param[in] ls - the l message lengths in bytes. * @param[in] x - the first part of the public key. * @param[in] y - the second part of the public key. - * @param[in] z - the remaining (l - 1) parts of the public key. - * @param[in] l - the number of messages to sign. + * @param[in] z - the remaining (l - 1) parts of the public key. + * @param[in] l - the number of messages to sign. * @return a boolean value indicating the verification result. */ -int cp_clb_ver(g1_t a, g1_t A[], g1_t b, g1_t B[], g1_t c, uint8_t *msgs[], - int lens[], g2_t x, g2_t y, g2_t z[], int l); +int cp_clb_ver(const g1_t a, const g1_t A[], const g1_t b, const g1_t B[], + const g1_t c, const uint8_t *ms[], const size_t ls[], const g2_t x, + const g2_t y, const g2_t z[], size_t l); /** * Generates a key pair for the Pointcheval-Sanders simple signature (PSS) @@ -1623,12 +1756,12 @@ int cp_pss_gen(bn_t u, bn_t v, g2_t g, g2_t x, g2_t y); * * @param[out] a - the first part of the signature. * @param[out] b - the second part of the signature. - * @param[in] m - the message to sign. + * @param[in] m - the message to sign. * @param[in] u - the first part of the private key. * @param[in] v - the second part of the private key. * @return RLC_OK if no errors occurred, RLC_ERR otherwise. */ -int cp_pss_sig(g1_t a, g1_t b, bn_t m, bn_t u, bn_t v); +int cp_pss_sig(g1_t a, g1_t b, const bn_t m, const bn_t u, const bn_t v); /** ** Verifies a signature using the PSS protocol. @@ -1641,7 +1774,8 @@ int cp_pss_sig(g1_t a, g1_t b, bn_t m, bn_t u, bn_t v); * @param[in] v - the third part of the public key. * @return a boolean value indicating the verification result. */ -int cp_pss_ver(g1_t a, g1_t b, bn_t m, g2_t g, g2_t x, g2_t y); +int cp_pss_ver(const g1_t a, const g1_t b, const bn_t m, const g2_t g, + const g2_t x, const g2_t y); /** * Generates a key pair for the multi-part version of the Pointcheval-Sanders @@ -1664,12 +1798,12 @@ int cp_mpss_gen(bn_t r[2], bn_t s[2], g2_t g, g2_t x[2], g2_t y[2]); * @param[in] m - the message to sign. * @param[in] r - the first part of the private key. * @param[in] s - the second part of the private key. - * @param[in] mul_tri - the triple for the multiplication. - * @param[in] sm_tri - the triple for the scalar multiplication. + * @param[in] mul_tri - the triple for the multiplication. + * @param[in] sm_tri - the triple for the scalar multiplication. * @return RLC_OK if no errors occurred, RLC_ERR otherwise. */ -int cp_mpss_sig(g1_t a, g1_t b[2], bn_t m[2], bn_t r[2], bn_t s[2], - mt_t mul_tri[2], mt_t sm_tri[2]); +int cp_mpss_sig(g1_t a, g1_t b[2], const bn_t m[2], const bn_t r[2], + const bn_t s[2], const mt_t mul_tri[2], const mt_t sm_tri[2]); /** * Opens public values in the MPSS protocols, in this case public keys. @@ -1691,12 +1825,13 @@ int cp_mpss_bct(g2_t x[2], g2_t y[2]); * @param[in] g - the first part of the public key. * @param[in] x - the second part of the public key. * @param[in] y - the third part of the public key. - * @param[in] sm_tri - the triple for the scalar multiplication. - * @param[in] pc_tri - the triple for the pairing computation. + * @param[in] sm_tri - the triple for the scalar multiplication. + * @param[in] pc_tri - the triple for the pairing computation. * @return a boolean value indicating the verification result. */ -int cp_mpss_ver(gt_t e, g1_t a, g1_t b[2], bn_t m[2], g2_t h, g2_t x, g2_t y, - mt_t sm_tri[2], pt_t pc_tri[2]); +int cp_mpss_ver(gt_t e, const g1_t a, const g1_t b[2], const bn_t m[2], + const g2_t h, const g2_t x, const g2_t y, const mt_t sm_tri[2], + const pt_t pc_tri[2]); /** * Generates a key pair for the Pointcheval-Sanders block signature (PSB) @@ -1709,7 +1844,7 @@ int cp_mpss_ver(gt_t e, g1_t a, g1_t b[2], bn_t m[2], g2_t h, g2_t x, g2_t y, * @param[out] y - the third part of the public key. * @return RLC_OK if no errors occurred, RLC_ERR otherwise. */ -int cp_psb_gen(bn_t r, bn_t s[], g2_t g, g2_t x, g2_t y[], int l); +int cp_psb_gen(bn_t r, bn_t s[], g2_t g, g2_t x, g2_t y[], size_t l); /** * Signs a block of messages using the PSB protocol. @@ -1719,10 +1854,11 @@ int cp_psb_gen(bn_t r, bn_t s[], g2_t g, g2_t x, g2_t y[], int l); * @param[in] ms - the l messages to sign. * @param[in] r - the first part of the private key. * @param[in] s - the remaining l part of the private key. - * @param[in] l - the number of messages to sign. + * @param[in] l - the number of messages to sign. * @return RLC_OK if no errors occurred, RLC_ERR otherwise. */ -int cp_psb_sig(g1_t a, g1_t b, bn_t ms[], bn_t r, bn_t s[], int l); +int cp_psb_sig(g1_t a, g1_t b, const bn_t ms[], const bn_t r, const bn_t s[], + size_t l); /** * Verifies a block of messages signed using the PSB protocol. @@ -1733,10 +1869,11 @@ int cp_psb_sig(g1_t a, g1_t b, bn_t ms[], bn_t r, bn_t s[], int l); * @param[in] g - the first part of the public key. * @param[in] x - the second part of the public key. * @param[in] y - the remaining l parts of the public key. - * @param[in] l - the number of messages to sign. + * @param[in] l - the number of messages to sign. * @return a boolean value indicating the verification result. */ -int cp_psb_ver(g1_t a, g1_t b, bn_t ms[], g2_t g, g2_t x, g2_t y[], int l); +int cp_psb_ver(const g1_t a, const g1_t b, const bn_t ms[], const g2_t g, + const g2_t x, const g2_t y[], size_t l); /** * Generates a key pair for the multi-part version of the Pointcheval-Sanders @@ -1747,10 +1884,11 @@ int cp_psb_ver(g1_t a, g1_t b, bn_t ms[], g2_t g, g2_t x, g2_t y[], int l); * @param[out] g - the first part of the public key. * @param[out] x - the second part of the public key. * @param[out] y - the third part of the public key. - * @param[in] l - the number of messages to sign. + * @param[in] l - the number of messages to sign. * @return RLC_OK if no errors occurred, RLC_ERR otherwise. */ -int cp_mpsb_gen(bn_t r[2], bn_t s[][2], g2_t h, g2_t x[2], g2_t y[][2], int l); +int cp_mpsb_gen(bn_t r[2], bn_t s[][2], g2_t h, g2_t x[2], g2_t y[][2], + size_t l); /** * Signs a message using the MPSS protocol operating over shares using triples. @@ -1760,23 +1898,24 @@ int cp_mpsb_gen(bn_t r[2], bn_t s[][2], g2_t h, g2_t x[2], g2_t y[][2], int l); * @param[in] m - the messages to sign. * @param[in] r - the first part of the private key. * @param[in] s - the second parts of the private key. - * @param[in] mul_tri - the triple for the multiplication. - * @param[in] sm_tri - the triple for the scalar multiplication. - * @param[in] l - the number of messages to sign. + * @param[in] mul_tri - the triple for the multiplication. + * @param[in] sm_tri - the triple for the scalar multiplication. + * @param[in] l - the number of messages to sign. * @return RLC_OK if no errors occurred, RLC_ERR otherwise. */ -int cp_mpsb_sig(g1_t a, g1_t b[2], bn_t m[][2], bn_t r[2], bn_t s[][2], - mt_t mul_tri[2], mt_t sm_tri[2], int l); +int cp_mpsb_sig(g1_t a, g1_t b[2], const bn_t m[][2], const bn_t r[2], + const bn_t s[][2], const mt_t mul_tri[2], const mt_t sm_tri[2], + size_t l); /** * Opens public values in the MPSS protocols, in this case public keys. * * @param[in,out] x - the shares of the second part of the public key. * @param[in,out] y - the shares of the third part of the public key. - * @param[in] l - the number of messages to sign. + * @param[in] l - the number of messages to sign. * @return RLC_OK if no errors occurred, RLC_ERR otherwise. */ -int cp_mpsb_bct(g2_t x[2], g2_t y[][2], int l); +int cp_mpsb_bct(g2_t x[2], g2_t y[][2], size_t l); /** * Verifies a signature using the MPSS protocol operating over shares using @@ -1789,14 +1928,15 @@ int cp_mpsb_bct(g2_t x[2], g2_t y[][2], int l); * @param[in] g - the first part of the public key. * @param[in] x - the second part of the public key. * @param[in] y - the third parts of the public key. - * @param[in] sm_tri - the triple for the scalar multiplication. - * @param[in] pc_tri - the triple for the pairing computation. - * @param[in] v - the private keys, can be NULL. - * @param[in] l - the number of messages to sign. + * @param[in] sm_tri - the triple for the scalar multiplication. + * @param[in] pc_tri - the triple for the pairing computation. + * @param[in] v - the private keys, can be NULL. + * @param[in] l - the number of messages to sign. * @return a boolean value indicating the verification result. */ -int cp_mpsb_ver(gt_t e, g1_t a, g1_t b[2], bn_t m[][2], g2_t h, g2_t x, - g2_t y[][2], bn_t v[][2], mt_t sm_tri[2], pt_t pc_tri[2], int l); +int cp_mpsb_ver(gt_t e, const g1_t a, const g1_t b[2], const bn_t m[][2], + const g2_t h, const g2_t x, const g2_t y[][2], const bn_t v[][2], + const mt_t sm_tri[2], const pt_t pc_tri[2], size_t l); /** * Generates a Zhang-Safavi-Naini-Susilo (ZSS) key pair. @@ -1817,7 +1957,7 @@ int cp_zss_gen(bn_t d, g1_t q, gt_t z); * @param[in] d - the private key. * @return RLC_OK if no errors occurred, RLC_ERR otherwise. */ -int cp_zss_sig(g2_t s, uint8_t *msg, int len, int hash, bn_t d); +int cp_zss_sig(g2_t s, const uint8_t *msg, size_t len, int hash, const bn_t d); /** * Verifies a message signed with ZSS scheme. @@ -1830,13 +1970,14 @@ int cp_zss_sig(g2_t s, uint8_t *msg, int len, int hash, bn_t d); * @param[out] z - the second component of the public key. * @return a boolean value indicating the verification result. */ -int cp_zss_ver(g2_t s, uint8_t *msg, int len, int hash, g1_t q, gt_t z); +int cp_zss_ver(const g2_t s, const uint8_t *msg, size_t len, int hash, + const g1_t q, const gt_t z); /** * Generates a vBNN-IBS key generation center (KGC). * - * @param[out] msk - the KGC master key. - * @param[out] mpk - the KGC public key. + * @param[out] msk - the KGC master key. + * @param[out] mpk - the KGC public key. * @return RLC_OK if no errors occurred, RLC_ERR otherwise. */ int cp_vbnn_gen(bn_t msk, ec_t mpk); @@ -1844,284 +1985,321 @@ int cp_vbnn_gen(bn_t msk, ec_t mpk); /** * Extract a user key from an identity and a vBNN-IBS key generation center. * - * @param[out] sk - the extracted vBNN-IBS user private key. - * @param[out] pk - the extracted vBNN-IBS user public key. - * @param[in] msk - the KGC master key. + * @param[out] sk - the extracted vBNN-IBS user private key. + * @param[out] pk - the extracted vBNN-IBS user public key. + * @param[in] msk - the KGC master key. * @param[in] id - the identity used for extraction. * @param[in] id_len - the identity length in bytes. * @return RLC_OK if no errors occurred, RLC_ERR otherwise. */ -int cp_vbnn_gen_prv(bn_t sk, ec_t pk, bn_t msk, uint8_t *id, int id_len); +int cp_vbnn_gen_prv(bn_t sk, ec_t pk, const bn_t msk, const uint8_t *id, + size_t id_len); /** * Signs a message using the vBNN-IBS scheme. * * @param[out] r - the R value of the signature. - * @param[out] z - the z value of the signature. - * @param[out] h - the h value of the signature. - * @param[in] id - the identity buffer. - * @param[in] id_len - the size of identity buffer. - * @param[in] msg - the message buffer to sign. - * @param[in] msg_len - the size of message buffer. - * @param[in] sk - the signer private key. + * @param[out] z - the z value of the signature. + * @param[out] h - the h value of the signature. + * @param[in] id - the identity buffer. + * @param[in] id_len - the size of identity buffer. + * @param[in] msg - the message buffer to sign. + * @param[in] msg_len - the size of message buffer. + * @param[in] sk - the signer private key. * @return RLC_OK if no errors occurred, RLC_ERR otherwise. */ -int cp_vbnn_sig(ec_t r, bn_t z, bn_t h, uint8_t *id, int id_len, uint8_t *msg, - int msg_len, bn_t sk, ec_t pk); +int cp_vbnn_sig(ec_t r, bn_t z, bn_t h, const uint8_t *id, size_t id_len, + const uint8_t *msg, int msg_len, const bn_t sk, const ec_t pk); /** * Verifies a signature and message using the vBNN-IBS scheme. * * @param[in] r - the R value of the signature. - * @param[in] z - the z value of the signature. - * @param[in] h - the h value of the signature. - * @param[in] id - the identity buffer. - * @param[in] id_len - the size of identity buffer. - * @param[in] msg - the message buffer to sign. - * @param[in] msg_len - the size of message buffer. + * @param[in] z - the z value of the signature. + * @param[in] h - the h value of the signature. + * @param[in] id - the identity buffer. + * @param[in] id_len - the size of identity buffer. + * @param[in] msg - the message buffer to sign. + * @param[in] msg_len - the size of message buffer. * @param[in] mpk - the master public key of the generation center. * @return RLC_OK if no errors occurred, RLC_ERR otherwise. */ -int cp_vbnn_ver(ec_t r, bn_t z, bn_t h, uint8_t *id, int id_len, uint8_t *msg, - int msg_len, ec_t mpk); +int cp_vbnn_ver(const ec_t r, const bn_t z, const bn_t h, const uint8_t *id, + size_t id_len, const uint8_t *msg, int msg_len, const ec_t mpk); /** * Computes the proof of knowledge of a discrete logarithm of an elliptic curve * point to a generator. Proves that y = [x]G. * - * @param[out] c - the challenge. - * @param[out] r - the response. - * @param[in] y - the elliptic curve point - * @param[in] x - the discrete logarithm to prove. + * @param[out] c - the challenge. + * @param[out] r - the response. + * @param[in] y - the elliptic curve point + * @param[in] x - the discrete logarithm to prove. * @return RLC_OK if no errors occurred, RLC_ERR otherwise. */ -int cp_pokdl_prv(bn_t c, bn_t r, ec_t y, bn_t x); +int cp_pokdl_prv(bn_t c, bn_t r, const ec_t y, const bn_t x); /** * Verifies the proof of knowledge of a discrete logarithm of an elliptic curve * point to a generator. Verifies that y = [x]G. * - * @param[in] c - the challenge. - * @param[in] r - the response. - * @param[in] y - the elliptic curve point. + * @param[in] c - the challenge. + * @param[in] r - the response. + * @param[in] y - the elliptic curve point. * @return a boolean value indicating the verification result. */ -int cp_pokdl_ver(bn_t c, bn_t r, ec_t y); +int cp_pokdl_ver(const bn_t c, const bn_t r, const ec_t y); /** * Computes the proof of knowledge of a discrete logarithm of an elliptic curve * point to a generator. Proves that y0 = [x]G or y[1] = [x]G. * - * @param[out] c - the challenges. - * @param[out] r - the responses. - * @param[in] y - the elliptic curve points. - * @param[in] x - the discrete logarithm to prove. + * @param[out] c - the challenges. + * @param[out] r - the responses. + * @param[in] y - the elliptic curve points. + * @param[in] x - the discrete logarithm to prove. * @return RLC_OK if no errors occurred, RLC_ERR otherwise. */ -int cp_pokor_prv(bn_t c[2], bn_t r[2], ec_t y[2], bn_t x); +int cp_pokor_prv(bn_t c[2], bn_t r[2], const ec_t y[2], const bn_t x); /** * Verifies the proof of knowledge of a discrete logarithm of an elliptic curve * point to a generator. Verifies that y = [x]G. * - * @param[in] c - the challenges. - * @param[in] r - the responses. - * @param[in] y - the elliptic curve points. + * @param[in] c - the challenges. + * @param[in] r - the responses. + * @param[in] y - the elliptic curve points. * @return a boolean value indicating the verification result. */ -int cp_pokor_ver(bn_t c[2], bn_t r[2], ec_t y[2]); +int cp_pokor_ver(const bn_t c[2], const bn_t r[2], const ec_t y[2]); /** * Computes the proof of knowledge of a discrete logarithm of an elliptic curve * point to a generator. Proves that y = [x]G. * - * @param[out] c - the challenge. - * @param[out] r - the response. - * @param[in] msg - the message to sign. - * @param[in] len - the length of the message. - * @param[in] y - the elliptic curve point - * @param[in] x - the discrete logarithm to prove. + * @param[out] c - the challenge. + * @param[out] r - the response. + * @param[in] msg - the message to sign. + * @param[in] len - the length of the message. + * @param[in] y - the elliptic curve point + * @param[in] x - the discrete logarithm to prove. * @return RLC_OK if no errors occurred, RLC_ERR otherwise. */ -int cp_sokdl_sig(bn_t c, bn_t r, uint8_t *msg, int len, ec_t y, bn_t x); +int cp_sokdl_sig(bn_t c, bn_t r, const uint8_t *msg, size_t len, const ec_t y, + const bn_t x); /** * Verifies the proof of knowledge of a discrete logarithm of an elliptic curve * point to a generator. Verifies that y = [x]G. * - * @param[in] c - the challenge. - * @param[in] r - the response. - * @param[in] msg - the message to sign. - * @param[in] len - the length of the message. - * @param[in] y - the elliptic curve point. + * @param[in] c - the challenge. + * @param[in] r - the response. + * @param[in] msg - the message to sign. + * @param[in] len - the length of the message. + * @param[in] y - the elliptic curve point. * @return a boolean value indicating the verification result. */ -int cp_sokdl_ver(bn_t c, bn_t r, uint8_t *msg, int len, ec_t y); +int cp_sokdl_ver(const bn_t c, const bn_t r, const uint8_t *msg, size_t len, + const ec_t y); /** * Computes the proof of knowledge of a discrete logarithm of an elliptic curve * point to a generator. Proves that y0 = [x]G or y1 = [x]G. * - * @param[out] c - the challenges. - * @param[out] r - the responses. - * @param[in] msg - the message to sign. - * @param[in] len - the length of the message. - * @param[in] y - the elliptic curve points. - * @param[in] x - the discrete logarithm to prove. - * @param[in] first - the flag to indicate the point fort which the + * @param[out] c - the challenges. + * @param[out] r - the responses. + * @param[in] msg - the message to sign. + * @param[in] len - the length of the message. + * @param[in] y - the elliptic curve points. + * @param[in] g - the elliptic curve generators. + * @param[in] x - the discrete logarithm to prove. + * @param[in] first - the flag to indicate the point for which the * discrete logarithm is known. * @return RLC_OK if no errors occurred, RLC_ERR otherwise. */ -int cp_sokor_sig(bn_t c[2], bn_t r[2], uint8_t *msg, int len, ec_t y[2], - bn_t x, int first); +int cp_sokor_sig(bn_t c[2], bn_t r[2], const uint8_t *msg, size_t len, + const ec_t y[2], const ec_t g[2], const bn_t x, int first); /** * Verifies the proof of knowledge of a discrete logarithm of an elliptic curve * point to a generator. Verifies that y = [x]G. * - * @param[in] c - the challenges. - * @param[in] r - the responses. - * @param[in] msg - the message to sign. - * @param[in] len - the length of the message. - * @param[in] y - the elliptic curve points. + * @param[in] c - the challenges. + * @param[in] r - the responses. + * @param[in] msg - the message to sign. + * @param[in] len - the length of the message. + * @param[in] y - the elliptic curve points. + * @param[in] g - the elliptic curve generators. * @return a boolean value indicating the verification result. */ -int cp_sokor_ver(bn_t c[2], bn_t r[2], uint8_t *msg, int len, ec_t y[2]); +int cp_sokor_ver(const bn_t c[2], const bn_t r[2], const uint8_t *msg, + size_t len, const ec_t y[2], const ec_t g[2]); /** * Generates the public parameters of the extendable ring signature. * - * @åaram[out] pp - the public parameters. + * @åaram[out] pp - the public parameters. */ int cp_ers_gen(ec_t pp); /** * Generates a key pair for the extendable ring signature. * - * @åaram[out] sk - the private key. - * @param[out] pk - the public key. + * @åaram[out] sk - the private key. + * @param[out] pk - the public key. */ int cp_ers_gen_key(bn_t sk, ec_t pk); /** * Signs a message using the extendable ring signature scheme. * - * @param[out] td - the signature trapdoor. - * @param[out] p - the resulting signature. - * @param[in] msg - the message to sign. - * @param[in] len - the message length. + * @param[out] td - the signature trapdoor. + * @param[out] p - the resulting signature. + * @param[in] msg - the message to sign. + * @param[in] len - the message length. * @param[in] sk - the signer's private key. * @param[in] pk - the singer's public key. * @param[in] pp - the public parameters. */ -int cp_ers_sig(bn_t td, ers_t p, uint8_t *msg, int len, bn_t sk, ec_t pk, - ec_t pp); +int cp_ers_sig(bn_t td, ers_t p, const uint8_t *msg, size_t len, const bn_t sk, + const ec_t pk, const ec_t pp); /** * Verifies an extendable ring signature scheme over some messages. * - * @param[in] td - the signature trapdoor. - * @param[in] s - the ring of signatures. - * @param[in] size - the number of signatures in the ring. - * @param[in] msg - the message to sign. - * @param[in] len - the message length. + * @param[in] td - the signature trapdoor. + * @param[in] s + - the ring of signatures. + * @param[in] size - the number of signatures in the ring. + * @param[in] msg - the message to sign. + * @param[in] len - the message length. * @param[in] pp - the public parameters. */ -int cp_ers_ver(bn_t td, ers_t *s, int size, uint8_t *msg, int len, ec_t pp); +int cp_ers_ver(const bn_t td, const ers_t *s, size_t size, const uint8_t *msg, + size_t len, const ec_t pp); /** * Extends an extendable ring signature with a new signature. * - * @param[in] td - the signature trapdoor. - * @param[in] p - the ring of signatures. - * @param[in] size - the number of signatures in the ring. - * @param[in] msg - the message to sign. - * @param[in] len - the message length. + * @param[out] td - the signature trapdoor. + * @param[in] p - the ring of signatures. + * @param[in] size - the number of signatures in the ring. + * @param[in] msg - the message to sign. + * @param[in] len - the message length. * @param[in] pk - the singer's public key. * @param[in] pp - the public parameters. */ -int cp_ers_ext(bn_t td, ers_t *p, int *size, uint8_t *msg, int len, ec_t pk, - ec_t pp); +int cp_ers_ext(bn_t td, ers_t *p, size_t *size, const uint8_t *msg, size_t len, + const ec_t pk, const ec_t pp); /** - * Generates the public parameters of the extendable threshold ring signature. + * Signs a message using the same-message linkable extendable ring signature + * scheme. * - * @åaram[out] pp - the public parameters. + * @param[out] td - the signature trapdoor. + * @param[out] p - the resulting signature. + * @param[in] msg - the message to sign. + * @param[in] len - the message length. + * @param[in] sk - the signer's private key. + * @param[in] pk - the singer's public key. + * @param[in] pp - the public parameters. */ -int cp_etrs_gen(ec_t pp); +int cp_smlers_sig(bn_t td, smlers_t p, const uint8_t *msg, size_t len, + const bn_t sk, const ec_t pk, const ec_t pp); /** - * Generates a key pair for the extendable threshold ring signature. + * Verifies a same-message linkable extendable ring signature. * - * @åaram[out] sk - the private key. - * @param[out] pk - the public key. + * @param[in] td - the signature trapdoor. + * @param[in] s - the ring of signatures. + * @param[in] size - the number of signatures in the ring. + * @param[in] msg - the message to sign. + * @param[in] len - the message length. + * @param[in] pp - the public parameters. */ -int cp_etrs_gen_key(bn_t sk, ec_t pk); +int cp_smlers_ver(bn_t td, smlers_t *s, size_t size, const uint8_t *msg, + size_t len, const ec_t pp); + +/** + * Extends a same-message extendable ring signature with a new signature. + * + * @param[out] td - the signature trapdoor. + * @param[in] p - the ring of signatures. + * @param[in] size - the number of signatures in the ring. + * @param[in] msg - the message to sign. + * @param[in] len - the message length. + * @param[in] pk - the singer's public key. + * @param[in] pp - the public parameters. + */ +int cp_smlers_ext(bn_t td, smlers_t *p, size_t *size, const uint8_t *msg, + size_t len, const ec_t pk, const ec_t pp); /** * Signs a message using the extendable threshold ring signature scheme. * - * @param[out] td - the signature trapdoors. - * @param[out] y - the signature randomness. - * @param[out] max - the maximum number of extensions. - * @param[out] p - the resulting signature. - * @param[in] msg - the message to sign. - * @param[in] len - the message length. + * @param[out] td - the signature trapdoors. + * @param[out] y - the signature randomness. + * @param[out] max - the maximum number of extensions. + * @param[out] p - the resulting signature. + * @param[in] msg - the message to sign. + * @param[in] len - the message length. * @param[in] sk - the signer's private key. * @param[in] pk - the singer's public key. * @param[in] pp - the public parametetrs. */ -int cp_etrs_sig(bn_t *td, bn_t *y, int max, etrs_t p, uint8_t *msg, int len, - bn_t sk, ec_t pk, ec_t pp); +int cp_etrs_sig(bn_t *td, bn_t *y, size_t max, etrs_t p, const uint8_t *msg, + size_t len, const bn_t sk, const ec_t pk, const ec_t pp); /** * Verifies an extendable threshold ring signature scheme over some messages. * - * @param[in] thres - the specified threshold. - * @param[in] td - the signature trapdoors. - * @param[in] y - the signature randomness. - * @param[in] max - the maximum number of extensions. - * @param[in] s - the ring of signatures. - * @param[in] size - the number of signatures in the ring. - * @param[in] msg - the message to sign. - * @param[in] len - the message length. + * @param[in] thres - the specified threshold. + * @param[in] td - the signature trapdoors. + * @param[in] y - the signature randomness. + * @param[in] max - the maximum number of extensions. + * @param[in] s - the ring of signatures. + * @param[in] size - the number of signatures in the ring. + * @param[in] msg - the message to sign. + * @param[in] len - the message length. * @param[in] pp - the public parametetrs. */ -int cp_etrs_ver(int thres, bn_t *td, bn_t *y, int max, etrs_t *s, int size, - uint8_t *msg, int len, ec_t pp); +int cp_etrs_ver(size_t thres, const bn_t *td, const bn_t *y, size_t max, + const etrs_t *s, size_t size, const uint8_t *msg, size_t len, + const ec_t pp); /** * Extends an extendable threshold ring signature with a new signature. * - * @param[in] td - the signature trapdoors. - * @param[in] y - the signature randomness. - * @param[in] max - the maximum number of extensions. - * @param[in] p - the ring of signatures. - * @param[in] size - the number of signatures in the ring. - * @param[in] msg - the message to sign. - * @param[in] len - the message length. + * @param[out] td - the signature trapdoors. + * @param[in] y - the signature randomness. + * @param[in] max - the maximum number of extensions. + * @param[in] p - the ring of signatures. + * @param[in] size - the number of signatures in the ring. + * @param[in] msg - the message to sign. + * @param[in] len - the message length. * @param[in] pk - the singer's public key. * @param[in] pp - the public parametetrs. */ -int cp_etrs_ext(bn_t *td, bn_t *y, int max, etrs_t *p, int *size, uint8_t *msg, - int len, ec_t pk, ec_t pp); +int cp_etrs_ext(bn_t *td, bn_t *y, size_t max, etrs_t *p, size_t *size, + const uint8_t *msg, size_t len, const ec_t pk, const ec_t pp); /** * Joins an extendable threshold ring signature with a new signature. * - * @param[in] thres - the specified threshold. - * @param[in] td - the signature trapdoors. - * @param[in] y - the signature randomness. - * @param[in] max - the maximum number of extensions. - * @param[in] p - the ring of signatures. - * @param[in] size - the number of signatures in the ring. - * @param[in] msg - the message to sign. - * @param[in] len - the message length. + * @param[in] thres - the specified threshold. + * @param[in] td - the signature trapdoors. + * @param[in] y - the signature randomness. + * @param[in] max - the maximum number of extensions. + * @param[in] p - the ring of signatures. + * @param[in] size - the number of signatures in the ring. + * @param[in] msg - the message to sign. + * @param[in] len - the message length. * @param[in] sk - the signer's private key. * @param[in] pk - the singer's public key. * @param[in] pp - the public parametetrs. */ -int cp_etrs_uni(int thres, bn_t *td, bn_t *y, int max, etrs_t *p, int *size, - uint8_t *msg, int len, bn_t sk, ec_t pk, ec_t pp); +int cp_etrs_uni(int thres, bn_t *td, bn_t *y, int max, etrs_t *p, size_t *size, + const uint8_t *msg, size_t len, const bn_t sk, const ec_t pk, + const ec_t pp); /** * Initialize the Context-hiding Multi-key Homomorphic Signature scheme (CMLHS). * The scheme due to Schabhuser et al. signs a vector of messages. @@ -2134,43 +2312,45 @@ int cp_cmlhs_init(g1_t h); /** * Generates a key pair for the CMLHS scheme using BLS as underlying signature. * - * @param[out] x - the exponent values, one per label. - * @param[out] hs - the hash values, one per label. + * @param[out] x - the exponent values, one per label. + * @param[out] hs - the hash values, one per label. * @param[in] len - the number of possible labels. - * @param[out] prf - the key for the pseudo-random function (PRF). - * @param[out] plen - the PRF key length. - * @param[out] sk - the private key for the BLS signature scheme. - * @param[out] pk - the public key for the BLS signature scheme. - * @param[out] d - the secret exponent. - * @param[out] y - the corresponding public element. + * @param[out] prf - the key for the pseudo-random function (PRF). + * @param[out] plen - the PRF key length. + * @param[out] sk - the private key for the BLS signature scheme. + * @param[out] pk - the public key for the BLS signature scheme. + * @param[out] d - the secret exponent. + * @param[out] y - the corresponding public element. + * @param[in] bls - the flag for selecting BLS or ECDSA. * @return RLC_OK if no errors occurred, RLC_ERR otherwise. */ -int cp_cmlhs_gen(bn_t x[], gt_t hs[], int len, uint8_t prf[], int plen, - bn_t sk, g2_t pk, bn_t d, g2_t y); +int cp_cmlhs_gen(bn_t x[], gt_t hs[], size_t len, uint8_t prf[], size_t plen, + bn_t sk, g2_t pk, bn_t d, g2_t y, int bls); /** * Signs a message vector using the CMLHS. * - * @param[out] sig - the resulting BLS signature. - * @param[out] z - the power of the output of the PRF. - * @param[out] a - the first component of the signature. - * @param[out] c - the second component of the signature. - * @param[out] r - the third component of the signature. - * @param[out] s - the fourth component of the signature. - * @param[in] msg - the message vector to sign (one component). - * @param[in] data - the dataset identifier. - * @param[in] label - the integer label. - * @param[in] x - the exponent value for the label. - * @param[in] h - the random value (message has one component). - * @param[in] prf - the key for the pseudo-random function (PRF). - * @param[in] plen - the PRF key length. - * @param[in] sk - the private key for the BLS signature scheme. - * @param[out] d - the secret exponent. - * @return RLC_OK if no errors occurred, RLC_ERR otherwise. - */ -int cp_cmlhs_sig(g1_t sig, g2_t z, g1_t a, g1_t c, g1_t r, g2_t s, bn_t msg, - char *data, int label, bn_t x, g1_t h, uint8_t prf[], int plen, - bn_t sk, bn_t d); + * @param[out] sig - the resulting BLS signature. + * @param[out] z - the power of the output of the PRF. + * @param[out] a - the first component of the signature. + * @param[out] c - the second component of the signature. + * @param[out] r - the third component of the signature. + * @param[out] s - the fourth component of the signature. + * @param[in] msg - the message vector to sign (one component). + * @param[in] data - the dataset identifier. + * @param[in] label - the integer label. + * @param[in] x - the exponent value for the label. + * @param[in] h - the random value (message has one component). + * @param[in] prf - the key for the pseudo-random function (PRF). + * @param[in] plen - the PRF key length. + * @param[in] sk - the private key for the signature scheme. + * @param[in] d - the secret exponent. + * @param[in] bls - the flag for selecting BLS or ECDSA. + * @return RLC_OK if no errors occurred, RLC_ERR otherwise. + */ +int cp_cmlhs_sig(g1_t sig, g2_t z, g1_t a, g1_t c, g1_t r, g2_t s, + const bn_t msg, const char *data, int label, const bn_t x, const g1_t h, + const uint8_t prf[], size_t plen, const bn_t sk, const bn_t d, int bls); /** * Applies a function over a set of CMLHS signatures from the same user. @@ -2179,11 +2359,12 @@ int cp_cmlhs_sig(g1_t sig, g2_t z, g1_t a, g1_t c, g1_t r, g2_t s, bn_t msg, * @param[out] c - the resulting second component of the signature. * @param[in] as - the vector of first components of the signatures. * @param[in] cs - the vector of second components of the signatures. - * @param[in] f - the linear coefficients in the function. + * @param[in] f - the linear coefficients in the function. * @param[in] len - the number of coefficients. * @return RLC_OK if no errors occurred, RLC_ERR otherwise. */ -int cp_cmlhs_fun(g1_t a, g1_t c, g1_t as[], g1_t cs[], dig_t f[], int len); +int cp_cmlhs_fun(g1_t a, g1_t c, const g1_t as[], const g1_t cs[], + const dig_t f[], size_t len); /** * Evaluates a function over a set of CMLHS signatures. @@ -2192,76 +2373,83 @@ int cp_cmlhs_fun(g1_t a, g1_t c, g1_t as[], g1_t cs[], dig_t f[], int len); * @param[out] s - the resulting fourth component of the signature. * @param[in] rs - the vector of third components of the signatures. * @param[in] ss - the vector of fourth components of the signatures. - * @param[in] f - the linear coefficients in the function. + * @param[in] f - the linear coefficients in the function. * @param[in] len - the number of coefficients. * @return RLC_OK if no errors occurred, RLC_ERR otherwise. */ -int cp_cmlhs_evl(g1_t r, g2_t s, g1_t rs[], g2_t ss[], dig_t f[], int len); +int cp_cmlhs_evl(g1_t r, g2_t s, const g1_t rs[], const g2_t ss[], + const dig_t f[], size_t len); /** * Verifies a CMLHS signature over a set of messages. * - * @param[in] r - the first component of the homomorphic signature. - * @param[in] s - the second component of the homomorphic signature. - * @param[in] sig - the BLS signatures. - * @param[in] z - the powers of the outputs of the PRF. + * @param[in] r - the first component of the homomorphic signature. + * @param[in] s - the second component of the homomorphic signature. + * @param[in] sig - the BLS signatures. + * @param[in] z - the powers of the outputs of the PRF. * @param[in] a - the vector of first components of the signatures. * @param[in] c - the vector of second components of the signatures. - * @param[in] msg - the combined message. - * @param[in] data - the dataset identifier. + * @param[in] msg - the combined message. + * @param[in] data - the dataset identifier. * @param[in] h - the random element (message has one component). - * @param[in] label - the integer labels. - * @param[in] hs - the hash values, one per label. - * @param[in] f - the linear coefficients in the function. + * @param[in] label - the integer labels. + * @param[in] hs - the hash values, one per label. + * @param[in] f - the linear coefficients in the function. * @param[in] flen - the number of coefficients. - * @param[in] y - the public elements of the users. - * @param[in] pk - the public keys of the users. - * @param[in] slen - the number of signatures. + * @param[in] y - the public elements of the users. + * @param[in] pk - the public keys of the users. + * @param[in] slen - the number of signatures. + * @param[in] bls - the flag for selecting BLS or ECDSA. * @return a boolean value indicating the verification result. */ -int cp_cmlhs_ver(g1_t r, g2_t s, g1_t sig[], g2_t z[], g1_t a[], g1_t c[], - bn_t m, char *data, g1_t h, int label[], gt_t * hs[], - dig_t *f[], int flen[], g2_t y[], g2_t pk[], int slen); +int cp_cmlhs_ver(const g1_t r, const g2_t s, const g1_t sig[], const g2_t z[], + const g1_t a[], const g1_t c[], const bn_t m, const char *data, + const g1_t h, const int label[], const gt_t * hs[], const dig_t *f[], + const size_t flen[], const g2_t y[], const g2_t pk[], size_t slen, + int bls); /** * Perform the offline verification of a CMLHS signature over a set of messages. * * @param[out] vk - the verification key. * @param[in] h - the random element (message has one component). - * @param[in] label - the integer labels. - * @param[in] hs - the hash values, one per label. - * @param[in] f - the linear coefficients in the function. + * @param[in] label - the integer labels. + * @param[in] hs - the hash values, one per label. + * @param[in] f - the linear coefficients in the function. * @param[in] flen - the number of coefficients. - * @param[in] y - the public elements of the users. - * @param[in] pk - the public keys of the users. - * @param[in] slen - the number of signatures. + * @param[in] y - the public elements of the users. + * @param[in] pk - the public keys of the users. + * @param[in] slen - the number of signatures. * @return a boolean value indicating the verification result. */ -void cp_cmlhs_off(gt_t vk, g1_t h, int label[], gt_t * hs[], dig_t *f[], - int flen[], g2_t y[], g2_t pk[], int slen); +void cp_cmlhs_off(gt_t vk, const g1_t h, const int label[], const gt_t *hs[], + const dig_t *f[], const size_t flen[], size_t slen); /** * Perform the online verification of a CMLHS signature over a set of messages. * - * @param[in] r - the first component of the homomorphic signature. - * @param[in] s - the second component of the homomorphic signature. - * @param[in] sig - the BLS signatures. - * @param[in] z - the powers of the outputs of the PRF. + * @param[in] r - the first component of the homomorphic signature. + * @param[in] s - the second component of the homomorphic signature. + * @param[in] sig - the BLS signatures. + * @param[in] z - the powers of the outputs of the PRF. * @param[in] a - the vector of first components of the signatures. * @param[in] c - the vector of second components of the signatures. - * @param[in] msg - the combined message. - * @param[in] data - the dataset identifier. + * @param[in] msg - the combined message. + * @param[in] data - the dataset identifier. * @param[in] h - the random element (message has one component). * @param[in] vk - the verification key. + * @param[in] bls - the flag for selecting BLS or ECDSA. * @return a boolean value indicating the verification result. */ -int cp_cmlhs_onv(g1_t r, g2_t s, g1_t sig[], g2_t z[], g1_t a[], g1_t c[], - bn_t msg, char *data, g1_t h, gt_t vk, g2_t y[], g2_t pk[], int slen); +int cp_cmlhs_onv(const g1_t r, const g2_t s, const g1_t sig[], const g2_t z[], + const g1_t a[], const g1_t c[], const bn_t msg, const char *data, + const g1_t h, const gt_t vk, const g2_t y[], const g2_t pk[], + size_t slen, int bls); /** * Generates a key pair for the Multi-Key Homomorphic Signature (MKLHS) scheme. * - * @param[out] sk - the private key for the signature scheme. - * @param[out] pk - the public key for the signature scheme. + * @param[out] sk - the private key for the signature scheme. + * @param[out] pk - the public key for the signature scheme. * @return RLC_OK if no errors occurred, RLC_ERR otherwise. */ int cp_mklhs_gen(bn_t sk, g2_t pk); @@ -2269,88 +2457,254 @@ int cp_mklhs_gen(bn_t sk, g2_t pk); /** * Signs a message using the MKLHS. * - * @param[out] s - the resulting signature. - * @param[in] m - the message to sign. - * @param[in] data - the dataset identifier. - * @param[in] id - the identity. - * @param[in] tag - the tag. - * @param[in] sk - the private key for the signature scheme. + * @param[out] s - the resulting signature. + * @param[in] m - the message to sign. + * @param[in] data - the dataset identifier. + * @param[in] id - the identity. + * @param[in] tag - the tag. + * @param[in] sk - the private key for the signature scheme. * @return RLC_OK if no errors occurred, RLC_ERR otherwise. */ -int cp_mklhs_sig(g1_t s, bn_t m, char *data, char *id, char *tag, bn_t sk); +int cp_mklhs_sig(g1_t s, const bn_t m, const char *data, const char *id, + const char *tag, const bn_t sk); /** * Applies a function over a set of messages from the same user. * * @param[out] mu - the combined message. * @param[in] m - the vector of individual messages. - * @param[in] f - the linear coefficients in the function. + * @param[in] f - the linear coefficients in the function. * @param[in] len - the number of coefficients. * @return RLC_OK if no errors occurred, RLC_ERR otherwise. */ -int cp_mklhs_fun(bn_t mu, bn_t m[], dig_t f[], int len); +int cp_mklhs_fun(bn_t mu, const bn_t m[], const dig_t f[], size_t len); /** * Evaluates a function over a set of MKLHS signatures. * * @param[out] sig - the resulting signature. * @param[in] s - the set of signatures. - * @param[in] f - the linear coefficients in the function. + * @param[in] f - the linear coefficients in the function. * @param[in] len - the number of coefficients. * @return RLC_OK if no errors occurred, RLC_ERR otherwise. */ -int cp_mklhs_evl(g1_t sig, g1_t s[], dig_t f[], int len); +int cp_mklhs_evl(g1_t sig, const g1_t s[], const dig_t f[], size_t len); /** * Verifies a MKLHS signature over a set of messages. * - * @param[in] sig - the homomorphic signature to verify. - * @param[in] m - the signed message. + * @param[in] sig - the homomorphic signature to verify. + * @param[in] m - the signed message. * @param[in] mu - the vector of signed messages per user. - * @param[in] data - the dataset identifier. - * @param[in] id - the vector of identities. - * @param[in] tag - the vector of tags. - * @param[in] f - the linear coefficients in the function. + * @param[in] data - the dataset identifier. + * @param[in] id - the vector of identities. + * @param[in] tag - the vector of tags. + * @param[in] f - the linear coefficients in the function. * @param[in] flen - the number of coefficients. - * @param[in] pk - the public keys of the users. - * @param[in] slen - the number of signatures. + * @param[in] pk - the public keys of the users. + * @param[in] slen - the number of signatures. * @return a boolean value indicating the verification result. */ -int cp_mklhs_ver(g1_t sig, bn_t m, bn_t mu[], char *data, char *id[], - char *tag[], dig_t *f[], int flen[], g2_t pk[], int slen); +int cp_mklhs_ver(const g1_t sig, const bn_t m, const bn_t mu[], + const char *data, const char *id[], const char *tag[], const dig_t *f[], + const size_t flen[], const g2_t pk[], size_t slen); /** * Computes the offline part of veryfying a MKLHS signature over a set of * messages. * - * @param[out] h - the hashes of labels - * @param[out] ft - the precomputed linear coefficients. - * @param[in] id - the vector of identities. - * @param[in] tag - the vector of tags. - * @param[in] f - the linear coefficients in the function. + * @param[out] h - the hashes of labels + * @param[out] ft - the precomputed linear coefficients. + * @param[in] id - the vector of identities. + * @param[in] tag - the vector of tags. + * @param[in] f - the linear coefficients in the function. * @param[in] flen - the number of coefficients. - * @param[in] slen - the number of signatures. + * @param[in] slen - the number of signatures. * @return RLC_OK if no errors occurred, RLC_ERR otherwise. */ -int cp_mklhs_off(g1_t h[], dig_t ft[], char *id[], char *tag[], dig_t *f[], - int flen[], int slen); +int cp_mklhs_off(g1_t h[], dig_t ft[], const char *id[], const char *tag[], + const dig_t *f[], const size_t flen[], size_t slen); /** * Computes the online part of veryfying a MKLHS signature over a set of * messages. * - * @param[in] sig - the homomorphic signature to verify. - * @param[in] m - the signed message. + * @param[in] sig - the homomorphic signature to verify. + * @param[in] m - the signed message. * @param[in] mu - the vector of signed messages per user. - * @param[in] data - the dataset identifier. - * @param[in] id - the vector of identities. - * @param[in] d - the hashes of labels. - * @param[in] ft - the precomputed linear coefficients. - * @param[in] pk - the public keys of the users. - * @param[in] slen - the number of signatures. + * @param[in] data - the dataset identifier. + * @param[in] id - the vector of identities. + * @param[in] d - the hashes of labels. + * @param[in] ft - the precomputed linear coefficients. + * @param[in] pk - the public keys of the users. + * @param[in] slen - the number of signatures. * @return a boolean value indicating the verification result. */ -int cp_mklhs_onv(g1_t sig, bn_t m, bn_t mu[], char *data, char *id[], g1_t h[], - dig_t ft[], g2_t pk[], int slen); +int cp_mklhs_onv(const g1_t sig, const bn_t m, const bn_t mu[], + const char *data, const char *id[], const g1_t h[], const dig_t ft[], + const g2_t pk[], size_t slen); + +/** + * Generates the trusted setup parameters for the factoring-based laconic + * Private Set Intersection (RSA-PSI) protocol. + * + * @param[out] g - the generator. + * @param[out] n - the modulus. + * @param[in] bits - the precision in bits. + */ +int cp_rsapsi_gen(bn_t g, bn_t n, size_t bits); + +/** + * Computes the receiver part of the RSA-PSI protocol, given its input set. + * + * @param[out] d - the resulting accumulator. + * @param[out] r - the random nonce. + * @param[out] p - the mapping of elements to prime numbers. + * @param[in] g - the generator given by the trusted setup. + * @param[in] n - the modulus given by the trusted setup. + * @param[in] x - the receiver's input set. + * @param[in] m - the receiver's input set size. + */ +int cp_rsapsi_ask(bn_t d, bn_t r, bn_t p[], const bn_t g, const bn_t n, + const bn_t x[], size_t m); + +/** + * Computes the sender part of the RSA-PSI protocol, given its input set. + * + * @param[out] t - the accumulator results. + * @param[out] u - the missing elements in the exponent. + * @param[in] d - the receiver's accumulator. + * @param[in] g - the generator given by the trusted setup. + * @param[in] n - the modulus given by the trusted setup. + * @param[in] y - the server's input set. + * @param[in] l - the sender's input set size. + */ +int cp_rsapsi_ans(bn_t t[], bn_t u[], const bn_t d, const bn_t g, const bn_t n, + const bn_t y[], size_t l); + +/** + * Computes the intersection as the final part of the RSA-PSI protocol. + * + * @param[out] z - the elements in the intersection. + * @param[out] len - the cardinality of the resulting intersection. + * @param[in] r - the random nonce. + * @param[in] p - the mapping of elements to prime numbers. + * @param[in] n - the modulus given by the trusted setup. + * @param[in] x - the receiver's input set. + * @param[in] m - the receiver's input set size. + * @param[in] t - the accumulator results. + * @param[in] u - the missing elements in the exponent. + * @param[in] l - the sender's input set size. + */ +int cp_rsapsi_int(bn_t z[], size_t *len, const bn_t r, const bn_t p[], + const bn_t n, const bn_t x[], const size_t m, const bn_t t[], + const bn_t u[], size_t l); + +/** + * Generates the trusted setup parameters for the factoring-based size-hiding + * Private Set Intersection (SHI-PSI) protocol. + * + * @param[out] g - the generator. + * @param[in] crt - the parameters given by the trusted setup. + * @param[in] bits - the precision in bits. + */ +int cp_shipsi_gen(bn_t g, crt_t crt, size_t bits); + +/** + * Computes the receiver part of the SHI-PSI protocol, given its input set. + * + * @param[out] d - the resulting accumulator. + * @param[out] r - the random nonce. + * @param[out] p - the mapping of elements to prime numbers. + * @param[in] n - the modulus given by the trusted setup. + * @param[in] crt - the parameters given by the trusted setup. + * @param[in] x - the receiver's input set. + * @param[in] m - the receiver's input set size. + */ +int cp_shipsi_ask(bn_t d, bn_t r, bn_t p[], const bn_t g, const bn_t n, + const bn_t x[], size_t m); + +/** + * Computes the sender part of the SHI-PSI protocol, given its input set. + * + * @param[out] t - the accumulator results. + * @param[out] u - the hint in the exponent. + * @param[in] d - the receiver's accumulator. + * @param[in] g - the generator given by the trusted setup. + * @param[in] crt - the parameters given by the trusted setup. + * @param[in] y - the server's input set. + * @param[in] n - the sender's input set size. + */ +int cp_shipsi_ans(bn_t t[], bn_t u, bn_t d, const bn_t g, const crt_t crt, + const bn_t y[], const size_t n); + +/** + * Computes the intersection as the final part of the SHI-PSI protocol. + * + * @param[out] z - the elements in the intersection. + * @param[out] len - the cardinality of the resulting intersection. + * @param[in] r - the random nonce. + * @param[in] p - the mapping of elements to prime numbers. + * @param[in] n - the modulus given by the trusted setup. + * @param[in] x - the receiver's input set. + * @param[in] m - the receiver's input set size. + * @param[in] t - the accumulator results. + * @param[in] u - the hint in the exponent. + * @param[in] l - the sender's input set size. + */ +int cp_shipsi_int(bn_t z[], size_t *len, const bn_t r, const bn_t p[], + const bn_t n, const bn_t x[], size_t m, const bn_t t[], const bn_t u, + size_t l); + +/** + * Generates the secrets and consecutive powers for the pairing-based laconic + * Private Set Intersection (PB-PSI) protocol, given the maximum set size. + * + * @param[out] sk - the sender's secret key. + * @param[out] ss - the secret power in G_2. + * @param[out] s - the consecutive powers in G_1. + * @param[in] m - the maximum set size. + */ +int cp_pbpsi_gen(bn_t sk, g1_t ss, g2_t s[], size_t m); + +/** + * Computes the receiver part of the PB-PSI protocol, given its input set. + * + * @param[out] d - the polynomial interpolations in the exponent. + * @param[out] r - the random nonce. + * @param[in] x - the receiver's input set. + * @param[in] s - the consecutive powers. + * @param[in] m - the receiver's input set size. + */ +int cp_pbpsi_ask(g2_t d[], bn_t r, const bn_t x[], const g2_t s[], size_t m); + +/** + * Computes the sender part of the PB-PSI protocol, given its input set. + * + * @param[out] t - the pairing results. + * @param[out] u - the missing elements in the exponent. + * @param[in] ss - the secret power. + * @param[in] d - the polynomial interpolations in the exponent. + * @param[in] y - the server's input set. + * @param[in] n - the sender's input set size. + */ +int cp_pbpsi_ans(gt_t t[], g1_t u[], const g1_t ss, const g2_t d, + const bn_t y[], size_t n); + +/** + * Computes the intersection as the final part of the PB-PSI protocol. + * + * @param[out] z - the elements in the intersection. + * @param[out] len - the cardinality of the resulting intersection. + * @param[in] d - the polynomial interpolations in the exponent. + * @param[in] x - the receiver's input set. + * @param[in] s - the consecutive powers. + * @param[in] m - the receiver's input set size. + * @param[in] t - the pairing results. + * @param[in] u - the missing elements in the exponent. + * @param[in] n - the sender's input set size. + */ +int cp_pbpsi_int(bn_t z[], size_t *len, const g2_t d[], const bn_t x[], size_t m, + const gt_t t[], const g1_t u[], size_t n); #endif /* !RLC_CP_H */ diff --git a/include/relic_dv.h b/include/relic_dv.h index 25204a064..5694794ef 100644 --- a/include/relic_dv.h +++ b/include/relic_dv.h @@ -141,7 +141,7 @@ typedef dig_t *dv_t; * @param[in] a - the temporary digit vector to print. * @param[in] digits - the number of digits to print. */ -void dv_print(dig_t *a, int digits); +void dv_print(const dig_t *a, int digits); /** * Assigns zero to a temporary double-precision digit vector. diff --git a/include/relic_ec.h b/include/relic_ec.h index 5d1544e00..0de64483e 100644 --- a/include/relic_ec.h +++ b/include/relic_ec.h @@ -401,6 +401,17 @@ typedef RLC_CAT(RLC_EC_LOWER, t) ec_t; */ #define ec_mul_sim_gen(R, K, Q, L) RLC_CAT(RLC_EC_LOWER, mul_sim_gen)(R, K, Q, L) +/** + * Multiplies and adds many elliptic curve points simultaneously. + * Computes R = \Sum_i=0..n k_iP_i. + * + * @param[out] R - the result. + * @param[out] P - the points to multiply. + * @param[out] K - the integer scalars. + * @param[out] N - the number of elements to multiply. + */ +#define ec_mul_sim_lot(R, P, K, N) RLC_CAT(RLC_EC_LOWER, mul_sim_lot)(R, P, K, N) + /** * Converts a point to affine coordinates. * diff --git a/include/relic_ed.h b/include/relic_ed.h index 8f555cec1..4d8cbc71b 100644 --- a/include/relic_ed.h +++ b/include/relic_ed.h @@ -80,7 +80,7 @@ enum { * Size of a precomputation table using the chosen algorithm. */ #if ED_FIX == BASIC -#define RLC_ED__TABLE RLC_ED_TABLE_BASIC +#define RLC_ED_TABLE RLC_ED_TABLE_BASIC #elif ED_FIX == COMBS #define RLC_ED_TABLE RLC_ED_TABLE_COMBS #elif ED_FIX == COMBD @@ -776,6 +776,17 @@ void ed_mul_sim_inter(ed_t r, const ed_t p, const bn_t k, const ed_t q, void ed_mul_sim_joint(ed_t r, const ed_t p, const bn_t k, const ed_t q, const bn_t m); +/** + * Multiplies and adds multiple Edwards elliptic curve points simultaneously. + * Computes R = \Sum_i=0..n [k_i]P_i. + * + * @param[out] r - the result. + * @param[out] p - the elements to multiply. + * @param[out] k - the integer scalars. + * @param[out] n - the number of elements to multiply. + */ +void ed_mul_sim_lot(ed_t r, const ed_t p[], const bn_t k[], int n); + /** * Multiplies and adds the generator and an Edwards elliptic curve point * simultaneously. Computes R = [k]G + [m]Q. diff --git a/include/relic_ep.h b/include/relic_ep.h index 4e66e0eff..8d80e0632 100644 --- a/include/relic_ep.h +++ b/include/relic_ep.h @@ -32,7 +32,7 @@ * * The scalar multiplication functions are only guaranteed to work * in the large prime order subgroup. If you need a generic scalar - * multiplication function, use ep_mul_basic(). + * multiplication function, use ep_mul_basic. * * @ingroup ep */ @@ -99,6 +99,12 @@ enum { BN_P256, /** Barreto-Naehrig curve standardized in China. */ SM9_P256, + /** Barreto-Lynn-Scott curve with embedding degree 24 (SNARK curve). */ + B24_P315, + /** Barreto-Lynn-Scott curve with embedding degree 24 (SNARK curve). */ + B24_P317, + /** Barreto-Lynn-Scott curve with embedding degree 12 (SNARK curve). */ + B12_P377, /** Barreto-Lynn-Scott curve with embedding degree 12 (ZCash curve). */ B12_P381, /** Barreto-Naehrig curve with negative x. */ @@ -1148,14 +1154,15 @@ void ep_mul_sim_joint(ep_t r, const ep_t p, const bn_t k, const ep_t q, const bn_t m); /** - * Multiplies simultaneously elements from G_2. Computes R = \Sum_i=0..n k_iP_i. + * Multiplies and adds multiple elliptic curve points simultaneously. + * Computes R = \Sum_i=0..n [k_i]P_i. * * @param[out] r - the result. - * @param[out] p - the G_2 elements to multiply. + * @param[out] p - the elements to multiply. * @param[out] k - the integer scalars. * @param[out] n - the number of elements to multiply. */ -void ep_mul_sim_lot(ep_t r, ep_t p[], const bn_t k[], int n); +void ep_mul_sim_lot(ep_t r, const ep_t p[], const bn_t k[], int n); /** * Multiplies and adds the generator and a prime elliptic curve point @@ -1170,14 +1177,14 @@ void ep_mul_sim_gen(ep_t r, const bn_t k, const ep_t q, const bn_t m); /** * Multiplies prime elliptic curve points by small scalars. - * Computes R = \sum k_iP_i. + * Computes R = \Sum_i=0..n [k_i]P_i. * * @param[out] r - the result. * @param[in] p - the points to multiply. * @param[in] k - the small scalars. - * @param[in] len - the number of points to multiply. + * @param[in] n - the number of points to multiply. */ -void ep_mul_sim_dig(ep_t r, const ep_t p[], const dig_t k[], int len); +void ep_mul_sim_dig(ep_t r, const ep_t p[], const dig_t k[], int n); /** * Converts a point to affine coordinates. diff --git a/include/relic_epx.h b/include/relic_epx.h index f51f3ec7e..fb2c821c6 100644 --- a/include/relic_epx.h +++ b/include/relic_epx.h @@ -637,7 +637,7 @@ iso2_t ep2_curve_get_iso(void); * @param[in] r - the order of the group of points. * @param[in] h - the cofactor of the group order. */ -void ep2_curve_set(fp2_t a, fp2_t b, ep2_t g, bn_t r, bn_t h); +void ep2_curve_set(const fp2_t a, const fp2_t b, const ep2_t g, const bn_t r, const bn_t h); /** * Configures an elliptic curve by twisting the curve over the base prime field. @@ -652,7 +652,7 @@ void ep2_curve_set_twist(int type); * @param[in] p - the point to test. * @return 1 if the point is at infinity, 0 otherise. */ -int ep2_is_infty(ep2_t p); +int ep2_is_infty(const ep2_t p); /** * Assigns an elliptic curve point to the point at infinity. @@ -667,7 +667,7 @@ void ep2_set_infty(ep2_t p); * @param[out] q - the result. * @param[in] p - the elliptic curve point to copy. */ -void ep2_copy(ep2_t r, ep2_t p); +void ep2_copy(ep2_t r, const ep2_t p); /** * Compares two elliptic curve points. @@ -676,7 +676,7 @@ void ep2_copy(ep2_t r, ep2_t p); * @param[in] q - the second elliptic curve point. * @return RLC_EQ if p == q and RLC_NE if p != q. */ -int ep2_cmp(ep2_t p, ep2_t q); +int ep2_cmp(const ep2_t p, const ep2_t q); /** * Assigns a random value to an elliptic curve point. @@ -691,7 +691,7 @@ void ep2_rand(ep2_t p); * @param[out] r - the blinded prime elliptic curve point. * @param[in] p - the prime elliptic curve point to blind. */ -void ep2_blind(ep2_t r, ep2_t p); +void ep2_blind(ep2_t r, const ep2_t p); /** * Computes the right-hand side of the elliptic curve equation at a certain @@ -700,14 +700,14 @@ void ep2_blind(ep2_t r, ep2_t p); * @param[out] rhs - the result. * @param[in] p - the point. */ -void ep2_rhs(fp2_t rhs, ep2_t p); +void ep2_rhs(fp2_t rhs, const ep2_t p); /** * Tests if a point is in the curve. * * @param[in] p - the point to test. */ -int ep2_on_curve(ep2_t p); +int ep2_on_curve(const ep2_t p); /** * Builds a precomputation table for multiplying a random prime elliptic point. @@ -716,14 +716,14 @@ int ep2_on_curve(ep2_t p); * @param[in] p - the point to multiply. * @param[in] w - the window width. */ -void ep2_tab(ep2_t *t, ep2_t p, int w); +void ep2_tab(ep2_t *t, const ep2_t p, int w); /** * Prints an elliptic curve point. * * @param[in] p - the elliptic curve point to print. */ -void ep2_print(ep2_t p); +void ep2_print(const ep2_t p); /** * Returns the number of bytes necessary to store a prime elliptic curve point @@ -733,7 +733,7 @@ void ep2_print(ep2_t p); * @param[in] pack - the flag to indicate compression. * @return the number of bytes. */ -int ep2_size_bin(ep2_t a, int pack); +int ep2_size_bin(const ep2_t a, int pack); /** * Reads a prime elliptic curve point over a quadratic extension from a byte @@ -757,7 +757,7 @@ void ep2_read_bin(ep2_t a, const uint8_t *bin, int len); * @param[in] pack - the flag to indicate point compression. * @throw ERR_NO_BUFFER - if the buffer capacity is invalid. */ -void ep2_write_bin(uint8_t *bin, int len, ep2_t a, int pack); +void ep2_write_bin(uint8_t *bin, int len, const ep2_t a, int pack); /** * Negates a point represented in affine coordinates in an elliptic curve over @@ -766,7 +766,7 @@ void ep2_write_bin(uint8_t *bin, int len, ep2_t a, int pack); * @param[out] r - the result. * @param[out] p - the point to negate. */ -void ep2_neg(ep2_t r, ep2_t p); +void ep2_neg(ep2_t r, const ep2_t p); /** * Adds to points represented in affine coordinates in an elliptic curve over a @@ -776,7 +776,7 @@ void ep2_neg(ep2_t r, ep2_t p); * @param[in] p - the first point to add. * @param[in] q - the second point to add. */ -void ep2_add_basic(ep2_t r, ep2_t p, ep2_t q); +void ep2_add_basic(ep2_t r, const ep2_t p, const ep2_t q); /** * Adds to points represented in affine coordinates in an elliptic curve over a @@ -787,7 +787,7 @@ void ep2_add_basic(ep2_t r, ep2_t p, ep2_t q); * @param[in] p - the first point to add. * @param[in] q - the second point to add. */ -void ep2_add_slp_basic(ep2_t r, fp2_t s, ep2_t p, ep2_t q); +void ep2_add_slp_basic(ep2_t r, fp2_t s, const ep2_t p, const ep2_t q); /** * Adds two points represented in projective coordinates in an elliptic curve @@ -797,7 +797,7 @@ void ep2_add_slp_basic(ep2_t r, fp2_t s, ep2_t p, ep2_t q); * @param[in] p - the first point to add. * @param[in] q - the second point to add. */ -void ep2_add_projc(ep2_t r, ep2_t p, ep2_t q); +void ep2_add_projc(ep2_t r, const ep2_t p, const ep2_t q); /** * Subtracts a point i an elliptic curve over a quadratic extension from @@ -807,7 +807,7 @@ void ep2_add_projc(ep2_t r, ep2_t p, ep2_t q); * @param[in] p - the first point. * @param[in] q - the point to subtract. */ -void ep2_sub(ep2_t r, ep2_t p, ep2_t q); +void ep2_sub(ep2_t r, const ep2_t p, const ep2_t q); /** * Doubles a points represented in affine coordinates in an elliptic curve over @@ -816,7 +816,7 @@ void ep2_sub(ep2_t r, ep2_t p, ep2_t q); * @param[out] r - the result. * @param[int] p - the point to double. */ -void ep2_dbl_basic(ep2_t r, ep2_t p); +void ep2_dbl_basic(ep2_t r, const ep2_t p); /** * Doubles a points represented in affine coordinates in an elliptic curve over @@ -826,7 +826,7 @@ void ep2_dbl_basic(ep2_t r, ep2_t p); * @param[out] s - the slope. * @param[in] p - the point to double. */ -void ep2_dbl_slp_basic(ep2_t r, fp2_t s, ep2_t p); +void ep2_dbl_slp_basic(ep2_t r, fp2_t s, const ep2_t p); /** * Doubles a points represented in projective coordinates in an elliptic curve @@ -835,7 +835,7 @@ void ep2_dbl_slp_basic(ep2_t r, fp2_t s, ep2_t p); * @param[out] r - the result. * @param[in] p - the point to double. */ -void ep2_dbl_projc(ep2_t r, ep2_t p); +void ep2_dbl_projc(ep2_t r, const ep2_t p); /** * Multiplies a prime elliptic point by an integer using the binary method. @@ -844,7 +844,7 @@ void ep2_dbl_projc(ep2_t r, ep2_t p); * @param[in] p - the point to multiply. * @param[in] k - the integer. */ -void ep2_mul_basic(ep2_t r, ep2_t p, const bn_t k); +void ep2_mul_basic(ep2_t r, const ep2_t p, const bn_t k); /** * Multiplies a prime elliptic point by an integer using the sliding window @@ -854,7 +854,7 @@ void ep2_mul_basic(ep2_t r, ep2_t p, const bn_t k); * @param[in] p - the point to multiply. * @param[in] k - the integer. */ -void ep2_mul_slide(ep2_t r, ep2_t p, const bn_t k); +void ep2_mul_slide(ep2_t r, const ep2_t p, const bn_t k); /** * Multiplies a prime elliptic point by an integer using the constant-time @@ -864,7 +864,7 @@ void ep2_mul_slide(ep2_t r, ep2_t p, const bn_t k); * @param[in] p - the point to multiply. * @param[in] k - the integer. */ -void ep2_mul_monty(ep2_t r, ep2_t p, const bn_t k); +void ep2_mul_monty(ep2_t r, const ep2_t p, const bn_t k); /** * Multiplies a prime elliptic point by an integer using the w-NAF method. @@ -873,7 +873,7 @@ void ep2_mul_monty(ep2_t r, ep2_t p, const bn_t k); * @param[in] p - the point to multiply. * @param[in] k - the integer. */ -void ep2_mul_lwnaf(ep2_t r, ep2_t p, const bn_t k); +void ep2_mul_lwnaf(ep2_t r, const ep2_t p, const bn_t k); /** * Multiplies a prime elliptic point by an integer using a regular method. @@ -882,7 +882,7 @@ void ep2_mul_lwnaf(ep2_t r, ep2_t p, const bn_t k); * @param[in] p - the point to multiply. * @param[in] k - the integer. */ -void ep2_mul_lwreg(ep2_t r, ep2_t p, const bn_t k); +void ep2_mul_lwreg(ep2_t r, const ep2_t p, const bn_t k); /** * Multiplies the generator of an elliptic curve over a qaudratic extension. @@ -890,7 +890,7 @@ void ep2_mul_lwreg(ep2_t r, ep2_t p, const bn_t k); * @param[out] r - the result. * @param[in] k - the integer. */ -void ep2_mul_gen(ep2_t r, bn_t k); +void ep2_mul_gen(ep2_t r, const bn_t k); /** * Multiplies a prime elliptic point by a small integer. @@ -899,7 +899,7 @@ void ep2_mul_gen(ep2_t r, bn_t k); * @param[in] p - the point to multiply. * @param[in] k - the integer. */ -void ep2_mul_dig(ep2_t r, ep2_t p, dig_t k); +void ep2_mul_dig(ep2_t r, const ep2_t p, const dig_t k); /** @@ -910,7 +910,7 @@ void ep2_mul_dig(ep2_t r, ep2_t p, dig_t k); * @param[out] R - the result. * @param[in] P - the point to multiply. */ -void ep2_mul_cof(ep2_t r, ep2_t p); +void ep2_mul_cof(ep2_t r, const ep2_t p); /** * Builds a precomputation table for multiplying a fixed prime elliptic point @@ -919,7 +919,7 @@ void ep2_mul_cof(ep2_t r, ep2_t p); * @param[out] t - the precomputation table. * @param[in] p - the point to multiply. */ -void ep2_mul_pre_basic(ep2_t *t, ep2_t p); +void ep2_mul_pre_basic(ep2_t *t, const ep2_t p); /** * Builds a precomputation table for multiplying a fixed prime elliptic point @@ -928,7 +928,7 @@ void ep2_mul_pre_basic(ep2_t *t, ep2_t p); * @param[out] t - the precomputation table. * @param[in] p - the point to multiply. */ -void ep2_mul_pre_yaowi(ep2_t *t, ep2_t p); +void ep2_mul_pre_yaowi(ep2_t *t, const ep2_t p); /** * Builds a precomputation table for multiplying a fixed prime elliptic point @@ -937,7 +937,7 @@ void ep2_mul_pre_yaowi(ep2_t *t, ep2_t p); * @param[out] t - the precomputation table. * @param[in] p - the point to multiply. */ -void ep2_mul_pre_nafwi(ep2_t *t, ep2_t p); +void ep2_mul_pre_nafwi(ep2_t *t, const ep2_t p); /** * Builds a precomputation table for multiplying a fixed prime elliptic point @@ -946,7 +946,7 @@ void ep2_mul_pre_nafwi(ep2_t *t, ep2_t p); * @param[out] t - the precomputation table. * @param[in] p - the point to multiply. */ -void ep2_mul_pre_combs(ep2_t *t, ep2_t p); +void ep2_mul_pre_combs(ep2_t *t, const ep2_t p); /** * Builds a precomputation table for multiplying a fixed prime elliptic point @@ -955,7 +955,7 @@ void ep2_mul_pre_combs(ep2_t *t, ep2_t p); * @param[out] t - the precomputation table. * @param[in] p - the point to multiply. */ -void ep2_mul_pre_combd(ep2_t *t, ep2_t p); +void ep2_mul_pre_combd(ep2_t *t, const ep2_t p); /** * Builds a precomputation table for multiplying a fixed prime elliptic point @@ -964,7 +964,7 @@ void ep2_mul_pre_combd(ep2_t *t, ep2_t p); * @param[out] t - the precomputation table. * @param[in] p - the point to multiply. */ -void ep2_mul_pre_lwnaf(ep2_t *t, ep2_t p); +void ep2_mul_pre_lwnaf(ep2_t *t, const ep2_t p); /** * Multiplies a fixed prime elliptic point using a precomputation table and @@ -974,7 +974,7 @@ void ep2_mul_pre_lwnaf(ep2_t *t, ep2_t p); * @param[in] t - the precomputation table. * @param[in] k - the integer. */ -void ep2_mul_fix_basic(ep2_t r, ep2_t *t, bn_t k); +void ep2_mul_fix_basic(ep2_t r, const ep2_t *t, const bn_t k); /** * Multiplies a fixed prime elliptic point using a precomputation table and @@ -984,7 +984,7 @@ void ep2_mul_fix_basic(ep2_t r, ep2_t *t, bn_t k); * @param[in] t - the precomputation table. * @param[in] k - the integer. */ -void ep2_mul_fix_yaowi(ep2_t r, ep2_t *t, bn_t k); +void ep2_mul_fix_yaowi(ep2_t r, const ep2_t *t, const bn_t k); /** * Multiplies a fixed prime elliptic point using a precomputation table and @@ -994,7 +994,7 @@ void ep2_mul_fix_yaowi(ep2_t r, ep2_t *t, bn_t k); * @param[in] t - the precomputation table. * @param[in] k - the integer. */ -void ep2_mul_fix_nafwi(ep2_t r, ep2_t *t, bn_t k); +void ep2_mul_fix_nafwi(ep2_t r, const ep2_t *t, const bn_t k); /** * Multiplies a fixed prime elliptic point using a precomputation table and @@ -1004,7 +1004,7 @@ void ep2_mul_fix_nafwi(ep2_t r, ep2_t *t, bn_t k); * @param[in] t - the precomputation table. * @param[in] k - the integer. */ -void ep2_mul_fix_combs(ep2_t r, ep2_t *t, bn_t k); +void ep2_mul_fix_combs(ep2_t r, const ep2_t *t, const bn_t k); /** * Multiplies a fixed prime elliptic point using a precomputation table and @@ -1014,7 +1014,7 @@ void ep2_mul_fix_combs(ep2_t r, ep2_t *t, bn_t k); * @param[in] t - the precomputation table. * @param[in] k - the integer. */ -void ep2_mul_fix_combd(ep2_t r, ep2_t *t, bn_t k); +void ep2_mul_fix_combd(ep2_t r, const ep2_t *t, const bn_t k); /** * Multiplies a fixed prime elliptic point using a precomputation table and @@ -1024,7 +1024,7 @@ void ep2_mul_fix_combd(ep2_t r, ep2_t *t, bn_t k); * @param[in] t - the precomputation table. * @param[in] k - the integer. */ -void ep2_mul_fix_lwnaf(ep2_t r, ep2_t *t, bn_t k); +void ep2_mul_fix_lwnaf(ep2_t r, const ep2_t *t, const bn_t k); /** * Multiplies and adds two prime elliptic curve points simultaneously using @@ -1036,7 +1036,7 @@ void ep2_mul_fix_lwnaf(ep2_t r, ep2_t *t, bn_t k); * @param[in] q - the second point to multiply. * @param[in] m - the second integer, */ -void ep2_mul_sim_basic(ep2_t r, ep2_t p, bn_t k, ep2_t q, bn_t m); +void ep2_mul_sim_basic(ep2_t r, const ep2_t p, const bn_t k, const ep2_t q, const bn_t m); /** * Multiplies and adds two prime elliptic curve points simultaneously using @@ -1048,7 +1048,7 @@ void ep2_mul_sim_basic(ep2_t r, ep2_t p, bn_t k, ep2_t q, bn_t m); * @param[in] q - the second point to multiply. * @param[in] m - the second integer, */ -void ep2_mul_sim_trick(ep2_t r, ep2_t p, bn_t k, ep2_t q, bn_t m); +void ep2_mul_sim_trick(ep2_t r, const ep2_t p, const bn_t k, const ep2_t q, const bn_t m); /** * Multiplies and adds two prime elliptic curve points simultaneously using @@ -1060,7 +1060,7 @@ void ep2_mul_sim_trick(ep2_t r, ep2_t p, bn_t k, ep2_t q, bn_t m); * @param[in] q - the second point to multiply. * @param[in] m - the second integer, */ -void ep2_mul_sim_inter(ep2_t r, ep2_t p, bn_t k, ep2_t q, bn_t m); +void ep2_mul_sim_inter(ep2_t r, const ep2_t p, const bn_t k, const ep2_t q, const bn_t m); /** * Multiplies and adds two prime elliptic curve points simultaneously using @@ -1072,7 +1072,7 @@ void ep2_mul_sim_inter(ep2_t r, ep2_t p, bn_t k, ep2_t q, bn_t m); * @param[in] q - the second point to multiply. * @param[in] m - the second integer, */ -void ep2_mul_sim_joint(ep2_t r, ep2_t p, bn_t k, ep2_t q, bn_t m); +void ep2_mul_sim_joint(ep2_t r, const ep2_t p, const bn_t k, const ep2_t q, const bn_t m); /** * Multiplies simultaneously elements from a prime elliptic curve. @@ -1083,7 +1083,7 @@ void ep2_mul_sim_joint(ep2_t r, ep2_t p, bn_t k, ep2_t q, bn_t m); * @param[out] k - the integer scalars. * @param[out] n - the number of elements to multiply. */ -void ep2_mul_sim_lot(ep2_t r, ep2_t p[], const bn_t k[], int n); +void ep2_mul_sim_lot(ep2_t r, const ep2_t p[], const bn_t k[], int n); /** * Multiplies and adds the generator and a prime elliptic curve point @@ -1094,7 +1094,7 @@ void ep2_mul_sim_lot(ep2_t r, ep2_t p[], const bn_t k[], int n); * @param[in] q - the second point to multiply. * @param[in] m - the second integer, */ -void ep2_mul_sim_gen(ep2_t r, bn_t k, ep2_t q, bn_t m); +void ep2_mul_sim_gen(ep2_t r, const bn_t k, const ep2_t q, const bn_t m); /** * Multiplies prime elliptic curve points by small scalars. @@ -1105,7 +1105,7 @@ void ep2_mul_sim_gen(ep2_t r, bn_t k, ep2_t q, bn_t m); * @param[in] k - the small scalars. * @param[in] len - the number of points to multiply. */ -void ep2_mul_sim_dig(ep2_t r, ep2_t p[], dig_t k[], int len); +void ep2_mul_sim_dig(ep2_t r, const ep2_t p[], const dig_t k[], int len); /** * Converts a point to affine coordinates. @@ -1113,7 +1113,7 @@ void ep2_mul_sim_dig(ep2_t r, ep2_t p[], dig_t k[], int len); * @param[out] r - the result. * @param[in] p - the point to convert. */ -void ep2_norm(ep2_t r, ep2_t p); +void ep2_norm(ep2_t r, const ep2_t p); /** * Converts multiple points to affine coordinates. @@ -1122,7 +1122,7 @@ void ep2_norm(ep2_t r, ep2_t p); * @param[in] t - the points to convert. * @param[in] n - the number of points. */ -void ep2_norm_sim(ep2_t *r, ep2_t *t, int n); +void ep2_norm_sim(ep2_t *r, const ep2_t *t, int n); /** * Maps an array of uniformly random bytes to a point in a prime elliptic @@ -1169,7 +1169,7 @@ void ep2_map_dst(ep2_t p, const uint8_t *msg, int len, const uint8_t *dst, int d * @param[in] p - a point in affine coordinates. * @param[in] i - the power of the Frobenius map. */ -void ep2_frb(ep2_t r, ep2_t p, int i); +void ep2_frb(ep2_t r, const ep2_t p, int i); /** * Compresses a point in an elliptic curve over a quadratic extension. @@ -1177,7 +1177,7 @@ void ep2_frb(ep2_t r, ep2_t p, int i); * @param[out] r - the result. * @param[in] p - the point to compress. */ -void ep2_pck(ep2_t r, ep2_t p); +void ep2_pck(ep2_t r, const ep2_t p); /** * Decompresses a point in an elliptic curve over a quadratic extension. @@ -1186,7 +1186,7 @@ void ep2_pck(ep2_t r, ep2_t p); * @param[in] p - the point to decompress. * @return if the decompression was successful */ -int ep2_upk(ep2_t r, ep2_t p); +int ep2_upk(ep2_t r, const ep2_t p); /** * Initializes the elliptic curve over quartic extension. @@ -1277,7 +1277,7 @@ void ep4_curve_get_cof(bn_t h); * @param[in] r - the order of the group of points. * @param[in] h - the cofactor of the group order. */ -void ep4_curve_set(fp4_t a, fp4_t b, ep4_t g, bn_t r, bn_t h); +void ep4_curve_set(const fp4_t a, const fp4_t b, const ep4_t g, const bn_t r, const bn_t h); /** * Configures an elliptic curve by twisting the curve over the base prime field. @@ -1292,7 +1292,7 @@ void ep4_curve_set_twist(int type); * @param[in] p - the point to test. * @return 1 if the point is at infinity, 0 otherise. */ -int ep4_is_infty(ep4_t p); +int ep4_is_infty(const ep4_t p); /** * Assigns an elliptic curve point to the point at infinity. @@ -1307,7 +1307,7 @@ void ep4_set_infty(ep4_t p); * @param[out] q - the result. * @param[in] p - the elliptic curve point to copy. */ -void ep4_copy(ep4_t r, ep4_t p); +void ep4_copy(ep4_t r, const ep4_t p); /** * Compares two elliptic curve points. @@ -1316,7 +1316,7 @@ void ep4_copy(ep4_t r, ep4_t p); * @param[in] q - the second elliptic curve point. * @return RLC_EQ if p == q and RLC_NE if p != q. */ -int ep4_cmp(ep4_t p, ep4_t q); +int ep4_cmp(const ep4_t p, const ep4_t q); /** * Assigns a random value to an elliptic curve point. @@ -1331,7 +1331,7 @@ void ep4_rand(ep4_t p); * @param[out] r - the blinded prime elliptic curve point. * @param[in] p - the prime elliptic curve point to blind. */ -void ep4_blind(ep4_t r, ep4_t p); +void ep4_blind(ep4_t r, const ep4_t p); /** * Computes the right-hand side of the elliptic curve equation at a certain @@ -1340,14 +1340,14 @@ void ep4_blind(ep4_t r, ep4_t p); * @param[out] rhs - the result. * @param[in] p - the point. */ -void ep4_rhs(fp4_t rhs, ep4_t p); +void ep4_rhs(fp4_t rhs, const ep4_t p); /** * Tests if a point is in the curve. * * @param[in] p - the point to test. */ -int ep4_on_curve(ep4_t p); +int ep4_on_curve(const ep4_t p); /** * Builds a precomputation table for multiplying a random prime elliptic point. @@ -1356,14 +1356,14 @@ int ep4_on_curve(ep4_t p); * @param[in] p - the point to multiply. * @param[in] w - the window width. */ -void ep4_tab(ep4_t *t, ep4_t p, int w); +void ep4_tab(ep4_t *t, const ep4_t p, int w); /** * Prints an elliptic curve point. * * @param[in] p - the elliptic curve point to print. */ -void ep4_print(ep4_t p); +void ep4_print(const ep4_t p); /** * Returns the number of bytes necessary to store a prime elliptic curve point @@ -1373,7 +1373,7 @@ void ep4_print(ep4_t p); * @param[in] pack - the flag to indicate compression. * @return the number of bytes. */ -int ep4_size_bin(ep4_t a, int pack); +int ep4_size_bin(const ep4_t a, int pack); /** * Reads a prime elliptic curve point over a quartic extension from a byte @@ -1397,7 +1397,7 @@ void ep4_read_bin(ep4_t a, const uint8_t *bin, int len); * @param[in] pack - the flag to indicate compression. * @throw ERR_NO_BUFFER - if the buffer capacity is invalid. */ -void ep4_write_bin(uint8_t *bin, int len, ep4_t a, int pack); +void ep4_write_bin(uint8_t *bin, int len, const ep4_t a, int pack); /** * Negates a point represented in affine coordinates in an elliptic curve over @@ -1406,7 +1406,7 @@ void ep4_write_bin(uint8_t *bin, int len, ep4_t a, int pack); * @param[out] r - the result. * @param[out] p - the point to negate. */ -void ep4_neg(ep4_t r, ep4_t p); +void ep4_neg(ep4_t r, const ep4_t p); /** * Adds to points represented in affine coordinates in an elliptic curve over a @@ -1416,7 +1416,7 @@ void ep4_neg(ep4_t r, ep4_t p); * @param[in] p - the first point to add. * @param[in] q - the second point to add. */ -void ep4_add_basic(ep4_t r, ep4_t p, ep4_t q); +void ep4_add_basic(ep4_t r, const ep4_t p, const ep4_t q); /** * Adds to points represented in affine coordinates in an elliptic curve over a @@ -1427,7 +1427,7 @@ void ep4_add_basic(ep4_t r, ep4_t p, ep4_t q); * @param[in] p - the first point to add. * @param[in] q - the second point to add. */ -void ep4_add_slp_basic(ep4_t r, fp4_t s, ep4_t p, ep4_t q); +void ep4_add_slp_basic(ep4_t r, fp4_t s, const ep4_t p, const ep4_t q); /** * Adds two points represented in projective coordinates in an elliptic curve @@ -1437,7 +1437,7 @@ void ep4_add_slp_basic(ep4_t r, fp4_t s, ep4_t p, ep4_t q); * @param[in] p - the first point to add. * @param[in] q - the second point to add. */ -void ep4_add_projc(ep4_t r, ep4_t p, ep4_t q); +void ep4_add_projc(ep4_t r, const ep4_t p, const ep4_t q); /** * Subtracts a point i an elliptic curve over a quartic extension from @@ -1447,7 +1447,7 @@ void ep4_add_projc(ep4_t r, ep4_t p, ep4_t q); * @param[in] p - the first point. * @param[in] q - the point to subtract. */ -void ep4_sub(ep4_t r, ep4_t p, ep4_t q); +void ep4_sub(ep4_t r, const ep4_t p, const ep4_t q); /** * Doubles a points represented in affine coordinates in an elliptic curve over @@ -1456,7 +1456,7 @@ void ep4_sub(ep4_t r, ep4_t p, ep4_t q); * @param[out] r - the result. * @param[int] p - the point to double. */ -void ep4_dbl_basic(ep4_t r, ep4_t p); +void ep4_dbl_basic(ep4_t r, const ep4_t p); /** * Doubles a points represented in affine coordinates in an elliptic curve over @@ -1466,7 +1466,7 @@ void ep4_dbl_basic(ep4_t r, ep4_t p); * @param[out] s - the slope. * @param[in] p - the point to double. */ -void ep4_dbl_slp_basic(ep4_t r, fp4_t s, ep4_t p); +void ep4_dbl_slp_basic(ep4_t r, fp4_t s, const ep4_t p); /** * Doubles a points represented in projective coordinates in an elliptic curve @@ -1475,7 +1475,7 @@ void ep4_dbl_slp_basic(ep4_t r, fp4_t s, ep4_t p); * @param[out] r - the result. * @param[in] p - the point to double. */ -void ep4_dbl_projc(ep4_t r, ep4_t p); +void ep4_dbl_projc(ep4_t r, const ep4_t p); /** * Multiplies a prime elliptic point by an integer using the binary method. @@ -1484,7 +1484,7 @@ void ep4_dbl_projc(ep4_t r, ep4_t p); * @param[in] p - the point to multiply. * @param[in] k - the integer. */ -void ep4_mul_basic(ep4_t r, ep4_t p, const bn_t k); +void ep4_mul_basic(ep4_t r, const ep4_t p, const bn_t k); /** * Multiplies a prime elliptic point by an integer using the sliding window @@ -1494,7 +1494,7 @@ void ep4_mul_basic(ep4_t r, ep4_t p, const bn_t k); * @param[in] p - the point to multiply. * @param[in] k - the integer. */ -void ep4_mul_slide(ep4_t r, ep4_t p, const bn_t k); +void ep4_mul_slide(ep4_t r, const ep4_t p, const bn_t k); /** * Multiplies a prime elliptic point by an integer using the constant-time @@ -1504,7 +1504,7 @@ void ep4_mul_slide(ep4_t r, ep4_t p, const bn_t k); * @param[in] p - the point to multiply. * @param[in] k - the integer. */ -void ep4_mul_monty(ep4_t r, ep4_t p, const bn_t k); +void ep4_mul_monty(ep4_t r, const ep4_t p, const bn_t k); /** * Multiplies a prime elliptic point by an integer using the w-NAF method. @@ -1513,7 +1513,7 @@ void ep4_mul_monty(ep4_t r, ep4_t p, const bn_t k); * @param[in] p - the point to multiply. * @param[in] k - the integer. */ -void ep4_mul_lwnaf(ep4_t r, ep4_t p, const bn_t k); +void ep4_mul_lwnaf(ep4_t r, const ep4_t p, const bn_t k); /** * Multiplies a prime elliptic point by an integer using a regular method. @@ -1522,7 +1522,7 @@ void ep4_mul_lwnaf(ep4_t r, ep4_t p, const bn_t k); * @param[in] p - the point to multiply. * @param[in] k - the integer. */ -void ep4_mul_lwreg(ep4_t r, ep4_t p, const bn_t k); +void ep4_mul_lwreg(ep4_t r, const ep4_t p, const bn_t k); /** * Multiplies the generator of an elliptic curve over a qaudratic extension. @@ -1530,7 +1530,7 @@ void ep4_mul_lwreg(ep4_t r, ep4_t p, const bn_t k); * @param[out] r - the result. * @param[in] k - the integer. */ -void ep4_mul_gen(ep4_t r, bn_t k); +void ep4_mul_gen(ep4_t r, const bn_t k); /** * Multiplies a prime elliptic point by a small integer. @@ -1539,7 +1539,7 @@ void ep4_mul_gen(ep4_t r, bn_t k); * @param[in] p - the point to multiply. * @param[in] k - the integer. */ -void ep4_mul_dig(ep4_t r, ep4_t p, dig_t k); +void ep4_mul_dig(ep4_t r, const ep4_t p, const dig_t k); /** @@ -1550,7 +1550,7 @@ void ep4_mul_dig(ep4_t r, ep4_t p, dig_t k); * @param[out] R - the result. * @param[in] P - the point to multiply. */ -void ep4_mul_cof(ep4_t r, ep4_t p); +void ep4_mul_cof(ep4_t r, const ep4_t p); /** * Builds a precomputation table for multiplying a fixed prime elliptic point @@ -1559,7 +1559,7 @@ void ep4_mul_cof(ep4_t r, ep4_t p); * @param[out] t - the precomputation table. * @param[in] p - the point to multiply. */ -void ep4_mul_pre_basic(ep4_t *t, ep4_t p); +void ep4_mul_pre_basic(ep4_t *t, const ep4_t p); /** * Builds a precomputation table for multiplying a fixed prime elliptic point @@ -1568,7 +1568,7 @@ void ep4_mul_pre_basic(ep4_t *t, ep4_t p); * @param[out] t - the precomputation table. * @param[in] p - the point to multiply. */ -void ep4_mul_pre_yaowi(ep4_t *t, ep4_t p); +void ep4_mul_pre_yaowi(ep4_t *t, const ep4_t p); /** * Builds a precomputation table for multiplying a fixed prime elliptic point @@ -1577,7 +1577,7 @@ void ep4_mul_pre_yaowi(ep4_t *t, ep4_t p); * @param[out] t - the precomputation table. * @param[in] p - the point to multiply. */ -void ep4_mul_pre_nafwi(ep4_t *t, ep4_t p); +void ep4_mul_pre_nafwi(ep4_t *t, const ep4_t p); /** * Builds a precomputation table for multiplying a fixed prime elliptic point @@ -1586,7 +1586,7 @@ void ep4_mul_pre_nafwi(ep4_t *t, ep4_t p); * @param[out] t - the precomputation table. * @param[in] p - the point to multiply. */ -void ep4_mul_pre_combs(ep4_t *t, ep4_t p); +void ep4_mul_pre_combs(ep4_t *t, const ep4_t p); /** * Builds a precomputation table for multiplying a fixed prime elliptic point @@ -1595,7 +1595,7 @@ void ep4_mul_pre_combs(ep4_t *t, ep4_t p); * @param[out] t - the precomputation table. * @param[in] p - the point to multiply. */ -void ep4_mul_pre_combd(ep4_t *t, ep4_t p); +void ep4_mul_pre_combd(ep4_t *t, const ep4_t p); /** * Builds a precomputation table for multiplying a fixed prime elliptic point @@ -1604,7 +1604,7 @@ void ep4_mul_pre_combd(ep4_t *t, ep4_t p); * @param[out] t - the precomputation table. * @param[in] p - the point to multiply. */ -void ep4_mul_pre_lwnaf(ep4_t *t, ep4_t p); +void ep4_mul_pre_lwnaf(ep4_t *t, const ep4_t p); /** * Multiplies a fixed prime elliptic point using a precomputation table and @@ -1614,7 +1614,7 @@ void ep4_mul_pre_lwnaf(ep4_t *t, ep4_t p); * @param[in] t - the precomputation table. * @param[in] k - the integer. */ -void ep4_mul_fix_basic(ep4_t r, ep4_t *t, bn_t k); +void ep4_mul_fix_basic(ep4_t r, const ep4_t *t, const bn_t k); /** * Multiplies a fixed prime elliptic point using a precomputation table and @@ -1624,7 +1624,7 @@ void ep4_mul_fix_basic(ep4_t r, ep4_t *t, bn_t k); * @param[in] t - the precomputation table. * @param[in] k - the integer. */ -void ep4_mul_fix_yaowi(ep4_t r, ep4_t *t, bn_t k); +void ep4_mul_fix_yaowi(ep4_t r, const ep4_t *t, const bn_t k); /** * Multiplies a fixed prime elliptic point using a precomputation table and @@ -1634,7 +1634,7 @@ void ep4_mul_fix_yaowi(ep4_t r, ep4_t *t, bn_t k); * @param[in] t - the precomputation table. * @param[in] k - the integer. */ -void ep4_mul_fix_nafwi(ep4_t r, ep4_t *t, bn_t k); +void ep4_mul_fix_nafwi(ep4_t r, const ep4_t *t, const bn_t k); /** * Multiplies a fixed prime elliptic point using a precomputation table and @@ -1644,7 +1644,7 @@ void ep4_mul_fix_nafwi(ep4_t r, ep4_t *t, bn_t k); * @param[in] t - the precomputation table. * @param[in] k - the integer. */ -void ep4_mul_fix_combs(ep4_t r, ep4_t *t, bn_t k); +void ep4_mul_fix_combs(ep4_t r, const ep4_t *t, const bn_t k); /** * Multiplies a fixed prime elliptic point using a precomputation table and @@ -1654,7 +1654,7 @@ void ep4_mul_fix_combs(ep4_t r, ep4_t *t, bn_t k); * @param[in] t - the precomputation table. * @param[in] k - the integer. */ -void ep4_mul_fix_combd(ep4_t r, ep4_t *t, bn_t k); +void ep4_mul_fix_combd(ep4_t r, const ep4_t *t, const bn_t k); /** * Multiplies a fixed prime elliptic point using a precomputation table and @@ -1664,7 +1664,7 @@ void ep4_mul_fix_combd(ep4_t r, ep4_t *t, bn_t k); * @param[in] t - the precomputation table. * @param[in] k - the integer. */ -void ep4_mul_fix_lwnaf(ep4_t r, ep4_t *t, bn_t k); +void ep4_mul_fix_lwnaf(ep4_t r, const ep4_t *t, const bn_t k); /** * Multiplies and adds two prime elliptic curve points simultaneously using @@ -1676,7 +1676,7 @@ void ep4_mul_fix_lwnaf(ep4_t r, ep4_t *t, bn_t k); * @param[in] q - the second point to multiply. * @param[in] m - the second integer, */ -void ep4_mul_sim_basic(ep4_t r, ep4_t p, bn_t k, ep4_t q, bn_t m); +void ep4_mul_sim_basic(ep4_t r, const ep4_t p, const bn_t k, const ep4_t q, const bn_t m); /** * Multiplies and adds two prime elliptic curve points simultaneously using @@ -1688,7 +1688,7 @@ void ep4_mul_sim_basic(ep4_t r, ep4_t p, bn_t k, ep4_t q, bn_t m); * @param[in] q - the second point to multiply. * @param[in] m - the second integer, */ -void ep4_mul_sim_trick(ep4_t r, ep4_t p, bn_t k, ep4_t q, bn_t m); +void ep4_mul_sim_trick(ep4_t r, const ep4_t p, const bn_t k, const ep4_t q, const bn_t m); /** * Multiplies and adds two prime elliptic curve points simultaneously using @@ -1700,7 +1700,7 @@ void ep4_mul_sim_trick(ep4_t r, ep4_t p, bn_t k, ep4_t q, bn_t m); * @param[in] q - the second point to multiply. * @param[in] m - the second integer, */ -void ep4_mul_sim_inter(ep4_t r, ep4_t p, bn_t k, ep4_t q, bn_t m); +void ep4_mul_sim_inter(ep4_t r, const ep4_t p, const bn_t k, const ep4_t q, const bn_t m); /** * Multiplies and adds two prime elliptic curve points simultaneously using @@ -1712,18 +1712,18 @@ void ep4_mul_sim_inter(ep4_t r, ep4_t p, bn_t k, ep4_t q, bn_t m); * @param[in] q - the second point to multiply. * @param[in] m - the second integer, */ -void ep4_mul_sim_joint(ep4_t r, ep4_t p, bn_t k, ep4_t q, bn_t m); +void ep4_mul_sim_joint(ep4_t r, const ep4_t p, const bn_t k, const ep4_t q, const bn_t m); /** * Multiplies simultaneously elements from a prime elliptic curve. * Computes R = \Sum_i=0..n k_iP_i. * * @param[out] r - the result. - * @param[out] p - the points to multiply. - * @param[out] k - the integer scalars. - * @param[out] n - the number of elements to multiply. + * @param[in] p - the points to multiply. + * @param[in] k - the integer scalars. + * @param[in] n - the number of elements to multiply. */ -void ep4_mul_sim_lot(ep4_t r, ep4_t p[], const bn_t k[], int n); +void ep4_mul_sim_lot(ep4_t r, const ep4_t p[], const bn_t k[], int n); /** * Multiplies and adds the generator and a prime elliptic curve point @@ -1734,7 +1734,7 @@ void ep4_mul_sim_lot(ep4_t r, ep4_t p[], const bn_t k[], int n); * @param[in] q - the second point to multiply. * @param[in] m - the second integer, */ -void ep4_mul_sim_gen(ep4_t r, bn_t k, ep4_t q, bn_t m); +void ep4_mul_sim_gen(ep4_t r, const bn_t k, const ep4_t q, const bn_t m); /** * Multiplies prime elliptic curve points by small scalars. @@ -1745,7 +1745,7 @@ void ep4_mul_sim_gen(ep4_t r, bn_t k, ep4_t q, bn_t m); * @param[in] k - the small scalars. * @param[in] len - the number of points to multiply. */ -void ep4_mul_sim_dig(ep4_t r, ep4_t p[], dig_t k[], int len); +void ep4_mul_sim_dig(ep4_t r, const ep4_t p[], const dig_t k[], int len); /** * Converts a point to affine coordinates. @@ -1753,7 +1753,7 @@ void ep4_mul_sim_dig(ep4_t r, ep4_t p[], dig_t k[], int len); * @param[out] r - the result. * @param[in] p - the point to convert. */ -void ep4_norm(ep4_t r, ep4_t p); +void ep4_norm(ep4_t r, const ep4_t p); /** * Converts multiple points to affine coordinates. @@ -1762,7 +1762,7 @@ void ep4_norm(ep4_t r, ep4_t p); * @param[in] t - the points to convert. * @param[in] n - the number of points. */ -void ep4_norm_sim(ep4_t *r, ep4_t *t, int n); +void ep4_norm_sim(ep4_t *r, const ep4_t *t, int n); /** * Maps a byte array to a point in an elliptic curve over a quartic extension. @@ -1797,7 +1797,7 @@ void ep4_map_dst(ep4_t p, const uint8_t *msg, int len, const uint8_t *dst, int d * @param[in] p - a point in affine coordinates. * @param[in] i - the power of the Frobenius map. */ -void ep4_frb(ep4_t r, ep4_t p, int i); +void ep4_frb(ep4_t r, const ep4_t p, int i); /** * Compresses a point in an elliptic curve over a quartic extension. @@ -1805,7 +1805,7 @@ void ep4_frb(ep4_t r, ep4_t p, int i); * @param[out] r - the result. * @param[in] p - the point to compress. */ -void ep4_pck(ep4_t r, ep4_t p); +void ep4_pck(ep4_t r, const ep4_t p); /** * Decompresses a point in an elliptic curve over a quartic extension. @@ -1814,6 +1814,6 @@ void ep4_pck(ep4_t r, ep4_t p); * @param[in] p - the point to decompress. * @return if the decompression was successful */ -int ep4_upk(ep4_t r, ep4_t p); +int ep4_upk(ep4_t r, const ep4_t p); #endif /* !RLC_EPX_H */ diff --git a/include/relic_err.h b/include/relic_err.h index e16f71fe0..df5f37af3 100644 --- a/include/relic_err.h +++ b/include/relic_err.h @@ -33,7 +33,6 @@ #define RLC_ERR_H #include -#include #include #include #include @@ -43,6 +42,10 @@ #include "relic_util.h" #include "relic_label.h" +#ifdef CHECK +#include +#endif + /*============================================================================*/ /* Constant definitions */ /*============================================================================*/ @@ -94,6 +97,9 @@ enum errors { */ typedef int err_t; + +#ifdef CHECK + /** * Type that describes an error status, including the error code and the program * location where the error occurred. @@ -107,6 +113,8 @@ typedef struct _sts_t { int block; } sts_t; +#endif + /*============================================================================*/ /* Macro definitions */ /*============================================================================*/ diff --git a/include/relic_fbx.h b/include/relic_fbx.h index 54d7d6c63..7cfb0b1c6 100644 --- a/include/relic_fbx.h +++ b/include/relic_fbx.h @@ -163,7 +163,7 @@ typedef fb_t fb2_t[2]; * @param[in] a - the quadratic extension binary field element. * @param[in] b - the quadratic extension binary field element. */ -void fb2_mul(fb2_t c, fb2_t a, fb2_t b); +void fb2_mul(fb2_t c, const fb2_t a, const fb2_t b); /** * Multiples a quadratic extension field element by a quadratic non-residue. @@ -173,7 +173,7 @@ void fb2_mul(fb2_t c, fb2_t a, fb2_t b); * @param[in] a - the quadratic extension binary field element. * @param[in] b - the quadratic extension binary field element. */ - void fb2_mul_nor(fb2_t c, fb2_t a); + void fb2_mul_nor(fb2_t c, const fb2_t a); /** * Computes the square of a quadratic extension field element. Computes @@ -182,7 +182,7 @@ void fb2_mul(fb2_t c, fb2_t a, fb2_t b); * @param[out] c - the result. * @param[in] a - the binary field element to square. */ -void fb2_sqr(fb2_t c, fb2_t a); +void fb2_sqr(fb2_t c, const fb2_t a); /** * Solves a quadratic equation for c, Tr(a) = 0. Computes c such that @@ -191,7 +191,7 @@ void fb2_sqr(fb2_t c, fb2_t a); * @param[out] c - the result. * @param[in] a - the quadratic extension field element. */ -void fb2_slv(fb2_t c, fb2_t a); +void fb2_slv(fb2_t c, const fb2_t a); /** * Inverts a quadratic extension field element. Computes c = a^{-1}. @@ -199,6 +199,6 @@ void fb2_slv(fb2_t c, fb2_t a); * @param[out] c - the result. * @param[in] a - the quadratic extension field element to invert. */ -void fb2_inv(fb2_t c, fb2_t a); +void fb2_inv(fb2_t c, const fb2_t a); #endif /* !RLC_FBX_H */ diff --git a/include/relic_fp.h b/include/relic_fp.h index 3dcb38180..506133096 100644 --- a/include/relic_fp.h +++ b/include/relic_fp.h @@ -112,6 +112,12 @@ enum { BN_256, /** 256-bit prime provided for BN curve standardized in China. */ SM9_256, + /** 315-bit prime for BLS curve of embedding degree 24 (SNARKs). */ + B24_315, + /** 317-bit prime for BLS curve of embedding degree 24 (SNARKs). */ + B24_317, + /** 381-bit prime for BLS curve of embedding degree 12 (SNARKs). */ + B12_377, /** 381-bit prime for BLS curve of embedding degree 12 (Zcash). */ B12_381, /** 382-bit prime provided by Barreto for BN curve. */ @@ -360,10 +366,30 @@ typedef rlc_align dig_t fp_st[RLC_FP_DIGS + RLC_PAD(RLC_FP_BYTES)/(RLC_DIG / 8)] #define fp_inv(C, A) fp_inv_exgcd(C, A) #elif FP_INV == DIVST #define fp_inv(C, A) fp_inv_divst(C, A) +#elif FP_INV == JMPDS +#define fp_inv(C, A) fp_inv_jmpds(C, A) #elif FP_INV == LOWER #define fp_inv(C, A) fp_inv_lower(C, A) #endif +/** + * Computes the Legendre symbol of a prime field element. Computes C = (A|P). + * + * @param[out] C - the result. + * @param[in] A - the prime field element to compute. + */ +#if FP_SMB == BASIC +#define fp_smb(A) fp_smb_basic(A) +#elif FP_SMB == BINAR +#define fp_smb(A) fp_smb_binar(A) +#elif FP_SMB == DIVST +#define fp_smb(A) fp_smb_divst(A) +#elif FP_SMB == JMPDS +#define fp_smb(A) fp_smb_jmpds(A) +#elif FP_SMB == LOWER +#define fp_smb(A) fp_smb_lower(A) +#endif + /** * Exponentiates a prime field element. Computes C = A^B (mod p). * @@ -1029,6 +1055,16 @@ void fp_inv_exgcd(fp_t c, const fp_t a); */ void fp_inv_divst(fp_t c, const fp_t a); +/** + * Inverts a prime field element using the constant-time jump division step + * by Bernstein and Bo-Yin Yang. + * + * @param[out] c - the result. + * @param[in] a - the prime field element to invert. + * @throw ERR_NO_VALID - if the field element is not invertible. + */ +void fp_inv_jmpds(fp_t c, const fp_t a); + /** * Inverts a prime field element using a direct call to the lower layer. * @@ -1047,6 +1083,49 @@ void fp_inv_lower(fp_t c, const fp_t a); */ void fp_inv_sim(fp_t *c, const fp_t *a, int n); +/** + * Computes Legendre symbol of a prime field element using exponentiation. + * + * @param[in] a - the prime field element to compute. + * @return the result. + */ +int fp_smb_basic(const fp_t a); + +/** + * Computes Legendre symbol of a prime field element using the binary method. + * + * @param[in] a - the prime field element to compute. + * @return the result. + */ +int fp_smb_binar(const fp_t a); + +/** + * Computes Legendre symbol of a prime field element using the constant-time + * division step approach by Bernstein and Bo-Yin Yang. + * + * @param[in] a - the prime field element to compute. + * @return the result. + */ +int fp_smb_divst(const fp_t a); + +/** + * Computes Legendre symbol of a prime field element using the constant-time + * jump division step approach by Bernstein and Bo-Yin Yang. + * + * @param[in] a - the prime field element to compute. + * @return the result. + */ +int fp_smb_jmpds(const fp_t a); + +/** + * Computes Legendre symbol a prime field element using a direct call to the + * lower layer. + * + * @param[in] a - the prime field element to invert. + * @return the result. + */ +int fp_smb_lower(const fp_t a); + /** * Exponentiates a prime field element using the binary * method. diff --git a/include/relic_fpx.h b/include/relic_fpx.h index 7125f2b36..8da844833 100644 --- a/include/relic_fpx.h +++ b/include/relic_fpx.h @@ -1282,7 +1282,7 @@ int fp2_field_get_qnr(void); * @param[out] c - the result. * @param[in] a - the quadratic extension field element to copy. */ -void fp2_copy(fp2_t c, fp2_t a); +void fp2_copy(fp2_t c, const fp2_t a); /** * Assigns zero to a quadratic extension field element. @@ -1297,7 +1297,7 @@ void fp2_zero(fp2_t a); * @param[in] a - the quadratic extension field element to test. * @return 1 if the argument is zero, 0 otherwise. */ -int fp2_is_zero(fp2_t a); +int fp2_is_zero(const fp2_t a); /** * Assigns a random value to a quadratic extension field element. @@ -1311,7 +1311,7 @@ void fp2_rand(fp2_t a); * * @param[in] a - the quadratic extension field element to print. */ -void fp2_print(fp2_t a); +void fp2_print(const fp2_t a); /** * Returns the number of bytes necessary to store a quadratic extension field @@ -1344,7 +1344,7 @@ void fp2_read_bin(fp2_t a, const uint8_t *bin, int len); * @param[in] pack - the flag to indicate compression. * @throw ERR_NO_BUFFER - if the buffer capacity is not correct. */ -void fp2_write_bin(uint8_t *bin, int len, fp2_t a, int pack); +void fp2_write_bin(uint8_t *bin, int len, const fp2_t a, int pack); /** * Returns the result of a comparison between two quadratic extension field @@ -1354,7 +1354,7 @@ void fp2_write_bin(uint8_t *bin, int len, fp2_t a, int pack); * @param[in] b - the second quadratic extension field element. * @return RLC_EQ if a == b, and RLC_NE otherwise. */ -int fp2_cmp(fp2_t a, fp2_t b); +int fp2_cmp(const fp2_t a, const fp2_t b); /** * Returns the result of a signed comparison between a quadratic extension field @@ -1364,7 +1364,7 @@ int fp2_cmp(fp2_t a, fp2_t b); * @param[in] b - the digit. * @return RLC_EQ if a == b, and RLC_NE otherwise. */ -int fp2_cmp_dig(fp2_t a, dig_t b); +int fp2_cmp_dig(const fp2_t a, const dig_t b); /** * Assigns a quadratic extension field element to a digit. @@ -1372,7 +1372,7 @@ int fp2_cmp_dig(fp2_t a, dig_t b); * @param[in] a - the quadratic extension field element. * @param[in] b - the digit. */ -void fp2_set_dig(fp2_t a, dig_t b); +void fp2_set_dig(fp2_t a, const dig_t b); /** * Adds two quadratic extension field elements using basic arithmetic. @@ -1381,7 +1381,7 @@ void fp2_set_dig(fp2_t a, dig_t b); * @param[in] a - the first quadratic extension field element. * @param[in] b - the second quadratic extension field element. */ -void fp2_add_basic(fp2_t c, fp2_t a, fp2_t b); +void fp2_add_basic(fp2_t c, const fp2_t a, const fp2_t b); /** * Adds two quadratic extension field elements using integrated modular @@ -1391,7 +1391,7 @@ void fp2_add_basic(fp2_t c, fp2_t a, fp2_t b); * @param[in] a - the first quadratic extension field element. * @param[in] b - the second quadratic extension field element. */ -void fp2_add_integ(fp2_t c, fp2_t a, fp2_t b); +void fp2_add_integ(fp2_t c, const fp2_t a, const fp2_t b); /** * Subtracts a quadratic extension field element from another using basic @@ -1401,7 +1401,7 @@ void fp2_add_integ(fp2_t c, fp2_t a, fp2_t b); * @param[in] a - the first quadratic extension field element. * @param[in] b - the second quadratic extension field element. */ -void fp2_sub_basic(fp2_t c, fp2_t a, fp2_t b); +void fp2_sub_basic(fp2_t c, const fp2_t a, const fp2_t b); /** * Subtracts a quadratic extension field element from another using integrated @@ -1411,7 +1411,7 @@ void fp2_sub_basic(fp2_t c, fp2_t a, fp2_t b); * @param[in] a - the first quadratic extension field element. * @param[in] b - the second quadratic extension field element. */ -void fp2_sub_integ(fp2_t c, fp2_t a, fp2_t b); +void fp2_sub_integ(fp2_t c, const fp2_t a, const fp2_t b); /** * Negates a quadratic extension field element. @@ -1419,7 +1419,7 @@ void fp2_sub_integ(fp2_t c, fp2_t a, fp2_t b); * @param[out] c - the result. * @param[out] a - the quadratic extension field element to negate. */ -void fp2_neg(fp2_t c, fp2_t a); +void fp2_neg(fp2_t c, const fp2_t a); /** * Doubles a quadratic extension field element using basic arithmetic. @@ -1427,7 +1427,7 @@ void fp2_neg(fp2_t c, fp2_t a); * @param[out] c - the result. * @param[in] a - the quadratic extension field element to double. */ -void fp2_dbl_basic(fp2_t c, fp2_t a); +void fp2_dbl_basic(fp2_t c, const fp2_t a); /** * Doubles a quadratic extension field element using integrated modular @@ -1436,7 +1436,7 @@ void fp2_dbl_basic(fp2_t c, fp2_t a); * @param[out] c - the result. * @param[in] a - the quadratic extension field element to double. */ -void fp2_dbl_integ(fp2_t c, fp2_t a); +void fp2_dbl_integ(fp2_t c, const fp2_t a); /** * Multiples two quadratic extension field elements using basic arithmetic. @@ -1445,7 +1445,7 @@ void fp2_dbl_integ(fp2_t c, fp2_t a); * @param[in] a - the first quadratic extension field element. * @param[in] b - the second quadratic extension field element. */ -void fp2_mul_basic(fp2_t c, fp2_t a, fp2_t b); +void fp2_mul_basic(fp2_t c, const fp2_t a, const fp2_t b); /** * Multiples two quadratic extension field elements using integrated modular @@ -1455,7 +1455,7 @@ void fp2_mul_basic(fp2_t c, fp2_t a, fp2_t b); * @param[in] a - the first quadratic extension field element. * @param[in] b - the second quadratic extension field element. */ -void fp2_mul_integ(fp2_t c, fp2_t a, fp2_t b); +void fp2_mul_integ(fp2_t c, const fp2_t a, const fp2_t b); /** * Multiplies a quadratic extension field element by the adjoined root. @@ -1464,7 +1464,7 @@ void fp2_mul_integ(fp2_t c, fp2_t a, fp2_t b); * @param[out] c - the result. * @param[in] a - the quadratic extension field element to multiply. */ -void fp2_mul_art(fp2_t c, fp2_t a); +void fp2_mul_art(fp2_t c, const fp2_t a); /** * Multiplies a quadratic extension field element by a quadratic/cubic @@ -1473,7 +1473,7 @@ void fp2_mul_art(fp2_t c, fp2_t a); * @param[out] c - the result. * @param[in] a - the quadratic extension field element to multiply. */ -void fp2_mul_nor_basic(fp2_t c, fp2_t a); +void fp2_mul_nor_basic(fp2_t c, const fp2_t a); /** * Multiplies a quadratic extension field element by a quadratic/cubic @@ -1482,7 +1482,7 @@ void fp2_mul_nor_basic(fp2_t c, fp2_t a); * @param[out] c - the result. * @param[in] a - the quadratic extension field element to multiply. */ -void fp2_mul_nor_integ(fp2_t c, fp2_t a); +void fp2_mul_nor_integ(fp2_t c, const fp2_t a); /** * Multiplies a quadratic extension field element by a power of the constant @@ -1493,7 +1493,7 @@ void fp2_mul_nor_integ(fp2_t c, fp2_t a); * @param[in] i - the power of the Frobenius map. * @param[in] j - the power of the constant. */ -void fp2_mul_frb(fp2_t c, fp2_t a, int i, int j); +void fp2_mul_frb(fp2_t c, const fp2_t a, int i, int j); /** * Multiplies a quadratic extension field element by a digit. @@ -1512,7 +1512,7 @@ void fp2_mul_dig(fp2_t c, const fp2_t a, dig_t b); * @param[out] c - the result. * @param[in] a - the quadratic extension field element to square. */ -void fp2_sqr_basic(fp2_t c, fp2_t a); +void fp2_sqr_basic(fp2_t c, const fp2_t a); /** * Computes the square of a quadratic extension field element using integrated @@ -1521,7 +1521,7 @@ void fp2_sqr_basic(fp2_t c, fp2_t a); * @param[out] c - the result. * @param[in] a - the quadratic extension field element to square. */ -void fp2_sqr_integ(fp2_t c, fp2_t a); +void fp2_sqr_integ(fp2_t c, const fp2_t a); /** * Inverts a quadratic extension field element. Computes c = 1/a. @@ -1529,7 +1529,7 @@ void fp2_sqr_integ(fp2_t c, fp2_t a); * @param[out] c - the result. * @param[in] a - the quadratic extension field element to invert. */ -void fp2_inv(fp2_t c, fp2_t a); +void fp2_inv(fp2_t c, const fp2_t a); /** * Computes the inverse of a cyclotomic quadratic extension field element. @@ -1537,7 +1537,7 @@ void fp2_inv(fp2_t c, fp2_t a); * @param[out] c - the result. * @param[in] a - the quadratic extension field element to invert. */ -void fp2_inv_cyc(fp2_t c, fp2_t a); +void fp2_inv_cyc(fp2_t c, const fp2_t a); /** * Inverts multiple quadratic extension field elements simultaneously. @@ -1546,7 +1546,7 @@ void fp2_inv_cyc(fp2_t c, fp2_t a); * @param[in] a - the quadratic extension field elements to invert. * @param[in] n - the number of elements. */ -void fp2_inv_sim(fp2_t *c, fp2_t *a, int n); +void fp2_inv_sim(fp2_t *c, const fp2_t *a, int n); /** * Tests if a quadratic extension field element is cyclotomic. @@ -1554,7 +1554,7 @@ void fp2_inv_sim(fp2_t *c, fp2_t *a, int n); * @param[in] a - the quadratic extension field element to test. * @return 1 if the extension field element is cyclotomic, 0 otherwise. */ -int fp2_test_cyc(fp2_t a); +int fp2_test_cyc(const fp2_t a); /** * Converts a quadratic extension field element to a cyclotomic element. @@ -1563,7 +1563,7 @@ int fp2_test_cyc(fp2_t a); * @param[out] c - the result. * @param[in] a - the quadratic extension field element. */ -void fp2_conv_cyc(fp2_t c, fp2_t a); +void fp2_conv_cyc(fp2_t c, const fp2_t a); /** * Computes a power of a quadratic extension field element. @@ -1572,7 +1572,7 @@ void fp2_conv_cyc(fp2_t c, fp2_t a); * @param[in] a - the quadratic extension element to exponentiate. * @param[in] b - the exponent. */ -void fp2_exp(fp2_t c, fp2_t a, bn_t b); +void fp2_exp(fp2_t c, const fp2_t a, const bn_t b); /** * Computes a power of a quadratic extension field element by a small exponent. @@ -1581,7 +1581,7 @@ void fp2_exp(fp2_t c, fp2_t a, bn_t b); * @param[in] a - the basis. * @param[in] b - the exponent. */ -void fp2_exp_dig(fp2_t c, fp2_t a, dig_t b); +void fp2_exp_dig(fp2_t c, const fp2_t a, dig_t b); /** * Computes a power of a cyclotomic quadratic extension field element. @@ -1590,7 +1590,7 @@ void fp2_exp_dig(fp2_t c, fp2_t a, dig_t b); * @param[in] a - the cyclotomic element to exponentiate. * @param[in] b - the exponent. */ -void fp2_exp_cyc(fp2_t c, fp2_t a, bn_t b); +void fp2_exp_cyc(fp2_t c, const fp2_t a, const bn_t b); /** * Computes a power of the Frobenius map of a quadratic extension field element. @@ -1601,7 +1601,7 @@ void fp2_exp_cyc(fp2_t c, fp2_t a, bn_t b); * @param[in] a - the quadratic extension element to conjugate. * @param[in] i - the power of the Frobenius map. */ -void fp2_frb(fp2_t c, fp2_t a, int i); +void fp2_frb(fp2_t c, const fp2_t a, int i); /** * Extracts the square root of a quadratic extension field element. Computes @@ -1611,7 +1611,7 @@ void fp2_frb(fp2_t c, fp2_t a, int i); * @param[in] a - the extension field element. * @return - 1 if there is a square root, 0 otherwise. */ -int fp2_srt(fp2_t c, fp2_t a); +int fp2_srt(fp2_t c, const fp2_t a); /** * Compresses an extension field element. @@ -1619,7 +1619,7 @@ int fp2_srt(fp2_t c, fp2_t a); * @param[out] c - the result. * @param[in] a - the extension field element to compress. */ -void fp2_pck(fp2_t c, fp2_t a); +void fp2_pck(fp2_t c, const fp2_t a); /** * Decompresses a quadratic extension field element. @@ -1628,7 +1628,7 @@ void fp2_pck(fp2_t c, fp2_t a); * @param[in] a - the quadratic extension field element. * @return if the decompression was successful */ -int fp2_upk(fp2_t c, fp2_t a); +int fp2_upk(fp2_t c, const fp2_t a); /** * Initializes the cubic extension field arithmetic module. @@ -1641,7 +1641,7 @@ void fp3_field_init(void); * @param[out] c - the result. * @param[in] a - the cubic extension field element to copy. */ -void fp3_copy(fp3_t c, fp3_t a); +void fp3_copy(fp3_t c, const fp3_t a); /** * Assigns zero to a cubic extension field element. @@ -1656,7 +1656,7 @@ void fp3_zero(fp3_t a); * @param[in] a - the cubic extension field element to test. * @return 1 if the argument is zero, 0 otherwise. */ -int fp3_is_zero(fp3_t a); +int fp3_is_zero(const fp3_t a); /** * Assigns a random value to a cubic extension field element. @@ -1670,7 +1670,7 @@ void fp3_rand(fp3_t a); * * @param[in] a - the cubic extension field element to print. */ -void fp3_print(fp3_t a); +void fp3_print(const fp3_t a); /** * Returns the number of bytes necessary to store a cubic extension field @@ -1701,7 +1701,7 @@ void fp3_read_bin(fp3_t a, const uint8_t *bin, int len); * @param[in] a - the extension field element to write. * @throw ERR_NO_BUFFER - if the buffer capacity is not correct. */ -void fp3_write_bin(uint8_t *bin, int len, fp3_t a); +void fp3_write_bin(uint8_t *bin, int len, const fp3_t a); /** * Returns the result of a comparison between two cubic extension field @@ -1711,7 +1711,7 @@ void fp3_write_bin(uint8_t *bin, int len, fp3_t a); * @param[in] b - the second cubic extension field element. * @return RLC_EQ if a == b, and RLC_NE otherwise. */ -int fp3_cmp(fp3_t a, fp3_t b); +int fp3_cmp(const fp3_t a, const fp3_t b); /** * Returns the result of a signed comparison between a cubic extension field @@ -1721,7 +1721,7 @@ int fp3_cmp(fp3_t a, fp3_t b); * @param[in] b - the digit. * @return RLC_EQ if a == b, and RLC_NE otherwise. */ -int fp3_cmp_dig(fp3_t a, dig_t b); +int fp3_cmp_dig(const fp3_t a, const dig_t b); /** * Assigns a cubic extension field element to a digit. @@ -1729,7 +1729,7 @@ int fp3_cmp_dig(fp3_t a, dig_t b); * @param[in] a - the cubic extension field element. * @param[in] b - the digit. */ -void fp3_set_dig(fp3_t a, dig_t b); +void fp3_set_dig(fp3_t a, const dig_t b); /** * Adds two cubic extension field elements using basic arithmetic. @@ -1738,7 +1738,7 @@ void fp3_set_dig(fp3_t a, dig_t b); * @param[in] a - the first cubic extension field element. * @param[in] b - the second cubic extension field element. */ -void fp3_add_basic(fp3_t c, fp3_t a, fp3_t b); +void fp3_add_basic(fp3_t c, const fp3_t a, const fp3_t b); /** * Adds two cubic extension field elements using integrated modular reduction. @@ -1747,7 +1747,7 @@ void fp3_add_basic(fp3_t c, fp3_t a, fp3_t b); * @param[in] a - the first cubic extension field element. * @param[in] b - the second cubic extension field element. */ -void fp3_add_integ(fp3_t c, fp3_t a, fp3_t b); +void fp3_add_integ(fp3_t c, const fp3_t a, const fp3_t b); /** * Subtracts a cubic extension field element from another using basic @@ -1757,7 +1757,7 @@ void fp3_add_integ(fp3_t c, fp3_t a, fp3_t b); * @param[in] a - the first cubic extension field element. * @param[in] b - the second cubic extension field element. */ -void fp3_sub_basic(fp3_t c, fp3_t a, fp3_t b); +void fp3_sub_basic(fp3_t c, const fp3_t a, const fp3_t b); /** * Subtracts a cubic extension field element from another using integrated @@ -1767,7 +1767,7 @@ void fp3_sub_basic(fp3_t c, fp3_t a, fp3_t b); * @param[in] a - the first cubic extension field element. * @param[in] b - the second cubic extension field element. */ -void fp3_sub_integ(fp3_t c, fp3_t a, fp3_t b); +void fp3_sub_integ(fp3_t c, const fp3_t a, const fp3_t b); /** * Negates a cubic extension field element. Computes c = -a. @@ -1775,7 +1775,7 @@ void fp3_sub_integ(fp3_t c, fp3_t a, fp3_t b); * @param[out] c - the result. * @param[out] a - the cubic extension field element to negate. */ -void fp3_neg(fp3_t c, fp3_t a); +void fp3_neg(fp3_t c, const fp3_t a); /** * Doubles a cubic extension field element using basic arithmetic. @@ -1783,7 +1783,7 @@ void fp3_neg(fp3_t c, fp3_t a); * @param[out] c - the result. * @param[in] a - the cubic extension field element to double. */ -void fp3_dbl_basic(fp3_t c, fp3_t a); +void fp3_dbl_basic(fp3_t c, const fp3_t a); /** * Doubles a cubic extension field element using integrated modular reduction. @@ -1791,7 +1791,7 @@ void fp3_dbl_basic(fp3_t c, fp3_t a); * @param[out] c - the result. * @param[in] a - the cubic extension field element to double. */ -void fp3_dbl_integ(fp3_t c, fp3_t a); +void fp3_dbl_integ(fp3_t c, const fp3_t a); /** * Multiples two cubic extension field elements using basic arithmetic. @@ -1800,7 +1800,7 @@ void fp3_dbl_integ(fp3_t c, fp3_t a); * @param[in] a - the first cubic extension field element. * @param[in] b - the second cubic extension field element. */ -void fp3_mul_basic(fp3_t c, fp3_t a, fp3_t b); +void fp3_mul_basic(fp3_t c, const fp3_t a, const fp3_t b); /** * Multiples two cubic extension field elements using integrated modular @@ -1810,7 +1810,7 @@ void fp3_mul_basic(fp3_t c, fp3_t a, fp3_t b); * @param[in] a - the first cubic extension field element. * @param[in] b - the second cubic extension field element. */ -void fp3_mul_integ(fp3_t c, fp3_t a, fp3_t b); +void fp3_mul_integ(fp3_t c, const fp3_t a, const fp3_t b); /** * Multiplies a cubic extension field element by a cubic non-residue. @@ -1818,7 +1818,7 @@ void fp3_mul_integ(fp3_t c, fp3_t a, fp3_t b); * @param[out] c - the result. * @param[in] a - the cubic extension field element to multiply. */ -void fp3_mul_nor(fp3_t c, fp3_t a); +void fp3_mul_nor(fp3_t c, const fp3_t a); /** * Multiplies a cubic extension field element by a power of the constant @@ -1831,7 +1831,7 @@ void fp3_mul_nor(fp3_t c, fp3_t a); * @param[in] i - the power of the Frobenius map. * @param[in] j - the power of the constant. */ -void fp3_mul_frb(fp3_t c, fp3_t a, int i, int j); +void fp3_mul_frb(fp3_t c, const fp3_t a, int i, int j); /** * Computes the square of a cubic extension field element using basic @@ -1840,7 +1840,7 @@ void fp3_mul_frb(fp3_t c, fp3_t a, int i, int j); * @param[out] c - the result. * @param[in] a - the cubic extension field element to square. */ -void fp3_sqr_basic(fp3_t c, fp3_t a); +void fp3_sqr_basic(fp3_t c, const fp3_t a); /** * Computes the square of a cubic extension field element using integrated @@ -1849,7 +1849,7 @@ void fp3_sqr_basic(fp3_t c, fp3_t a); * @param[out] c - the result. * @param[in] a - the cubic extension field element to square. */ -void fp3_sqr_integ(fp3_t c, fp3_t a); +void fp3_sqr_integ(fp3_t c, const fp3_t a); /** * Inverts a cubic extension field element. Computes c = 1/a. @@ -1857,7 +1857,7 @@ void fp3_sqr_integ(fp3_t c, fp3_t a); * @param[out] c - the result. * @param[in] a - the cubic extension field element to invert. */ -void fp3_inv(fp3_t c, fp3_t a); +void fp3_inv(fp3_t c, const fp3_t a); /** * Inverts multiple cubic extension field elements simultaneously. @@ -1866,7 +1866,7 @@ void fp3_inv(fp3_t c, fp3_t a); * @param[in] a - the cubic extension field elements to invert. * @param[in] n - the number of elements. */ -void fp3_inv_sim(fp3_t *c, fp3_t *a, int n); +void fp3_inv_sim(fp3_t *c, const fp3_t *a, int n); /** * Computes a power of a cubic extension field element. Computes c = a^b. @@ -1875,7 +1875,7 @@ void fp3_inv_sim(fp3_t *c, fp3_t *a, int n); * @param[in] a - the cubic extension element to exponentiate. * @param[in] b - the exponent. */ -void fp3_exp(fp3_t c, fp3_t a, bn_t b); +void fp3_exp(fp3_t c, const fp3_t a, const bn_t b); /** * Computes a power of the Frobenius map of a cubic extension field element. @@ -1884,7 +1884,7 @@ void fp3_exp(fp3_t c, fp3_t a, bn_t b); * @param[in] a - the cubic extension element to exponentiate. * @param[in] i - the power of the Frobenius map. */ -void fp3_frb(fp3_t c, fp3_t a, int i); +void fp3_frb(fp3_t c, const fp3_t a, int i); /** * Extracts the square root of a cubic extension field element. Computes @@ -1894,7 +1894,7 @@ void fp3_frb(fp3_t c, fp3_t a, int i); * @param[in] a - the extension field element. * @return - 1 if there is a square root, 0 otherwise. */ -int fp3_srt(fp3_t c, fp3_t a); +int fp3_srt(fp3_t c, const fp3_t a); /** * Initializes the quartic extension field arithmetic module. @@ -1907,7 +1907,7 @@ void fp4_field_init(void); * @param[out] c - the result. * @param[in] a - the sextic extension field element to copy. */ -void fp4_copy(fp4_t c, fp4_t a); +void fp4_copy(fp4_t c, const fp4_t a); /** * Assigns zero to a quartic extension field element. @@ -1922,7 +1922,7 @@ void fp4_zero(fp4_t a); * @param[in] a - the quartic extension field element to test. * @return 1 if the argument is zero, 0 otherwise. */ -int fp4_is_zero(fp4_t a); +int fp4_is_zero(const fp4_t a); /** * Assigns a random value to a quartic extension field element. @@ -1936,7 +1936,7 @@ void fp4_rand(fp4_t a); * * @param[in] a - the quartic extension field element to print. */ -void fp4_print(fp4_t a); +void fp4_print(const fp4_t a); /** * Returns the number of bytes necessary to store a quartic extension field @@ -1967,7 +1967,7 @@ void fp4_read_bin(fp4_t a, const uint8_t *bin, int len); * @param[in] a - the extension field element to write. * @throw ERR_NO_BUFFER - if the buffer capacity is not correct. */ -void fp4_write_bin(uint8_t *bin, int len, fp4_t a); +void fp4_write_bin(uint8_t *bin, int len, const fp4_t a); /** * Returns the result of a comparison between two quartic extension field @@ -1977,7 +1977,7 @@ void fp4_write_bin(uint8_t *bin, int len, fp4_t a); * @param[in] b - the second quartic extension field element. * @return RLC_EQ if a == b, and RLC_NE otherwise. */ -int fp4_cmp(fp4_t a, fp4_t b); +int fp4_cmp(const fp4_t a, const fp4_t b); /** * Returns the result of a signed comparison between a quartic extension field @@ -1987,7 +1987,7 @@ int fp4_cmp(fp4_t a, fp4_t b); * @param[in] b - the digit. * @return RLC_EQ if a == b, and RLC_NE otherwise. */ -int fp4_cmp_dig(fp4_t a, dig_t b); +int fp4_cmp_dig(const fp4_t a, const dig_t b); /** * Assigns a quartic extension field element to a digit. @@ -1995,7 +1995,7 @@ int fp4_cmp_dig(fp4_t a, dig_t b); * @param[in] a - the quartic extension field element. * @param[in] b - the digit. */ -void fp4_set_dig(fp4_t a, dig_t b); +void fp4_set_dig(fp4_t a, const dig_t b); /** * Adds two quartic extension field elements. Computes c = a + b. @@ -2004,7 +2004,7 @@ void fp4_set_dig(fp4_t a, dig_t b); * @param[in] a - the first quartic extension field element. * @param[in] b - the second quartic extension field element. */ -void fp4_add(fp4_t c, fp4_t a, fp4_t b); +void fp4_add(fp4_t c, const fp4_t a, const fp4_t b); /** * Subtracts a quartic extension field element from another. Computes @@ -2014,7 +2014,7 @@ void fp4_add(fp4_t c, fp4_t a, fp4_t b); * @param[in] a - the quartic extension field element. * @param[in] b - the quartic extension field element. */ -void fp4_sub(fp4_t c, fp4_t a, fp4_t b); +void fp4_sub(fp4_t c, const fp4_t a, const fp4_t b); /** * Negates a quartic extension field element. Computes c = -a. @@ -2022,7 +2022,7 @@ void fp4_sub(fp4_t c, fp4_t a, fp4_t b); * @param[out] c - the result. * @param[out] a - the quartic extension field element to negate. */ -void fp4_neg(fp4_t c, fp4_t a); +void fp4_neg(fp4_t c, const fp4_t a); /** * Doubles a quartic extension field element. Computes c = 2 * a. @@ -2030,7 +2030,7 @@ void fp4_neg(fp4_t c, fp4_t a); * @param[out] c - the result. * @param[in] a - the quartic extension field element to double. */ -void fp4_dbl(fp4_t c, fp4_t a); +void fp4_dbl(fp4_t c, const fp4_t a); /** * Multiples two quartic extension field elements without performing modular @@ -2040,7 +2040,7 @@ void fp4_dbl(fp4_t c, fp4_t a); * @param[in] a - the quartic extension field element. * @param[in] b - the quartic extension field element. */ -void fp4_mul_unr(dv4_t c, fp4_t a, fp4_t b); +void fp4_mul_unr(dv4_t c, const fp4_t a, const fp4_t b); /** * Multiples two quartic extension field elements. @@ -2049,7 +2049,7 @@ void fp4_mul_unr(dv4_t c, fp4_t a, fp4_t b); * @param[in] a - the quartic extension field element. * @param[in] b - the quartic extension field element. */ -void fp4_mul_basic(fp4_t c, fp4_t a, fp4_t b); +void fp4_mul_basic(fp4_t c, const fp4_t a, const fp4_t b); /** * Multiples two quartic extension field elements using lazy reduction. @@ -2058,7 +2058,7 @@ void fp4_mul_basic(fp4_t c, fp4_t a, fp4_t b); * @param[in] a - the quartic extension field element. * @param[in] b - the quartic extension field element. */ -void fp4_mul_lazyr(fp4_t c, fp4_t a, fp4_t b); +void fp4_mul_lazyr(fp4_t c, const fp4_t a, const fp4_t b); /** * Multiplies a quartic extension field element by the adjoined root. @@ -2066,7 +2066,7 @@ void fp4_mul_lazyr(fp4_t c, fp4_t a, fp4_t b); * @param[out] c - the result. * @param[in] a - the quartic extension field element to multiply. */ -void fp4_mul_art(fp4_t c, fp4_t a); +void fp4_mul_art(fp4_t c, const fp4_t a); /** * Multiplies a quartic extension field element by a power of the constant @@ -2077,7 +2077,7 @@ void fp4_mul_art(fp4_t c, fp4_t a); * @param[in] i - the power of the Frobenius map. * @param[in] j - the power of the constant. */ -void fp4_mul_frb(fp4_t c, fp4_t a, int i, int j); +void fp4_mul_frb(fp4_t c, const fp4_t a, int i, int j); /** * Multiples a dense quartic extension field element by a sparse element. @@ -2086,7 +2086,7 @@ void fp4_mul_frb(fp4_t c, fp4_t a, int i, int j); * @param[in] a - a quartic extension field element. * @param[in] b - a sparse quartic extension field element. */ -void fp4_mul_dxs(fp4_t c, fp4_t a, fp4_t b); +void fp4_mul_dxs(fp4_t c, const fp4_t a, const fp4_t b); /** * Computes the square of a quartic extension field element without performing @@ -2095,7 +2095,7 @@ void fp4_mul_dxs(fp4_t c, fp4_t a, fp4_t b); * @param[out] c - the result. * @param[in] a - the quartic extension field element to square. */ -void fp4_sqr_unr(dv4_t c, fp4_t a); +void fp4_sqr_unr(dv4_t c, const fp4_t a); /** * Computes the squares of a quartic extension field element using basic @@ -2104,7 +2104,7 @@ void fp4_sqr_unr(dv4_t c, fp4_t a); * @param[out] c - the result. * @param[in] a - the quartic extension field element to square. */ -void fp4_sqr_basic(fp4_t c, fp4_t a); +void fp4_sqr_basic(fp4_t c, const fp4_t a); /** * Computes the square of a quartic extension field element using lazy reduction. @@ -2112,7 +2112,7 @@ void fp4_sqr_basic(fp4_t c, fp4_t a); * @param[out] c - the result. * @param[in] a - the quartic extension field element to square. */ -void fp4_sqr_lazyr(fp4_t c, fp4_t a); +void fp4_sqr_lazyr(fp4_t c, const fp4_t a); /** * Inverts a quartic extension field element. Computes c = 1/a. @@ -2120,7 +2120,7 @@ void fp4_sqr_lazyr(fp4_t c, fp4_t a); * @param[out] c - the result. * @param[in] a - the quartic extension field element to invert. */ -void fp4_inv(fp4_t c, fp4_t a); +void fp4_inv(fp4_t c, const fp4_t a); /** * Inverts multiple quartic extension field elements simultaneously. @@ -2129,7 +2129,7 @@ void fp4_inv(fp4_t c, fp4_t a); * @param[in] a - the quartic extension field elements to invert. * @param[in] n - the number of elements. */ -void fp4_inv_sim(fp4_t *c, fp4_t *a, int n); +void fp4_inv_sim(fp4_t *c, const fp4_t *a, int n); /** * Computes the inverse of a cyclotomic quartic extension field element. @@ -2140,7 +2140,7 @@ void fp4_inv_sim(fp4_t *c, fp4_t *a, int n); * @param[out] c - the result. * @param[in] a - the quartic extension field element to invert. */ -void fp4_inv_cyc(fp4_t c, fp4_t a); +void fp4_inv_cyc(fp4_t c, const fp4_t a); /** * Computes a power of a quartic extension field element. Computes c = a^b. @@ -2149,7 +2149,7 @@ void fp4_inv_cyc(fp4_t c, fp4_t a); * @param[in] a - the quartic extension element to exponentiate. * @param[in] b - the exponent. */ -void fp4_exp(fp4_t c, fp4_t a, bn_t b); +void fp4_exp(fp4_t c, const fp4_t a, const bn_t b); /** * Computes a power of the Frobenius endomorphism of a quartic extension field @@ -2159,7 +2159,7 @@ void fp4_exp(fp4_t c, fp4_t a, bn_t b); * @param[in] a - a quartic extension field element. * @param[in] i - the power of the Frobenius map. */ -void fp4_frb(fp4_t c, fp4_t a, int i); +void fp4_frb(fp4_t c, const fp4_t a, int i); /** * Extracts the square root of a quartic extension field element. Computes @@ -2169,7 +2169,7 @@ void fp4_frb(fp4_t c, fp4_t a, int i); * @param[in] a - the extension field element. * @return - 1 if there is a square root, 0 otherwise. */ -int fp4_srt(fp4_t c, fp4_t a); +int fp4_srt(fp4_t c, const fp4_t a); /** * Copies the second argument to the first argument. @@ -2177,7 +2177,7 @@ int fp4_srt(fp4_t c, fp4_t a); * @param[out] c - the result. * @param[in] a - the sextic extension field element to copy. */ -void fp6_copy(fp6_t c, fp6_t a); +void fp6_copy(fp6_t c, const fp6_t a); /** * Assigns zero to a sextic extension field element. @@ -2192,7 +2192,7 @@ void fp6_zero(fp6_t a); * @param[in] a - the sextic extension field element to test. * @return 1 if the argument is zero, 0 otherwise. */ -int fp6_is_zero(fp6_t a); +int fp6_is_zero(const fp6_t a); /** * Assigns a random value to a sextic extension field element. @@ -2206,7 +2206,7 @@ void fp6_rand(fp6_t a); * * @param[in] a - the sextic extension field element to print. */ -void fp6_print(fp6_t a); +void fp6_print(const fp6_t a); /** * Returns the number of bytes necessary to store a quadratic extension field @@ -2237,7 +2237,7 @@ void fp6_read_bin(fp6_t a, const uint8_t *bin, int len); * @param[in] a - the extension field element to write. * @throw ERR_NO_BUFFER - if the buffer capacity is not correct. */ -void fp6_write_bin(uint8_t *bin, int len, fp6_t a); +void fp6_write_bin(uint8_t *bin, int len, const fp6_t a); /** * Returns the result of a comparison between two sextic extension field @@ -2247,7 +2247,7 @@ void fp6_write_bin(uint8_t *bin, int len, fp6_t a); * @param[in] b - the second sextic extension field element. * @return RLC_EQ if a == b, and RLC_NE otherwise. */ -int fp6_cmp(fp6_t a, fp6_t b); +int fp6_cmp(const fp6_t a, const fp6_t b); /** * Returns the result of a signed comparison between a sextic extension field @@ -2257,7 +2257,7 @@ int fp6_cmp(fp6_t a, fp6_t b); * @param[in] b - the digit. * @return RLC_EQ if a == b, and RLC_NE otherwise. */ -int fp6_cmp_dig(fp6_t a, dig_t b); +int fp6_cmp_dig(const fp6_t a, const dig_t b); /** * Assigns a sextic extension field element to a digit. @@ -2265,7 +2265,7 @@ int fp6_cmp_dig(fp6_t a, dig_t b); * @param[in] a - the sextic extension field element. * @param[in] b - the digit. */ -void fp6_set_dig(fp6_t a, dig_t b); +void fp6_set_dig(fp6_t a, const dig_t b); /** * Adds two sextic extension field elements. Computes c = a + b. @@ -2274,7 +2274,7 @@ void fp6_set_dig(fp6_t a, dig_t b); * @param[in] a - the first sextic extension field element. * @param[in] b - the second sextic extension field element. */ -void fp6_add(fp6_t c, fp6_t a, fp6_t b); +void fp6_add(fp6_t c, const fp6_t a, const fp6_t b); /** * Subtracts a sextic extension field element from another. Computes @@ -2284,7 +2284,7 @@ void fp6_add(fp6_t c, fp6_t a, fp6_t b); * @param[in] a - the sextic extension field element. * @param[in] b - the sextic extension field element. */ -void fp6_sub(fp6_t c, fp6_t a, fp6_t b); +void fp6_sub(fp6_t c, const fp6_t a, const fp6_t b); /** * Negates a sextic extension field element. Computes c = -a. @@ -2292,7 +2292,7 @@ void fp6_sub(fp6_t c, fp6_t a, fp6_t b); * @param[out] c - the result. * @param[out] a - the sextic extension field element to negate. */ -void fp6_neg(fp6_t c, fp6_t a); +void fp6_neg(fp6_t c, const fp6_t a); /** * Doubles a sextic extension field element. Computes c = 2 * a. @@ -2300,7 +2300,7 @@ void fp6_neg(fp6_t c, fp6_t a); * @param[out] c - the result. * @param[in] a - the sextic extension field element to double. */ -void fp6_dbl(fp6_t c, fp6_t a); +void fp6_dbl(fp6_t c, const fp6_t a); /** * Multiples two sextic extension field elements without performing modular @@ -2310,7 +2310,7 @@ void fp6_dbl(fp6_t c, fp6_t a); * @param[in] a - the sextic extension field element. * @param[in] b - the sextic extension field element. */ -void fp6_mul_unr(dv6_t c, fp6_t a, fp6_t b); +void fp6_mul_unr(dv6_t c, const fp6_t a, const fp6_t b); /** * Multiples two sextic extension field elements. @@ -2319,7 +2319,7 @@ void fp6_mul_unr(dv6_t c, fp6_t a, fp6_t b); * @param[in] a - the sextic extension field element. * @param[in] b - the sextic extension field element. */ -void fp6_mul_basic(fp6_t c, fp6_t a, fp6_t b); +void fp6_mul_basic(fp6_t c, const fp6_t a, const fp6_t b); /** * Multiples two sextic extension field elements using lazy reduction. @@ -2328,7 +2328,7 @@ void fp6_mul_basic(fp6_t c, fp6_t a, fp6_t b); * @param[in] a - the sextic extension field element. * @param[in] b - the sextic extension field element. */ -void fp6_mul_lazyr(fp6_t c, fp6_t a, fp6_t b); +void fp6_mul_lazyr(fp6_t c, const fp6_t a, const fp6_t b); /** * Multiplies a sextic extension field element by the adjoined root. @@ -2336,7 +2336,7 @@ void fp6_mul_lazyr(fp6_t c, fp6_t a, fp6_t b); * @param[out] c - the result. * @param[in] a - the sextic extension field element to multiply. */ -void fp6_mul_art(fp6_t c, fp6_t a); +void fp6_mul_art(fp6_t c, const fp6_t a); /** * Multiples a dense sextic extension field element by a sparse element. @@ -2345,7 +2345,7 @@ void fp6_mul_art(fp6_t c, fp6_t a); * @param[in] a - a sextic extension field element. * @param[in] b - a sparse sextic extension field element. */ -void fp6_mul_dxs(fp6_t c, fp6_t a, fp6_t b); +void fp6_mul_dxs(fp6_t c, const fp6_t a, const fp6_t b); /** * Computes the square of a sextic extension field element without performing @@ -2354,7 +2354,7 @@ void fp6_mul_dxs(fp6_t c, fp6_t a, fp6_t b); * @param[out] c - the result. * @param[in] a - the sextic extension field element to square. */ -void fp6_sqr_unr(dv6_t c, fp6_t a); +void fp6_sqr_unr(dv6_t c, const fp6_t a); /** * Computes the squares of a sextic extension field element using basic @@ -2363,7 +2363,7 @@ void fp6_sqr_unr(dv6_t c, fp6_t a); * @param[out] c - the result. * @param[in] a - the sextic extension field element to square. */ -void fp6_sqr_basic(fp6_t c, fp6_t a); +void fp6_sqr_basic(fp6_t c, const fp6_t a); /** * Computes the square of a sextic extension field element using lazy reduction. @@ -2371,7 +2371,7 @@ void fp6_sqr_basic(fp6_t c, fp6_t a); * @param[out] c - the result. * @param[in] a - the sextic extension field element to square. */ -void fp6_sqr_lazyr(fp6_t c, fp6_t a); +void fp6_sqr_lazyr(fp6_t c, const fp6_t a); /** * Inverts a sextic extension field element. Computes c = 1/a. @@ -2379,7 +2379,7 @@ void fp6_sqr_lazyr(fp6_t c, fp6_t a); * @param[out] c - the result. * @param[in] a - the sextic extension field element to invert. */ -void fp6_inv(fp6_t c, fp6_t a); +void fp6_inv(fp6_t c, const fp6_t a); /** * Computes a power of a sextic extension field element. Computes c = a^b. @@ -2388,7 +2388,7 @@ void fp6_inv(fp6_t c, fp6_t a); * @param[in] a - the sextic extension element to exponentiate. * @param[in] b - the exponent. */ -void fp6_exp(fp6_t c, fp6_t a, bn_t b); +void fp6_exp(fp6_t c, const fp6_t a, const bn_t b); /** * Computes a power of the Frobenius endomorphism of a sextic extension field @@ -2398,7 +2398,7 @@ void fp6_exp(fp6_t c, fp6_t a, bn_t b); * @param[in] a - a sextic extension field element. * @param[in] i - the power of the Frobenius map. */ -void fp6_frb(fp6_t c, fp6_t a, int i); +void fp6_frb(fp6_t c, const fp6_t a, int i); /** * Copies the second argument to the first argument. @@ -2406,7 +2406,7 @@ void fp6_frb(fp6_t c, fp6_t a, int i); * @param[out] c - the result. * @param[in] a - the octic extension field element to copy. */ -void fp8_copy(fp8_t c, fp8_t a); +void fp8_copy(fp8_t c, const fp8_t a); /** * Assigns zero to an octic extension field element. @@ -2421,7 +2421,7 @@ void fp8_zero(fp8_t a); * @param[in] a - the octic extension field element to test. * @return 1 if the argument is zero, 0 otherwise. */ -int fp8_is_zero(fp8_t a); +int fp8_is_zero(const fp8_t a); /** * Assigns a random value to an octic extension field element. @@ -2435,7 +2435,7 @@ void fp8_rand(fp8_t a); * * @param[in] a - the octic extension field element to print. */ -void fp8_print(fp8_t a); +void fp8_print(const fp8_t a); /** * Returns the number of bytes necessary to store an octic extension field @@ -2467,7 +2467,7 @@ void fp8_read_bin(fp8_t a, const uint8_t *bin, int len); * @param[in] a - the extension field element to write. * @throw ERR_NO_BUFFER - if the buffer capacity is not correct. */ -void fp8_write_bin(uint8_t *bin, int len, fp8_t a); +void fp8_write_bin(uint8_t *bin, int len, const fp8_t a); /** * Returns the result of a comparison between two octic extension field @@ -2477,7 +2477,7 @@ void fp8_write_bin(uint8_t *bin, int len, fp8_t a); * @param[in] b - the second octic extension field element. * @return RLC_EQ if a == b, and RLC_NE otherwise. */ -int fp8_cmp(fp8_t a, fp8_t b); +int fp8_cmp(const fp8_t a, const fp8_t b); /** * Returns the result of a signed comparison between an octic extension field @@ -2487,7 +2487,7 @@ int fp8_cmp(fp8_t a, fp8_t b); * @param[in] b - the digit. * @return RLC_EQ if a == b, and RLC_NE otherwise. */ -int fp8_cmp_dig(fp8_t a, dig_t b); +int fp8_cmp_dig(const fp8_t a, const dig_t b); /** * Assigns an octic extension field element to a digit. @@ -2495,7 +2495,7 @@ int fp8_cmp_dig(fp8_t a, dig_t b); * @param[in] a - the octic extension field element. * @param[in] b - the digit. */ -void fp8_set_dig(fp8_t a, dig_t b); +void fp8_set_dig(fp8_t a, const dig_t b); /** * Adds two octic extension field elements. Computes c = a + b. @@ -2504,7 +2504,7 @@ void fp8_set_dig(fp8_t a, dig_t b); * @param[in] a - the first octic extension field element. * @param[in] b - the second octic extension field element. */ -void fp8_add(fp8_t c, fp8_t a, fp8_t b); +void fp8_add(fp8_t c, const fp8_t a, const fp8_t b); /** * Subtracts an octic extension field element from another. Computes @@ -2514,7 +2514,7 @@ void fp8_add(fp8_t c, fp8_t a, fp8_t b); * @param[in] a - the octic extension field element. * @param[in] b - the octic extension field element. */ -void fp8_sub(fp8_t c, fp8_t a, fp8_t b); +void fp8_sub(fp8_t c, const fp8_t a, const fp8_t b); /** * Negates an octic extension field element. Computes c = -a. @@ -2522,7 +2522,7 @@ void fp8_sub(fp8_t c, fp8_t a, fp8_t b); * @param[out] c - the result. * @param[out] a - the octic extension field element to negate. */ -void fp8_neg(fp8_t c, fp8_t a); +void fp8_neg(fp8_t c, const fp8_t a); /** * Doubles an octic extension field element. Computes c = 2 * a. @@ -2530,7 +2530,7 @@ void fp8_neg(fp8_t c, fp8_t a); * @param[out] c - the result. * @param[in] a - the octic extension field element to double. */ -void fp8_dbl(fp8_t c, fp8_t a); +void fp8_dbl(fp8_t c, const fp8_t a); /** * Multiples two octic extension field elements without performing modular @@ -2540,7 +2540,7 @@ void fp8_dbl(fp8_t c, fp8_t a); * @param[in] a - the octic extension field element. * @param[in] b - the octic extension field element. */ -void fp8_mul_unr(dv8_t c, fp8_t a, fp8_t b); +void fp8_mul_unr(dv8_t c, const fp8_t a, const fp8_t b); /** * Multiples two octic extension field elements. @@ -2549,7 +2549,7 @@ void fp8_mul_unr(dv8_t c, fp8_t a, fp8_t b); * @param[in] a - the octic extension field element. * @param[in] b - the octic extension field element. */ -void fp8_mul_basic(fp8_t c, fp8_t a, fp8_t b); +void fp8_mul_basic(fp8_t c, const fp8_t a, const fp8_t b); /** * Multiples two octic extension field elements using lazy reduction. @@ -2558,7 +2558,7 @@ void fp8_mul_basic(fp8_t c, fp8_t a, fp8_t b); * @param[in] a - the octic extension field element. * @param[in] b - the octic extension field element. */ -void fp8_mul_lazyr(fp8_t c, fp8_t a, fp8_t b); +void fp8_mul_lazyr(fp8_t c, const fp8_t a, const fp8_t b); /** * Multiplies an octic extension field element by the adjoined root. @@ -2566,7 +2566,7 @@ void fp8_mul_lazyr(fp8_t c, fp8_t a, fp8_t b); * @param[out] c - the result. * @param[in] a - the octic extension field element to multiply. */ -void fp8_mul_art(fp8_t c, fp8_t a); +void fp8_mul_art(fp8_t c, const fp8_t a); /** * Multiples a dense octic extension field element by a sparse element. @@ -2575,7 +2575,7 @@ void fp8_mul_art(fp8_t c, fp8_t a); * @param[in] a - an octic extension field element. * @param[in] b - a sparse octic extension field element. */ -void fp8_mul_dxs(fp8_t c, fp8_t a, fp8_t b); +void fp8_mul_dxs(fp8_t c, const fp8_t a, const fp8_t b); /** * Computes the square of an octic extension field element without performing @@ -2584,7 +2584,7 @@ void fp8_mul_dxs(fp8_t c, fp8_t a, fp8_t b); * @param[out] c - the result. * @param[in] a - the octic extension field element to square. */ -void fp8_sqr_unr(dv8_t c, fp8_t a); +void fp8_sqr_unr(dv8_t c, const fp8_t a); /** * Computes the squares of an octic extension field element using basic @@ -2593,7 +2593,7 @@ void fp8_sqr_unr(dv8_t c, fp8_t a); * @param[out] c - the result. * @param[in] a - the octic extension field element to square. */ -void fp8_sqr_basic(fp8_t c, fp8_t a); +void fp8_sqr_basic(fp8_t c, const fp8_t a); /** * Computes the square of an octic extension field element using lazy reduction. @@ -2601,7 +2601,7 @@ void fp8_sqr_basic(fp8_t c, fp8_t a); * @param[out] c - the result. * @param[in] a - the octic extension field element to square. */ -void fp8_sqr_lazyr(fp8_t c, fp8_t a); +void fp8_sqr_lazyr(fp8_t c, const fp8_t a); /** * Computes the square of a cyclotomic octic extension field element. @@ -2609,7 +2609,7 @@ void fp8_sqr_lazyr(fp8_t c, fp8_t a); * @param[out] c - the result. * @param[in] a - the cyclotomic extension element to square. */ -void fp8_sqr_cyc(fp8_t c, fp8_t a); +void fp8_sqr_cyc(fp8_t c, const fp8_t a); /** * Inverts an octic extension field element. Computes c = 1/a. @@ -2617,7 +2617,7 @@ void fp8_sqr_cyc(fp8_t c, fp8_t a); * @param[out] c - the result. * @param[in] a - the octic extension field element to invert. */ -void fp8_inv(fp8_t c, fp8_t a); +void fp8_inv(fp8_t c, const fp8_t a); /** * Computes the inverse of a cyclotomic octic extension field element. @@ -2628,7 +2628,7 @@ void fp8_inv(fp8_t c, fp8_t a); * @param[out] c - the result. * @param[in] a - the octic extension field element to invert. */ -void fp8_inv_cyc(fp8_t c, fp8_t a); +void fp8_inv_cyc(fp8_t c, const fp8_t a); /** * Inverts multiple octic extension field elements simultaneously. @@ -2637,7 +2637,7 @@ void fp8_inv_cyc(fp8_t c, fp8_t a); * @param[in] a - the octic extension field elements to invert. * @param[in] n - the number of elements. */ -void fp8_inv_sim(fp8_t *c, fp8_t *a, int n); +void fp8_inv_sim(fp8_t *c, const fp8_t *a, int n); /** * Tests if an octic extension field element is cyclotomic. @@ -2645,7 +2645,7 @@ void fp8_inv_sim(fp8_t *c, fp8_t *a, int n); * @param[in] a - the octic extension field element to test. * @return 1 if the extension field element is cyclotomic, 0 otherwise. */ -int fp8_test_cyc(fp8_t a); +int fp8_test_cyc(const fp8_t a); /** * Converts an octic extension field element to a cyclotomic element. Computes @@ -2654,7 +2654,7 @@ int fp8_test_cyc(fp8_t a); * @param[out] c - the result. * @param[in] a - the octic extension field element. */ -void fp8_conv_cyc(fp8_t c, fp8_t a); +void fp8_conv_cyc(fp8_t c, const fp8_t a); /** * Computes a power of an octic extension field element. Computes c = a^b. @@ -2663,7 +2663,7 @@ void fp8_conv_cyc(fp8_t c, fp8_t a); * @param[in] a - the octic extension element to exponentiate. * @param[in] b - the exponent. */ -void fp8_exp(fp8_t c, fp8_t a, bn_t b); +void fp8_exp(fp8_t c, const fp8_t a, const bn_t b); /** * Computes a power of a cyclotomic octic extension field element. @@ -2672,7 +2672,7 @@ void fp8_exp(fp8_t c, fp8_t a, bn_t b); * @param[in] a - the basis. * @param[in] b - the exponent. */ -void fp8_exp_cyc(fp8_t c, fp8_t a, bn_t b); +void fp8_exp_cyc(fp8_t c, const fp8_t a, const bn_t b); /** * Computes a power of the Frobenius endomorphism of an octic extension field @@ -2682,7 +2682,7 @@ void fp8_exp_cyc(fp8_t c, fp8_t a, bn_t b); * @param[in] a - an octic extension field element. * @param[in] i - the power of the Frobenius map. */ -void fp8_frb(fp8_t c, fp8_t a, int i); +void fp8_frb(fp8_t c, const fp8_t a, int i); /** * Copies the second argument to the first argument. @@ -2690,7 +2690,7 @@ void fp8_frb(fp8_t c, fp8_t a, int i); * @param[out] c - the result. * @param[in] a - the nonic extension field element to copy. */ -void fp9_copy(fp9_t c, fp9_t a); +void fp9_copy(fp9_t c, const fp9_t a); /** * Assigns zero to a nonic extension field element. @@ -2705,7 +2705,7 @@ void fp9_zero(fp9_t a); * @param[in] a - the nonic extension field element to test. * @return 1 if the argument is zero, 0 otherwise. */ -int fp9_is_zero(fp9_t a); +int fp9_is_zero(const fp9_t a); /** * Assigns a random value to a nonic extension field element. @@ -2719,7 +2719,7 @@ void fp9_rand(fp9_t a); * * @param[in] a - the nonic extension field element to print. */ -void fp9_print(fp9_t a); +void fp9_print(const fp9_t a); /** * Returns the number of bytes necessary to store a quadratic extension field @@ -2750,7 +2750,7 @@ void fp9_read_bin(fp9_t a, const uint8_t *bin, int len); * @param[in] a - the extension field element to write. * @throw ERR_NO_BUFFER - if the buffer capacity is not correct. */ -void fp9_write_bin(uint8_t *bin, int len, fp9_t a); +void fp9_write_bin(uint8_t *bin, int len, const fp9_t a); /** * Returns the result of a comparison between two nonic extension field @@ -2760,7 +2760,7 @@ void fp9_write_bin(uint8_t *bin, int len, fp9_t a); * @param[in] b - the second nonic extension field element. * @return RLC_EQ if a == b, and RLC_NE otherwise. */ -int fp9_cmp(fp9_t a, fp9_t b); +int fp9_cmp(const fp9_t a, const fp9_t b); /** * Returns the result of a signed comparison between a nonic extension field @@ -2770,7 +2770,7 @@ int fp9_cmp(fp9_t a, fp9_t b); * @param[in] b - the digit. * @return RLC_EQ if a == b, and RLC_NE otherwise. */ -int fp9_cmp_dig(fp9_t a, dig_t b); +int fp9_cmp_dig(const fp9_t a, const dig_t b); /** * Assigns a nonic extension field element to a digit. @@ -2778,7 +2778,7 @@ int fp9_cmp_dig(fp9_t a, dig_t b); * @param[in] a - the nonic extension field element. * @param[in] b - the digit. */ -void fp9_set_dig(fp9_t a, dig_t b); +void fp9_set_dig(fp9_t a, const dig_t b); /** * Adds two nonic extension field elements. Computes c = a + b. @@ -2787,7 +2787,7 @@ void fp9_set_dig(fp9_t a, dig_t b); * @param[in] a - the first nonic extension field element. * @param[in] b - the second nonic extension field element. */ -void fp9_add(fp9_t c, fp9_t a, fp9_t b); +void fp9_add(fp9_t c, const fp9_t a, const fp9_t b); /** * Subtracts a nonic extension field element from another. Computes @@ -2797,7 +2797,7 @@ void fp9_add(fp9_t c, fp9_t a, fp9_t b); * @param[in] a - the nonic extension field element. * @param[in] b - the nonic extension field element. */ -void fp9_sub(fp9_t c, fp9_t a, fp9_t b); +void fp9_sub(fp9_t c, const fp9_t a, const fp9_t b); /** * Negates a nonic extension field element. Computes c = -a. @@ -2805,7 +2805,7 @@ void fp9_sub(fp9_t c, fp9_t a, fp9_t b); * @param[out] c - the result. * @param[out] a - the nonic extension field element to negate. */ -void fp9_neg(fp9_t c, fp9_t a); +void fp9_neg(fp9_t c, const fp9_t a); /** * Doubles a nonic extension field element. Computes c = 2 * a. @@ -2813,7 +2813,7 @@ void fp9_neg(fp9_t c, fp9_t a); * @param[out] c - the result. * @param[in] a - the nonic extension field element to double. */ -void fp9_dbl(fp9_t c, fp9_t a); +void fp9_dbl(fp9_t c, const fp9_t a); /** * Multiples two nonic extension field elements without performing modular @@ -2823,7 +2823,7 @@ void fp9_dbl(fp9_t c, fp9_t a); * @param[in] a - the nonic extension field element. * @param[in] b - the nonic extension field element. */ -void fp9_mul_unr(dv9_t c, fp9_t a, fp9_t b); +void fp9_mul_unr(dv9_t c, const fp9_t a, const fp9_t b); /** * Multiples two nonic extension field elements. @@ -2832,7 +2832,7 @@ void fp9_mul_unr(dv9_t c, fp9_t a, fp9_t b); * @param[in] a - the nonic extension field element. * @param[in] b - the nonic extension field element. */ -void fp9_mul_basic(fp9_t c, fp9_t a, fp9_t b); +void fp9_mul_basic(fp9_t c, const fp9_t a, const fp9_t b); /** * Multiples two nonic extension field elements using lazy reduction. @@ -2841,7 +2841,7 @@ void fp9_mul_basic(fp9_t c, fp9_t a, fp9_t b); * @param[in] a - the nonic extension field element. * @param[in] b - the nonic extension field element. */ -void fp9_mul_lazyr(fp9_t c, fp9_t a, fp9_t b); +void fp9_mul_lazyr(fp9_t c, const fp9_t a, const fp9_t b); /** * Multiplies a nonic extension field element by the adjoined root. @@ -2849,7 +2849,7 @@ void fp9_mul_lazyr(fp9_t c, fp9_t a, fp9_t b); * @param[out] c - the result. * @param[in] a - the nonic extension field element to multiply. */ -void fp9_mul_art(fp9_t c, fp9_t a); +void fp9_mul_art(fp9_t c, const fp9_t a); /** * Multiples a dense nonic extension field element by a sparse element. @@ -2858,7 +2858,7 @@ void fp9_mul_art(fp9_t c, fp9_t a); * @param[in] a - a nonic extension field element. * @param[in] b - a sparse nonic extension field element. */ -void fp9_mul_dxs(fp9_t c, fp9_t a, fp9_t b); +void fp9_mul_dxs(fp9_t c, const fp9_t a, const fp9_t b); /** * Computes the square of a nonic extension field element without performing @@ -2867,7 +2867,7 @@ void fp9_mul_dxs(fp9_t c, fp9_t a, fp9_t b); * @param[out] c - the result. * @param[in] a - the nonic extension field element to square. */ -void fp9_sqr_unr(dv9_t c, fp9_t a); +void fp9_sqr_unr(dv9_t c, const fp9_t a); /** * Computes the squares of a nonic extension field element using basic @@ -2876,7 +2876,7 @@ void fp9_sqr_unr(dv9_t c, fp9_t a); * @param[out] c - the result. * @param[in] a - the nonic extension field element to square. */ -void fp9_sqr_basic(fp9_t c, fp9_t a); +void fp9_sqr_basic(fp9_t c, const fp9_t a); /** * Computes the square of a nonic extension field element using lazy reduction. @@ -2884,7 +2884,7 @@ void fp9_sqr_basic(fp9_t c, fp9_t a); * @param[out] c - the result. * @param[in] a - the nonic extension field element to square. */ -void fp9_sqr_lazyr(fp9_t c, fp9_t a); +void fp9_sqr_lazyr(fp9_t c, const fp9_t a); /** * Inverts a nonic extension field element. Computes c = 1/a. @@ -2892,7 +2892,7 @@ void fp9_sqr_lazyr(fp9_t c, fp9_t a); * @param[out] c - the result. * @param[in] a - the nonic extension field element to invert. */ -void fp9_inv(fp9_t c, fp9_t a); +void fp9_inv(fp9_t c, const fp9_t a); /** * Inverts multiple noinc extension field elements simultaneously. @@ -2901,7 +2901,7 @@ void fp9_inv(fp9_t c, fp9_t a); * @param[in] a - the nonic extension field elements to invert. * @param[in] n - the number of elements. */ -void fp9_inv_sim(fp9_t *c, fp9_t *a, int n); +void fp9_inv_sim(fp9_t *c, const fp9_t *a, int n); /** * Computes a power of a nonic extension field element. Computes c = a^b. @@ -2910,7 +2910,7 @@ void fp9_inv_sim(fp9_t *c, fp9_t *a, int n); * @param[in] a - the nonic extension element to exponentiate. * @param[in] b - the exponent. */ -void fp9_exp(fp9_t c, fp9_t a, bn_t b); +void fp9_exp(fp9_t c, const fp9_t a, const bn_t b); /** * Computes a power of the Frobenius endomorphism of a nonic extension field @@ -2920,7 +2920,7 @@ void fp9_exp(fp9_t c, fp9_t a, bn_t b); * @param[in] a - a nonic extension field element. * @param[in] i - the power of the Frobenius map. */ -void fp9_frb(fp9_t c, fp9_t a, int i); +void fp9_frb(fp9_t c, const fp9_t a, int i); /** * Copies the second argument to the first argument. @@ -2928,7 +2928,7 @@ void fp9_frb(fp9_t c, fp9_t a, int i); * @param[out] c - the result. * @param[in] a - the dodecic extension field element to copy. */ -void fp12_copy(fp12_t c, fp12_t a); +void fp12_copy(fp12_t c, const fp12_t a); /** * Assigns zero to a dodecic extension field element. @@ -2943,7 +2943,7 @@ void fp12_zero(fp12_t a); * @param[in] a - the dodecic extension field element to test. * @return 1 if the argument is zero, 0 otherwise. */ -int fp12_is_zero(fp12_t a); +int fp12_is_zero(const fp12_t a); /** * Assigns a random value to a dodecic extension field element. @@ -2957,7 +2957,7 @@ void fp12_rand(fp12_t a); * * @param[in] a - the dodecic extension field element to print. */ -void fp12_print(fp12_t a); +void fp12_print(const fp12_t a); /** * Returns the number of bytes necessary to store a dodecic extension field @@ -2990,7 +2990,7 @@ void fp12_read_bin(fp12_t a, const uint8_t *bin, int len); * @param[in] pack - the flag to indicate compression. * @throw ERR_NO_BUFFER - if the buffer capacity is not correct. */ -void fp12_write_bin(uint8_t *bin, int len, fp12_t a, int pack); +void fp12_write_bin(uint8_t *bin, int len, const fp12_t a, int pack); /** * Returns the result of a comparison between two dodecic extension field @@ -3000,7 +3000,7 @@ void fp12_write_bin(uint8_t *bin, int len, fp12_t a, int pack); * @param[in] b - the second dodecic extension field element. * @return RLC_EQ if a == b, and RLC_NE otherwise. */ -int fp12_cmp(fp12_t a, fp12_t b); +int fp12_cmp(const fp12_t a, const fp12_t b); /** * Returns the result of a signed comparison between a dodecic extension field @@ -3010,7 +3010,7 @@ int fp12_cmp(fp12_t a, fp12_t b); * @param[in] b - the digit. * @return RLC_EQ if a == b, and RLC_NE otherwise. */ -int fp12_cmp_dig(fp12_t a, dig_t b); +int fp12_cmp_dig(const fp12_t a, const dig_t b); /** * Assigns a dodecic extension field element to a digit. @@ -3018,7 +3018,7 @@ int fp12_cmp_dig(fp12_t a, dig_t b); * @param[in] a - the dodecic extension field element. * @param[in] b - the digit. */ -void fp12_set_dig(fp12_t a, dig_t b); +void fp12_set_dig(fp12_t a, const dig_t b); /** * Adds two dodecic extension field elements. Computes c = a + b. @@ -3027,7 +3027,7 @@ void fp12_set_dig(fp12_t a, dig_t b); * @param[in] a - the first dodecic extension field element. * @param[in] b - the second dodecic extension field element. */ -void fp12_add(fp12_t c, fp12_t a, fp12_t b); +void fp12_add(fp12_t c, const fp12_t a, const fp12_t b); /** * Subtracts a dodecic extension field element from another. Computes @@ -3037,7 +3037,7 @@ void fp12_add(fp12_t c, fp12_t a, fp12_t b); * @param[in] a - the first dodecic extension field element. * @param[in] b - the second dodecic extension field element. */ -void fp12_sub(fp12_t c, fp12_t a, fp12_t b); +void fp12_sub(fp12_t c, const fp12_t a, const fp12_t b); /** * Negates a dodecic extension field element. @@ -3045,7 +3045,7 @@ void fp12_sub(fp12_t c, fp12_t a, fp12_t b); * @param[out] c - the result. * @param[out] a - the dodecic extension field element to negate. */ -void fp12_neg(fp12_t c, fp12_t a); +void fp12_neg(fp12_t c, const fp12_t a); /** * Doubles a dodecic extension field element. Computes c = 2 * a. @@ -3053,7 +3053,7 @@ void fp12_neg(fp12_t c, fp12_t a); * @param[out] c - the result. * @param[in] a - the dodecic extension field element to double. */ -void fp12_dbl(fp12_t c, fp12_t a); +void fp12_dbl(fp12_t c, const fp12_t a); /** * Multiples two dodecic extension field elements without performing modular @@ -3063,7 +3063,7 @@ void fp12_dbl(fp12_t c, fp12_t a); * @param[in] a - the dodecic extension field element. * @param[in] b - the dodecic extension field element. */ -void fp12_mul_unr(dv12_t c, fp12_t a, fp12_t b); +void fp12_mul_unr(dv12_t c, const fp12_t a, const fp12_t b); /** * Multiples two dodecic extension field elements using basic arithmetic. @@ -3072,7 +3072,7 @@ void fp12_mul_unr(dv12_t c, fp12_t a, fp12_t b); * @param[in] a - the dodecic extension field element. * @param[in] b - the dodecic extension field element. */ -void fp12_mul_basic(fp12_t c, fp12_t a, fp12_t b); +void fp12_mul_basic(fp12_t c, const fp12_t a, const fp12_t b); /** * Multiples two dodecic extension field elements using lazy reduction. @@ -3081,7 +3081,7 @@ void fp12_mul_basic(fp12_t c, fp12_t a, fp12_t b); * @param[in] a - the dodecic extension field element. * @param[in] b - the dodecic extension field element. */ -void fp12_mul_lazyr(fp12_t c, fp12_t a, fp12_t b); +void fp12_mul_lazyr(fp12_t c, const fp12_t a, const fp12_t b); /** * Multiplies a dodecic extension field element by the adjoined root. @@ -3089,7 +3089,7 @@ void fp12_mul_lazyr(fp12_t c, fp12_t a, fp12_t b); * @param[out] c - the result. * @param[in] a - the dodecic extension field element to multiply. */ -void fp12_mul_art(fp12_t c, fp12_t a); +void fp12_mul_art(fp12_t c, const fp12_t a); /** * Multiples a dense dodecic extension field element by a sparse element using @@ -3099,7 +3099,7 @@ void fp12_mul_art(fp12_t c, fp12_t a); * @param[in] a - the dense dodecic extension field element. * @param[in] b - the sparse dodecic extension field element. */ -void fp12_mul_dxs_basic(fp12_t c, fp12_t a, fp12_t b); +void fp12_mul_dxs_basic(fp12_t c, const fp12_t a, const fp12_t b); /** * Multiples a dense dodecic extension field element by a sparse element using @@ -3109,7 +3109,7 @@ void fp12_mul_dxs_basic(fp12_t c, fp12_t a, fp12_t b); * @param[in] a - the dense dodecic extension field element. * @param[in] b - the sparse dodecic extension field element. */ -void fp12_mul_dxs_lazyr(fp12_t c, fp12_t a, fp12_t b); +void fp12_mul_dxs_lazyr(fp12_t c, const fp12_t a, const fp12_t b); /** * Computes the square of a dodecic extension field element without performing @@ -3118,7 +3118,7 @@ void fp12_mul_dxs_lazyr(fp12_t c, fp12_t a, fp12_t b); * @param[out] c - the result. * @param[in] a - the dodecic extension field element to square. */ -void fp12_sqr_unr(dv12_t c, fp12_t a); +void fp12_sqr_unr(dv12_t c, const fp12_t a); /** * Computes the square of a dodecic extension field element using basic @@ -3127,7 +3127,7 @@ void fp12_sqr_unr(dv12_t c, fp12_t a); * @param[out] c - the result. * @param[in] a - the dodecic extension field element to square. */ -void fp12_sqr_basic(fp12_t c, fp12_t a); +void fp12_sqr_basic(fp12_t c, const fp12_t a); /** * Computes the square of a dodecic extension field element using lazy @@ -3136,7 +3136,7 @@ void fp12_sqr_basic(fp12_t c, fp12_t a); * @param[out] c - the result. * @param[in] a - the dodecic extension field element to square. */ -void fp12_sqr_lazyr(fp12_t c, fp12_t a); +void fp12_sqr_lazyr(fp12_t c, const fp12_t a); /** * Computes the square of a cyclotomic dodecic extension field element using @@ -3147,7 +3147,7 @@ void fp12_sqr_lazyr(fp12_t c, fp12_t a); * @param[out] c - the result. * @param[in] a - the cyclotomic extension element to square. */ -void fp12_sqr_cyc_basic(fp12_t c, fp12_t a); +void fp12_sqr_cyc_basic(fp12_t c, const fp12_t a); /** * Computes the square of a cyclotomic dodecic extension field element using @@ -3158,7 +3158,7 @@ void fp12_sqr_cyc_basic(fp12_t c, fp12_t a); * @param[out] c - the result. * @param[in] a - the cyclotomic extension element to square. */ -void fp12_sqr_cyc_lazyr(fp12_t c, fp12_t a); +void fp12_sqr_cyc_lazyr(fp12_t c, const fp12_t a); /** * Computes the square of a compressed cyclotomic extension field element. @@ -3168,7 +3168,7 @@ void fp12_sqr_cyc_lazyr(fp12_t c, fp12_t a); * @param[out] c - the result. * @param[in] a - the cyclotomic extension element to square. */ -void fp12_sqr_pck_basic(fp12_t c, fp12_t a); +void fp12_sqr_pck_basic(fp12_t c, const fp12_t a); /** * Computes the square of a compressed cyclotomic extension field element using @@ -3179,7 +3179,7 @@ void fp12_sqr_pck_basic(fp12_t c, fp12_t a); * @param[out] c - the result. * @param[in] a - the cyclotomic extension element to square. */ -void fp12_sqr_pck_lazyr(fp12_t c, fp12_t a); +void fp12_sqr_pck_lazyr(fp12_t c, const fp12_t a); /** * Tests if a dodecic extension field element belongs to the cyclotomic @@ -3188,7 +3188,7 @@ void fp12_sqr_pck_lazyr(fp12_t c, fp12_t a); * @param[in] a - the dodecic extension field element to test. * @return 1 if the extension field element is in the subgroup, 0 otherwise. */ -int fp12_test_cyc(fp12_t a); +int fp12_test_cyc(const fp12_t a); /** * Converts a dodecic extension field element to a cyclotomic element. @@ -3197,7 +3197,7 @@ int fp12_test_cyc(fp12_t a); * @param[out] c - the result. * @param[in] a - a dodecic extension field element. */ -void fp12_conv_cyc(fp12_t c, fp12_t a); +void fp12_conv_cyc(fp12_t c, const fp12_t a); /** * Decompresses a compressed cyclotomic extension field element. @@ -3205,7 +3205,7 @@ void fp12_conv_cyc(fp12_t c, fp12_t a); * @param[out] c - the result. * @param[in] a - the dodecic extension field element to decompress. */ -void fp12_back_cyc(fp12_t c, fp12_t a); +void fp12_back_cyc(fp12_t c, const fp12_t a); /** * Decompresses multiple compressed cyclotomic extension field elements. @@ -3214,7 +3214,7 @@ void fp12_back_cyc(fp12_t c, fp12_t a); * @param[in] a - the dodecic field elements to decompress. * @param[in] n - the number of field elements to decompress. */ -void fp12_back_cyc_sim(fp12_t *c, fp12_t *a, int n); +void fp12_back_cyc_sim(fp12_t *c, const fp12_t *a, int n); /** * Inverts a dodecic extension field element. Computes c = 1/a. @@ -3222,7 +3222,7 @@ void fp12_back_cyc_sim(fp12_t *c, fp12_t *a, int n); * @param[out] c - the result. * @param[in] a - the dodecic extension field element to invert. */ -void fp12_inv(fp12_t c, fp12_t a); +void fp12_inv(fp12_t c, const fp12_t a); /** * Computes the inverse of a cyclotomic dodecic extension field element. @@ -3232,7 +3232,7 @@ void fp12_inv(fp12_t c, fp12_t a); * @param[out] c - the result. * @param[in] a - the dodecic extension field element to invert. */ -void fp12_inv_cyc(fp12_t c, fp12_t a); +void fp12_inv_cyc(fp12_t c, const fp12_t a); /** * Computes the Frobenius endomorphism of a dodecic extension element. @@ -3242,7 +3242,7 @@ void fp12_inv_cyc(fp12_t c, fp12_t a); * @param[in] a - a dodecic extension field element. * @param[in] i - the power of the Frobenius map. */ -void fp12_frb(fp12_t c, fp12_t a, int i); +void fp12_frb(fp12_t c, const fp12_t a, int i); /** * Computes a power of a dodecic extension field element. @@ -3252,7 +3252,7 @@ void fp12_frb(fp12_t c, fp12_t a, int i); * @param[in] a - the basis. * @param[in] b - the exponent. */ -void fp12_exp(fp12_t c, fp12_t a, bn_t b); +void fp12_exp(fp12_t c, const fp12_t a, const bn_t b); /** * Computes a power of a dodecic extension field element by a small exponent. @@ -3262,7 +3262,7 @@ void fp12_exp(fp12_t c, fp12_t a, bn_t b); * @param[in] a - the basis. * @param[in] b - the exponent. */ -void fp12_exp_dig(fp12_t c, fp12_t a, dig_t b); +void fp12_exp_dig(fp12_t c, const fp12_t a, dig_t b); /** * Computes a power of a cyclotomic dodecic extension field element. @@ -3271,7 +3271,7 @@ void fp12_exp_dig(fp12_t c, fp12_t a, dig_t b); * @param[in] a - the basis. * @param[in] b - the exponent. */ -void fp12_exp_cyc(fp12_t c, fp12_t a, bn_t b); +void fp12_exp_cyc(fp12_t c, const fp12_t a, const bn_t b); /** * Computes a power of a cyclotomic quadratic extension field element. @@ -3282,7 +3282,7 @@ void fp12_exp_cyc(fp12_t c, fp12_t a, bn_t b); * @param[in] c - the second element to exponentiate. * @param[in] d - the second exponent. */ -void fp2_exp_cyc_sim(fp2_t e, fp2_t a, bn_t b, fp2_t c, bn_t d); +void fp2_exp_cyc_sim(fp2_t e, const fp2_t a, const bn_t b, const fp2_t c, const bn_t d); /** * Computes a power of a cyclotomic dodecic extension field element. @@ -3293,7 +3293,7 @@ void fp2_exp_cyc_sim(fp2_t e, fp2_t a, bn_t b, fp2_t c, bn_t d); * @param[in] c - the second element to exponentiate. * @param[in] d - the second exponent. */ -void fp12_exp_cyc_sim(fp12_t e, fp12_t a, bn_t b, fp12_t c, bn_t d); +void fp12_exp_cyc_sim(fp12_t e, const fp12_t a, const bn_t b, const fp12_t c, const bn_t d); /** * Computes a power of a cyclotomic dodecic extension field element. @@ -3304,7 +3304,7 @@ void fp12_exp_cyc_sim(fp12_t e, fp12_t a, bn_t b, fp12_t c, bn_t d); * @param[in] l - the length of the exponent in sparse form. * @param[in] s - the sign of the exponent. */ -void fp12_exp_cyc_sps(fp12_t c, fp12_t a, const int *b, int l, int s); +void fp12_exp_cyc_sps(fp12_t c, const fp12_t a, const int *b, int l, int s); /** * Compresses a dodecic extension field element. @@ -3312,7 +3312,7 @@ void fp12_exp_cyc_sps(fp12_t c, fp12_t a, const int *b, int l, int s); * @param[out] r - the result. * @param[in] p - the dodecic extension field element to compress. */ -void fp12_pck(fp12_t c, fp12_t a); +void fp12_pck(fp12_t c, const fp12_t a); /** * Decompresses a dodecic extension field element. @@ -3321,7 +3321,7 @@ void fp12_pck(fp12_t c, fp12_t a); * @param[in] p - the dodecic extension field element to decompress. * @return if the decompression was successful */ -int fp12_upk(fp12_t c, fp12_t a); +int fp12_upk(fp12_t c, const fp12_t a); /** * Compresses a dodecic extension field element at the maximum rate. @@ -3329,7 +3329,7 @@ int fp12_upk(fp12_t c, fp12_t a); * @param[out] r - the result. * @param[in] p - the dodecic extension field element to compress. */ -void fp12_pck_max(fp12_t c, fp12_t a); +void fp12_pck_max(fp12_t c, const fp12_t a); /** * Decompresses a dodecic extension field element at the maximum rate. @@ -3338,7 +3338,7 @@ void fp12_pck_max(fp12_t c, fp12_t a); * @param[in] p - the dodecic extension field element to decompress. * @return if the decompression was successful */ -int fp12_upk_max(fp12_t c, fp12_t a); +int fp12_upk_max(fp12_t c, const fp12_t a); /** * Copies the second argument to the first argument. @@ -3346,7 +3346,7 @@ int fp12_upk_max(fp12_t c, fp12_t a); * @param[out] c - the result. * @param[in] a - the octdecic extension field element to copy. */ -void fp18_copy(fp18_t c, fp18_t a); +void fp18_copy(fp18_t c, const fp18_t a); /** * Assigns zero to an octdecic extension field element. @@ -3361,7 +3361,7 @@ void fp18_zero(fp18_t a); * @param[in] a - the octdecic extension field element to test. * @return 1 if the argument is zero, 0 otherwise. */ -int fp18_is_zero(fp18_t a); +int fp18_is_zero(const fp18_t a); /** * Assigns a random value to an octdecic extension field element. @@ -3375,7 +3375,7 @@ void fp18_rand(fp18_t a); * * @param[in] A - the octdecic extension field element to print. */ -void fp18_print(fp18_t a); +void fp18_print(const fp18_t a); /** * Returns the number of bytes necessary to store an octdecic extension field @@ -3406,7 +3406,7 @@ void fp18_read_bin(fp18_t a, const uint8_t *bin, int len); * @param[in] a - the extension field element to write. * @throw ERR_NO_BUFFER - if the buffer capacity is not correct. */ -void fp18_write_bin(uint8_t *bin, int len, fp18_t a); +void fp18_write_bin(uint8_t *bin, int len, const fp18_t a); /** * Returns the result of a comparison between two octdecic extension field @@ -3416,7 +3416,7 @@ void fp18_write_bin(uint8_t *bin, int len, fp18_t a); * @param[in] b - the second octdecic extension field element. * @return RLC_EQ if a == b, and RLC_NE otherwise. */ -int fp18_cmp(fp18_t a, fp18_t b); +int fp18_cmp(const fp18_t a, const fp18_t b); /** * Returns the result of a signed comparison between an octdecic extension @@ -3426,7 +3426,7 @@ int fp18_cmp(fp18_t a, fp18_t b); * @param[in] b - the digit. * @return RLC_EQ if a == b, and RLC_NE otherwise. */ -int fp18_cmp_dig(fp18_t a, dig_t b); +int fp18_cmp_dig(const fp18_t a, const dig_t b); /** * Assigns an octdecic extension field element to a digit. @@ -3434,7 +3434,7 @@ int fp18_cmp_dig(fp18_t a, dig_t b); * @param[in] a - the octdecic extension field element. * @param[in] b - the digit. */ -void fp18_set_dig(fp18_t a, dig_t b); +void fp18_set_dig(fp18_t a, const dig_t b); /** * Adds two octdecic extension field elements. Computes c = a + b. @@ -3443,7 +3443,7 @@ void fp18_set_dig(fp18_t a, dig_t b); * @param[in] a - the first octdecic extension field element. * @param[in] b - the second octdecic extension field element. */ -void fp18_add(fp18_t c, fp18_t a, fp18_t b); +void fp18_add(fp18_t c, const fp18_t a, const fp18_t b); /** * Subtracts an octdecic extension field element from another. Computes @@ -3453,7 +3453,7 @@ void fp18_add(fp18_t c, fp18_t a, fp18_t b); * @param[in] a - the first octdecic extension field element. * @param[in] b - the second octdecic extension field element. */ -void fp18_sub(fp18_t c, fp18_t a, fp18_t b); +void fp18_sub(fp18_t c, const fp18_t a, const fp18_t b); /** * Negates an octdecic extension field element. @@ -3461,7 +3461,7 @@ void fp18_sub(fp18_t c, fp18_t a, fp18_t b); * @param[out] c - the result. * @param[out] a - the octdecic extension field element to negate. */ -void fp18_neg(fp18_t c, fp18_t a); +void fp18_neg(fp18_t c, const fp18_t a); /** * Doubles an octdecic extension field element. Computes c = 2 * a. @@ -3469,7 +3469,7 @@ void fp18_neg(fp18_t c, fp18_t a); * @param[out] c - the result. * @param[in] a - the octdecic extension field element to double. */ -void fp18_dbl(fp18_t c, fp18_t a); +void fp18_dbl(fp18_t c, const fp18_t a); /** * Multiples two octdecic extension field elements without performing modular @@ -3479,7 +3479,7 @@ void fp18_dbl(fp18_t c, fp18_t a); * @param[in] a - the octdecic extension field element. * @param[in] b - the octdecic extension field element. */ -void fp18_mul_unr(dv18_t c, fp18_t a, fp18_t b); +void fp18_mul_unr(dv18_t c, const fp18_t a, const fp18_t b); /** * Multiples two octdecic extension field elements using basic arithmetic. @@ -3488,7 +3488,7 @@ void fp18_mul_unr(dv18_t c, fp18_t a, fp18_t b); * @param[in] a - the octdecic extension field element. * @param[in] b - the octdecic extension field element. */ -void fp18_mul_basic(fp18_t c, fp18_t a, fp18_t b); +void fp18_mul_basic(fp18_t c, const fp18_t a, const fp18_t b); /** * Multiples two octdecic extension field elements using lazy reduction. @@ -3497,7 +3497,7 @@ void fp18_mul_basic(fp18_t c, fp18_t a, fp18_t b); * @param[in] a - the octdecic extension field element. * @param[in] b - the octdecic extension field element. */ -void fp18_mul_lazyr(fp18_t c, fp18_t a, fp18_t b); +void fp18_mul_lazyr(fp18_t c, const fp18_t a, const fp18_t b); /** * Multiplies an octdecic extension field element by the adjoined root. @@ -3505,7 +3505,7 @@ void fp18_mul_lazyr(fp18_t c, fp18_t a, fp18_t b); * @param[out] c - the result. * @param[in] a - the octdecic extension field element to multiply. */ -void fp18_mul_art(fp18_t c, fp18_t a); +void fp18_mul_art(fp18_t c, const fp18_t a); /** * Multiples a dense octdecic extension field element by a sparse element using @@ -3515,7 +3515,7 @@ void fp18_mul_art(fp18_t c, fp18_t a); * @param[in] a - the dense octdecic extension field element. * @param[in] b - the sparse octdecic extension field element. */ -void fp18_mul_dxs_basic(fp18_t c, fp18_t a, fp18_t b); +void fp18_mul_dxs_basic(fp18_t c, const fp18_t a, const fp18_t b); /** * Multiples a dense octdecic extension field element by a sparse element using @@ -3525,7 +3525,7 @@ void fp18_mul_dxs_basic(fp18_t c, fp18_t a, fp18_t b); * @param[in] a - the dense octdecic extension field element. * @param[in] b - the sparse octdecic extension field element. */ -void fp18_mul_dxs_lazyr(fp18_t c, fp18_t a, fp18_t b); +void fp18_mul_dxs_lazyr(fp18_t c, const fp18_t a, const fp18_t b); /** * Computes the square of an octdecic extension field element without performing @@ -3534,7 +3534,7 @@ void fp18_mul_dxs_lazyr(fp18_t c, fp18_t a, fp18_t b); * @param[out] c - the result. * @param[in] a - the octdecic extension field element to square. */ -void fp18_sqr_unr(dv18_t c, fp18_t a); +void fp18_sqr_unr(dv18_t c, const fp18_t a); /** * Computes the square of an octdecic extension field element using basic @@ -3543,7 +3543,7 @@ void fp18_sqr_unr(dv18_t c, fp18_t a); * @param[out] c - the result. * @param[in] a - the octdecic extension field element to square. */ -void fp18_sqr_basic(fp18_t c, fp18_t a); +void fp18_sqr_basic(fp18_t c, const fp18_t a); /** * Computes the square of an octdecic extension field element using lazy @@ -3552,7 +3552,7 @@ void fp18_sqr_basic(fp18_t c, fp18_t a); * @param[out] c - the result. * @param[in] a - the octdecic extension field element to square. */ -void fp18_sqr_lazyr(fp18_t c, fp18_t a); +void fp18_sqr_lazyr(fp18_t c, const fp18_t a); /** * Inverts an octdecic extension field element. Computes c = 1/a. @@ -3560,7 +3560,7 @@ void fp18_sqr_lazyr(fp18_t c, fp18_t a); * @param[out] c - the result. * @param[in] a - the octdecic extension field element to invert. */ -void fp18_inv(fp18_t c, fp18_t a); +void fp18_inv(fp18_t c, const fp18_t a); /** * Computes the inverse of a cyclotomic octdecic extension field element. @@ -3570,7 +3570,7 @@ void fp18_inv(fp18_t c, fp18_t a); * @param[out] c - the result. * @param[in] a - the octdecic extension field element to invert. */ -void fp18_inv_cyc(fp18_t c, fp18_t a); +void fp18_inv_cyc(fp18_t c, const fp18_t a); /** * Converts an octdecic extension field element to a cyclotomic element. @@ -3579,7 +3579,7 @@ void fp18_inv_cyc(fp18_t c, fp18_t a); * @param[out] c - the result. * @param[in] a - an octdecic extension field element. */ -void fp18_conv_cyc(fp18_t c, fp18_t a); +void fp18_conv_cyc(fp18_t c, const fp18_t a); /** * Computes the Frobenius endomorphism of an octdecic extension element. @@ -3589,7 +3589,7 @@ void fp18_conv_cyc(fp18_t c, fp18_t a); * @param[in] a - an octdecic extension field element. * @param[in] i - the power of the Frobenius map. */ -void fp18_frb(fp18_t c, fp18_t a, int i); +void fp18_frb(fp18_t c, const fp18_t a, int i); /** * Computes a power of an octdecic extension field element. @@ -3599,7 +3599,7 @@ void fp18_frb(fp18_t c, fp18_t a, int i); * @param[in] a - the basis. * @param[in] b - the exponent. */ -void fp18_exp(fp18_t c, fp18_t a, bn_t b); +void fp18_exp(fp18_t c, const fp18_t a, const bn_t b); /** * Copies the second argument to the first argument. @@ -3607,7 +3607,7 @@ void fp18_exp(fp18_t c, fp18_t a, bn_t b); * @param[out] c - the result. * @param[in] a - the 24-degree extension field element to copy. */ -void fp24_copy(fp24_t c, fp24_t a); +void fp24_copy(fp24_t c, const fp24_t a); /** * Assigns zero to a 24-degree extension field element. @@ -3622,7 +3622,7 @@ void fp24_zero(fp24_t a); * @param[in] a - the 24-degree extension field element to test. * @return 1 if the argument is zero, 0 otherwise. */ -int fp24_is_zero(fp24_t a); +int fp24_is_zero(const fp24_t a); /** * Assigns a random value to a 24-degree extension field element. @@ -3636,7 +3636,7 @@ void fp24_rand(fp24_t a); * * @param[in] A - the 24-degree extension field element to print. */ -void fp24_print(fp24_t a); +void fp24_print(const fp24_t a); /** * Returns the number of bytes necessary to store a 24-degree extension field @@ -3669,7 +3669,7 @@ void fp24_read_bin(fp24_t a, const uint8_t *bin, int len); * @param[in] pack - the flag to indicate compression. * @throw ERR_NO_BUFFER - if the buffer capacity is not correct. */ -void fp24_write_bin(uint8_t *bin, int len, fp24_t a, int pack); +void fp24_write_bin(uint8_t *bin, int len, const fp24_t a, int pack); /** * Returns the result of a comparison between two 24-degree extension field @@ -3679,7 +3679,7 @@ void fp24_write_bin(uint8_t *bin, int len, fp24_t a, int pack); * @param[in] b - the second 24-degree extension field element. * @return RLC_EQ if a == b, and RLC_NE otherwise. */ -int fp24_cmp(fp24_t a, fp24_t b); +int fp24_cmp(const fp24_t a, const fp24_t b); /** * Returns the result of a signed comparison between a 24-degree extension field @@ -3689,7 +3689,7 @@ int fp24_cmp(fp24_t a, fp24_t b); * @param[in] b - the digit. * @return RLC_EQ if a == b, and RLC_NE otherwise. */ -int fp24_cmp_dig(fp24_t a, dig_t b); +int fp24_cmp_dig(const fp24_t a, const dig_t b); /** * Assigns a 24-degree extension field element to a digit. @@ -3697,7 +3697,7 @@ int fp24_cmp_dig(fp24_t a, dig_t b); * @param[in] a - the 24-degree extension field element. * @param[in] b - the digit. */ -void fp24_set_dig(fp24_t a, dig_t b); +void fp24_set_dig(fp24_t a, const dig_t b); /** * Adds two 24-degree extension field elements. Computes c = a + b. @@ -3706,7 +3706,7 @@ void fp24_set_dig(fp24_t a, dig_t b); * @param[in] a - the first 24-degree extension field element. * @param[in] b - the second 24-degree extension field element. */ -void fp24_add(fp24_t c, fp24_t a, fp24_t b); +void fp24_add(fp24_t c, const fp24_t a, const fp24_t b); /** * Subtracts a 24-degree extension field element from another. Computes @@ -3716,7 +3716,7 @@ void fp24_add(fp24_t c, fp24_t a, fp24_t b); * @param[in] a - the first 24-degree extension field element. * @param[in] b - the second 24-degree extension field element. */ -void fp24_sub(fp24_t c, fp24_t a, fp24_t b); +void fp24_sub(fp24_t c, const fp24_t a, const fp24_t b); /** * Negates a 24-degree extension field element. @@ -3724,7 +3724,7 @@ void fp24_sub(fp24_t c, fp24_t a, fp24_t b); * @param[out] c - the result. * @param[out] a - the 24-degree extension field element to negate. */ -void fp24_neg(fp24_t c, fp24_t a); +void fp24_neg(fp24_t c, const fp24_t a); /** * Doubles a 24-degree extension field element. Computes c = 2 * a. @@ -3732,7 +3732,7 @@ void fp24_neg(fp24_t c, fp24_t a); * @param[out] c - the result. * @param[in] a - the octic extension field element to double. */ -void fp24_dbl(fp24_t c, fp24_t a); +void fp24_dbl(fp24_t c, const fp24_t a); /** * Multiples two 24-degree extension field elements without performing modular @@ -3742,7 +3742,7 @@ void fp24_dbl(fp24_t c, fp24_t a); * @param[in] a - the 24-degree extension field element. * @param[in] b - the 24-degree extension field element. */ -void fp24_mul_unr(dv24_t c, fp24_t a, fp24_t b); +void fp24_mul_unr(dv24_t c, const fp24_t a, const fp24_t b); /** * Multiples two 24-degree extension field elements using basic arithmetic. @@ -3751,7 +3751,7 @@ void fp24_mul_unr(dv24_t c, fp24_t a, fp24_t b); * @param[in] a - the 24-degree extension field element. * @param[in] b - the 24-degree extension field element. */ -void fp24_mul_basic(fp24_t c, fp24_t a, fp24_t b); +void fp24_mul_basic(fp24_t c, const fp24_t a, const fp24_t b); /** * Multiples two 24-degree extension field elements using lazy reduction. @@ -3760,7 +3760,7 @@ void fp24_mul_basic(fp24_t c, fp24_t a, fp24_t b); * @param[in] a - the 24-degree extension field element. * @param[in] b - the 24-degree extension field element. */ -void fp24_mul_lazyr(fp24_t c, fp24_t a, fp24_t b); +void fp24_mul_lazyr(fp24_t c, const fp24_t a, const fp24_t b); /** * Multiplies a 24-degree extension field element by the adjoined root. @@ -3768,7 +3768,7 @@ void fp24_mul_lazyr(fp24_t c, fp24_t a, fp24_t b); * @param[out] c - the result. * @param[in] a - the dodecic extension field element to multiply. */ -void fp24_mul_art(fp24_t c, fp24_t a); +void fp24_mul_art(fp24_t c, const fp24_t a); /** * Multiples a dense 24-degree extension field element by a sparse element. @@ -3777,7 +3777,7 @@ void fp24_mul_art(fp24_t c, fp24_t a); * @param[in] a - a 24-degree extension field element. * @param[in] b - a 24-degree quartic extension field element. */ -void fp24_mul_dxs(fp24_t c, fp24_t a, fp24_t b); +void fp24_mul_dxs(fp24_t c, const fp24_t a, const fp24_t b); /** * Computes the square of a 24-degree extension field element without performing @@ -3786,7 +3786,7 @@ void fp24_mul_dxs(fp24_t c, fp24_t a, fp24_t b); * @param[out] c - the result. * @param[in] a - the 24-degree extension field element to square. */ -void fp24_sqr_unr(dv24_t c, fp24_t a); +void fp24_sqr_unr(dv24_t c, const fp24_t a); /** * Computes the square of a 24-degree extension field element using basic @@ -3795,7 +3795,7 @@ void fp24_sqr_unr(dv24_t c, fp24_t a); * @param[out] c - the result. * @param[in] a - the 24-degree extension field element to square. */ -void fp24_sqr_basic(fp24_t c, fp24_t a); +void fp24_sqr_basic(fp24_t c, const fp24_t a); /** * Computes the square of a 24-degree extension field element using lazy @@ -3804,7 +3804,7 @@ void fp24_sqr_basic(fp24_t c, fp24_t a); * @param[out] c - the result. * @param[in] a - the 24-degree extension field element to square. */ -void fp24_sqr_lazyr(fp24_t c, fp24_t a); +void fp24_sqr_lazyr(fp24_t c, const fp24_t a); /** * Computes the square of a cyclotomic 24-extension field element using @@ -3815,7 +3815,7 @@ void fp24_sqr_lazyr(fp24_t c, fp24_t a); * @param[out] c - the result. * @param[in] a - the cyclotomic extension element to square. */ -void fp24_sqr_cyc_basic(fp24_t c, fp24_t a); +void fp24_sqr_cyc_basic(fp24_t c, const fp24_t a); /** * Computes the square of a cyclotomic 24-extension field element using @@ -3826,7 +3826,7 @@ void fp24_sqr_cyc_basic(fp24_t c, fp24_t a); * @param[out] c - the result. * @param[in] a - the cyclotomic extension element to square. */ -void fp24_sqr_cyc_lazyr(fp24_t c, fp24_t a); +void fp24_sqr_cyc_lazyr(fp24_t c, const fp24_t a); /** * Computes the square of a compressed cyclotomic extension field element. @@ -3836,7 +3836,7 @@ void fp24_sqr_cyc_lazyr(fp24_t c, fp24_t a); * @param[out] c - the result. * @param[in] a - the cyclotomic extension element to square. */ -void fp24_sqr_pck_basic(fp24_t c, fp24_t a); +void fp24_sqr_pck_basic(fp24_t c, const fp24_t a); /** * Computes the square of a compressed cyclotomic extension field element using @@ -3847,7 +3847,7 @@ void fp24_sqr_pck_basic(fp24_t c, fp24_t a); * @param[out] c - the result. * @param[in] a - the cyclotomic extension element to square. */ -void fp24_sqr_pck_lazyr(fp24_t c, fp24_t a); +void fp24_sqr_pck_lazyr(fp24_t c, const fp24_t a); /** * Tests if a 24-extension field element belongs to the cyclotomic @@ -3856,7 +3856,7 @@ void fp24_sqr_pck_lazyr(fp24_t c, fp24_t a); * @param[in] a - the 24-extension field element to test. * @return 1 if the extension field element is in the subgroup, 0 otherwise. */ -int fp24_test_cyc(fp24_t a); +int fp24_test_cyc(const fp24_t a); /** * Converts a 24-extension field element to a cyclotomic element. @@ -3865,7 +3865,7 @@ int fp24_test_cyc(fp24_t a); * @param[out] c - the result. * @param[in] a - a 24-extension field element. */ -void fp24_conv_cyc(fp24_t c, fp24_t a); +void fp24_conv_cyc(fp24_t c, const fp24_t a); /** * Decompresses a compressed cyclotomic extension field element. @@ -3873,7 +3873,7 @@ void fp24_conv_cyc(fp24_t c, fp24_t a); * @param[out] c - the result. * @param[in] a - the 24-extension field element to decompress. */ -void fp24_back_cyc(fp24_t c, fp24_t a); +void fp24_back_cyc(fp24_t c, const fp24_t a); /** * Decompresses multiple compressed cyclotomic extension field elements. @@ -3882,7 +3882,7 @@ void fp24_back_cyc(fp24_t c, fp24_t a); * @param[in] a - the 24 field elements to decompress. * @param[in] n - the number of field elements to decompress. */ -void fp24_back_cyc_sim(fp24_t *c, fp24_t *a, int n); +void fp24_back_cyc_sim(fp24_t *c, const fp24_t *a, int n); /** * Inverts a 24-degree extension field element. Computes c = 1/a. @@ -3890,7 +3890,7 @@ void fp24_back_cyc_sim(fp24_t *c, fp24_t *a, int n); * @param[out] c - the result. * @param[in] a - the 24-degree extension field element to invert. */ -void fp24_inv(fp24_t c, fp24_t a); +void fp24_inv(fp24_t c, const fp24_t a); /** * Computes the inverse of a cyclotomic octdecic extension field element. @@ -3900,7 +3900,7 @@ void fp24_inv(fp24_t c, fp24_t a); * @param[out] c - the result. * @param[in] a - the 24-degree extension field element to invert. */ -void fp24_inv_cyc(fp24_t c, fp24_t a); +void fp24_inv_cyc(fp24_t c, const fp24_t a); /** * Computes the Frobenius endomorphism of a 24-degree extension element. @@ -3910,7 +3910,7 @@ void fp24_inv_cyc(fp24_t c, fp24_t a); * @param[in] a - a 24-degree extension field element. * @param[in] i - the power of the Frobenius map. */ -void fp24_frb(fp24_t c, fp24_t a, int i); +void fp24_frb(fp24_t c, const fp24_t a, int i); /** * Computes a power of a 24-degree extension field element. @@ -3920,7 +3920,7 @@ void fp24_frb(fp24_t c, fp24_t a, int i); * @param[in] a - the basis. * @param[in] b - the exponent. */ -void fp24_exp(fp24_t c, fp24_t a, bn_t b); +void fp24_exp(fp24_t c, const fp24_t a, const bn_t b); /** * Computes a power of a 24-extension field element by a small exponent. @@ -3930,7 +3930,7 @@ void fp24_exp(fp24_t c, fp24_t a, bn_t b); * @param[in] a - the basis. * @param[in] b - the exponent. */ -void fp24_exp_dig(fp24_t c, fp24_t a, dig_t b); +void fp24_exp_dig(fp24_t c, const fp24_t a, dig_t b); /** * Computes a power of a cyclotomic 24-extension field element. @@ -3939,7 +3939,7 @@ void fp24_exp_dig(fp24_t c, fp24_t a, dig_t b); * @param[in] a - the basis. * @param[in] b - the exponent. */ -void fp24_exp_cyc(fp24_t c, fp24_t a, bn_t b); +void fp24_exp_cyc(fp24_t c, const fp24_t a, const bn_t b); /** * Computes a power of a cyclotomic dodecic extension field element. @@ -3950,7 +3950,7 @@ void fp24_exp_cyc(fp24_t c, fp24_t a, bn_t b); * @param[in] c - the second element to exponentiate. * @param[in] d - the second exponent. */ -void fp24_exp_cyc_sim(fp24_t e, fp24_t a, bn_t b, fp24_t c, bn_t d); +void fp24_exp_cyc_sim(fp24_t e, const fp24_t a, const bn_t b, const fp24_t c, const bn_t d); /** * Computes a power of a cyclotomic 24-extension field element. @@ -3961,7 +3961,7 @@ void fp24_exp_cyc_sim(fp24_t e, fp24_t a, bn_t b, fp24_t c, bn_t d); * @param[in] l - the length of the exponent in sparse form. * @param[in] s - the sign of the exponent. */ -void fp24_exp_cyc_sps(fp24_t c, fp24_t a, const int *b, int l, int s); +void fp24_exp_cyc_sps(fp24_t c, const fp24_t a, const int *b, int l, int s); /** * Compresses a 24-extension field element. @@ -3969,7 +3969,7 @@ void fp24_exp_cyc_sps(fp24_t c, fp24_t a, const int *b, int l, int s); * @param[out] c - the result. * @param[in] a - the 24-extension field element to compress. */ -void fp24_pck(fp24_t c, fp24_t a); +void fp24_pck(fp24_t c, const fp24_t a); /** * Decompresses a 24-extension field element. @@ -3978,7 +3978,7 @@ void fp24_pck(fp24_t c, fp24_t a); * @param[in] a - the 24-extension field element to decompress. * @return if the decompression was successful */ -int fp24_upk(fp24_t c, fp24_t a); +int fp24_upk(fp24_t c, const fp24_t a); /** * Copies the second argument to the first argument. @@ -3986,7 +3986,7 @@ int fp24_upk(fp24_t c, fp24_t a); * @param[out] c - the result. * @param[in] a - the 48-extension field element to copy. */ -void fp48_copy(fp48_t c, fp48_t a); +void fp48_copy(fp48_t c, const fp48_t a); /** * Assigns zero to a 48-extension field element. @@ -4001,7 +4001,7 @@ void fp48_zero(fp48_t a); * @param[in] a - the 48-extension field element to test. * @return 1 if the argument is zero, 0 otherwise. */ -int fp48_is_zero(fp48_t a); +int fp48_is_zero(const fp48_t a); /** * Assigns a random value to a 48-extension field element. @@ -4015,7 +4015,7 @@ void fp48_rand(fp48_t a); * * @param[in] a - the 48-extension field element to print. */ -void fp48_print(fp48_t a); +void fp48_print(const fp48_t a); /** * Returns the number of bytes necessary to store a 48-extension field @@ -4048,7 +4048,7 @@ void fp48_read_bin(fp48_t a, const uint8_t *bin, int len); * @param[in] pack - the flag to indicate compression. * @throw ERR_NO_BUFFER - if the buffer capacity is not correct. */ -void fp48_write_bin(uint8_t *bin, int len, fp48_t a, int pack); +void fp48_write_bin(uint8_t *bin, int len, const fp48_t a, int pack); /** * Returns the result of a comparison between two 48-extension field @@ -4058,7 +4058,7 @@ void fp48_write_bin(uint8_t *bin, int len, fp48_t a, int pack); * @param[in] b - the second 48-extension field element. * @return RLC_EQ if a == b, and RLC_NE otherwise. */ -int fp48_cmp(fp48_t a, fp48_t b); +int fp48_cmp(const fp48_t a, const fp48_t b); /** * Returns the result of a signed comparison between a 48-extension field @@ -4068,7 +4068,7 @@ int fp48_cmp(fp48_t a, fp48_t b); * @param[in] b - the digit. * @return RLC_EQ if a == b, and RLC_NE otherwise. */ -int fp48_cmp_dig(fp48_t a, dig_t b); +int fp48_cmp_dig(const fp48_t a, const dig_t b); /** * Assigns a 48-extension field element to a digit. @@ -4076,7 +4076,7 @@ int fp48_cmp_dig(fp48_t a, dig_t b); * @param[in] a - the 48-extension field element. * @param[in] b - the digit. */ -void fp48_set_dig(fp48_t a, dig_t b); +void fp48_set_dig(fp48_t a, const dig_t b); /** * Adds two 48-extension field elements. Computes c = a + b. @@ -4085,7 +4085,7 @@ void fp48_set_dig(fp48_t a, dig_t b); * @param[in] a - the first 48-extension field element. * @param[in] b - the second 48-extension field element. */ -void fp48_add(fp48_t c, fp48_t a, fp48_t b); +void fp48_add(fp48_t c, const fp48_t a, const fp48_t b); /** * Subtracts a 48-extension field element from another. Computes @@ -4095,7 +4095,7 @@ void fp48_add(fp48_t c, fp48_t a, fp48_t b); * @param[in] a - the first 48-extension field element. * @param[in] b - the second 48-extension field element. */ -void fp48_sub(fp48_t c, fp48_t a, fp48_t b); +void fp48_sub(fp48_t c, const fp48_t a, const fp48_t b); /** * Negates a 48-extension field element. @@ -4103,7 +4103,7 @@ void fp48_sub(fp48_t c, fp48_t a, fp48_t b); * @param[out] c - the result. * @param[out] a - the 48-extension field element to negate. */ -void fp48_neg(fp48_t c, fp48_t a); +void fp48_neg(fp48_t c, const fp48_t a); /** * Doubles a 48-extension field element. Computes c = 2 * a. @@ -4111,7 +4111,7 @@ void fp48_neg(fp48_t c, fp48_t a); * @param[out] c - the result. * @param[in] a - the 48-extension field element to double. */ -void fp48_dbl(fp48_t c, fp48_t a); +void fp48_dbl(fp48_t c, const fp48_t a); /** * Multiples two 48-extension field elements using basic arithmetic. @@ -4120,7 +4120,7 @@ void fp48_dbl(fp48_t c, fp48_t a); * @param[in] a - the 48-extension field element. * @param[in] b - the 48-extension field element. */ -void fp48_mul_basic(fp48_t c, fp48_t a, fp48_t b); +void fp48_mul_basic(fp48_t c, const fp48_t a, const fp48_t b); /** * Multiples two 48-extension field elements using lazy reduction. @@ -4129,7 +4129,7 @@ void fp48_mul_basic(fp48_t c, fp48_t a, fp48_t b); * @param[in] a - the 48-extension field element. * @param[in] b - the 48-extension field element. */ -void fp48_mul_lazyr(fp48_t c, fp48_t a, fp48_t b); +void fp48_mul_lazyr(fp48_t c, const fp48_t a, const fp48_t b); /** * Multiplies a 48-extension field element by the adjoined root. @@ -4137,7 +4137,7 @@ void fp48_mul_lazyr(fp48_t c, fp48_t a, fp48_t b); * @param[out] c - the result. * @param[in] a - the 48-extension field element to multiply. */ -void fp48_mul_art(fp48_t c, fp48_t a); +void fp48_mul_art(fp48_t c, const fp48_t a); /** * Multiples a dense 48-extension field element by a sparse element using @@ -4147,7 +4147,7 @@ void fp48_mul_art(fp48_t c, fp48_t a); * @param[in] a - the dense 48-extension field element. * @param[in] b - the sparse 48-extension field element. */ -void fp48_mul_dxs(fp48_t c, fp48_t a, fp48_t b); +void fp48_mul_dxs(fp48_t c, const fp48_t a, const fp48_t b); /** * Computes the square of a 48-extension field element using basic @@ -4156,7 +4156,7 @@ void fp48_mul_dxs(fp48_t c, fp48_t a, fp48_t b); * @param[out] c - the result. * @param[in] a - the 48-extension field element to square. */ -void fp48_sqr_basic(fp48_t c, fp48_t a); +void fp48_sqr_basic(fp48_t c, const fp48_t a); /** * Computes the square of a 48-extension field element using lazy @@ -4165,7 +4165,7 @@ void fp48_sqr_basic(fp48_t c, fp48_t a); * @param[out] c - the result. * @param[in] a - the 48-extension field element to square. */ -void fp48_sqr_lazyr(fp48_t c, fp48_t a); +void fp48_sqr_lazyr(fp48_t c, const fp48_t a); /** * Computes the square of a cyclotomic 48-extension field element using @@ -4176,7 +4176,7 @@ void fp48_sqr_lazyr(fp48_t c, fp48_t a); * @param[out] c - the result. * @param[in] a - the cyclotomic extension element to square. */ -void fp48_sqr_cyc_basic(fp48_t c, fp48_t a); +void fp48_sqr_cyc_basic(fp48_t c, const fp48_t a); /** * Computes the square of a cyclotomic 48-extension field element using @@ -4187,7 +4187,7 @@ void fp48_sqr_cyc_basic(fp48_t c, fp48_t a); * @param[out] c - the result. * @param[in] a - the cyclotomic extension element to square. */ -void fp48_sqr_cyc_lazyr(fp48_t c, fp48_t a); +void fp48_sqr_cyc_lazyr(fp48_t c, const fp48_t a); /** * Computes the square of a compressed cyclotomic extension field element. @@ -4197,7 +4197,7 @@ void fp48_sqr_cyc_lazyr(fp48_t c, fp48_t a); * @param[out] c - the result. * @param[in] a - the cyclotomic extension element to square. */ -void fp48_sqr_pck_basic(fp48_t c, fp48_t a); +void fp48_sqr_pck_basic(fp48_t c, const fp48_t a); /** * Computes the square of a compressed cyclotomic extension field element using @@ -4208,7 +4208,7 @@ void fp48_sqr_pck_basic(fp48_t c, fp48_t a); * @param[out] c - the result. * @param[in] a - the cyclotomic extension element to square. */ -void fp48_sqr_pck_lazyr(fp48_t c, fp48_t a); +void fp48_sqr_pck_lazyr(fp48_t c, const fp48_t a); /** * Tests if a 48-extension field element belongs to the cyclotomic @@ -4217,7 +4217,7 @@ void fp48_sqr_pck_lazyr(fp48_t c, fp48_t a); * @param[in] a - the 48-extension field element to test. * @return 1 if the extension field element is in the subgroup, 0 otherwise. */ -int fp48_test_cyc(fp48_t a); +int fp48_test_cyc(const fp48_t a); /** * Converts a 48-extension field element to a cyclotomic element. @@ -4226,7 +4226,7 @@ int fp48_test_cyc(fp48_t a); * @param[out] c - the result. * @param[in] a - a 48-extension field element. */ -void fp48_conv_cyc(fp48_t c, fp48_t a); +void fp48_conv_cyc(fp48_t c, const fp48_t a); /** * Decompresses a compressed cyclotomic extension field element. @@ -4234,7 +4234,7 @@ void fp48_conv_cyc(fp48_t c, fp48_t a); * @param[out] c - the result. * @param[in] a - the 48-extension field element to decompress. */ -void fp48_back_cyc(fp48_t c, fp48_t a); +void fp48_back_cyc(fp48_t c, const fp48_t a); /** * Decompresses multiple compressed cyclotomic extension field elements. @@ -4243,7 +4243,7 @@ void fp48_back_cyc(fp48_t c, fp48_t a); * @param[in] a - the 48 field elements to decompress. * @param[in] n - the number of field elements to decompress. */ -void fp48_back_cyc_sim(fp48_t *c, fp48_t *a, int n); +void fp48_back_cyc_sim(fp48_t *c, const fp48_t *a, int n); /** * Inverts a 48-extension field element. Computes c = 1/a. @@ -4251,7 +4251,7 @@ void fp48_back_cyc_sim(fp48_t *c, fp48_t *a, int n); * @param[out] c - the result. * @param[in] a - the 48-extension field element to invert. */ -void fp48_inv(fp48_t c, fp48_t a); +void fp48_inv(fp48_t c, const fp48_t a); /** * Computes the inverse of a cyclotomic 48-extension field element. @@ -4262,16 +4262,7 @@ void fp48_inv(fp48_t c, fp48_t a); * @param[out] c - the result. * @param[in] a - the 48-extension field element to invert. */ -void fp48_inv_cyc(fp48_t c, fp48_t a); - -/** - * Converts a 48-extension field element to a cyclotomic element. Computes - * c = a^(p^6 - 1). - * - * @param[out] c - the result. - * @param[in] a - the 48-extension field element. - */ -void fp48_conv_cyc(fp48_t c, fp48_t a); +void fp48_inv_cyc(fp48_t c, const fp48_t a); /** * Computes the Frobenius endomorphism of a 48-extension element. @@ -4281,7 +4272,7 @@ void fp48_conv_cyc(fp48_t c, fp48_t a); * @param[in] a - a 48-extension field element. * @param[in] i - the power of the Frobenius map. */ -void fp48_frb(fp48_t c, fp48_t a, int i); +void fp48_frb(fp48_t c, const fp48_t a, int i); /** * Computes a power of a 48-extension field element. @@ -4291,7 +4282,7 @@ void fp48_frb(fp48_t c, fp48_t a, int i); * @param[in] a - the basis. * @param[in] b - the exponent. */ -void fp48_exp(fp48_t c, fp48_t a, bn_t b); +void fp48_exp(fp48_t c, const fp48_t a, const bn_t b); /** * Computes a power of a 48-extension field element by a small exponent. @@ -4301,7 +4292,7 @@ void fp48_exp(fp48_t c, fp48_t a, bn_t b); * @param[in] a - the basis. * @param[in] b - the exponent. */ -void fp48_exp_dig(fp48_t c, fp48_t a, dig_t b); +void fp48_exp_dig(fp48_t c, const fp48_t a, dig_t b); /** * Computes a power of a cyclotomic 48-extension field element. @@ -4310,7 +4301,7 @@ void fp48_exp_dig(fp48_t c, fp48_t a, dig_t b); * @param[in] a - the basis. * @param[in] b - the exponent. */ -void fp48_exp_cyc(fp48_t c, fp48_t a, bn_t b); +void fp48_exp_cyc(fp48_t c, const fp48_t a, const bn_t b); /** * Computes a power of a cyclotomic 48-extension field element. @@ -4321,7 +4312,7 @@ void fp48_exp_cyc(fp48_t c, fp48_t a, bn_t b); * @param[in] l - the length of the exponent in sparse form. * @param[in] s - the sign of the exponent. */ -void fp48_exp_cyc_sps(fp48_t c, fp48_t a, const int *b, int l, int s); +void fp48_exp_cyc_sps(fp48_t c, const fp48_t a, const int *b, int l, int s); /** * Compresses a 48-extension field element. @@ -4329,7 +4320,7 @@ void fp48_exp_cyc_sps(fp48_t c, fp48_t a, const int *b, int l, int s); * @param[out] c - the result. * @param[in] a - the 48-extension field element to compress. */ -void fp48_pck(fp48_t c, fp48_t a); +void fp48_pck(fp48_t c, const fp48_t a); /** * Decompresses a 48-extension field element. @@ -4338,7 +4329,7 @@ void fp48_pck(fp48_t c, fp48_t a); * @param[in] a - the 48-extension field element to decompress. * @return if the decompression was successful */ -int fp48_upk(fp48_t c, fp48_t a); +int fp48_upk(fp48_t c, const fp48_t a); /** * Copies the second argument to the first argument. @@ -4346,7 +4337,7 @@ int fp48_upk(fp48_t c, fp48_t a); * @param[out] c - the result. * @param[in] a - the 54-extension field element to copy. */ -void fp54_copy(fp54_t c, fp54_t a); +void fp54_copy(fp54_t c, const fp54_t a); /** * Assigns zero to a 54-extension field element. @@ -4361,7 +4352,7 @@ void fp54_zero(fp54_t a); * @param[in] a - the 54-extension field element to test. * @return 1 if the argument is zero, 0 otherwise. */ -int fp54_is_zero(fp54_t a); +int fp54_is_zero(const fp54_t a); /** * Assigns a random value to a 54-extension field element. @@ -4375,7 +4366,7 @@ void fp54_rand(fp54_t a); * * @param[in] a - the 54-extension field element to print. */ -void fp54_print(fp54_t a); +void fp54_print(const fp54_t a); /** * Returns the number of bytes necessary to store a 54-extension field @@ -4408,7 +4399,7 @@ void fp54_read_bin(fp54_t a, const uint8_t *bin, int len); * @param[in] pack - the flag to indicate compression. * @throw ERR_NO_BUFFER - if the buffer capacity is not correct. */ -void fp54_write_bin(uint8_t *bin, int len, fp54_t a, int pack); +void fp54_write_bin(uint8_t *bin, int len, const fp54_t a, int pack); /** * Returns the result of a comparison between two 54-extension field @@ -4418,7 +4409,7 @@ void fp54_write_bin(uint8_t *bin, int len, fp54_t a, int pack); * @param[in] b - the second 54-extension field element. * @return RLC_EQ if a == b, and RLC_NE otherwise. */ -int fp54_cmp(fp54_t a, fp54_t b); +int fp54_cmp(const fp54_t a, const fp54_t b); /** * Returns the result of a signed comparison between a 54-extension field @@ -4428,7 +4419,7 @@ int fp54_cmp(fp54_t a, fp54_t b); * @param[in] b - the digit. * @return RLC_EQ if a == b, and RLC_NE otherwise. */ -int fp54_cmp_dig(fp54_t a, dig_t b); +int fp54_cmp_dig(const fp54_t a, const dig_t b); /** * Assigns a 54-extension field element to a digit. @@ -4436,7 +4427,7 @@ int fp54_cmp_dig(fp54_t a, dig_t b); * @param[in] a - the 54-extension field element. * @param[in] b - the digit. */ -void fp54_set_dig(fp54_t a, dig_t b); +void fp54_set_dig(fp54_t a, const dig_t b); /** * Adds two 54-extension field elements. Computes c = a + b. @@ -4445,7 +4436,7 @@ void fp54_set_dig(fp54_t a, dig_t b); * @param[in] a - the first 54-extension field element. * @param[in] b - the second 54-extension field element. */ -void fp54_add(fp54_t c, fp54_t a, fp54_t b); +void fp54_add(fp54_t c, const fp54_t a, const fp54_t b); /** * Subtracts a 54-extension field element from another. Computes @@ -4455,7 +4446,7 @@ void fp54_add(fp54_t c, fp54_t a, fp54_t b); * @param[in] a - the first 54-extension field element. * @param[in] b - the second 54-extension field element. */ -void fp54_sub(fp54_t c, fp54_t a, fp54_t b); +void fp54_sub(fp54_t c, const fp54_t a, const fp54_t b); /** * Negates a 54-extension field element. @@ -4463,7 +4454,7 @@ void fp54_sub(fp54_t c, fp54_t a, fp54_t b); * @param[out] c - the result. * @param[out] a - the 54-extension field element to negate. */ -void fp54_neg(fp54_t c, fp54_t a); +void fp54_neg(fp54_t c, const fp54_t a); /** * Doubles a 54-extension field element. Computes c = 2 * a. @@ -4471,7 +4462,7 @@ void fp54_neg(fp54_t c, fp54_t a); * @param[out] c - the result. * @param[in] a - the 54-extension field element to double. */ -void fp54_dbl(fp54_t c, fp54_t a); +void fp54_dbl(fp54_t c, const fp54_t a); /** * Multiples two 54-extension field elements using basic arithmetic. @@ -4480,7 +4471,7 @@ void fp54_dbl(fp54_t c, fp54_t a); * @param[in] a - the 54-extension field element. * @param[in] b - the 54-extension field element. */ -void fp54_mul_basic(fp54_t c, fp54_t a, fp54_t b); +void fp54_mul_basic(fp54_t c, const fp54_t a, const fp54_t b); /** * Multiples two 54-extension field elements using lazy reduction. @@ -4489,7 +4480,7 @@ void fp54_mul_basic(fp54_t c, fp54_t a, fp54_t b); * @param[in] a - the 54-extension field element. * @param[in] b - the 54-extension field element. */ -void fp54_mul_lazyr(fp54_t c, fp54_t a, fp54_t b); +void fp54_mul_lazyr(fp54_t c, const fp54_t a, const fp54_t b); /** * Multiplies a 54-extension field element by the adjoined root. @@ -4497,7 +4488,7 @@ void fp54_mul_lazyr(fp54_t c, fp54_t a, fp54_t b); * @param[out] c - the result. * @param[in] a - the 54-extension field element to multiply. */ -void fp54_mul_art(fp54_t c, fp54_t a); +void fp54_mul_art(fp54_t c, const fp54_t a); /** * Multiples a dense 54-extension field element by a sparse element using @@ -4507,7 +4498,7 @@ void fp54_mul_art(fp54_t c, fp54_t a); * @param[in] a - the dense 54-extension field element. * @param[in] b - the sparse 54-extension field element. */ -void fp54_mul_dxs(fp54_t c, fp54_t a, fp54_t b); +void fp54_mul_dxs(fp54_t c, const fp54_t a, const fp54_t b); /** * Computes the square of a 54-extension field element using basic @@ -4516,7 +4507,7 @@ void fp54_mul_dxs(fp54_t c, fp54_t a, fp54_t b); * @param[out] c - the result. * @param[in] a - the 54-extension field element to square. */ -void fp54_sqr_basic(fp54_t c, fp54_t a); +void fp54_sqr_basic(fp54_t c, const fp54_t a); /** * Computes the square of a 54-extension field element using lazy @@ -4525,7 +4516,7 @@ void fp54_sqr_basic(fp54_t c, fp54_t a); * @param[out] c - the result. * @param[in] a - the 54-extension field element to square. */ -void fp54_sqr_lazyr(fp54_t c, fp54_t a); +void fp54_sqr_lazyr(fp54_t c, const fp54_t a); /** * Computes the square of a cyclotomic 54-extension field element using @@ -4536,7 +4527,7 @@ void fp54_sqr_lazyr(fp54_t c, fp54_t a); * @param[out] c - the result. * @param[in] a - the cyclotomic extension element to square. */ -void fp54_sqr_cyc_basic(fp54_t c, fp54_t a); +void fp54_sqr_cyc_basic(fp54_t c, const fp54_t a); /** * Computes the square of a cyclotomic 54-extension field element using @@ -4547,7 +4538,7 @@ void fp54_sqr_cyc_basic(fp54_t c, fp54_t a); * @param[out] c - the result. * @param[in] a - the cyclotomic extension element to square. */ -void fp54_sqr_cyc_lazyr(fp54_t c, fp54_t a); +void fp54_sqr_cyc_lazyr(fp54_t c, const fp54_t a); /** * Computes the square of a compressed cyclotomic extension field element. @@ -4557,7 +4548,7 @@ void fp54_sqr_cyc_lazyr(fp54_t c, fp54_t a); * @param[out] c - the result. * @param[in] a - the cyclotomic extension element to square. */ -void fp54_sqr_pck_basic(fp54_t c, fp54_t a); +void fp54_sqr_pck_basic(fp54_t c, const fp54_t a); /** * Computes the square of a compressed cyclotomic extension field element using @@ -4568,7 +4559,7 @@ void fp54_sqr_pck_basic(fp54_t c, fp54_t a); * @param[out] c - the result. * @param[in] a - the cyclotomic extension element to square. */ -void fp54_sqr_pck_lazyr(fp54_t c, fp54_t a); +void fp54_sqr_pck_lazyr(fp54_t c, const fp54_t a); /** * Tests if a 54-extension field element belongs to the cyclotomic @@ -4577,7 +4568,7 @@ void fp54_sqr_pck_lazyr(fp54_t c, fp54_t a); * @param[in] a - the 54-extension field element to test. * @return 1 if the extension field element is in the subgroup, 0 otherwise. */ -int fp54_test_cyc(fp54_t a); +int fp54_test_cyc(const fp54_t a); /** * Converts a 54-extension field element to a cyclotomic element. @@ -4586,7 +4577,7 @@ int fp54_test_cyc(fp54_t a); * @param[out] c - the result. * @param[in] a - a 54-extension field element. */ -void fp54_conv_cyc(fp54_t c, fp54_t a); +void fp54_conv_cyc(fp54_t c, const fp54_t a); /** * Decompresses a compressed cyclotomic extension field element. @@ -4594,7 +4585,7 @@ void fp54_conv_cyc(fp54_t c, fp54_t a); * @param[out] c - the result. * @param[in] a - the 54-extension field element to decompress. */ -void fp54_back_cyc(fp54_t c, fp54_t a); +void fp54_back_cyc(fp54_t c, const fp54_t a); /** * Decompresses multiple compressed cyclotomic extension field elements. @@ -4603,7 +4594,7 @@ void fp54_back_cyc(fp54_t c, fp54_t a); * @param[in] a - the 54 field elements to decompress. * @param[in] n - the number of field elements to decompress. */ -void fp54_back_cyc_sim(fp54_t *c, fp54_t *a, int n); +void fp54_back_cyc_sim(fp54_t *c, const fp54_t *a, int n); /** * Inverts a 54-extension field element. Computes c = 1/a. @@ -4611,7 +4602,7 @@ void fp54_back_cyc_sim(fp54_t *c, fp54_t *a, int n); * @param[out] c - the result. * @param[in] a - the 54-extension field element to invert. */ -void fp54_inv(fp54_t c, fp54_t a); +void fp54_inv(fp54_t c, const fp54_t a); /** * Computes the inverse of a cyclotomic 54-extension field element. @@ -4622,16 +4613,7 @@ void fp54_inv(fp54_t c, fp54_t a); * @param[out] c - the result. * @param[in] a - the 54-extension field element to invert. */ -void fp54_inv_cyc(fp54_t c, fp54_t a); - -/** - * Converts a 54-extension field element to a cyclotomic element. Computes - * c = a^(p^6 - 1). - * - * @param[out] c - the result. - * @param[in] a - the 54-extension field element. - */ -void fp54_conv_cyc(fp54_t c, fp54_t a); +void fp54_inv_cyc(fp54_t c, const fp54_t a); /** * Computes the Frobenius endomorphism of a 54-extension element. @@ -4641,7 +4623,7 @@ void fp54_conv_cyc(fp54_t c, fp54_t a); * @param[in] a - a 54-extension field element. * @param[in] i - the power of the Frobenius map. */ -void fp54_frb(fp54_t c, fp54_t a, int i); +void fp54_frb(fp54_t c, const fp54_t a, int i); /** * Computes a power of a 54-extension field element. @@ -4651,7 +4633,7 @@ void fp54_frb(fp54_t c, fp54_t a, int i); * @param[in] a - the basis. * @param[in] b - the exponent. */ -void fp54_exp(fp54_t c, fp54_t a, bn_t b); +void fp54_exp(fp54_t c, const fp54_t a, const bn_t b); /** * Computes a power of a 54-extension field element by a small exponent. @@ -4661,7 +4643,7 @@ void fp54_exp(fp54_t c, fp54_t a, bn_t b); * @param[in] a - the basis. * @param[in] b - the exponent. */ -void fp54_exp_dig(fp54_t c, fp54_t a, dig_t b); +void fp54_exp_dig(fp54_t c, const fp54_t a, dig_t b); /** * Computes a power of a cyclotomic 54-extension field element. @@ -4670,7 +4652,7 @@ void fp54_exp_dig(fp54_t c, fp54_t a, dig_t b); * @param[in] a - the basis. * @param[in] b - the exponent. */ -void fp54_exp_cyc(fp54_t c, fp54_t a, bn_t b); +void fp54_exp_cyc(fp54_t c, const fp54_t a, const bn_t b); /** * Computes a power of a cyclotomic 54-extension field element. @@ -4681,7 +4663,7 @@ void fp54_exp_cyc(fp54_t c, fp54_t a, bn_t b); * @param[in] l - the length of the exponent in sparse form. * @param[in] s - the sign of the exponent. */ -void fp54_exp_cyc_sps(fp54_t c, fp54_t a, const int *b, int l, int s); +void fp54_exp_cyc_sps(fp54_t c, const fp54_t a, const int *b, int l, int s); /** * Compresses a 54-extension field element. @@ -4689,7 +4671,7 @@ void fp54_exp_cyc_sps(fp54_t c, fp54_t a, const int *b, int l, int s); * @param[out] c - the result. * @param[in] a - the 54-extension field element to compress. */ -void fp54_pck(fp54_t c, fp54_t a); +void fp54_pck(fp54_t c, const fp54_t a); /** * Decompresses a 54-extension field element. @@ -4698,6 +4680,6 @@ void fp54_pck(fp54_t c, fp54_t a); * @param[in] a - the 54-extension field element to decompress. * @return if the decompression was successful */ -int fp54_upk(fp54_t c, fp54_t a); +int fp54_upk(fp54_t c, const fp54_t a); #endif /* !RLC_FPX_H */ diff --git a/include/relic_label.h b/include/relic_label.h index ad49212f8..1591c5ecf 100644 --- a/include/relic_label.h +++ b/include/relic_label.h @@ -1,6 +1,6 @@ /* * RELIC is an Efficient LIbrary for Cryptography - * Copyright (c) 2013 RELIC Authors + * Copyright (c) 2021 RELIC Authors * * This file is part of RELIC. RELIC is legal property of its developers, * whose names are not listed here. Please refer to the COPYRIGHT file @@ -81,6 +81,7 @@ #undef bench_after #undef bench_compute #undef bench_print +#undef bench_total #define bench_init RLC_PREFIX(bench_init) #define bench_clean RLC_PREFIX(bench_clean) @@ -90,6 +91,7 @@ #define bench_after RLC_PREFIX(bench_after) #define bench_compute RLC_PREFIX(bench_compute) #define bench_print RLC_PREFIX(bench_print) +#define bench_total RLC_PREFIX(bench_total) #undef err_simple_msg #undef err_full_msg @@ -105,12 +107,14 @@ #undef rand_clean #undef rand_seed #undef rand_seed +#undef rand_check #undef rand_bytes #define rand_init RLC_PREFIX(rand_init) #define rand_clean RLC_PREFIX(rand_clean) #define rand_seed RLC_PREFIX(rand_seed) #define rand_seed RLC_PREFIX(rand_seed) +#define rand_check RLC_PREFIX(rand_check) #define rand_bytes RLC_PREFIX(rand_bytes) #undef test_fail @@ -125,6 +129,7 @@ #undef util_conv_char #undef util_bits_dig #undef util_cmp_const +#undef util_perm #undef util_printf #undef util_print_dig @@ -134,6 +139,7 @@ #define util_conv_char RLC_PREFIX(util_conv_char) #define util_bits_dig RLC_PREFIX(util_bits_dig) #define util_cmp_const RLC_PREFIX(util_cmp_const) +#define util_perm RLC_PREFIX(util_perm) #define util_printf RLC_PREFIX(util_printf) #define util_print_dig RLC_PREFIX(util_print_dig) @@ -227,6 +233,7 @@ #undef bn_div_dig #undef bn_div_rem_dig #undef bn_mod_inv +#undef bn_mod_inv_sim #undef bn_mod_2b #undef bn_mod_dig #undef bn_mod_basic @@ -243,14 +250,15 @@ #undef bn_mxp_slide #undef bn_mxp_monty #undef bn_mxp_dig +#undef bn_mxp_crt #undef bn_srt #undef bn_gcd_basic #undef bn_gcd_lehme -#undef bn_gcd_stein +#undef bn_gcd_binar #undef bn_gcd_dig #undef bn_gcd_ext_basic #undef bn_gcd_ext_lehme -#undef bn_gcd_ext_stein +#undef bn_gcd_ext_binar #undef bn_gcd_ext_mid #undef bn_gcd_ext_dig #undef bn_lcm @@ -264,6 +272,7 @@ #undef bn_gen_prime_basic #undef bn_gen_prime_safep #undef bn_gen_prime_stron +#undef bn_gen_prime_factor #undef bn_factor #undef bn_is_factor #undef bn_rec_win @@ -276,6 +285,9 @@ #undef bn_rec_reg #undef bn_rec_jsf #undef bn_rec_glv +#undef bn_rec_frb +#undef bn_lag +#undef bn_evl #define bn_make RLC_PREFIX(bn_make) #define bn_clean RLC_PREFIX(bn_clean) @@ -330,6 +342,7 @@ #define bn_div_dig RLC_PREFIX(bn_div_dig) #define bn_div_rem_dig RLC_PREFIX(bn_div_rem_dig) #define bn_mod_inv RLC_PREFIX(bn_mod_inv) +#define bn_mod_inv_sim RLC_PREFIX(bn_mod_inv_sim) #define bn_mod_2b RLC_PREFIX(bn_mod_2b) #define bn_mod_dig RLC_PREFIX(bn_mod_dig) #define bn_mod_basic RLC_PREFIX(bn_mod_basic) @@ -346,14 +359,15 @@ #define bn_mxp_slide RLC_PREFIX(bn_mxp_slide) #define bn_mxp_monty RLC_PREFIX(bn_mxp_monty) #define bn_mxp_dig RLC_PREFIX(bn_mxp_dig) +#define bn_mxp_crt RLC_PREFIX(bn_mxp_crt) #define bn_srt RLC_PREFIX(bn_srt) #define bn_gcd_basic RLC_PREFIX(bn_gcd_basic) #define bn_gcd_lehme RLC_PREFIX(bn_gcd_lehme) -#define bn_gcd_stein RLC_PREFIX(bn_gcd_stein) +#define bn_gcd_binar RLC_PREFIX(bn_gcd_binar) #define bn_gcd_dig RLC_PREFIX(bn_gcd_dig) #define bn_gcd_ext_basic RLC_PREFIX(bn_gcd_ext_basic) #define bn_gcd_ext_lehme RLC_PREFIX(bn_gcd_ext_lehme) -#define bn_gcd_ext_stein RLC_PREFIX(bn_gcd_ext_stein) +#define bn_gcd_ext_binar RLC_PREFIX(bn_gcd_ext_binar) #define bn_gcd_ext_mid RLC_PREFIX(bn_gcd_ext_mid) #define bn_gcd_ext_dig RLC_PREFIX(bn_gcd_ext_dig) #define bn_lcm RLC_PREFIX(bn_lcm) @@ -367,6 +381,7 @@ #define bn_gen_prime_basic RLC_PREFIX(bn_gen_prime_basic) #define bn_gen_prime_safep RLC_PREFIX(bn_gen_prime_safep) #define bn_gen_prime_stron RLC_PREFIX(bn_gen_prime_stron) +#define bn_gen_prime_factor RLC_PREFIX(bn_gen_prime_factor) #define bn_factor RLC_PREFIX(bn_factor) #define bn_is_factor RLC_PREFIX(bn_is_factor) #define bn_rec_win RLC_PREFIX(bn_rec_win) @@ -379,6 +394,9 @@ #define bn_rec_reg RLC_PREFIX(bn_rec_reg) #define bn_rec_jsf RLC_PREFIX(bn_rec_jsf) #define bn_rec_glv RLC_PREFIX(bn_rec_glv) +#define bn_rec_frb RLC_PREFIX(bn_rec_frb) +#define bn_lag RLC_PREFIX(bn_lag) +#define bn_evl RLC_PREFIX(bn_evl) #undef bn_add1_low #undef bn_addn_low @@ -390,8 +408,10 @@ #undef bn_lshb_low #undef bn_rsh1_low #undef bn_rshb_low +#undef bn_rshs_low #undef bn_mula_low #undef bn_mul1_low +#undef bn_muls_low #undef bn_muln_low #undef bn_muld_low #undef bn_sqra_low @@ -410,8 +430,10 @@ #define bn_lshb_low RLC_PREFIX(bn_lshb_low) #define bn_rsh1_low RLC_PREFIX(bn_rsh1_low) #define bn_rshb_low RLC_PREFIX(bn_rshb_low) +#define bn_rshs_low RLC_PREFIX(bn_rshs_low) #define bn_mula_low RLC_PREFIX(bn_mula_low) #define bn_mul1_low RLC_PREFIX(bn_mul1_low) +#define bn_muls_low RLC_PREFIX(bn_muls_low) #define bn_muln_low RLC_PREFIX(bn_muln_low) #define bn_muld_low RLC_PREFIX(bn_muld_low) #define bn_sqra_low RLC_PREFIX(bn_sqra_low) @@ -502,8 +524,14 @@ #undef fp_inv_monty #undef fp_inv_exgcd #undef fp_inv_divst +#undef fp_inv_jmpds #undef fp_inv_lower #undef fp_inv_sim +#undef fp_smb_basic +#undef fp_smb_binar +#undef fp_smb_divst +#undef fp_smb_jmpds +#undef fp_smb_lower #undef fp_exp_basic #undef fp_exp_slide #undef fp_exp_monty @@ -586,8 +614,14 @@ #define fp_inv_monty RLC_PREFIX(fp_inv_monty) #define fp_inv_exgcd RLC_PREFIX(fp_inv_exgcd) #define fp_inv_divst RLC_PREFIX(fp_inv_divst) +#define fp_inv_jmpds RLC_PREFIX(fp_inv_jmpds) #define fp_inv_lower RLC_PREFIX(fp_inv_lower) #define fp_inv_sim RLC_PREFIX(fp_inv_sim) +#define fp_smb_basic RLC_PREFIX(fp_smb_basic) +#define fp_smb_binar RLC_PREFIX(fp_smb_binar) +#define fp_smb_divst RLC_PREFIX(fp_smb_divst) +#define fp_smb_jmpds RLC_PREFIX(fp_smb_jmpds) +#define fp_smb_lower RLC_PREFIX(fp_smb_lower) #define fp_exp_basic RLC_PREFIX(fp_exp_basic) #define fp_exp_slide RLC_PREFIX(fp_exp_slide) #define fp_exp_monty RLC_PREFIX(fp_exp_monty) @@ -621,6 +655,7 @@ #undef fp_rdcs_low #undef fp_rdcn_low #undef fp_invm_low +#undef fp_smbm_low #define fp_add1_low RLC_PREFIX(fp_add1_low) #define fp_addn_low RLC_PREFIX(fp_addn_low) @@ -650,6 +685,7 @@ #define fp_rdcs_low RLC_PREFIX(fp_rdcs_low) #define fp_rdcn_low RLC_PREFIX(fp_rdcn_low) #define fp_invm_low RLC_PREFIX(fp_invm_low) +#define fp_smbm_low RLC_PREFIX(fp_smbm_low) #undef fp_st #undef fp_t @@ -937,13 +973,12 @@ #undef ep_mul_sim_dig #undef ep_norm #undef ep_norm_sim +#undef ep_map_from_field #undef ep_map #undef ep_map_dst -#undef ep_map_dst #undef ep_pck #undef ep_upk - multiplication function, #define ep_mul_basic RLC_PREFIX(ep_mul_basic) #define ep_curve_init RLC_PREFIX(ep_curve_init) #define ep_curve_clean RLC_PREFIX(ep_curve_clean) #define ep_curve_get_a RLC_PREFIX(ep_curve_get_a) @@ -1032,9 +1067,9 @@ #define ep_mul_sim_dig RLC_PREFIX(ep_mul_sim_dig) #define ep_norm RLC_PREFIX(ep_norm) #define ep_norm_sim RLC_PREFIX(ep_norm_sim) +#define ep_map_from_field RLC_PREFIX(ep_map_from_field) #define ep_map RLC_PREFIX(ep_map) #define ep_map_dst RLC_PREFIX(ep_map_dst) -#define ep_map_dst RLC_PREFIX(ep_map_dst) #define ep_pck RLC_PREFIX(ep_pck) #define ep_upk RLC_PREFIX(ep_upk) @@ -1096,6 +1131,7 @@ #undef ed_mul_sim_trick #undef ed_mul_sim_inter #undef ed_mul_sim_joint +#undef ed_mul_sim_lot #undef ed_mul_sim_gen #undef ed_tab #undef ed_print @@ -1164,6 +1200,7 @@ #define ed_mul_sim_trick RLC_PREFIX(ed_mul_sim_trick) #define ed_mul_sim_inter RLC_PREFIX(ed_mul_sim_inter) #define ed_mul_sim_joint RLC_PREFIX(ed_mul_sim_joint) +#define ed_mul_sim_lot RLC_PREFIX(ed_mul_sim_lot) #define ed_mul_sim_gen RLC_PREFIX(ed_mul_sim_gen) #define ed_tab RLC_PREFIX(ed_tab) #define ed_print RLC_PREFIX(ed_print) @@ -1366,7 +1403,7 @@ #undef ep2_add_basic #undef ep2_add_slp_basic #undef ep2_add_projc - #undef ep2_sub +#undef ep2_sub #undef ep2_dbl_basic #undef ep2_dbl_slp_basic #undef ep2_dbl_projc @@ -1399,6 +1436,7 @@ #undef ep2_mul_sim_dig #undef ep2_norm #undef ep2_norm_sim +#undef ep2_map_from_field #undef ep2_map #undef ep2_map_dst #undef ep2_frb @@ -1438,7 +1476,7 @@ #define ep2_add_basic RLC_PREFIX(ep2_add_basic) #define ep2_add_slp_basic RLC_PREFIX(ep2_add_slp_basic) #define ep2_add_projc RLC_PREFIX(ep2_add_projc) - #define ep2_sub RLC_PREFIX(ep2_sub) +#define ep2_sub RLC_PREFIX(ep2_sub) #define ep2_dbl_basic RLC_PREFIX(ep2_dbl_basic) #define ep2_dbl_slp_basic RLC_PREFIX(ep2_dbl_slp_basic) #define ep2_dbl_projc RLC_PREFIX(ep2_dbl_projc) @@ -1471,12 +1509,158 @@ #define ep2_mul_sim_dig RLC_PREFIX(ep2_mul_sim_dig) #define ep2_norm RLC_PREFIX(ep2_norm) #define ep2_norm_sim RLC_PREFIX(ep2_norm_sim) +#define ep2_map_from_field RLC_PREFIX(ep2_map_from_field) #define ep2_map RLC_PREFIX(ep2_map) #define ep2_map_dst RLC_PREFIX(ep2_map_dst) #define ep2_frb RLC_PREFIX(ep2_frb) #define ep2_pck RLC_PREFIX(ep2_pck) #define ep2_upk RLC_PREFIX(ep2_upk) +#undef ep4_st +#undef ep4_t +#define ep4_st RLC_PREFIX(ep4_st) +#define ep4_t RLC_PREFIX(ep4_t) + +#undef ep4_curve_init +#undef ep4_curve_clean +#undef ep4_curve_get_a +#undef ep4_curve_get_b +#undef ep4_curve_get_vs +#undef ep4_curve_opt_a +#undef ep4_curve_opt_b +#undef ep4_curve_is_twist +#undef ep4_curve_get_gen +#undef ep4_curve_get_tab +#undef ep4_curve_get_ord +#undef ep4_curve_get_cof +#undef ep4_curve_set +#undef ep4_curve_set_twist +#undef ep4_is_infty +#undef ep4_set_infty +#undef ep4_copy +#undef ep4_cmp +#undef ep4_rand +#undef ep4_blind +#undef ep4_rhs +#undef ep4_on_curve +#undef ep4_tab +#undef ep4_print +#undef ep4_size_bin +#undef ep4_read_bin +#undef ep4_write_bin +#undef ep4_neg +#undef ep4_add_basic +#undef ep4_add_slp_basic +#undef ep4_add_projc +#undef ep4_sub +#undef ep4_dbl_basic +#undef ep4_dbl_slp_basic +#undef ep4_dbl_projc +#undef ep4_mul_basic +#undef ep4_mul_slide +#undef ep4_mul_monty +#undef ep4_mul_lwnaf +#undef ep4_mul_lwreg +#undef ep4_mul_gen +#undef ep4_mul_dig +#undef ep4_mul_cof +#undef ep4_mul_pre_basic +#undef ep4_mul_pre_yaowi +#undef ep4_mul_pre_nafwi +#undef ep4_mul_pre_combs +#undef ep4_mul_pre_combd +#undef ep4_mul_pre_lwnaf +#undef ep4_mul_fix_basic +#undef ep4_mul_fix_yaowi +#undef ep4_mul_fix_nafwi +#undef ep4_mul_fix_combs +#undef ep4_mul_fix_combd +#undef ep4_mul_fix_lwnaf +#undef ep4_mul_sim_basic +#undef ep4_mul_sim_trick +#undef ep4_mul_sim_inter +#undef ep4_mul_sim_joint +#undef ep4_mul_sim_lot +#undef ep4_mul_sim_gen +#undef ep4_mul_sim_dig +#undef ep4_norm +#undef ep4_norm_sim +#undef ep4_map +#undef ep4_map_dst +#undef ep4_frb +#undef ep4_pck +#undef ep4_upk + +#define ep4_curve_init RLC_PREFIX(ep4_curve_init) +#define ep4_curve_clean RLC_PREFIX(ep4_curve_clean) +#define ep4_curve_get_a RLC_PREFIX(ep4_curve_get_a) +#define ep4_curve_get_b RLC_PREFIX(ep4_curve_get_b) +#define ep4_curve_get_vs RLC_PREFIX(ep4_curve_get_vs) +#define ep4_curve_opt_a RLC_PREFIX(ep4_curve_opt_a) +#define ep4_curve_opt_b RLC_PREFIX(ep4_curve_opt_b) +#define ep4_curve_is_twist RLC_PREFIX(ep4_curve_is_twist) +#define ep4_curve_get_gen RLC_PREFIX(ep4_curve_get_gen) +#define ep4_curve_get_tab RLC_PREFIX(ep4_curve_get_tab) +#define ep4_curve_get_ord RLC_PREFIX(ep4_curve_get_ord) +#define ep4_curve_get_cof RLC_PREFIX(ep4_curve_get_cof) +#define ep4_curve_set RLC_PREFIX(ep4_curve_set) +#define ep4_curve_set_twist RLC_PREFIX(ep4_curve_set_twist) +#define ep4_is_infty RLC_PREFIX(ep4_is_infty) +#define ep4_set_infty RLC_PREFIX(ep4_set_infty) +#define ep4_copy RLC_PREFIX(ep4_copy) +#define ep4_cmp RLC_PREFIX(ep4_cmp) +#define ep4_rand RLC_PREFIX(ep4_rand) +#define ep4_blind RLC_PREFIX(ep4_blind) +#define ep4_rhs RLC_PREFIX(ep4_rhs) +#define ep4_on_curve RLC_PREFIX(ep4_on_curve) +#define ep4_tab RLC_PREFIX(ep4_tab) +#define ep4_print RLC_PREFIX(ep4_print) +#define ep4_size_bin RLC_PREFIX(ep4_size_bin) +#define ep4_read_bin RLC_PREFIX(ep4_read_bin) +#define ep4_write_bin RLC_PREFIX(ep4_write_bin) +#define ep4_neg RLC_PREFIX(ep4_neg) +#define ep4_add_basic RLC_PREFIX(ep4_add_basic) +#define ep4_add_slp_basic RLC_PREFIX(ep4_add_slp_basic) +#define ep4_add_projc RLC_PREFIX(ep4_add_projc) +#define ep4_sub RLC_PREFIX(ep4_sub) +#define ep4_dbl_basic RLC_PREFIX(ep4_dbl_basic) +#define ep4_dbl_slp_basic RLC_PREFIX(ep4_dbl_slp_basic) +#define ep4_dbl_projc RLC_PREFIX(ep4_dbl_projc) +#define ep4_mul_basic RLC_PREFIX(ep4_mul_basic) +#define ep4_mul_slide RLC_PREFIX(ep4_mul_slide) +#define ep4_mul_monty RLC_PREFIX(ep4_mul_monty) +#define ep4_mul_lwnaf RLC_PREFIX(ep4_mul_lwnaf) +#define ep4_mul_lwreg RLC_PREFIX(ep4_mul_lwreg) +#define ep4_mul_gen RLC_PREFIX(ep4_mul_gen) +#define ep4_mul_dig RLC_PREFIX(ep4_mul_dig) +#define ep4_mul_cof RLC_PREFIX(ep4_mul_cof) +#define ep4_mul_pre_basic RLC_PREFIX(ep4_mul_pre_basic) +#define ep4_mul_pre_yaowi RLC_PREFIX(ep4_mul_pre_yaowi) +#define ep4_mul_pre_nafwi RLC_PREFIX(ep4_mul_pre_nafwi) +#define ep4_mul_pre_combs RLC_PREFIX(ep4_mul_pre_combs) +#define ep4_mul_pre_combd RLC_PREFIX(ep4_mul_pre_combd) +#define ep4_mul_pre_lwnaf RLC_PREFIX(ep4_mul_pre_lwnaf) +#define ep4_mul_fix_basic RLC_PREFIX(ep4_mul_fix_basic) +#define ep4_mul_fix_yaowi RLC_PREFIX(ep4_mul_fix_yaowi) +#define ep4_mul_fix_nafwi RLC_PREFIX(ep4_mul_fix_nafwi) +#define ep4_mul_fix_combs RLC_PREFIX(ep4_mul_fix_combs) +#define ep4_mul_fix_combd RLC_PREFIX(ep4_mul_fix_combd) +#define ep4_mul_fix_lwnaf RLC_PREFIX(ep4_mul_fix_lwnaf) +#define ep4_mul_sim_basic RLC_PREFIX(ep4_mul_sim_basic) +#define ep4_mul_sim_trick RLC_PREFIX(ep4_mul_sim_trick) +#define ep4_mul_sim_inter RLC_PREFIX(ep4_mul_sim_inter) +#define ep4_mul_sim_joint RLC_PREFIX(ep4_mul_sim_joint) +#define ep4_mul_sim_lot RLC_PREFIX(ep4_mul_sim_lot) +#define ep4_mul_sim_gen RLC_PREFIX(ep4_mul_sim_gen) +#define ep4_mul_sim_dig RLC_PREFIX(ep4_mul_sim_dig) +#define ep4_norm RLC_PREFIX(ep4_norm) +#define ep4_norm_sim RLC_PREFIX(ep4_norm_sim) +#define ep4_map RLC_PREFIX(ep4_map) +#define ep4_map_dst RLC_PREFIX(ep4_map_dst) +#define ep4_frb RLC_PREFIX(ep4_frb) +#define ep4_pck RLC_PREFIX(ep4_pck) +#define ep4_upk RLC_PREFIX(ep4_upk) + #undef fp2_st #undef fp2_t #undef dv2_t @@ -1642,7 +1826,6 @@ #undef fp2_norh_low #undef fp2_nord_low #undef fp2_muln_low -#undef fp2_mulc_low #undef fp2_mulm_low #undef fp2_sqrn_low #undef fp2_sqrm_low @@ -1662,7 +1845,6 @@ #define fp2_norh_low RLC_PREFIX(fp2_norh_low) #define fp2_nord_low RLC_PREFIX(fp2_nord_low) #define fp2_muln_low RLC_PREFIX(fp2_muln_low) -#define fp2_mulc_low RLC_PREFIX(fp2_mulc_low) #define fp2_mulm_low RLC_PREFIX(fp2_mulm_low) #define fp2_sqrn_low RLC_PREFIX(fp2_sqrn_low) #define fp2_sqrm_low RLC_PREFIX(fp2_sqrm_low) @@ -1766,6 +1948,7 @@ #define fp3_sqrm_low RLC_PREFIX(fp3_sqrm_low) #define fp3_rdcn_low RLC_PREFIX(fp3_rdcn_low) +#undef fp4_field_init #undef fp4_copy #undef fp4_zero #undef fp4_is_zero @@ -1785,15 +1968,19 @@ #undef fp4_mul_basic #undef fp4_mul_lazyr #undef fp4_mul_art +#undef fp4_mul_frb #undef fp4_mul_dxs #undef fp4_sqr_unr #undef fp4_sqr_basic #undef fp4_sqr_lazyr #undef fp4_inv +#undef fp4_inv_sim #undef fp4_inv_cyc #undef fp4_exp #undef fp4_frb +#undef fp4_srt +#define fp4_field_init RLC_PREFIX(fp4_field_init) #define fp4_copy RLC_PREFIX(fp4_copy) #define fp4_zero RLC_PREFIX(fp4_zero) #define fp4_is_zero RLC_PREFIX(fp4_is_zero) @@ -1813,14 +2000,17 @@ #define fp4_mul_basic RLC_PREFIX(fp4_mul_basic) #define fp4_mul_lazyr RLC_PREFIX(fp4_mul_lazyr) #define fp4_mul_art RLC_PREFIX(fp4_mul_art) +#define fp4_mul_frb RLC_PREFIX(fp4_mul_frb) #define fp4_mul_dxs RLC_PREFIX(fp4_mul_dxs) #define fp4_sqr_unr RLC_PREFIX(fp4_sqr_unr) #define fp4_sqr_basic RLC_PREFIX(fp4_sqr_basic) #define fp4_sqr_lazyr RLC_PREFIX(fp4_sqr_lazyr) #define fp4_inv RLC_PREFIX(fp4_inv) +#define fp4_inv_sim RLC_PREFIX(fp4_inv_sim) #define fp4_inv_cyc RLC_PREFIX(fp4_inv_cyc) #define fp4_exp RLC_PREFIX(fp4_exp) #define fp4_frb RLC_PREFIX(fp4_frb) +#define fp4_srt RLC_PREFIX(fp4_srt) #undef fp6_copy #undef fp6_zero @@ -2171,9 +2361,24 @@ #undef fp24_sqr_unr #undef fp24_sqr_basic #undef fp24_sqr_lazyr +#undef fp24_sqr_cyc_basic +#undef fp24_sqr_cyc_lazyr +#undef fp24_sqr_pck_basic +#undef fp24_sqr_pck_lazyr +#undef fp24_test_cyc +#undef fp24_conv_cyc +#undef fp24_back_cyc +#undef fp24_back_cyc_sim #undef fp24_inv +#undef fp24_inv_cyc #undef fp24_frb #undef fp24_exp +#undef fp24_exp_dig +#undef fp24_exp_cyc +#undef fp24_exp_cyc_sim +#undef fp24_exp_cyc_sps +#undef fp24_pck +#undef fp24_upk #define fp24_copy RLC_PREFIX(fp24_copy) #define fp24_zero RLC_PREFIX(fp24_zero) @@ -2198,9 +2403,24 @@ #define fp24_sqr_unr RLC_PREFIX(fp24_sqr_unr) #define fp24_sqr_basic RLC_PREFIX(fp24_sqr_basic) #define fp24_sqr_lazyr RLC_PREFIX(fp24_sqr_lazyr) +#define fp24_sqr_cyc_basic RLC_PREFIX(fp24_sqr_cyc_basic) +#define fp24_sqr_cyc_lazyr RLC_PREFIX(fp24_sqr_cyc_lazyr) +#define fp24_sqr_pck_basic RLC_PREFIX(fp24_sqr_pck_basic) +#define fp24_sqr_pck_lazyr RLC_PREFIX(fp24_sqr_pck_lazyr) +#define fp24_test_cyc RLC_PREFIX(fp24_test_cyc) +#define fp24_conv_cyc RLC_PREFIX(fp24_conv_cyc) +#define fp24_back_cyc RLC_PREFIX(fp24_back_cyc) +#define fp24_back_cyc_sim RLC_PREFIX(fp24_back_cyc_sim) #define fp24_inv RLC_PREFIX(fp24_inv) +#define fp24_inv_cyc RLC_PREFIX(fp24_inv_cyc) #define fp24_frb RLC_PREFIX(fp24_frb) #define fp24_exp RLC_PREFIX(fp24_exp) +#define fp24_exp_dig RLC_PREFIX(fp24_exp_dig) +#define fp24_exp_cyc RLC_PREFIX(fp24_exp_cyc) +#define fp24_exp_cyc_sim RLC_PREFIX(fp24_exp_cyc_sim) +#define fp24_exp_cyc_sps RLC_PREFIX(fp24_exp_cyc_sps) +#define fp24_pck RLC_PREFIX(fp24_pck) +#define fp24_upk RLC_PREFIX(fp24_upk) #undef fp48_copy #undef fp48_zero @@ -2233,7 +2453,6 @@ #undef fp48_back_cyc_sim #undef fp48_inv #undef fp48_inv_cyc -#undef fp48_conv_cyc #undef fp48_frb #undef fp48_exp #undef fp48_exp_dig @@ -2273,7 +2492,6 @@ #define fp48_back_cyc_sim RLC_PREFIX(fp48_back_cyc_sim) #define fp48_inv RLC_PREFIX(fp48_inv) #define fp48_inv_cyc RLC_PREFIX(fp48_inv_cyc) -#define fp48_conv_cyc RLC_PREFIX(fp48_conv_cyc) #define fp48_frb RLC_PREFIX(fp48_frb) #define fp48_exp RLC_PREFIX(fp48_exp) #define fp48_exp_dig RLC_PREFIX(fp48_exp_dig) @@ -2313,7 +2531,6 @@ #undef fp54_back_cyc_sim #undef fp54_inv #undef fp54_inv_cyc -#undef fp54_conv_cyc #undef fp54_frb #undef fp54_exp #undef fp54_exp_dig @@ -2353,7 +2570,6 @@ #define fp54_back_cyc_sim RLC_PREFIX(fp54_back_cyc_sim) #define fp54_inv RLC_PREFIX(fp54_inv) #define fp54_inv_cyc RLC_PREFIX(fp54_inv_cyc) -#define fp54_conv_cyc RLC_PREFIX(fp54_conv_cyc) #define fp54_frb RLC_PREFIX(fp54_frb) #define fp54_exp RLC_PREFIX(fp54_exp) #define fp54_exp_dig RLC_PREFIX(fp54_exp_dig) @@ -2388,6 +2604,8 @@ #undef pp_add_k12_projc_basic #undef pp_add_k12_projc_lazyr #undef pp_add_lit_k12 +#undef pp_add_k24_basic +#undef pp_add_k24_projc #undef pp_add_k48_basic #undef pp_add_k48_projc #undef pp_add_k54_basic @@ -2401,6 +2619,8 @@ #undef pp_dbl_k12_basic #undef pp_dbl_k12_projc_basic #undef pp_dbl_k12_projc_lazyr +#undef pp_dbl_k24_basic +#undef pp_dbl_k24_projc #undef pp_dbl_k48_basic #undef pp_dbl_k48_projc #undef pp_dbl_k54_basic @@ -2409,11 +2629,13 @@ #undef pp_exp_k2 #undef pp_exp_k8 #undef pp_exp_k12 +#undef pp_exp_k24 #undef pp_exp_k48 #undef pp_exp_k54 #undef pp_norm_k2 #undef pp_norm_k8 #undef pp_norm_k12 +#undef pp_norm_k24 #undef pp_map_tatep_k2 #undef pp_map_sim_tatep_k2 #undef pp_map_weilp_k2 @@ -2425,6 +2647,8 @@ #undef pp_map_sim_weilp_k12 #undef pp_map_oatep_k12 #undef pp_map_sim_oatep_k12 +#undef pp_map_k24 +#undef pp_map_sim_k24 #undef pp_map_k48 #undef pp_map_k54 @@ -2440,6 +2664,8 @@ #define pp_add_k12_projc_basic RLC_PREFIX(pp_add_k12_projc_basic) #define pp_add_k12_projc_lazyr RLC_PREFIX(pp_add_k12_projc_lazyr) #define pp_add_lit_k12 RLC_PREFIX(pp_add_lit_k12) +#define pp_add_k24_basic RLC_PREFIX(pp_add_k24_basic) +#define pp_add_k24_projc RLC_PREFIX(pp_add_k24_projc) #define pp_add_k48_basic RLC_PREFIX(pp_add_k48_basic) #define pp_add_k48_projc RLC_PREFIX(pp_add_k48_projc) #define pp_add_k54_basic RLC_PREFIX(pp_add_k54_basic) @@ -2453,6 +2679,8 @@ #define pp_dbl_k12_basic RLC_PREFIX(pp_dbl_k12_basic) #define pp_dbl_k12_projc_basic RLC_PREFIX(pp_dbl_k12_projc_basic) #define pp_dbl_k12_projc_lazyr RLC_PREFIX(pp_dbl_k12_projc_lazyr) +#define pp_dbl_k24_basic RLC_PREFIX(pp_dbl_k24_basic) +#define pp_dbl_k24_projc RLC_PREFIX(pp_dbl_k24_projc) #define pp_dbl_k48_basic RLC_PREFIX(pp_dbl_k48_basic) #define pp_dbl_k48_projc RLC_PREFIX(pp_dbl_k48_projc) #define pp_dbl_k54_basic RLC_PREFIX(pp_dbl_k54_basic) @@ -2461,11 +2689,13 @@ #define pp_exp_k2 RLC_PREFIX(pp_exp_k2) #define pp_exp_k8 RLC_PREFIX(pp_exp_k8) #define pp_exp_k12 RLC_PREFIX(pp_exp_k12) +#define pp_exp_k24 RLC_PREFIX(pp_exp_k24) #define pp_exp_k48 RLC_PREFIX(pp_exp_k48) #define pp_exp_k54 RLC_PREFIX(pp_exp_k54) #define pp_norm_k2 RLC_PREFIX(pp_norm_k2) #define pp_norm_k8 RLC_PREFIX(pp_norm_k8) #define pp_norm_k12 RLC_PREFIX(pp_norm_k12) +#define pp_norm_k24 RLC_PREFIX(pp_norm_k24) #define pp_map_tatep_k2 RLC_PREFIX(pp_map_tatep_k2) #define pp_map_sim_tatep_k2 RLC_PREFIX(pp_map_sim_tatep_k2) #define pp_map_weilp_k2 RLC_PREFIX(pp_map_weilp_k2) @@ -2477,17 +2707,41 @@ #define pp_map_sim_weilp_k12 RLC_PREFIX(pp_map_sim_weilp_k12) #define pp_map_oatep_k12 RLC_PREFIX(pp_map_oatep_k12) #define pp_map_sim_oatep_k12 RLC_PREFIX(pp_map_sim_oatep_k12) +#define pp_map_k24 RLC_PREFIX(pp_map_k24) +#define pp_map_sim_k24 RLC_PREFIX(pp_map_sim_k24) #define pp_map_k48 RLC_PREFIX(pp_map_k48) #define pp_map_k54 RLC_PREFIX(pp_map_k54) +#undef pc_core_init +#undef pc_core_calc +#undef pc_core_clean + +#define pc_core_init RLC_PREFIX(pc_core_init) +#define pc_core_calc RLC_PREFIX(pc_core_calc) +#define pc_core_clean RLC_PREFIX(pc_core_clean) + +#undef mpc_mt_gen +#undef mpc_mt_lcl +#undef mpc_mt_bct +#undef mpc_mt_mul +#undef mpc_sss_gen +#undef mpc_sss_key + +#define mpc_mt_gen RLC_PREFIX(mpc_mt_gen) +#define mpc_mt_lcl RLC_PREFIX(mpc_mt_lcl) +#define mpc_mt_bct RLC_PREFIX(mpc_mt_bct) +#define mpc_mt_mul RLC_PREFIX(mpc_mt_mul) +#define mpc_sss_gen RLC_PREFIX(mpc_sss_gen) +#define mpc_sss_key RLC_PREFIX(mpc_sss_key) + #undef crt_t #undef rsa_t #undef rabin_t #undef phpe_t #undef bdpe_t #undef sokaka_t -#define crt_t RLC_PREFIX(crt_t) -#define rsa_t RLC_PREFIX(rsa_t) +#define crt_t RLC_PREFIX(crt_t) +#define rsa_t RLC_PREFIX(rsa_t) #define rabin_t RLC_PREFIX(rabin_t) #define phpe_t RLC_PREFIX(phpe_t) #define bdpe_t RLC_PREFIX(bdpe_t) @@ -2506,7 +2760,12 @@ #undef cp_bdpe_dec #undef cp_phpe_gen #undef cp_phpe_enc +#undef cp_phpe_add #undef cp_phpe_dec +#undef cp_shpe_gen +#undef cp_shpe_enc +#undef cp_shpe_enc_prv +#undef cp_shpe_dec #undef cp_ghpe_gen #undef cp_ghpe_enc #undef cp_ghpe_dec @@ -2523,6 +2782,22 @@ #undef cp_ecss_gen #undef cp_ecss_sig #undef cp_ecss_ver +#undef cp_pdpub_gen +#undef cp_pdpub_ask +#undef cp_pdpub_ans +#undef cp_pdpub_ver +#undef cp_pdprv_gen +#undef cp_pdprv_ask +#undef cp_pdprv_ans +#undef cp_pdprv_ver +#undef cp_lvpub_gen +#undef cp_lvpub_ask +#undef cp_lvpub_ans +#undef cp_lvpub_ver +#undef cp_lvprv_gen +#undef cp_lvprv_ask +#undef cp_lvprv_ans +#undef cp_lvprv_ver #undef cp_sokaka_gen #undef cp_sokaka_gen_prv #undef cp_sokaka_key @@ -2574,6 +2849,26 @@ #undef cp_vbnn_gen_prv #undef cp_vbnn_sig #undef cp_vbnn_ver +#undef cp_pokdl_prv +#undef cp_pokdl_ver +#undef cp_pokor_prv +#undef cp_pokor_ver +#undef cp_sokdl_sig +#undef cp_sokdl_ver +#undef cp_sokor_sig +#undef cp_sokor_ver +#undef cp_ers_gen +#undef cp_ers_gen_key +#undef cp_ers_sig +#undef cp_ers_ver +#undef cp_ers_ext +#undef cp_smlers_sig +#undef cp_smlers_ver +#undef cp_smlers_ext +#undef cp_etrs_sig +#undef cp_etrs_ver +#undef cp_etrs_ext +#undef cp_etrs_uni #undef cp_cmlhs_init #undef cp_cmlhs_gen #undef cp_cmlhs_sig @@ -2589,6 +2884,18 @@ #undef cp_mklhs_ver #undef cp_mklhs_off #undef cp_mklhs_onv +#undef cp_rsapsi_gen +#undef cp_rsapsi_ask +#undef cp_rsapsi_ans +#undef cp_rsapsi_int +#undef cp_shipsi_gen +#undef cp_shipsi_ask +#undef cp_shipsi_ans +#undef cp_shipsi_int +#undef cp_pbpsi_gen +#undef cp_pbpsi_ask +#undef cp_pbpsi_ans +#undef cp_pbpsi_int #define cp_rsa_gen RLC_PREFIX(cp_rsa_gen) #define cp_rsa_enc RLC_PREFIX(cp_rsa_enc) @@ -2603,7 +2910,12 @@ #define cp_bdpe_dec RLC_PREFIX(cp_bdpe_dec) #define cp_phpe_gen RLC_PREFIX(cp_phpe_gen) #define cp_phpe_enc RLC_PREFIX(cp_phpe_enc) +#define cp_phpe_add RLC_PREFIX(cp_phpe_add) #define cp_phpe_dec RLC_PREFIX(cp_phpe_dec) +#define cp_shpe_gen RLC_PREFIX(cp_shpe_gen) +#define cp_shpe_enc RLC_PREFIX(cp_shpe_enc) +#define cp_shpe_enc_prv RLC_PREFIX(cp_shpe_enc_prv) +#define cp_shpe_dec RLC_PREFIX(cp_shpe_dec) #define cp_ghpe_gen RLC_PREFIX(cp_ghpe_gen) #define cp_ghpe_enc RLC_PREFIX(cp_ghpe_enc) #define cp_ghpe_dec RLC_PREFIX(cp_ghpe_dec) @@ -2620,6 +2932,22 @@ #define cp_ecss_gen RLC_PREFIX(cp_ecss_gen) #define cp_ecss_sig RLC_PREFIX(cp_ecss_sig) #define cp_ecss_ver RLC_PREFIX(cp_ecss_ver) +#define cp_pdpub_gen RLC_PREFIX(cp_pdpub_gen) +#define cp_pdpub_ask RLC_PREFIX(cp_pdpub_ask) +#define cp_pdpub_ans RLC_PREFIX(cp_pdpub_ans) +#define cp_pdpub_ver RLC_PREFIX(cp_pdpub_ver) +#define cp_pdprv_gen RLC_PREFIX(cp_pdprv_gen) +#define cp_pdprv_ask RLC_PREFIX(cp_pdprv_ask) +#define cp_pdprv_ans RLC_PREFIX(cp_pdprv_ans) +#define cp_pdprv_ver RLC_PREFIX(cp_pdprv_ver) +#define cp_lvpub_gen RLC_PREFIX(cp_lvpub_gen) +#define cp_lvpub_ask RLC_PREFIX(cp_lvpub_ask) +#define cp_lvpub_ans RLC_PREFIX(cp_lvpub_ans) +#define cp_lvpub_ver RLC_PREFIX(cp_lvpub_ver) +#define cp_lvprv_gen RLC_PREFIX(cp_lvprv_gen) +#define cp_lvprv_ask RLC_PREFIX(cp_lvprv_ask) +#define cp_lvprv_ans RLC_PREFIX(cp_lvprv_ans) +#define cp_lvprv_ver RLC_PREFIX(cp_lvprv_ver) #define cp_sokaka_gen RLC_PREFIX(cp_sokaka_gen) #define cp_sokaka_gen_prv RLC_PREFIX(cp_sokaka_gen_prv) #define cp_sokaka_key RLC_PREFIX(cp_sokaka_key) @@ -2671,6 +2999,26 @@ #define cp_vbnn_gen_prv RLC_PREFIX(cp_vbnn_gen_prv) #define cp_vbnn_sig RLC_PREFIX(cp_vbnn_sig) #define cp_vbnn_ver RLC_PREFIX(cp_vbnn_ver) +#define cp_pokdl_prv RLC_PREFIX(cp_pokdl_prv) +#define cp_pokdl_ver RLC_PREFIX(cp_pokdl_ver) +#define cp_pokor_prv RLC_PREFIX(cp_pokor_prv) +#define cp_pokor_ver RLC_PREFIX(cp_pokor_ver) +#define cp_sokdl_sig RLC_PREFIX(cp_sokdl_sig) +#define cp_sokdl_ver RLC_PREFIX(cp_sokdl_ver) +#define cp_sokor_sig RLC_PREFIX(cp_sokor_sig) +#define cp_sokor_ver RLC_PREFIX(cp_sokor_ver) +#define cp_ers_gen RLC_PREFIX(cp_ers_gen) +#define cp_ers_gen_key RLC_PREFIX(cp_ers_gen_key) +#define cp_ers_sig RLC_PREFIX(cp_ers_sig) +#define cp_ers_ver RLC_PREFIX(cp_ers_ver) +#define cp_ers_ext RLC_PREFIX(cp_ers_ext) +#define cp_smlers_sig RLC_PREFIX(cp_smlers_sig) +#define cp_smlers_ver RLC_PREFIX(cp_smlers_ver) +#define cp_smlers_ext RLC_PREFIX(cp_smlers_ext) +#define cp_etrs_sig RLC_PREFIX(cp_etrs_sig) +#define cp_etrs_ver RLC_PREFIX(cp_etrs_ver) +#define cp_etrs_ext RLC_PREFIX(cp_etrs_ext) +#define cp_etrs_uni RLC_PREFIX(cp_etrs_uni) #define cp_cmlhs_init RLC_PREFIX(cp_cmlhs_init) #define cp_cmlhs_gen RLC_PREFIX(cp_cmlhs_gen) #define cp_cmlhs_sig RLC_PREFIX(cp_cmlhs_sig) @@ -2686,6 +3034,18 @@ #define cp_mklhs_ver RLC_PREFIX(cp_mklhs_ver) #define cp_mklhs_off RLC_PREFIX(cp_mklhs_off) #define cp_mklhs_onv RLC_PREFIX(cp_mklhs_onv) +#define cp_rsapsi_gen RLC_PREFIX(cp_rsapsi_gen) +#define cp_rsapsi_ask RLC_PREFIX(cp_rsapsi_ask) +#define cp_rsapsi_ans RLC_PREFIX(cp_rsapsi_ans) +#define cp_rsapsi_int RLC_PREFIX(cp_rsapsi_int) +#define cp_shipsi_gen RLC_PREFIX(cp_shipsi_gen) +#define cp_shipsi_ask RLC_PREFIX(cp_shipsi_ask) +#define cp_shipsi_ans RLC_PREFIX(cp_shipsi_ans) +#define cp_shipsi_int RLC_PREFIX(cp_shipsi_int) +#define cp_pbpsi_gen RLC_PREFIX(cp_pbpsi_gen) +#define cp_pbpsi_ask RLC_PREFIX(cp_pbpsi_ask) +#define cp_pbpsi_ans RLC_PREFIX(cp_pbpsi_ans) +#define cp_pbpsi_int RLC_PREFIX(cp_pbpsi_int) #undef md_map_sh224 #undef md_map_sh256 diff --git a/include/relic_mpc.h b/include/relic_mpc.h index f25e401db..49bad0b5d 100644 --- a/include/relic_mpc.h +++ b/include/relic_mpc.h @@ -219,7 +219,7 @@ typedef pt_st *pt_t; * @param[out] tri - the multiplication triples to generate. * @param[in] order - the order. */ -void mt_gen(mt_t tri[2], bn_t order); +void mpc_mt_gen(mt_t tri[2], const bn_t order); /** * Performs the local work for a MPC multiplication. @@ -231,7 +231,8 @@ void mt_gen(mt_t tri[2], bn_t order); * @param[in] n - the order. * @param[in] tri - the multiplication triple. */ -void mt_mul_lcl(bn_t d, bn_t e, bn_t x, bn_t y, bn_t n, mt_t tri); +void mpc_mt_lcl(bn_t d, bn_t e, const bn_t x, const bn_t y, const bn_t n, + const mt_t tri); /** * Opens the public values in an MPC multiplication. @@ -240,7 +241,7 @@ void mt_mul_lcl(bn_t d, bn_t e, bn_t x, bn_t y, bn_t n, mt_t tri); * @param[out] e - the second public value. * @param[in] n - the order. */ -void mt_mul_bct(bn_t d[2], bn_t e[2], bn_t n); +void mpc_mt_bct(bn_t d[2], bn_t e[2], bn_t n); /** * Finishes an MPC multiplication by computing the multiplication result. @@ -252,7 +253,34 @@ void mt_mul_bct(bn_t d[2], bn_t e[2], bn_t n); * @param[in] tri - the multiplication triple. * @param[in] party - the party performing the computation. */ -void mt_mul_mpc(bn_t r, bn_t d, bn_t e, bn_t n, mt_t tri, int party); +void mpc_mt_mul(bn_t r, const bn_t d, const bn_t e, const bn_t n, + const mt_t tri, int party); + +/** + * Generates shares (x, y) of a secret key using a (k, n)-threshold Shamir's + * Secret Sharing over a given finite field. + * + * @param[out] x - the indexes of the parties receiving shares. + * @param[out] y - the evaluation points. + * @param[in] key - the secret to share. + * @param[in] order - the order of the finite field. + * @param[in] k - the threshold. + * @param[in] n - the number of parties. + */ +int mpc_sss_gen(bn_t *x, bn_t *y, const bn_t key, const bn_t order, + size_t k, size_t n); + +/** + * Recovers a secret key using a k shares (x, y) of over a given finite field. + * + * @param[in] key - the recovered secret. + * @param[in] x - the indexes of the parties contributing shares. + * @param[in] y - the evaluation points. + * @param[in] order - the order of the finite field. + * @param[in] k - the threshold. + */ +int mpc_sss_key(bn_t key, const bn_t *x, const bn_t *y, const bn_t order, + size_t k); /** * Performs the local work for a MPC scalar multiplication in G1. @@ -263,7 +291,7 @@ void mt_mul_mpc(bn_t r, bn_t d, bn_t e, bn_t n, mt_t tri, int party); * @param[in] p - the point to multiply. * @param[in] tri - the multiplication triple. */ -void g1_mul_lcl(bn_t d, g1_t q, bn_t x, g1_t p, mt_t tri); +void g1_mul_lcl(bn_t d, g1_t q, const bn_t x, const g1_t p, const mt_t tri); /** * Opens the public values in an MPC scalar multiplication in G1. @@ -283,7 +311,7 @@ void g1_mul_bct(bn_t d[2], g1_t q[2]); * @param[in] tri - the multiplication triple. * @param[in] party - the party performing the computation. */ -void g1_mul_mpc(g1_t r, bn_t d, g1_t q, mt_t tri, int party); +void g1_mul_mpc(g1_t r, const bn_t d, const g1_t q, const mt_t tri, int party); /** * Performs the local work for a MPC scalar multiplication in G2. @@ -294,7 +322,7 @@ void g1_mul_mpc(g1_t r, bn_t d, g1_t q, mt_t tri, int party); * @param[in] p - the point to multiply. * @param[in] tri - the multiplication triple. */ -void g2_mul_lcl(bn_t d, g2_t q, bn_t x, g2_t p, mt_t tri); +void g2_mul_lcl(bn_t d, g2_t q, const bn_t x, const g2_t p, const mt_t tri); /** * Opens the public values in an MPC scalar multiplication in G2. @@ -314,7 +342,7 @@ void g2_mul_bct(bn_t d[2], g2_t q[2]); * @param[in] tri - the multiplication triple. * @param[in] party - the party performing the computation. */ -void g2_mul_mpc(g2_t r, bn_t d, g2_t q, mt_t tri, int party); +void g2_mul_mpc(g2_t r, const bn_t d, const g2_t q, const mt_t tri, int party); /** * Performs the local work for a MPC scalar multiplication in G2. @@ -325,7 +353,7 @@ void g2_mul_mpc(g2_t r, bn_t d, g2_t q, mt_t tri, int party); * @param[in] p - the point to multiply. * @param[in] tri - the multiplication triple. */ -void gt_exp_lcl(bn_t d, gt_t q, bn_t x, gt_t p, mt_t tri); +void gt_exp_lcl(bn_t d, gt_t q, const bn_t x, const gt_t p, const mt_t tri); /** * Opens the public values in an MPC scalar multiplication in G2. @@ -345,7 +373,7 @@ void gt_exp_bct(bn_t d[2], gt_t q[2]); * @param[in] tri - the multiplication triple. * @param[in] party - the party performing the computation. */ -void gt_exp_mpc(gt_t r, bn_t d, gt_t q, mt_t tri, int party); +void gt_exp_mpc(gt_t r, const bn_t d, const gt_t q, const mt_t tri, int party); /** * Generates a pairing triple. @@ -363,7 +391,7 @@ void pc_map_tri(pt_t t[2]); * @param[in] q - the share of the second pairing argument. * @param[in] t - the pairing triple. */ -void pc_map_lcl(g1_t d, g2_t e, g1_t p, g2_t q, pt_t t); +void pc_map_lcl(g1_t d, g2_t e, const g1_t p, const g2_t q, const pt_t t); /** * Broadcasts the public values for pairing computation. @@ -377,11 +405,12 @@ void pc_map_bct(g1_t d[2], g2_t e[2]); * Computes a pairing using a pairing triple. * * @param[out] r - the pairing result. - * @param[in] d1 - the first public value. - * @param[in] d2 - the second public value. + * @param[in] d1 - the first public value. + * @param[in] d2 - the second public value. * @param[in] triple - the pairing triple. * @param[in] party - the number of the party executing the computation. */ -void pc_map_mpc(gt_t r, g1_t d1, g2_t d2, pt_t triple, int party); +void pc_map_mpc(gt_t r, const g1_t d1, const g2_t d2, const pt_t triple, + int party); #endif /* !RLC_MPC_H */ diff --git a/include/relic_multi.h b/include/relic_multi.h index 0e2b39609..8e5e68846 100644 --- a/include/relic_multi.h +++ b/include/relic_multi.h @@ -57,7 +57,11 @@ #if MULTI == PTHREAD #define rlc_thread __thread #else -#define rlc_thread /* */ +#if defined(_MSC_VER) +#define rlc_thread __declspec(thread) +#else +#define rlc_thread /* */ +#endif #endif /** @@ -67,15 +71,17 @@ /** * Active library context, only visible inside the library. */ -extern ctx_t first_ctx; +extern rlc_thread ctx_t first_ctx; /** * Pointer to active library context, only visible inside the library. */ -extern ctx_t *core_ctx; +extern rlc_thread ctx_t *core_ctx; +#if !defined(_MSC_VER) #pragma omp threadprivate(first_ctx, core_ctx) #endif +#endif #endif /* MULTI */ diff --git a/include/relic_pc.h b/include/relic_pc.h index 5c55b1055..085bd8f3b 100644 --- a/include/relic_pc.h +++ b/include/relic_pc.h @@ -58,7 +58,7 @@ #define RLC_G1_LOWER ep_ #define RLC_G1_UPPER EP -#if FP_PRIME == 509 +#if FP_PRIME == 315 || FP_PRIME == 317 || FP_PRIME == 509 #define RLC_G2_LOWER ep4_ #else #define RLC_G2_LOWER ep2_ @@ -66,7 +66,7 @@ #define RLC_G2_UPPER EP -#if FP_PRIME == 509 +#if FP_PRIME == 315 || FP_PRIME == 317 || FP_PRIME == 509 #define RLC_GT_LOWER fp24_ #else #define RLC_GT_LOWER fp12_ @@ -850,7 +850,7 @@ typedef RLC_CAT(RLC_GT_LOWER, t) gt_t; */ #if FP_PRIME < 1536 -#if FP_PRIME == 509 +#if FP_PRIME == 315 || FP_PRIME == 317 || FP_PRIME == 509 #define pc_map(R, P, Q); RLC_CAT(RLC_PC_LOWER, map_k24)(R, P, Q) #else #define pc_map(R, P, Q); RLC_CAT(RLC_PC_LOWER, map_k12)(R, P, Q) @@ -873,7 +873,7 @@ typedef RLC_CAT(RLC_GT_LOWER, t) gt_t; */ #if FP_PRIME < 1536 -#if FP_PRIME == 509 +#if FP_PRIME == 315 || FP_PRIME == 317 || FP_PRIME == 509 #define pc_map_sim(R, P, Q, M); RLC_CAT(RLC_PC_LOWER, map_sim_k24)(R, P, Q, M) #else #define pc_map_sim(R, P, Q, M); RLC_CAT(RLC_PC_LOWER, map_sim_k12)(R, P, Q, M) @@ -891,7 +891,7 @@ typedef RLC_CAT(RLC_GT_LOWER, t) gt_t; */ #if FP_PRIME < 1536 -#if FP_PRIME == 509 +#if FP_PRIME == 315 || FP_PRIME == 317 || FP_PRIME == 509 #define pc_exp(C, A); RLC_CAT(RLC_PC_LOWER, exp_k24)(C, A) #else #define pc_exp(C, A); RLC_CAT(RLC_PC_LOWER, exp_k12)(C, A) @@ -935,7 +935,7 @@ void gt_rand(gt_t a); * @param[in] p - the element to multiply. * @param[in] k - the integer. */ -void g1_mul(g1_t r, g1_t p, bn_t k); +void g1_mul(g1_t r, const g1_t p, const bn_t k); /** * Multiplies an element from G_2 by an integer. Computes R = [k]P. @@ -944,7 +944,7 @@ void g1_mul(g1_t r, g1_t p, bn_t k); * @param[in] p - the element to multiply. * @param[in] k - the integer. */ -void g2_mul(g2_t r, g2_t p, bn_t k); +void g2_mul(g2_t r, const g2_t p, const bn_t k); /** * Multiplies the generator of G_1 by an integer. @@ -952,7 +952,7 @@ void g2_mul(g2_t r, g2_t p, bn_t k); * @param[out] r - the result. * @param[in] k - the integer. */ -void g1_mul_gen(g1_t r, bn_t k); +void g1_mul_gen(g1_t r, const bn_t k); /** * Multiplies the generator of G_2 by an integer. @@ -960,7 +960,7 @@ void g1_mul_gen(g1_t r, bn_t k); * @param[out] r - the result. * @param[in] k - the integer. */ -void g2_mul_gen(g2_t r, bn_t k); +void g2_mul_gen(g2_t r, const bn_t k); /** * Exponentiates an element from G_T by an integer. Computes c = a^b. @@ -969,7 +969,7 @@ void g2_mul_gen(g2_t r, bn_t k); * @param[in] a - the element to exponentiate. * @param[in] b - the integer exponent. */ -void gt_exp(gt_t c, gt_t a, bn_t b); +void gt_exp(gt_t c, const gt_t a, const bn_t b); /** * Exponentiates an element from G_T by a small integer. Computes c = a^b. @@ -978,7 +978,7 @@ void gt_exp(gt_t c, gt_t a, bn_t b); * @param[in] a - the element to exponentiate. * @param[in] b - the integer exponent. */ -void gt_exp_dig(gt_t c, gt_t a, dig_t b); +void gt_exp_dig(gt_t c, const gt_t a, const dig_t b); /** * Exponentiates two element from G_T by integers simultaneously. Computes @@ -990,7 +990,7 @@ void gt_exp_dig(gt_t c, gt_t a, dig_t b); * @param[in] a - the second element to exponentiate. * @param[in] b - the second integer exponent. */ -void gt_exp_sim(gt_t e, gt_t a, bn_t b, gt_t c, bn_t d); +void gt_exp_sim(gt_t e, const gt_t a, const bn_t b, const gt_t c, const bn_t d); /** * Exponentiates a generator from G_T by an integer. Computes c = a^b. @@ -998,7 +998,7 @@ void gt_exp_sim(gt_t e, gt_t a, bn_t b, gt_t c, bn_t d); * @param[out] c - the result. * @param[in] b - the integer exponent. */ -void gt_exp_gen(gt_t c, bn_t b); +void gt_exp_gen(gt_t c, const bn_t b); /** * Returns the generator for the group G_T. @@ -1012,20 +1012,20 @@ void gt_get_gen(gt_t g); * * @param[in] a - the element to check. */ -int g1_is_valid(g1_t a); +int g1_is_valid(const g1_t a); /** * Checks if an element form G_2 is valid (has the right order). * * @param[in] a - the element to check. */ -int g2_is_valid(g2_t a); +int g2_is_valid(const g2_t a); /** * Checks if an element form G_T is valid (has the right order). * * @param[in] a - the element to check. */ -int gt_is_valid(gt_t a); +int gt_is_valid(const gt_t a); #endif /* !RLC_PC_H */ diff --git a/include/relic_pp.h b/include/relic_pp.h index 4baee4c32..4a7237cb1 100644 --- a/include/relic_pp.h +++ b/include/relic_pp.h @@ -409,7 +409,7 @@ void pp_map_clean(void); * @param[in] p - the second point to add. * @param[in] q - the affine point to evaluate the line function. */ -void pp_add_k2_basic(fp2_t l, ep_t r, ep_t p, ep_t q); +void pp_add_k2_basic(fp2_t l, ep_t r, const ep_t p, const ep_t q); /** * Adds two points and evaluates the corresponding line function at another @@ -421,7 +421,7 @@ void pp_add_k2_basic(fp2_t l, ep_t r, ep_t p, ep_t q); * @param[in] p - the second point to add. * @param[in] q - the affine point to evaluate the line function. */ -void pp_add_k2_projc_basic(fp2_t l, ep_t r, ep_t p, ep_t q); +void pp_add_k2_projc_basic(fp2_t l, ep_t r, const ep_t p, const ep_t q); /** * Adds two points and evaluates the corresponding line function at another @@ -433,7 +433,7 @@ void pp_add_k2_projc_basic(fp2_t l, ep_t r, ep_t p, ep_t q); * @param[in] p - the second point to add. * @param[in] q - the affine point to evaluate the line function. */ -void pp_add_k2_projc_lazyr(fp2_t l, ep_t r, ep_t p, ep_t q); +void pp_add_k2_projc_lazyr(fp2_t l, ep_t r, const ep_t p, const ep_t q); /** * Adds two points and evaluates the corresponding line function at another @@ -444,7 +444,7 @@ void pp_add_k2_projc_lazyr(fp2_t l, ep_t r, ep_t p, ep_t q); * @param[in] q - the second point to add. * @param[in] p - the affine point to evaluate the line function. */ -void pp_add_k8_basic(fp8_t l, ep2_t r, ep2_t q, ep_t p); +void pp_add_k8_basic(fp8_t l, ep2_t r, const ep2_t q, const ep_t p); /** * Adds two points and evaluates the corresponding line function at another @@ -456,7 +456,7 @@ void pp_add_k8_basic(fp8_t l, ep2_t r, ep2_t q, ep_t p); * @param[in] q - the second point to add. * @param[in] p - the affine point to evaluate the line function. */ -void pp_add_k8_projc_basic(fp8_t l, ep2_t r, ep2_t q, ep_t p); +void pp_add_k8_projc_basic(fp8_t l, ep2_t r, const ep2_t q, const ep_t p); /** * Adds two points and evaluates the corresponding line function at another @@ -468,7 +468,7 @@ void pp_add_k8_projc_basic(fp8_t l, ep2_t r, ep2_t q, ep_t p); * @param[in] q - the second point to add. * @param[in] p - the affine point to evaluate the line function. */ -void pp_add_k8_projc_lazyr(fp8_t l, ep2_t r, ep2_t q, ep_t p); +void pp_add_k8_projc_lazyr(fp8_t l, ep2_t r, const ep2_t q, const ep_t p); /** * Adds two points and evaluates the corresponding line function at another @@ -479,7 +479,7 @@ void pp_add_k8_projc_lazyr(fp8_t l, ep2_t r, ep2_t q, ep_t p); * @param[in] q - the second point to add. * @param[in] p - the affine point to evaluate the line function. */ -void pp_add_k12_basic(fp12_t l, ep2_t r, ep2_t q, ep_t p); +void pp_add_k12_basic(fp12_t l, ep2_t r, const ep2_t q, const ep_t p); /** * Adds two points and evaluates the corresponding line function at another @@ -491,7 +491,7 @@ void pp_add_k12_basic(fp12_t l, ep2_t r, ep2_t q, ep_t p); * @param[in] q - the second point to add. * @param[in] p - the affine point to evaluate the line function. */ -void pp_add_k12_projc_basic(fp12_t l, ep2_t r, ep2_t q, ep_t p); +void pp_add_k12_projc_basic(fp12_t l, ep2_t r, const ep2_t q, const ep_t p); /** * Adds two points and evaluates the corresponding line function at another @@ -503,7 +503,7 @@ void pp_add_k12_projc_basic(fp12_t l, ep2_t r, ep2_t q, ep_t p); * @param[in] q - the second point to add. * @param[in] p - the affine point to evaluate the line function. */ -void pp_add_k12_projc_lazyr(fp12_t l, ep2_t r, ep2_t q, ep_t p); +void pp_add_k12_projc_lazyr(fp12_t l, ep2_t r, const ep2_t q, const ep_t p); /** * Adds two points and evaluates the corresponding line function at another @@ -515,7 +515,7 @@ void pp_add_k12_projc_lazyr(fp12_t l, ep2_t r, ep2_t q, ep_t p); * @param[in] p - the second point to add. * @param[in] q - the affine point to evaluate the line function. */ -void pp_add_lit_k12(fp12_t l, ep_t r, ep_t p, ep2_t q); +void pp_add_lit_k12(fp12_t l, ep_t r, const ep_t p, const ep2_t q); /** * Adds two points and evaluates the corresponding line function at another @@ -526,7 +526,7 @@ void pp_add_lit_k12(fp12_t l, ep_t r, ep_t p, ep2_t q); * @param[in] q - the second point to add. * @param[in] p - the affine point to evaluate the line function. */ -void pp_add_k24_basic(fp24_t l, ep4_t r, ep4_t q, ep_t p); +void pp_add_k24_basic(fp24_t l, ep4_t r, const ep4_t q, const ep_t p); /** * Adds two points and evaluates the corresponding line function at another @@ -538,7 +538,7 @@ void pp_add_k24_basic(fp24_t l, ep4_t r, ep4_t q, ep_t p); * @param[in] q - the second point to add. * @param[in] p - the affine point to evaluate the line function. */ -void pp_add_k24_projc(fp24_t l, ep4_t r, ep4_t q, ep_t p); +void pp_add_k24_projc(fp24_t l, ep4_t r, const ep4_t q, const ep_t p); /** * Adds two points and evaluates the corresponding line function at another @@ -549,7 +549,8 @@ void pp_add_k24_projc(fp24_t l, ep4_t r, ep4_t q, ep_t p); * @param[in] q - the second point to add. * @param[in] p - the affine point to evaluate the line function. */ -void pp_add_k48_basic(fp48_t l, fp8_t rx, fp8_t ry, fp8_t qx, fp8_t qy, ep_t p); +void pp_add_k48_basic(fp48_t l, fp8_t rx, fp8_t ry, fp8_t qx, fp8_t qy, + const ep_t p); /** * Adds two points and evaluates the corresponding line function at another @@ -561,7 +562,8 @@ void pp_add_k48_basic(fp48_t l, fp8_t rx, fp8_t ry, fp8_t qx, fp8_t qy, ep_t p); * @param[in] q - the second point to add. * @param[in] p - the affine point to evaluate the line function. */ -void pp_add_k48_projc(fp48_t l, fp8_t rx, fp8_t ry, fp8_t rz, fp8_t qx, fp8_t qy, ep_t p); +void pp_add_k48_projc(fp48_t l, fp8_t rx, fp8_t ry, fp8_t rz, const fp8_t qx, + const fp8_t qy, const ep_t p); /** * Adds two points and evaluates the corresponding line function at another @@ -572,7 +574,8 @@ void pp_add_k48_projc(fp48_t l, fp8_t rx, fp8_t ry, fp8_t rz, fp8_t qx, fp8_t qy * @param[in] q - the second point to add. * @param[in] p - the affine point to evaluate the line function. */ -void pp_add_k54_basic(fp54_t l, fp9_t rx, fp9_t ry, fp9_t qx, fp9_t qy, ep_t p); +void pp_add_k54_basic(fp54_t l, fp9_t rx, fp9_t ry, const fp9_t qx, + const fp9_t qy, const ep_t p); /** * Adds two points and evaluates the corresponding line function at another @@ -584,7 +587,8 @@ void pp_add_k54_basic(fp54_t l, fp9_t rx, fp9_t ry, fp9_t qx, fp9_t qy, ep_t p); * @param[in] q - the second point to add. * @param[in] p - the affine point to evaluate the line function. */ -void pp_add_k54_projc(fp54_t l, fp9_t rx, fp9_t ry, fp9_t rz, fp9_t qx, fp9_t qy, ep_t p); +void pp_add_k54_projc(fp54_t l, fp9_t rx, fp9_t ry, fp9_t rz, const fp9_t qx, + const fp9_t qy, const ep_t p); /** * Doubles a point and evaluates the corresponding line function at another @@ -596,7 +600,7 @@ void pp_add_k54_projc(fp54_t l, fp9_t rx, fp9_t ry, fp9_t rz, fp9_t qx, fp9_t qy * @param[in] p - the point to double. * @param[in] q - the affine point to evaluate the line function. */ -void pp_dbl_k2_basic(fp2_t l, ep_t r, ep_t p, ep_t q); +void pp_dbl_k2_basic(fp2_t l, ep_t r, const ep_t p, const ep_t q); /** * Doubles a point and evaluates the corresponding line function at another @@ -608,7 +612,7 @@ void pp_dbl_k2_basic(fp2_t l, ep_t r, ep_t p, ep_t q); * @param[in] p - the point to double. * @param[in] q - the affine point to evaluate the line function. */ -void pp_dbl_k2_projc_basic(fp2_t l, ep_t r, ep_t p, ep_t q); +void pp_dbl_k2_projc_basic(fp2_t l, ep_t r, const ep_t p, const ep_t q); /** * Doubles a point and evaluates the corresponding line function at another @@ -620,7 +624,7 @@ void pp_dbl_k2_projc_basic(fp2_t l, ep_t r, ep_t p, ep_t q); * @param[in] p - the point to double. * @param[in] q - the affine point to evaluate the line function. */ -void pp_dbl_k2_projc_lazyr(fp2_t l, ep_t r, ep_t p, ep_t q); +void pp_dbl_k2_projc_lazyr(fp2_t l, ep_t r, const ep_t p, const ep_t q); /** * Doubles a point and evaluates the corresponding line function at another @@ -632,7 +636,7 @@ void pp_dbl_k2_projc_lazyr(fp2_t l, ep_t r, ep_t p, ep_t q); * @param[in] q - the point to double. * @param[in] p - the affine point to evaluate the line function. */ -void pp_dbl_k8_basic(fp8_t l, ep2_t r, ep2_t q, ep_t p); +void pp_dbl_k8_basic(fp8_t l, ep2_t r, const ep2_t q, const ep_t p); /** * Doubles a point and evaluates the corresponding line function at another @@ -644,7 +648,7 @@ void pp_dbl_k8_basic(fp8_t l, ep2_t r, ep2_t q, ep_t p); * @param[in] q - the point to double. * @param[in] p - the affine point to evaluate the line function. */ -void pp_dbl_k8_projc_basic(fp8_t l, ep2_t r, ep2_t q, ep_t p); +void pp_dbl_k8_projc_basic(fp8_t l, ep2_t r, const ep2_t q, const ep_t p); /** * Doubles a point and evaluates the corresponding line function at another @@ -656,7 +660,7 @@ void pp_dbl_k8_projc_basic(fp8_t l, ep2_t r, ep2_t q, ep_t p); * @param[in] q - the point to double. * @param[in] p - the affine point to evaluate the line function. */ -void pp_dbl_k8_projc_lazyr(fp8_t l, ep2_t r, ep2_t q, ep_t p); +void pp_dbl_k8_projc_lazyr(fp8_t l, ep2_t r, const ep2_t q, const ep_t p); /** * Doubles a point and evaluates the corresponding line function at another @@ -668,7 +672,7 @@ void pp_dbl_k8_projc_lazyr(fp8_t l, ep2_t r, ep2_t q, ep_t p); * @param[in] q - the point to double. * @param[in] p - the affine point to evaluate the line function. */ -void pp_dbl_k12_basic(fp12_t l, ep2_t r, ep2_t q, ep_t p); +void pp_dbl_k12_basic(fp12_t l, ep2_t r, const ep2_t q, const ep_t p); /** * Doubles a point and evaluates the corresponding line function at another @@ -680,7 +684,7 @@ void pp_dbl_k12_basic(fp12_t l, ep2_t r, ep2_t q, ep_t p); * @param[in] q - the point to double. * @param[in] p - the affine point to evaluate the line function. */ -void pp_dbl_k12_projc_basic(fp12_t l, ep2_t r, ep2_t q, ep_t p); +void pp_dbl_k12_projc_basic(fp12_t l, ep2_t r, const ep2_t q, const ep_t p); /** * Doubles a point and evaluates the corresponding line function at another @@ -692,7 +696,7 @@ void pp_dbl_k12_projc_basic(fp12_t l, ep2_t r, ep2_t q, ep_t p); * @param[in] q - the point to double. * @param[in] p - the affine point to evaluate the line function. */ -void pp_dbl_k12_projc_lazyr(fp12_t l, ep2_t r, ep2_t q, ep_t p); +void pp_dbl_k12_projc_lazyr(fp12_t l, ep2_t r, const ep2_t q, const ep_t p); /** * Doubles a point and evaluates the corresponding line function at another @@ -704,7 +708,7 @@ void pp_dbl_k12_projc_lazyr(fp12_t l, ep2_t r, ep2_t q, ep_t p); * @param[in] q - the point to double. * @param[in] p - the affine point to evaluate the line function. */ -void pp_dbl_k24_basic(fp24_t l, ep4_t r, ep4_t q, ep_t p); +void pp_dbl_k24_basic(fp24_t l, ep4_t r, const ep4_t q, const ep_t p); /** * Doubles a point and evaluates the corresponding line function at another @@ -716,7 +720,7 @@ void pp_dbl_k24_basic(fp24_t l, ep4_t r, ep4_t q, ep_t p); * @param[in] q - the point to double. * @param[in] p - the affine point to evaluate the line function. */ -void pp_dbl_k24_projc(fp24_t l, ep4_t r, ep4_t q, ep_t p); +void pp_dbl_k24_projc(fp24_t l, ep4_t r, const ep4_t q, const ep_t p); /** * Doubles a point and evaluates the corresponding line function at another @@ -728,7 +732,7 @@ void pp_dbl_k24_projc(fp24_t l, ep4_t r, ep4_t q, ep_t p); * @param[in] q - the point to double. * @param[in] p - the affine point to evaluate the line function. */ -void pp_dbl_k48_basic(fp48_t l, fp8_t rx, fp8_t ry, ep_t p); +void pp_dbl_k48_basic(fp48_t l, fp8_t rx, fp8_t ry, const ep_t p); /** * Doubles a point and evaluates the corresponding line function at another @@ -740,7 +744,7 @@ void pp_dbl_k48_basic(fp48_t l, fp8_t rx, fp8_t ry, ep_t p); * @param[in] q - the point to double. * @param[in] p - the affine point to evaluate the line function. */ -void pp_dbl_k48_projc(fp48_t l, fp8_t rx, fp8_t ry, fp8_t rz, ep_t p); +void pp_dbl_k48_projc(fp48_t l, fp8_t rx, fp8_t ry, fp8_t rz, const ep_t p); /** * Doubles a point and evaluates the corresponding line function at another @@ -752,7 +756,7 @@ void pp_dbl_k48_projc(fp48_t l, fp8_t rx, fp8_t ry, fp8_t rz, ep_t p); * @param[in] q - the point to double. * @param[in] p - the affine point to evaluate the line function. */ -void pp_dbl_k54_basic(fp54_t l, fp9_t rx, fp9_t ry, ep_t p); +void pp_dbl_k54_basic(fp54_t l, fp9_t rx, fp9_t ry, const ep_t p); /** * Doubles a point and evaluates the corresponding line function at another @@ -764,7 +768,7 @@ void pp_dbl_k54_basic(fp54_t l, fp9_t rx, fp9_t ry, ep_t p); * @param[in] q - the point to double. * @param[in] p - the affine point to evaluate the line function. */ -void pp_dbl_k54_projc(fp54_t l, fp9_t rx, fp9_t ry, fp9_t rz, ep_t p); +void pp_dbl_k54_projc(fp54_t l, fp9_t rx, fp9_t ry, fp9_t rz, const ep_t p); /** * Doubles a point and evaluates the corresponding line function at another @@ -776,7 +780,7 @@ void pp_dbl_k54_projc(fp54_t l, fp9_t rx, fp9_t ry, fp9_t rz, ep_t p); * @param[in] p - the point to double. * @param[in] q - the affine point to evaluate the line function. */ -void pp_dbl_lit_k12(fp12_t l, ep_t r, ep_t p, ep2_t q); +void pp_dbl_lit_k12(fp12_t l, ep_t r, const ep_t p, const ep2_t q); /** * Computes the final exponentiation for a pairing defined over curves of @@ -839,7 +843,7 @@ void pp_exp_k54(fp54_t c, fp54_t a); * @param[out] r - the resulting point. * @param[in] p - the point to normalize. */ -void pp_norm_k2(ep_t c, ep_t a); +void pp_norm_k2(ep_t c, const ep_t a); /** * Normalizes the accumulator point used inside pairing computation defined @@ -848,7 +852,7 @@ void pp_norm_k2(ep_t c, ep_t a); * @param[out] r - the resulting point. * @param[in] p - the point to normalize. */ -void pp_norm_k8(ep2_t c, ep2_t a); +void pp_norm_k8(ep2_t c, const ep2_t a); /** * Normalizes the accumulator point used inside pairing computation defined @@ -857,7 +861,7 @@ void pp_norm_k8(ep2_t c, ep2_t a); * @param[out] r - the resulting point. * @param[in] p - the point to normalize. */ -void pp_norm_k12(ep2_t c, ep2_t a); +void pp_norm_k12(ep2_t c, const ep2_t a); /** * Normalizes the accumulator point used inside pairing computation defined @@ -866,7 +870,7 @@ void pp_norm_k12(ep2_t c, ep2_t a); * @param[out] r - the resulting point. * @param[in] p - the point to normalize. */ -void pp_norm_k24(ep4_t c, ep4_t a); +void pp_norm_k24(ep4_t c, const ep4_t a); /** * Computes the Tate pairing of two points in a parameterized elliptic curve @@ -876,7 +880,7 @@ void pp_norm_k24(ep4_t c, ep4_t a); * @param[in] q - the first elliptic curve point. * @param[in] p - the second elliptic curve point. */ -void pp_map_tatep_k2(fp2_t r, ep_t p, ep_t q); +void pp_map_tatep_k2(fp2_t r, const ep_t p, const ep_t q); /** * Computes the Tate multi-pairing of in a parameterized elliptic curve with @@ -887,7 +891,7 @@ void pp_map_tatep_k2(fp2_t r, ep_t p, ep_t q); * @param[in] p - the second pairing arguments. * @param[in] m - the number of pairings to evaluate. */ -void pp_map_sim_tatep_k2(fp2_t r, ep_t *p, ep_t *q, int m); +void pp_map_sim_tatep_k2(fp2_t r, const ep_t *p, const ep_t *q, int m); /** * Computes the Weil pairing of two points in a parameterized elliptic curve @@ -897,7 +901,7 @@ void pp_map_sim_tatep_k2(fp2_t r, ep_t *p, ep_t *q, int m); * @param[in] q - the first elliptic curve point. * @param[in] p - the second elliptic curve point. */ -void pp_map_weilp_k2(fp2_t r, ep_t p, ep_t q); +void pp_map_weilp_k2(fp2_t r, const ep_t p, const ep_t q); /** * Computes the optimal ate pairing of two points in a parameterized elliptic @@ -907,7 +911,7 @@ void pp_map_weilp_k2(fp2_t r, ep_t p, ep_t q); * @param[in] q - the first elliptic curve point. * @param[in] p - the second elliptic curve point. */ -void pp_map_oatep_k8(fp8_t r, ep_t p, ep2_t q); +void pp_map_oatep_k8(fp8_t r, const ep_t p, const ep2_t q); /** * Computes the Weil multi-pairing of in a parameterized elliptic curve with @@ -918,7 +922,7 @@ void pp_map_oatep_k8(fp8_t r, ep_t p, ep2_t q); * @param[in] p - the second pairing arguments. * @param[in] m - the number of pairings to evaluate. */ -void pp_map_sim_weilp_k2(fp2_t r, ep_t *p, ep_t *q, int m); +void pp_map_sim_weilp_k2(fp2_t r, const ep_t *p, const ep_t *q, int m); /** * Computes the Tate pairing of two points in a parameterized elliptic curve @@ -928,7 +932,7 @@ void pp_map_sim_weilp_k2(fp2_t r, ep_t *p, ep_t *q, int m); * @param[in] q - the first elliptic curve point. * @param[in] p - the second elliptic curve point. */ -void pp_map_tatep_k12(fp12_t r, ep_t p, ep2_t q); +void pp_map_tatep_k12(fp12_t r, const ep_t p, const ep2_t q); /** * Computes the Tate multi-pairing of in a parameterized elliptic curve with @@ -939,7 +943,7 @@ void pp_map_tatep_k12(fp12_t r, ep_t p, ep2_t q); * @param[in] p - the second pairing arguments. * @param[in] m - the number of pairings to evaluate. */ -void pp_map_sim_tatep_k12(fp12_t r, ep_t *p, ep2_t *q, int m); +void pp_map_sim_tatep_k12(fp12_t r, const ep_t *p, const ep2_t *q, int m); /** * Computes the Weil pairing of two points in a parameterized elliptic curve @@ -949,7 +953,7 @@ void pp_map_sim_tatep_k12(fp12_t r, ep_t *p, ep2_t *q, int m); * @param[in] q - the first elliptic curve point. * @param[in] p - the second elliptic curve point. */ -void pp_map_weilp_k12(fp12_t r, ep_t p, ep2_t q); +void pp_map_weilp_k12(fp12_t r, const ep_t p, const ep2_t q); /** * Computes the Weil multi-pairing of in a parameterized elliptic curve with @@ -960,7 +964,7 @@ void pp_map_weilp_k12(fp12_t r, ep_t p, ep2_t q); * @param[in] p - the second pairing arguments. * @param[in] m - the number of pairings to evaluate. */ -void pp_map_sim_weilp_k12(fp12_t r, ep_t *p, ep2_t *q, int m); +void pp_map_sim_weilp_k12(fp12_t r, const ep_t *p, const ep2_t *q, int m); /** * Computes the optimal ate pairing of two points in a parameterized elliptic @@ -970,7 +974,7 @@ void pp_map_sim_weilp_k12(fp12_t r, ep_t *p, ep2_t *q, int m); * @param[in] q - the first elliptic curve point. * @param[in] p - the second elliptic curve point. */ -void pp_map_oatep_k12(fp12_t r, ep_t p, ep2_t q); +void pp_map_oatep_k12(fp12_t r, const ep_t p, const ep2_t q); /** * Computes the optimal ate multi-pairing of in a parameterized elliptic @@ -981,7 +985,7 @@ void pp_map_oatep_k12(fp12_t r, ep_t p, ep2_t q); * @param[in] p - the second pairing arguments. * @param[in] m - the number of pairings to evaluate. */ -void pp_map_sim_oatep_k12(fp12_t r, ep_t *p, ep2_t *q, int m); +void pp_map_sim_oatep_k12(fp12_t r, const ep_t *p, const ep2_t *q, int m); /** * Computes the Optimal Ate pairing of two points in a parameterized elliptic @@ -991,7 +995,7 @@ void pp_map_sim_oatep_k12(fp12_t r, ep_t *p, ep2_t *q, int m); * @param[in] q - the first elliptic curve point. * @param[in] p - the second elliptic curve point. */ -void pp_map_k24(fp24_t r, ep_t p, ep4_t q); +void pp_map_k24(fp24_t r, const ep_t p, const ep4_t q); /** * Computes the optimal ate multi-pairing of in a parameterized elliptic @@ -1002,7 +1006,7 @@ void pp_map_k24(fp24_t r, ep_t p, ep4_t q); * @param[in] p - the second pairing arguments. * @param[in] m - the number of pairings to evaluate. */ -void pp_map_sim_k24(fp24_t r, ep_t *p, ep4_t *q, int m); +void pp_map_sim_k24(fp24_t r, const ep_t *p, const ep4_t *q, int m); /** * Computes the Optimal Ate pairing of two points in a parameterized elliptic @@ -1012,7 +1016,7 @@ void pp_map_sim_k24(fp24_t r, ep_t *p, ep4_t *q, int m); * @param[in] q - the first elliptic curve point. * @param[in] p - the second elliptic curve point. */ -void pp_map_k48(fp48_t r, ep_t p, fp8_t qx, fp8_t qy); +void pp_map_k48(fp48_t r, const ep_t p, const fp8_t qx, const fp8_t qy); /** * Computes the Optimal Ate pairing of two points in a parameterized elliptic @@ -1022,6 +1026,6 @@ void pp_map_k48(fp48_t r, ep_t p, fp8_t qx, fp8_t qy); * @param[in] q - the first elliptic curve point. * @param[in] p - the second elliptic curve point. */ -void pp_map_k54(fp54_t r, ep_t p, fp9_t qx, fp9_t qy); +void pp_map_k54(fp54_t r, const ep_t p, const fp9_t qx, const fp9_t qy); #endif /* !RLC_PP_H */ diff --git a/include/relic_types.h b/include/relic_types.h index 92316bfec..5a7e3dcb4 100644 --- a/include/relic_types.h +++ b/include/relic_types.h @@ -32,6 +32,7 @@ #ifndef RLC_TYPES_H #define RLC_TYPES_H +#include #include #include "relic_conf.h" diff --git a/include/relic_util.h b/include/relic_util.h index 0dd17441e..806983349 100644 --- a/include/relic_util.h +++ b/include/relic_util.h @@ -115,6 +115,13 @@ */ #define RLC_HIGH(D) (D >> (RLC_DIG >> 1)) +/** + * Returns the sign bit of a digit. + * + * @param[in] D - the digit. + */ +#define RLC_SIGN(D) (((dig_t)D) >> (RLC_DIG - 1)) + /** * Selects between two values based on the value of a given flag. * @@ -290,6 +297,14 @@ int util_bits_dig(dig_t a); */ int util_cmp_const(const void *a, const void *b, int n); +/** + * Computes a random permutation in [0, n-1]. + * + * @param[out] p - the resulting permutation. + * @param[in] n - the size of the permutation. + */ +void util_perm(unsigned int p[], int n); + /** * Formats and prints data following a printf-like syntax. * diff --git a/preset/ardue-ecc-128k.sh b/preset/ardue-ecc-128k.sh new file mode 100755 index 000000000..582ef9458 --- /dev/null +++ b/preset/ardue-ecc-128k.sh @@ -0,0 +1,3 @@ +#!/bin/sh +ARDUINO=${HOME}/.arduino15/packages/arduino/ +CC="${ARDUINO}/tools/arm-none-eabi-gcc/4.8.3-2014q1/bin/arm-none-eabi-gcc" CXX="${ARDUINO}/tools/arm-none-eabi-gcc/4.8.3-2014q1/bin/arm-none-eabi-g++ -nostdlib" LDFLAGS="-mthumb -Wl,--gc-sections" CFLAGS="-nostdlib -std=c99 -Wl,--no-export-dynamic -O2 -ggdb -DF_CPU=84000000L -mcpu=cortex-m3 -mthumb -ffunction-sections -fdata-sections" cmake -DCMAKE_SYSTEM_NAME="Generic" -DARCH=ARM -DWSIZE=32 -DOPSYS=DUINO -DSEED=LIBC -DSHLIB=OFF -DSTBIN=ON -DTIMER=HREAL -DWITH="DV;BN;FP;EP;EC;CP;MD" -DBENCH=20 -DTESTS=20 -DCHECK=off -DVERBS=off -DSTRIP=on -DQUIET=off -DARITH=easy -DBN_METHD="COMBA;COMBA;BASIC;BASIC;BINAR;BASIC" -DBN_PRECI=3072 -DBN_MAGNI=DOUBLE -DFP_PRIME=256 -DFP_METHD="INTEG;COMBA;COMBA;QUICK;EXGCD;LOWER;SLIDE" -DEP_ENDOM=on -DEP_PLAIN=off -DEP_SUPER=off -DEC_ENDOM=on -DEC_METHD="PRIME" -DMD_METHD=SH256 $1 diff --git a/preset/ardue-pbc-bn254.sh b/preset/ardue-pbc-bn254.sh index 2ce681faa..6146a994c 100755 --- a/preset/ardue-pbc-bn254.sh +++ b/preset/ardue-pbc-bn254.sh @@ -1,3 +1,3 @@ #!/bin/sh ARDUINO=${HOME}/.arduino15/packages/arduino/ -CC="${ARDUINO}/tools/arm-none-eabi-gcc/4.8.3-2014q1/bin/arm-none-eabi-gcc -nostdlib" CXX="${ARDUINO}/tools/arm-none-eabi-gcc/4.8.3-2014q1/bin/arm-none-eabi-g++ -nostdlib" LDFLAGS="-mthumb -Wl,--gc-sections" CFLAGS="-O2 -ggdb -DF_CPU=84000000L -mcpu=cortex-m3 -mthumb -ffunction-sections -fdata-sections" cmake -DCMAKE_SYSTEM_NAME="Generic" -DARCH=ARM -DWSIZE=32 -DOPSYS=DUINO -DSEED=LIBC -DSHLIB=OFF -DSTBIN=ON -DTIMER=HREAL -DWITH="DV;BN;FP;EP;EC;CP;MD;FPX;EPX;PP;PC" -DBENCH=0 -DTESTS=0 -DCHECK=off -DVERBS=off -DSTRIP=on -DQUIET=off -DARITH=easy -DBN_METHD="COMBA;COMBA;BASIC;BASIC;STEIN;BASIC" -DBN_PRECI=256 -DBN_MAGNI=DOUBLE -DFP_PRIME=254 -DFP_QNRES=on -DFP_METHD="INTEG;COMBA;COMBA;MONTY;EXGCD;SLIDE" -DEP_ENDOM=on -DEP_PLAIN=off -DEP_SUPER=off -DEC_ENDOM=on -DEC_METHD="PRIME" -DMD_METHD=SH256 -DFPX_METHD="INTEG;INTEG;LAZYR" -DPP_METHD="LAZYR;OATEP" $1 +CC="${ARDUINO}/tools/arm-none-eabi-gcc/4.8.3-2014q1/bin/arm-none-eabi-gcc -nostdlib" CXX="${ARDUINO}/tools/arm-none-eabi-gcc/4.8.3-2014q1/bin/arm-none-eabi-g++ -nostdlib" LDFLAGS="-mthumb -Wl,--gc-sections" CFLAGS="-O2 -ggdb -DF_CPU=84000000L -mcpu=cortex-m3 -mthumb -ffunction-sections -fdata-sections" cmake -DCMAKE_SYSTEM_NAME="Generic" -DARCH=ARM -DWSIZE=32 -DOPSYS=DUINO -DSEED=LIBC -DSHLIB=OFF -DSTBIN=ON -DTIMER=HREAL -DWITH="DV;BN;FP;EP;EC;CP;MD;FPX;EPX;PP;PC" -DBENCH=0 -DTESTS=0 -DCHECK=off -DVERBS=off -DSTRIP=on -DQUIET=off -DARITH=easy -DBN_METHD="COMBA;COMBA;BASIC;BASIC;BINAR;BASIC" -DBN_PRECI=256 -DBN_MAGNI=DOUBLE -DFP_PRIME=254 -DFP_QNRES=on -DFP_METHD="INTEG;COMBA;COMBA;MONTY;EXGCD;LOWER;SLIDE" -DEP_ENDOM=on -DEP_PLAIN=off -DEP_SUPER=off -DEC_ENDOM=on -DEC_METHD="PRIME" -DMD_METHD=SH256 -DFPX_METHD="INTEG;INTEG;LAZYR" -DPP_METHD="LAZYR;OATEP" $1 diff --git a/preset/arm-pbc-bn254.sh b/preset/arm-pbc-bn254.sh index 302bcea1c..b56a27be0 100755 --- a/preset/arm-pbc-bn254.sh +++ b/preset/arm-pbc-bn254.sh @@ -1,3 +1,3 @@ #!/bin/sh -cmake -DWITH="ALL" -DCHECK=off -DARITH=arm-asm-254 -DARCH=ARM -DCOLOR=off -DSEED= -DSHLIB=off -DFP_PRIME=254 -DFP_QNRES=on -DFP_METHD="INTEG;INTEG;INTEG;MONTY;EXGCD;SLIDE" -DFPX_METHD="INTEG;INTEG;LAZYR" -DPP_METHD="LAZYR;OATEP" -DCFLAGS="-O3 -funroll-loops -fomit-frame-pointer" -DTIMER=HREAL -DWSIZE=32 -DSTLIB=on $1 +cmake -DWITH="ALL" -DCHECK=off -DARITH=arm-asm-254 -DARCH=ARM -DCOLOR=off -DSEED= -DSHLIB=off -DFP_PRIME=254 -DFP_QNRES=on -DFP_METHD="INTEG;INTEG;INTEG;MONTY;EXGCD;LOWER;SLIDE" -DFPX_METHD="INTEG;INTEG;LAZYR" -DPP_METHD="LAZYR;OATEP" -DCFLAGS="-O3 -funroll-loops -fomit-frame-pointer" -DTIMER=HREAL -DWSIZE=32 -DSTLIB=on $1 diff --git a/preset/armdroid-pbc-bn254.sh b/preset/armdroid-pbc-bn254.sh index c9adeeacd..eb4e29004 100755 --- a/preset/armdroid-pbc-bn254.sh +++ b/preset/armdroid-pbc-bn254.sh @@ -10,4 +10,4 @@ PREF=arm-linux-androideabi- export CC="$ROOT/bin/${PREF}gcc --sysroot=$SYSROOT" -cmake -DWITH="DV;BN;MD;FP;EP;FPX;EPX;PP;PC;CP" -DCHECK=off -DARITH=arm-asm-254 -DARCH=ARM -DCOLOR=off -DOPSYS=DROID -DFP_PRIME=254 -DFP_QNRES=on -DFP_METHD="INTEG;INTEG;INTEG;MONTY;EXGCD;SLIDE" -DFPX_METHD="INTEG;INTEG;LAZYR" -DPP_METHD="LAZYR;OATEP" -DCFLAGS="-O3 -funroll-loops -fomit-frame-pointer" -DLDFLAGS="-L$SYSROOT/usr/lib/gcc/arm-linux-androideabi/4.9.x/ -L$SYSROOT/usr/lib -llog" -DTIMER=HREAL -DWSIZE=32 -DSTLIB=on -DSHLIB=off $1 +cmake -DWITH="DV;BN;MD;FP;EP;FPX;EPX;PP;PC;CP" -DCHECK=off -DARITH=arm-asm-254 -DARCH=ARM -DCOLOR=off -DOPSYS=DROID -DFP_PRIME=254 -DFP_QNRES=on -DFP_METHD="INTEG;INTEG;INTEG;MONTY;EXGCD;LOWER;SLIDE" -DFPX_METHD="INTEG;INTEG;LAZYR" -DPP_METHD="LAZYR;OATEP" -DCFLAGS="-O3 -funroll-loops -fomit-frame-pointer" -DLDFLAGS="-L$SYSROOT/usr/lib/gcc/arm-linux-androideabi/4.9.x/ -L$SYSROOT/usr/lib -llog" -DTIMER=HREAL -DWSIZE=32 -DSTLIB=on -DSHLIB=off $1 diff --git a/preset/armduino-ecc-128k.sh b/preset/armduino-ecc-128k.sh index f83ad42eb..df0a90b4c 100755 --- a/preset/armduino-ecc-128k.sh +++ b/preset/armduino-ecc-128k.sh @@ -1,3 +1,3 @@ #!/bin/sh ARDUINO=${HOME}/projects/arduino-1.5.2/hardware/ -CC="${ARDUINO}/tools/g++_arm_none_eabi/bin/arm-none-eabi-gcc" CXX=c++ LDFLAGS="-mthumb -Wl,-gc-sections" CFLAGS="-O2 -ggdb -DF_CPU=84000000L -mcpu=cortex-m3 -mthumb -ffunction-sections -fdata-sections" cmake -DARCH=ARM -DWSIZE=32 -DOPSYS=DUINO -DSEED=LIBC -DSHLIB=OFF -DSTBIN=ON -DTIMER=HREAL -DWITH="DV;BN;FP;EP;EC;CP;MD" -DBENCH=20 -DTESTS=20 -DCHECK=off -DVERBS=off -DSTRIP=on -DQUIET=off -DARITH=easy -DBN_METHD="COMBA;COMBA;BASIC;BASIC;STEIN;BASIC" -DBN_PRECI=256 -DBN_MAGNI=DOUBLE -DFP_PRIME=256 -DFP_METHD="INTEG;COMBA;COMBA;QUICK;EXGCD;SLIDE" -DEP_ENDOM=on -DEP_PLAIN=off -DEP_SUPER=off -DEC_ENDOM=on -DEC_METHD="PRIME" -DMD_METHD=SH256 $1 +CC="${ARDUINO}/tools/g++_arm_none_eabi/bin/arm-none-eabi-gcc" CXX=c++ LDFLAGS="-mthumb -Wl,-gc-sections" CFLAGS="-O2 -ggdb -DF_CPU=84000000L -mcpu=cortex-m3 -mthumb -ffunction-sections -fdata-sections" cmake -DARCH=ARM -DWSIZE=32 -DOPSYS=DUINO -DSEED=LIBC -DSHLIB=OFF -DSTBIN=ON -DTIMER=HREAL -DWITH="DV;BN;FP;EP;EC;CP;MD" -DBENCH=20 -DTESTS=20 -DCHECK=off -DVERBS=off -DSTRIP=on -DQUIET=off -DARITH=easy -DBN_METHD="COMBA;COMBA;BASIC;BASIC;BINAR;BASIC" -DBN_PRECI=256 -DBN_MAGNI=DOUBLE -DFP_PRIME=256 -DFP_METHD="INTEG;COMBA;COMBA;QUICK;EXGCD;LOWER;SLIDE" -DEP_ENDOM=on -DEP_PLAIN=off -DEP_SUPER=off -DEC_ENDOM=on -DEC_METHD="PRIME" -DMD_METHD=SH256 $1 diff --git a/preset/armega-pbc-bn254.sh b/preset/armega-pbc-bn254.sh index 2800a6c36..1218e0f2b 100755 --- a/preset/armega-pbc-bn254.sh +++ b/preset/armega-pbc-bn254.sh @@ -1,3 +1,3 @@ #!/bin/sh ARDUINO=/usr/share/arduino -CC="${ARDUINO}/hardware/tools/avr/bin/avr-gcc -nostdlib" CXX="${ARDUINO}/hardware/tools/avr/bin/avr-g++ -nostdlib" LDFLAGS=" -Wl,--gc-sections" CFLAGS="-O2 -ggdb -DF_CPU=16000000L -mmcu=atmega2560 -ffunction-sections -fdata-sections" cmake -DCMAKE_SYSTEM_NAME="Generic" -DARCH=AVR -DWSIZE=8 -DOPSYS=DUINO -DSEED=LIBC -DSHLIB=OFF -DSTBIN=ON -DTIMER=HREAL -DWITH="DV;BN;FP;EP;EC;CP;MD;FPX;EPX;PP;PC" -DBENCH=0 -DTESTS=0 -DCHECK=off -DVERBS=off -DSTRIP=on -DQUIET=off -DARITH=easy -DBN_METHD="COMBA;COMBA;BASIC;BASIC;STEIN;BASIC" -DBN_PRECI=256 -DBN_MAGNI=DOUBLE -DFP_PRIME=254 -DFP_QNRES=on -DFP_METHD="INTEG;COMBA;COMBA;MONTY;EXGCD;SLIDE" -DEP_ENDOM=on -DEP_PLAIN=off -DEP_SUPER=off -DEC_ENDOM=on -DEC_METHD="PRIME" -DMD_METHD=SH256 -DFPX_METHD="INTEG;INTEG;LAZYR" -DPP_METHD="LAZYR;OATEP" -DEP_PRECO=off $1 +CC="${ARDUINO}/hardware/tools/avr/bin/avr-gcc -nostdlib" CXX="${ARDUINO}/hardware/tools/avr/bin/avr-g++ -nostdlib" LDFLAGS=" -Wl,--gc-sections" CFLAGS="-O2 -ggdb -DF_CPU=16000000L -mmcu=atmega2560 -ffunction-sections -fdata-sections" cmake -DCMAKE_SYSTEM_NAME="Generic" -DARCH=AVR -DWSIZE=8 -DOPSYS=DUINO -DSEED=LIBC -DSHLIB=OFF -DSTBIN=ON -DTIMER=HREAL -DWITH="DV;BN;FP;EP;EC;CP;MD;FPX;EPX;PP;PC" -DBENCH=0 -DTESTS=0 -DCHECK=off -DVERBS=off -DSTRIP=on -DQUIET=off -DARITH=easy -DBN_METHD="COMBA;COMBA;BASIC;BASIC;BINAR;BASIC" -DBN_PRECI=256 -DBN_MAGNI=DOUBLE -DFP_PRIME=254 -DFP_QNRES=on -DFP_METHD="INTEG;COMBA;COMBA;MONTY;EXGCD;LOWER;SLIDE" -DEP_ENDOM=on -DEP_PLAIN=off -DEP_SUPER=off -DEC_ENDOM=on -DEC_METHD="PRIME" -DMD_METHD=SH256 -DFPX_METHD="INTEG;INTEG;LAZYR" -DPP_METHD="LAZYR;OATEP" -DEP_PRECO=off $1 diff --git a/preset/armios-pbc-bn254.sh b/preset/armios-pbc-bn254.sh index ed1ab2d43..d613eafc9 100755 --- a/preset/armios-pbc-bn254.sh +++ b/preset/armios-pbc-bn254.sh @@ -9,4 +9,4 @@ export VERFLAGS="-mios-simulator-version-min=11.0" export CC=`xcrun --sdk iphoneos --find clang` export SYSROOT=`xcrun --sdk iphoneos --show-sdk-path` -cmake -DCMAKE_TOOLCHAIN_FILE=../cmake/ios.cmake -DIOS_PLATFORM=OS64 -DWITH="DV;BN;MD;FP;EP;FPX;EPX;PP;PC;CP" -DCHECK=off -DARITH=easy -DARCH=ARM -DCOLOR=off -DOPSYS=NONE -DFP_PRIME=254 -DFP_QNRES=on -DFP_METHD="INTEG;INTEG;INTEG;MONTY;EXGCD;SLIDE" -DFPX_METHD="INTEG;INTEG;LAZYR" -DPP_METHD="LAZYR;OATEP" -DCFLAGS="-O3 -funroll-loops -fomit-frame-pointer $INCLUDES -isysroot $SYSROOT $ARCHFLAGS $VERFLAGS -fembed-bitcode" -DTIMER=HREAL -DWSIZE=64 -DSTLIB=on -DSHLIB=off $1 +cmake -DCMAKE_TOOLCHAIN_FILE=../cmake/ios.cmake -DIOS_PLATFORM=OS64 -DWITH="DV;BN;MD;FP;EP;FPX;EPX;PP;PC;CP" -DCHECK=off -DARITH=easy -DARCH=ARM -DCOLOR=off -DOPSYS=NONE -DFP_PRIME=254 -DFP_QNRES=on -DFP_METHD="INTEG;INTEG;INTEG;MONTY;EXGCD;LOWER;SLIDE" -DFPX_METHD="INTEG;INTEG;LAZYR" -DPP_METHD="LAZYR;OATEP" -DCFLAGS="-O3 -funroll-loops -fomit-frame-pointer $INCLUDES -isysroot $SYSROOT $ARCHFLAGS $VERFLAGS -fembed-bitcode" -DTIMER=HREAL -DWSIZE=64 -DSTLIB=on -DSHLIB=off $1 diff --git a/preset/avr-ecc-80k.sh b/preset/avr-ecc-80k.sh index 7bbf03fe7..7ee0544ee 100755 --- a/preset/avr-ecc-80k.sh +++ b/preset/avr-ecc-80k.sh @@ -1,2 +1,2 @@ #!/bin/sh -CC=avr-gcc CXX=avr-c++ LDFLAGS="-mmcu=atmega128 -Wl,-gc-sections" CFLAGS="-O2 -ggdb -Wa,-mmcu=atmega128 -mmcu=atmega128 -ffunction-sections -fdata-sections" cmake -DCMAKE_SYSTEM_NAME=Generic -DARCH=AVR -DWSIZE=8 -DOPSYS= -DRAND=HASHD -DSEED=LIBC -DSHLIB=OFF -DSTBIN=ON -DTIMER= -DWITH="DV;MD;BN;FB;EB;EC" -DBENCH=10 -DTESTS=10 -DCHECK=off -DVERBS=off -DSTRIP=on -DQUIET=off -DCOLOR=off -DARITH=avr-asm-163 -DFB_POLYN=163 -DBN_METHD="COMBA;COMBA;BASIC;BASIC;STEIN;BASIC" -DFB_METHD="INTEG;INTEG;QUICK;BASIC;BASIC;BASIC;EXGCD;BASIC;BASIC" -DFB_PRECO=off -DFB_TRINO=off -DBN_PRECI=160 -DBN_MAGNI=DOUBLE -DEB_PRECO=on -DEB_METHD="PROJC;RWNAF;LWNAF;INTER" -DEB_MIXED=on -DEB_KBLTZ=on -DEB_PLAIN=off -DEC_METHD="CHAR2" -DMD_METHD=SH256 $1 +CC=avr-gcc CXX=avr-c++ LDFLAGS="-mmcu=atmega128 -Wl,-gc-sections" CFLAGS="-O2 -ggdb -Wa,-mmcu=atmega128 -mmcu=atmega128 -ffunction-sections -fdata-sections" cmake -DCMAKE_SYSTEM_NAME=Generic -DARCH=AVR -DWSIZE=8 -DOPSYS= -DRAND=HASHD -DSEED=LIBC -DSHLIB=OFF -DSTBIN=ON -DTIMER= -DWITH="DV;MD;BN;FB;EB;EC" -DBENCH=10 -DTESTS=10 -DCHECK=off -DVERBS=off -DSTRIP=on -DQUIET=off -DCOLOR=off -DARITH=avr-asm-163 -DFB_POLYN=163 -DBN_METHD="COMBA;COMBA;BASIC;BASIC;BINAR;BASIC" -DFB_METHD="INTEG;INTEG;QUICK;BASIC;BASIC;BASIC;EXGCD;BASIC;BASIC" -DFB_PRECO=off -DFB_TRINO=off -DBN_PRECI=160 -DBN_MAGNI=DOUBLE -DEB_PRECO=on -DEB_METHD="PROJC;RWNAF;LWNAF;INTER" -DEB_MIXED=on -DEB_KBLTZ=on -DEB_PLAIN=off -DEC_METHD="CHAR2" -DMD_METHD=SH256 $1 diff --git a/preset/avr-pbc-80.sh b/preset/avr-pbc-80.sh index 95f36fdd1..4bf44ede6 100755 --- a/preset/avr-pbc-80.sh +++ b/preset/avr-pbc-80.sh @@ -1,2 +1,2 @@ #!/bin/sh -CC=avr-gcc CXX=c++ LDFLAGS="-mmcu=atmega128 -Wl,-gc-sections" CFLAGS="-O2 -ggdb -Wa,-mmcu=atmega128 -mmcu=atmega128 -ffunction-sections -fdata-sections" cmake -DARCH=AVR -DWSIZE=8 -DOPSYS= -DSEED=LIBC -DSHLIB=OFF -DSTBIN=ON -DTIMER= -DWITH="DV;MD;BN;FP;FPX;EP;EC;PP;PC" -DBENCH=20 -DTESTS=20 -DCHECK=off -DVERBS=off -DSTRIP=on -DQUIET=on -DARITH=avr-asm-158 -DFP_PRIME=158 -DBN_METHD="COMBA;COMBA;MONTY;BASIC;STEIN;BASIC" -DFP_QNRES=off -DFP_METHD="INTEG;COMBA;COMBA;MONTY;MONTY;SLIDE" -DBN_PRECI=160 -DBN_MAGNI=DOUBLE -DEP_PRECO=off -DEP_METHD="PROJC;LWNAF;LWNAF;BASIC" -DEP_ENDOM=on -DEP_PLAIN=on -DEC_METHD="PRIME" -DFPX_METHD="INTEG;INTEG;BASIC" -DPP_METHD="BASIC;OATEP" -DRAND=HASHD -DSEED=LIBC -DMD_METHD=SH256 $1 +CC=avr-gcc CXX=c++ LDFLAGS="-mmcu=atmega128 -Wl,-gc-sections" CFLAGS="-O2 -ggdb -Wa,-mmcu=atmega128 -mmcu=atmega128 -ffunction-sections -fdata-sections" cmake -DARCH=AVR -DWSIZE=8 -DOPSYS= -DSEED=LIBC -DSHLIB=OFF -DSTBIN=ON -DTIMER= -DWITH="DV;MD;BN;FP;FPX;EP;EC;PP;PC" -DBENCH=20 -DTESTS=20 -DCHECK=off -DVERBS=off -DSTRIP=on -DQUIET=on -DARITH=avr-asm-158 -DFP_PRIME=158 -DBN_METHD="COMBA;COMBA;MONTY;BASIC;BINAR;LOWER;BASIC" -DFP_QNRES=off -DFP_METHD="INTEG;COMBA;COMBA;MONTY;MONTY;SLIDE" -DBN_PRECI=160 -DBN_MAGNI=DOUBLE -DEP_PRECO=off -DEP_METHD="PROJC;LWNAF;LWNAF;BASIC" -DEP_ENDOM=on -DEP_PLAIN=on -DEC_METHD="PRIME" -DFPX_METHD="INTEG;INTEG;BASIC" -DPP_METHD="BASIC;OATEP" -DRAND=HASHD -DSEED=LIBC -DMD_METHD=SH256 $1 diff --git a/preset/fiat-pbc-bls381.sh b/preset/fiat-pbc-bls381.sh index 1b8b8bc1c..51143840f 100755 --- a/preset/fiat-pbc-bls381.sh +++ b/preset/fiat-pbc-bls381.sh @@ -1,2 +1,2 @@ -#!/bin/sh -cmake -DCHECK=off -DARITH=x64-fiat-381 -DFP_PRIME=381 -DFP_QNRES=on -DFP_METHD="BASIC;COMBA;COMBA;MONTY;LOWER;SLIDE" -DFPX_METHD="INTEG;INTEG;LAZYR" -DPP_METHD="LAZYR;OATEP" -DCFLAGS="-O3 -funroll-loops -fomit-frame-pointer -finline-small-functions -march=native -mtune=native" $1 +#!/bin/sh +cmake -DCHECK=off -DARITH=x64-fiat-381 -DFP_PRIME=381 -DFP_QNRES=on -DFP_METHD="BASIC;COMBA;COMBA;MONTY;LOWER;LOWER;SLIDE" -DFPX_METHD="INTEG;INTEG;LAZYR" -DPP_METHD="LAZYR;OATEP" -DCFLAGS="-O3 -funroll-loops -fomit-frame-pointer -finline-small-functions -march=native -mtune=native" $1 diff --git a/preset/gmp-ecc-128.sh b/preset/gmp-ecc-128.sh index a36a30211..d2d1516f0 100755 --- a/preset/gmp-ecc-128.sh +++ b/preset/gmp-ecc-128.sh @@ -1,2 +1,2 @@ #!/bin/sh -cmake -DCHECK=off -DARITH=gmp -DFP_PRIME=255 -DFP_QNRES=off -DEC_METHD="EDDIE" -DFP_METHD="INTEG;COMBA;COMBA;MONTY;MONTY;SLIDE" -DCFLAGS="-O3 -funroll-loops -fomit-frame-pointer -march=native -mtune=native" $1 +cmake -DCHECK=off -DARITH=gmp -DFP_PRIME=255 -DFP_QNRES=off -DEC_METHD="EDDIE" -DFP_METHD="INTEG;COMBA;COMBA;MONTY;MONTY;LOWER;SLIDE" -DCFLAGS="-O3 -funroll-loops -fomit-frame-pointer -march=native -mtune=native" $1 diff --git a/preset/gmp-ecc-tweedledum.sh b/preset/gmp-ecc-tweedledum.sh index c133a99ef..a47f62160 100755 --- a/preset/gmp-ecc-tweedledum.sh +++ b/preset/gmp-ecc-tweedledum.sh @@ -1,2 +1,2 @@ -#!/bin/sh -cmake -DCHECK=off -DARITH=gmp -DFP_PRIME=255 -DFP_QNRES=off -DEC_METHD="PRIME" -DEC_ENDOM=on -DFP_METHD="INTEG;COMBA;COMBA;MONTY;MONTY;SLIDE" -DCFLAGS="-O2 -funroll-loops -fomit-frame-pointer" $1 +#!/bin/sh +cmake -DCHECK=off -DARITH=gmp -DFP_PRIME=255 -DFP_QNRES=off -DEC_METHD="PRIME" -DEC_ENDOM=on -DFP_METHD="INTEG;COMBA;COMBA;MONTY;MONTY;LOWER;SLIDE" -DCFLAGS="-O2 -funroll-loops -fomit-frame-pointer" $1 diff --git a/preset/gmp-pbc-bls381.sh b/preset/gmp-pbc-bls381.sh index 391b8a367..3fc96146a 100755 --- a/preset/gmp-pbc-bls381.sh +++ b/preset/gmp-pbc-bls381.sh @@ -1,2 +1,2 @@ #!/bin/sh -cmake -DCHECK=off -DARITH=gmp -DFP_PRIME=381 -DFP_QNRES=on -DFP_METHD="BASIC;COMBA;COMBA;MONTY;LOWER;SLIDE" -DFPX_METHD="INTEG;INTEG;LAZYR" -DPP_METHD="LAZYR;OATEP" -DCFLAGS="-O2 -funroll-loops -fomit-frame-pointer" -DWITH="DV;MD;BC;BN;FP;FPX;EP;EPC;EC;PP;PC;CP" $1 +cmake -DCHECK=off -DARITH=gmp -DFP_PRIME=381 -DFP_QNRES=on -DFP_METHD="BASIC;COMBA;COMBA;MONTY;LOWER;LOWER;SLIDE" -DFPX_METHD="INTEG;INTEG;LAZYR" -DPP_METHD="LAZYR;OATEP" -DCFLAGS="-O2 -funroll-loops -fomit-frame-pointer" $1 diff --git a/preset/gmp-pbc-bn254.sh b/preset/gmp-pbc-bn254.sh index c0786d94d..ce18da40a 100755 --- a/preset/gmp-pbc-bn254.sh +++ b/preset/gmp-pbc-bn254.sh @@ -1,2 +1,2 @@ #!/bin/sh -cmake -DARCH=X86 -DWSIZE=32 -DRAND=UDEV -DSHLIB=OFF -DSTBIN=ON -DTIMER=CYCLE -DCHECK=off -DVERBS=off -DARITH=gmp -DFP_PRIME=254 -DFP_METHD="INTEG;INTEG;INTEG;MONTY;LOWER;SLIDE" -DCFLAGS="-O3 -funroll-loops -fomit-frame-pointer -finline-small-functions -march=native -mtune=native" -DFP_PMERS=off -DFP_QNRES=on -DFPX_METHD="INTEG;INTEG;LAZYR" -DPP_METHD="LAZYR;OATEP" $1 +cmake -DCHECK=off -DARITH=gmp -DFP_PRIME=254 -DFP_METHD="INTEG;INTEG;INTEG;MONTY;LOWER;LOWER;SLIDE" -DCFLAGS="-O3 -funroll-loops -fomit-frame-pointer -finline-small-functions -march=native -mtune=native" -DFP_PMERS=off -DFP_QNRES=on -DFPX_METHD="INTEG;INTEG;LAZYR" -DPP_METHD="LAZYR;OATEP" $1 diff --git a/preset/gmp-pbc-ss1536.sh b/preset/gmp-pbc-ss1536.sh index db81fab76..e08dbb044 100755 --- a/preset/gmp-pbc-ss1536.sh +++ b/preset/gmp-pbc-ss1536.sh @@ -1,2 +1,2 @@ -#!/bin/sh -cmake -DCHECK=off -DARITH=gmp -DBN_PRECI=1536 -DFP_PRIME=1536 -DFP_QNRES=on -DFP_METHD="BASIC;COMBA;COMBA;MONTY;LOWER;SLIDE" -DFPX_METHD="INTEG;INTEG;LAZYR" -DPP_METHD="LAZYR;OATEP" -DCFLAGS="-O2 -funroll-loops -fomit-frame-pointer" $1 +#!/bin/sh +cmake -DCHECK=off -DARITH=gmp -DBN_PRECI=1536 -DFP_PRIME=1536 -DFP_QNRES=on -DFP_METHD="BASIC;COMBA;COMBA;MONTY;LOWER;LOWER;SLIDE" -DFPX_METHD="INTEG;INTEG;LAZYR" -DPP_METHD="LAZYR;OATEP" -DCFLAGS="-O2 -funroll-loops -fomit-frame-pointer" $1 diff --git a/preset/msp-ecc-128.sh b/preset/msp-ecc-128.sh index c5acfc9e1..1eea7028a 100755 --- a/preset/msp-ecc-128.sh +++ b/preset/msp-ecc-128.sh @@ -1,2 +1,2 @@ #!/bin/sh -CC="msp430-gcc -mmcu=msp430f1611" CXX="c++" cmake -DARITH=msp-asm -DCMAKE_SYSTEM_NAME=Generic -DALIGN=2 -DARCH=MSP -DBENCH=1 "-DBN_METHD=BASIC;MULTP;MONTY;BASIC;BASIC;BASIC" -DCHECK=OFF -DCOLOR=OFF "-DCFLAGS:STRING=-O2 -g -mmcu=msp430f1611 -ffunction-sections -fdata-sections -fno-inline -mdisable-watchdog" -DDOCUM=OFF -DEP_DEPTH=3 -DEP_PLAIN=ON -DEP_ENDOM=OFF "-DFP_METHD=BASIC;COMBA;COMBA;QUICK;LOWER;BASIC" -DFP_PMERS=ON "-DLDFLAGS=-Wl,-mmcu=msp430f1611 -Wl,--gc-sections" -DSEED= -DSHLIB=OFF -DSTRIP=ON -DTESTS=1 -DTIMER=CYCLE -DVERBS=OFF -DWSIZE=16 -DFP_PRIME=256 -DBN_PRECI=256 -DMD_METHD=SH256 "-DWITH=FP;EP;EC;DV;CP;MD;BN" -DEC_ENDOM=OFF -DEC_METHD=PRIME -DRAND=HASHD $1 +CC="msp430-gcc -mmcu=msp430f1611" CXX="c++" cmake -DARITH=msp-asm -DCMAKE_SYSTEM_NAME=Generic -DALIGN=2 -DARCH=MSP -DBENCH=1 "-DBN_METHD=BASIC;MULTP;MONTY;BASIC;BASIC;BASIC" -DCHECK=OFF -DCOLOR=OFF "-DCFLAGS:STRING=-O2 -g -mmcu=msp430f1611 -ffunction-sections -fdata-sections -fno-inline -mdisable-watchdog" -DDOCUM=OFF -DEP_DEPTH=3 -DEP_PLAIN=ON -DEP_ENDOM=OFF "-DFP_METHD=BASIC;COMBA;COMBA;QUICK;LOWER;BASIC;BASIC" -DFP_PMERS=ON "-DLDFLAGS=-Wl,-mmcu=msp430f1611 -Wl,--gc-sections" -DSEED= -DSHLIB=OFF -DSTRIP=ON -DTESTS=1 -DTIMER=CYCLE -DVERBS=OFF -DWSIZE=16 -DFP_PRIME=256 -DBN_PRECI=256 -DMD_METHD=SH256 "-DWITH=FP;EP;EC;DV;CP;MD;BN" -DEC_ENDOM=OFF -DEC_METHD=PRIME -DRAND=HASHD $1 diff --git a/preset/msp-ecc-128k.sh b/preset/msp-ecc-128k.sh index 832a59c56..3a5d6a8b8 100755 --- a/preset/msp-ecc-128k.sh +++ b/preset/msp-ecc-128k.sh @@ -1,2 +1,2 @@ #!/bin/sh -CC="msp430-gcc -mmcu=msp430f1611" CXX="c++" cmake -DARITH=msp-asm -DCMAKE_SYSTEM_NAME=Generic -DALIGN=2 -DARCH=MSP -DBENCH=1 "-DBN_METHD=BASIC;MULTP;MONTY;BASIC;BASIC;BASIC" -DCHECK=OFF -DCOLOR=OFF "-DCFLAGS:STRING=-O2 -g -mmcu=msp430f1611 -ffunction-sections -fdata-sections -fno-inline -mdisable-watchdog" -DDOCUM=OFF -DEB_DEPTH=3 -DEB_PLAIN=OFF -DEP_DEPTH=3 -DEP_PLAIN=OFF "-DFB_METHD=LODAH;RLC_TABLE;QUICK;QUICK;BASIC;BASIC;EXGCD;BASIC;BASIC" -DFB_PRECO=OFF "-DFP_METHD=BASIC;COMBA;COMBA;QUICK;LOWER;BASIC" -DFP_PMERS=ON "-DLDFLAGS=-Wl,--gc-sections" -DSEED= -DSHLIB=OFF -DSTRIP=ON -DTESTS=1 -DTIMER=CYCLE -DVERBS=OFF -DWSIZE=16 -DFP_PRIME=256 -DFB_POLYN=283 -DBN_PRECI=284 -DMD_METHD=SH256 "-DWITH=FP;FB;EP;EB;EC;DV;CP;MD;BN" -DEC_METHD=PRIME -DRAND=HASHD $1 +CC="msp430-gcc -mmcu=msp430f1611" CXX="c++" cmake -DARITH=msp-asm -DCMAKE_SYSTEM_NAME=Generic -DALIGN=2 -DARCH=MSP -DBENCH=1 "-DBN_METHD=BASIC;MULTP;MONTY;BASIC;BASIC;BASIC" -DCHECK=OFF -DCOLOR=OFF "-DCFLAGS:STRING=-O2 -g -mmcu=msp430f1611 -ffunction-sections -fdata-sections -fno-inline -mdisable-watchdog" -DDOCUM=OFF -DEB_DEPTH=3 -DEB_PLAIN=OFF -DEP_DEPTH=3 -DEP_PLAIN=OFF "-DFB_METHD=LODAH;RLC_TABLE;QUICK;QUICK;BASIC;BASIC;EXGCD;BASIC;BASIC" -DFB_PRECO=OFF "-DFP_METHD=BASIC;COMBA;COMBA;QUICK;LOWER;BASIC;BASIC" -DFP_PMERS=ON "-DLDFLAGS=-Wl,--gc-sections" -DSEED= -DSHLIB=OFF -DSTRIP=ON -DTESTS=1 -DTIMER=CYCLE -DVERBS=OFF -DWSIZE=16 -DFP_PRIME=256 -DFB_POLYN=283 -DBN_PRECI=284 -DMD_METHD=SH256 "-DWITH=FP;FB;EP;EB;EC;DV;CP;MD;BN" -DEC_METHD=PRIME -DRAND=HASHD $1 diff --git a/preset/msp-ecc-80.sh b/preset/msp-ecc-80.sh index caccf1ad5..6072c2534 100755 --- a/preset/msp-ecc-80.sh +++ b/preset/msp-ecc-80.sh @@ -1,2 +1,2 @@ #!/bin/sh -CC="msp430-gcc -mmcu=msp430f1611" CXX="c++" cmake -DARITH=msp-asm -DCMAKE_SYSTEM_NAME=Generic -DALIGN=2 -DARCH=MSP -DBENCH=1 "-DBN_METHD=BASIC;MULTP;MONTY;BASIC;BASIC;BASIC" -DCHECK=OFF -DCOLOR=OFF "-DCFLAGS:STRING=-O2 -g -mmcu=msp430f1611 -ffunction-sections -fdata-sections -fno-inline -mdisable-watchdog" -DDOCUM=OFF -DEP_DEPTH=3 -DEP_PLAIN=ON -DEP_ENDOM=OFF "-DFP_METHD=BASIC;COMBA;COMBA;QUICK;LOWER;BASIC" -DFP_PMERS=ON "-DLDFLAGS=-Wl,--gc-sections" -DSEED= -DSHLIB=OFF -DSTRIP=ON -DTESTS=1 -DTIMER=CYCLE -DVERBS=OFF -DWSIZE=16 -DFP_PRIME=160 -DBN_PRECI=160 -DMD_METHD=SH256 "-DWITH=FP;EP;EC;DV;CP;MD;BN" -DEC_ENDOM=OFF -DEC_METHD=PRIME -DRAND=HASHD $1 +CC="msp430-gcc -mmcu=msp430f1611" CXX="c++" cmake -DARITH=msp-asm -DCMAKE_SYSTEM_NAME=Generic -DALIGN=2 -DARCH=MSP -DBENCH=1 "-DBN_METHD=BASIC;MULTP;MONTY;BASIC;BASIC;BASIC" -DCHECK=OFF -DCOLOR=OFF "-DCFLAGS:STRING=-O2 -g -mmcu=msp430f1611 -ffunction-sections -fdata-sections -fno-inline -mdisable-watchdog" -DDOCUM=OFF -DEP_DEPTH=3 -DEP_PLAIN=ON -DEP_ENDOM=OFF "-DFP_METHD=BASIC;COMBA;COMBA;QUICK;LOWER;BASIC;BASIC" -DFP_PMERS=ON "-DLDFLAGS=-Wl,--gc-sections" -DSEED= -DSHLIB=OFF -DSTRIP=ON -DTESTS=1 -DTIMER=CYCLE -DVERBS=OFF -DWSIZE=16 -DFP_PRIME=160 -DBN_PRECI=160 -DMD_METHD=SH256 "-DWITH=FP;EP;EC;DV;CP;MD;BN" -DEC_ENDOM=OFF -DEC_METHD=PRIME -DRAND=HASHD $1 diff --git a/preset/msp-ecc-80k.sh b/preset/msp-ecc-80k.sh index fdaf8ab58..42126a7d4 100755 --- a/preset/msp-ecc-80k.sh +++ b/preset/msp-ecc-80k.sh @@ -1,2 +1,2 @@ #!/bin/sh -CC="msp430-gcc -mmcu=msp430f1611" CXX="c++" cmake -DARITH=msp-asm -DCMAKE_SYSTEM_NAME=Generic -DALIGN=2 -DARCH=MSP -DBENCH=1 "-DBN_METHD=BASIC;MULTP;MONTY;BASIC;BASIC;BASIC" -DCHECK=OFF -DCOLOR=OFF "-DCFLAGS:STRING=-O2 -g -mmcu=msp430f1611 -ffunction-sections -fdata-sections -fno-inline -mdisable-watchdog" -DDOCUM=OFF -DEB_DEPTH=3 -DEB_PLAIN=OFF -DEP_DEPTH=3 -DEP_PLAIN=OFF "-DFB_METHD=LODAH;RLC_TABLE;QUICK;QUICK;BASIC;BASIC;EXGCD;BASIC;BASIC" -DFB_PRECO=OFF "-DFP_METHD=BASIC;COMBA;COMBA;QUICK;LOWER;BASIC" -DFP_PMERS=ON "-DLDFLAGS=-Wl,--gc-sections" -DSEED= -DSHLIB=OFF -DSTRIP=ON -DTESTS=1 -DTIMER=CYCLE -DVERBS=OFF -DWSIZE=16 -DFP_PRIME=160 -DFB_POLYN=163 -DBN_PRECI=164 -DMD_METHD=SH256 "-DWITH=FP;FB;EP;EB;EC;DV;CP;MD;BN" -DEC_METHD=PRIME -DRAND=HASHD $1 +CC="msp430-gcc -mmcu=msp430f1611" CXX="c++" cmake -DARITH=msp-asm -DCMAKE_SYSTEM_NAME=Generic -DALIGN=2 -DARCH=MSP -DBENCH=1 "-DBN_METHD=BASIC;MULTP;MONTY;BASIC;BASIC;BASIC" -DCHECK=OFF -DCOLOR=OFF "-DCFLAGS:STRING=-O2 -g -mmcu=msp430f1611 -ffunction-sections -fdata-sections -fno-inline -mdisable-watchdog" -DDOCUM=OFF -DEB_DEPTH=3 -DEB_PLAIN=OFF -DEP_DEPTH=3 -DEP_PLAIN=OFF "-DFB_METHD=LODAH;RLC_TABLE;QUICK;QUICK;BASIC;BASIC;EXGCD;BASIC;BASIC" -DFB_PRECO=OFF "-DFP_METHD=BASIC;COMBA;COMBA;QUICK;LOWER;BASIC;BASIC" -DFP_PMERS=ON "-DLDFLAGS=-Wl,--gc-sections" -DSEED= -DSHLIB=OFF -DSTRIP=ON -DTESTS=1 -DTIMER=CYCLE -DVERBS=OFF -DWSIZE=16 -DFP_PRIME=160 -DFB_POLYN=163 -DBN_PRECI=164 -DMD_METHD=SH256 "-DWITH=FP;FB;EP;EB;EC;DV;CP;MD;BN" -DEC_METHD=PRIME -DRAND=HASHD $1 diff --git a/preset/msp-pbc-bn158.sh b/preset/msp-pbc-bn158.sh index 257a97359..b2e65db0f 100755 --- a/preset/msp-pbc-bn158.sh +++ b/preset/msp-pbc-bn158.sh @@ -1,2 +1,2 @@ #!/bin/sh -CC="msp430-gcc -mmcu=msp430f1611" CXX="c++" cmake -DCMAKE_SYSTEM_NAME=Generic -DARITH=msp-asm -DALIGN=2 -DARCH=MSP -DBENCH=1 "-DBN_METHD=BASIC;MULTP;MONTY;BASIC;BASIC;BASIC" -DCHECK=OFF -DCOLOR=OFF "-DCFLAGS:STRING=-O2 -g -mmcu=msp430f1611 -ffunction-sections -fdata-sections -fno-inline -mdisable-watchdog" -DDOCUM=OFF -EB_KBTLZ=OFF -DEB_ORDIN=OFF -DEB_PRECO=OFF -DEP_PRECO=OFF "-DFP_METHD=BASIC;COMBA;MULTP;MONTY;MONTY;SLIDE" "-DLDFLAGS=-Wl,--gc-sections" "-DFPX_METHD=INTEG;INTEG;BASIC" "-DPP_METHD=BASIC;OATEP" -DSEED= -DSHLIB=OFF -DSTRIP=ON -DTESTS=1 -DTIMER=CYCLE -DVERBS=OFF -DWSIZE=16 -DFP_PRIME=158 -DFP_QNRES=OFF -DBN_PRECI=160 -DMD_METHD=SH256 "-DWITH=FP;FPX;EP;EPX;PP;PC;DV;CP;MD;BN" -DEC_METHD=PRIME -DRAND=HASHD $1 +CC="msp430-gcc -mmcu=msp430f1611" CXX="c++" cmake -DCMAKE_SYSTEM_NAME=Generic -DARITH=msp-asm -DALIGN=2 -DARCH=MSP -DBENCH=1 "-DBN_METHD=BASIC;MULTP;MONTY;BASIC;BASIC;BASIC" -DCHECK=OFF -DCOLOR=OFF "-DCFLAGS:STRING=-O2 -g -mmcu=msp430f1611 -ffunction-sections -fdata-sections -fno-inline -mdisable-watchdog" -DDOCUM=OFF -EB_KBTLZ=OFF -DEB_ORDIN=OFF -DEB_PRECO=OFF -DEP_PRECO=OFF "-DFP_METHD=BASIC;COMBA;MULTP;MONTY;MONTY;LOWER;SLIDE" "-DLDFLAGS=-Wl,--gc-sections" "-DFPX_METHD=INTEG;INTEG;BASIC" "-DPP_METHD=BASIC;OATEP" -DSEED= -DSHLIB=OFF -DSTRIP=ON -DTESTS=1 -DTIMER=CYCLE -DVERBS=OFF -DWSIZE=16 -DFP_PRIME=158 -DFP_QNRES=OFF -DBN_PRECI=160 -DMD_METHD=SH256 "-DWITH=FP;FPX;EP;EPX;PP;PC;DV;CP;MD;BN" -DEC_METHD=PRIME -DRAND=HASHD $1 diff --git a/preset/msp-pbc-bn254.sh b/preset/msp-pbc-bn254.sh index c68723ffd..338e141b8 100755 --- a/preset/msp-pbc-bn254.sh +++ b/preset/msp-pbc-bn254.sh @@ -1,2 +1,2 @@ #!/bin/sh -CC="msp430-gcc -mmcu=msp430f1611" CXX="c++" cmake -DCMAKE_SYSTEM_NAME=Generic -DARITH=msp-asm -DALIGN=2 -DARCH=MSP -DBENCH=1 "-DBN_METHD=BASIC;MULTP;MONTY;BASIC;BASIC;BASIC" -DCHECK=OFF -DCOLOR=OFF "-DCFLAGS:STRING=-O2 -g -mmcu=msp430f1611 -ffunction-sections -fdata-sections -fno-inline -mdisable-watchdog" -DDOCUM=OFF -DEP_PRECO=OFF "-DFP_METHD=BASIC;COMBA;MULTP;MONTY;MONTY;SLIDE" "-DLDFLAGS=-Wl,--gc-sections" "-DFPX_METHD=INTEG;INTEG;BASIC" "-DPP_METHD=BASIC;OATEP" -DSEED= -DSHLIB=OFF -DSTRIP=ON -DTESTS=1 -DTIMER=CYCLE -DVERBS=OFF -DWSIZE=16 -DFP_PRIME=254 -DFP_QNRES=ON -DBN_PRECI=256 -DMD_METHD=SH256 "-DwITH=FP;FPX;EP;EPX;PP;PC;DV;CP;MD;BN" -DEC_METHD=PRIME -DRAND=HASHD $1 +CC="msp430-gcc -mmcu=msp430f1611" CXX="c++" cmake -DCMAKE_SYSTEM_NAME=Generic -DARITH=msp-asm -DALIGN=2 -DARCH=MSP -DBENCH=1 "-DBN_METHD=BASIC;MULTP;MONTY;BASIC;BASIC;BASIC" -DCHECK=OFF -DCOLOR=OFF "-DCFLAGS:STRING=-O2 -g -mmcu=msp430f1611 -ffunction-sections -fdata-sections -fno-inline -mdisable-watchdog" -DDOCUM=OFF -DEP_PRECO=OFF "-DFP_METHD=BASIC;COMBA;MULTP;MONTY;MONTY;LOWER;SLIDE" "-DLDFLAGS=-Wl,--gc-sections" "-DFPX_METHD=INTEG;INTEG;BASIC" "-DPP_METHD=BASIC;OATEP" -DSEED= -DSHLIB=OFF -DSTRIP=ON -DTESTS=1 -DTIMER=CYCLE -DVERBS=OFF -DWSIZE=16 -DFP_PRIME=254 -DFP_QNRES=ON -DBN_PRECI=256 -DMD_METHD=SH256 "-DwITH=FP;FPX;EP;EPX;PP;PC;DV;CP;MD;BN" -DEC_METHD=PRIME -DRAND=HASHD $1 diff --git a/preset/x64-ecc-128.sh b/preset/x64-ecc-128.sh index fc4e7f3f7..f96c70370 100755 --- a/preset/x64-ecc-128.sh +++ b/preset/x64-ecc-128.sh @@ -1,2 +1,2 @@ -#!/bin/sh -cmake -DCHECK=off -DARITH=x64-asm-4l -DFP_PRIME=255 -DFP_QNRES=off -DEC_METHD="EDDIE" -DFP_METHD="INTEG;INTEG;INTEG;MONTY;LOWER;SLIDE" -DCFLAGS="-O3 -funroll-loops -fomit-frame-pointer -march=native -mtune=native" $1 +#!/bin/sh +cmake -DCHECK=off -DARITH=x64-asm-4l -DFP_PRIME=255 -DFP_QNRES=off -DEC_METHD="EDDIE" -DFP_METHD="INTEG;INTEG;INTEG;MONTY;LOWER;LOWER;SLIDE" -DCFLAGS="-O3 -funroll-loops -fomit-frame-pointer -march=native -mtune=native" $1 diff --git a/preset/x64-pbc-bls12-377.sh b/preset/x64-pbc-bls12-377.sh new file mode 100755 index 000000000..a5fbe7367 --- /dev/null +++ b/preset/x64-pbc-bls12-377.sh @@ -0,0 +1,2 @@ +#!/bin/sh +cmake -DWSIZE=64 -DRAND=UDEV -DSHLIB=OFF -DSTBIN=ON -DTIMER=CYCLE -DCHECK=off -DVERBS=off -DARITH=x64-asm-6l -DFP_PRIME=377 -DFP_METHD="INTEG;INTEG;INTEG;MONTY;LOWER;LOWER;SLIDE" -DCFLAGS="-O3 -funroll-loops -fomit-frame-pointer -finline-small-functions -march=native -mtune=native" -DFP_PMERS=off -DFP_QNRES=off -DFPX_METHD="INTEG;INTEG;LAZYR" -DEP_PLAIN=off -DEP_SUPER=off -DPP_METHD="LAZYR;OATEP" $1 diff --git a/preset/x64-pbc-bls12-381.sh b/preset/x64-pbc-bls12-381.sh index f4344e4ca..e3ed68136 100755 --- a/preset/x64-pbc-bls12-381.sh +++ b/preset/x64-pbc-bls12-381.sh @@ -1,2 +1,2 @@ #!/bin/sh -cmake -DWSIZE=64 -DRAND=UDEV -DSHLIB=OFF -DSTBIN=ON -DTIMER=CYCLE -DCHECK=off -DVERBS=off -DARITH=x64-asm-6l -DFP_PRIME=381 -DFP_METHD="INTEG;INTEG;INTEG;MONTY;LOWER;SLIDE" -DCFLAGS="-O3 -funroll-loops -fomit-frame-pointer -finline-small-functions -march=native -mtune=native" -DFP_PMERS=off -DFP_QNRES=on -DFPX_METHD="INTEG;INTEG;LAZYR" -DEP_PLAIN=off -DEP_SUPER=off -DPP_METHD="LAZYR;OATEP" -DWITH="DV;MD;BC;BN;FP;FPX;EP;EPX;EC;PP;PC;CP" $1 +cmake -DWSIZE=64 -DRAND=UDEV -DSHLIB=OFF -DSTBIN=ON -DTIMER=CYCLE -DCHECK=off -DVERBS=off -DARITH=x64-asm-6l -DFP_PRIME=381 -DFP_METHD="INTEG;INTEG;INTEG;MONTY;LOWER;LOWER;SLIDE" -DCFLAGS="-O3 -funroll-loops -fomit-frame-pointer -finline-small-functions -march=native -mtune=native" -DFP_PMERS=off -DFP_QNRES=on -DFPX_METHD="INTEG;INTEG;LAZYR" -DEP_PLAIN=off -DEP_SUPER=off -DPP_METHD="LAZYR;OATEP" $1 diff --git a/preset/x64-pbc-bls12-446.sh b/preset/x64-pbc-bls12-446.sh index e820b9b67..07406b5df 100755 --- a/preset/x64-pbc-bls12-446.sh +++ b/preset/x64-pbc-bls12-446.sh @@ -1,2 +1,2 @@ #!/bin/sh -cmake -DWSIZE=64 -DRAND=UDEV -DSHLIB=OFF -DSTBIN=ON -DTIMER=CYCLE -DCHECK=off -DVERBS=off -DARITH=x64-asm-446 -DFP_PRIME=446 -DFP_METHD="INTEG;INTEG;INTEG;MONTY;LOWER;SLIDE" -DCFLAGS="-O3 -funroll-loops -fomit-frame-pointer -finline-small-functions -march=native -mtune=native" -DFP_PMERS=off -DFP_QNRES=on -DFPX_METHD="INTEG;INTEG;LAZYR" -DEP_PLAIN=off -DEP_SUPER=off -DPP_METHD="LAZYR;OATEP" $1 +cmake -DWSIZE=64 -DRAND=UDEV -DSHLIB=OFF -DSTBIN=ON -DTIMER=CYCLE -DCHECK=off -DVERBS=off -DARITH=x64-asm-7l -DFP_PRIME=446 -DFP_METHD="INTEG;INTEG;INTEG;MONTY;LOWER;LOWER;SLIDE" -DCFLAGS="-O3 -funroll-loops -fomit-frame-pointer -finline-small-functions -march=native -mtune=native" -DFP_PMERS=off -DFP_QNRES=on -DFPX_METHD="INTEG;INTEG;LAZYR" -DEP_PLAIN=off -DEP_SUPER=off -DPP_METHD="LAZYR;OATEP" $1 diff --git a/preset/x64-pbc-bls12-455.sh b/preset/x64-pbc-bls12-455.sh index 1f3474bd7..302570ad2 100755 --- a/preset/x64-pbc-bls12-455.sh +++ b/preset/x64-pbc-bls12-455.sh @@ -1,2 +1,2 @@ #!/bin/sh -cmake -DWSIZE=64 -DRAND=UDEV -DSHLIB=OFF -DSTBIN=ON -DTIMER=CYCLE -DCHECK=off -DVERBS=off -DARITH=x64-asm-455 -DFP_PRIME=455 -DFP_METHD="INTEG;INTEG;INTEG;MONTY;LOWER;SLIDE" -DCFLAGS="-O3 -funroll-loops -fomit-frame-pointer -finline-small-functions -march=native -mtune=native" -DFP_PMERS=off -DFP_QNRES=on -DFPX_METHD="INTEG;INTEG;LAZYR" -DEP_PLAIN=off -DEP_SUPER=off -DPP_METHD="LAZYR;OATEP" $1 +cmake -DWSIZE=64 -DRAND=UDEV -DSHLIB=OFF -DSTBIN=ON -DTIMER=CYCLE -DCHECK=off -DVERBS=off -DARITH=x64-asm-8l -DFP_PRIME=455 -DFP_METHD="INTEG;INTEG;INTEG;MONTY;LOWER;LOWER;SLIDE" -DCFLAGS="-O3 -funroll-loops -fomit-frame-pointer -finline-small-functions -march=native -mtune=native" -DFP_PMERS=off -DFP_QNRES=on -DFPX_METHD="INTEG;INTEG;LAZYR" -DEP_PLAIN=off -DEP_SUPER=off -DPP_METHD="LAZYR;OATEP" $1 diff --git a/preset/x64-pbc-bls12-638.sh b/preset/x64-pbc-bls12-638.sh index 20c278809..2b4eaabab 100755 --- a/preset/x64-pbc-bls12-638.sh +++ b/preset/x64-pbc-bls12-638.sh @@ -1,2 +1,2 @@ #!/bin/sh -cmake -DWSIZE=64 -DRAND=UDEV -DSHLIB=OFF -DSTBIN=ON -DTIMER=CYCLE -DCHECK=off -DVERBS=off -DARITH=x64-asm-638 -DFP_PRIME=638 -DFP_METHD="INTEG;INTEG;INTEG;MONTY;LOWER;SLIDE" -DCFLAGS="-O3 -funroll-loops -fomit-frame-pointer -finline-small-functions -march=native -mtune=native" -DFP_PMERS=off -DFP_QNRES=on -DFPX_METHD="INTEG;INTEG;LAZYR" -DEP_PLAIN=off -DEP_SUPER=off -DPP_METHD="LAZYR;OATEP" $1 +cmake -DWSIZE=64 -DRAND=UDEV -DSHLIB=OFF -DSTBIN=ON -DTIMER=CYCLE -DCHECK=off -DVERBS=off -DARITH=x64-asm-10l -DFP_PRIME=638 -DFP_METHD="INTEG;INTEG;INTEG;MONTY;LOWER;LOWER;SLIDE" -DCFLAGS="-O3 -funroll-loops -fomit-frame-pointer -finline-small-functions -march=native -mtune=native" -DFP_PMERS=off -DFP_QNRES=on -DFPX_METHD="INTEG;INTEG;LAZYR" -DEP_PLAIN=off -DEP_SUPER=off -DPP_METHD="LAZYR;OATEP" $1 diff --git a/preset/x64-pbc-bls24-315.sh b/preset/x64-pbc-bls24-315.sh new file mode 100755 index 000000000..d7a294c9a --- /dev/null +++ b/preset/x64-pbc-bls24-315.sh @@ -0,0 +1,2 @@ +#!/bin/sh +cmake -DWSIZE=64 -DRAND=UDEV -DSHLIB=OFF -DSTBIN=ON -DTIMER=CYCLE -DCHECK=off -DVERBS=off -DARITH=x64-asm-5l -DFP_PRIME=315 -DFP_METHD="INTEG;INTEG;INTEG;MONTY;LOWER;LOWER;SLIDE" -DCFLAGS="-O3 -funroll-loops -fomit-frame-pointer -march=native -mtune=native" -DFP_PMERS=off -DFP_QNRES=off -DFPX_METHD="INTEG;INTEG;LAZYR" -DEP_PLAIN=off -DEP_SUPER=off -DPP_METHD="LAZYR;OATEP" -DWITH="ALL" $1 diff --git a/preset/x64-pbc-bls24-317.sh b/preset/x64-pbc-bls24-317.sh new file mode 100755 index 000000000..987b3b7f8 --- /dev/null +++ b/preset/x64-pbc-bls24-317.sh @@ -0,0 +1,2 @@ +#!/bin/sh +cmake -DWSIZE=64 -DRAND=UDEV -DSHLIB=OFF -DSTBIN=ON -DTIMER=CYCLE -DCHECK=off -DVERBS=off -DARITH=x64-asm-5l -DFP_PRIME=317 -DFP_METHD="INTEG;INTEG;INTEG;MONTY;LOWER;LOWER;SLIDE" -DCFLAGS="-O3 -funroll-loops -fomit-frame-pointer -march=native -mtune=native" -DFP_PMERS=off -DFP_QNRES=on -DFPX_METHD="INTEG;INTEG;LAZYR" -DEP_PLAIN=off -DEP_SUPER=off -DPP_METHD="LAZYR;OATEP" -DWITH="ALL" $1 diff --git a/preset/x64-pbc-bls24-509.sh b/preset/x64-pbc-bls24-509.sh index deeec8b91..51eafeae6 100755 --- a/preset/x64-pbc-bls24-509.sh +++ b/preset/x64-pbc-bls24-509.sh @@ -1,2 +1,2 @@ #!/bin/sh -cmake -DWSIZE=64 -DRAND=UDEV -DSHLIB=OFF -DSTBIN=ON -DTIMER=CYCLE -DCHECK=off -DVERBS=off -DARITH=x64-asm-8l -DFP_PRIME=509 -DFP_METHD="INTEG;INTEG;INTEG;MONTY;LOWER;SLIDE" -DCFLAGS="-O3 -funroll-loops -fomit-frame-pointer -march=native -mtune=native" -DFP_PMERS=off -DFP_QNRES=on -DFPX_METHD="INTEG;INTEG;LAZYR" -DEP_PLAIN=off -DEP_SUPER=off -DPP_METHD="LAZYR;OATEP" -DWITH="ALL" $1 +cmake -DWSIZE=64 -DRAND=UDEV -DSHLIB=OFF -DSTBIN=ON -DTIMER=CYCLE -DCHECK=off -DVERBS=off -DARITH=x64-asm-8l -DFP_PRIME=509 -DFP_METHD="INTEG;INTEG;INTEG;MONTY;LOWER;LOWER;SLIDE" -DCFLAGS="-O3 -funroll-loops -fomit-frame-pointer -march=native -mtune=native" -DFP_PMERS=off -DFP_QNRES=on -DFPX_METHD="INTEG;INTEG;LAZYR" -DEP_PLAIN=off -DEP_SUPER=off -DPP_METHD="LAZYR;OATEP" -DWITH="ALL" $1 diff --git a/preset/x64-pbc-bls48-575.sh b/preset/x64-pbc-bls48-575.sh index 8f0e69646..83c171bcd 100755 --- a/preset/x64-pbc-bls48-575.sh +++ b/preset/x64-pbc-bls48-575.sh @@ -1,2 +1,2 @@ #!/bin/sh -cmake -DWSIZE=64 -DRAND=UDEV -DSHLIB=OFF -DSTBIN=ON -DTIMER=CYCLE -DCHECK=off -DVERBS=off -DARITH=x64-asm-9l -DFP_PRIME=575 -DFP_METHD="INTEG;INTEG;INTEG;MONTY;LOWER;SLIDE" -DCFLAGS="-O3 -funroll-loops -fomit-frame-pointer -finline-small-functions -march=native -mtune=native" -DFP_PMERS=off -DFP_QNRES=on -DFPX_METHD="INTEG;INTEG;LAZYR" -DEP_PLAIN=off -DEP_SUPER=off -DPP_METHD="LAZYR;OATEP" $1 +cmake -DWSIZE=64 -DRAND=UDEV -DSHLIB=OFF -DSTBIN=ON -DTIMER=CYCLE -DCHECK=off -DVERBS=off -DARITH=x64-asm-9l -DFP_PRIME=575 -DFP_METHD="INTEG;INTEG;INTEG;MONTY;LOWER;LOWER;SLIDE" -DCFLAGS="-O3 -funroll-loops -fomit-frame-pointer -finline-small-functions -march=native -mtune=native" -DFP_PMERS=off -DFP_QNRES=on -DFPX_METHD="INTEG;INTEG;LAZYR" -DEP_PLAIN=off -DEP_SUPER=off -DPP_METHD="LAZYR;OATEP" $1 diff --git a/preset/x64-pbc-bn254.sh b/preset/x64-pbc-bn254.sh index e8dfbb036..b3a0924cd 100755 --- a/preset/x64-pbc-bn254.sh +++ b/preset/x64-pbc-bn254.sh @@ -1,2 +1,2 @@ #!/bin/sh -cmake -DWSIZE=64 -DRAND=UDEV -DSHLIB=OFF -DSTBIN=ON -DTIMER=CYCLE -DCHECK=off -DVERBS=off -DARITH=x64-asm-4l -DFP_PRIME=254 -DFP_METHD="INTEG;INTEG;INTEG;MONTY;LOWER;SLIDE" -DCFLAGS="-O3 -funroll-loops -fomit-frame-pointer -finline-small-functions -march=native -mtune=native" -DFP_PMERS=off -DFP_QNRES=on -DFPX_METHD="INTEG;INTEG;LAZYR" -DPP_METHD="LAZYR;OATEP" $1 +cmake -DWSIZE=64 -DRAND=UDEV -DSHLIB=OFF -DSTBIN=ON -DTIMER=CYCLE -DCHECK=off -DVERBS=off -DARITH=x64-asm-4l -DFP_PRIME=254 -DFP_METHD="INTEG;INTEG;INTEG;MONTY;LOWER;LOWER;SLIDE" -DCFLAGS="-O3 -funroll-loops -fomit-frame-pointer -finline-small-functions -march=native -mtune=native" -DFP_PMERS=off -DFP_QNRES=on -DFPX_METHD="INTEG;INTEG;LAZYR" -DPP_METHD="LAZYR;OATEP" $1 diff --git a/preset/x64-pbc-bn382.sh b/preset/x64-pbc-bn382.sh index 7fd1ca15c..bb3094695 100755 --- a/preset/x64-pbc-bn382.sh +++ b/preset/x64-pbc-bn382.sh @@ -1,2 +1,2 @@ #!/bin/sh -cmake -DWSIZE=64 -DRAND=UDEV -DSHLIB=OFF -DSTBIN=ON -DTIMER=CYCLE -DCHECK=off -DVERBS=off -DARITH=x64-asm-6l -DFP_PRIME=382 -DFP_METHD="INTEG;INTEG;INTEG;MONTY;LOWER;SLIDE" -DCFLAGS="-O3 -funroll-loops -fomit-frame-pointer -finline-small-functions -march=native -mtune=native" -DFP_PMERS=off -DFP_QNRES=on -DFPX_METHD="INTEG;INTEG;LAZYR" -DEP_PLAIN=off -DEP_SUPER=off -DPP_METHD="LAZYR;OATEP" $1 +cmake -DWSIZE=64 -DRAND=UDEV -DSHLIB=OFF -DSTBIN=ON -DTIMER=CYCLE -DCHECK=off -DVERBS=off -DARITH=x64-asm-6l -DFP_PRIME=382 -DFP_METHD="INTEG;INTEG;INTEG;MONTY;LOWER;LOWER;SLIDE" -DCFLAGS="-O3 -funroll-loops -fomit-frame-pointer -finline-small-functions -march=native -mtune=native" -DFP_PMERS=off -DFP_QNRES=on -DFPX_METHD="INTEG;INTEG;LAZYR" -DEP_PLAIN=off -DEP_SUPER=off -DPP_METHD="LAZYR;OATEP" $1 diff --git a/preset/x64-pbc-bn446.sh b/preset/x64-pbc-bn446.sh index 0d6cce619..fb353e6b1 100755 --- a/preset/x64-pbc-bn446.sh +++ b/preset/x64-pbc-bn446.sh @@ -1,2 +1,2 @@ #!/bin/sh -cmake -DWSIZE=64 -DRAND=UDEV -DSHLIB=OFF -DSTBIN=ON -DTIMER=CYCLE -DCHECK=off -DVERBS=off -DARITH=x64-asm-446 -DFP_PRIME=446 -DFP_METHD="INTEG;INTEG;INTEG;MONTY;LOWER;SLIDE" -DCFLAGS="-O3 -funroll-loops -fomit-frame-pointer -finline-small-functions -march=native -mtune=native" -DFP_PMERS=off -DFP_QNRES=off -DFPX_METHD="INTEG;INTEG;LAZYR" -DEP_PLAIN=off -DEP_SUPER=off -DPP_METHD="LAZYR;OATEP" $1 +cmake -DWSIZE=64 -DRAND=UDEV -DSHLIB=OFF -DSTBIN=ON -DTIMER=CYCLE -DCHECK=off -DVERBS=off -DARITH=x64-asm-7l -DFP_PRIME=446 -DFP_METHD="INTEG;INTEG;INTEG;MONTY;LOWER;LOWER;SLIDE" -DCFLAGS="-O3 -funroll-loops -fomit-frame-pointer -finline-small-functions -march=native -mtune=native" -DFP_PMERS=off -DFP_QNRES=off -DFPX_METHD="INTEG;INTEG;LAZYR" -DEP_PLAIN=off -DEP_SUPER=off -DPP_METHD="LAZYR;OATEP" $1 diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index b28f56597..51cb16087 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -1,11 +1,11 @@ string(TOLOWER ${ARITH} ARITH_PATH) if (EXISTS "${CMAKE_CURRENT_SOURCE_DIR}/low/${ARITH_PATH}/CMakeLists.txt") include("${CMAKE_CURRENT_SOURCE_DIR}/low/${ARITH_PATH}/CMakeLists.txt") -endif(EXISTS "${CMAKE_CURRENT_SOURCE_DIR}/low/${ARITH_PATH}/CMakeLists.txt") +endif() if (NOT INHERIT) set(INHERIT "easy") -endif(NOT INHERIT) +endif() string(TOLOWER ${INHERIT} INHERIT_PATH) set(CORE_SRCS relic_err.c relic_core.c relic_conf.c relic_util.c) @@ -15,15 +15,15 @@ if (ARCH) if (EXISTS "${CMAKE_CURRENT_SOURCE_DIR}/arch/relic_arch_${ARCH_PATH}.c") list(APPEND CORE_SRCS "arch/relic_arch_${ARCH_PATH}.c") endif(EXISTS "${CMAKE_CURRENT_SOURCE_DIR}/arch/relic_arch_${ARCH_PATH}.c") -else(ARCH) +else() list(APPEND CORE_SRCS "arch/relic_arch_none.c") -endif(ARCH) +endif() string(TOLOWER ${RAND} RAND_PATH) if (EXISTS "${CMAKE_CURRENT_SOURCE_DIR}/rand/relic_rand_${RAND_PATH}.c") list(APPEND CORE_SRCS "rand/relic_rand_core.c") list(APPEND CORE_SRCS "rand/relic_rand_${RAND_PATH}.c") -endif(EXISTS "${CMAKE_CURRENT_SOURCE_DIR}/rand/relic_rand_${RAND_PATH}.c") +endif() file(GLOB BN_SRCS bn/*.c) file(GLOB DV_SRCS dv/*.c) @@ -46,67 +46,67 @@ set(RELIC_SRCS ${CORE_SRCS}) if (TESTS GREATER 0) list(APPEND RELIC_SRCS "relic_test.c") -endif(TESTS GREATER 0) +endif() if (BENCH GREATER 0) list(APPEND RELIC_SRCS "relic_bench.c") -endif(BENCH GREATER 0) +endif() if (WITH_BN) list(APPEND RELIC_SRCS ${BN_SRCS}) file(GLOB TEMP low/easy/relic_bn*.c) list(APPEND LOW_SRCS ${TEMP}) -endif(WITH_BN) +endif() if (WITH_DV) list(APPEND RELIC_SRCS ${DV_SRCS}) -endif(WITH_DV) +endif() if (WITH_FP) list(APPEND RELIC_SRCS ${FP_SRCS}) file(GLOB TEMP low/easy/relic_fp_*.c) list(APPEND LOW_SRCS ${TEMP}) -endif(WITH_FP) +endif() if (WITH_FPX) list(APPEND RELIC_SRCS ${FPX_SRCS}) file(GLOB TEMP low/easy/relic_fpx_*.c) list(APPEND LOW_SRCS ${TEMP}) -endif(WITH_FPX) +endif() if (WITH_FB) list(APPEND RELIC_SRCS ${FB_SRCS}) file(GLOB TEMP low/easy/relic_fb*.c) list(APPEND LOW_SRCS ${TEMP}) -endif(WITH_FB) +endif() if (WITH_FBX) list(APPEND RELIC_SRCS ${FBX_SRCS}) -endif(WITH_FBX) +endif() if (WITH_EP) list(APPEND RELIC_SRCS ${EP_SRCS}) -endif(WITH_EP) +endif() if (WITH_EPX) list(APPEND RELIC_SRCS ${EPX_SRCS}) -endif(WITH_EPX) +endif() if (WITH_EB) list(APPEND RELIC_SRCS ${EB_SRCS}) -endif(WITH_EB) +endif() if (WITH_ED) list(APPEND RELIC_SRCS ${ED_SRCS}) -endif(WITH_ED) +endif() if (WITH_PP) list(APPEND RELIC_SRCS ${PP_SRCS}) -endif(WITH_PP) +endif() if (WITH_PC) list(APPEND RELIC_SRCS ${PC_SRCS}) -endif(WITH_PC) +endif() if (WITH_CP) if (WITH_BN) @@ -115,6 +115,9 @@ if (WITH_CP) list(APPEND RELIC_SRCS "cp/relic_cp_bdpe.c") list(APPEND RELIC_SRCS "cp/relic_cp_ghpe.c") list(APPEND RELIC_SRCS "cp/relic_cp_phpe.c") + list(APPEND RELIC_SRCS "cp/relic_cp_shpe.c") + list(APPEND RELIC_SRCS "cp/relic_cp_rsapsi.c") + list(APPEND RELIC_SRCS "cp/relic_cp_shipsi.c") endif() if (WITH_EB OR WITH_EP OR WITH_ED OR WITH_EC) list(APPEND RELIC_SRCS "cp/relic_cp_ecdh.c") @@ -126,6 +129,7 @@ if (WITH_CP) list(APPEND RELIC_SRCS "cp/relic_cp_pok.c") list(APPEND RELIC_SRCS "cp/relic_cp_sok.c") list(APPEND RELIC_SRCS "cp/relic_cp_ers.c") + list(APPEND RELIC_SRCS "cp/relic_cp_smlers.c") list(APPEND RELIC_SRCS "cp/relic_cp_etrs.c") endif() if (WITH_PP OR WITH_PC) @@ -140,6 +144,7 @@ if (WITH_CP) list(APPEND RELIC_SRCS "cp/relic_cp_zss.c") list(APPEND RELIC_SRCS "cp/relic_cp_cmlhs.c") list(APPEND RELIC_SRCS "cp/relic_cp_mklhs.c") + list(APPEND RELIC_SRCS "cp/relic_cp_pbpsi.c") endif() if (WITH_MPC) list(APPEND RELIC_SRCS "cp/relic_cp_mpss.c") @@ -148,15 +153,15 @@ endif() if (WITH_BC) list(APPEND RELIC_SRCS ${BC_SRCS}) -endif(WITH_BC) +endif() if (WITH_MD) list(APPEND RELIC_SRCS ${MD_SRCS}) -endif(WITH_MD) +endif() if (WITH_MPC) list(APPEND RELIC_SRCS ${MPC_SRCS}) -endif(WITH_MPC) +endif() foreach(SRC ${LOW_SRCS}) get_filename_component(SRC ${SRC} NAME_WE) @@ -174,7 +179,7 @@ foreach(SRC ${LOW_SRCS}) list(APPEND ARITH_SRCS "low/easy/${SRC}.c") endif(EXISTS "${CMAKE_CURRENT_SOURCE_DIR}/low/${INHERIT_PATH}/${SRC}.c") endif(NOT EXISTS "${FILE}.c" AND NOT EXISTS "${FILE}.s") -endforeach(SRC) +endforeach() list(APPEND RELIC_SRCS ${ARITH_SRCS}) @@ -186,44 +191,45 @@ add_custom_target(arith_objs DEPENDS ${ARITH_OBJS}) macro(LINK_LIBS LIBRARY) if(OPSYS STREQUAL LINUX) target_link_libraries(${LIBRARY} rt) - endif(OPSYS STREQUAL LINUX) - if(MULTI STREQUAL OPENMP AND NOT MSVC) - target_link_libraries(${LIBRARY} gomp m) - endif(MULTI STREQUAL OPENMP AND NOT MSVC) - if(MULTI STREQUAL PTHREAD) - target_link_libraries(${LIBRARY} pthread m) - endif(MULTI STREQUAL PTHREAD) -endmacro(LINK_LIBS) + endif() + if (OPSYS STREQUAL MACOSX AND CMAKE_C_COMPILER_ID MATCHES "Clang") + if(MULTI STREQUAL PTHREAD) + target_link_libraries(${LIBRARY} pthread) + elseif(MULTI STREQUAL OPENMP) + target_link_libraries(${LIBRARY} omp) + endif() + endif() +endmacro() function(AMALGAMATE output inputFiles) file(WRITE "${output}" "// This file is an automatic amalgamation of all relic source files.\n" ) FOREACH(file ${inputFiles}) file(APPEND "${output}" "#include \"${file}\"\n") ENDFOREACH() -endfunction(AMALGAMATE) +endfunction() if(AMALG) AMALGAMATE("relic-all.c" "${RELIC_SRCS}${ARITH_OBJS}") endif(AMALG) if (SHLIB) - if(AMALG) + if (AMALG) add_library(${RELIC} SHARED "relic-all.c") - else(AMALG) + else() add_library(${RELIC} SHARED ${RELIC_SRCS} ${ARITH_OBJS}) - endif(AMALG) + endif() add_dependencies(${RELIC} arith_objs) target_link_libraries(${RELIC} ${ARITH_LIBS}) link_libs(${RELIC}) install(TARGETS ${RELIC} LIBRARY DESTINATION lib ARCHIVE DESTINATION lib) -endif(SHLIB) +endif() if (STLIB) - if(AMALG) + if () add_library(${RELIC_S} STATIC "relic-all.c") - else(AMALG) + else() add_library(${RELIC_S} STATIC ${RELIC_SRCS} ${ARITH_OBJS}) - endif(AMALG) + endif() add_dependencies(${RELIC_S} arith_objs) target_link_libraries(${RELIC_S} ${ARITH_LIBS}) link_libs(${RELIC_S}) diff --git a/src/arch/relic_arch_a64.c b/src/arch/relic_arch_a64.c new file mode 100644 index 000000000..b087cd6ff --- /dev/null +++ b/src/arch/relic_arch_a64.c @@ -0,0 +1,236 @@ +/* + * RELIC is an Efficient LIbrary for Cryptography + * Copyright (c) 2012 RELIC Authors + * + * This file is part of RELIC. RELIC is legal property of its developers, + * whose names are not listed here. Please refer to the COPYRIGHT file + * for contact information. + * + * RELIC is free software; you can redistribute it and/or modify it under the + * terms of the version 2.1 (or later) of the GNU Lesser General Public License + * as published by the Free Software Foundation; or version 2.0 of the Apache + * License as published by the Apache Software Foundation. See the LICENSE files + * for more details. + * + * RELIC is distributed in the hope that it will be useful, but WITHOUT ANY + * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR + * A PARTICULAR PURPOSE. See the LICENSE files for more details. + * + * You should have received a copy of the GNU Lesser General Public or the + * Apache License along with RELIC. If not, see + * or . + */ + +/** + * @file + * + * Implementation of architecture-dependent routines. + * + * @ingroup arch + */ + +#include + +#include "relic_types.h" +#include "relic_arch.h" +#include "relic_core.h" + +#include "lzcnt.inc" + +/** + * Renames the inline assembly macro to a prettier name. + */ +#define asm __asm__ volatile + +#if TIMER == CYCLE +#if OPSYS == MACOSX +/* + * Adapted from work by D. Lemire, Duc Tri Nguyen (CERG GMU), Dougall Johnson + * https://gist.github.com/dougallj/5bafb113492047c865c0c8cfbc930155 + */ +#include +#include +#include + +#define KPERF_LIST \ + /* ret, name, params */ \ + F(int, kpc_get_counting, void) \ + F(int, kpc_force_all_ctrs_set, int) \ + F(int, kpc_set_counting, uint32_t) \ + F(int, kpc_set_thread_counting, uint32_t) \ + F(int, kpc_set_config, uint32_t, void *) \ + F(int, kpc_get_config, uint32_t, void *) \ + F(int, kpc_set_period, uint32_t, void *) \ + F(int, kpc_get_period, uint32_t, void *) \ + F(uint32_t, kpc_get_counter_count, uint32_t) \ + F(uint32_t, kpc_get_config_count, uint32_t) \ + F(int, kperf_sample_get, int *) \ + F(int, kpc_get_thread_counters, int, unsigned int, void *) \ + +#define F(ret, name, ...) \ + typedef ret name##proc(__VA_ARGS__); \ + static name##proc *name; \ + + KPERF_LIST +#undef F + +#define CFGWORD_EL0A32EN_MASK (0x10000) +#define CFGWORD_EL0A64EN_MASK (0x20000) +#define CFGWORD_EL1EN_MASK (0x40000) +#define CFGWORD_EL3EN_MASK (0x80000) +#define CFGWORD_ALLMODES_MASK (0xf0000) + +#define CPMU_NONE 0 +#define CPMU_CORE_CYCLE 0x02 +#define CPMU_INST_A64 0x8c +#define CPMU_INST_BRANCH 0x8d +#define CPMU_SYNC_DC_LOAD_MISS 0xbf +#define CPMU_SYNC_DC_STORE_MISS 0xc0 +#define CPMU_SYNC_DTLB_MISS 0xc1 +#define CPMU_SYNC_ST_HIT_YNGR_LD 0xc4 +#define CPMU_SYNC_BR_ANY_MISP 0xcb +#define CPMU_FED_IC_MISS_DEM 0xd3 +#define CPMU_FED_ITLB_MISS 0xd4 + +#define KPC_CLASS_FIXED (0) +#define KPC_CLASS_CONFIGURABLE (1) +#define KPC_CLASS_POWER (2) +#define KPC_CLASS_RAWPMU (3) +#define KPC_CLASS_FIXED_MASK (1u << KPC_CLASS_FIXED) +#define KPC_CLASS_CONFIGURABLE_MASK (1u << KPC_CLASS_CONFIGURABLE) +#define KPC_CLASS_POWER_MASK (1u << KPC_CLASS_POWER) +#define KPC_CLASS_RAWPMU_MASK (1u << KPC_CLASS_RAWPMU) + +#define COUNTERS_COUNT 10 +#define CONFIG_COUNT 8 +#define KPC_MASK (KPC_CLASS_CONFIGURABLE_MASK | KPC_CLASS_FIXED_MASK) +static uint64_t g_counters[COUNTERS_COUNT]; +static uint64_t g_config[COUNTERS_COUNT]; + +static void configure_rdtsc() { + if (kpc_set_config(KPC_MASK, g_config)) { + printf("kpc_set_config failed\n"); + return; + } + + if (kpc_force_all_ctrs_set(1)) { + printf("kpc_force_all_ctrs_set failed\n"); + return; + } + + if (kpc_set_counting(KPC_MASK)) { + printf("kpc_set_counting failed\n"); + return; + } + + if (kpc_set_thread_counting(KPC_MASK)) { + printf("kpc_set_thread_counting failed\n"); + return; + } +} + +static void init_rdtsc() { + void *kperf = dlopen( + "/System/Library/PrivateFrameworks/kperf.framework/Versions/A/kperf", + RTLD_LAZY); + if (!kperf) { + printf("kperf = %p\n", kperf); + return; + } + +#define F(ret, name, ...) \ + name = (name##proc *)(dlsym(kperf, #name)); \ + if (!name) { \ + printf("%s = %p\n", #name, (void *)name); \ + return; \ + } \ + + KPERF_LIST +#undef F + + if (kpc_get_counter_count(KPC_MASK) != COUNTERS_COUNT) { + printf("wrong fixed counters count\n"); + return; + } + + if (kpc_get_config_count(KPC_MASK) != CONFIG_COUNT) { + printf("wrong fixed config count\n"); + return; + } + g_config[0] = CPMU_CORE_CYCLE | CFGWORD_EL0A64EN_MASK; + g_config[3] = CPMU_INST_BRANCH | CFGWORD_EL0A64EN_MASK; + g_config[4] = CPMU_SYNC_BR_ANY_MISP | CFGWORD_EL0A64EN_MASK; + g_config[5] = CPMU_INST_A64 | CFGWORD_EL0A64EN_MASK; + + configure_rdtsc(); +} + +#endif +#endif + +/*============================================================================*/ +/* Public definitions */ +/*============================================================================*/ + +void arch_init(void) { + ctx_t *ctx = core_get(); + if (ctx != NULL) { + core_get()->lzcnt_ptr = + (has_lzcnt_hard() ? lzcnt64_hard : lzcnt64_soft); + } + +#if TIMER == CYCLE + +#if OPSYS == MACOSX + int test_high_perf_cores = 1; + if (test_high_perf_cores) { + pthread_set_qos_class_self_np(QOS_CLASS_USER_INTERACTIVE, 0); + } else { + pthread_set_qos_class_self_np(QOS_CLASS_BACKGROUND, 0); + } + init_rdtsc(); + configure_rdtsc(); +#endif + +#endif /* TIMER = CYCLE */ +} + +void arch_clean(void) { + ctx_t *ctx = core_get(); + if (ctx != NULL) { + core_get()->lzcnt_ptr = NULL; + } +} + + +ull_t arch_cycles(void) { + unsigned int value = 0; + +#if TIMER == CYCLE + +#if OPSYS == MACOSX + static bool warned = false; + if (kpc_get_thread_counters(0, COUNTERS_COUNT, g_counters)) { + if (!warned) { + printf("kpc_get_thread_counters failed, run as sudo?\n"); + warned = true; + } + return 1; + } + // g_counters[3 + 2] gives you the number of instructions 'decoded' + // whereas g_counters[1] might give you the number of instructions 'retired'. + // return performance_counters{g_counters[0 + 2], g_counters[3 + 2], + // g_counters[4 + 2], g_counters[5 + 2]}; + + value = g_counters[0 + 2]; + +#endif + +#endif /* TIMER = CYCLE */ + + return value; +} + +unsigned int arch_lzcnt(dig_t x) { + return core_get()->lzcnt_ptr((ull_t)x) - (8 * sizeof(ull_t) - WSIZE); +} diff --git a/src/arch/relic_arch_x64.c b/src/arch/relic_arch_x64.c index 56e92aa74..627fc88ad 100644 --- a/src/arch/relic_arch_x64.c +++ b/src/arch/relic_arch_x64.c @@ -37,32 +37,28 @@ #include "lzcnt.inc" -/*============================================================================*/ -/* Private definitions */ -/*============================================================================*/ - -/** - * Function pointer to underlying lznct implementation. - */ -static unsigned int (*lzcnt_ptr)(ull_t); - -#if TIMER == CYCLE || TIMER == PERF /** * Renames the inline assembly macro to a prettier name. */ #define asm __asm__ volatile -#endif /*============================================================================*/ /* Public definitions */ /*============================================================================*/ void arch_init(void) { - lzcnt_ptr = (has_lzcnt_hard() ? lzcnt64_hard : lzcnt64_soft); + ctx_t *ctx = core_get(); + if (ctx != NULL) { + core_get()->lzcnt_ptr = + (has_lzcnt_hard() ? lzcnt64_hard : lzcnt64_soft); + } } void arch_clean(void) { - lzcnt_ptr = NULL; + ctx_t *ctx = core_get(); + if (ctx != NULL) { + core_get()->lzcnt_ptr = NULL; + } } #if TIMER == CYCLE @@ -105,5 +101,5 @@ ull_t arch_cycles(void) { #endif unsigned int arch_lzcnt(dig_t x) { - return lzcnt_ptr((ull_t)x) - (8 * sizeof(ull_t) - WSIZE); + return core_get()->lzcnt_ptr((ull_t)x) - (8 * sizeof(ull_t) - WSIZE); } diff --git a/src/arch/relic_arch_x86.c b/src/arch/relic_arch_x86.c index 91a8064fa..8c6434b07 100644 --- a/src/arch/relic_arch_x86.c +++ b/src/arch/relic_arch_x86.c @@ -24,7 +24,7 @@ /** * @file * - * Implementation of AMD64-dependent routines. + * Implementation of x86-dependent routines. * * @ingroup arch */ @@ -33,33 +33,20 @@ #include "relic_types.h" #include "relic_arch.h" +#include "relic_core.h" #include "lzcnt.inc" -/** - * Renames the inline assembly macro to a prettier name. - */ -#define asm __asm__ volatile - -/*============================================================================*/ -/* Private definitions */ -/*============================================================================*/ - -/** - * Function pointer to underlying lznct implementation. - */ -static unsigned int (*lzcnt_ptr)(unsigned int); - /*============================================================================*/ /* Public definitions */ /*============================================================================*/ void arch_init(void) { - lzcnt_ptr = (has_lzcnt_hard() ? lzcnt32_hard : lzcnt32_soft); + core_get()->lzcnt_ptr = (has_lzcnt_hard() ? lzcnt32_hard : lzcnt32_soft); } void arch_clean(void) { - lzcnt_ptr = NULL; + core_get()->lzcnt_ptr = NULL; } ull_t arch_cycles(void) { @@ -75,5 +62,5 @@ ull_t arch_cycles(void) { } unsigned int arch_lzcnt(dig_t x) { - return lzcnt_ptr((unsigned int)x) - (8 * sizeof(unsigned int) - WSIZE); + return core_get()->lzcnt_ptr((uint32_t)x) - (8 * sizeof(uint32_t) - WSIZE); } diff --git a/src/bc/relic_bc_aes.c b/src/bc/relic_bc_aes.c index c5d170f32..0df34505f 100644 --- a/src/bc/relic_bc_aes.c +++ b/src/bc/relic_bc_aes.c @@ -40,8 +40,8 @@ /* Public definitions */ /*============================================================================*/ -int bc_aes_cbc_enc(uint8_t *out, int *out_len, uint8_t *in, - int in_len, uint8_t *key, int key_len, uint8_t *iv) { +int bc_aes_cbc_enc(uint8_t *out, size_t *out_len, const uint8_t *in, + size_t in_len, const uint8_t *key, size_t key_len, const uint8_t *iv) { keyInstance key_inst; cipherInstance cipher_inst; @@ -56,17 +56,23 @@ int bc_aes_cbc_enc(uint8_t *out, int *out_len, uint8_t *in, return RLC_ERR; } memcpy(cipher_inst.IV, iv, RLC_BC_LEN); - *out_len = padEncrypt(&cipher_inst, &key_inst, in, in_len, out); - if (*out_len <= 0) { + pad_len = padEncrypt(&cipher_inst, &key_inst, (unsigned char *)in, + in_len, out); + + *out_len = 0; + if (pad_len <= 0) { return RLC_ERR; + } else { + *out_len = pad_len; } return RLC_OK; } -int bc_aes_cbc_dec(uint8_t *out, int *out_len, uint8_t *in, - int in_len, uint8_t *key, int key_len, uint8_t *iv) { +int bc_aes_cbc_dec(uint8_t *out, size_t *out_len, const uint8_t *in, + size_t in_len, const uint8_t *key, size_t key_len, const uint8_t *iv) { keyInstance key_inst; cipherInstance cipher_inst; + int pad_len; if (*out_len < in_len) { return RLC_ERR; @@ -79,9 +85,14 @@ int bc_aes_cbc_dec(uint8_t *out, int *out_len, uint8_t *in, return RLC_ERR; } memcpy(cipher_inst.IV, iv, RLC_BC_LEN); - *out_len = padDecrypt(&cipher_inst, &key_inst, in, in_len, out); - if (*out_len <= 0) { + pad_len = padDecrypt(&cipher_inst, &key_inst, (unsigned char *)in, + in_len, out); + + *out_len = 0; + if (pad_len <= 0) { return RLC_ERR; + } else { + *out_len = pad_len; } return RLC_OK; } diff --git a/src/bn/relic_bn_gcd.c b/src/bn/relic_bn_gcd.c index 27fd4197a..bc49b1185 100644 --- a/src/bn/relic_bn_gcd.c +++ b/src/bn/relic_bn_gcd.c @@ -115,41 +115,28 @@ void bn_gcd_ext_basic(bn_t c, bn_t d, bn_t e, const bn_t a, const bn_t b) { bn_zero(x_1); bn_set_dig(y_1, 1); - + bn_set_dig(d, 1); if (e != NULL) { - bn_set_dig(d, 1); bn_zero(e); + } - while (!bn_is_zero(v)) { - bn_div_rem(q, r, u, v); + while (!bn_is_zero(v)) { + bn_div_rem(q, r, u, v); - bn_copy(u, v); - bn_copy(v, r); + bn_copy(u, v); + bn_copy(v, r); - bn_mul(c, q, x_1); - bn_sub(r, d, c); - bn_copy(d, x_1); - bn_copy(x_1, r); + bn_mul(c, q, x_1); + bn_sub(r, d, c); + bn_copy(d, x_1); + bn_copy(x_1, r); + if (e != NULL) { bn_mul(c, q, y_1); bn_sub(r, e, c); bn_copy(e, y_1); bn_copy(y_1, r); } - } else { - bn_set_dig(d, 1); - - while (!bn_is_zero(v)) { - bn_div_rem(q, r, u, v); - - bn_copy(u, v); - bn_copy(v, r); - - bn_mul(c, q, x_1); - bn_sub(r, d, c); - bn_copy(d, x_1); - bn_copy(x_1, r); - } } bn_copy(c, u); } @@ -207,7 +194,7 @@ void bn_gcd_lehme(bn_t c, const bn_t a, const bn_t b) { bn_new(t2); bn_new(t3); - if (bn_cmp(a, b) == RLC_GT) { + if (bn_cmp_abs(a, b) == RLC_GT) { bn_abs(x, a); bn_abs(y, b); } else { @@ -399,7 +386,7 @@ void bn_gcd_ext_lehme(bn_t c, bn_t d, bn_t e, const bn_t a, const bn_t b) { bn_new(t3); bn_new(t4); - if (bn_cmp(a, b) != RLC_LT) { + if (bn_cmp_abs(a, b) != RLC_LT) { bn_abs(x, a); bn_abs(y, b); swap = 0; @@ -601,9 +588,9 @@ void bn_gcd_ext_lehme(bn_t c, bn_t d, bn_t e, const bn_t a, const bn_t b) { #endif -#if BN_GCD == STEIN || !defined(STRIP) +#if BN_GCD == BINAR || !defined(STRIP) -void bn_gcd_stein(bn_t c, const bn_t a, const bn_t b) { +void bn_gcd_binar(bn_t c, const bn_t a, const bn_t b) { bn_t u, v, t; int shift; @@ -663,9 +650,9 @@ void bn_gcd_stein(bn_t c, const bn_t a, const bn_t b) { } } -void bn_gcd_ext_stein(bn_t c, bn_t d, bn_t e, const bn_t a, const bn_t b) { - bn_t x, y, u, v, _a, _b, _e; - int shift, found; +void bn_gcd_ext_binar(bn_t c, bn_t d, bn_t e, const bn_t a, const bn_t b) { + bn_t x, y, t, u, v, _a, _b, _e; + int shift; if (bn_is_zero(a)) { bn_abs(c, b); @@ -687,6 +674,7 @@ void bn_gcd_ext_stein(bn_t c, bn_t d, bn_t e, const bn_t a, const bn_t b) { bn_null(x); bn_null(y); + bn_null(t); bn_null(u); bn_null(v); bn_null(_a); @@ -696,6 +684,7 @@ void bn_gcd_ext_stein(bn_t c, bn_t d, bn_t e, const bn_t a, const bn_t b) { RLC_TRY { bn_new(x); bn_new(y); + bn_new(t); bn_new(u); bn_new(v); bn_new(_a); @@ -723,25 +712,24 @@ void bn_gcd_ext_stein(bn_t c, bn_t d, bn_t e, const bn_t a, const bn_t b) { bn_zero(d); bn_set_dig(_e, 1); - found = 0; - while (!found) { - /* While u is even, u = u/2. */ - while ((u->dp[0] & 0x01) == 0) { - bn_hlv(u, u); - /* If A = B = 0 (mod 2) then A = A/2, B = B/2. */ - if ((_a->dp[0] & 0x01) == 0 && (_b->dp[0] & 0x01) == 0) { - bn_hlv(_a, _a); - bn_hlv(_b, _b); - } else { - /* Otherwise A = (A + y)/2, B = (B - x)/2. */ - bn_add(_a, _a, y); - bn_hlv(_a, _a); - bn_sub(_b, _b, x); - bn_hlv(_b, _b); - } + /* While u is even, u = u/2. */ + while (bn_is_even(u)) { + bn_hlv(u, u); + /* If A = B = 0 (mod 2) then A = A/2, B = B/2. */ + if ((_a->dp[0] & 0x01) == 0 && (_b->dp[0] & 0x01) == 0) { + bn_hlv(_a, _a); + bn_hlv(_b, _b); + } else { + /* Otherwise A = (A + y)/2, B = (B - x)/2. */ + bn_add(_a, _a, y); + bn_hlv(_a, _a); + bn_sub(_b, _b, x); + bn_hlv(_b, _b); } - /* While v is even, v = v/2. */ - while ((v->dp[0] & 0x01) == 0) { + } + while (bn_cmp(u, v) != RLC_EQ) { + /* If v is even, v = v/2. */ + if (bn_is_even(v)) { bn_hlv(v, v); /* If C = D = 0 (mod 2) then C = C/2, D = D/2. */ if ((d->dp[0] & 0x01) == 0 && (_e->dp[0] & 0x01) == 0) { @@ -754,22 +742,44 @@ void bn_gcd_ext_stein(bn_t c, bn_t d, bn_t e, const bn_t a, const bn_t b) { bn_sub(_e, _e, x); bn_hlv(_e, _e); } - } - /* If u >= v then u = u - v, A = A - C, B = B - D. */ - if (bn_cmp(u, v) != RLC_LT) { - bn_sub(u, u, v); - bn_sub(_a, _a, d); - bn_sub(_b, _b, _e); } else { - /* Otherwise, v = v - u, C = C - a, D = D - B. */ - bn_sub(v, v, u); - bn_sub(d, d, _a); - bn_sub(_e, _e, _b); + if (bn_cmp(v, u) == RLC_LT) { + bn_copy(c, u); + bn_copy(u, v); + bn_copy(v, c); + bn_copy(c, d); + bn_copy(d, _a); + bn_copy(_a, c); + bn_copy(c, _e); + bn_copy(_e, _b); + bn_copy(_b, c); + } else { + bn_sub(v, v, u); + bn_sub(d, d, _a); + bn_sub(_e, _e, _b); + } } - /* If u = 0 then d = C, e = D and return (d, e, g * v). */ - if (bn_is_zero(u)) { - bn_lsh(c, v, shift); - found = 1; + } + /* If u = 0 then d = C, e = D and return (d, e, g * v). */ + bn_lsh(c, u, shift); + /* Now fix reciprocals. */ + bn_div(x, x, u); + bn_div(y, y, u); + bn_hlv(_a, x); + bn_hlv(_b, y); + while (bn_cmp_abs(d, _b) == RLC_GT) { + bn_div(t, d, _b); + if (bn_bits(t) > 1) { + bn_hlv(t, t); + } + bn_mul(v, x, t); + bn_mul(u, y, t); + if (bn_sign(d) != bn_sign(u)) { + bn_add(d, d, u); + bn_sub(_e, _e, v); + } else { + bn_sub(d, d, u); + bn_add(_e, _e, v); } } if (e != NULL) { @@ -782,6 +792,7 @@ void bn_gcd_ext_stein(bn_t c, bn_t d, bn_t e, const bn_t a, const bn_t b) { RLC_FINALLY { bn_free(x); bn_free(y); + bn_free(t); bn_free(u); bn_free(v); bn_free(_a); diff --git a/src/bn/relic_bn_inv.c b/src/bn/relic_bn_inv.c index 947f7c3e2..98df6e04f 100644 --- a/src/bn/relic_bn_inv.c +++ b/src/bn/relic_bn_inv.c @@ -30,7 +30,7 @@ */ #include "relic_core.h" -#include "relic_bn_low.h" +#include "relic_bn.h" /*============================================================================*/ /* Public definitions */ @@ -63,3 +63,50 @@ void bn_mod_inv(bn_t c, const bn_t a, const bn_t b) { bn_free(u); } } + +void bn_mod_inv_sim(bn_t *c, const bn_t *a, const bn_t b, int n) { + int i; + bn_t u, *t = RLC_ALLOCA(bn_t, n); + + bn_null(u); + + RLC_TRY { + if (t == NULL) { + RLC_THROW(ERR_NO_MEMORY); + } + for (i = 0; i < n; i++) { + bn_null(t[i]); + bn_new(t[i]); + } + bn_new(u); + + bn_copy(c[0], a[0]); + bn_copy(t[0], a[0]); + + for (i = 1; i < n; i++) { + bn_copy(t[i], a[i]); + bn_mul(c[i], c[i - 1], a[i]); + bn_mod(c[i], c[i], b); + } + + bn_mod_inv(u, c[n - 1], b); + + for (i = n - 1; i > 0; i--) { + bn_mul(c[i], u, c[i - 1]); + bn_mod(c[i], c[i], b); + bn_mul(u, u, t[i]); + bn_mod(u, u, b); + } + bn_copy(c[0], u); + } + RLC_CATCH_ANY { + RLC_THROW(ERR_CAUGHT); + } + RLC_FINALLY { + for (i = 0; i < n; i++) { + bn_free(t[i]); + } + bn_free(u); + RLC_FREE(t); + } +} diff --git a/src/bn/relic_bn_lag.c b/src/bn/relic_bn_lag.c new file mode 100644 index 000000000..cf1565325 --- /dev/null +++ b/src/bn/relic_bn_lag.c @@ -0,0 +1,95 @@ +/* + * RELIC is an Efficient LIbrary for Cryptography + * Copyright (c) 2021 RELIC Authors + * + * This file is part of RELIC. RELIC is legal property of its developers, + * whose names are not listed here. Please refer to the COPYRIGHT file + * for contact information. + * + * RELIC is free software; you can redistribute it and/or modify it under the + * terms of the version 2.1 (or later) of the GNU Lesser General Public License + * as published by the Free Software Foundation; or version 2.0 of the Apache + * License as published by the Apache Software Foundation. See the LICENSE files + * for more details. + * + * RELIC is distributed in the hope that it will be useful, but WITHOUT ANY + * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR + * A PARTICULAR PURPOSE. See the LICENSE files for more details. + * + * You should have received a copy of the GNU Lesser General Public or the + * Apache License along with RELIC. If not, see + * or . + */ + +/** + * @file + * + * Implementation of the modular Lagrante interpolation. + * + * @ingroup bn + */ + +#include "relic_core.h" +#include "relic_bn.h" + +/*============================================================================*/ +/* Public definitions */ +/*============================================================================*/ + +void bn_lag(bn_t *c, const bn_t *a, const bn_t b, size_t n) { + int i, j; + bn_t *t = RLC_ALLOCA(bn_t, n + 1); + + if (n == 0) { + bn_zero(c[0]); + return; + } + + RLC_TRY { + if (t == NULL) { + RLC_THROW(ERR_NO_MEMORY); + } + for (i = 0; i <= n; i++) { + bn_null(t[i]); + bn_new(t[i]); + } + + for (i = 0; i < n; i++) { + bn_zero(t[0]); + if (i == 0) { + bn_set_dig(t[1], 1); + bn_sub(c[0], b, a[i]); + } else { + for (j = 0; j <= i; j++) { + bn_copy(t[j + 1], c[j]); + } + for (j = 0; j <= i; j++) { + bn_mul(c[j], c[j], a[i]); + bn_mod(c[j], c[j], b); + bn_sub(c[j], t[j], c[j]); + bn_mod(c[j], c[j], b); + } + } + bn_copy(c[i + 1], t[i + 1]); + } + } + RLC_CATCH_ANY { + RLC_THROW(ERR_CAUGHT); + } + RLC_FINALLY { + for (i = 0; i <= n; i++) { + bn_free(t[i]); + } + RLC_FREE(t); + } +} + +void bn_evl(bn_t c, const bn_t *a, const bn_t x, const bn_t b, size_t n) { + bn_zero(c); + for (int j = n - 1; j >= 0; j--) { + bn_mul(c, c, x); + bn_mod(c, c, b); + bn_add(c, c, a[j]); + bn_mod(c, c, b); + } +} diff --git a/src/bn/relic_bn_mod.c b/src/bn/relic_bn_mod.c index e0d0e6cd1..3d59e00b3 100644 --- a/src/bn/relic_bn_mod.c +++ b/src/bn/relic_bn_mod.c @@ -55,8 +55,9 @@ void bn_mod_2b(bn_t c, const bn_t a, int b) { RLC_RIP(b, d, b); first = (d) + (b == 0 ? 0 : 1); - for (i = first; i < c->used; i++) + for (i = first; i < c->used; i++) { c->dp[i] = 0; + } c->dp[d] &= RLC_MASK(b); @@ -74,61 +75,80 @@ void bn_mod_basic(bn_t c, const bn_t a, const bn_t m) { #if BN_MOD == BARRT || !defined(STRIP) void bn_mod_pre_barrt(bn_t u, const bn_t m) { + if (bn_is_zero(m) || bn_sign(m) != RLC_POS) { + RLC_THROW(ERR_NO_VALID); + return; + } + bn_set_2b(u, m->used * 2 * RLC_DIG); bn_div(u, u, m); } void bn_mod_barrt(bn_t c, const bn_t a, const bn_t m, const bn_t u) { - unsigned long mu; bn_t q, t; + int mu, neg; bn_null(q); bn_null(t); - if (bn_cmp(a, m) == RLC_LT) { + if (bn_is_zero(m) || bn_sign(m) != RLC_POS) { + RLC_THROW(ERR_NO_VALID); + return; + } + + if (bn_cmp_abs(a, m) == RLC_LT) { bn_copy(c, a); return; } + + if (a->used > 2 * m->used) { + bn_mod(c, a, m); + return; + } + RLC_TRY { bn_new(q); bn_new(t); bn_zero(t); - mu = m->used; + neg = (bn_sign(a) == RLC_NEG); + bn_abs(c, a); - bn_rsh(q, a, (mu - 1) * RLC_DIG); + bn_rsh(q, c, (m->used - 1) * RLC_DIG); - if (mu > ((dig_t)1) << (RLC_DIG - 1)) { + if (m->used > ((dig_t)1) << (RLC_DIG - 1)) { bn_mul(t, q, u); } else { + bn_grow(t, q->used + u->used); if (q->used > u->used) { - bn_muld_low(t->dp, q->dp, q->used, u->dp, u->used, - mu, q->used + u->used); + bn_muld_low(t->dp, q->dp, q->used, u->dp, u->used, m->used, + q->used + u->used); } else { - bn_muld_low(t->dp, u->dp, u->used, q->dp, q->used, - mu - (u->used - q->used), q->used + u->used); + mu = RLC_MAX(0, m->used - (u->used - q->used)); + bn_muld_low(t->dp, u->dp, u->used, q->dp, q->used, mu, + q->used + u->used); } t->used = q->used + u->used; bn_trim(t); } - bn_rsh(q, t, (mu + 1) * RLC_DIG); + bn_rsh(q, t, (m->used + 1) * RLC_DIG); if (q->used > m->used) { bn_muld_low(t->dp, q->dp, q->used, m->dp, m->used, 0, q->used + 1); } else { - bn_muld_low(t->dp, m->dp, m->used, q->dp, q->used, 0, mu + 1); + bn_muld_low(t->dp, m->dp, m->used, q->dp, q->used, 0, m->used + 1); } - t->used = mu + 1; + t->used = m->used + 1; bn_trim(t); - bn_mod_2b(q, t, RLC_DIG * (mu + 1)); - bn_mod_2b(t, a, RLC_DIG * (mu + 1)); + bn_mod_2b(q, t, RLC_DIG * (m->used + 1)); + bn_mod_2b(t, c, RLC_DIG * (m->used + 1)); bn_sub(t, t, q); if (bn_sign(t) == RLC_NEG) { bn_set_dig(q, (dig_t)1); - bn_lsh(q, q, (mu + 1) * RLC_DIG); + bn_lsh(q, q, (m->used + 1) * RLC_DIG); bn_add(t, t, q); } @@ -137,6 +157,9 @@ void bn_mod_barrt(bn_t c, const bn_t a, const bn_t m, const bn_t u) { } bn_copy(c, t); + if (neg) { + bn_sub(c, m, c); + } } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); @@ -144,7 +167,6 @@ void bn_mod_barrt(bn_t c, const bn_t a, const bn_t m, const bn_t u) { RLC_FINALLY { bn_free(q); bn_free(t); - } } @@ -153,10 +175,9 @@ void bn_mod_barrt(bn_t c, const bn_t a, const bn_t m, const bn_t u) { #if BN_MOD == MONTY || (defined(WITH_FP) && FP_RDC == MONTY) || !defined(STRIP) void bn_mod_pre_monty(bn_t u, const bn_t m) { - dig_t x, b; - b = m->dp[0]; + dig_t x, b = m->dp[0]; - if ((b & 0x01) == 0) { + if (bn_is_even(m) || bn_sign(m) != RLC_POS) { RLC_THROW(ERR_NO_VALID); return; } @@ -177,10 +198,12 @@ void bn_mod_pre_monty(bn_t u, const bn_t m) { } void bn_mod_monty_conv(bn_t c, const bn_t a, const bn_t m) { - bn_copy(c, a); - while (bn_sign(c) == RLC_NEG) { - bn_add(c, c, m); + if (bn_is_even(m) || bn_sign(m) != RLC_POS) { + RLC_THROW(ERR_NO_VALID); + return; } + + bn_mod(c, a, m); bn_lsh(c, c, m->used * RLC_DIG); bn_mod(c, c, m); } @@ -190,9 +213,13 @@ void bn_mod_monty_back(bn_t c, const bn_t a, const bn_t m) { bn_null(u); + if (bn_is_even(m) || bn_sign(m) != RLC_POS) { + RLC_THROW(ERR_NO_VALID); + return; + } + RLC_TRY { bn_new(u); - bn_mod_pre_monty(u, m); bn_mod_monty(c, a, m, u); } RLC_CATCH_ANY { @@ -209,6 +236,11 @@ void bn_mod_monty_basic(bn_t c, const bn_t a, const bn_t m, const bn_t u) { dig_t r, u0, *tmp; bn_t t; + if (bn_is_even(m) || bn_sign(m) != RLC_POS) { + RLC_THROW(ERR_NO_VALID); + return; + } + bn_null(t); digits = 2 * m->used; @@ -252,6 +284,11 @@ void bn_mod_monty_comba(bn_t c, const bn_t a, const bn_t m, const bn_t u) { int digits; bn_t t; + if (bn_is_even(m) || bn_sign(m) != RLC_POS) { + RLC_THROW(ERR_NO_VALID); + return; + } + bn_null(t); digits = 2 * m->used; @@ -283,35 +320,43 @@ void bn_mod_monty_comba(bn_t c, const bn_t a, const bn_t m, const bn_t u) { #if BN_MOD == PMERS || !defined(STRIP) void bn_mod_pre_pmers(bn_t u, const bn_t m) { - int bits; - - bits = bn_bits(m); + if (bn_is_zero(m) || bn_sign(m) != RLC_POS) { + RLC_THROW(ERR_NO_VALID); + return; + } - bn_set_2b(u, bits); + bn_set_2b(u, bn_bits(m)); bn_sub(u, u, m); } void bn_mod_pmers(bn_t c, const bn_t a, const bn_t m, const bn_t u) { - bn_t q, t, r; - int bits; + bn_t q, t; + int neg = 0, bits = bn_bits(m); + + if (bn_is_zero(m) || bn_sign(m) != RLC_POS) { + RLC_THROW(ERR_NO_VALID); + return; + } bn_null(q); bn_null(t); - bn_null(r); RLC_TRY { + /* Implement algorithm 10.25 from HEHC. */ + bn_new(q); bn_new(t); - bn_new(r); - bn_copy(t, a); - - bits = bn_bits(m); + bn_copy(c, a); + if (bn_sign(c) == RLC_NEG) { + neg = 1; + bn_sub(c, m, c); + } - bn_rsh(q, t, bits); - bn_mod_2b(r, t, bits); + bn_rsh(q, c, bits); + bn_mod_2b(c, c, bits); - while (!bn_is_zero(q)) { + while (bits > 0 && !bn_is_zero(q)) { if (u -> used == 1) { bn_mul_dig(t, q, u->dp[0]); } else { @@ -320,13 +365,15 @@ void bn_mod_pmers(bn_t c, const bn_t a, const bn_t m, const bn_t u) { bn_rsh(q, t, bits); bn_mod_2b(t, t, bits); - bn_add(r, r, t); + bn_add(c, c, t); } - while (bn_cmp_abs(r, m) != RLC_LT) { - bn_sub(r, r, m); + while (bits > 0 && bn_cmp_abs(c, m) != RLC_LT) { + bn_sub(c, c, m); } - bn_copy(c, r); + if (neg) { + bn_sub(c, m, c); + } } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); @@ -334,7 +381,6 @@ void bn_mod_pmers(bn_t c, const bn_t a, const bn_t m, const bn_t u) { RLC_FINALLY { bn_free(t); bn_free(q); - bn_free(r); } } diff --git a/src/bn/relic_bn_mxp.c b/src/bn/relic_bn_mxp.c index d0c4ac843..6fa870999 100644 --- a/src/bn/relic_bn_mxp.c +++ b/src/bn/relic_bn_mxp.c @@ -299,20 +299,11 @@ void bn_mxp_monty(bn_t c, const bn_t a, const bn_t b, const bn_t m) { bn_copy(u, tab[0]); #endif - /* Silly branchless code, since called functions not constant-time. */ - bn_mod_inv(tab[0], u, m); - dv_swap_cond(u->dp, tab[0]->dp, RLC_BN_DIGS, bn_sign(b) == RLC_NEG); if (bn_sign(b) == RLC_NEG) { - u->sign = tab[0]->sign; - if (bn_cmp_dig(tab[1], 1) != RLC_EQ) { - bn_zero(c); - RLC_THROW(ERR_NO_VALID); - } + bn_mod_inv(c, u, m); + } else { + bn_copy(c, u); } - bn_add(tab[1], u, m); - dv_swap_cond(u->dp, tab[1]->dp, RLC_BN_DIGS, bn_sign(b) == RLC_NEG && bn_sign(u) == RLC_NEG); - u->sign = RLC_POS; - bn_copy(c, u); } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); @@ -326,6 +317,95 @@ void bn_mxp_monty(bn_t c, const bn_t a, const bn_t b, const bn_t m) { #endif +void bn_mxp_crt(bn_t d, const bn_t a, const bn_t b, const bn_t c, + const crt_t crt, int sqr) { + bn_t t, u; + + bn_null(t); + bn_null(u); + + RLC_TRY { + bn_new(t); + bn_new(u); + + if (!sqr) { +#if MULTI == OPENMP + omp_set_num_threads(CORES); + #pragma omp parallel copyin(core_ctx) firstprivate(crt) + { + #pragma omp sections + { + #pragma omp section + { +#endif + /* m1 = a^dP mod p. */ + bn_mxp(t, a, b, crt->p); +#if MULTI == OPENMP + } +#pragma omp section + { +#endif + /* m2 = a^dQ mod q. */ + bn_mxp(u, a, c, crt->q); +#if MULTI == OPENMP + } + } + } +#endif + } else { +#if MULTI == OPENMP + omp_set_num_threads(CORES); + #pragma omp parallel copyin(core_ctx) firstprivate(crt) + { + #pragma omp sections + { + #pragma omp section + { +#endif + /* Compute m_p = L(c^(p-1) mod p^2) * dp mod p. */ + bn_sqr(t, crt->p); + bn_mxp(t, a, b, t); + bn_sub_dig(t, t, 1); + bn_div(t, t, crt->p); + bn_mul(t, t, crt->dp); + bn_mod(t, t, crt->p); +#if MULTI == OPENMP + } + #pragma omp section + { +#endif + /* Compute m_q = L(c^(q-1) mod q^2) * dq mod q. */ + bn_sqr(u, crt->q); + bn_mxp(u, a, c, u); + bn_sub_dig(u, u, 1); + bn_div(u, u, crt->q); + bn_mul(u, u, crt->dq); + bn_mod(u, u, crt->q); +#if MULTI == OPENMP + } + } + } +#endif + } + /* m1 = m1 - m2 mod p. */ + bn_sub(d, t, u); + while (bn_sign(d) == RLC_NEG) { + bn_add(d, d, crt->p); + } + /* m1 = qInv(m1 - m2) mod p. */ + bn_mul(d, d, crt->qi); + bn_mod(d, d, crt->p); + /* m = m2 + m1 * q. */ + bn_mul(d, d, crt->q); + bn_add(d, d, u); + } RLC_CATCH_ANY { + RLC_THROW(ERR_CAUGHT); + } RLC_FINALLY { + bn_free(t); + bn_free(u); + } +} + void bn_mxp_dig(bn_t c, const bn_t a, dig_t b, const bn_t m) { int i, l; bn_t t, u, r; diff --git a/src/bn/relic_bn_prime.c b/src/bn/relic_bn_prime.c index c89afa10c..aa4247b9c 100644 --- a/src/bn/relic_bn_prime.c +++ b/src/bn/relic_bn_prime.c @@ -378,11 +378,13 @@ int bn_is_prime_solov(const bn_t a) { break; } - /* t2 = (t0|a). */ - bn_smb_jac(t2, t0, a); - if (bn_sign(t2) == RLC_NEG) { - bn_add(t2, t2, a); + /* Lend result here, but restore afterwards, for t2 = (t0|a). */ + result = bn_smb_jac(t0, a); + bn_set_dig(t2, (result < 0 ? -result : result)); + if (result < 0) { + bn_neg(t2, t2); } + result = 1; /* If t1 != t2 (mod a) return 0. */ bn_mod(t1, t1, a); bn_mod(t2, t2, a); @@ -523,3 +525,35 @@ void bn_gen_prime_stron(bn_t a, int bits) { } #endif + +int bn_gen_prime_factor(bn_t a, bn_t b, int abits, int bbits) { + bn_t t; + int result = RLC_OK; + + if (! (bbits>abits) ) { + return RLC_ERR; + } + + bn_null(t); + + RLC_TRY { + bn_new(t); + bn_gen_prime(a, abits); + do { + bn_rand(t, RLC_POS, bbits - bn_bits(a)); + do { + bn_mul(b, a, t); + bn_add_dig(b, b, 1); + bn_add_dig(t, t, 1); + } while(! bn_is_prime(b)); + } while (bn_bits(b) != bbits); + } + RLC_CATCH_ANY { + result = RLC_ERR; + } + RLC_FINALLY { + bn_free(t); + } + + return result; +} diff --git a/src/bn/relic_bn_rec.c b/src/bn/relic_bn_rec.c index 3922173cb..bdd29dabc 100644 --- a/src/bn/relic_bn_rec.c +++ b/src/bn/relic_bn_rec.c @@ -873,8 +873,8 @@ void bn_rec_glv(bn_t k0, bn_t k1, const bn_t k, const bn_t n, const bn_t *v1, } void bn_rec_frb(bn_t *ki, int sub, const bn_t k, const bn_t x, const bn_t n, - int bls) { - int i, l; + int cof) { + int i, l, sk, sx; bn_t u[4], v[4]; RLC_TRY { @@ -885,17 +885,20 @@ void bn_rec_frb(bn_t *ki, int sub, const bn_t k, const bn_t x, const bn_t n, bn_new(v[i]); } - if (bls) { + if (cof == 0) { bn_abs(v[0], k); bn_abs(u[0], x); + sk = bn_sign(k); + sx = bn_sign(x); + for (i = 0; i < sub; i++) { bn_mod(ki[i], v[0], u[0]); bn_div(v[0], v[0], u[0]); - if ((bn_sign(x) == RLC_NEG) && (i % 2 != 0)) { + if ((sx == RLC_NEG) && (i % 2 != 0)) { bn_neg(ki[i], ki[i]); } - if (bn_sign(k) == RLC_NEG) { + if (sk == RLC_NEG) { bn_neg(ki[i], ki[i]); } } @@ -935,7 +938,6 @@ void bn_rec_frb(bn_t *ki, int sub, const bn_t k, const bn_t x, const bn_t n, if (bn_sign(v[i]) == RLC_NEG) { bn_add_dig(v[i], v[i], 1); } - bn_zero(ki[i]); } /* u0 = x + 1, u1 = 2x + 1, u2 = 2x, u3 = x - 1. */ @@ -944,6 +946,9 @@ void bn_rec_frb(bn_t *ki, int sub, const bn_t k, const bn_t x, const bn_t n, bn_sub_dig(u[3], x, 1); bn_add_dig(u[0], x, 1); bn_copy(ki[0], k); + bn_zero(ki[1]); + bn_zero(ki[2]); + bn_zero(ki[3]); for (i = 0; i < 4; i++) { bn_mul(u[i], u[i], v[i]); bn_mod(u[i], u[i], n); diff --git a/src/bn/relic_bn_smb.c b/src/bn/relic_bn_smb.c index 1fc977694..6c297608a 100644 --- a/src/bn/relic_bn_smb.c +++ b/src/bn/relic_bn_smb.c @@ -35,19 +35,19 @@ /* Public definitions */ /*============================================================================*/ -void bn_smb_leg(bn_t c, const bn_t a, const bn_t b) { +int bn_smb_leg(const bn_t a, const bn_t b) { bn_t t; + int res; bn_null(t); if (bn_sign(b) == RLC_NEG) { RLC_THROW(ERR_NO_VALID); - return; + return 0; } if (bn_cmp(a, b) == RLC_EQ) { - bn_zero(c); - return; + return 0; } RLC_TRY { @@ -56,11 +56,14 @@ void bn_smb_leg(bn_t c, const bn_t a, const bn_t b) { /* t = (b - 1)/2. */ bn_sub_dig(t, b, 1); bn_rsh(t, t, 1); - bn_mxp(c, a, t, b); - bn_sub_dig(t, b, 1); - if (bn_cmp(c, t) == RLC_EQ) { - bn_set_dig(c, 1); - bn_neg(c, c); + bn_mxp(t, a, t, b); + res = 0; + if (bn_cmp_dig(t, 1) == RLC_EQ) { + res = 1; + } + bn_sub(t, b, t); + if (bn_cmp_dig(t, 1) == RLC_EQ) { + res = -1; } } RLC_CATCH_ANY { @@ -69,11 +72,13 @@ void bn_smb_leg(bn_t c, const bn_t a, const bn_t b) { RLC_FINALLY { bn_free(t); } + + return res; } -void bn_smb_jac(bn_t c, const bn_t a, const bn_t b) { +int bn_smb_jac(const bn_t a, const bn_t b) { bn_t t0, t1, r; - int t, h; + int t, h, res; bn_null(t0); bn_null(t1); @@ -82,7 +87,7 @@ void bn_smb_jac(bn_t c, const bn_t a, const bn_t b) { /* Argument b must be odd. */ if (bn_is_even(b) || bn_sign(b) == RLC_NEG) { RLC_THROW(ERR_NO_VALID); - return; + return 0; } RLC_TRY { @@ -104,13 +109,13 @@ void bn_smb_jac(bn_t c, const bn_t a, const bn_t b) { /* If a = 0 then if n = 1 return t else return 0. */ if (bn_is_zero(t0)) { if (bn_cmp_dig(t1, 1) == RLC_EQ) { - bn_set_dig(c, 1); + res = 1; if (t == -1) { - bn_neg(c, c); + res = -1; } break; } else { - bn_zero(c); + res = 0; break; } } @@ -147,4 +152,6 @@ void bn_smb_jac(bn_t c, const bn_t a, const bn_t b) { bn_free(t1); bn_free(r); } + + return res; } diff --git a/src/bn/relic_bn_util.c b/src/bn/relic_bn_util.c index d438b94ac..4020f57c1 100644 --- a/src/bn/relic_bn_util.c +++ b/src/bn/relic_bn_util.c @@ -56,6 +56,7 @@ void bn_copy(bn_t c, const bn_t a) { c->used = a->used; c->sign = a->sign; + bn_trim(c); } void bn_abs(bn_t c, const bn_t a) { @@ -219,7 +220,7 @@ void bn_rand(bn_t a, int sign, int bits) { bn_trim(a); } -void bn_rand_mod(bn_t a, bn_t b) { +void bn_rand_mod(bn_t a, const bn_t b) { bn_t t; bn_null(t); @@ -350,6 +351,7 @@ void bn_read_str(bn_t a, const char *str, int len, int radix) { } a->sign = sign; + bn_trim(a); } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } diff --git a/src/cp/relic_cp_bbs.c b/src/cp/relic_cp_bbs.c index 1236f7875..95dbad4f0 100644 --- a/src/cp/relic_cp_bbs.c +++ b/src/cp/relic_cp_bbs.c @@ -67,7 +67,7 @@ int cp_bbs_gen(bn_t d, g2_t q, gt_t z) { return result; } -int cp_bbs_sig(g1_t s, uint8_t *msg, int len, int hash, bn_t d) { +int cp_bbs_sig(g1_t s, const uint8_t *msg, size_t len, int hash, const bn_t d) { bn_t m, n, r; uint8_t h[RLC_MD_LEN]; int result = RLC_OK; @@ -109,7 +109,8 @@ int cp_bbs_sig(g1_t s, uint8_t *msg, int len, int hash, bn_t d) { return result; } -int cp_bbs_ver(g1_t s, uint8_t *msg, int len, int hash, g2_t q, gt_t z) { +int cp_bbs_ver(g1_t s, const uint8_t *msg, size_t len, int hash, const g2_t q, + const gt_t z) { bn_t m, n; g2_t g; gt_t e; diff --git a/src/cp/relic_cp_bdpe.c b/src/cp/relic_cp_bdpe.c index 2d60cd3c6..baf7f7a90 100644 --- a/src/cp/relic_cp_bdpe.c +++ b/src/cp/relic_cp_bdpe.c @@ -35,7 +35,7 @@ /* Public definitions */ /*============================================================================*/ -int cp_bdpe_gen(bdpe_t pub, bdpe_t prv, dig_t block, int bits) { +int cp_bdpe_gen(bdpe_t pub, bdpe_t prv, dig_t block, size_t bits) { bn_t t, r; int result = RLC_OK; @@ -107,7 +107,7 @@ int cp_bdpe_gen(bdpe_t pub, bdpe_t prv, dig_t block, int bits) { return result; } -int cp_bdpe_enc(uint8_t *out, int *out_len, dig_t in, bdpe_t pub) { +int cp_bdpe_enc(uint8_t *out, size_t *out_len, dig_t in, const bdpe_t pub) { bn_t m, u; int size, result = RLC_OK; @@ -151,7 +151,8 @@ int cp_bdpe_enc(uint8_t *out, int *out_len, dig_t in, bdpe_t pub) { return result; } -int cp_bdpe_dec(dig_t *out, uint8_t *in, int in_len, bdpe_t prv) { +int cp_bdpe_dec(dig_t *out, const uint8_t *in, size_t in_len, + const bdpe_t prv) { bn_t m, t, z; int size, result = RLC_OK; dig_t i; diff --git a/src/cp/relic_cp_bgn.c b/src/cp/relic_cp_bgn.c index a7c38193f..3e7a853e4 100644 --- a/src/cp/relic_cp_bgn.c +++ b/src/cp/relic_cp_bgn.c @@ -72,7 +72,7 @@ int cp_bgn_gen(bgn_t pub, bgn_t prv) { return result; } -int cp_bgn_enc1(g1_t out[2], dig_t in, bgn_t pub) { +int cp_bgn_enc1(g1_t out[2], const dig_t in, const bgn_t pub) { bn_t r, n; g1_t t; int result = RLC_OK; @@ -114,7 +114,7 @@ int cp_bgn_enc1(g1_t out[2], dig_t in, bgn_t pub) { return result; } -int cp_bgn_dec1(dig_t *out, g1_t in[2], bgn_t prv) { +int cp_bgn_dec1(dig_t *out, const g1_t in[2], const bgn_t prv) { bn_t r, n; g1_t s, t, u; int i, result = RLC_ERR; @@ -172,7 +172,7 @@ int cp_bgn_dec1(dig_t *out, g1_t in[2], bgn_t prv) { return result; } -int cp_bgn_enc2(g2_t out[2], dig_t in, bgn_t pub) { +int cp_bgn_enc2(g2_t out[2], const dig_t in, const bgn_t pub) { bn_t r, n; g2_t t; int result = RLC_OK; @@ -213,7 +213,7 @@ int cp_bgn_enc2(g2_t out[2], dig_t in, bgn_t pub) { return result; } -int cp_bgn_dec2(dig_t *out, g2_t in[2], bgn_t prv) { +int cp_bgn_dec2(dig_t *out, const g2_t in[2], const bgn_t prv) { bn_t r, n; g2_t s, t, u; int i, result = RLC_ERR; @@ -271,14 +271,14 @@ int cp_bgn_dec2(dig_t *out, g2_t in[2], bgn_t prv) { return result; } -int cp_bgn_add(gt_t e[4], gt_t c[4], gt_t d[4]) { +int cp_bgn_add(gt_t e[4], const gt_t c[4], const gt_t d[4]) { for (int i = 0; i < 4; i++) { gt_mul(e[i], c[i], d[i]); } return RLC_OK; } -int cp_bgn_mul(gt_t e[4], g1_t c[2], g2_t d[2]) { +int cp_bgn_mul(gt_t e[4], const g1_t c[2], const g2_t d[2]) { for (int i = 0; i < 2; i++) { for (int j = 0; j < 2; j++) { pc_map(e[2*i + j], c[i], d[j]); @@ -287,7 +287,7 @@ int cp_bgn_mul(gt_t e[4], g1_t c[2], g2_t d[2]) { return RLC_OK; } -int cp_bgn_dec(dig_t *out, gt_t in[4], bgn_t prv) { +int cp_bgn_dec(dig_t *out, const gt_t in[4], const bgn_t prv) { int i, result = RLC_ERR; g1_t g; g2_t h; diff --git a/src/cp/relic_cp_bls.c b/src/cp/relic_cp_bls.c index 2072a182a..1ac4de28f 100644 --- a/src/cp/relic_cp_bls.c +++ b/src/cp/relic_cp_bls.c @@ -57,7 +57,7 @@ int cp_bls_gen(bn_t d, g2_t q) { return result; } -int cp_bls_sig(g1_t s, uint8_t *msg, int len, bn_t d) { +int cp_bls_sig(g1_t s, const uint8_t *msg, int len, const bn_t d) { g1_t p; int result = RLC_OK; @@ -77,7 +77,7 @@ int cp_bls_sig(g1_t s, uint8_t *msg, int len, bn_t d) { return result; } -int cp_bls_ver(g1_t s, uint8_t *msg, int len, g2_t q) { +int cp_bls_ver(const g1_t s, const uint8_t *msg, size_t len, const g2_t q) { g1_t p[2]; g2_t r[2]; gt_t e; diff --git a/src/cp/relic_cp_cls.c b/src/cp/relic_cp_cls.c index 2c6b4f636..664135784 100644 --- a/src/cp/relic_cp_cls.c +++ b/src/cp/relic_cp_cls.c @@ -59,7 +59,8 @@ int cp_cls_gen(bn_t r, bn_t s, g2_t x, g2_t y) { return result; } -int cp_cls_sig(g1_t a, g1_t b, g1_t c, uint8_t *msg, int len, bn_t r, bn_t s) { +int cp_cls_sig(g1_t a, g1_t b, g1_t c, const uint8_t *msg, size_t len, + const bn_t r, const bn_t s) { bn_t m, n; int result = RLC_OK; @@ -95,7 +96,8 @@ int cp_cls_sig(g1_t a, g1_t b, g1_t c, uint8_t *msg, int len, bn_t r, bn_t s) { return result; } -int cp_cls_ver(g1_t a, g1_t b, g1_t c, uint8_t *msg, int len, g2_t x, g2_t y) { +int cp_cls_ver(const g1_t a, const g1_t b, const g1_t c, const uint8_t *msg, + size_t len, const g2_t x, const g2_t y) { g1_t p[2]; g2_t r[2]; gt_t e; @@ -189,8 +191,8 @@ int cp_cli_gen(bn_t t, bn_t u, bn_t v, g2_t x, g2_t y, g2_t z) { return result; } -int cp_cli_sig(g1_t a, g1_t A, g1_t b, g1_t B, g1_t c, uint8_t *msg, int len, - bn_t r, bn_t t, bn_t u, bn_t v) { +int cp_cli_sig(g1_t a, g1_t A, g1_t b, g1_t B, g1_t c, const uint8_t *msg, + size_t len, const bn_t r, const bn_t t, const bn_t u, const bn_t v) { bn_t m, n; int result = RLC_OK; @@ -237,8 +239,8 @@ int cp_cli_sig(g1_t a, g1_t A, g1_t b, g1_t B, g1_t c, uint8_t *msg, int len, return result; } -int cp_cli_ver(g1_t a, g1_t A, g1_t b, g1_t B, g1_t c, uint8_t *msg, int len, - bn_t r, g2_t x, g2_t y, g2_t z) { +int cp_cli_ver(g1_t a, g1_t A, g1_t b, g1_t B, g1_t c, const uint8_t *msg, + size_t len, const bn_t r, const g2_t x, const g2_t y, const g2_t z) { g1_t p[2]; g2_t q[2]; gt_t e; @@ -323,7 +325,7 @@ int cp_cli_ver(g1_t a, g1_t A, g1_t b, g1_t B, g1_t c, uint8_t *msg, int len, return result; } -int cp_clb_gen(bn_t t, bn_t u, bn_t v[], g2_t x, g2_t y, g2_t z[], int l) { +int cp_clb_gen(bn_t t, bn_t u, bn_t v[], g2_t x, g2_t y, g2_t z[], size_t l) { bn_t n; int i, result = RLC_OK; @@ -351,8 +353,9 @@ int cp_clb_gen(bn_t t, bn_t u, bn_t v[], g2_t x, g2_t y, g2_t z[], int l) { return result; } -int cp_clb_sig(g1_t a, g1_t A[], g1_t b, g1_t B[], g1_t c, uint8_t *msgs[], - int lens[], bn_t t, bn_t u, bn_t v[], int l) { +int cp_clb_sig(g1_t a, g1_t A[], g1_t b, g1_t B[], g1_t c, const uint8_t *ms[], + const size_t ls[], const bn_t t, const bn_t u, const bn_t v[], + size_t l) { bn_t m, n; int i, result = RLC_OK; @@ -372,7 +375,7 @@ int cp_clb_sig(g1_t a, g1_t A[], g1_t b, g1_t B[], g1_t c, uint8_t *msgs[], } /* Compute c = a^(x+xym_0)\prod A_i^(xym_i) = B_i^(xm_i). */ pc_get_ord(n); - bn_read_bin(m, msgs[0], lens[0]); + bn_read_bin(m, ms[0], ls[0]); bn_mod(m, m, n); bn_mul(m, m, t); bn_mod(m, m, n); @@ -382,7 +385,7 @@ int cp_clb_sig(g1_t a, g1_t A[], g1_t b, g1_t B[], g1_t c, uint8_t *msgs[], g1_mul(c, a, m); /* This can be made faster with more interleaving. */ for (i = 1; i < l; i++) { - bn_read_bin(m, msgs[i], lens[i]); + bn_read_bin(m, ms[i], ls[i]); bn_mod(m, m, n); bn_mul(m, m, t); bn_mod(m, m, n); @@ -403,8 +406,9 @@ int cp_clb_sig(g1_t a, g1_t A[], g1_t b, g1_t B[], g1_t c, uint8_t *msgs[], return result; } -int cp_clb_ver(g1_t a, g1_t A[], g1_t b, g1_t B[], g1_t c, uint8_t *msgs[], - int lens[], g2_t x, g2_t y, g2_t z[], int l) { +int cp_clb_ver(const g1_t a, const g1_t A[], const g1_t b, const g1_t B[], + const g1_t c, const uint8_t *ms[], const size_t ls[], const g2_t x, + const g2_t y, const g2_t z[], size_t l) { g1_t p[2]; g2_t q[2]; gt_t e; @@ -468,12 +472,12 @@ int cp_clb_ver(g1_t a, g1_t A[], g1_t b, g1_t B[], g1_t c, uint8_t *msgs[], /* Check that e(a, X)e(m_0b, X)\prod e(m_iB, X) = e(c, g). */ pc_get_ord(n); - bn_read_bin(m, msgs[0], lens[0]); + bn_read_bin(m, ms[0], ls[0]); bn_mod(m, m, n); g1_mul(p[0], b, m); g1_add(p[0], p[0], a); for (i = 1; i < l; i++) { - bn_read_bin(m, msgs[i], lens[i]); + bn_read_bin(m, ms[i], ls[i]); bn_mod(m, m, n); g1_mul(p[1], B[i - 1], m); g1_add(p[0], p[0], p[1]); diff --git a/src/cp/relic_cp_cmlhs.c b/src/cp/relic_cp_cmlhs.c index ecdc96baf..e6d899f44 100644 --- a/src/cp/relic_cp_cmlhs.c +++ b/src/cp/relic_cp_cmlhs.c @@ -40,8 +40,8 @@ int cp_cmlhs_init(g1_t h) { return RLC_OK; } -int cp_cmlhs_gen(bn_t x[], gt_t hs[], int len, uint8_t prf[], int plen, - bn_t sk, g2_t pk, bn_t d, g2_t y) { +int cp_cmlhs_gen(bn_t x[], gt_t hs[], size_t len, uint8_t prf[], size_t plen, + bn_t sk, g2_t pk, bn_t d, g2_t y, int bls) { g1_t g1; g2_t g2; gt_t gt; @@ -65,9 +65,14 @@ int cp_cmlhs_gen(bn_t x[], gt_t hs[], int len, uint8_t prf[], int plen, pc_map(gt, g1, g2); rand_bytes(prf, plen); - cp_bls_gen(sk, pk); + if (bls) { + cp_bls_gen(sk, pk); + } else { + cp_ecdsa_gen(sk, g1); + fp_copy(pk->x[0], g1->x); + fp_copy(pk->y[0], g1->y); + } - pc_get_ord(n); /* Generate elements for n tags. */ for (int i = 0; i < len; i++) { bn_rand_mod(x[i], n); @@ -89,9 +94,10 @@ int cp_cmlhs_gen(bn_t x[], gt_t hs[], int len, uint8_t prf[], int plen, return result; } -int cp_cmlhs_sig(g1_t sig, g2_t z, g1_t a, g1_t c, g1_t r, g2_t s, bn_t msg, - char *data, int label, bn_t x, g1_t h, uint8_t prf[], int plen, - bn_t d, bn_t sk) { +int cp_cmlhs_sig(g1_t sig, g2_t z, g1_t a, g1_t c, g1_t r, g2_t s, + const bn_t msg, const char *data, int label, const bn_t x, const g1_t h, + const uint8_t prf[], size_t plen, const bn_t d, const bn_t sk, + int bls) { bn_t k, m, n; g1_t t; uint8_t mac[RLC_MD_LEN]; @@ -154,7 +160,14 @@ int cp_cmlhs_sig(g1_t sig, g2_t z, g1_t a, g1_t c, g1_t r, g2_t s, bn_t msg, len = g2_size_bin(z, 0); g2_write_bin(buf, len, z, 0); memcpy(buf + len, data, dlen); - cp_bls_sig(sig, buf, len + dlen, sk); + if (bls) { + cp_bls_sig(sig, buf, len + dlen, sk); + } else { + cp_ecdsa_sig(m, n, buf, len + dlen, 0, sk); + fp_prime_conv(sig->x, m); + fp_prime_conv(sig->y, n); + fp_set_dig(sig->z, 1); + } } RLC_CATCH_ANY { result = RLC_ERR; @@ -169,7 +182,8 @@ int cp_cmlhs_sig(g1_t sig, g2_t z, g1_t a, g1_t c, g1_t r, g2_t s, bn_t msg, return result; } -int cp_cmlhs_fun(g1_t a, g1_t c, g1_t as[], g1_t cs[], dig_t f[], int len) { +int cp_cmlhs_fun(g1_t a, g1_t c, const g1_t as[], const g1_t cs[], + const dig_t f[], size_t len) { int result = RLC_OK; g1_mul_sim_dig(a, as, f, len); @@ -178,7 +192,8 @@ int cp_cmlhs_fun(g1_t a, g1_t c, g1_t as[], g1_t cs[], dig_t f[], int len) { return result; } -int cp_cmlhs_evl(g1_t r, g2_t s, g1_t rs[], g2_t ss[], dig_t f[], int len) { +int cp_cmlhs_evl(g1_t r, g2_t s, const g1_t rs[], const g2_t ss[], + const dig_t f[], size_t len) { int result = RLC_OK; g1_mul_sim_dig(r, rs, f, len); @@ -187,9 +202,11 @@ int cp_cmlhs_evl(g1_t r, g2_t s, g1_t rs[], g2_t ss[], dig_t f[], int len) { return result; } -int cp_cmlhs_ver(g1_t r, g2_t s, g1_t sig[], g2_t z[], g1_t a[], g1_t c[], - bn_t msg, char *data, g1_t h, int label[], gt_t *hs[], - dig_t *f[], int flen[], g2_t y[], g2_t pk[], int slen) { +int cp_cmlhs_ver(const g1_t r, const g2_t s, const g1_t sig[], const g2_t z[], + const g1_t a[], const g1_t c[], const bn_t msg, const char *data, + const g1_t h, const int label[], const gt_t *hs[], const dig_t *f[], + const size_t flen[], const g2_t y[], const g2_t pk[], size_t slen, + int bls) { g1_t g1; g2_t g2; gt_t e, u, v; @@ -217,19 +234,26 @@ int cp_cmlhs_ver(g1_t r, g2_t s, g1_t sig[], g2_t z[], g1_t a[], g1_t c[], RLC_THROW(ERR_NO_MEMORY); } - pc_get_ord(n); - g1_get_gen(g1); - g2_get_gen(g2); - for (int i = 0; i < slen; i++) { len = g2_size_bin(z[i], 0); g2_write_bin(buf, len, z[i], 0); memcpy(buf + len, data, dlen); - if (cp_bls_ver(sig[i], buf, len + dlen, pk[i]) == 0) { - result = 0; + if (bls) { + result &= cp_bls_ver(sig[i], buf, len + dlen, pk[i]); + } else { + fp_prime_back(k, sig[i]->x); + fp_prime_back(n, sig[i]->y); + fp_copy(g1->x, pk[i]->x[0]); + fp_copy(g1->y, pk[i]->y[0]); + fp_set_dig(g1->z, 1); + result &= cp_ecdsa_ver(k, n, buf, len + dlen, 0, g1); } } + pc_get_ord(n); + g1_get_gen(g1); + g2_get_gen(g2); + pc_map_sim(e, a, z, slen); pc_map_sim(u, c, y, slen); pc_map(v, r, g2); @@ -276,8 +300,8 @@ int cp_cmlhs_ver(g1_t r, g2_t s, g1_t sig[], g2_t z[], g1_t a[], g1_t c[], return result; } -void cp_cmlhs_off(gt_t vk, g1_t h, int label[], gt_t *hs[], dig_t *f[], - int flen[], g2_t y[], g2_t pk[], int slen) { +void cp_cmlhs_off(gt_t vk, const g1_t h, const int label[], const gt_t *hs[], + const dig_t *f[], const size_t flen[], size_t slen) { gt_t v; gt_null(v); @@ -299,8 +323,10 @@ void cp_cmlhs_off(gt_t vk, g1_t h, int label[], gt_t *hs[], dig_t *f[], } } -int cp_cmlhs_onv(g1_t r, g2_t s, g1_t sig[], g2_t z[], g1_t a[], g1_t c[], - bn_t msg, char *data, g1_t h, gt_t vk, g2_t y[], g2_t pk[], int slen) { +int cp_cmlhs_onv(const g1_t r, const g2_t s, const g1_t sig[], const g2_t z[], + const g1_t a[], const g1_t c[], const bn_t msg, const char *data, + const g1_t h, const gt_t vk, const g2_t y[], const g2_t pk[], + size_t slen, int bls) { g1_t g1; g2_t g2; gt_t e, u, v; @@ -328,19 +354,26 @@ int cp_cmlhs_onv(g1_t r, g2_t s, g1_t sig[], g2_t z[], g1_t a[], g1_t c[], RLC_THROW(ERR_NO_MEMORY); } - pc_get_ord(n); - g1_get_gen(g1); - g2_get_gen(g2); - for (int i = 0; i < slen; i++) { len = g2_size_bin(z[i], 0); g2_write_bin(buf, len, z[i], 0); memcpy(buf + len, data, dlen); - if (cp_bls_ver(sig[i], buf, len + dlen, pk[i]) == 0) { - result = 0; + if (bls) { + result &= cp_bls_ver(sig[i], buf, len + dlen, pk[i]); + } else { + fp_prime_back(k, sig[i]->x); + fp_prime_back(n, sig[i]->y); + fp_copy(g1->x, pk[i]->x[0]); + fp_copy(g1->y, pk[i]->y[0]); + fp_set_dig(g1->z, 1); + result &= cp_ecdsa_ver(k, n, buf, len + dlen, 0, g1); } } + pc_get_ord(n); + g1_get_gen(g1); + g2_get_gen(g2); + pc_map_sim(e, a, z, slen); pc_map_sim(u, c, y, slen); pc_map(v, r, g2); diff --git a/src/cp/relic_cp_ecdh.c b/src/cp/relic_cp_ecdh.c old mode 100755 new mode 100644 index 7479fa955..c96857ff8 --- a/src/cp/relic_cp_ecdh.c +++ b/src/cp/relic_cp_ecdh.c @@ -58,7 +58,7 @@ int cp_ecdh_gen(bn_t d, ec_t q) { return result; } -int cp_ecdh_key(uint8_t *key, int key_len, bn_t d, ec_t q) { +int cp_ecdh_key(uint8_t *key, size_t key_len, const bn_t d, const ec_t q) { ec_t p; bn_t x, h; int l, result = RLC_OK; diff --git a/src/cp/relic_cp_ecdsa.c b/src/cp/relic_cp_ecdsa.c index c42db5182..24657312d 100644 --- a/src/cp/relic_cp_ecdsa.c +++ b/src/cp/relic_cp_ecdsa.c @@ -58,7 +58,8 @@ int cp_ecdsa_gen(bn_t d, ec_t q) { return result; } -int cp_ecdsa_sig(bn_t r, bn_t s, uint8_t *msg, int len, int hash, bn_t d) { +int cp_ecdsa_sig(bn_t r, bn_t s, const uint8_t *msg, size_t len, int hash, + const bn_t d) { bn_t n, k, x, e; ec_t p; uint8_t h[RLC_MD_LEN]; @@ -121,7 +122,8 @@ int cp_ecdsa_sig(bn_t r, bn_t s, uint8_t *msg, int len, int hash, bn_t d) { return result; } -int cp_ecdsa_ver(bn_t r, bn_t s, uint8_t *msg, int len, int hash, ec_t q) { +int cp_ecdsa_ver(const bn_t r, const bn_t s, const uint8_t *msg, size_t len, + int hash, const ec_t q) { bn_t n, k, e, v; ec_t p; uint8_t h[RLC_MD_LEN]; diff --git a/src/cp/relic_cp_ecies.c b/src/cp/relic_cp_ecies.c index 74b756997..da0a808f2 100644 --- a/src/cp/relic_cp_ecies.c +++ b/src/cp/relic_cp_ecies.c @@ -58,8 +58,8 @@ int cp_ecies_gen(bn_t d, ec_t q) { return result; } -int cp_ecies_enc(ec_t r, uint8_t *out, int *out_len, uint8_t *in, int in_len, - ec_t q) { +int cp_ecies_enc(ec_t r, uint8_t *out, size_t *out_len, const uint8_t *in, + size_t in_len, const ec_t q) { bn_t k, n, x; ec_t p; int l, result = RLC_OK, size = RLC_CEIL(RLC_MAX(128, ec_param_level()), 8); @@ -112,8 +112,8 @@ int cp_ecies_enc(ec_t r, uint8_t *out, int *out_len, uint8_t *in, int in_len, return result; } -int cp_ecies_dec(uint8_t *out, int *out_len, ec_t r, uint8_t *in, int in_len, - bn_t d) { +int cp_ecies_dec(uint8_t *out, size_t *out_len, const ec_t r, const uint8_t *in, + size_t in_len, const bn_t d) { ec_t p; bn_t x; @@ -141,8 +141,8 @@ int cp_ecies_dec(uint8_t *out, int *out_len, ec_t r, uint8_t *in, int in_len, if (util_cmp_const(h, in + in_len - RLC_MD_LEN, RLC_MD_LEN)) { result = RLC_ERR; } else { - if (bc_aes_cbc_dec(out, out_len, in, in_len - RLC_MD_LEN, key, size, iv) - != RLC_OK) { + if (bc_aes_cbc_dec(out, out_len, in, in_len - RLC_MD_LEN, + key, size, iv) != RLC_OK) { result = RLC_ERR; } } diff --git a/src/cp/relic_cp_ecmqv.c b/src/cp/relic_cp_ecmqv.c index 5d40116fb..d16407ab1 100644 --- a/src/cp/relic_cp_ecmqv.c +++ b/src/cp/relic_cp_ecmqv.c @@ -58,8 +58,8 @@ int cp_ecmqv_gen(bn_t d, ec_t q) { return result; } -int cp_ecmqv_key(uint8_t *key, int key_len, bn_t d1, bn_t d2, ec_t q2u, - ec_t q1v, ec_t q2v) { +int cp_ecmqv_key(uint8_t *key, size_t key_len, const bn_t d1, const bn_t d2, + const ec_t q2u, const ec_t q1v, const ec_t q2v) { ec_t p; bn_t x, n, s; int l, result = RLC_OK; diff --git a/src/cp/relic_cp_ecss.c b/src/cp/relic_cp_ecss.c index 0ff291033..ac8c6cac8 100644 --- a/src/cp/relic_cp_ecss.c +++ b/src/cp/relic_cp_ecss.c @@ -57,7 +57,7 @@ int cp_ecss_gen(bn_t d, ec_t q) { return result; } -int cp_ecss_sig(bn_t e, bn_t s, uint8_t *msg, int len, bn_t d) { +int cp_ecss_sig(bn_t e, bn_t s, const uint8_t *msg, size_t len, const bn_t d) { bn_t n, k, x, r; ec_t p; uint8_t hash[RLC_MD_LEN]; @@ -122,7 +122,7 @@ int cp_ecss_sig(bn_t e, bn_t s, uint8_t *msg, int len, bn_t d) { return result; } -int cp_ecss_ver(bn_t e, bn_t s, uint8_t *msg, int len, ec_t q) { +int cp_ecss_ver(bn_t e, bn_t s, const uint8_t *msg, size_t len, const ec_t q) { bn_t n, ev, rv; ec_t p; uint8_t hash[RLC_MD_LEN]; @@ -166,7 +166,8 @@ int cp_ecss_ver(bn_t e, bn_t s, uint8_t *msg, int len, ec_t q) { bn_mod(ev, ev, n); - result = dv_cmp_const(ev->dp, e->dp, RLC_MIN(ev->used, e->used)); + result = dv_cmp_const(ev->dp, e->dp, RLC_MIN(ev->used, + e->used)); result = (result == RLC_NE ? 0 : 1); if (ev->used != e->used) { diff --git a/src/cp/relic_cp_ers.c b/src/cp/relic_cp_ers.c index 5a60d7b5d..b03fae39f 100644 --- a/src/cp/relic_cp_ers.c +++ b/src/cp/relic_cp_ers.c @@ -62,8 +62,8 @@ int cp_ers_gen_key(bn_t sk, ec_t pk) { return result; } -int cp_ers_sig(bn_t td, ers_t p, uint8_t *msg, int len, bn_t sk, ec_t pk, - ec_t pp) { +int cp_ers_sig(bn_t td, ers_t p, const uint8_t *msg, size_t len, const bn_t sk, + const ec_t pk, const ec_t pp) { bn_t n; ec_t t, y[2]; int result = RLC_OK; @@ -88,7 +88,7 @@ int cp_ers_sig(bn_t td, ers_t p, uint8_t *msg, int len, bn_t sk, ec_t pk, ec_copy(p->pk, pk); ec_copy(y[0], p->h); ec_copy(y[1], p->pk); - cp_sokor_sig(p->c, p->r, msg, len, y, sk, 0); + cp_sokor_sig(p->c, p->r, msg, len, y, NULL, sk, 0); } RLC_CATCH_ANY { result = RLC_ERR; @@ -102,7 +102,8 @@ int cp_ers_sig(bn_t td, ers_t p, uint8_t *msg, int len, bn_t sk, ec_t pk, return result; } -int cp_ers_ver(bn_t td, ers_t *s, int size, uint8_t *msg, int len, ec_t pp) { +int cp_ers_ver(const bn_t td, const ers_t *s, size_t size, const uint8_t *msg, + size_t len, const ec_t pp) { bn_t n; ec_t t, y[2]; int flag = 0, result = 0; @@ -122,15 +123,15 @@ int cp_ers_ver(bn_t td, ers_t *s, int size, uint8_t *msg, int len, ec_t pp) { ec_mul_gen(t, td); for (int i = 0; i < size; i++) { - ec_add(t, t, s[i]->h); - } + ec_add(t, t, s[i]->h); + } if (ec_cmp(pp, t) == RLC_EQ) { flag = 1; for (int i = 0; i < size; i++) { ec_copy(y[0], s[i]->h); ec_copy(y[1], s[i]->pk); - flag &= cp_sokor_ver(s[i]->c, s[i]->r, msg, len, y); - } + flag &= cp_sokor_ver(s[i]->c, s[i]->r, msg, len, y, NULL); + } } result = flag; } @@ -146,8 +147,8 @@ int cp_ers_ver(bn_t td, ers_t *s, int size, uint8_t *msg, int len, ec_t pp) { return result; } -int cp_ers_ext(bn_t td, ers_t *p, int *size, uint8_t *msg, int len, ec_t pk, - ec_t pp) { +int cp_ers_ext(bn_t td, ers_t *p, size_t *size, const uint8_t *msg, size_t len, + const ec_t pk, const ec_t pp) { bn_t n, r; ec_t y[2]; int result = RLC_OK; @@ -178,7 +179,7 @@ int cp_ers_ext(bn_t td, ers_t *p, int *size, uint8_t *msg, int len, ec_t pk, ec_copy(p[*size]->pk, pk); ec_copy(y[0], p[*size]->h); ec_copy(y[1], p[*size]->pk); - cp_sokor_sig(p[*size]->c, p[*size]->r, msg, len, y, r, 1); + cp_sokor_sig(p[*size]->c, p[*size]->r, msg, len, y, NULL, r, 1); (*size)++; result = RLC_OK; } diff --git a/src/cp/relic_cp_etrs.c b/src/cp/relic_cp_etrs.c index d5a78a9dd..f57818f87 100644 --- a/src/cp/relic_cp_etrs.c +++ b/src/cp/relic_cp_etrs.c @@ -35,45 +35,18 @@ /* Public definitions */ /*============================================================================*/ -int cp_etrs_gen(ec_t pp) { - ec_rand(pp); - return RLC_OK; -} - -int cp_etrs_gen_key(bn_t sk, ec_t pk) { - bn_t n; - int result = RLC_OK; - - bn_null(n); - - RLC_TRY { - bn_new(n); - - ec_curve_get_ord(n); - bn_rand_mod(sk, n); - ec_mul_gen(pk, sk); - } - RLC_CATCH_ANY { - result = RLC_ERR; - } - RLC_FINALLY { - bn_free(n); - } - return result; -} - -int cp_etrs_sig(bn_t *td, bn_t *y, int max, etrs_t p, uint8_t *msg, int len, - bn_t sk, ec_t pk, ec_t pp) { - bn_t n, l, u, v, z; - ec_t t, w[2]; +int cp_etrs_sig(bn_t *td, bn_t *y, size_t max, etrs_t p, const uint8_t *msg, + size_t len, const bn_t sk, const ec_t pk, const ec_t pp) { + bn_t n, l, u, z; + ec_t w[2]; + bn_t *v = RLC_ALLOCA(bn_t, max); + bn_t *_v = RLC_ALLOCA(bn_t, max); int result = RLC_OK; bn_null(n); bn_null(l); bn_null(u); - bn_null(v); bn_null(z); - ec_null(t); ec_null(w[0]); ec_null(w[1]); @@ -81,56 +54,71 @@ int cp_etrs_sig(bn_t *td, bn_t *y, int max, etrs_t p, uint8_t *msg, int len, bn_new(n); bn_new(l); bn_new(u); - bn_new(v); bn_new(z); - ec_new(t); ec_new(w[0]); ec_new(w[1]); ec_curve_get_ord(n); - - for(int i = 0; i < max; i++) { + if (_v == NULL || v == NULL) { + RLC_THROW(ERR_NO_MEMORY); + } + for (int i = 0; i < max; i++) { + bn_null(v[i]); + bn_null(_v[i]); + bn_new(v[i]); + bn_new(_v[i]); bn_rand_mod(y[i], n); bn_rand_mod(td[i], n); } bn_rand_mod(p->y, n); bn_set_dig(l, 1); - for(int j = 0; j < max; j++) { - bn_mod_inv(v, y[j], n); + for (int j = 0; j < max; j++) { + bn_copy(_v[j], y[j]); + } + bn_mod_inv_sim(_v, _v, n, max); + for (int j = 0; j < max; j++) { bn_sub(u, y[j], p->y); - bn_mul(u, u, v); + bn_mul(u, u, _v[j]); bn_mod(u, u, n); bn_mul(l, l, u); bn_mod(l, l, n); } ec_mul(p->h, pp, l); - for(int i = 0; i < max; i++) { - ec_mul_gen(t, td[i]); - bn_mod_inv(v, y[i], n); - bn_mul(u, v, p->y); - bn_mod(l, u, n); - for(int j = 0; j < max; j++) { + + bn_zero(z); + bn_mod_inv_sim(v, y, n, max); + for (int i = 0; i < max; i++) { + bn_mul(u, v[i], p->y); + bn_mod(v[i], u, n); + for (int j = 0; j < max; j++) { + bn_set_dig(_v[j], 1); + if (j != i) { + bn_sub(_v[j], y[j], y[i]); + bn_mod(_v[j], _v[j], n); + } + } + bn_mod_inv_sim(_v, _v, n, max); + for (int j = 0; j < max; j++) { if (j != i) { - bn_sub(v, y[j], y[i]); - bn_mod(v, v, n); - bn_mod_inv(v, v, n); bn_sub(u, y[j], p->y); - bn_mul(u, u, v); + bn_mul(u, u, _v[j]); bn_mod(u, u, n); - bn_mul(l, l, u); - bn_mod(l, l, n); + bn_mul(v[i], v[i], u); + bn_mod(v[i], v[i], n); } } - ec_mul(t, t, l); - ec_add(p->h, p->h, t); + bn_mul(v[i], v[i], td[i]); + bn_mod(v[i], v[i], n); + bn_add(z, z, v[i]); + bn_mod(z, z, n); } - ec_norm(p->h, p->h); + ec_mul_sim_gen(p->h, z, pp, l); ec_copy(p->pk, pk); ec_copy(w[0], p->h); ec_copy(w[1], p->pk); - cp_sokor_sig(p->c, p->r, msg, len, w, sk, 0); + cp_sokor_sig(p->c, p->r, msg, len, w, NULL, sk, 0); } RLC_CATCH_ANY { result = RLC_ERR; @@ -139,30 +127,35 @@ int cp_etrs_sig(bn_t *td, bn_t *y, int max, etrs_t p, uint8_t *msg, int len, bn_free(n); bn_free(l); bn_free(u); - bn_free(v); bn_free(z); - ec_free(t); ec_free(w[0]); ec_free(w[1]); + for (int i = 0; i < max; i++) { + bn_free(v[i]); + bn_free(_v[i]); + } + RLC_FREE(v); + RLC_FREE(_v); } return result; } -int cp_etrs_ver(int thres, bn_t *td, bn_t *y, int max, etrs_t *s, int size, - uint8_t *msg, int len, ec_t pp) { +int cp_etrs_ver(size_t thres, const bn_t *td, const bn_t *y, size_t max, + const etrs_t *s, size_t size, const uint8_t *msg, size_t len, + const ec_t pp) { int i, flag = 0, result = 0; - bn_t l, n, u, v; - ec_t t, w[2]; + bn_t l, n, u; + ec_t w[2]; int d = max + size - thres; + bn_t *v = RLC_ALLOCA(bn_t, d); + bn_t *_v = RLC_ALLOCA(bn_t, d); bn_t *_y = RLC_ALLOCA(bn_t, d); ec_t *_t = RLC_ALLOCA(ec_t, d); bn_null(l); bn_null(n); bn_null(u); - bn_null(v); - ec_null(t); ec_null(w[0]); ec_null(w[1]); @@ -170,14 +163,16 @@ int cp_etrs_ver(int thres, bn_t *td, bn_t *y, int max, etrs_t *s, int size, bn_new(l); bn_new(n); bn_new(u); - bn_new(v); - ec_new(t); ec_new(w[0]); ec_new(w[1]); - if (_y == NULL || _t == NULL) { + if (_y == NULL || _t == NULL || v == NULL) { RLC_THROW(ERR_NO_MEMORY); } for (i = 0; i < d; i++) { + bn_null(v[i]); + bn_null(_v[i]); + bn_new(v[i]); + bn_new(_v[i]); bn_new(_y[i]); ec_new(_t[i]); } @@ -195,31 +190,33 @@ int cp_etrs_ver(int thres, bn_t *td, bn_t *y, int max, etrs_t *s, int size, flag = 1; ec_set_infty(w[0]); - for(i = 0; i < d; i++) { - bn_set_dig(l, 1); - for(int j = 0; j < d; j++) { + for (i = 0; i < d; i++) { + for (int j = 0; j < d; j++) { + bn_set_dig(_v[j], 1); + if (j != i) { + bn_sub(_v[j], _y[j], _y[i]); + bn_mod(_v[j], _v[j], n); + } + } + bn_mod_inv_sim(_v, _v, n, d); + bn_set_dig(v[i], 1); + for (int j = 0; j < d; j++) { if (j != i) { - bn_sub(v, _y[j], _y[i]); - bn_mod(v, v, n); - bn_mod_inv(v, v, n); - bn_mul(u, _y[j], v); + bn_mul(u, _y[j], _v[j]); bn_mod(u, u, n); - bn_mul(l, l, u); - bn_mod(l, l, n); + bn_mul(v[i], v[i], u); + bn_mod(v[i], v[i], n); } } - - ec_mul(t, _t[i], l); - ec_add(w[0], w[0], t); } - ec_norm(w[0], w[0]); + ec_mul_sim_lot(w[0], _t, v, d); flag &= ec_cmp(w[0], pp) != RLC_EQ; for (int i = 0; i < size; i++) { ec_copy(w[0], s[i]->h); ec_copy(w[1], s[i]->pk); - flag &= cp_sokor_ver(s[i]->c, s[i]->r, msg, len, w); - } + flag &= cp_sokor_ver(s[i]->c, s[i]->r, msg, len, w, NULL); + } result = flag; } RLC_CATCH_ANY { @@ -229,22 +226,24 @@ int cp_etrs_ver(int thres, bn_t *td, bn_t *y, int max, etrs_t *s, int size, bn_free(l); bn_free(n); bn_free(u); - bn_free(v); - ec_free(t); ec_free(w[0]); ec_free(w[1]); for (int i = 0; i < d; i++) { + bn_free(v[i]); + bn_free(_v[i]); bn_free(_y[i]); ec_free(_t[i]); } + RLC_FREE(v); + RLC_FREE(_v); RLC_FREE(_y); RLC_FREE(_t); } return result; } -int cp_etrs_ext(bn_t *td, bn_t *y, int max, etrs_t *p, int *size, uint8_t *msg, int len, - ec_t pk, ec_t pp) { +int cp_etrs_ext(bn_t *td, bn_t *y, size_t max, etrs_t *p, size_t *size, + const uint8_t *msg, size_t len, const ec_t pk, const ec_t pp) { bn_t n, r; ec_t w[2]; int i, result = RLC_OK; @@ -283,7 +282,7 @@ int cp_etrs_ext(bn_t *td, bn_t *y, int max, etrs_t *p, int *size, uint8_t *msg, ec_copy(p[*size]->pk, pk); ec_copy(w[0], p[*size]->h); ec_copy(w[1], p[*size]->pk); - cp_sokor_sig(p[*size]->c, p[*size]->r, msg, len, w, r, 1); + cp_sokor_sig(p[*size]->c, p[*size]->r, msg, len, w, NULL, r, 1); (*size)++; result = RLC_OK; } @@ -299,13 +298,15 @@ int cp_etrs_ext(bn_t *td, bn_t *y, int max, etrs_t *p, int *size, uint8_t *msg, return result; } -int cp_etrs_uni(int thres, bn_t *td, bn_t *y, int max, etrs_t *p, int *size, - uint8_t *msg, int len, bn_t sk, ec_t pk, ec_t pp) { +int cp_etrs_uni(int thres, bn_t *td, bn_t *y, int max, etrs_t *p, size_t *size, + const uint8_t *msg, size_t len, const bn_t sk, const ec_t pk, + const ec_t pp) { int i, result = 0; bn_t l, n, u, v; ec_t t, w[2]; int d = max + *size; + bn_t *_v = RLC_ALLOCA(bn_t, d); bn_t *_y = RLC_ALLOCA(bn_t, d); ec_t *_t = RLC_ALLOCA(ec_t, d); @@ -325,10 +326,11 @@ int cp_etrs_uni(int thres, bn_t *td, bn_t *y, int max, etrs_t *p, int *size, ec_new(t); ec_new(w[0]); ec_new(w[1]); - if (_y == NULL || _t == NULL) { + if (_v == NULL || _y == NULL || _t == NULL) { RLC_THROW(ERR_NO_MEMORY); } for (i = 0; i < d; i++) { + bn_new(_v[i]); bn_new(_y[i]); ec_new(_t[i]); } @@ -346,15 +348,20 @@ int cp_etrs_uni(int thres, bn_t *td, bn_t *y, int max, etrs_t *p, int *size, bn_rand_mod(p[*size]->y, n); ec_set_infty(p[*size]->h); - for(i = 0; i < d; i++) { + for (i = 0; i < d; i++) { + for (int j = 0; j < d; j++) { + bn_set_dig(_v[j], 1); + if (j != i) { + bn_sub(_v[j], _y[j], _y[i]); + bn_mod(_v[j], _v[j], n); + } + } + bn_mod_inv_sim(_v, _v, n, d); bn_set_dig(l, 1); - for(int j = 0; j < d; j++) { + for (int j = 0; j < d; j++) { if (j != i) { - bn_sub(v, _y[j], _y[i]); - bn_mod(v, v, n); - bn_mod_inv(v, v, n); bn_sub(u, _y[j], p[*size]->y); - bn_mul(u, u, v); + bn_mul(u, u, _v[j]); bn_mod(u, u, n); bn_mul(l, l, u); bn_mod(l, l, n); @@ -368,7 +375,7 @@ int cp_etrs_uni(int thres, bn_t *td, bn_t *y, int max, etrs_t *p, int *size, ec_copy(p[*size]->pk, pk); ec_copy(w[0], p[*size]->h); ec_copy(w[1], p[*size]->pk); - cp_sokor_sig(p[*size]->c, p[*size]->r, msg, len, w, sk, 0); + cp_sokor_sig(p[*size]->c, p[*size]->r, msg, len, w, NULL, sk, 0); (*size)++; result = RLC_OK; } @@ -384,9 +391,11 @@ int cp_etrs_uni(int thres, bn_t *td, bn_t *y, int max, etrs_t *p, int *size, ec_free(w[0]); ec_free(w[1]); for (int i = 0; i < d; i++) { + bn_free(_v[i]); bn_free(_y[i]); ec_free(_t[i]); } + RLC_FREE(_v); RLC_FREE(_y); RLC_FREE(_t); } diff --git a/src/cp/relic_cp_ghpe.c b/src/cp/relic_cp_ghpe.c index d69edb8be..2e8b69611 100644 --- a/src/cp/relic_cp_ghpe.c +++ b/src/cp/relic_cp_ghpe.c @@ -36,7 +36,7 @@ /* Public definitions */ /*============================================================================*/ -int cp_ghpe_gen(bn_t pub, bn_t prv, int bits) { +int cp_ghpe_gen(bn_t pub, bn_t prv, size_t bits) { int result = RLC_OK; bn_t p, q, r; @@ -78,7 +78,7 @@ int cp_ghpe_gen(bn_t pub, bn_t prv, int bits) { return result; } -int cp_ghpe_enc(bn_t c, bn_t m, bn_t pub, int s) { +int cp_ghpe_enc(bn_t c, const bn_t m, const bn_t pub, size_t s) { bn_t g, r, t; int result = RLC_OK; @@ -126,7 +126,8 @@ int cp_ghpe_enc(bn_t c, bn_t m, bn_t pub, int s) { return result; } -int cp_ghpe_dec(bn_t m, bn_t c, bn_t pub, bn_t prv, int s) { +int cp_ghpe_dec(bn_t m, const bn_t c, const bn_t pub, const bn_t prv, + size_t s) { bn_t i, l, r, t, u, v, x; int result = RLC_OK; dig_t fk; diff --git a/src/cp/relic_cp_ibe.c b/src/cp/relic_cp_ibe.c index 8e6b8d50f..fce35a514 100644 --- a/src/cp/relic_cp_ibe.c +++ b/src/cp/relic_cp_ibe.c @@ -59,14 +59,14 @@ int cp_ibe_gen(bn_t master, g1_t pub) { return result; } -int cp_ibe_gen_prv(g2_t prv, char *id, bn_t master) { +int cp_ibe_gen_prv(g2_t prv, const char *id, const bn_t master) { g2_map(prv, (uint8_t *)id, strlen(id)); g2_mul(prv, prv, master); return RLC_OK; } -int cp_ibe_enc(uint8_t *out, int *out_len, uint8_t *in, int in_len, char *id, - g1_t pub) { +int cp_ibe_enc(uint8_t *out, size_t *out_len, const uint8_t *in, size_t in_len, + const char *id, const g1_t pub) { int l, result = RLC_OK; uint8_t *buf = NULL, h[RLC_MD_LEN]; bn_t n; @@ -81,7 +81,7 @@ int cp_ibe_enc(uint8_t *out, int *out_len, uint8_t *in, int in_len, char *id, g2_null(q); gt_null(e); - if (pub == NULL || in_len <= 0 || in_len > RLC_MD_LEN ) { + if (pub == NULL || in_len <= 0 || in_len > RLC_MD_LEN) { return RLC_ERR; } @@ -127,9 +127,11 @@ int cp_ibe_enc(uint8_t *out, int *out_len, uint8_t *in, int in_len, char *id, } *out_len = in_len + (2 * RLC_FP_BYTES + 1); - } RLC_CATCH_ANY { + } + RLC_CATCH_ANY { result = RLC_ERR; - } RLC_FINALLY { + } + RLC_FINALLY { bn_free(n); bn_free(r); g1_free(p); @@ -140,7 +142,8 @@ int cp_ibe_enc(uint8_t *out, int *out_len, uint8_t *in, int in_len, char *id, return result; } -int cp_ibe_dec(uint8_t *out, int *out_len, uint8_t *in, int in_len, g2_t prv) { +int cp_ibe_dec(uint8_t *out, size_t *out_len, const uint8_t *in, size_t in_len, + const g2_t prv) { int l, result = RLC_OK; uint8_t *buf = NULL, h[RLC_MD_LEN]; g1_t p; @@ -181,9 +184,11 @@ int cp_ibe_dec(uint8_t *out, int *out_len, uint8_t *in, int in_len, g2_t prv) { } *out_len = in_len; - } RLC_CATCH_ANY { + } + RLC_CATCH_ANY { result = RLC_ERR; - } RLC_FINALLY { + } + RLC_FINALLY { g1_free(p); gt_free(e); RLC_FREE(buf); diff --git a/src/cp/relic_cp_mklhs.c b/src/cp/relic_cp_mklhs.c index bb4b3a499..96ef56890 100644 --- a/src/cp/relic_cp_mklhs.c +++ b/src/cp/relic_cp_mklhs.c @@ -57,12 +57,13 @@ int cp_mklhs_gen(bn_t sk, g2_t pk) { return result; } -int cp_mklhs_sig(g1_t s, bn_t m, char *data, char *id, char *tag, bn_t sk) { +int cp_mklhs_sig(g1_t s, const bn_t m, const char *data, const char *id, + const char *tag, const bn_t sk) { bn_t n; g1_t a; int result = RLC_OK; uint8_t *str = RLC_ALLOCA(uint8_t, - strlen(id) + RLC_MAX(strlen(data), strlen(tag))); + strlen(id) + RLC_MAX(strlen(data), strlen(tag))); bn_null(n); g1_null(a); @@ -70,6 +71,9 @@ int cp_mklhs_sig(g1_t s, bn_t m, char *data, char *id, char *tag, bn_t sk) { RLC_TRY { bn_new(n); g1_new(a); + if (str == NULL) { + RLC_THROW(ERR_NO_MEMORY); + } pc_get_ord(n); g1_mul_gen(a, m); @@ -97,7 +101,7 @@ int cp_mklhs_sig(g1_t s, bn_t m, char *data, char *id, char *tag, bn_t sk) { return result; } -int cp_mklhs_fun(bn_t mu, bn_t m[], dig_t f[], int len) { +int cp_mklhs_fun(bn_t mu, const bn_t m[], const dig_t f[], size_t len) { bn_t n, t; int result = RLC_OK; @@ -126,7 +130,7 @@ int cp_mklhs_fun(bn_t mu, bn_t m[], dig_t f[], int len) { return result; } -int cp_mklhs_evl(g1_t sig, g1_t s[], dig_t f[], int len) { +int cp_mklhs_evl(g1_t sig, const g1_t s[], const dig_t f[], size_t len) { int result = RLC_OK; g1_mul_sim_dig(sig, s, f, len); @@ -134,8 +138,9 @@ int cp_mklhs_evl(g1_t sig, g1_t s[], dig_t f[], int len) { return result; } -int cp_mklhs_ver(g1_t sig, bn_t m, bn_t mu[], char *data, char *id[], - char *tag[], dig_t *f[], int flen[], g2_t pk[], int slen) { +int cp_mklhs_ver(const g1_t sig, const bn_t m, const bn_t mu[], + const char *data, const char *id[], const char *tag[], const dig_t *f[], + const size_t flen[], const g2_t pk[], size_t slen) { bn_t t, n; g1_t d, *g = RLC_ALLOCA(g1_t, slen); g2_t g2; @@ -165,7 +170,7 @@ int cp_mklhs_ver(g1_t sig, bn_t m, bn_t mu[], char *data, char *id[], g2_new(g2); gt_new(c); gt_new(e); - if (g == NULL || h == NULL) { + if (g == NULL || h == NULL || str == NULL) { RLC_FREE(g); RLC_FREE(h); RLC_THROW(ERR_NO_MEMORY); @@ -235,8 +240,8 @@ int cp_mklhs_ver(g1_t sig, bn_t m, bn_t mu[], char *data, char *id[], return (ver1 && ver2); } -int cp_mklhs_off(g1_t h[], dig_t ft[], char *id[], char *tag[], dig_t *f[], - int flen[], int slen) { +int cp_mklhs_off(g1_t h[], dig_t ft[], const char *id[], const char *tag[], + const dig_t *f[], const size_t flen[], size_t slen) { int imax = 0, lmax = 0, fmax = 0, result = RLC_OK; for (int i = 0; i < slen; i++) { fmax = RLC_MAX(fmax, flen[i]); @@ -249,7 +254,7 @@ int cp_mklhs_off(g1_t h[], dig_t ft[], char *id[], char *tag[], dig_t *f[], uint8_t *str = RLC_ALLOCA(uint8_t, imax + lmax); RLC_TRY { - if (_h == NULL) { + if (_h == NULL || str == NULL) { RLC_FREE(_h); RLC_THROW(ERR_NO_MEMORY); } @@ -283,8 +288,9 @@ int cp_mklhs_off(g1_t h[], dig_t ft[], char *id[], char *tag[], dig_t *f[], return result; } -int cp_mklhs_onv(g1_t sig, bn_t m, bn_t mu[], char *data, char *id[], g1_t h[], - dig_t ft[], g2_t pk[], int slen) { +int cp_mklhs_onv(const g1_t sig, const bn_t m, const bn_t mu[], + const char *data, const char *id[], const g1_t h[], const dig_t ft[], + const g2_t pk[], size_t slen) { bn_t t, n; g1_t d, g1, *g = RLC_ALLOCA(g1_t, slen); g2_t g2; @@ -311,7 +317,7 @@ int cp_mklhs_onv(g1_t sig, bn_t m, bn_t mu[], char *data, char *id[], g1_t h[], g2_new(g2); gt_new(c); gt_new(e); - if (g == NULL) { + if (g == NULL || str == NULL) { RLC_FREE(g); RLC_THROW(ERR_NO_MEMORY); } diff --git a/src/cp/relic_cp_mpss.c b/src/cp/relic_cp_mpss.c index 1d3b4b6d2..d3201616b 100644 --- a/src/cp/relic_cp_mpss.c +++ b/src/cp/relic_cp_mpss.c @@ -76,7 +76,8 @@ int cp_mpss_bct(g2_t x[2], g2_t y[2]) { return RLC_OK; } -int cp_mpss_sig(g1_t a, g1_t b[2], bn_t m[2], bn_t r[2], bn_t s[2], mt_t mul_tri[2], mt_t sm_tri[2]) { +int cp_mpss_sig(g1_t a, g1_t b[2], const bn_t m[2], const bn_t r[2], + const bn_t s[2], const mt_t mul_tri[2], const mt_t sm_tri[2]) { int result = RLC_OK; bn_t n, d[2], e[2]; @@ -92,11 +93,11 @@ int cp_mpss_sig(g1_t a, g1_t b[2], bn_t m[2], bn_t r[2], bn_t s[2], mt_t mul_tri } /* Compute d = (xm + y) in MPC. */ g1_get_ord(n); - mt_mul_lcl(d[0], e[0], m[0], s[0], n, mul_tri[0]); - mt_mul_lcl(d[1], e[1], m[1], s[1], n, mul_tri[1]); - mt_mul_bct(d, e, n); - mt_mul_mpc(d[0], d[0], e[0], n, mul_tri[0], 0); - mt_mul_mpc(d[1], d[1], e[1], n, mul_tri[1], 1); + mpc_mt_lcl(d[0], e[0], m[0], s[0], n, mul_tri[0]); + mpc_mt_lcl(d[1], e[1], m[1], s[1], n, mul_tri[1]); + mpc_mt_bct(d, e, n); + mpc_mt_mul(d[0], d[0], e[0], n, mul_tri[0], 0); + mpc_mt_mul(d[1], d[1], e[1], n, mul_tri[1], 1); bn_add(d[0], d[0], r[0]); bn_mod(d[0], d[0], n); bn_add(d[1], d[1], r[1]); @@ -120,8 +121,9 @@ int cp_mpss_sig(g1_t a, g1_t b[2], bn_t m[2], bn_t r[2], bn_t s[2], mt_t mul_tri return result; } -int cp_mpss_ver(gt_t e, g1_t a, g1_t b[2], bn_t m[2], g2_t h, g2_t x, g2_t y, - mt_t sm_tri[2], pt_t pc_tri[2]) { +int cp_mpss_ver(gt_t e, const g1_t a, const g1_t b[2], const bn_t m[2], + const g2_t h, const g2_t x, const g2_t y, const mt_t sm_tri[2], + const pt_t pc_tri[2]) { int result = 0; bn_t n, d[2], r[2]; g1_t p[2], q[2]; @@ -188,9 +190,11 @@ int cp_mpss_ver(gt_t e, g1_t a, g1_t b[2], bn_t m[2], g2_t h, g2_t x, g2_t y, /* Now combine shares and multiply. */ gt_mul(e, beta[0], beta[1]); } - } RLC_CATCH_ANY { + } + RLC_CATCH_ANY { result = RLC_ERR; - } RLC_FINALLY { + } + RLC_FINALLY { bn_free(n); for (int i = 0; i < 2; i++) { bn_free(d[i]); @@ -206,7 +210,8 @@ int cp_mpss_ver(gt_t e, g1_t a, g1_t b[2], bn_t m[2], g2_t h, g2_t x, g2_t y, return result; } -int cp_mpsb_gen(bn_t r[2], bn_t s[][2], g2_t h, g2_t x[2], g2_t y[][2], int l) { +int cp_mpsb_gen(bn_t r[2], bn_t s[][2], g2_t h, g2_t x[2], g2_t y[][2], + size_t l) { bn_t n; int result = RLC_OK; @@ -238,7 +243,7 @@ int cp_mpsb_gen(bn_t r[2], bn_t s[][2], g2_t h, g2_t x[2], g2_t y[][2], int l) { return result; } -int cp_mpsb_bct(g2_t x[2], g2_t y[][2], int l) { +int cp_mpsb_bct(g2_t x[2], g2_t y[][2], size_t l) { /* Add public values and replicate. */ g2_add(x[0], x[0], x[1]); g2_norm(x[0], x[0]); @@ -251,8 +256,9 @@ int cp_mpsb_bct(g2_t x[2], g2_t y[][2], int l) { return RLC_OK; } -int cp_mpsb_sig(g1_t a, g1_t b[2], bn_t m[][2], bn_t r[2], bn_t s[][2], - mt_t mul_tri[2], mt_t sm_tri[2], int l) { +int cp_mpsb_sig(g1_t a, g1_t b[2], const bn_t m[][2], const bn_t r[2], + const bn_t s[][2], const mt_t mul_tri[2], const mt_t sm_tri[2], + size_t l) { int result = RLC_OK; bn_t n, d[2], e[2], t[2]; @@ -295,9 +301,11 @@ int cp_mpsb_sig(g1_t a, g1_t b[2], bn_t m[][2], bn_t r[2], bn_t s[][2], g1_norm(a, a); g1_mul(b[0], a, d[0]); g1_mul(b[1], a, d[1]); - } RLC_CATCH_ANY { + } + RLC_CATCH_ANY { result = RLC_ERR; - } RLC_FINALLY { + } + RLC_FINALLY { bn_free(n); for (int i = 0; i < 2; i++) { bn_free(d[i]); @@ -308,8 +316,9 @@ int cp_mpsb_sig(g1_t a, g1_t b[2], bn_t m[][2], bn_t r[2], bn_t s[][2], return result; } -int cp_mpsb_ver(gt_t e, g1_t a, g1_t b[2], bn_t m[][2], g2_t h, g2_t x, - g2_t y[][2], bn_t v[][2], mt_t sm_tri[2], pt_t pc_tri[2], int l) { +int cp_mpsb_ver(gt_t e, const g1_t a, const g1_t b[2], const bn_t m[][2], + const g2_t h, const g2_t x, const g2_t y[][2], const bn_t v[][2], + const mt_t sm_tri[2], const pt_t pc_tri[2], size_t l) { int result = 0; bn_t n, _t, t[2], d[2], r[2], *_m = RLC_ALLOCA(bn_t, 2 * l); g1_t p[2], q[2]; @@ -322,6 +331,11 @@ int cp_mpsb_ver(gt_t e, g1_t a, g1_t b[2], bn_t m[][2], g2_t h, g2_t x, RLC_TRY { bn_new(n); bn_new(_t); + if (_m == NULL || _y == NULL) { + RLC_FREE(_m); + RLC_FREE(_y); + RLC_THROW(ERR_NO_MEMORY); + } for (int i = 0; i < 2; i++) { bn_null(d[i]); bn_null(r[i]); @@ -341,23 +355,23 @@ int cp_mpsb_ver(gt_t e, g1_t a, g1_t b[2], bn_t m[][2], g2_t h, g2_t x, gt_new(alpha[i]); gt_new(beta[i]); for (int j = 0; j < l; j++) { - g2_null(_y[l*i + j]); - g2_new(_y[l*i + j]); - bn_null(_m[l*i + j]); - bn_new(_m[l*i + j]); + g2_null(_y[l * i + j]); + g2_new(_y[l * i + j]); + bn_null(_m[l * i + j]); + bn_new(_m[l * i + j]); } } g1_get_ord(n); if (v == NULL) { for (int i = 0; i < 2; i++) { for (int j = 0; j < l; j++) { - bn_copy(_m[l*i + j], m[j][i]); - g2_copy(_y[l*i + j], y[j][i]); + bn_copy(_m[l * i + j], m[j][i]); + g2_copy(_y[l * i + j], y[j][i]); } } /* Compute Z = X + [m] * Y. */ for (int i = 0; i < 2; i++) { - g2_mul_sim_lot(z[i], &_y[l*i], &_m[l*i], l); + g2_mul_sim_lot(z[i], &_y[l * i], &_m[l * i], l); } } else { /* Compute Z = X + [m] * [y_i] * G. */ @@ -411,9 +425,11 @@ int cp_mpsb_ver(gt_t e, g1_t a, g1_t b[2], bn_t m[][2], g2_t h, g2_t x, /* Now combine shares and multiply. */ gt_mul(e, beta[0], beta[1]); } - } RLC_CATCH_ANY { + } + RLC_CATCH_ANY { result = RLC_ERR; - } RLC_FINALLY { + } + RLC_FINALLY { bn_free(n); bn_free(_t); for (int i = 0; i < 2; i++) { @@ -427,8 +443,8 @@ int cp_mpsb_ver(gt_t e, g1_t a, g1_t b[2], bn_t m[][2], g2_t h, g2_t x, gt_free(alpha[i]); gt_free(beta[i]); for (int j = 0; j < l; j++) { - g2_free(_y[l*i + j]); - bn_free(_m[l*i + j]); + g2_free(_y[l * i + j]); + bn_free(_m[l * i + j]); } } RLC_FREE(_y); diff --git a/src/cp/relic_cp_pbpsi.c b/src/cp/relic_cp_pbpsi.c new file mode 100644 index 000000000..acc6fafe1 --- /dev/null +++ b/src/cp/relic_cp_pbpsi.c @@ -0,0 +1,199 @@ +/* + * RELIC is an Efficient LIbrary for Cryptography + * Copyright (c) 2021 RELIC Authors + * + * This file is part of RELIC. RELIC is legal property of its developers, + * whose names are not listed here. Please refer to the COPYRIGHT file + * for contact information. + * + * RELIC is free software; you can redistribute it and/or modify it under the + * terms of the version 2.1 (or later) of the GNU Lesser General Public License + * as published by the Free Software Foundation; or version 2.0 of the Apache + * License as published by the Apache Software Foundation. See the LICENSE files + * for more details. + * + * RELIC is distributed in the hope that it will be useful, but WITHOUT ANY + * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR + * A PARTICULAR PURPOSE. See the LICENSE files for more details. + * + * You should have received a copy of the GNU Lesser General Public or the + * Apache License along with RELIC. If not, see + * or . + */ + +/** + * @file + * + * Implementation of pairing-based laconic private set intersection protocols. + * + * @ingroup cp + */ + +#include "relic.h" + +/*============================================================================*/ +/* Public definitions */ +/*============================================================================*/ + +int cp_pbpsi_gen(bn_t sk, g1_t ss, g2_t s[], size_t m) { + int i, result = RLC_OK; + bn_t q; + + bn_null(q); + + RLC_TRY { + bn_new(q); + + pc_get_ord(q); + bn_rand_mod(sk, q); + g1_mul_gen(ss, sk); + + g2_get_gen(s[0]); + for (i = 1; i <= m; i++) { + g2_mul(s[i], s[i - 1], sk); + } + } + RLC_CATCH_ANY { + result = RLC_ERR; + } + RLC_FINALLY { + bn_free(q); + } + return result; +} + +int cp_pbpsi_ask(g2_t d[], bn_t r, const bn_t x[], const g2_t s[], size_t m) { + int i, result = RLC_OK; + bn_t t, q, *p = RLC_ALLOCA(bn_t, m + 1), *_x = RLC_ALLOCA(bn_t, m + 1); + + bn_null(q); + bn_null(t); + + RLC_TRY { + bn_new(q); + bn_new(t); + if (p == NULL) { + RLC_THROW(ERR_NO_MEMORY); + } + for (i = 0; i <= m; i++) { + bn_null(p[i]); + bn_new(p[i]); + bn_null(_x[i]); + bn_new(_x[i]); + } + + pc_get_ord(q); + bn_rand_mod(r, q); + if (m == 0) { + g2_mul_gen(d[0], r); + } else { + bn_lag(p, x, q, m); + g2_mul_sim_lot(d[0], s, p, m + 1); + g2_mul(d[0], d[0], r); + for (i = 0; i < m; i++) { + bn_copy(_x[i], x[i]); + } + for (i = 0; i < m; i++) { + bn_copy(t, _x[i]); + bn_copy(_x[i], _x[m - 1]); + bn_lag(p, _x, q, m - 1); + g2_mul_sim_lot(d[i + 1], s, p, m); + g2_mul(d[i + 1], d[i + 1], r); + bn_copy(_x[i], t); + } + } + } + RLC_CATCH_ANY { + result = RLC_ERR; + } + RLC_FINALLY { + bn_free(q); + bn_free(t); + for (i = 0; i <= m; i++) { + bn_free(p[i]); + bn_free(_x[i]); + } + RLC_FREE(p); + } + return result; +} + +int cp_pbpsi_ans(gt_t t[], g1_t u[], const g1_t ss, const g2_t d, + const bn_t y[], size_t n) { + int j, result = RLC_OK; + bn_t q, tj; + g1_t g1; + g2_t g2; + unsigned int *shuffle = RLC_ALLOCA(unsigned int, n); + + bn_null(q); + bn_null(tj); + g1_null(g1); + g2_null(g2); + + RLC_TRY { + bn_new(q); + bn_new(tj); + g1_new(g1); + g2_new(g2); + if (shuffle == NULL) { + RLC_THROW(ERR_NO_MEMORY); + } + + util_perm(shuffle, n); + + pc_get_ord(q); + g2_get_gen(g2); + for (j = 0; j < n; j++) { + bn_rand_mod(tj, q); + g1_mul_gen(g1, tj); + pc_map(t[j], g1, d); + g1_mul_gen(u[j], y[shuffle[j]]); + g1_sub(u[j], ss, u[j]); + g1_mul(u[j], u[j], tj); + } + } + RLC_CATCH_ANY { + result = RLC_ERR; + } + RLC_FINALLY { + bn_free(q); + bn_free(tj); + g1_free(g1); + g2_free(g2); + RLC_FREE(shuffle); + } + return result; +} + +int cp_pbpsi_int(bn_t z[], size_t *len, const g2_t d[], const bn_t x[], + size_t m, const gt_t t[], const g1_t u[], size_t n) { + int j, k, result = RLC_OK; + gt_t e; + + gt_null(e); + + RLC_TRY { + gt_new(e); + + *len = 0; + if (m > 0) { + for (k = 0; k < m; k++) { + for (j = 0; j < n; j++) { + pc_map(e, u[j], d[k + 1]); + if (gt_cmp(e, t[j]) == RLC_EQ && !gt_is_unity(e)) { + bn_copy(z[*len], x[k]); + (*len)++; + } + } + } + } + } + RLC_CATCH_ANY { + result = RLC_ERR; + } + RLC_FINALLY { + gt_free(e); + } + return result; +} diff --git a/src/cp/relic_cp_pcdel.c b/src/cp/relic_cp_pcdel.c index a8ded35e5..535f3fe7a 100644 --- a/src/cp/relic_cp_pcdel.c +++ b/src/cp/relic_cp_pcdel.c @@ -64,7 +64,8 @@ int cp_pdpub_gen(bn_t c, bn_t r, g1_t u1, g2_t u2, g2_t v2, gt_t e) { return result; } -int cp_pdpub_ask(g1_t v1, g2_t w2, g1_t p, g2_t q, bn_t c, bn_t r, g1_t u1, g2_t u2, g2_t v2) { +int cp_pdpub_ask(g1_t v1, g2_t w2, const g1_t p, const g2_t q, const bn_t c, + const bn_t r, const g1_t u1, const g2_t u2, const g2_t v2) { int result = RLC_OK; /* Compute V1 = [r](P - U1). */ @@ -77,7 +78,8 @@ int cp_pdpub_ask(g1_t v1, g2_t w2, g1_t p, g2_t q, bn_t c, bn_t r, g1_t u1, g2_t return result; } -int cp_pdpub_ans(gt_t g[3], g1_t p, g2_t q, g1_t v1, g2_t v2, g2_t w2) { +int cp_pdpub_ans(gt_t g[3], const g1_t p, const g2_t q, const g1_t v1, + const g2_t v2, const g2_t w2) { int result = RLC_OK; pc_map(g[0], p, q); pc_map(g[1], p, w2); @@ -85,7 +87,7 @@ int cp_pdpub_ans(gt_t g[3], g1_t p, g2_t q, g1_t v1, g2_t v2, g2_t w2) { return result; } -int cp_pdpub_ver(gt_t r, gt_t g[3], bn_t c, gt_t e) { +int cp_pdpub_ver(gt_t r, const gt_t g[3], const bn_t c, const gt_t e) { int result = 1; gt_t t; @@ -115,7 +117,8 @@ int cp_pdpub_ver(gt_t r, gt_t g[3], bn_t c, gt_t e) { return result; } -int cp_pdprv_gen(bn_t c, bn_t r[3], g1_t u1[2], g2_t u2[2], g2_t v2[4], gt_t e[2]) { +int cp_pdprv_gen(bn_t c, bn_t r[3], g1_t u1[2], g2_t u2[2], g2_t v2[4], + gt_t e[2]) { bn_t n; int result = RLC_OK; @@ -151,7 +154,9 @@ int cp_pdprv_gen(bn_t c, bn_t r[3], g1_t u1[2], g2_t u2[2], g2_t v2[4], gt_t e[2 return result; } -int cp_pdprv_ask(g1_t v1[3], g2_t w2[4], g1_t p, g2_t q, bn_t c, bn_t r[3], g1_t u1[2], g2_t u2[2], g2_t v2[4]) { +int cp_pdprv_ask(g1_t v1[3], g2_t w2[4], const g1_t p, const g2_t q, + const bn_t c, const bn_t r[3], const g1_t u1[2], const g2_t u2[2], + const g2_t v2[4]) { int result = RLC_OK; bn_t n; @@ -183,7 +188,7 @@ int cp_pdprv_ask(g1_t v1[3], g2_t w2[4], g1_t p, g2_t q, bn_t c, bn_t r[3], g1_t return result; } -int cp_pdprv_ans(gt_t g[4], g1_t v1[3], g2_t w2[4]) { +int cp_pdprv_ans(gt_t g[4], const g1_t v1[3], const g2_t w2[4]) { int result = RLC_OK; pc_map(g[0], v1[0], w2[0]); pc_map(g[1], v1[1], w2[1]); @@ -192,7 +197,7 @@ int cp_pdprv_ans(gt_t g[4], g1_t v1[3], g2_t w2[4]) { return result; } -int cp_pdprv_ver(gt_t r, gt_t g[4], bn_t c, gt_t e[2]) { +int cp_pdprv_ver(gt_t r, const gt_t g[4], const bn_t c, const gt_t e[2]) { int result = 1; gt_t t; @@ -251,7 +256,8 @@ int cp_lvpub_gen(bn_t r, g1_t u1, g2_t u2, g2_t v2, gt_t e) { return result; } -int cp_lvpub_ask(bn_t c, g1_t v1, g2_t w2, g1_t p, g2_t q, bn_t r, g1_t u1, g2_t u2, g2_t v2) { +int cp_lvpub_ask(bn_t c, g1_t v1, g2_t w2, const g1_t p, const g2_t q, + const bn_t r, const g1_t u1, const g2_t u2, const g2_t v2) { int result = RLC_OK; /* Sample random c. */ @@ -266,7 +272,8 @@ int cp_lvpub_ask(bn_t c, g1_t v1, g2_t w2, g1_t p, g2_t q, bn_t r, g1_t u1, g2_t return result; } -int cp_lvpub_ans(gt_t g[2], g1_t p, g2_t q, g1_t v1, g2_t v2, g2_t w2) { +int cp_lvpub_ans(gt_t g[2], const g1_t p, const g2_t q, const g1_t v1, + const g2_t v2, const g2_t w2) { int result = RLC_OK; g1_t _p[2]; g2_t _q[2]; @@ -300,7 +307,7 @@ int cp_lvpub_ans(gt_t g[2], g1_t p, g2_t q, g1_t v1, g2_t v2, g2_t w2) { return result; } -int cp_lvpub_ver(gt_t r, gt_t g[2], bn_t c, gt_t e) { +int cp_lvpub_ver(gt_t r, const gt_t g[2], const bn_t c, const gt_t e) { int result = 1; gt_t t; @@ -329,7 +336,8 @@ int cp_lvpub_ver(gt_t r, gt_t g[2], bn_t c, gt_t e) { return result; } -int cp_lvprv_gen(bn_t c, bn_t r[3], g1_t u1[2], g2_t u2[2], g2_t v2[4], gt_t e[2]) { +int cp_lvprv_gen(bn_t c, bn_t r[3], g1_t u1[2], g2_t u2[2], g2_t v2[4], + gt_t e[2]) { bn_t n; int result = RLC_OK; @@ -365,7 +373,9 @@ int cp_lvprv_gen(bn_t c, bn_t r[3], g1_t u1[2], g2_t u2[2], g2_t v2[4], gt_t e[2 return result; } -int cp_lvprv_ask(g1_t v1[3], g2_t w2[4], g1_t p, g2_t q, bn_t c, bn_t r[3], g1_t u1[2], g2_t u2[2], g2_t v2[4]) { +int cp_lvprv_ask(g1_t v1[3], g2_t w2[4], const g1_t p, const g2_t q, + const bn_t c, const bn_t r[3], const g1_t u1[2], const g2_t u2[2], + const g2_t v2[4]) { int result = RLC_OK; bn_t n; @@ -397,7 +407,7 @@ int cp_lvprv_ask(g1_t v1[3], g2_t w2[4], g1_t p, g2_t q, bn_t c, bn_t r[3], g1_t return result; } -int cp_lvprv_ans(gt_t g[4], g1_t v1[3], g2_t w2[4]) { +int cp_lvprv_ans(gt_t g[4], const g1_t v1[3], const g2_t w2[4]) { int result = RLC_OK; g1_t _p[2]; g2_t _q[2]; @@ -431,7 +441,7 @@ int cp_lvprv_ans(gt_t g[4], g1_t v1[3], g2_t w2[4]) { return result; } -int cp_lvprv_ver(gt_t r, gt_t g[4], bn_t c, gt_t e[2]) { +int cp_lvprv_ver(gt_t r, const gt_t g[4], const bn_t c, const gt_t e[2]) { int result = 1; gt_t t; diff --git a/src/cp/relic_cp_phpe.c b/src/cp/relic_cp_phpe.c index c10e0f453..dbff0a8a3 100644 --- a/src/cp/relic_cp_phpe.c +++ b/src/cp/relic_cp_phpe.c @@ -35,7 +35,7 @@ /* Public definitions */ /*============================================================================*/ -int cp_phpe_gen(bn_t pub, phpe_t prv, int bits) { +int cp_phpe_gen(bn_t pub, phpe_t prv, size_t bits) { int result = RLC_OK; /* Generate primes p and q of equivalent length. */ @@ -44,31 +44,27 @@ int cp_phpe_gen(bn_t pub, phpe_t prv, int bits) { bn_gen_prime(prv->q, bits / 2); } while (bn_cmp(prv->p, prv->q) == RLC_EQ); - /* Compute n = pq and l = \phi(n). */ + /* Compute n = pq. */ bn_mul(prv->n, prv->p, prv->q); #ifdef CP_CRT /* Fix g = n + 1. */ - bn_add_dig(pub, prv->n, 1); - - /* Precompute dp = 1/(pow(g, p-1, p^2)//p mod p. */ - bn_sqr(prv->dp, prv->p); - bn_sub_dig(prv->p, prv->p, 1); - bn_mxp(prv->dp, pub, prv->p, prv->dp); - bn_sub_dig(prv->dp, prv->dp, 1); - bn_div(prv->dp, prv->dp, prv->p); - /* Precompute dq = 1/(pow(g, q-1, q^2)//q mod q. */ - bn_sqr(prv->dq, prv->q); - bn_sub_dig(prv->q, prv->q, 1); - bn_mxp(prv->dq, pub, prv->q, prv->dq); - bn_sub_dig(prv->dq, prv->dq, 1); - bn_div(prv->dq, prv->dq, prv->q); - - /* Restore p and q. */ - bn_add_dig(prv->p, prv->p, 1); - bn_add_dig(prv->q, prv->q, 1); - bn_mod_inv(prv->dp, prv->dp, prv->p); - bn_mod_inv(prv->dq, prv->dq, prv->q); + + /* Precompute dp = 1/(pow(g, p-1, p^2)//p mod p. + * with g=1+n, this is also 1/((p-1)q) mod p. + */ + bn_sub_dig(prv->dp, prv->p, 1); //p-1 + bn_mul(prv->dp, prv->dp, prv->q); //(p-1)q + bn_mod(prv->dp, prv->dp, prv->p); //(p-1)q mod p + bn_mod_inv(prv->dp, prv->dp, prv->p); //((p-1)q)^{-1} mod p + + /* Precompute dq = 1/(pow(g, q-1, q^2)//q mod q. + * with g=1+n, this is also 1/((q-1)p) mod q. + */ + bn_sub_dig(prv->dq, prv->q, 1); //q-1 + bn_mul(prv->dq, prv->dq, prv->p); //(q-1)p + bn_mod(prv->dq, prv->dq, prv->q); //(q-1)p mod q + bn_mod_inv(prv->dq, prv->dq, prv->q); //((q-1)p)^{-1} mod q /* qInv = q^(-1) mod p. */ bn_mod_inv(prv->qi, prv->q, prv->p); @@ -78,7 +74,30 @@ int cp_phpe_gen(bn_t pub, phpe_t prv, int bits) { return result; } -int cp_phpe_enc(bn_t c, bn_t m, bn_t pub) { +int cp_phpe_add(bn_t r, const bn_t c, const bn_t d, const bn_t pub) { + int result = RLC_OK; + bn_t s; + + bn_null(s); + + RLC_TRY { + bn_new(s); + + bn_sqr(s, pub); + bn_mul(r, c, d); + bn_mod(r, r, s); + } + RLC_CATCH_ANY { + result = RLC_ERR; + } + RLC_FINALLY { + bn_free(s); + } + + return result; +} + +int cp_phpe_enc(bn_t c, const bn_t m, const bn_t pub) { bn_t g, r, s; int result = RLC_OK; @@ -97,10 +116,14 @@ int cp_phpe_enc(bn_t c, bn_t m, bn_t pub) { /* Generate r in Z_n^*. */ bn_rand_mod(r, pub); - /* Compute c = (g^m)(r^n) mod n^2. */ + /* Compute c = (g^m)(r^n) mod n^2. + * With g=1+n, this is also (1 + n*m) * r^n mod n^2. + */ bn_add_dig(g, pub, 1); bn_sqr(s, pub); - bn_mxp(c, g, m, s); + bn_mul(c, pub, m); + bn_add_dig(c, c, 1); + bn_mod(c, c, s); bn_mxp(r, r, pub, s); bn_mul(c, c, r); bn_mod(c, c, s); @@ -117,98 +140,45 @@ int cp_phpe_enc(bn_t c, bn_t m, bn_t pub) { return result; } -int cp_phpe_dec(bn_t m, bn_t c, phpe_t prv) { - bn_t s, t, u, v; +int cp_phpe_dec(bn_t m, const bn_t c, const phpe_t prv) { + bn_t t, u; int result = RLC_OK; if (prv == NULL || bn_bits(c) > 2 * bn_bits(prv->n)) { return RLC_ERR; } - bn_null(s); bn_null(t); bn_null(u); - bn_null(v); RLC_TRY { - bn_new(s); bn_new(t); bn_new(u); - bn_new(v); + + bn_sub_dig(t, prv->p, 1); + bn_sub_dig(u, prv->q, 1); #if !defined(CP_CRT) - bn_sub_dig(s, prv->p, 1); - bn_sub_dig(t, prv->q, 1); - bn_mul(s, s, t); + bn_mul(t, t, u); /* Compute (c^l mod n^2) * u mod n. */ - bn_sqr(t, prv->n); - bn_mxp(m, c, s, t); + bn_sqr(u, prv->n); + bn_mxp(m, c, t, u); bn_sub_dig(m, m, 1); bn_div(m, m, prv->n); - bn_mod_inv(t, s, prv->n); - bn_mul(m, m, t); + bn_mod_inv(u, t, prv->n); + bn_mul(m, m, u); bn_mod(m, m, prv->n); #else - -#if MULTI == OPENMP - omp_set_num_threads(CORES); - #pragma omp parallel copyin(core_ctx) firstprivate(c, prv) - { - #pragma omp sections - { - #pragma omp section - { -#endif - /* Compute m_p = (c^(p-1) mod p^2) * dp mod p. */ - bn_sub_dig(t, prv->p, 1); - bn_sqr(s, prv->p); - bn_mxp(s, c, t, s); - bn_sub_dig(s, s, 1); - bn_div(s, s, prv->p); - bn_mul(s, s, prv->dp); - bn_mod(s, s, prv->p); -#if MULTI == OPENMP - } - #pragma omp section - { -#endif - /* Compute m_q = (c^(q-1) mod q^2) * dq mod q. */ - bn_sub_dig(v, prv->q, 1); - bn_sqr(u, prv->q); - bn_mxp(u, c, v, u); - bn_sub_dig(u, u, 1); - bn_div(u, u, prv->q); - bn_mul(u, u, prv->dq); - bn_mod(u, u, prv->q); -#if MULTI == OPENMP - } - } - } -#endif - - /* m = (m_p - m_q) mod p. */ - bn_sub(m, s, u); - while (bn_sign(m) == RLC_NEG) { - bn_add(m, m, prv->p); - } - bn_mod(m, m, prv->p); - /* m1 = qInv(m_p - m_q) mod p. */ - bn_mul(m, m, prv->qi); - bn_mod(m, m, prv->p); - /* m = m2 + m1 * q. */ - bn_mul(m, m, prv->q); - bn_add(m, m, u); - bn_mod(m, m, prv->n); -#endif - } RLC_CATCH_ANY { + bn_mxp_crt(m, c, t, u, prv, 1); +#endif /* CP_CRT */ + } + RLC_CATCH_ANY { result = RLC_ERR; } RLC_FINALLY { - bn_free(s); bn_free(t); bn_free(u); - bn_free(v); } return result; diff --git a/src/cp/relic_cp_pok.c b/src/cp/relic_cp_pok.c index 236408875..2aec3a694 100644 --- a/src/cp/relic_cp_pok.c +++ b/src/cp/relic_cp_pok.c @@ -40,7 +40,7 @@ * Authors: Jan Camenisc, Markus Stadler (1997) */ -int cp_pokdl_prv(bn_t c, bn_t r, ec_t y, bn_t x) { +int cp_pokdl_prv(bn_t c, bn_t r, const ec_t y, const bn_t x) { bn_t n, v; ec_t t; int l, result = RLC_OK; @@ -87,7 +87,7 @@ int cp_pokdl_prv(bn_t c, bn_t r, ec_t y, bn_t x) { return result; } -int cp_pokdl_ver(bn_t c, bn_t r, ec_t y) { +int cp_pokdl_ver(const bn_t c, const bn_t r, const ec_t y) { bn_t n, v; ec_t t; int l, result = 0; @@ -134,7 +134,7 @@ int cp_pokdl_ver(bn_t c, bn_t r, ec_t y) { return result; } -int cp_pokor_prv(bn_t c[2], bn_t r[2], ec_t y[2], bn_t x) { +int cp_pokor_prv(bn_t c[2], bn_t r[2], const ec_t y[2], const bn_t x) { bn_t n, v[2], z; ec_t t; int l, result = RLC_OK; @@ -203,7 +203,7 @@ int cp_pokor_prv(bn_t c[2], bn_t r[2], ec_t y[2], bn_t x) { return result; } -int cp_pokor_ver(bn_t c[2], bn_t r[2], ec_t y[2]) { +int cp_pokor_ver(const bn_t c[2], const bn_t r[2], const ec_t y[2]) { bn_t n, v[2], z; ec_t t; int l, result = 0; diff --git a/src/cp/relic_cp_pss.c b/src/cp/relic_cp_pss.c index 3eb18a3c9..94f45aa13 100644 --- a/src/cp/relic_cp_pss.c +++ b/src/cp/relic_cp_pss.c @@ -60,7 +60,7 @@ int cp_pss_gen(bn_t r, bn_t s, g2_t g, g2_t x, g2_t y) { return result; } -int cp_pss_sig(g1_t a, g1_t b, bn_t m, bn_t r, bn_t s) { +int cp_pss_sig(g1_t a, g1_t b, const bn_t m, const bn_t r, const bn_t s) { bn_t n, t; int result = RLC_OK; @@ -88,7 +88,8 @@ int cp_pss_sig(g1_t a, g1_t b, bn_t m, bn_t r, bn_t s) { return result; } -int cp_pss_ver(g1_t a, g1_t b, bn_t m, g2_t g, g2_t x, g2_t y) { +int cp_pss_ver(const g1_t a, const g1_t b, const bn_t m, const g2_t g, + const g2_t x, const g2_t y) { g1_t p[2]; g2_t r[2]; gt_t e; @@ -134,7 +135,7 @@ int cp_pss_ver(g1_t a, g1_t b, bn_t m, g2_t g, g2_t x, g2_t y) { return result; } -int cp_psb_gen(bn_t r, bn_t s[], g2_t g, g2_t x, g2_t y[], int l) { +int cp_psb_gen(bn_t r, bn_t s[], g2_t g, g2_t x, g2_t y[], size_t l) { bn_t n; int i, result = RLC_OK; @@ -161,7 +162,8 @@ int cp_psb_gen(bn_t r, bn_t s[], g2_t g, g2_t x, g2_t y[], int l) { return result; } -int cp_psb_sig(g1_t a, g1_t b, bn_t ms[], bn_t r, bn_t s[], int l) { +int cp_psb_sig(g1_t a, g1_t b, const bn_t ms[], const bn_t r, const bn_t s[], + size_t l) { bn_t m, n, t; int i, result = RLC_OK; @@ -200,7 +202,8 @@ int cp_psb_sig(g1_t a, g1_t b, bn_t ms[], bn_t r, bn_t s[], int l) { return result; } -int cp_psb_ver(g1_t a, g1_t b, bn_t ms[], g2_t g, g2_t x, g2_t y[], int l) { +int cp_psb_ver(const g1_t a, const g1_t b, const bn_t ms[], const g2_t g, + const g2_t x, const g2_t y[], size_t l) { g1_t p[2]; g2_t q[2]; gt_t e; diff --git a/src/cp/relic_cp_rabin.c b/src/cp/relic_cp_rabin.c index d945f7eef..08ec3ab85 100644 --- a/src/cp/relic_cp_rabin.c +++ b/src/cp/relic_cp_rabin.c @@ -49,7 +49,7 @@ /* Public definitions */ /*============================================================================*/ -int cp_rabin_gen(rabin_t pub, rabin_t prv, int bits) { +int cp_rabin_gen(rabin_t pub, rabin_t prv, size_t bits) { bn_t r; int result = RLC_OK; @@ -95,8 +95,8 @@ int cp_rabin_gen(rabin_t pub, rabin_t prv, int bits) { return result; } -int cp_rabin_enc(uint8_t *out, int *out_len, uint8_t *in, int in_len, - rabin_t pub) { +int cp_rabin_enc(uint8_t *out, size_t *out_len, const uint8_t *in, + size_t in_len, const rabin_t pub) { bn_t m, t; int size, result = RLC_OK; @@ -146,8 +146,8 @@ int cp_rabin_enc(uint8_t *out, int *out_len, uint8_t *in, int in_len, return result; } -int cp_rabin_dec(uint8_t *out, int *out_len, uint8_t *in, int in_len, - rabin_t prv) { +int cp_rabin_dec(uint8_t *out, size_t *out_len, const uint8_t *in, + size_t in_len, const rabin_t prv) { bn_t m, m0, m1, t, n; int size, result = RLC_OK; uint8_t pad; diff --git a/src/cp/relic_cp_rsa.c b/src/cp/relic_cp_rsa.c index e8e7a7ca9..7121f0800 100644 --- a/src/cp/relic_cp_rsa.c +++ b/src/cp/relic_cp_rsa.c @@ -49,22 +49,22 @@ /** * Identifier for encrypted messages. */ -#define RSA_PUB (02) +#define RSA_PUB (02) /** * Identifier for signed messages. */ -#define RSA_PRV (01) +#define RSA_PRV (01) /** * Byte used as padding unit. */ -#define RSA_PAD (0xFF) +#define RSA_PAD (0xFF) /** * Byte used as padding unit in PSS signatures. */ -#define RSA_PSS (0xBC) +#define RSA_PSS (0xBC) /** * Identifier for encryption. @@ -177,30 +177,34 @@ static int pad_basic(bn_t m, int *p_len, int m_len, int k_len, int operation) { /** * ASN.1 identifier of the hash function SHA-224. */ -static const uint8_t sh224_id[] = - { 0x30, 0x2d, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, - 0x03, 0x04, 0x02, 0x04, 0x05, 0x00, 0x04, 0x1c }; +static const uint8_t sh224_id[] = { + 0x30, 0x2d, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, + 0x04, 0x02, 0x04, 0x05, 0x00, 0x04, 0x1c +}; /** * ASN.1 identifier of the hash function SHA-256. */ -static const uint8_t sh256_id[] = - { 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, - 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20 }; +static const uint8_t sh256_id[] = { + 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, + 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20 +}; /** * ASN.1 identifier of the hash function SHA-384. */ -static const uint8_t sh384_id[] = - { 0x30, 0x41, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, - 0x03, 0x04, 0x02, 0x02, 0x05, 0x00, 0x04, 0x30 }; +static const uint8_t sh384_id[] = { + 0x30, 0x41, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, + 0x04, 0x02, 0x02, 0x05, 0x00, 0x04, 0x30 +}; /** * ASN.1 identifier of the hash function SHA-512. */ -static const uint8_t sh512_id[] = - { 0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, - 0x03, 0x04, 0x02, 0x03, 0x05, 0x00, 0x04, 0x40 }; +static const uint8_t sh512_id[] = { + 0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, + 0x04, 0x02, 0x03, 0x05, 0x00, 0x04, 0x40 +}; /** * Returns a pointer to the ASN.1 identifier of a hash function according to the @@ -416,9 +420,8 @@ static int pad_pkcs1(bn_t m, int *p_len, int m_len, int k_len, int operation) { * @return RLC_ERR if errors occurred, RLC_OK otherwise. */ static int pad_pkcs2(bn_t m, int *p_len, int m_len, int k_len, int operation) { - uint8_t pad, h1[RLC_MD_LEN], h2[RLC_MD_LEN]; - /* MSVC does not allow dynamic stack arrays */ - uint8_t *mask = RLC_ALLOCA(uint8_t, k_len); + uint8_t pad, h1[RLC_MD_LEN], h2[RLC_MD_LEN]; + uint8_t *mask = RLC_ALLOCA(uint8_t, k_len); int result = RLC_ERR; bn_t t; @@ -564,7 +567,7 @@ static int pad_pkcs2(bn_t m, int *p_len, int m_len, int k_len, int operation) { bn_free(t); } - RLC_FREE(mask); + RLC_FREE(mask); return result; } @@ -660,7 +663,8 @@ int cp_rsa_gen(rsa_t pub, rsa_t prv, int bits) { return result; } -int cp_rsa_enc(uint8_t *out, int *out_len, uint8_t *in, int in_len, rsa_t pub) { +int cp_rsa_enc(uint8_t *out, size_t *out_len, const uint8_t *in, size_t in_len, + const rsa_t pub) { bn_t m, eb; int size, pad_len, result = RLC_OK; @@ -717,7 +721,8 @@ int cp_rsa_enc(uint8_t *out, int *out_len, uint8_t *in, int in_len, rsa_t pub) { return result; } -int cp_rsa_dec(uint8_t *out, int *out_len, uint8_t *in, int in_len, rsa_t prv) { +int cp_rsa_dec(uint8_t *out, size_t *out_len, const uint8_t *in, size_t in_len, + const rsa_t prv) { bn_t m, eb; int size, pad_len, result = RLC_OK; @@ -738,52 +743,9 @@ int cp_rsa_dec(uint8_t *out, int *out_len, uint8_t *in, int in_len, rsa_t prv) { #if !defined(CP_CRT) bn_mxp(eb, eb, prv->d, prv->crt->n); #else - - bn_copy(m, eb); - -#if MULTI == OPENMP - omp_set_num_threads(CORES); - #pragma omp parallel copyin(core_ctx) firstprivate(prv) - { - #pragma omp sections - { - #pragma omp section - { -#endif - /* m1 = c^dP mod p. */ - bn_mxp(eb, eb, prv->crt->dp, prv->crt->p); - -#if MULTI == OPENMP - } - #pragma omp section - { -#endif - /* m2 = c^dQ mod q. */ - bn_mxp(m, m, prv->crt->dq, prv->crt->q); - -#if MULTI == OPENMP - } - } - } -#endif - /* m1 = m1 - m2 mod p. */ - bn_sub(eb, eb, m); - while (bn_sign(eb) == RLC_NEG) { - bn_add(eb, eb, prv->crt->p); - } - bn_mod(eb, eb, prv->crt->p); - /* m1 = qInv(m1 - m2) mod p. */ - bn_mul(eb, eb, prv->crt->qi); - bn_mod(eb, eb, prv->crt->p); - /* m = m2 + m1 * q. */ - bn_mul(eb, eb, prv->crt->q); - bn_add(eb, eb, m); - + bn_mxp_crt(eb, eb, prv->crt->dp, prv->crt->dq, prv->crt, 0); #endif /* CP_CRT */ - if (bn_cmp(eb, prv->crt->n) != RLC_LT) { - result = RLC_ERR; - } #if CP_RSAPD == BASIC if (pad_basic(eb, &pad_len, in_len, size, RSA_DEC) == RLC_OK) { #elif CP_RSAPD == PKCS1 @@ -815,7 +777,8 @@ int cp_rsa_dec(uint8_t *out, int *out_len, uint8_t *in, int in_len, rsa_t prv) { return result; } -int cp_rsa_sig(uint8_t *sig, int *sig_len, uint8_t *msg, int msg_len, int hash, rsa_t prv) { +int cp_rsa_sig(uint8_t *sig, size_t *sig_len, const uint8_t *msg, + size_t msg_len, int hash, const rsa_t prv) { bn_t m, eb; int pad_len, size, result = RLC_OK; uint8_t h[RLC_MD_LEN]; @@ -875,45 +838,8 @@ int cp_rsa_sig(uint8_t *sig, int *sig_len, uint8_t *msg, int msg_len, int hash, #if !defined(CP_CRT) bn_mxp(eb, eb, prv->d, prv->crt->n); -#else /* CP_CRT */ - -#if MULTI == OPENMP - omp_set_num_threads(CORES); - #pragma omp parallel copyin(core_ctx) firstprivate(prv) - { - #pragma omp sections - { - #pragma omp section - { -#endif - /* m1 = c^dP mod p. */ - bn_mxp(eb, eb, prv->crt->dp, prv->crt->p); -#if MULTI == OPENMP - } - #pragma omp section - { -#endif - /* m2 = c^dQ mod q. */ - bn_mxp(m, m, prv->crt->dq, prv->crt->q); -#if MULTI == OPENMP - } - } - } -#endif - /* m1 = m1 - m2 mod p. */ - bn_sub(eb, eb, m); - while (bn_sign(eb) == RLC_NEG) { - bn_add(eb, eb, prv->crt->p); - } - bn_mod(eb, eb, prv->crt->p); - /* m1 = qInv(m1 - m2) mod p. */ - bn_mul(eb, eb, prv->crt->qi); - bn_mod(eb, eb, prv->crt->p); - /* m = m2 + m1 * q. */ - bn_mul(eb, eb, prv->crt->q); - bn_add(eb, eb, m); - bn_mod(eb, eb, prv->crt->n); - +#else /* CP_CRT */ + bn_mxp_crt(eb, eb, prv->crt->dp, prv->crt->dq, prv->crt, 0); #endif /* CP_CRT */ size = bn_size_bin(prv->crt->n); @@ -940,7 +866,8 @@ int cp_rsa_sig(uint8_t *sig, int *sig_len, uint8_t *msg, int msg_len, int hash, return result; } -int cp_rsa_ver(uint8_t *sig, int sig_len, uint8_t *msg, int msg_len, int hash, rsa_t pub) { +int cp_rsa_ver(uint8_t *sig, size_t sig_len, const uint8_t *msg, size_t msg_len, + int hash, const rsa_t pub) { bn_t m, eb; int size, pad_len, result; uint8_t *h1 = RLC_ALLOCA(uint8_t, RLC_MAX(msg_len, RLC_MD_LEN) + 8); @@ -996,7 +923,8 @@ int cp_rsa_ver(uint8_t *sig, int sig_len, uint8_t *msg, int msg_len, int hash, r #elif CP_RSAPD == PKCS1 if (pad_pkcs1(eb, &pad_len, RLC_MD_LEN, size, operation) == RLC_OK) { #elif CP_RSAPD == PKCS2 - if (pad_pkcs2(eb, &pad_len, bn_bits(pub->crt->n), size, operation) == RLC_OK) { + if (pad_pkcs2(eb, &pad_len, bn_bits(pub->crt->n), size, + operation) == RLC_OK) { #endif #if CP_RSAPD == PKCS2 diff --git a/src/cp/relic_cp_rsapsi.c b/src/cp/relic_cp_rsapsi.c new file mode 100644 index 000000000..1a9215ef7 --- /dev/null +++ b/src/cp/relic_cp_rsapsi.c @@ -0,0 +1,189 @@ +/* + * RELIC is an Efficient LIbrary for Cryptography + * Copyright (c) 2021 RELIC Authors + * + * This file is part of RELIC. RELIC is legal property of its developers, + * whose names are not listed here. Please refer to the COPYRIGHT file + * for contact information. + * + * RELIC is free software; you can redistribute it and/or modify it under the + * terms of the version 2.1 (or later) of the GNU Lesser General Public License + * as published by the Free Software Foundation; or version 2.0 of the Apache + * License as published by the Apache Software Foundation. See the LICENSE files + * for more details. + * + * RELIC is distributed in the hope that it will be useful, but WITHOUT ANY + * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR + * A PARTICULAR PURPOSE. See the LICENSE files for more details. + * + * You should have received a copy of the GNU Lesser General Public or the + * Apache License along with RELIC. If not, see + * or . + */ + +/** + * @file + * + * Implementation of protocols for laconic private set intersection. + * + * @ingroup cp + */ + +#include "relic.h" + +/*============================================================================*/ +/* Private definitions */ +/*============================================================================*/ + +/** + * Statistical security determining collision probability. + */ +#define STAT_SEC 40 + +/*============================================================================*/ +/* Public definitions */ +/*============================================================================*/ + +int cp_rsapsi_gen(bn_t g, bn_t n, size_t bits) { + bn_t p, q; + + bn_null(p); + bn_null(q); + + RLC_TRY { + bn_new(p); + bn_new(q); + + /* Generate different primes p and q. */ + do { + bn_gen_prime(p, bits / 2); + bn_gen_prime(q, bits / 2); + } while (bn_cmp(p, q) == RLC_EQ); + + /* n = pq. */ + bn_mul(n, p, q); + + do { + bn_rand_mod(g, n); + bn_gcd(p, g, n); + } while (bn_cmp_dig(p, 1) != RLC_EQ); + } RLC_CATCH_ANY { + RLC_THROW(ERR_CAUGHT); + } RLC_FINALLY { + bn_free(p); + bn_free(q); + } + + return RLC_OK; +} + +int cp_rsapsi_ask(bn_t d, bn_t r, bn_t p[], const bn_t g, const bn_t n, + const bn_t x[], size_t m) { + int i, result = RLC_OK, len = RLC_CEIL(RLC_BN_BITS, 8); + uint8_t h[RLC_MD_LEN], bin[RLC_CEIL(RLC_BN_BITS, 8)]; + + /* Compute R = g^r mod N. */ + bn_rand_mod(r, n); + bn_mxp(d, g, r, n); + + /* Now hash all x_i and accmulate on R. */ + for (i = 0; i < m; i++) { + bn_write_bin(bin, len, x[i]); + md_map(h, bin, len); + bn_read_bin(p[i], h, 2 * STAT_SEC / 8); + if (bn_is_even(p[i])) { + bn_add_dig(p[i], p[i], 1); + } + do { + bn_add_dig(p[i], p[i], 2); + } while (!bn_is_prime(p[i])); + bn_mxp(d, d, p[i], n); + } + + return result; +} + +int cp_rsapsi_ans(bn_t t[], bn_t u[], const bn_t d, const bn_t g, const bn_t n, + const bn_t y[], size_t l) { + int j, result = RLC_OK, len = RLC_CEIL(RLC_BN_BITS, 8); + uint8_t h[RLC_MD_LEN], bin[RLC_CEIL(RLC_BN_BITS, 8)]; + unsigned int *shuffle = RLC_ALLOCA(unsigned int, l); + bn_t p; + + bn_null(p); + + RLC_TRY { + bn_new(p); + if (shuffle == NULL) { + RLC_THROW(ERR_NO_MEMORY); + } + + util_perm(shuffle, l); + + for (j = 0; j < l; j++) { + bn_write_bin(bin, len, y[shuffle[j]]); + md_map(h, bin, len); + bn_read_bin(p, h, 2 * STAT_SEC / 8); + if (bn_is_even(p)) { + bn_add_dig(p, p, 1); + } + do { + bn_add_dig(p, p, 2); + } while (!bn_is_prime(p)); + bn_mxp(p, g, p, n); + bn_rand_mod(t[j], n); + bn_mxp(u[j], p, t[j], n); + bn_mxp(t[j], d, t[j], n); + } + } + RLC_CATCH_ANY { + result = RLC_ERR; + } + RLC_FINALLY { + bn_free(p); + RLC_FREE(shuffle); + } + return result; +} + +int cp_rsapsi_int(bn_t z[], size_t *len, const bn_t r, const bn_t p[], + const bn_t n, const bn_t x[], size_t m, const bn_t t[], const bn_t u[], + size_t l) { + int i, j, k, result = RLC_OK; + bn_t e, f; + + bn_null(e); + bn_null(f); + + RLC_TRY { + bn_new(e); + bn_new(f); + + *len = 0; + if (m > 0) { + for (j = 0; j < l; j++) { + bn_mxp(f, u[j], r, n); + for (k = 0; k < m; k++) { + bn_copy(e, f); + for (i = 0; i < m; i++) { + if (i != k) { + bn_mxp(e, e, p[i], n); + } + } + if (bn_cmp(e, t[j]) == RLC_EQ) { + bn_copy(z[*len], x[k]); + (*len)++; + } + } + } + } + } + RLC_CATCH_ANY { + result = RLC_ERR; + } + RLC_FINALLY { + bn_free(e); + bn_free(f); + } + return result; +} diff --git a/src/cp/relic_cp_shipsi.c b/src/cp/relic_cp_shipsi.c new file mode 100644 index 000000000..5fd275fd3 --- /dev/null +++ b/src/cp/relic_cp_shipsi.c @@ -0,0 +1,213 @@ +/* + * RELIC is an Efficient LIbrary for Cryptography + * Copyright (c) 2021 RELIC Authors + * + * This file is part of RELIC. RELIC is legal property of its developers, + * whose names are not listed here. Please refer to the COPYRIGHT file + * for contact information. + * + * RELIC is free software; you can redistribute it and/or modify it under the + * terms of the version 2.1 (or later) of the GNU Lesser General Public License + * as published by the Free Software Foundation; or version 2.0 of the Apache + * License as published by the Apache Software Foundation. See the LICENSE files + * for more details. + * + * RELIC is distributed in the hope that it will be useful, but WITHOUT ANY + * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR + * A PARTICULAR PURPOSE. See the LICENSE files for more details. + * + * You should have received a copy of the GNU Lesser General Public or the + * Apache License along with RELIC. If not, see + * or . + */ + +/** + * @file + * + * Implementation of protocols for size-hiding private set intersection. + * + * @ingroup cp + */ + +#include "relic.h" + +/*============================================================================*/ +/* Private definitions */ +/*============================================================================*/ + +/** + * Statistical security determining collision probability. + */ +#define STAT_SEC (40) + +/*============================================================================*/ +/* Public definitions */ +/*============================================================================*/ + +int cp_shipsi_gen(bn_t g, crt_t crt, size_t bits) { + /* Generate different primes p and q. */ + do { + bn_gen_prime(crt->p, bits / 2); + bn_gen_prime(crt->q, bits / 2); + } while (bn_cmp(crt->p, crt->q) == RLC_EQ); + + /* Swap p and q so that p is smaller. */ + if (bn_cmp(crt->p, crt->q) != RLC_LT) { + bn_copy(g, crt->p); + bn_copy(crt->p, crt->q); + bn_copy(crt->q, g); + } + + /* n = pq. */ + bn_mul(crt->n, crt->p, crt->q); + + do { + bn_rand_mod(g, crt->n); + bn_gcd(crt->qi, g, crt->n); + } while (bn_cmp_dig(crt->qi, 1) != RLC_EQ); + + /* phi(n) = (p - 1)(q - 1). */ + bn_sub_dig(crt->dp, crt->p, 1); + bn_sub_dig(crt->dq, crt->q, 1); + bn_mod_inv(crt->qi, crt->q, crt->p); + + return RLC_OK; +} + +int cp_shipsi_ask(bn_t d, bn_t r, bn_t p[], const bn_t g, const bn_t n, + const bn_t x[], size_t m) { + int i, result = RLC_OK, len = RLC_CEIL(RLC_BN_BITS, 8); + uint8_t h[RLC_MD_LEN], bin[RLC_CEIL(RLC_BN_BITS, 8)]; + + /* Compute R = g^r mod N. */ + bn_rand_mod(r, n); + bn_mxp(d, g, r, n); + + /* Now hash all x_i and accmulate on R. */ + for (i = 0; i < m; i++) { + bn_write_bin(bin, len, x[i]); + md_map(h, bin, len); + bn_read_bin(p[i], h, 2 * STAT_SEC / 8); + if (bn_is_even(p[i])) { + bn_add_dig(p[i], p[i], 1); + } + do { + bn_add_dig(p[i], p[i], 2); + } while (!bn_is_prime(p[i])); + bn_mxp(d, d, p[i], n); + } + + return result; +} + +int cp_shipsi_ans(bn_t t[], bn_t u, bn_t d, const bn_t g, const crt_t crt, + const bn_t y[], size_t n) { + int j, result = RLC_OK, len = RLC_CEIL(RLC_BN_BITS, 8); + uint8_t h[RLC_MD_LEN], bin[RLC_CEIL(RLC_BN_BITS, 8)]; + unsigned int *shuffle = RLC_ALLOCA(unsigned int, n); + bn_t p, q; + + bn_null(p); + bn_null(q); + + RLC_TRY { + bn_new(p); + bn_new(q); + if (shuffle == NULL) { + RLC_THROW(ERR_NO_MEMORY); + } + + util_perm(shuffle, n); + + bn_rand_mod(u, crt->n); + for (j = 0; j < n; j++) { + bn_write_bin(bin, len, y[shuffle[j]]); + md_map(h, bin, len); + bn_read_bin(p, h, 2 * STAT_SEC / 8); + if (bn_is_even(p)) { + bn_add_dig(p, p, 1); + } + do { + bn_add_dig(p, p, 2); + } while (!bn_is_prime(p)); + +#if !defined(CP_CRT) + bn_mul(q, crt->dp, crt->dq); + bn_mod_inv(p, p, q); + bn_mul(p, p, u); + bn_mod(p, p, q); + bn_mxp(t[j], d, p, crt->n); +#else + bn_mod_inv(q, p, crt->dq); + bn_mul(q, q, u); + bn_mod(q, q, crt->dq); + + bn_mod_inv(p, p, crt->dp); + bn_mul(p, p, u); + bn_mod(p, p, crt->dp); + + bn_mxp_crt(t[j], d, p, q, crt, 0); +#endif /* CP_CRT */ + } + +#if !defined(CP_CRT) + bn_mxp(u, g, u, crt->n); +#else + bn_mod(p, u, crt->dp); + bn_mod(q, u, crt->dq); + + bn_mxp_crt(u, g, p, q, crt, 0); +#endif + } + RLC_CATCH_ANY { + result = RLC_ERR; + } + RLC_FINALLY { + bn_free(p); + bn_free(q); + RLC_FREE(shuffle); + } + return result; +} + +int cp_shipsi_int(bn_t z[], size_t *len, const bn_t r, const bn_t p[], + const bn_t n, const bn_t x[], size_t m, const bn_t t[], const bn_t u, + size_t l) { + int i, j, k, result = RLC_OK; + bn_t e, f; + + bn_null(e); + bn_null(f); + + RLC_TRY { + bn_new(e); + bn_new(f); + + *len = 0; + if (m > 0) { + bn_mxp(f, u, r, n); + for (k = 0; k < m; k++) { + bn_copy(e, f); + for (i = 0; i < m; i++) { + if (i != k) { + bn_mxp(e, e, p[i], n); + } + } + for (j = 0; j < l; j++) { + if (bn_cmp(e, t[j]) == RLC_EQ) { + bn_copy(z[*len], x[k]); + (*len)++; + } + } + } + } + } + RLC_CATCH_ANY { + result = RLC_ERR; + } + RLC_FINALLY { + bn_free(e); + bn_free(f); + } + return result; +} diff --git a/src/cp/relic_cp_shpe.c b/src/cp/relic_cp_shpe.c new file mode 100644 index 000000000..87d6faba1 --- /dev/null +++ b/src/cp/relic_cp_shpe.c @@ -0,0 +1,233 @@ +/* + * RELIC is an Efficient LIbrary for Cryptography + * Copyright (c) 2014 RELIC Authors + * + * This file is part of RELIC. RELIC is legal property of its developers, + * whose names are not listed here. Please refer to the COPYRIGHT file + * for contact information. + * + * RELIC is free software; you can redistribute it and/or modify it under the + * terms of the version 2.1 (or later) of the GNU Lesser General Public License + * as published by the Free Software Foundation; or version 2.0 of the Apache + * License as published by the Apache Software Foundation. See the LICENSE files + * for more details. + * + * RELIC is distributed in the hope that it will be useful, but WITHOUT ANY + * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR + * A PARTICULAR PURPOSE. See the LICENSE files for more details. + * + * You should have received a copy of the GNU Lesser General Public or the + * Apache License along with RELIC. If not, see + * or . + */ + +/** + * @file + * + * Implementation of Paillier's Subgroup-variant + * Homomorphic Probabilistic Encryption. + * + * @ingroup cp + */ + +#include "relic.h" + +/*============================================================================*/ +/* Public definitions */ +/*============================================================================*/ + +int cp_shpe_gen(shpe_t pub, shpe_t prv, size_t sbits, size_t nbits) { + int result = RLC_OK; + + if (sbits > (nbits / 2)) { + return RLC_ERR; + } + + /* Generate primes p and q of equivalent length + * and (p-1) has a prime factor (the subgroup order) of length sbits + */ + do { + bn_gen_prime_factor(prv->a, prv->crt->p, sbits, nbits / 2); + bn_gen_prime(prv->crt->q, nbits / 2); + } while (bn_cmp(prv->crt->p, prv->crt->q) == RLC_EQ); + + /* Compute n = pq. */ + bn_mul(prv->crt->n, prv->crt->p, prv->crt->q); + + /* compute the subgroup size */ + bn_sub_dig(prv->crt->p, prv->crt->p, 1); + bn_sub_dig(prv->crt->q, prv->crt->q, 1); + bn_mul(pub->g, prv->crt->p, prv->crt->q); // lambda = (p-1)(q-1) + bn_div(prv->b, pub->g, prv->a); // lambda = a*b + + /* Restore p and q. */ + bn_add_dig(prv->crt->p, prv->crt->p, 1); + bn_add_dig(prv->crt->q, prv->crt->q, 1); + + /* Fix the generator to be g=(1+n)^b */ + + /* Compute dp and dq. */ + /* dp is 1/((q-1)*lambda) mod p */ + bn_mod(prv->crt->dp, pub->g, prv->crt->p); + bn_mul(prv->crt->dp, prv->crt->dp, prv->crt->q); + bn_mod(prv->crt->dp, prv->crt->dp, prv->crt->p); + + /* dq is 1/((p-1)*lambda) mod q */ + bn_mod(prv->crt->dq, pub->g, prv->crt->q); + bn_mul(prv->crt->dq, prv->crt->dq, prv->crt->p); + bn_mod(prv->crt->dq, prv->crt->dq, prv->crt->q); + + /* invertions */ + bn_mod_inv(prv->crt->dp, prv->crt->dp, prv->crt->p); + bn_mod_inv(prv->crt->dq, prv->crt->dq, prv->crt->q); + + /* Precompute (1+n)^b)^n mod n^2 */ + bn_sqr(prv->crt->qi, prv->crt->n); // n^2 + bn_add_dig(pub->g, prv->crt->n, 1); // 1+n + bn_mxp(prv->g, pub->g, prv->b, prv->crt->qi); // (1+n)^b mod n^2 + bn_mxp(prv->gn, prv->g, prv->crt->n, prv->crt->qi); // ((1+n)^b)^n mod n^2 + + /* qInv = q^(-1) mod p. */ + bn_mod_inv(prv->crt->qi, prv->crt->q, prv->crt->p); + + /* n=pq */ + bn_copy(pub->crt->n, prv->crt->n); + bn_copy(pub->g, prv->g); + + return result; +} + +/* Encryption is faster if private key is known */ +int cp_shpe_enc_prv(bn_t c, const bn_t m, const shpe_t prv) { + bn_t r, s; + int result = RLC_OK; + + bn_null(r); + bn_null(s); + + if (prv == NULL) { + return RLC_ERR; + } +#if ALLOC != AUTO + if (prv->crt == NULL || prv->crt->n == NULL || + bn_bits(m) > bn_bits(prv->crt->n)) { + return RLC_ERR; + } +#endif + + RLC_TRY { + bn_new(r); + bn_new(s); + + /* Generate r in Z_alpha^*. */ + bn_rand_mod(r, prv->a); + /* For G=(1+n)^b, compute c = (G^m)(G^n)^r mod n^2 + * which is also c = (1+n*b*m)(G^n)^r mod n^2. + */ + bn_sqr(s, prv->crt->n); // n^2 + bn_mxp(r, prv->gn, r, s); // (G^n)^r + bn_mul(c, prv->crt->n, m); // n*m + bn_mod(c, c, s); + bn_mul(c, c, prv->b); // b*n*m + bn_add_dig(c, c, 1); // 1+b*n*m + bn_mod(c, c, s); + bn_mul(c, c, r); // (1+n*b*m)(G^n)^r + bn_mod(c, c, s); + + } + RLC_CATCH_ANY { + result = RLC_ERR; + } + RLC_FINALLY { + bn_free(r); + bn_free(s); + } + + return result; +} + +int cp_shpe_enc(bn_t c, const bn_t m, const shpe_t pub) { + bn_t r, s; + int result = RLC_OK; + + bn_null(r); + bn_null(s); + + if (pub == NULL) { + return RLC_ERR; + } +#if ALLOC != AUTO + if (pub->crt == NULL || pub->crt->n == NULL || + bn_bits(m) > bn_bits(pub->crt->n)) { + return RLC_ERR; + } +#endif + + RLC_TRY { + bn_new(r); + bn_new(s); + + /* Generate r in Z_alpha^*. */ + bn_rand_mod(r, pub->crt->n); + /* For G=(1+n)^b, compute c = G^(m+nr) mod n^2 + */ + bn_sqr(s, pub->crt->n); + bn_mul(r, r, pub->crt->n); // n*r + bn_add(r, r, m); // m+n*r + bn_mxp(c, pub->g, r, s); // G^(m+n*r) mod n^2 + + } + RLC_CATCH_ANY { + result = RLC_ERR; + } + RLC_FINALLY { + bn_free(r); + bn_free(s); + } + + return result; +} + +int cp_shpe_dec(bn_t m, const bn_t c, const shpe_t prv) { + bn_t t, u; + int result = RLC_OK; + + if (prv == NULL || bn_bits(c) > 2 * bn_bits(prv->crt->n)) { + return RLC_ERR; + } + + bn_null(t); + bn_null(u); + + RLC_TRY { + bn_new(t); + bn_new(u); + +#if !defined(CP_CRT) + bn_sub_dig(t, prv->crt->p, 1); + bn_sub_dig(u, prv->crt->q, 1); + bn_mul(t, t, u); + + /* Compute (c^l mod n^2) * u mod n. */ + bn_sqr(u, prv->crt->n); + bn_mxp(m, c, prv->a, u); + + bn_sub_dig(m, m, 1); + bn_div(m, m, prv->crt->n); + bn_mod_inv(u, t, prv->crt->n); + bn_mul(m, m, u); + bn_mod(m, m, prv->crt->n); +#else + bn_mxp_crt(m, c, prv->a, prv->a, prv->crt, 1); +#endif /* CP_CRT */ + } + RLC_CATCH_ANY { + result = RLC_ERR; + } + RLC_FINALLY { + bn_free(t); + bn_free(u); + } + + return result; +} diff --git a/src/cp/relic_cp_smlers.c b/src/cp/relic_cp_smlers.c new file mode 100644 index 000000000..e49707c10 --- /dev/null +++ b/src/cp/relic_cp_smlers.c @@ -0,0 +1,190 @@ +/* + * RELIC is an Efficient LIbrary for Cryptography + * Copyright (c) 2021 RELIC Authors + * + * This file is part of RELIC. RELIC is legal property of its developsmlers, + * whose names are not listed here. Please refer to the COPYRIGHT file + * for contact information. + * + * RELIC is free software; you can redistribute it and/or modify it under the + * terms of the vsmlersion 2.1 (or later) of the GNU Lesser General Public License + * as published by the Free Software Foundation; or vsmlersion 2.0 of the Apache + * License as published by the Apache Software Foundation. See the LICENSE files + * for more details. + * + * RELIC is distributed in the hope that it will be useful, but WITHOUT ANY + * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR + * A PARTICULAR PURPOSE. See the LICENSE files for more details. + * + * You should have received a copy of the GNU Lesser General Public or the + * Apache License along with RELIC. If not, see + * or . + */ + +/** + * @file + * + * Implementation of extendable ring signatures. + * + * @ingroup cp + */ + +#include "relic.h" + +/*============================================================================*/ +/* Public definitions */ +/*============================================================================*/ + +int cp_smlers_sig(bn_t td, smlers_t p, const uint8_t *msg, size_t len, + const bn_t sk, const ec_t pk, const ec_t pp) { + ec_t g[2], y[2]; + int result = RLC_OK; + + ec_null(g[0]); + ec_null(g[1]); + ec_null(y[0]); + ec_null(y[1]); + + RLC_TRY { + ec_new(g[0]); + ec_new(g[1]); + ec_new(y[0]); + ec_new(y[1]); + + ec_curve_get_gen(g[0]); + ec_map(g[1], msg, len); + ec_mul(p->tau, g[1], sk); + + cp_ers_sig(td, p->sig, msg, len, sk, pk, pp); + + ec_copy(y[0], p->sig->h); + ec_copy(y[1], p->tau); + cp_sokor_sig(p->c, p->r, msg, len, y, g, sk, 0); + } + RLC_CATCH_ANY { + result = RLC_ERR; + } + RLC_FINALLY { + ec_free(g[0]); + ec_free(g[1]); + ec_free(y[0]); + ec_free(y[1]); + } + return result; +} + +int cp_smlers_ver(bn_t td, smlers_t *s, size_t size, const uint8_t *msg, + size_t len, const ec_t pp) { + bn_t n; + ec_t t, g[2], y[2]; + int flag = 0, result = 0; + + bn_null(n); + ec_null(t); + ec_null(g[0]); + ec_null(g[1]); + ec_null(y[0]); + ec_null(y[1]); + + RLC_TRY { + bn_new(n); + ec_new(t); + ec_new(g[0]); + ec_new(g[1]); + ec_new(y[0]); + ec_new(y[1]); + + ec_curve_get_ord(n); + ec_mul_gen(t, td); + ec_curve_get_gen(g[0]); + ec_map(g[1], msg, len); + + for (int i = 0; i < size; i++) { + ec_add(t, t, s[i]->sig->h); + } + if (ec_cmp(pp, t) == RLC_EQ) { + flag = 1; + for (int i = 0; i < size; i++) { + ec_copy(y[0], s[i]->sig->h); + ec_copy(y[1], s[i]->sig->pk); + flag &= cp_sokor_ver(s[i]->sig->c, s[i]->sig->r, msg, len, y, + NULL); + ec_copy(y[1], s[i]->tau); + flag &= cp_sokor_ver(s[i]->c, s[i]->r, msg, len, y, g); + } + } + result = flag; + } + RLC_CATCH_ANY { + RLC_THROW(ERR_CAUGHT); + } + RLC_FINALLY { + bn_free(n); + ec_free(t); + ec_free(g[0]); + ec_free(g[1]); + ec_free(y[0]); + ec_free(y[1]); + } + return result; +} + +int cp_smlers_ext(bn_t td, smlers_t *p, size_t *size, const uint8_t *msg, + size_t len, const ec_t pk, const ec_t pp) { + bn_t n, r; + ec_t g[2], y[2]; + int result = RLC_OK; + + bn_null(n); + bn_null(r); + ec_null(g[0]); + ec_null(g[1]); + ec_null(y[0]); + ec_null(y[1]); + + for (int i = 0; i < *size; i++) { + if (ec_cmp(pk, p[i]->sig->pk) == RLC_EQ) { + return RLC_ERR; + } + } + + RLC_TRY { + bn_new(n); + bn_new(r); + ec_new(g[0]); + ec_new(g[1]); + ec_new(y[0]); + ec_new(y[1]); + + ec_curve_get_ord(n); + bn_rand_mod(r, n); + bn_sub(td, td, r); + bn_mod(td, td, n); + ec_mul_gen(p[*size]->sig->h, r); + ec_curve_get_gen(g[0]); + ec_map(g[1], msg, len); + + ec_copy(p[*size]->sig->pk, pk); + ec_copy(y[0], p[*size]->sig->h); + ec_copy(y[1], p[*size]->sig->pk); + cp_sokor_sig(p[*size]->sig->c, p[*size]->sig->r, + msg, len, y, NULL, r, 1); + ec_copy(p[*size]->tau, p[*size - 1]->tau); + ec_copy(y[1], p[*size]->tau); + cp_sokor_sig(p[*size]->c, p[*size]->r, msg, len, y, g, r, 1); + (*size)++; + result = RLC_OK; + } + RLC_CATCH_ANY { + result = RLC_ERR; + } + RLC_FINALLY { + bn_free(n); + bn_free(r); + ec_free(g[0]); + ec_free(g[1]); + ec_free(y[0]); + ec_free(y[1]); + } + return result; +} diff --git a/src/cp/relic_cp_sok.c b/src/cp/relic_cp_sok.c index 118590a83..c514c7ee5 100644 --- a/src/cp/relic_cp_sok.c +++ b/src/cp/relic_cp_sok.c @@ -40,7 +40,8 @@ * Authors: Jan Camenisch, Markus Stadler */ -int cp_sokdl_sig(bn_t c, bn_t s, uint8_t *msg, int len, ec_t y, bn_t x) { +int cp_sokdl_sig(bn_t c, bn_t s, const uint8_t *msg, size_t len, const ec_t y, + const bn_t x) { bn_t n, r; ec_t t; uint8_t h[RLC_MD_LEN]; @@ -97,7 +98,8 @@ int cp_sokdl_sig(bn_t c, bn_t s, uint8_t *msg, int len, ec_t y, bn_t x) { return result; } -int cp_sokdl_ver(bn_t c, bn_t s, uint8_t *msg, int len, ec_t y) { +int cp_sokdl_ver(const bn_t c, const bn_t s, const uint8_t *msg, size_t len, + const ec_t y) { bn_t n, v; ec_t t; uint8_t h[RLC_MD_LEN]; @@ -153,10 +155,10 @@ int cp_sokdl_ver(bn_t c, bn_t s, uint8_t *msg, int len, ec_t y) { return result; } -int cp_sokor_sig(bn_t c[2], bn_t s[2], uint8_t *msg, int len, ec_t y[2], - bn_t x, int first) { +int cp_sokor_sig(bn_t c[2], bn_t s[2], const uint8_t *msg, size_t len, + const ec_t y[2], const ec_t g[2], const bn_t x, int first) { bn_t n, v[2], z; - ec_t g, t[2]; + ec_t u, t[2]; uint8_t h[RLC_MD_LEN]; uint8_t *buf, *m = RLC_ALLOCA(uint8_t, len + 6 * (RLC_FC_BYTES + 1)); int l, result = RLC_OK; @@ -167,7 +169,7 @@ int cp_sokor_sig(bn_t c[2], bn_t s[2], uint8_t *msg, int len, ec_t y[2], bn_null(v[0]); bn_null(v[1]); bn_null(z); - ec_null(g); + ec_null(u); ec_null(t[0]); ec_null(t[1]); @@ -176,7 +178,7 @@ int cp_sokor_sig(bn_t c[2], bn_t s[2], uint8_t *msg, int len, ec_t y[2], bn_new(v[0]); bn_new(v[1]); bn_new(z); - ec_new(g); + ec_new(u); ec_new(t[0]); ec_new(t[1]); if (m == NULL) { @@ -185,7 +187,6 @@ int cp_sokor_sig(bn_t c[2], bn_t s[2], uint8_t *msg, int len, ec_t y[2], buf = m; ec_curve_get_ord(n); - ec_curve_get_gen(g); bn_rand_mod(c[zero], n); memcpy(buf, msg, len); buf += len; @@ -193,18 +194,34 @@ int cp_sokor_sig(bn_t c[2], bn_t s[2], uint8_t *msg, int len, ec_t y[2], bn_rand_mod(v[0], n); bn_rand_mod(v[1], n); if (first) { - ec_mul_gen(t[0], v[0]); - ec_mul_sim_gen(t[1], v[1], y[1], c[zero]); + if (g != NULL) { + ec_mul(t[0], g[0], v[0]); + ec_mul_sim(t[1], g[1], v[1], y[1], c[zero]); + } else { + ec_mul_gen(t[0], v[0]); + ec_mul_sim_gen(t[1], v[1], y[1], c[zero]); + } } else { - /* T1 = [w]Y1 + [v1]G. */ - ec_mul_sim_gen(t[0], v[0], y[0], c[zero]); - /* T2 = [v2]G. */ - ec_mul_gen(t[1], v[1]); + if (g != NULL) { + /* T1 = [w]Y1 + [v1]G. */ + ec_mul_sim(t[0], g[0], v[0], y[0], c[zero]); + /* T2 = [v2]G. */ + ec_mul(t[1], g[1], v[1]); + } else { + /* T1 = [w]Y1 + [v1]G. */ + ec_mul_sim_gen(t[0], v[0], y[0], c[zero]); + /* T2 = [v2]G. */ + ec_mul_gen(t[1], v[1]); + } } + ec_curve_get_gen(u); for (int i = 0; i < 2; i++) { - l = ec_size_bin(g, 1); - ec_write_bin(buf, l, g, 1); + if (g != NULL) { + ec_copy(u, g[i]); + } + l = ec_size_bin(u, 1); + ec_write_bin(buf, l, u, 1); buf += l; l = ec_size_bin(y[i], 1); ec_write_bin(buf, l, y[i], 1); @@ -233,7 +250,7 @@ int cp_sokor_sig(bn_t c[2], bn_t s[2], uint8_t *msg, int len, ec_t y[2], bn_free(v[0]); bn_free(v[1]); bn_free(z); - ec_free(g); + ec_free(u); ec_free(t[0]); ec_free(t[1]); RLC_FREE(m); @@ -241,7 +258,8 @@ int cp_sokor_sig(bn_t c[2], bn_t s[2], uint8_t *msg, int len, ec_t y[2], return result; } -int cp_sokor_ver(bn_t c[2], bn_t s[2], uint8_t *msg, int len, ec_t y[2]) { +int cp_sokor_ver(const bn_t c[2], const bn_t s[2], const uint8_t *msg, + size_t len, const ec_t y[2], const ec_t g[2]) { bn_t n, v[2], z; ec_t t; uint8_t h[RLC_MD_LEN]; @@ -270,15 +288,22 @@ int cp_sokor_ver(bn_t c[2], bn_t s[2], uint8_t *msg, int len, ec_t y[2]) { buf += len; for (int i = 0; i < 2; i++) { - ec_curve_get_gen(t); + if (g != NULL) { + ec_copy(t, g[i]); + } else { + ec_curve_get_gen(t); + } l = ec_size_bin(t, 1); ec_write_bin(buf, l, t, 1); buf += l; l = ec_size_bin(y[i], 1); ec_write_bin(buf, l, y[i], 1); buf += l; - - ec_mul_sim_gen(t, s[i], y[i], c[i]); + if (g != NULL) { + ec_mul_sim(t, g[i], s[i], y[i], c[i]); + } else { + ec_mul_sim_gen(t, s[i], y[i], c[i]); + } l = ec_size_bin(t, 1); ec_write_bin(buf, l, t, 1); buf += l; diff --git a/src/cp/relic_cp_sokaka.c b/src/cp/relic_cp_sokaka.c index 303fab912..54ef3edb0 100644 --- a/src/cp/relic_cp_sokaka.c +++ b/src/cp/relic_cp_sokaka.c @@ -57,7 +57,7 @@ int cp_sokaka_gen(bn_t master) { return result; } -int cp_sokaka_gen_prv(sokaka_t k, char *id, bn_t master) { +int cp_sokaka_gen_prv(sokaka_t k, const char *id, bn_t master) { if (pc_map_is_type1()) { g1_map(k->s1, (uint8_t *)id, strlen(id)); g1_mul(k->s1, k->s1, master); @@ -70,8 +70,8 @@ int cp_sokaka_gen_prv(sokaka_t k, char *id, bn_t master) { return RLC_OK; } -int cp_sokaka_key(uint8_t *key, unsigned int key_len, char *id1, - sokaka_t k, char *id2) { +int cp_sokaka_key(uint8_t *key, size_t key_len, const char *id1, + const sokaka_t k, const char *id2) { int len1 = strlen(id1), len2 = strlen(id2); int size, first = 0, result = RLC_OK; uint8_t *buf; diff --git a/src/cp/relic_cp_vbnn.c b/src/cp/relic_cp_vbnn.c index c904d0f85..7734da6f3 100644 --- a/src/cp/relic_cp_vbnn.c +++ b/src/cp/relic_cp_vbnn.c @@ -70,7 +70,8 @@ int cp_vbnn_gen(bn_t msk, ec_t mpk) { return result; } -int cp_vbnn_gen_prv(bn_t sk, ec_t pk, bn_t msk, uint8_t *id, int id_len) { +int cp_vbnn_gen_prv(bn_t sk, ec_t pk, const bn_t msk, const uint8_t *id, + size_t id_len) { uint8_t hash[RLC_MD_LEN]; int len, result = RLC_OK; uint8_t *buf = NULL; @@ -122,8 +123,8 @@ int cp_vbnn_gen_prv(bn_t sk, ec_t pk, bn_t msk, uint8_t *id, int id_len) { return result; } -int cp_vbnn_sig(ec_t r, bn_t z, bn_t h, uint8_t *id, int id_len, - uint8_t *msg, int msg_len, bn_t sk, ec_t pk) { +int cp_vbnn_sig(ec_t r, bn_t z, bn_t h, const uint8_t *id, size_t id_len, + const uint8_t *msg, int msg_len, const bn_t sk, const ec_t pk) { int len, result = RLC_OK; uint8_t *buf = NULL, *buf_i, hash[RLC_MD_LEN]; bn_t n, y; @@ -186,8 +187,8 @@ int cp_vbnn_sig(ec_t r, bn_t z, bn_t h, uint8_t *id, int id_len, return result; } -int cp_vbnn_ver(ec_t r, bn_t z, bn_t h, uint8_t *id, int id_len, - uint8_t *msg, int msg_len, ec_t mpk) { +int cp_vbnn_ver(const ec_t r, const bn_t z, const bn_t h, const uint8_t *id, + size_t id_len, const uint8_t *msg, int msg_len, const ec_t mpk) { int len, result = 0; uint8_t *buf = NULL, *buf_i, hash[RLC_MD_LEN]; bn_t n, c, _h; diff --git a/src/cp/relic_cp_zss.c b/src/cp/relic_cp_zss.c index 2e0e70920..d2cedbc5d 100644 --- a/src/cp/relic_cp_zss.c +++ b/src/cp/relic_cp_zss.c @@ -25,7 +25,6 @@ * @file * * Implementation of the Zhang-Safavi-Naini-Susilo short signature protocol. - * * @ingroup cp */ @@ -62,7 +61,7 @@ int cp_zss_gen(bn_t d, g1_t q, gt_t z) { return result; } -int cp_zss_sig(g2_t s, uint8_t *msg, int len, int hash, bn_t d) { +int cp_zss_sig(g2_t s, const uint8_t *msg, size_t len, int hash, const bn_t d) { bn_t m, n, r, t; uint8_t h[RLC_MD_LEN]; int result = RLC_OK; @@ -89,9 +88,9 @@ int cp_zss_sig(g2_t s, uint8_t *msg, int len, int hash, bn_t d) { } bn_mod(m, m, n); - /* Compute (H(m) + d) and invert. */ - bn_add(t, m, d); - bn_mod(t, t, n); + /* Compute (H(m) + d) and invert. */ + bn_add(t, m, d); + bn_mod(t, t, n); bn_mod_inv(t, t, n); /* Compute the sinature. */ @@ -109,7 +108,8 @@ int cp_zss_sig(g2_t s, uint8_t *msg, int len, int hash, bn_t d) { return result; } -int cp_zss_ver(g2_t s, uint8_t *msg, int len, int hash, g1_t q, gt_t z) { +int cp_zss_ver(const g2_t s, const uint8_t *msg, size_t len, int hash, + const g1_t q, const gt_t z) { bn_t m, n; g1_t g; gt_t e; diff --git a/src/dv/relic_dv_util.c b/src/dv/relic_dv_util.c index d5329da35..a26eec036 100644 --- a/src/dv/relic_dv_util.c +++ b/src/dv/relic_dv_util.c @@ -38,7 +38,7 @@ /* Public definitions */ /*============================================================================*/ -void dv_print(dig_t *a, int digits) { +void dv_print(const dig_t *a, int digits) { int i; /* Suppress possible unused parameter warning. */ diff --git a/src/eb/relic_eb_norm.c b/src/eb/relic_eb_norm.c index 7ddce052a..9f0e38681 100644 --- a/src/eb/relic_eb_norm.c +++ b/src/eb/relic_eb_norm.c @@ -135,10 +135,11 @@ void eb_norm_sim(eb_t *r, const eb_t *t, int n) { fb_copy(r[i]->z, a[i]); } } - +#if EB_ADD == PROJC || !defined(STRIP) for (int i = 0; i < n; i++) { eb_norm_imp(r[i], r[i], 1); } +#endif /* EB_ADD == PROJC */ } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); diff --git a/src/ed/relic_ed_add.c b/src/ed/relic_ed_add.c index 9e4fd2d17..2bfee3f50 100644 --- a/src/ed/relic_ed_add.c +++ b/src/ed/relic_ed_add.c @@ -281,7 +281,7 @@ void ed_add_extnd(ed_t r, const ed_t p, const ed_t q) { fp_mul(r->t, t2, r->z); fp_mul(r->z, t3, t4); - r->coord = PROJC; + r->coord = EXTND; } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT) } RLC_FINALLY { diff --git a/src/ed/relic_ed_dbl.c b/src/ed/relic_ed_dbl.c index 4a41a6a50..e62ecfe53 100644 --- a/src/ed/relic_ed_dbl.c +++ b/src/ed/relic_ed_dbl.c @@ -184,6 +184,8 @@ void ed_dbl_extnd(ed_t r, const ed_t p) { // efd: dbl-2008-hwcd, rfc edition // 4M + 4S + 1D + 7add + r->coord = PROJC; + /* A = X^2, B = Y^2 */ fp_sqr(t0, p->x); fp_sqr(t1, p->y); @@ -213,11 +215,10 @@ void ed_dbl_extnd(ed_t r, const ed_t p) { if (r->coord != EXTND) { /* T = E * H */ fp_mul(r->t, t2, r->z); + r->coord = EXTND; } /* Z = F * G */ fp_mul(r->z, t3, t4); - - r->coord = PROJC; } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { diff --git a/src/ed/relic_ed_mul_sim.c b/src/ed/relic_ed_mul_sim.c index b9b70410e..b03e556ad 100644 --- a/src/ed/relic_ed_mul_sim.c +++ b/src/ed/relic_ed_mul_sim.c @@ -28,7 +28,7 @@ * curves. * * @version $Id$ - * @ingroup ep + * @ingroup ed */ #include "relic_core.h" @@ -396,3 +396,59 @@ void ed_mul_sim_gen(ed_t r, const bn_t k, const ed_t q, const bn_t m) { ed_free(g); } } + +void ed_mul_sim_lot(ed_t r, const ed_t p[], const bn_t k[], int n) { + int i, j, l, *_l = RLC_ALLOCA(int, n); + ed_t *_p = RLC_ALLOCA(ed_t, n); + int8_t *naf = NULL; + + RLC_TRY { + l = 0; + for (i = 0; i < n; i++) { + l = RLC_MAX(l, bn_bits(k[i]) + 1); + } + naf = RLC_ALLOCA(int8_t, n * l); + if (naf == NULL || _p == NULL || _l == NULL) { + RLC_THROW(ERR_NO_MEMORY); + } + + for (i = 0; i < n; i++) { + ed_null(_p[i]); + ed_new(_p[i]); + } + + for (i = 0; i < n; i++) { + _l[i] = l; + ed_norm(_p[i], p[i]); + bn_rec_naf(&naf[i*l], &_l[i], k[i], 2); + if (bn_sign(k[i]) == RLC_NEG) { + ed_neg(_p[i], _p[i]); + } + } + + ed_set_infty(r); + for (i = l - 1; i >= 0; i--) { + ed_dbl(r, r); + for (j = 0; j < n; j++) { + if (naf[j*l + i] > 0) { + ed_add(r, r, _p[j]); + } + if (naf[j*l + i] < 0) { + ed_sub(r, r, _p[j]); + } + } + } + + /* Convert r to affine coordinates. */ + ed_norm(r, r); + } RLC_CATCH_ANY { + RLC_THROW(ERR_CAUGHT); + } RLC_FINALLY { + for (i = 0; i < n; i++) { + ed_free(_p[i]); + } + RLC_FREE(_l); + RLC_FREE(_p); + RLC_FREE(naf); + } +} diff --git a/src/ed/relic_ed_norm.c b/src/ed/relic_ed_norm.c index cc06c42aa..8979df0cc 100644 --- a/src/ed/relic_ed_norm.c +++ b/src/ed/relic_ed_norm.c @@ -37,8 +37,6 @@ #if ED_ADD == PROJC || ED_ADD == EXTND || !defined(STRIP) -#include "assert.h" - /** * Normalizes a point represented in projective coordinates. * @@ -111,9 +109,11 @@ void ed_norm_sim(ed_t *r, const ed_t *t, int n) { } } +#if ED_ADD == PROJC || ED_ADD == EXTND || !defined(STRIP) for (int i = 0; i < n; i++) { ed_norm_imp(r[i], r[i], 1); } +#endif /* ED_ADD != BASIC*/ } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); diff --git a/src/ed/relic_ed_util.c b/src/ed/relic_ed_util.c index fd629962c..55c3d68d5 100644 --- a/src/ed/relic_ed_util.c +++ b/src/ed/relic_ed_util.c @@ -122,12 +122,16 @@ void ed_blind(ed_t r, const ed_t p) { RLC_TRY { fp_new(rand); - fp_rand(rand); +#if ED_ADD == BASIC + (void)rand; + ed_copy(r, p); +#elif ED_ADD == PROJC || ED_ADD == EXTND fp_mul(r->x, p->x, rand); fp_mul(r->y, p->y, rand); fp_mul(r->z, p->z, rand); r->coord = PROJC; +#endif #if ED_ADD == EXTND fp_mul(r->t, p->t, rand); #endif @@ -315,7 +319,7 @@ void ed_write_bin(uint8_t *bin, int len, const ed_t a, int pack) { ed_norm(t, a); if (pack) { - if (len != RLC_FP_BYTES + 1) { + if (len < RLC_FP_BYTES + 1) { RLC_THROW(ERR_NO_BUFFER); } else { ed_pck(t, t); @@ -323,7 +327,7 @@ void ed_write_bin(uint8_t *bin, int len, const ed_t a, int pack) { fp_write_bin(bin + 1, RLC_FP_BYTES, t->y); } } else { - if (len != 2 * RLC_FP_BYTES + 1) { + if (len < 2 * RLC_FP_BYTES + 1) { RLC_THROW(ERR_NO_BUFFER); } else { bin[0] = 4; @@ -331,8 +335,7 @@ void ed_write_bin(uint8_t *bin, int len, const ed_t a, int pack) { fp_write_bin(bin + RLC_FP_BYTES + 1, RLC_FP_BYTES, t->x); } } - } - RLC_CATCH_ANY { + } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { diff --git a/src/ep/relic_ep_map.c b/src/ep/relic_ep_map.c index 10c2c57ad..53e1d3ea1 100644 --- a/src/ep/relic_ep_map.c +++ b/src/ep/relic_ep_map.c @@ -148,11 +148,8 @@ void ep_map_from_field(ep_t p, const uint8_t *uniform_bytes, int len) { break; case EP_B12: case EP_B24: - /* multiply by 1-x (x the BLS parameter) to get the correct group. */ - /* XXX(rsw) is this guaranteed to work? It could fail if one - * of the prime-squared subgroups is cyclic, but - * maybe there's an argument that this is never the case... - */ + /* Multiply by (1-x) to get the correct group, as proven in + * Piellard. https://eprint.iacr.org/2022/352.pdf */ fp_prime_get_par(k); bn_neg(k, k); bn_add_dig(k, k, 1); diff --git a/src/ep/relic_ep_mul.c b/src/ep/relic_ep_mul.c index 88bd06158..d73353c3b 100644 --- a/src/ep/relic_ep_mul.c +++ b/src/ep/relic_ep_mul.c @@ -72,11 +72,7 @@ static void ep_mul_glv_imp(ep_t r, const ep_t p, const bn_t k) { ep_curve_get_v1(v1); ep_curve_get_v2(v2); - bn_copy(_k, k); - if (bn_cmp_abs(_k, n) == RLC_GT) { - bn_mod(_k, _k, n); - } - + bn_mod(_k, k, n); bn_rec_glv(k0, k1, _k, n, (const bn_t *)v1, (const bn_t *)v2); s0 = bn_sign(k0); s1 = bn_sign(k1); @@ -176,10 +172,7 @@ static void ep_mul_naf_imp(ep_t r, const ep_t p, const bn_t k) { } ep_curve_get_ord(n); - bn_copy(_k, k); - if (bn_cmp_abs(_k, n) == RLC_GT) { - bn_mod(_k, _k, n); - } + bn_mod(_k, k, n); /* Compute the precomputation table. */ ep_tab(t, p, EP_WIDTH); @@ -266,9 +259,7 @@ static void ep_mul_reg_glv(ep_t r, const ep_t p, const bn_t k) { ep_curve_get_v2(v2); bn_abs(_k, k); - if (bn_cmp(_k, n) == RLC_GT) { - bn_mod(_k, _k, n); - } + bn_mod(_k, _k, n); bn_rec_glv(k0, k1, _k, n, (const bn_t *)v1, (const bn_t *)v2); s0 = bn_sign(k0); @@ -472,8 +463,6 @@ static void ep_mul_reg_imp(ep_t r, const ep_t p, const bn_t k) { /* Public definitions */ /*============================================================================*/ -#if EP_MUL == BASIC || !defined(STRIP) - void ep_mul_basic(ep_t r, const ep_t p, const bn_t k) { ep_t t; @@ -508,8 +497,6 @@ void ep_mul_basic(ep_t r, const ep_t p, const bn_t k) { } } -#endif - #if EP_MUL == SLIDE || !defined(STRIP) void ep_mul_slide(ep_t r, const ep_t p, const bn_t k) { @@ -544,10 +531,7 @@ void ep_mul_slide(ep_t r, const ep_t p, const bn_t k) { #endif ep_curve_get_ord(n); - bn_copy(_k, k); - if (bn_cmp_abs(_k, n) == RLC_GT) { - bn_mod(_k, _k, n); - } + bn_mod(_k, k, n); /* Create table. */ for (i = 1; i < (1 << (EP_WIDTH - 1)); i++) { @@ -620,11 +604,7 @@ void ep_mul_monty(ep_t r, const ep_t p, const bn_t k) { ep_curve_get_ord(n); bits = bn_bits(n); - bn_copy(_k, k); - if (bn_cmp_abs(_k, n) == RLC_GT) { - bn_mod(_k, _k, n); - } - + bn_mod(_k, k, n); bn_abs(l, _k); bn_add(l, l, n); bn_add(n, l, n); diff --git a/src/ep/relic_ep_mul_fix.c b/src/ep/relic_ep_mul_fix.c index a4e6589bf..913c392d7 100644 --- a/src/ep/relic_ep_mul_fix.c +++ b/src/ep/relic_ep_mul_fix.c @@ -121,11 +121,7 @@ static void ep_mul_combs_endom(ep_t r, const ep_t *t, const bn_t k) { ep_curve_get_v2(v2); l = RLC_CEIL(bn_bits(n), (2 * EP_DEPTH)); - bn_copy(_k, k); - if (bn_cmp_abs(_k, n) == RLC_GT) { - bn_mod(_k, _k, n); - } - + bn_mod(_k, k, n); bn_rec_glv(k0, k1, _k, n, (const bn_t *)v1, (const bn_t *)v2); s0 = bn_sign(k0); s1 = bn_sign(k1); @@ -223,11 +219,7 @@ static void ep_mul_combs_plain(ep_t r, const ep_t *t, const bn_t k) { ep_curve_get_ord(n); l = RLC_CEIL(bn_bits(n), EP_DEPTH); - bn_copy(_k, k); - if (bn_cmp_abs(_k, n) == RLC_GT) { - bn_mod(_k, _k, n); - } - + bn_mod(_k, k, n); n0 = bn_bits(_k); p0 = (EP_DEPTH) * l - 1; @@ -321,10 +313,7 @@ void ep_mul_fix_basic(ep_t r, const ep_t *t, const bn_t k) { bn_new(_k); ep_curve_get_ord(n); - bn_copy(_k, k); - if (bn_cmp_abs(_k, n) == RLC_GT) { - bn_mod(_k, _k, n); - } + bn_mod(_k, k, n); ep_set_infty(r); for (int i = 0; i < bn_bits(_k); i++) { @@ -480,11 +469,7 @@ void ep_mul_fix_combd(ep_t r, const ep_t *t, const bn_t k) { d = RLC_CEIL(bn_bits(n), EP_DEPTH); e = (d % 2 == 0 ? (d / 2) : (d / 2) + 1); - bn_copy(_k, k); - if (bn_cmp_abs(_k, n) == RLC_GT) { - bn_mod(_k, _k, n); - } - + bn_mod(_k, k, n); ep_set_infty(r); n0 = bn_bits(_k); @@ -551,11 +536,7 @@ void ep_mul_fix_lwnaf(ep_t r, const ep_t *t, const bn_t k) { bn_new(_k); ep_curve_get_ord(n); - bn_copy(_k, k); - if (bn_cmp_abs(_k, n) == RLC_GT) { - bn_mod(_k, _k, n); - } - + bn_mod(_k, k, n); ep_mul_fix_plain(r, t, _k); } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); @@ -564,4 +545,5 @@ void ep_mul_fix_lwnaf(ep_t r, const ep_t *t, const bn_t k) { bn_free(_k); } } + #endif diff --git a/src/ep/relic_ep_mul_sim.c b/src/ep/relic_ep_mul_sim.c index 0aa506383..efba4b9c9 100644 --- a/src/ep/relic_ep_mul_sim.c +++ b/src/ep/relic_ep_mul_sim.c @@ -253,6 +253,221 @@ static void ep_mul_sim_endom(ep_t r, const ep_t p, const bn_t k, const ep_t q, } } +/** + * Multiplies and adds multiple elliptic curve points simultaneously. + * Computes R = \Sum_i=0..n [k_i]P_i. + * + * @param[out] r - the result. + * @param[out] p - the elements to multiply. + * @param[out] k - the integer scalars. + * @param[out] n - the number of elements to multiply. + */ +void ep_mul_sim_lot_endom(ep_t r, const ep_t p[], const bn_t k[], int n) { + const int len = RLC_FP_BITS + 1; + int i, j, m, l, _l[2], sk; + bn_t _k[2], q, v1[3], v2[3]; + int8_t ptr, *naf = RLC_ALLOCA(int8_t, 2 * n * len); + + bn_null(q); + + if (n <= 10) { + ep_t *_p = RLC_ALLOCA(ep_t, 2 * n); + + RLC_TRY { + if (naf == NULL || _p == NULL) { + RLC_THROW(ERR_NO_MEMORY); + } + bn_new(q); + for (j = 0; j < 2; j++) { + bn_null(_k[j]); + bn_new(_k[j]); + } + for (i = 0; i < 2 * n; i++) { + ep_null(_p[i]); + ep_new(_p[i]); + } + + for (i = 0; i < 3; i++) { + bn_null(v1[i]); + bn_null(v2[i]); + bn_new(v1[i]); + bn_new(v2[i]); + } + + l = 0; + ep_curve_get_ord(q); + ep_curve_get_v1(v1); + ep_curve_get_v2(v2); + for (i = 0; i < n; i++) { + ep_norm(_p[2*i], p[i]); + ep_psi(_p[2*i + 1], _p[2*i]); + bn_mod(_k[0], k[i], q); + sk = bn_sign(_k[0]); + bn_rec_glv(_k[0], _k[1], _k[0], q, (const bn_t *)v1, (const bn_t *)v2); + if (sk == RLC_NEG) { + bn_neg(_k[0], _k[0]); + bn_neg(_k[1], _k[1]); + } + for (j = 0; j < 2; j++) { + _l[j] = len; + bn_rec_naf(&naf[(2*i + j)*len], &_l[j], _k[j], 2); + if (bn_sign(_k[j]) == RLC_NEG) { + ep_neg(_p[2*i + j], _p[2*i + j]); + } + l = RLC_MAX(l, _l[j]); + } + } + + ep_set_infty(r); + for (i = l - 1; i >= 0; i--) { + ep_dbl(r, r); + for (j = 0; j < n; j++) { + for (m = 0; m < 2; m++) { + if (naf[(2*j + m)*len + i] > 0) { + ep_add(r, r, _p[2*j + m]); + } + if (naf[(2*j + m)*len + i] < 0) { + ep_sub(r, r, _p[2*j + m]); + } + } + } + } + ep_norm(r, r); + } RLC_CATCH_ANY { + RLC_THROW(ERR_CAUGHT); + } RLC_FINALLY { + bn_free(q); + bn_free(_k[0]); + bn_free(_k[1]); + for (i = 0; i < 2 * n; i++) { + ep_free(_p[i]); + } + RLC_FREE(_p); + RLC_FREE(naf); + for (i = 0; i < 3; i++) { + bn_free(v1[i]); + bn_free(v2[i]); + } + } + } else { + const int w = RLC_MAX(2, util_bits_dig(n) - 2), c = (1 << (w - 2)); + ep_t s, t, u, v, *_p = RLC_ALLOCA(ep_t, 2 * c); + + ep_null(s); + ep_null(t); + ep_null(u); + ep_null(v); + + RLC_TRY { + if (naf == NULL || _p == NULL) { + RLC_THROW(ERR_NO_MEMORY); + } + bn_new(q); + ep_new(s); + ep_new(t); + ep_new(u); + ep_new(v); + for (i = 0; i < 2; i++) { + bn_null(_k[i]); + bn_new(_k[i]); + for (j = 0; j < c; j++) { + ep_null(_p[i*c + j]); + ep_new(_p[i*c + j]); + ep_set_infty(_p[i*c + j]); + } + } + for (i = 0; i < 3; i++) { + bn_null(v1[i]); + bn_null(v2[i]); + bn_new(v1[i]); + bn_new(v2[i]); + } + + l = 0; + ep_curve_get_ord(q); + ep_curve_get_v1(v1); + ep_curve_get_v2(v2); + for (i = 0; i < n; i++) { + bn_mod(_k[0], k[i], q); + sk = bn_sign(_k[0]); + bn_rec_glv(_k[0], _k[1], _k[0], q, (const bn_t *)v1, (const bn_t *)v2); + if (sk == RLC_NEG) { + bn_neg(_k[0], _k[0]); + bn_neg(_k[1], _k[1]); + } + for (j = 0; j < 2; j++) { + _l[j] = len; + bn_rec_naf(&naf[(2*i + j)*len], &_l[j], _k[j], w); + if (bn_sign(_k[j]) == RLC_NEG) { + for (m = 0; m < _l[j]; m++) { + naf[(2*i + j)*len + m] = -naf[(2*i + j)*len + m]; + } + } + l = RLC_MAX(l, _l[j]); + } + } + + ep_set_infty(s); + for (i = l - 1; i >= 0; i--) { + for (j = 0; j < n; j++) { + for (m = 0; m < 2; m++) { + ptr = naf[(2*j + m)*len + i]; + if (ptr != 0) { + ep_copy(t, p[j]); + if (ptr < 0) { + ptr = -ptr; + ep_neg(t, t); + } + ep_add(_p[m*c + (ptr >> 1)], _p[m*c + (ptr >> 1)], t); + } + } + } + + ep_set_infty(t); + for (m = 1; m >= 0; m--) { + ep_psi(t, t); + ep_set_infty(u); + ep_set_infty(v); + for (j = c - 1; j >= 0; j--) { + ep_add(u, u, _p[m*c + j]); + if (j == 0) { + ep_dbl(v, v); + } + ep_add(v, v, u); + ep_set_infty(_p[m*c + j]); + } + ep_add(t, t, v); + } + ep_dbl(s, s); + ep_add(s, s, t); + } + + /* Convert r to affine coordinates. */ + ep_norm(r, s); + } RLC_CATCH_ANY { + RLC_THROW(ERR_CAUGHT); + } RLC_FINALLY { + bn_free(q); + ep_free(s); + ep_free(t); + ep_free(u); + ep_free(v); + for (i = 0; i < 2; i++) { + bn_free(_k[i]); + for (j = 0; j < c; j++) { + ep_free(_p[i*c + j]); + } + } + RLC_FREE(_p); + RLC_FREE(naf); + for (i = 0; i < 3; i++) { + bn_free(v1[i]); + bn_free(v2[i]); + } + } + } +} + #endif /* EP_ENDOM */ #if defined(EP_PLAIN) || defined(EP_SUPER) @@ -358,6 +573,71 @@ static void ep_mul_sim_plain(ep_t r, const ep_t p, const bn_t k, const ep_t q, } } +/** + * Multiplies and adds multiple elliptic curve points simultaneously. + * Computes R = \Sum_i=0..n [k_i]P_i. + * + * @param[out] r - the result. + * @param[out] p - the elements to multiply. + * @param[out] k - the integer scalars. + * @param[out] n - the number of elements to multiply. + */ +void ep_mul_sim_lot_plain(ep_t r, const ep_t p[], const bn_t k[], int n) { + int i, j, l, *_l = RLC_ALLOCA(int, n); + ep_t *_p = RLC_ALLOCA(ep_t, n); + int8_t *naf = NULL; + + RLC_TRY { + l = 0; + for (i = 0; i < n; i++) { + l = RLC_MAX(l, bn_bits(k[i]) + 1); + } + naf = RLC_ALLOCA(int8_t, n * l); + if (naf == NULL || _p == NULL || _l == NULL) { + RLC_THROW(ERR_NO_MEMORY); + } + + for (i = 0; i < n; i++) { + ep_null(_p[i]); + ep_new(_p[i]); + } + + for (i = 0; i < n; i++) { + _l[i] = l; + ep_norm(_p[i], p[i]); + bn_rec_naf(&naf[i*l], &_l[i], k[i], 2); + if (bn_sign(k[i]) == RLC_NEG) { + ep_neg(_p[i], _p[i]); + } + } + + ep_set_infty(r); + for (i = l - 1; i >= 0; i--) { + ep_dbl(r, r); + for (j = 0; j < n; j++) { + if (naf[j*l + i] > 0) { + ep_add(r, r, _p[j]); + } + if (naf[j*l + i] < 0) { + ep_sub(r, r, _p[j]); + } + } + } + + /* Convert r to affine coordinates. */ + ep_norm(r, r); + } RLC_CATCH_ANY { + RLC_THROW(ERR_CAUGHT); + } RLC_FINALLY { + for (i = 0; i < n; i++) { + ep_free(_p[i]); + } + RLC_FREE(_l); + RLC_FREE(_p); + RLC_FREE(naf); + } +} + #endif /* EP_PLAIN || EP_SUPER */ #endif /* EP_SIM == INTER */ @@ -430,14 +710,8 @@ void ep_mul_sim_trick(ep_t r, const ep_t p, const bn_t k, const ep_t q, } ep_curve_get_ord(n); - bn_copy(_k, k); - if (bn_cmp_abs(_k, n) == RLC_GT) { - bn_mod(_k, _k, n); - } - bn_copy(_m, m); - if (bn_cmp_abs(_m, n) == RLC_GT) { - bn_mod(_m, _m, n); - } + bn_mod(_k, k, n); + bn_mod(_m, m, n); ep_set_infty(t0[0]); ep_copy(t0[1], p); @@ -530,14 +804,8 @@ void ep_mul_sim_inter(ep_t r, const ep_t p, const bn_t k, const ep_t q, /* Handle this here to reduce complexity of static functions. */ ep_curve_get_ord(n); - bn_copy(_k, k); - if (bn_cmp_abs(_k, n) == RLC_GT) { - bn_mod(_k, _k, n); - } - bn_copy(_m, m); - if (bn_cmp_abs(_m, n) == RLC_GT) { - bn_mod(_m, _m, n); - } + bn_mod(_k, k, n); + bn_mod(_m, m, n); #if defined(EP_ENDOM) if (ep_curve_is_endom()) { @@ -596,14 +864,8 @@ void ep_mul_sim_joint(ep_t r, const ep_t p, const bn_t k, const ep_t q, } ep_curve_get_ord(n); - bn_copy(_k, k); - if (bn_cmp_abs(_k, n) == RLC_GT) { - bn_mod(_k, _k, n); - } - bn_copy(_m, m); - if (bn_cmp_abs(_m, n) == RLC_GT) { - bn_mod(_m, _m, n); - } + bn_mod(_k, k, n); + bn_mod(_m, m, n); ep_set_infty(t[0]); ep_copy(t[1], q); @@ -688,14 +950,8 @@ void ep_mul_sim_gen(ep_t r, const bn_t k, const ep_t q, const bn_t m) { ep_curve_get_gen(g); ep_curve_get_ord(n); - bn_copy(_k, k); - if (bn_cmp_abs(_k, n) == RLC_GT) { - bn_mod(_k, _k, n); - } - bn_copy(_m, m); - if (bn_cmp_abs(_m, n) == RLC_GT) { - bn_mod(_m, _m, n); - } + bn_mod(_k, k, n); + bn_mod(_m, m, n); #if defined(EP_ENDOM) #if EP_SIM == INTER && EP_FIX == LWNAF && defined(EP_PRECO) @@ -732,14 +988,14 @@ void ep_mul_sim_gen(ep_t r, const bn_t k, const ep_t q, const bn_t m) { } } -void ep_mul_sim_dig(ep_t r, const ep_t p[], const dig_t k[], int len) { +void ep_mul_sim_dig(ep_t r, const ep_t p[], const dig_t k[], int n) { ep_t t; int max; ep_null(t); max = util_bits_dig(k[0]); - for (int i = 1; i < len; i++) { + for (int i = 1; i < n; i++) { max = RLC_MAX(max, util_bits_dig(k[i])); } @@ -749,7 +1005,7 @@ void ep_mul_sim_dig(ep_t r, const ep_t p[], const dig_t k[], int len) { ep_set_infty(t); for (int i = max - 1; i >= 0; i--) { ep_dbl(t, t); - for (int j = 0; j < len; j++) { + for (int j = 0; j < n; j++) { if (k[j] & ((dig_t)1 << i)) { ep_add(t, t, p[j]); } @@ -766,207 +1022,25 @@ void ep_mul_sim_dig(ep_t r, const ep_t p[], const dig_t k[], int len) { } } -void ep_mul_sim_lot(ep_t r, ep_t p[], const bn_t k[], int n) { - const int len = RLC_FP_BITS + 1; - int i, j, m, l, _l[2]; - bn_t _k[2], q, v1[3], v2[3]; - int8_t *naf = RLC_ALLOCA(int8_t, 2 * n * len); - - bn_null(q); - - if (n <= 10) { - ep_t *_p = RLC_ALLOCA(ep_t, 2 * n); - - RLC_TRY { - if (naf == NULL || _p == NULL) { - RLC_THROW(ERR_NO_MEMORY); - } - bn_new(q); - for (j = 0; j < 2; j++) { - bn_null(_k[j]); - bn_new(_k[j]); - } - for (i = 0; i < n; i++) { - ep_null(_p[i]); - ep_new(_p[i]); - } - - for (i = 0; i < 3; i++) { - bn_null(v1[i]); - bn_null(v2[i]); - bn_new(v1[i]); - bn_new(v2[i]); - } - - l = 0; - ep_curve_get_ord(q); - ep_curve_get_v1(v1); - ep_curve_get_v2(v2); - for (i = 0; i < n; i++) { - ep_norm(_p[2*i], p[i]); - ep_psi(_p[2*i + 1], _p[2*i]); - bn_rec_glv(_k[0], _k[1], k[i], q, (const bn_t *)v1, (const bn_t *)v2); - if (bn_sign(k[i]) == RLC_NEG) { - bn_neg(_k[0], _k[0]); - bn_neg(_k[1], _k[1]); - } - for (j = 0; j < 2; j++) { - _l[j] = len; - bn_rec_naf(&naf[(2*i + j)*len], &_l[j], _k[j], 2); - if (bn_sign(_k[j]) == RLC_NEG) { - ep_neg(_p[2*i + j], _p[2*i + j]); - } - l = RLC_MAX(l, _l[j]); - } - } - - ep_set_infty(r); - for (i = l - 1; i >= 0; i--) { - ep_dbl(r, r); - for (j = 0; j < n; j++) { - for (m = 0; m < 2; m++) { - if (naf[(2*j + m)*len + i] > 0) { - ep_add(r, r, _p[2*j + m]); - } - if (naf[(2*j + m)*len + i] < 0) { - ep_sub(r, r, _p[2*j + m]); - } - } - } - } - - ep_norm(r, r); - } RLC_CATCH_ANY { - RLC_THROW(ERR_CAUGHT); - } RLC_FINALLY { - bn_free(q); - bn_free(_k[0]); - bn_free(_k[1]); - for (i = 0; i < n; i++) { - ep_free(_p[i]); - } - RLC_FREE(_p); - RLC_FREE(naf); - for (i = 0; i < 3; i++) { - bn_free(v1[i]); - bn_free(v2[i]); - } - } - } else { - const int w = RLC_MAX(2, util_bits_dig(n) - 2), c = (1 << (w - 2)); - ep_t s, t, u, v, *_p = RLC_ALLOCA(ep_t, 2 * c); - int8_t ptr, *sk = RLC_ALLOCA(int8_t, 2 * n); - - ep_null(s); - ep_null(t); - ep_null(u); - ep_null(v); - - RLC_TRY { - if (naf == NULL || _p == NULL) { - RLC_THROW(ERR_NO_MEMORY); - } - bn_new(q); - ep_new(s); - ep_new(t); - ep_new(u); - ep_new(v); - for (i = 0; i < 2; i++) { - bn_null(_k[i]); - bn_new(_k[i]); - for (j = 0; j < c; j++) { - ep_null(_p[i*c + j]); - ep_new(_p[i*c + j]); - ep_set_infty(_p[i*c + j]); - } - } - for (i = 0; i < 3; i++) { - bn_null(v1[i]); - bn_null(v2[i]); - bn_new(v1[i]); - bn_new(v2[i]); - } - - l = 0; - ep_curve_get_ord(q); - ep_curve_get_v1(v1); - ep_curve_get_v2(v2); - for (i = 0; i < n; i++) { - bn_rec_glv(_k[0], _k[1], k[i], q, (const bn_t *)v1, (const bn_t *)v2); - if (bn_sign(k[i]) == RLC_NEG) { - bn_neg(_k[0], _k[0]); - bn_neg(_k[1], _k[1]); - } - for (j = 0; j < 2; j++) { - _l[j] = len; - bn_rec_naf(&naf[(2*i + j)*len], &_l[j], _k[j], w); - if (bn_sign(_k[j]) == RLC_NEG) { - for (m = 0; m < _l[j]; m++) { - naf[(2*i + j)*len + m] = -naf[(2*i + j)*len + m]; - } - } - l = RLC_MAX(l, _l[j]); - } - } +void ep_mul_sim_lot(ep_t r, const ep_t p[], const bn_t k[], int n) { + int flag = 0; - ep_set_infty(s); - for (i = l - 1; i >= 0; i--) { - for (j = 0; j < n; j++) { - for (m = 0; m < 2; m++) { - ptr = naf[(2*j + m)*len + i]; - if (ptr != 0) { - ep_copy(t, p[j]); - if (ptr < 0) { - ptr = -ptr; - ep_neg(t, t); - } - ep_add(_p[m*c + (ptr >> 1)], _p[m*c + (ptr >> 1)], t); - } - } - } + if (n == 0) { + ep_set_infty(r); + return; + } - ep_set_infty(t); - for (m = 1; m >= 0; m--) { - ep_psi(t, t); - ep_set_infty(u); - ep_set_infty(v); - for (j = c - 1; j >= 0; j--) { - ep_add(u, u, _p[m*c + j]); - if (j == 0) { - ep_dbl(v, v); - } - ep_add(v, v, u); - ep_set_infty(_p[m*c + j]); - } - ep_add(t, t, v); - } - ep_dbl(s, s); - ep_add(s, s, t); - } +#if defined(EP_ENDOM) + if (ep_curve_is_endom()) { + ep_mul_sim_lot_endom(r, p, k, n); + flag = 1; + } +#endif - /* Convert r to affine coordinates. */ - ep_norm(r, s); - } RLC_CATCH_ANY { - RLC_THROW(ERR_CAUGHT); - } RLC_FINALLY { - bn_free(q); - ep_free(s); - ep_free(t); - ep_free(u); - ep_free(v); - for (i = 0; i < 2; i++) { - bn_free(_k[i]); - for (j = 0; j < c; j++) { - ep_free(_p[i*c + j]); - } - } - RLC_FREE(sk); - RLC_FREE(_p); - RLC_FREE(naf); - for (i = 0; i < 3; i++) { - bn_free(v1[i]); - bn_free(v2[i]); - } - } +#if defined(EP_PLAIN) || defined(EP_SUPER) + if (!flag) { + ep_mul_sim_lot_plain(r, p, k, n); } +#endif + (void)flag; } diff --git a/src/ep/relic_ep_norm.c b/src/ep/relic_ep_norm.c index 4499a3d02..f5c924529 100644 --- a/src/ep/relic_ep_norm.c +++ b/src/ep/relic_ep_norm.c @@ -132,10 +132,11 @@ void ep_norm_sim(ep_t *r, const ep_t *t, int n) { fp_copy(r[i]->z, a[i]); } } - +#if EP_ADD == PROJC || EP_ADD == JACOB || !defined(STRIP) for (i = 0; i < n; i++) { ep_norm_imp(r[i], r[i], 1); } +#endif /* EP_ADD == PROJC */ } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); diff --git a/src/ep/relic_ep_param.c b/src/ep/relic_ep_param.c index cfc50f881..22eebdb94 100644 --- a/src/ep/relic_ep_param.c +++ b/src/ep/relic_ep_param.c @@ -338,8 +338,6 @@ #define BN_P158_Y "4" #define BN_P158_R "240000006ED000007FE96000419F59800C9FFD81" #define BN_P158_H "1" -#define BN_P158_BETA "240000006E8800007F434000411F93C00C7F3B08" -#define BN_P158_LAMB "240000006E4000007E9D800040A064000C5EB323" #define BN_P158_MAPU "1" /** @} */ #endif @@ -406,6 +404,51 @@ /** @} */ #endif +#if defined(EP_ENDOM) && FP_PRIME == 315 +/** +* Parameters for a 315-bit pairing-friendly prime curve. +*/ +/** @{ */ +#define B24_P315_A "0" +#define B24_P315_B "1" +#define B24_P315_X "41A0A424393988DA1B2B117076EF6E4F54B344CC46DDE3C983603A832CB638DBF4B721710866097" +#define B24_P315_Y "2E6F83C55DEFF20227ECDF0DB2BB2EBB5D72C8A29010871D3CCE9059E83DFB96F2922D5DA4E4E5F" +#define B24_P315_R "196DEAC24A9DA12B25FC7EC9CF927A98C8C480ECE644E36419D0C5FD00C00001" +#define B24_P315_H "2FE8030000000000" +#define B24_P315_MAPU "-2" +/** @} */ +#endif + +#if defined(EP_ENDOM) && FP_PRIME == 317 +/** +* Parameters for a 317-bit pairing-friendly prime curve. +*/ +/** @{ */ +#define B24_P317_A "0" +#define B24_P317_B "4" +#define B24_P317_X "325C2B065C4FAC86D1140C27F7335CACB7D5C0542CAE9E790B8A1290570A39CA25FFAEF7F1DA1F7" +#define B24_P317_Y "32239CB1D737F2283BA0707D11B291DF9AC9255DF42134F7D5C9A6B3B4038E13B4544BDC6F7E333" +#define B24_P317_R "443F917EA68DAFC2D0B097F28D83CD491CD1E79196BF0E7AF000000000000001" +#define B24_P317_H "3D512E5584A9AAAB" +#define B24_P317_MAPU "-3" +/** @} */ +#endif + +#if defined(EP_ENDOM) && FP_PRIME == 377 +/** +* Parameters for a 377-bit pairing-friendly prime curve. +*/ +/** @{ */ +#define B12_P377_A "0" +#define B12_P377_B "1" +#define B12_P377_X "8848DEFE740A67C8FC6225BF87FF5485951E2CAA9D41BB188282C8BD37CB5CD5481512FFCD394EEAB9B16EB21BE9EF" +#define B12_P377_Y "1914A69C5102EFF1F674F5D30AFEEC4BD7FB348CA3E52D96D182AD44FB82305C2FE3D3634A9591AFD82DE55559C8EA6" +#define B12_P377_R "12AB655E9A2CA55660B44D1E5C37B00159AA76FED00000010A11800000000001" +#define B12_P377_H "170B5D44300000000000000000000000" +#define B12_P377_MAPU "-2" +/** @} */ +#endif + #if defined(EP_ENDOM) && FP_PRIME == 381 /** * Parameters for a 381-bit pairing-friendly prime curve. @@ -614,8 +657,6 @@ #define BN_P638_Y "128AC488584B7C05EFD5436E559D741C978A5027926525B3DECB22D40E03FC7BD8D4235FD7E9DD2F3BFF3945D54C25E701624E27AFEF8F27F7DDEADEDAF3FE3AA0234D35290703FCE6254A7D75B6A304" #define BN_P638_R "23FFFFFDC000000D7FFFFFB8000001D3FFFFF942D000165E3FFF94870000D52FFFFDD0E00008DE55600086550021E555FFFFF54FFFF4EAC000000049800154D9FFFFFFFFFFFFEDA00000000000000061" #define BN_P638_H "1" -#define BN_P638_BETA "47FFFFFCA000000D7FFFFFB8000001AFFFFFFCA480000D5BFFFFCA47FFFFFDBFFFFEE90000000018C000479CFFFFFFFFFFFFF9D0000000000000002E" -#define BN_P638_LAMB "8FFFFFF94000001AFFFFFF700000035FFFFFF947E0001AC0FFFF947DFFFFFC0FFFFDCFC00000002580007D69FFFFFFFFFFFFF6A0000000000000003D" #define BN_P638_MAPU "-1" /** @} */ #endif @@ -631,8 +672,6 @@ #define B12_P638_Y "2D340B33877480A9785E86ED2EDCAFC170B82568CB21B708B79FC6DA3748461FCD80697E486695F3CAE76FCB1781E784F6812F57BE05DFC850426650DED8B40A464B00A35718228EC8E02B52B59D876E" #define B12_P638_R "50F94035FF4000FFFFFFFFFFF9406BFDC0040000000000000035FB801DFFBFFFFFFFFFFFFFFF401BFF80000000000000000000FFC01" #define B12_P638_H "BFF8001555555555555555554D957EAAAAAAAAAAAAAAAAAAAABEB" -#define B12_P638_BETA "1E5CD621BF4C01DFFDFFFFFFFCE57239EE275BF63000000000207C802254C4BE7FFFFFFFFFFF55FE959D1B8000000000000001BCCEB5801FFFFFFFFFFFFFFFFE2E801E" -#define B12_P638_LAMB "50F94035FF4000FFFFFFFFFFF9406BFDC0040000000000000035F94035FF7FFFFFFFFFFFFFFF4033FF00000000000000000000FF801" #define B12_P638_MAPU "3" /** @} */ #endif @@ -818,7 +857,7 @@ void ep_param_set(int param) { #endif #if defined(EP_ENDOM) && FP_PRIME == 160 case SECG_K160: - ASSIGN(SECG_K160, SECG_160D); + ASSIGNK(SECG_K160, SECG_160D); endom = 1; break; #endif @@ -848,7 +887,7 @@ void ep_param_set(int param) { #endif #if defined(EP_ENDOM) && FP_PRIME == 224 case SECG_K224: - ASSIGN(SECG_K224, SECG_224); + ASSIGNK(SECG_K224, SECG_224); endom = 1; break; #endif @@ -895,7 +934,7 @@ void ep_param_set(int param) { #endif #if defined(EP_ENDOM) && FP_PRIME == 256 case SECG_K256: - ASSIGN(SECG_K256, SECG_256); + ASSIGNK(SECG_K256, SECG_256); endom = 1; break; case SM9_P256: @@ -909,10 +948,25 @@ void ep_param_set(int param) { pairf = EP_BN; break; #endif -#if defined(EP_PLAIN) & FP_PRIME == 382 - case CURVE_67254: - ASSIGN(CURVE_67254, PRIME_382105); - plain = 1; +#if defined(EP_ENDOM) & FP_PRIME == 315 + case B24_P315: + ASSIGN(B24_P315, B24_315); + endom = 1; + pairf = EP_B24; + break; +#endif +#if defined(EP_ENDOM) & FP_PRIME == 317 + case B24_P317: + ASSIGN(B24_P317, B24_317); + endom = 1; + pairf = EP_B24; + break; +#endif +#if defined(EP_ENDOM) & FP_PRIME == 377 + case B12_P377: + ASSIGN(B12_P377, B12_377); + endom = 1; + pairf = EP_B12; break; #endif #if defined(EP_ENDOM) & FP_PRIME == 381 @@ -926,6 +980,12 @@ void ep_param_set(int param) { pairf = EP_B12; break; #endif +#if defined(EP_PLAIN) & FP_PRIME == 382 + case CURVE_67254: + ASSIGN(CURVE_67254, PRIME_382105); + plain = 1; + break; +#endif #if defined(EP_ENDOM) & FP_PRIME == 382 case BN_P382: ASSIGN(BN_P382, BN_382); @@ -1004,13 +1064,14 @@ void ep_param_set(int param) { #endif #if defined(EP_ENDOM) && FP_PRIME == 544 case GMT8_P544: - ASSIGN(GMT8_P544, GMT8_544); + ASSIGNK(GMT8_P544, GMT8_544); endom = 1; + pairf = EP_GMT8; break; #endif #if defined(EP_ENDOM) && FP_PRIME == 569 case K54_P569: - ASSIGN(K54_P569, K54_569); + ASSIGNK(K54_P569, K54_569); endom = 1; pairf = EP_K54; break; @@ -1230,6 +1291,12 @@ int ep_param_set_any_endom(void) { ep_param_set(TWEEDLEDUM); #elif FP_PRIME == 256 ep_param_set(SECG_K256); +#elif FP_PRIME == 315 + ep_param_set(B24_P315); +#elif FP_PRIME == 317 + ep_param_set(B24_P317); +#elif FP_PRIME == 377 + ep_param_set(B12_P377); #elif FP_PRIME == 381 ep_param_set(B12_P381); #elif FP_PRIME == 382 @@ -1298,6 +1365,18 @@ int ep_param_set_any_pairf(void) { ep_param_set(BN_P256); type = RLC_EP_DTYPE; degree = 2; +#elif FP_PRIME == 315 + ep_param_set(B24_P315); + type = RLC_EP_DTYPE; + degree = 4; +#elif FP_PRIME == 317 + ep_param_set(B24_P317); + type = RLC_EP_MTYPE; + degree = 4; +#elif FP_PRIME == 377 + ep_param_set(B12_P377); + type = RLC_EP_DTYPE; + degree = 2; #elif FP_PRIME == 381 ep_param_set(B12_P381); type = RLC_EP_MTYPE; @@ -1443,6 +1522,12 @@ void ep_param_print(void) { case SM9_P256: util_banner("Curve SM9-P256:", 0); break; + case B24_P315: + util_banner("Curve B24-P315:", 0); + break; + case B24_P317: + util_banner("Curve B24-P317:", 0); + break; case B12_P381: util_banner("Curve B12-P381:", 0); break; @@ -1528,6 +1613,8 @@ int ep_param_level(void) { case CURVE_25519: case TWEEDLEDUM: return 128; + case B24_P315: + case B12_P377: case B12_P381: case BN_P382: case B12_P383: @@ -1551,30 +1638,24 @@ int ep_param_level(void) { } int ep_param_embed(void) { - switch (ep_param_get()) { - case SS_P1536: + switch (core_get()->ep_is_pairf) { + case EP_SS1: + return 1; + case EP_SS2: return 2; - case OT8_P511: - case GMT8_P544: + case EP_OT8: + case EP_GMT8: return 8; - case BN_P158: - case BN_P254: - case BN_P256: - case SM9_P256: - case BN_P382: - case BN_P446: - case B12_P446: - case BN_P638: - case B12_P381: - case B12_P383: - case B12_P455: - case B12_P638: + case EP_BN: + case EP_B12: return 12; - case B24_P509: + case EP_K16: + return 16; + case EP_B24: return 24; - case B48_P575: + case EP_B48: return 48; - case K54_P569: + case EP_K54: return 54; } return 0; diff --git a/src/ep/relic_ep_util.c b/src/ep/relic_ep_util.c index ae143e9f3..54b13eab9 100644 --- a/src/ep/relic_ep_util.c +++ b/src/ep/relic_ep_util.c @@ -296,7 +296,6 @@ void ep_write_bin(uint8_t *bin, int len, const ep_t a, int pack) { RLC_THROW(ERR_NO_BUFFER); return; } else { - bin[0] = 0; return; } } diff --git a/src/epx/relic_ep2_add.c b/src/epx/relic_ep2_add.c index 2a9766e7c..42b9bc8cd 100644 --- a/src/epx/relic_ep2_add.c +++ b/src/epx/relic_ep2_add.c @@ -47,7 +47,7 @@ * @param p - the first point to add. * @param q - the second point to add. */ -static void ep2_add_basic_imp(ep2_t r, fp2_t s, ep2_t p, ep2_t q) { +static void ep2_add_basic_imp(ep2_t r, fp2_t s, const ep2_t p, const ep2_t q) { fp2_t t0, t1, t2; fp2_null(t0); @@ -124,7 +124,7 @@ static void ep2_add_basic_imp(ep2_t r, fp2_t s, ep2_t p, ep2_t q) { * @param p - the affine point. * @param q - the projective point. */ -static void ep2_add_projc_mix(ep2_t r, ep2_t p, ep2_t q) { +static void ep2_add_projc_mix(ep2_t r, const ep2_t p, const ep2_t q) { fp2_t t0, t1, t2, t3, t4, t5, t6; fp2_null(t0); @@ -233,7 +233,7 @@ static void ep2_add_projc_mix(ep2_t r, ep2_t p, ep2_t q) { * @param p - the first point to add. * @param q - the second point to add. */ -static void ep2_add_projc_imp(ep2_t r, ep2_t p, ep2_t q) { +static void ep2_add_projc_imp(ep2_t r, const ep2_t p, const ep2_t q) { #if defined(EP_MIXED) && defined(STRIP) ep2_add_projc_mix(r, p, q); #else /* General addition. */ @@ -355,7 +355,7 @@ static void ep2_add_projc_imp(ep2_t r, ep2_t p, ep2_t q) { #if EP_ADD == BASIC || !defined(STRIP) -void ep2_add_basic(ep2_t r, ep2_t p, ep2_t q) { +void ep2_add_basic(ep2_t r, const ep2_t p, const ep2_t q) { if (ep2_is_infty(p)) { ep2_copy(r, q); return; @@ -369,7 +369,7 @@ void ep2_add_basic(ep2_t r, ep2_t p, ep2_t q) { ep2_add_basic_imp(r, NULL, p, q); } -void ep2_add_slp_basic(ep2_t r, fp2_t s, ep2_t p, ep2_t q) { +void ep2_add_slp_basic(ep2_t r, fp2_t s, const ep2_t p, const ep2_t q) { if (ep2_is_infty(p)) { ep2_copy(r, q); return; @@ -387,7 +387,7 @@ void ep2_add_slp_basic(ep2_t r, fp2_t s, ep2_t p, ep2_t q) { #if EP_ADD == PROJC || !defined(STRIP) -void ep2_add_projc(ep2_t r, ep2_t p, ep2_t q) { +void ep2_add_projc(ep2_t r, const ep2_t p, const ep2_t q) { if (ep2_is_infty(p)) { ep2_copy(r, q); return; @@ -409,7 +409,7 @@ void ep2_add_projc(ep2_t r, ep2_t p, ep2_t q) { #endif -void ep2_sub(ep2_t r, ep2_t p, ep2_t q) { +void ep2_sub(ep2_t r, const ep2_t p, const ep2_t q) { ep2_t t; ep2_null(t); diff --git a/src/epx/relic_ep2_cmp.c b/src/epx/relic_ep2_cmp.c index c5943789c..8c44a9eba 100644 --- a/src/epx/relic_ep2_cmp.c +++ b/src/epx/relic_ep2_cmp.c @@ -36,7 +36,7 @@ /* Public definitions */ /*============================================================================*/ -int ep2_cmp(ep2_t p, ep2_t q) { +int ep2_cmp(const ep2_t p, const ep2_t q) { ep2_t r, s; int result = RLC_NE; diff --git a/src/epx/relic_ep2_curve.c b/src/epx/relic_ep2_curve.c index cdf301946..ad961380d 100644 --- a/src/epx/relic_ep2_curve.c +++ b/src/epx/relic_ep2_curve.c @@ -109,6 +109,23 @@ /** @} */ #endif +#if defined(EP_ENDOM) && FP_PRIME == 377 +/** @{ */ +#define B12_P377_A0 "0" +#define B12_P377_A1 "0" +#define B12_P377_B0 "0" +#define B12_P377_B1 "10222F6DB0FD6F343BD03737460C589DC7B4F91CD5FD889129207B63C6BF8000DD39E5C1CCCCCCD1C9ED9999999999A" +#define B12_P377_X0 "18480BE71C785FEC89630A2A3841D01C565F071203E50317EA501F557DB6B9B71889F52BB53540274E3E48F7C005196" +#define B12_P377_X1 "EA6040E700403170DC5A51B1B140D5532777EE6651CECBE7223ECE0799C9DE5CF89984BFF76FE6B26BFEFA6EA16AFE" +#define B12_P377_Y0 "690D665D446F7BD960736BCBB2EFB4DE03ED7274B49A58E458C282F832D204F2CF88886D8C7C2EF094094409FD4DDF" +#define B12_P377_Y1 "F8169FD28355189E549DA3151A70AA61EF11AC3D591BF12463B01ACEE304C24279B83F5E52270BD9A1CDD185EB8F93" +#define B12_P377_R "12AB655E9A2CA55660B44D1E5C37B00159AA76FED00000010A11800000000001" +#define B12_P377_H "26BA558AE9562ADDD88D99A6F6A829FBB36B00E1DCC40C8C505634FAE2E189D693E8C36676BD09A0F3622FBA094800452217CC8FFFFFFFFFFFFFFFFFFFFFFF" +#define B12_P377_MAPU0 "1" +#define B12_P377_MAPU1 "-1" +/** @} */ +#endif + #if defined(EP_ENDOM) && FP_PRIME == 381 /** @{ */ #define B12_P381_A0 "0" @@ -130,11 +147,11 @@ #define B12_P381_ISO_XD "0,1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaa63;c,1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaa9f;1,0" #define B12_P381_ISO_YN "1530477c7ab4113b59a4c18b076d11930f7da5d4a07f649bf54439d87d27e500fc8c25ebf8c92f6812cfc71c71c6d706,1530477c7ab4113b59a4c18b076d11930f7da5d4a07f649bf54439d87d27e500fc8c25ebf8c92f6812cfc71c71c6d706;0,5c759507e8e333ebb5b7a9a47d7ed8532c52d39fd3a042a88b58423c50ae15d5c2638e343d9c71c6238aaaaaaaa97be;11560bf17baa99bc32126fced787c88f984f87adf7ae0c7f9a208c6b4f20a4181472aaa9cb8d555526a9ffffffffc71c,8ab05f8bdd54cde190937e76bc3e447cc27c3d6fbd7063fcd104635a790520c0a395554e5c6aaaa9354ffffffffe38f;124c9ad43b6cf79bfbf7043de3811ad0761b0f37a1e26286b0e977c69aa274524e79097a56dc4bd9e1b371c71c718b10,0" #define B12_P381_ISO_YD "1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffa8fb,1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffa8fb;0,1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffa9d3;12,1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaa99;1,0" -#define B12_P381_MAPU0 "-2" -#define B12_P381_MAPU1 "-1" +#define B12_P381_MAPU0 "-2" +#define B12_P381_MAPU1 "-1" #else /* !defined(EP_CTMAP) */ -#define B12_P381_MAPU0 "0" -#define B12_P381_MAPU1 "1" +#define B12_P381_MAPU0 "0" +#define B12_P381_MAPU1 "1" #endif /** @} */ #endif @@ -785,6 +802,10 @@ void ep2_curve_set_twist(int type) { case SM9_P256: ASSIGN(SM9_P256); break; +#elif FP_PRIME == 377 + case B12_P377: + ASSIGN(B12_P377); + break; #elif FP_PRIME == 381 case B12_P381: ASSIGN(B12_P381); @@ -886,7 +907,7 @@ void ep2_curve_set_twist(int type) { } } -void ep2_curve_set(fp2_t a, fp2_t b, ep2_t g, bn_t r, bn_t h) { +void ep2_curve_set(const fp2_t a, const fp2_t b, const ep2_t g, const bn_t r, const bn_t h) { ctx_t *ctx = core_get(); ctx->ep2_is_twist = 0; diff --git a/src/epx/relic_ep2_dbl.c b/src/epx/relic_ep2_dbl.c index c329c5a00..2419a93f1 100644 --- a/src/epx/relic_ep2_dbl.c +++ b/src/epx/relic_ep2_dbl.c @@ -46,7 +46,7 @@ * @param[out] s - the resulting slope. * @param[in] p - the point to double. */ -static void ep2_dbl_basic_imp(ep2_t r, fp2_t s, ep2_t p) { +static void ep2_dbl_basic_imp(ep2_t r, fp2_t s, const ep2_t p) { fp2_t t0, t1, t2; fp2_null(t0); @@ -116,7 +116,7 @@ static void ep2_dbl_basic_imp(ep2_t r, fp2_t s, ep2_t p) { * @param[out] r - the result. * @param[in] p - the point to double. */ -static void ep2_dbl_projc_imp(ep2_t r, ep2_t p) { +static void ep2_dbl_projc_imp(ep2_t r, const ep2_t p) { fp2_t t0, t1, t2, t3, t4, t5; fp2_null(t0); @@ -239,7 +239,7 @@ static void ep2_dbl_projc_imp(ep2_t r, ep2_t p) { #if EP_ADD == BASIC || !defined(STRIP) -void ep2_dbl_basic(ep2_t r, ep2_t p) { +void ep2_dbl_basic(ep2_t r, const ep2_t p) { if (ep2_is_infty(p)) { ep2_set_infty(r); return; @@ -248,7 +248,7 @@ void ep2_dbl_basic(ep2_t r, ep2_t p) { ep2_dbl_basic_imp(r, NULL, p); } -void ep2_dbl_slp_basic(ep2_t r, fp2_t s, ep2_t p) { +void ep2_dbl_slp_basic(ep2_t r, fp2_t s, const ep2_t p) { if (ep2_is_infty(p)) { ep2_set_infty(r); return; @@ -261,7 +261,7 @@ void ep2_dbl_slp_basic(ep2_t r, fp2_t s, ep2_t p) { #if EP_ADD == PROJC || !defined(STRIP) -void ep2_dbl_projc(ep2_t r, ep2_t p) { +void ep2_dbl_projc(ep2_t r, const ep2_t p) { if (ep2_is_infty(p)) { ep2_set_infty(r); return; diff --git a/src/epx/relic_ep2_frb.c b/src/epx/relic_ep2_frb.c index e16be1702..833759d96 100644 --- a/src/epx/relic_ep2_frb.c +++ b/src/epx/relic_ep2_frb.c @@ -36,7 +36,7 @@ /* Public definitions */ /*============================================================================*/ -void ep2_frb(ep2_t r, ep2_t p, int i) { +void ep2_frb(ep2_t r, const ep2_t p, int i) { ctx_t *ctx = core_get(); ep2_copy(r, p); diff --git a/src/epx/relic_ep2_mul.c b/src/epx/relic_ep2_mul.c index 6d303ad95..684b5eb50 100644 --- a/src/epx/relic_ep2_mul.c +++ b/src/epx/relic_ep2_mul.c @@ -40,7 +40,7 @@ #if defined(EP_ENDOM) -static void ep2_mul_glv_imp(ep2_t r, ep2_t p, const bn_t k) { +static void ep2_mul_glv_imp(ep2_t r, const ep2_t p, const bn_t k) { int i, j, l, _l[4]; bn_t n, _k[4], u; int8_t naf[4][RLC_FP_BITS + 1]; @@ -61,7 +61,8 @@ static void ep2_mul_glv_imp(ep2_t r, ep2_t p, const bn_t k) { ep2_curve_get_ord(n); fp_prime_get_par(u); - bn_rec_frb(_k, 4, k, u, n, ep_curve_is_pairf() == EP_B12); + bn_mod(_k[0], k, n); + bn_rec_frb(_k, 4, _k[0], u, n, ep_curve_is_pairf() == EP_BN); ep2_norm(q[0], p); ep2_frb(q[1], q[0], 1); @@ -111,7 +112,7 @@ static void ep2_mul_glv_imp(ep2_t r, ep2_t p, const bn_t k) { #endif /* EP_ENDOM */ -static void ep2_mul_naf_imp(ep2_t r, ep2_t p, const bn_t k) { +static void ep2_mul_naf_imp(ep2_t r, const ep2_t p, const bn_t k) { int l, i, n; int8_t naf[RLC_FP_BITS + 1]; ep2_t t[1 << (EP_WIDTH - 2)]; @@ -164,7 +165,7 @@ static void ep2_mul_naf_imp(ep2_t r, ep2_t p, const bn_t k) { /* Public definitions */ /*============================================================================*/ -void ep2_mul_basic(ep2_t r, ep2_t p, const bn_t k) { +void ep2_mul_basic(ep2_t r, const ep2_t p, const bn_t k) { int i, l; ep2_t t; @@ -208,7 +209,7 @@ void ep2_mul_basic(ep2_t r, ep2_t p, const bn_t k) { #if EP_MUL == SLIDE || !defined(STRIP) -void ep2_mul_slide(ep2_t r, ep2_t p, const bn_t k) { +void ep2_mul_slide(ep2_t r, const ep2_t p, const bn_t k) { ep2_t t[1 << (EP_WIDTH - 1)], q; int i, j, l; uint8_t win[RLC_FP_BITS + 1]; @@ -278,7 +279,7 @@ void ep2_mul_slide(ep2_t r, ep2_t p, const bn_t k) { #if EP_MUL == MONTY || !defined(STRIP) -void ep2_mul_monty(ep2_t r, ep2_t p, const bn_t k) { +void ep2_mul_monty(ep2_t r, const ep2_t p, const bn_t k) { ep2_t t[2]; ep2_null(t[0]); @@ -331,7 +332,7 @@ void ep2_mul_monty(ep2_t r, ep2_t p, const bn_t k) { #if EP_MUL == LWNAF || !defined(STRIP) -void ep2_mul_lwnaf(ep2_t r, ep2_t p, const bn_t k) { +void ep2_mul_lwnaf(ep2_t r, const ep2_t p, const bn_t k) { if (bn_is_zero(k) || ep2_is_infty(p)) { ep2_set_infty(r); return; @@ -355,7 +356,7 @@ void ep2_mul_lwnaf(ep2_t r, ep2_t p, const bn_t k) { #endif -void ep2_mul_gen(ep2_t r, bn_t k) { +void ep2_mul_gen(ep2_t r, const bn_t k) { if (bn_is_zero(k)) { ep2_set_infty(r); return; @@ -382,7 +383,7 @@ void ep2_mul_gen(ep2_t r, bn_t k) { #endif } -void ep2_mul_dig(ep2_t r, ep2_t p, dig_t k) { +void ep2_mul_dig(ep2_t r, const ep2_t p, const dig_t k) { ep2_t t; bn_t _k; int8_t u, naf[RLC_DIG + 1]; diff --git a/src/epx/relic_ep2_mul_cof.c b/src/epx/relic_ep2_mul_cof.c index 575c40a17..34bd14f19 100644 --- a/src/epx/relic_ep2_mul_cof.c +++ b/src/epx/relic_ep2_mul_cof.c @@ -44,7 +44,7 @@ * @param[out] r - the result. * @param[in] p - the point to multiply. */ -static void ep2_mul_cof_bn(ep2_t r, ep2_t p) { +static void ep2_mul_cof_bn(ep2_t r, const ep2_t p) { bn_t x; ep2_t t0, t1, t2; @@ -97,7 +97,7 @@ static void ep2_mul_cof_bn(ep2_t r, ep2_t p) { * @param[out] r - the result. * @param[in] p - the point to multiply. */ -static void ep2_mul_cof_b12(ep2_t r, ep2_t p) { +static void ep2_mul_cof_b12(ep2_t r, const ep2_t p) { bn_t x; ep2_t t0, t1, t2, t3; @@ -150,7 +150,7 @@ static void ep2_mul_cof_b12(ep2_t r, ep2_t p) { /* Public definitions */ /*============================================================================*/ -void ep2_mul_cof(ep2_t r, ep2_t p) { +void ep2_mul_cof(ep2_t r, const ep2_t p) { bn_t k; bn_null(k); @@ -158,18 +158,18 @@ void ep2_mul_cof(ep2_t r, ep2_t p) { RLC_TRY { switch (ep_curve_is_pairf()) { case EP_BN: - ep2_mul_cof_bn(p, p); + ep2_mul_cof_bn(r, p); break; case EP_B12: - ep2_mul_cof_b12(p, p); + ep2_mul_cof_b12(r, p); break; default: /* Now, multiply by cofactor to get the correct group. */ ep2_curve_get_cof(k); if (bn_bits(k) < RLC_DIG) { - ep2_mul_dig(p, p, k->dp[0]); + ep2_mul_dig(r, p, k->dp[0]); } else { - ep2_mul_big(p, p, k); + ep2_mul_big(r, p, k); } break; } diff --git a/src/epx/relic_ep2_mul_fix.c b/src/epx/relic_ep2_mul_fix.c old mode 100755 new mode 100644 index d16b14dab..e2effd678 --- a/src/epx/relic_ep2_mul_fix.c +++ b/src/epx/relic_ep2_mul_fix.c @@ -38,36 +38,6 @@ #if EP_FIX == LWNAF || !defined(STRIP) -/** - * Precomputes a table for a point multiplication on an ordinary curve. - * - * @param[out] t - the destination table. - * @param[in] p - the point to multiply. - */ -static void ep2_mul_pre_ordin(ep2_t *t, ep2_t p) { - int i; - - ep2_dbl(t[0], p); -#if defined(EP_MIXED) - ep2_norm(t[0], t[0]); -#endif - -#if EP_DEPTH > 2 - ep2_add(t[1], t[0], p); - for (i = 2; i < (1 << (EP_DEPTH - 2)); i++) { - ep2_add(t[i], t[i - 1], t[0]); - } - -#if defined(EP_MIXED) - for (i = 1; i < (1 << (EP_DEPTH - 2)); i++) { - ep2_norm(t[i], t[i]); - } -#endif - -#endif - ep2_copy(t[0], p); -} - /** * Multiplies a binary elliptic curve point by an integer using the w-NAF * method. @@ -76,7 +46,7 @@ static void ep2_mul_pre_ordin(ep2_t *t, ep2_t p) { * @param[in] p - the point to multiply. * @param[in] k - the integer. */ -static void ep2_mul_fix_ordin(ep2_t r, ep2_t *table, bn_t k) { +static void ep2_mul_fix_plain(ep2_t r, const ep2_t *table, const bn_t k) { int len, i, n; int8_t naf[2 * RLC_FP_BITS + 1], *t; @@ -117,7 +87,7 @@ static void ep2_mul_fix_ordin(ep2_t r, ep2_t *table, bn_t k) { #if EP_FIX == BASIC || !defined(STRIP) -void ep2_mul_pre_basic(ep2_t *t, ep2_t p) { +void ep2_mul_pre_basic(ep2_t *t, const ep2_t p) { bn_t n; bn_null(n); @@ -140,22 +110,39 @@ void ep2_mul_pre_basic(ep2_t *t, ep2_t p) { } } -void ep2_mul_fix_basic(ep2_t r, ep2_t *t, bn_t k) { +void ep2_mul_fix_basic(ep2_t r, const ep2_t *t, const bn_t k) { + bn_t n, _k; + if (bn_is_zero(k)) { ep2_set_infty(r); return; } - ep2_set_infty(r); + bn_null(n); + bn_null(_k); - for (int i = 0; i < bn_bits(k); i++) { - if (bn_get_bit(k, i)) { - ep2_add(r, r, t[i]); + RLC_TRY { + bn_new(n); + bn_new(_k); + + ep2_curve_get_ord(n); + bn_mod(_k, k, n); + + ep2_set_infty(r); + for (int i = 0; i < bn_bits(_k); i++) { + if (bn_get_bit(_k, i)) { + ep2_add(r, r, t[i]); + } } - } - ep2_norm(r, r); - if (bn_sign(k) == RLC_NEG) { - ep2_neg(r, r); + ep2_norm(r, r); + if (bn_sign(_k) == RLC_NEG) { + ep2_neg(r, r); + } + } RLC_CATCH_ANY { + RLC_THROW(ERR_CAUGHT); + } RLC_FINALLY { + bn_free(n); + bn_free(_k); } } @@ -163,7 +150,7 @@ void ep2_mul_fix_basic(ep2_t r, ep2_t *t, bn_t k) { #if EP_FIX == COMBS || !defined(STRIP) -void ep2_mul_pre_combs(ep2_t *t, ep2_t p) { +void ep2_mul_pre_combs(ep2_t *t, const ep2_t p) { int i, j, l; bn_t n; @@ -205,9 +192,9 @@ void ep2_mul_pre_combs(ep2_t *t, ep2_t p) { } } -void ep2_mul_fix_combs(ep2_t r, ep2_t *t, bn_t k) { +void ep2_mul_fix_combs(ep2_t r, const ep2_t *t, const bn_t k) { int i, j, l, w, n0, p0, p1; - bn_t n; + bn_t n, _k; if (bn_is_zero(k)) { ep2_set_infty(r); @@ -215,15 +202,18 @@ void ep2_mul_fix_combs(ep2_t r, ep2_t *t, bn_t k) { } bn_null(n); + bn_null(_k); RLC_TRY { bn_new(n); + bn_new(_k); ep2_curve_get_ord(n); l = bn_bits(n); l = ((l % EP_DEPTH) == 0 ? (l / EP_DEPTH) : (l / EP_DEPTH) + 1); - n0 = bn_bits(k); + bn_mod(_k, k, n); + n0 = bn_bits(_k); p0 = (EP_DEPTH) * l - 1; @@ -231,7 +221,7 @@ void ep2_mul_fix_combs(ep2_t r, ep2_t *t, bn_t k) { p1 = p0--; for (j = EP_DEPTH - 1; j >= 0; j--, p1 -= l) { w = w << 1; - if (p1 < n0 && bn_get_bit(k, p1)) { + if (p1 < n0 && bn_get_bit(_k, p1)) { w = w | 1; } } @@ -244,7 +234,7 @@ void ep2_mul_fix_combs(ep2_t r, ep2_t *t, bn_t k) { p1 = p0--; for (j = EP_DEPTH - 1; j >= 0; j--, p1 -= l) { w = w << 1; - if (p1 < n0 && bn_get_bit(k, p1)) { + if (p1 < n0 && bn_get_bit(_k, p1)) { w = w | 1; } } @@ -253,7 +243,7 @@ void ep2_mul_fix_combs(ep2_t r, ep2_t *t, bn_t k) { } } ep2_norm(r, r); - if (bn_sign(k) == RLC_NEG) { + if (bn_sign(_k) == RLC_NEG) { ep2_neg(r, r); } } @@ -262,6 +252,7 @@ void ep2_mul_fix_combs(ep2_t r, ep2_t *t, bn_t k) { } RLC_FINALLY { bn_free(n); + bn_free(_k); } } @@ -269,7 +260,7 @@ void ep2_mul_fix_combs(ep2_t r, ep2_t *t, bn_t k) { #if EP_FIX == COMBD || !defined(STRIP) -void ep2_mul_pre_combd(ep2_t *t, ep2_t p) { +void ep2_mul_pre_combd(ep2_t *t, const ep2_t p) { int i, j, d, e; bn_t n; @@ -318,9 +309,9 @@ void ep2_mul_pre_combd(ep2_t *t, ep2_t p) { } } -void ep2_mul_fix_combd(ep2_t r, ep2_t *t, bn_t k) { +void ep2_mul_fix_combd(ep2_t r, const ep2_t *t, const bn_t k) { int i, j, d, e, w0, w1, n0, p0, p1; - bn_t n; + bn_t n, _k; if (bn_is_zero(k)) { ep2_set_infty(r); @@ -328,9 +319,11 @@ void ep2_mul_fix_combd(ep2_t r, ep2_t *t, bn_t k) { } bn_null(n); + bn_null(_k); RLC_TRY { bn_new(n); + bn_new(_k); ep2_curve_get_ord(n); d = bn_bits(n); @@ -338,7 +331,8 @@ void ep2_mul_fix_combd(ep2_t r, ep2_t *t, bn_t k) { e = (d % 2 == 0 ? (d / 2) : (d / 2) + 1); ep2_set_infty(r); - n0 = bn_bits(k); + bn_mod(_k, k, n); + n0 = bn_bits(_k); p1 = (e - 1) + (EP_DEPTH - 1) * d; for (i = e - 1; i >= 0; i--) { @@ -348,7 +342,7 @@ void ep2_mul_fix_combd(ep2_t r, ep2_t *t, bn_t k) { p0 = p1; for (j = EP_DEPTH - 1; j >= 0; j--, p0 -= d) { w0 = w0 << 1; - if (p0 < n0 && bn_get_bit(k, p0)) { + if (p0 < n0 && bn_get_bit(_k, p0)) { w0 = w0 | 1; } } @@ -357,7 +351,7 @@ void ep2_mul_fix_combd(ep2_t r, ep2_t *t, bn_t k) { p0 = p1-- + e; for (j = EP_DEPTH - 1; j >= 0; j--, p0 -= d) { w1 = w1 << 1; - if (i + e < d && p0 < n0 && bn_get_bit(k, p0)) { + if (i + e < d && p0 < n0 && bn_get_bit(_k, p0)) { w1 = w1 | 1; } } @@ -366,7 +360,7 @@ void ep2_mul_fix_combd(ep2_t r, ep2_t *t, bn_t k) { ep2_add(r, r, t[(1 << EP_DEPTH) + w1]); } ep2_norm(r, r); - if (bn_sign(k) == RLC_NEG) { + if (bn_sign(_k) == RLC_NEG) { ep2_neg(r, r); } } @@ -375,6 +369,7 @@ void ep2_mul_fix_combd(ep2_t r, ep2_t *t, bn_t k) { } RLC_FINALLY { bn_free(n); + bn_free(_k); } } @@ -382,12 +377,34 @@ void ep2_mul_fix_combd(ep2_t r, ep2_t *t, bn_t k) { #if EP_FIX == LWNAF || !defined(STRIP) -void ep2_mul_pre_lwnaf(ep2_t *t, ep2_t p) { - ep2_mul_pre_ordin(t, p); +void ep2_mul_pre_lwnaf(ep2_t *t, const ep2_t p) { + ep2_tab(t, p, EP_DEPTH); } -void ep2_mul_fix_lwnaf(ep2_t r, ep2_t *t, bn_t k) { - ep2_mul_fix_ordin(r, t, k); +void ep2_mul_fix_lwnaf(ep2_t r, const ep2_t *t, const bn_t k) { + bn_t n, _k; + + if (bn_is_zero(k)) { + ep2_set_infty(r); + return; + } + + bn_null(n); + bn_null(_k); + + RLC_TRY { + bn_new(n); + bn_new(_k); + + ep2_curve_get_ord(n); + bn_mod(_k, k, n); + ep2_mul_fix_plain(r, t, _k); + } RLC_CATCH_ANY { + RLC_THROW(ERR_CAUGHT); + } RLC_FINALLY { + bn_free(n); + bn_free(_k); + } } #endif diff --git a/src/epx/relic_ep2_mul_sim.c b/src/epx/relic_ep2_mul_sim.c index 1223616f1..0371975e5 100644 --- a/src/epx/relic_ep2_mul_sim.c +++ b/src/epx/relic_ep2_mul_sim.c @@ -52,9 +52,12 @@ * @param[in] m - the second integer. * @param[in] t - the pointer to the precomputed table. */ -static void ep2_mul_sim_endom(ep2_t r, ep2_t p, const bn_t k, ep2_t q, const bn_t m) { - int i, j, l; - bn_t n, u, _k[4], _m[4]; +static void ep2_mul_sim_endom(ep2_t r, const ep2_t p, const bn_t k, ep2_t q, + const bn_t m) { + int i, j, l, _l[4]; + bn_t _k[4], _m[4], n, u; + int8_t naf0[4][RLC_FP_BITS + 1]; + int8_t naf1[4][RLC_FP_BITS + 1]; ep2_t _p[4], _q[4]; bn_null(n); @@ -65,20 +68,15 @@ static void ep2_mul_sim_endom(ep2_t r, ep2_t p, const bn_t k, ep2_t q, const bn_ bn_new(u); for (i = 0; i < 4; i++) { bn_null(_k[i]); + bn_new(_k[i]); bn_null(_m[i]); + bn_new(_m[i]); ep2_null(_p[i]); ep2_null(_q[i]); - bn_new(_k[i]); - bn_new(_m[i]); ep2_new(_p[i]); ep2_new(_q[i]); } - ep2_curve_get_ord(n); - fp_prime_get_par(u); - bn_rec_frb(_k, 4, k, u, n, ep_curve_is_pairf() == EP_B12); - bn_rec_frb(_m, 4, m, u, n, ep_curve_is_pairf() == EP_B12); - ep2_norm(_p[0], p); ep2_frb(_p[1], _p[0], 1); ep2_frb(_p[2], _p[1], 1); @@ -88,30 +86,45 @@ static void ep2_mul_sim_endom(ep2_t r, ep2_t p, const bn_t k, ep2_t q, const bn_ ep2_frb(_q[2], _q[1], 1); ep2_frb(_q[3], _q[2], 1); + ep2_curve_get_ord(n); + fp_prime_get_par(u); + bn_mod(_k[0], k, n); + bn_rec_frb(_k, 4, _k[0], u, n, ep_curve_is_pairf() == EP_BN); + bn_mod(_m[0], m, n); + bn_rec_frb(_m, 4, _m[0], u, n, ep_curve_is_pairf() == EP_BN); + + l = 0; for (i = 0; i < 4; i++) { + _l[i] = RLC_FP_BITS + 1; + bn_rec_naf(naf0[i], &_l[i], _k[i], 2); if (bn_sign(_k[i]) == RLC_NEG) { ep2_neg(_p[i], _p[i]); } + l = RLC_MAX(l, _l[i]); + _l[i] = RLC_FP_BITS + 1; + bn_rec_naf(naf1[i], &_l[i], _m[i], 2); if (bn_sign(_m[i]) == RLC_NEG) { ep2_neg(_q[i], _q[i]); } + l = RLC_MAX(l, _l[i]); } - l = RLC_MAX(bn_bits(_k[0]), bn_bits(_k[1])); - l = RLC_MAX(l, RLC_MAX(bn_bits(_k[2]), bn_bits(_k[3]))); - l = RLC_MAX(l, RLC_MAX(bn_bits(_m[0]), bn_bits(_m[1]))); - l = RLC_MAX(l, RLC_MAX(bn_bits(_m[2]), bn_bits(_m[3]))); - ep2_set_infty(r); for (i = l - 1; i >= 0; i--) { ep2_dbl(r, r); for (j = 0; j < 4; j++) { - if (bn_get_bit(_k[j], i)) { + if (naf0[j][i] > 0) { ep2_add(r, r, _p[j]); } - if (bn_get_bit(_m[j], i)) { + if (naf0[j][i] < 0) { + ep2_sub(r, r, _p[j]); + } + if (naf1[j][i] > 0) { ep2_add(r, r, _q[j]); } + if (naf1[j][i] < 0) { + ep2_sub(r, r, _q[j]); + } } } @@ -133,6 +146,8 @@ static void ep2_mul_sim_endom(ep2_t r, ep2_t p, const bn_t k, ep2_t q, const bn_ #endif /* EP_ENDOM */ +#if defined(EP_PLAIN) || defined(EP_SUPER) + /** * Multiplies and adds two prime elliptic curve points simultaneously, * optionally choosing the first point as the generator depending on an optional @@ -145,8 +160,8 @@ static void ep2_mul_sim_endom(ep2_t r, ep2_t p, const bn_t k, ep2_t q, const bn_ * @param[in] m - the second integer. * @param[in] t - the pointer to the precomputed table. */ -static void ep2_mul_sim_plain(ep2_t r, ep2_t p, bn_t k, ep2_t q, bn_t m, - ep2_t *t) { +static void ep2_mul_sim_plain(ep2_t r, const ep2_t p, const bn_t k, + const ep2_t q, const bn_t m, const ep2_t *t) { int i, l, l0, l1, n0, n1, w, gen; int8_t naf0[2 * RLC_FP_BITS + 1], naf1[2 * RLC_FP_BITS + 1], *_k, *_m; ep2_t t0[1 << (EP_WIDTH - 2)]; @@ -184,13 +199,6 @@ static void ep2_mul_sim_plain(ep2_t r, ep2_t p, bn_t k, ep2_t q, bn_t m, l = RLC_MAX(l0, l1); _k = naf0 + l - 1; _m = naf1 + l - 1; - for (i = l0; i < l; i++) { - naf0[i] = 0; - } - for (i = l1; i < l; i++) { - naf1[i] = 0; - } - if (bn_sign(k) == RLC_NEG) { for (i = 0; i < l0; i++) { naf0[i] = -naf0[i]; @@ -240,6 +248,8 @@ static void ep2_mul_sim_plain(ep2_t r, ep2_t p, bn_t k, ep2_t q, bn_t m, } } +#endif /* EP_PLAIN || EP_SUPER */ + #endif /* EP_SIM == INTER */ /*============================================================================*/ @@ -248,7 +258,8 @@ static void ep2_mul_sim_plain(ep2_t r, ep2_t p, bn_t k, ep2_t q, bn_t m, #if EP_SIM == BASIC || !defined(STRIP) -void ep2_mul_sim_basic(ep2_t r, ep2_t p, bn_t k, ep2_t q, bn_t l) { +void ep2_mul_sim_basic(ep2_t r, const ep2_t p, const bn_t k, const ep2_t q, + const bn_t l) { ep2_t t; ep2_null(t); @@ -272,15 +283,18 @@ void ep2_mul_sim_basic(ep2_t r, ep2_t p, bn_t k, ep2_t q, bn_t l) { #if EP_SIM == TRICK || !defined(STRIP) -void ep2_mul_sim_trick(ep2_t r, ep2_t p, bn_t k, ep2_t q, bn_t m) { +void ep2_mul_sim_trick(ep2_t r, const ep2_t p, const bn_t k, const ep2_t q, + const bn_t m) { ep2_t t0[1 << (EP_WIDTH / 2)]; ep2_t t1[1 << (EP_WIDTH / 2)]; ep2_t t[1 << EP_WIDTH]; - bn_t n; + bn_t n, _k, _m; int l0, l1, w = EP_WIDTH / 2; uint8_t w0[2 * RLC_FP_BITS], w1[2 * RLC_FP_BITS]; bn_null(n); + bn_null(_k); + bn_null(_m); if (bn_is_zero(k) || ep2_is_infty(p)) { ep2_mul(r, q, m); @@ -293,8 +307,12 @@ void ep2_mul_sim_trick(ep2_t r, ep2_t p, bn_t k, ep2_t q, bn_t m) { RLC_TRY { bn_new(n); + bn_new(_k); + bn_new(_m); ep2_curve_get_ord(n); + bn_mod(_k, k, n); + bn_mod(_m, m, n); for (int i = 0; i < (1 << w); i++) { ep2_null(t0[i]); @@ -359,6 +377,8 @@ void ep2_mul_sim_trick(ep2_t r, ep2_t p, bn_t k, ep2_t q, bn_t m) { } RLC_FINALLY { bn_free(n); + bn_free(_k); + bn_free(_m); for (int i = 0; i < (1 << w); i++) { ep2_free(t0[i]); ep2_free(t1[i]); @@ -372,7 +392,11 @@ void ep2_mul_sim_trick(ep2_t r, ep2_t p, bn_t k, ep2_t q, bn_t m) { #if EP_SIM == INTER || !defined(STRIP) -void ep2_mul_sim_inter(ep2_t r, ep2_t p, bn_t k, ep2_t q, bn_t m) { +void ep2_mul_sim_inter(ep2_t r, const ep2_t p, const bn_t k, const ep2_t q, + const bn_t m) { + int flag = 0; + bn_t n, _k, _m; + if (bn_is_zero(k) || ep2_is_infty(p)) { ep2_mul(r, q, m); return; @@ -382,30 +406,53 @@ void ep2_mul_sim_inter(ep2_t r, ep2_t p, bn_t k, ep2_t q, bn_t m) { return; } + bn_null(n); + bn_null(_k); + bn_null(_m); + + RLC_TRY { + bn_new(n); + bn_new(_k); + bn_new(_m); + + /* Handle this here to reduce complexity of static functions. */ + ep2_curve_get_ord(n); + bn_mod(_k, k, n); + bn_mod(_m, m, n); + #if defined(EP_ENDOM) - if (ep_curve_is_endom()) { - if (ep_curve_opt_a() == RLC_ZERO) { - ep2_mul_sim_endom(r, p, k, q, m); - } else { - ep2_mul_sim_plain(r, p, k, q, m, NULL); + if (ep_curve_is_endom()) { + ep2_mul_sim_endom(r, p, _k, q, _m); + flag = 1; } - return; - } #endif -#if defined(EP_PLAIN) - ep2_mul_sim_plain(r, p, k, q, m, NULL); +#if defined(EP_PLAIN) || defined(EP_SUPER) + if (!flag) { + ep2_mul_sim_plain(r, p, _k, q, _m, NULL); + } #endif + (void)flag; + } RLC_CATCH_ANY { + RLC_THROW(ERR_CAUGHT); + } + RLC_FINALLY { + bn_free(n); + bn_free(_k); + bn_free(_m); + } } #endif #if EP_SIM == JOINT || !defined(STRIP) -void ep2_mul_sim_joint(ep2_t r, ep2_t p, bn_t k, ep2_t q, bn_t m) { +void ep2_mul_sim_joint(ep2_t r, const ep2_t p, const bn_t k, const ep2_t q, + const bn_t m) { + bn_t n, _k, _m; ep2_t t[5]; int i, l, u_i, offset; - int8_t jsf[4 * (RLC_FP_BITS + 1)]; + int8_t jsf[2 * (RLC_FP_BITS + 1)]; if (bn_is_zero(k) || ep2_is_infty(p)) { ep2_mul(r, q, m); @@ -416,19 +463,30 @@ void ep2_mul_sim_joint(ep2_t r, ep2_t p, bn_t k, ep2_t q, bn_t m) { return; } + bn_null(n); + bn_null(_k); + bn_null(_m); + RLC_TRY { + bn_new(n); + bn_new(_k); + bn_new(_m); for (i = 0; i < 5; i++) { ep2_null(t[i]); ep2_new(t[i]); } + ep2_curve_get_ord(n); + bn_mod(_k, k, n); + bn_mod(_m, m, n); + ep2_set_infty(t[0]); ep2_copy(t[1], q); - if (bn_sign(m) == RLC_NEG) { + if (bn_sign(_m) == RLC_NEG) { ep2_neg(t[1], t[1]); } ep2_copy(t[2], p); - if (bn_sign(k) == RLC_NEG) { + if (bn_sign(_k) == RLC_NEG) { ep2_neg(t[2], t[2]); } ep2_add(t[3], t[2], t[1]); @@ -437,12 +495,12 @@ void ep2_mul_sim_joint(ep2_t r, ep2_t p, bn_t k, ep2_t q, bn_t m) { ep2_norm_sim(t + 3, t + 3, 2); #endif - l = 4 * (RLC_FP_BITS + 1); - bn_rec_jsf(jsf, &l, k, m); + l = 2 * (RLC_FP_BITS + 1); + bn_rec_jsf(jsf, &l, _k, _m); ep2_set_infty(r); - offset = RLC_MAX(bn_bits(k), bn_bits(m)) + 1; + offset = RLC_MAX(bn_bits(_k), bn_bits(_m)) + 1; for (i = l - 1; i >= 0; i--) { ep2_dbl(r, r); if (jsf[i] != 0 && jsf[i] == -jsf[i + offset]) { @@ -467,6 +525,9 @@ void ep2_mul_sim_joint(ep2_t r, ep2_t p, bn_t k, ep2_t q, bn_t m) { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { + bn_free(n); + bn_free(_k); + bn_free(_m); for (i = 0; i < 5; i++) { ep2_free(t[i]); } @@ -475,10 +536,9 @@ void ep2_mul_sim_joint(ep2_t r, ep2_t p, bn_t k, ep2_t q, bn_t m) { #endif -void ep2_mul_sim_gen(ep2_t r, bn_t k, ep2_t q, bn_t m) { - ep2_t gen; - - ep2_null(gen); +void ep2_mul_sim_gen(ep2_t r, const bn_t k, const ep2_t q, const bn_t m) { + ep2_t g; + bn_t n, _k, _m; if (bn_is_zero(k)) { ep2_mul(r, q, m); @@ -489,25 +549,59 @@ void ep2_mul_sim_gen(ep2_t r, bn_t k, ep2_t q, bn_t m) { return; } + ep2_null(g); + bn_null(n); + bn_null(_k); + bn_null(_m); + RLC_TRY { - ep2_new(gen); + ep2_new(g); + bn_new(n); + bn_new(_k); + bn_new(_m); + + ep2_curve_get_gen(g); + ep2_curve_get_ord(n); - ep2_curve_get_gen(gen); -#if EP_FIX == LWNAF && defined(EP_PRECO) - ep2_mul_sim_plain(r, gen, k, q, m, ep2_curve_get_tab()); + bn_mod(_k, k, n); + bn_mod(_m, m, n); + +#if defined(EP_ENDOM) +#if EP_SIM == INTER && EP_FIX == LWNAF && defined(EP_PRECO) + if (ep_curve_is_endom()) { + ep2_mul_sim_endom(r, g, _k, q, _m, ep2_curve_get_tab()); + } #else - ep2_mul_sim(r, gen, k, q, m); + if (ep_curve_is_endom()) { + ep2_mul_sim(r, g, _k, q, _m); + } +#endif +#endif + +#if defined(EP_PLAIN) || defined(EP_SUPER) +#if EP_SIM == INTER && EP_FIX == LWNAF && defined(EP_PRECO) + if (!ep_curve_is_endom()) { + ep2_mul_sim_plain(r, g, _k, q, _m, ep2_curve_get_tab()); + } +#else + if (!ep_curve_is_endom()) { + ep2_mul_sim(r, g, _k, q, _m); + } +#endif #endif } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { - ep2_free(gen); + ep2_free(g); + bn_free(n); + bn_free(_k); + bn_free(_m); } } -void ep2_mul_sim_dig(ep2_t r, ep2_t p[], dig_t k[], int len) { +void ep2_mul_sim_dig(ep2_t r, const ep2_t p[], const dig_t k[], int len) { ep2_t t; int max; @@ -541,11 +635,16 @@ void ep2_mul_sim_dig(ep2_t r, ep2_t p[], dig_t k[], int len) { } } -void ep2_mul_sim_lot(ep2_t r, ep2_t p[], const bn_t k[], int n) { +void ep2_mul_sim_lot(ep2_t r, const ep2_t p[], const bn_t k[], int n) { const int len = RLC_FP_BITS + 1; int i, j, m, l, _l[4]; bn_t _k[4], q, x; - int8_t *naf = RLC_ALLOCA(int8_t, 4 * n * len); + int8_t ptr, *naf = RLC_ALLOCA(int8_t, 4 * n * len); + + if (n == 0) { + ep2_set_infty(r); + return; + } bn_null(q); bn_null(x); @@ -577,7 +676,8 @@ void ep2_mul_sim_lot(ep2_t r, ep2_t p[], const bn_t k[], int n) { ep2_frb(_p[4*i + 2], _p[4*i + 1], 1); ep2_frb(_p[4*i + 3], _p[4*i + 2], 1); - bn_rec_frb(_k, 4, k[i], x, q, ep_curve_is_pairf() == EP_B12); + bn_mod(_k[0], k[i], q); + bn_rec_frb(_k, 4, _k[0], x, q, ep_curve_is_pairf() == EP_BN); for (j = 0; j < 4; j++) { _l[j] = len; bn_rec_naf(&naf[(4*i + j)*len], &_l[j], _k[j], 2); @@ -622,7 +722,6 @@ void ep2_mul_sim_lot(ep2_t r, ep2_t p[], const bn_t k[], int n) { } else { const int w = RLC_MAX(2, util_bits_dig(n) - 2), c = (1 << (w - 2)); ep2_t s, t, u, v, *_p = RLC_ALLOCA(ep2_t, 4 * c); - int8_t ptr; ep2_null(s); ep2_null(t); @@ -653,10 +752,16 @@ void ep2_mul_sim_lot(ep2_t r, ep2_t p[], const bn_t k[], int n) { ep2_curve_get_ord(q); fp_prime_get_par(x); for (i = 0; i < n; i++) { - bn_rec_frb(_k, 4, k[i], x, q, ep_curve_is_pairf() == EP_B12); + bn_mod(_k[0], k[i], q); + bn_rec_frb(_k, 4, _k[0], x, q, ep_curve_is_pairf() == EP_BN); for (j = 0; j < 4; j++) { _l[j] = len; bn_rec_naf(&naf[(4*i + j)*len], &_l[j], _k[j], w); + if (bn_sign(_k[j]) == RLC_NEG) { + for (m = 0; m < _l[j]; m++) { + naf[(4*i + j)*len + m] = -naf[(4*i + j)*len + m]; + } + } l = RLC_MAX(l, _l[j]); } } @@ -672,10 +777,7 @@ void ep2_mul_sim_lot(ep2_t r, ep2_t p[], const bn_t k[], int n) { ptr = -ptr; ep2_neg(t, t); } - if (bn_sign(k[i]) == RLC_NEG) { - ep2_neg(t, t); - } - ep2_add(_p[m*c + (ptr >> 1)], _p[m*c + (ptr >> 1)], t); + ep2_add(_p[m*c + (ptr/2)], _p[m*c + (ptr/2)], t); } } } diff --git a/src/epx/relic_ep2_neg.c b/src/epx/relic_ep2_neg.c index 072e5665e..bde5c68de 100644 --- a/src/epx/relic_ep2_neg.c +++ b/src/epx/relic_ep2_neg.c @@ -36,7 +36,7 @@ /* Public definitions */ /*============================================================================*/ -void ep2_neg(ep2_t r, ep2_t p) { +void ep2_neg(ep2_t r, const ep2_t p) { if (ep2_is_infty(p)) { ep2_set_infty(r); return; diff --git a/src/epx/relic_ep2_norm.c b/src/epx/relic_ep2_norm.c index 7ba24c841..265c502a0 100644 --- a/src/epx/relic_ep2_norm.c +++ b/src/epx/relic_ep2_norm.c @@ -44,7 +44,7 @@ * @param r - the result. * @param p - the point to normalize. */ -static void ep2_norm_imp(ep2_t r, ep2_t p, int inverted) { +static void ep2_norm_imp(ep2_t r, const ep2_t p, int inverted) { if (p->coord != BASIC) { fp2_t t0, t1; @@ -85,7 +85,7 @@ static void ep2_norm_imp(ep2_t r, ep2_t p, int inverted) { /* Public definitions */ /*============================================================================*/ -void ep2_norm(ep2_t r, ep2_t p) { +void ep2_norm(ep2_t r, const ep2_t p) { if (ep2_is_infty(p)) { ep2_set_infty(r); return; @@ -100,7 +100,7 @@ void ep2_norm(ep2_t r, ep2_t p) { #endif } -void ep2_norm_sim(ep2_t *r, ep2_t *t, int n) { +void ep2_norm_sim(ep2_t *r, const ep2_t *t, int n) { int i; fp2_t *a = RLC_ALLOCA(fp2_t, n); diff --git a/src/epx/relic_ep2_pck.c b/src/epx/relic_ep2_pck.c index 09282756b..e51b4a07a 100644 --- a/src/epx/relic_ep2_pck.c +++ b/src/epx/relic_ep2_pck.c @@ -36,7 +36,7 @@ /* Public definitions */ /*============================================================================*/ -void ep2_pck(ep2_t r, ep2_t p) { +void ep2_pck(ep2_t r, const ep2_t p) { bn_t halfQ, yValue; bn_null(halfQ); @@ -70,7 +70,7 @@ void ep2_pck(ep2_t r, ep2_t p) { } } -int ep2_upk(ep2_t r, ep2_t p) { +int ep2_upk(ep2_t r, const ep2_t p) { fp2_t t; bn_t halfQ; bn_t yValue; diff --git a/src/epx/relic_ep2_util.c b/src/epx/relic_ep2_util.c index 8f1490b37..2df0fd6c7 100644 --- a/src/epx/relic_ep2_util.c +++ b/src/epx/relic_ep2_util.c @@ -36,7 +36,7 @@ /* Public definitions */ /*============================================================================*/ -int ep2_is_infty(ep2_t p) { +int ep2_is_infty(const ep2_t p) { return (fp2_is_zero(p->z) == 1); } @@ -47,7 +47,7 @@ void ep2_set_infty(ep2_t p) { p->coord = BASIC; } -void ep2_copy(ep2_t r, ep2_t p) { +void ep2_copy(ep2_t r, const ep2_t p) { fp2_copy(r->x, p->x); fp2_copy(r->y, p->y); fp2_copy(r->z, p->z); @@ -78,7 +78,7 @@ void ep2_rand(ep2_t p) { } } -void ep2_blind(ep2_t r, ep2_t p) { +void ep2_blind(ep2_t r, const ep2_t p) { fp2_t rand; fp2_null(rand); @@ -104,7 +104,7 @@ void ep2_blind(ep2_t r, ep2_t p) { } } -void ep2_rhs(fp2_t rhs, ep2_t p) { +void ep2_rhs(fp2_t rhs, const ep2_t p) { fp2_t t0; fp2_null(t0); @@ -169,7 +169,7 @@ void ep2_rhs(fp2_t rhs, ep2_t p) { } -int ep2_on_curve(ep2_t p) { +int ep2_on_curve(const ep2_t p) { ep2_t t; int r = 0; @@ -192,7 +192,7 @@ int ep2_on_curve(ep2_t p) { return r; } -void ep2_tab(ep2_t *t, ep2_t p, int w) { +void ep2_tab(ep2_t *t, const ep2_t p, int w) { if (w > 2) { ep2_dbl(t[0], p); #if defined(EP_MIXED) @@ -209,13 +209,13 @@ void ep2_tab(ep2_t *t, ep2_t p, int w) { ep2_copy(t[0], p); } -void ep2_print(ep2_t p) { +void ep2_print(const ep2_t p) { fp2_print(p->x); fp2_print(p->y); fp2_print(p->z); } -int ep2_size_bin(ep2_t a, int pack) { +int ep2_size_bin(const ep2_t a, int pack) { ep2_t t; int size = 0; @@ -293,7 +293,7 @@ void ep2_read_bin(ep2_t a, const uint8_t *bin, int len) { } } -void ep2_write_bin(uint8_t *bin, int len, ep2_t a, int pack) { +void ep2_write_bin(uint8_t *bin, int len, const ep2_t a, int pack) { ep2_t t; ep2_null(t); diff --git a/src/epx/relic_ep4_add.c b/src/epx/relic_ep4_add.c index af731a5ea..097c8bacf 100644 --- a/src/epx/relic_ep4_add.c +++ b/src/epx/relic_ep4_add.c @@ -47,7 +47,7 @@ * @param p - the first point to add. * @param q - the second point to add. */ -static void ep4_add_basic_imp(ep4_t r, fp4_t s, ep4_t p, ep4_t q) { +static void ep4_add_basic_imp(ep4_t r, fp4_t s, const ep4_t p, const ep4_t q) { fp4_t t0, t1, t2; fp4_null(t0); @@ -124,7 +124,7 @@ static void ep4_add_basic_imp(ep4_t r, fp4_t s, ep4_t p, ep4_t q) { * @param p - the affine point. * @param q - the projective point. */ -static void ep4_add_projc_mix(ep4_t r, ep4_t p, ep4_t q) { +static void ep4_add_projc_mix(ep4_t r, const ep4_t p, const ep4_t q) { fp4_t t0, t1, t2, t3, t4, t5, t6; fp4_null(t0); @@ -233,7 +233,7 @@ static void ep4_add_projc_mix(ep4_t r, ep4_t p, ep4_t q) { * @param p - the first point to add. * @param q - the second point to add. */ -static void ep4_add_projc_imp(ep4_t r, ep4_t p, ep4_t q) { +static void ep4_add_projc_imp(ep4_t r, const ep4_t p, const ep4_t q) { #if defined(EP_MIXED) && defined(STRIP) ep4_add_projc_mix(r, p, q); #else /* General addition. */ @@ -355,7 +355,7 @@ static void ep4_add_projc_imp(ep4_t r, ep4_t p, ep4_t q) { #if EP_ADD == BASIC || !defined(STRIP) -void ep4_add_basic(ep4_t r, ep4_t p, ep4_t q) { +void ep4_add_basic(ep4_t r, const ep4_t p, const ep4_t q) { if (ep4_is_infty(p)) { ep4_copy(r, q); return; @@ -369,7 +369,7 @@ void ep4_add_basic(ep4_t r, ep4_t p, ep4_t q) { ep4_add_basic_imp(r, NULL, p, q); } -void ep4_add_slp_basic(ep4_t r, fp4_t s, ep4_t p, ep4_t q) { +void ep4_add_slp_basic(ep4_t r, fp4_t s, const ep4_t p, const ep4_t q) { if (ep4_is_infty(p)) { ep4_copy(r, q); return; @@ -387,7 +387,7 @@ void ep4_add_slp_basic(ep4_t r, fp4_t s, ep4_t p, ep4_t q) { #if EP_ADD == PROJC || !defined(STRIP) -void ep4_add_projc(ep4_t r, ep4_t p, ep4_t q) { +void ep4_add_projc(ep4_t r, const ep4_t p, const ep4_t q) { if (ep4_is_infty(p)) { ep4_copy(r, q); return; @@ -409,7 +409,7 @@ void ep4_add_projc(ep4_t r, ep4_t p, ep4_t q) { #endif -void ep4_sub(ep4_t r, ep4_t p, ep4_t q) { +void ep4_sub(ep4_t r, const ep4_t p, const ep4_t q) { ep4_t t; ep4_null(t); diff --git a/src/epx/relic_ep4_cmp.c b/src/epx/relic_ep4_cmp.c index 3d12fc327..d98f37a35 100644 --- a/src/epx/relic_ep4_cmp.c +++ b/src/epx/relic_ep4_cmp.c @@ -36,7 +36,7 @@ /* Public definitions */ /*============================================================================*/ -int ep4_cmp(ep4_t p, ep4_t q) { +int ep4_cmp(const ep4_t p, const ep4_t q) { ep4_t r, s; int result = RLC_NE; diff --git a/src/epx/relic_ep4_curve.c b/src/epx/relic_ep4_curve.c index d70cc792a..dafdf678d 100644 --- a/src/epx/relic_ep4_curve.c +++ b/src/epx/relic_ep4_curve.c @@ -38,6 +38,52 @@ /* See ep/relic_ep_param.c for discussion of MAP_U parameters. */ +#if defined(EP_ENDOM) && FP_PRIME == 315 +/** @{ */ +#define B24_P315_A0 "0" +#define B24_P315_A1 "0" +#define B24_P315_A2 "0" +#define B24_P315_A3 "0" +#define B24_P315_B0 "0" +#define B24_P315_B1 "0" +#define B24_P315_B2 "0" +#define B24_P315_B3 "406CE9FD4AD2B7F7847659DC5909EE3951A263DEBF12A6EFCDF114294C8108BE8893D9CE78B13B2" +#define B24_P315_X0 "143A8108476CD513348A7BB62E823CC0D7F7E367CD75CA2AA6D9D9C4EE375F2204A6EC7171DFDF1" +#define B24_P315_X1 "152D57BA1ED90145569D652D68EBDB752986187DF157B360712A6ADBB2C1B19F9DFA929580FA921" +#define B24_P315_X2 "014E7F7DBA097CAD8A49E978757DE0755B7411812E0DCAA2AB2FC8D16531CFA2091753F07CC6726" +#define B24_P315_X3 "4074100502378B6D65F7C6603DDF2AC771E85417A709280468F91E1006A55B0A1D82B084997DB67" +#define B24_P315_Y0 "138582366AF8207D4E6B8E4D9BAF4CA15E08FCF676647F376FF4FE907627E2579D32AA8E6001DEE" +#define B24_P315_Y1 "0DEAD9C4C30BD897DF10EB443DEF49B5FA667FB8A84C90D1388AC58F993AFA6363D1BDA84CC1C1C" +#define B24_P315_Y2 "1615F1AA7F72E6C275654FD6389AE7382AED0DC06A49BF296317642D6C08A6BDB66EEA7EE76333A" +#define B24_P315_Y3 "36B589D9FE7C4A5F62F00C7B10A7EACB3CAB665DEDE5809BF77AC3313B08E7592D7D4D8C7AA5E18" +#define B24_P315_R "196DEAC24A9DA12B25FC7EC9CF927A98C8C480ECE644E36419D0C5FD00C00001" +#define B24_P315_H "142A76791A4ECF9C5E2D1E9744E1A3D20ECD4E893C629F9A3E8F21811C01446602B3EC97C88DB0069213228615137A0DDED7E599B628469C774CB87CD287BF73A8D2CC439FFFFE00FE2B41EFDC3698DD4B373ACDEEE183EB09E6F58E9055CD34EACE3E7E701215B52C02797E31A2C6FE9AC0018B940ADF101E0000000001" +/** @} */ +#endif + +#if defined(EP_ENDOM) && FP_PRIME == 317 +/** @{ */ +#define B24_P317_A0 "0" +#define B24_P317_A1 "0" +#define B24_P317_A2 "0" +#define B24_P317_A3 "0" +#define B24_P317_B0 "0" +#define B24_P317_B1 "0" +#define B24_P317_B2 "4" +#define B24_P317_B3 "0" +#define B24_P317_X0 "36A6220950C7870B9D42FF09CEFE0520DEAB97207021685B35BA445849CD469D1BE033F82E5F017" +#define B24_P317_X1 "C91F3B3134FB62C277EDDAF617551090B4CE7550B63A7DBDEC4AA7AA4398AC69460650EFC67408B" +#define B24_P317_X2 "1015C5600F61264941003D36E6C44373CFE660B3E58D022CD09022E888C30019F769BF66AA4D5B1D" +#define B24_P317_X3 "5BAD535DA2A42C5D074AF7C66E0A7F455343C891ADD40BE6FBBE7E3AA9AB0D43F72997D40039EA6" +#define B24_P317_Y0 "AF7E47B2C41683B76E545A9124E54500468CB736CF2511BFA4B2A701638DA87CF4DB32A05C28B24" +#define B24_P317_Y1 "19CA14178B54B1F00DFA9F1C2EE3EDAB9AAE97EC0D054B4442AC47F56C08F58E6461943B996D329" +#define B24_P317_Y2 "3CC71F2768CCABDB4E59ED5843672AAD9ED9CC9013FE03DC4385324FB2B89D19F8441EC780193F" +#define B24_P317_Y3 "101A83D160E4CAB745F944FE44506B4CA63098605B00D937EEBF4785587075D552E11033FF12E8F8" +#define B24_P317_R "196DEAC24A9DA12B25FC7EC9CF927A98C8C480ECE644E36419D0C5FD00C00001" +#define B24_P317_H "416447847BA373C0307445C51CE3F6794B6A196037B807603DEB0EA8A26CC88F0707D8CD9E96D7EA5C8E850F5306CC3B7285486A4F06BFE651956CC3CD1E6D77AE229D7DC65E3D9D309F43FAC42749B83735FDDD0560F1ECCA197EB86C2167E9522AE151DC5F2AC2703E82BB9F29F280E26EF9C0CFFD37140CE556FCCD6EB" +/** @} */ +#endif + #if defined(EP_ENDOM) && FP_PRIME == 509 /** @{ */ #define B24_P509_A0 "0" @@ -314,7 +360,15 @@ void ep4_curve_set_twist(int type) { bn_new(h); switch (ep_param_get()) { -#if FP_PRIME == 509 +#if FP_PRIME == 315 + case B24_P315: + ASSIGN(B24_P315); + break; +#elif FP_PRIME == 317 + case B24_P317: + ASSIGN(B24_P317); + break; +#elif FP_PRIME == 509 case B24_P509: ASSIGN(B24_P509); break; @@ -339,6 +393,15 @@ void ep4_curve_set_twist(int type) { bn_copy(&(ctx->ep4_r), r); bn_copy(&(ctx->ep4_h), h); + if (type == RLC_EP_MTYPE) { + fp2_zero(a[0]); + fp_copy(a[1][0], ctx->fp4_p1[0]); + fp_copy(a[1][1], ctx->fp4_p1[1]); + fp4_inv(a, a); + fp_copy(ctx->fp4_p1[0], a[1][0]); + fp_copy(ctx->fp4_p1[1], a[1][1]); + } + #if defined(WITH_PC) /* Compute pairing generator. */ pc_core_calc(); @@ -360,7 +423,7 @@ void ep4_curve_set_twist(int type) { } } -void ep4_curve_set(fp4_t a, fp4_t b, ep4_t g, bn_t r, bn_t h) { +void ep4_curve_set(const fp4_t a, const fp4_t b, const ep4_t g, const bn_t r, const bn_t h) { ctx_t *ctx = core_get(); ctx->ep4_is_twist = 0; diff --git a/src/epx/relic_ep4_dbl.c b/src/epx/relic_ep4_dbl.c index 11d0bb047..d3306edf7 100644 --- a/src/epx/relic_ep4_dbl.c +++ b/src/epx/relic_ep4_dbl.c @@ -46,7 +46,7 @@ * @param[out] s - the resulting slope. * @param[in] p - the point to double. */ -static void ep4_dbl_basic_imp(ep4_t r, fp4_t s, ep4_t p) { +static void ep4_dbl_basic_imp(ep4_t r, fp4_t s, const ep4_t p) { fp4_t t0, t1, t2; fp4_null(t0); @@ -117,7 +117,7 @@ static void ep4_dbl_basic_imp(ep4_t r, fp4_t s, ep4_t p) { * @param[out] r - the result. * @param[in] p - the point to double. */ -static void ep4_dbl_projc_imp(ep4_t r, ep4_t p) { +static void ep4_dbl_projc_imp(ep4_t r, const ep4_t p) { fp4_t t0, t1, t2, t3, t4, t5; fp4_null(t0); @@ -242,7 +242,7 @@ static void ep4_dbl_projc_imp(ep4_t r, ep4_t p) { #if EP_ADD == BASIC || !defined(STRIP) -void ep4_dbl_basic(ep4_t r, ep4_t p) { +void ep4_dbl_basic(ep4_t r, const ep4_t p) { if (ep4_is_infty(p)) { ep4_set_infty(r); return; @@ -251,7 +251,7 @@ void ep4_dbl_basic(ep4_t r, ep4_t p) { ep4_dbl_basic_imp(r, NULL, p); } -void ep4_dbl_slp_basic(ep4_t r, fp4_t s, ep4_t p) { +void ep4_dbl_slp_basic(ep4_t r, fp4_t s, const ep4_t p) { if (ep4_is_infty(p)) { ep4_set_infty(r); return; @@ -264,7 +264,7 @@ void ep4_dbl_slp_basic(ep4_t r, fp4_t s, ep4_t p) { #if EP_ADD == PROJC || !defined(STRIP) -void ep4_dbl_projc(ep4_t r, ep4_t p) { +void ep4_dbl_projc(ep4_t r, const ep4_t p) { if (ep4_is_infty(p)) { ep4_set_infty(r); return; diff --git a/src/epx/relic_ep4_frb.c b/src/epx/relic_ep4_frb.c index fa216d53e..9a871edf1 100644 --- a/src/epx/relic_ep4_frb.c +++ b/src/epx/relic_ep4_frb.c @@ -36,7 +36,7 @@ /* Public definitions */ /*============================================================================*/ -void ep4_frb(ep4_t r, ep4_t p, int i) { +void ep4_frb(ep4_t r, const ep4_t p, int i) { ep4_copy(r, p); for (; i > 0; i--) { fp4_frb(r->x, r->x, 1); diff --git a/src/epx/relic_ep4_map.c b/src/epx/relic_ep4_map.c index be73b8d1e..4fc73ed84 100644 --- a/src/epx/relic_ep4_map.c +++ b/src/epx/relic_ep4_map.c @@ -1,6 +1,6 @@ /* * RELIC is an Efficient LIbrary for Cryptography - * Copyright (c) 2012 RELIC Authors + * Copyright (c) 2021 RELIC Authors * * This file is part of RELIC. RELIC is legal property of its developers, * whose names are not listed here. Please refer to the COPYRIGHT file diff --git a/src/epx/relic_ep4_mul.c b/src/epx/relic_ep4_mul.c index c02f41b90..ca871d90a 100644 --- a/src/epx/relic_ep4_mul.c +++ b/src/epx/relic_ep4_mul.c @@ -1,6 +1,6 @@ /* * RELIC is an Efficient LIbrary for Cryptography - * Copyright (c) 2012 RELIC Authors + * Copyright (c) 2021 RELIC Authors * * This file is part of RELIC. RELIC is legal property of its developers, * whose names are not listed here. Please refer to the COPYRIGHT file @@ -40,7 +40,7 @@ #if defined(EP_ENDOM) -static void ep4_mul_glv_imp(ep4_t r, ep4_t p, const bn_t k) { +static void ep4_mul_glv_imp(ep4_t r, const ep4_t p, const bn_t k) { int sign, i, j, l, _l[8]; bn_t n, _k[8], u, v; int8_t naf[8][RLC_FP_BITS + 1]; @@ -130,7 +130,7 @@ static void ep4_mul_glv_imp(ep4_t r, ep4_t p, const bn_t k) { #endif /* EP_ENDOM */ -static void ep4_mul_naf_imp(ep4_t r, ep4_t p, const bn_t k) { +static void ep4_mul_naf_imp(ep4_t r, const ep4_t p, const bn_t k) { int l, i, n; int8_t naf[RLC_FP_BITS + 1]; ep4_t t[1 << (EP_WIDTH - 2)]; @@ -183,7 +183,7 @@ static void ep4_mul_naf_imp(ep4_t r, ep4_t p, const bn_t k) { /* Public definitions */ /*============================================================================*/ -void ep4_mul_basic(ep4_t r, ep4_t p, const bn_t k) { +void ep4_mul_basic(ep4_t r, const ep4_t p, const bn_t k) { int i, l; ep4_t t; @@ -227,7 +227,7 @@ void ep4_mul_basic(ep4_t r, ep4_t p, const bn_t k) { #if EP_MUL == SLIDE || !defined(STRIP) -void ep4_mul_slide(ep4_t r, ep4_t p, const bn_t k) { +void ep4_mul_slide(ep4_t r, const ep4_t p, const bn_t k) { ep4_t t[1 << (EP_WIDTH - 1)], q; int i, j, l; uint8_t win[RLC_FP_BITS + 1]; @@ -297,7 +297,7 @@ void ep4_mul_slide(ep4_t r, ep4_t p, const bn_t k) { #if EP_MUL == MONTY || !defined(STRIP) -void ep4_mul_monty(ep4_t r, ep4_t p, const bn_t k) { +void ep4_mul_monty(ep4_t r, const ep4_t p, const bn_t k) { ep4_t t[2]; ep4_null(t[0]); @@ -362,7 +362,7 @@ void ep4_mul_monty(ep4_t r, ep4_t p, const bn_t k) { #if EP_MUL == LWNAF || !defined(STRIP) -void ep4_mul_lwnaf(ep4_t r, ep4_t p, const bn_t k) { +void ep4_mul_lwnaf(ep4_t r, const ep4_t p, const bn_t k) { if (bn_is_zero(k) || ep4_is_infty(p)) { ep4_set_infty(r); return; @@ -386,7 +386,7 @@ void ep4_mul_lwnaf(ep4_t r, ep4_t p, const bn_t k) { #endif -void ep4_mul_gen(ep4_t r, bn_t k) { +void ep4_mul_gen(ep4_t r, const bn_t k) { if (bn_is_zero(k)) { ep4_set_infty(r); return; @@ -413,7 +413,7 @@ void ep4_mul_gen(ep4_t r, bn_t k) { #endif } -void ep4_mul_dig(ep4_t r, ep4_t p, dig_t k) { +void ep4_mul_dig(ep4_t r, const ep4_t p, const dig_t k) { int i, l; ep4_t t; diff --git a/src/epx/relic_ep4_mul_cof.c b/src/epx/relic_ep4_mul_cof.c index 14f9973f2..9cd9f43ff 100644 --- a/src/epx/relic_ep4_mul_cof.c +++ b/src/epx/relic_ep4_mul_cof.c @@ -38,7 +38,7 @@ /* Public definitions */ /*============================================================================*/ -void ep4_mul_cof(ep4_t r, ep4_t p) { +void ep4_mul_cof(ep4_t r, const ep4_t p) { bn_t z; ep4_t t0, t1, t2, t3; diff --git a/src/epx/relic_ep4_mul_fix.c b/src/epx/relic_ep4_mul_fix.c index 8709e702b..c9b7c20af 100644 --- a/src/epx/relic_ep4_mul_fix.c +++ b/src/epx/relic_ep4_mul_fix.c @@ -1,6 +1,6 @@ /* * RELIC is an Efficient LIbrary for Cryptography - * Copyright (c) 2012 RELIC Authors + * Copyright (c) 2021 RELIC Authors * * This file is part of RELIC. RELIC is legal property of its developers, * whose names are not listed here. Please refer to the COPYRIGHT file @@ -44,7 +44,7 @@ * @param[out] t - the destination table. * @param[in] p - the point to multiply. */ -static void ep4_mul_pre_ordin(ep4_t *t, ep4_t p) { +static void ep4_mul_pre_ordin(ep4_t *t, const ep4_t p) { int i; ep4_dbl(t[0], p); @@ -76,7 +76,7 @@ static void ep4_mul_pre_ordin(ep4_t *t, ep4_t p) { * @param[in] p - the point to multiply. * @param[in] k - the integer. */ -static void ep4_mul_fix_ordin(ep4_t r, ep4_t *table, bn_t k) { +static void ep4_mul_fix_ordin(ep4_t r, const ep4_t *table, const bn_t k) { int len, i, n; int8_t naf[2 * RLC_FP_BITS + 1], *t; @@ -117,7 +117,7 @@ static void ep4_mul_fix_ordin(ep4_t r, ep4_t *table, bn_t k) { #if EP_FIX == BASIC || !defined(STRIP) -void ep4_mul_pre_basic(ep4_t *t, ep4_t p) { +void ep4_mul_pre_basic(ep4_t *t, const ep4_t p) { bn_t n; bn_null(n); @@ -140,7 +140,7 @@ void ep4_mul_pre_basic(ep4_t *t, ep4_t p) { } } -void ep4_mul_fix_basic(ep4_t r, ep4_t *t, bn_t k) { +void ep4_mul_fix_basic(ep4_t r, const ep4_t *t, const bn_t k) { if (bn_is_zero(k)) { ep4_set_infty(r); return; @@ -163,7 +163,7 @@ void ep4_mul_fix_basic(ep4_t r, ep4_t *t, bn_t k) { #if EP_FIX == COMBS || !defined(STRIP) -void ep4_mul_pre_combs(ep4_t *t, ep4_t p) { +void ep4_mul_pre_combs(ep4_t *t, const ep4_t p) { int i, j, l; bn_t n; @@ -205,7 +205,7 @@ void ep4_mul_pre_combs(ep4_t *t, ep4_t p) { } } -void ep4_mul_fix_combs(ep4_t r, ep4_t *t, bn_t k) { +void ep4_mul_fix_combs(ep4_t r, const ep4_t *t, const bn_t k) { int i, j, l, w, n0, p0, p1; bn_t n; @@ -269,7 +269,7 @@ void ep4_mul_fix_combs(ep4_t r, ep4_t *t, bn_t k) { #if EP_FIX == COMBD || !defined(STRIP) -void ep4_mul_pre_combd(ep4_t *t, ep4_t p) { +void ep4_mul_pre_combd(ep4_t *t, const ep4_t p) { int i, j, d, e; bn_t n; @@ -318,7 +318,7 @@ void ep4_mul_pre_combd(ep4_t *t, ep4_t p) { } } -void ep4_mul_fix_combd(ep4_t r, ep4_t *t, bn_t k) { +void ep4_mul_fix_combd(ep4_t r, const ep4_t *t, const bn_t k) { int i, j, d, e, w0, w1, n0, p0, p1; bn_t n; @@ -382,11 +382,11 @@ void ep4_mul_fix_combd(ep4_t r, ep4_t *t, bn_t k) { #if EP_FIX == LWNAF || !defined(STRIP) -void ep4_mul_pre_lwnaf(ep4_t *t, ep4_t p) { +void ep4_mul_pre_lwnaf(ep4_t *t, const ep4_t p) { ep4_mul_pre_ordin(t, p); } -void ep4_mul_fix_lwnaf(ep4_t r, ep4_t *t, bn_t k) { +void ep4_mul_fix_lwnaf(ep4_t r, const ep4_t *t, const bn_t k) { ep4_mul_fix_ordin(r, t, k); } diff --git a/src/epx/relic_ep4_mul_sim.c b/src/epx/relic_ep4_mul_sim.c index faff8f0c3..fdc4cd579 100644 --- a/src/epx/relic_ep4_mul_sim.c +++ b/src/epx/relic_ep4_mul_sim.c @@ -1,6 +1,6 @@ /* * RELIC is an Efficient LIbrary for Cryptography - * Copyright (c) 2012 RELIC Authors + * Copyright (c) 2021 RELIC Authors * * This file is part of RELIC. RELIC is legal property of its developers, * whose names are not listed here. Please refer to the COPYRIGHT file @@ -50,8 +50,8 @@ * @param[in] m - the second integer. * @param[in] t - the pointer to the precomputed table. */ -static void ep4_mul_sim_plain(ep4_t r, ep4_t p, bn_t k, ep4_t q, bn_t m, - ep4_t *t) { +static void ep4_mul_sim_plain(ep4_t r, const ep4_t p, const bn_t k, + const ep4_t q, const bn_t m, ep4_t *t) { int i, l, l0, l1, n0, n1, w, gen; int8_t naf0[2 * RLC_FP_BITS + 1], naf1[2 * RLC_FP_BITS + 1], *_k, *_m; ep4_t t0[1 << (EP_WIDTH - 2)]; @@ -146,7 +146,8 @@ static void ep4_mul_sim_plain(ep4_t r, ep4_t p, bn_t k, ep4_t q, bn_t m, #if EP_SIM == BASIC || !defined(STRIP) -void ep4_mul_sim_basic(ep4_t r, ep4_t p, bn_t k, ep4_t q, bn_t l) { +void ep4_mul_sim_basic(ep4_t r, const ep4_t p, const bn_t k, const ep4_t q, + const bn_t l) { ep4_t t; ep4_null(t); @@ -170,7 +171,8 @@ void ep4_mul_sim_basic(ep4_t r, ep4_t p, bn_t k, ep4_t q, bn_t l) { #if EP_SIM == TRICK || !defined(STRIP) -void ep4_mul_sim_trick(ep4_t r, ep4_t p, bn_t k, ep4_t q, bn_t m) { +void ep4_mul_sim_trick(ep4_t r, const ep4_t p, const bn_t k, const ep4_t q, + const bn_t m) { ep4_t t0[1 << (EP_WIDTH / 2)]; ep4_t t1[1 << (EP_WIDTH / 2)]; ep4_t t[1 << EP_WIDTH]; @@ -270,7 +272,8 @@ void ep4_mul_sim_trick(ep4_t r, ep4_t p, bn_t k, ep4_t q, bn_t m) { #if EP_SIM == INTER || !defined(STRIP) -void ep4_mul_sim_inter(ep4_t r, ep4_t p, bn_t k, ep4_t q, bn_t m) { +void ep4_mul_sim_inter(ep4_t r, const ep4_t p, const bn_t k, const ep4_t q, + const bn_t m) { if (bn_is_zero(k) || ep4_is_infty(p)) { ep4_mul(r, q, m); return; @@ -287,7 +290,8 @@ void ep4_mul_sim_inter(ep4_t r, ep4_t p, bn_t k, ep4_t q, bn_t m) { #if EP_SIM == JOINT || !defined(STRIP) -void ep4_mul_sim_joint(ep4_t r, ep4_t p, bn_t k, ep4_t q, bn_t m) { +void ep4_mul_sim_joint(ep4_t r, const ep4_t p, const bn_t k, const ep4_t q, + const bn_t m) { ep4_t t[5]; int i, l, u_i, offset; int8_t jsf[4 * (RLC_FP_BITS + 1)]; @@ -360,7 +364,7 @@ void ep4_mul_sim_joint(ep4_t r, ep4_t p, bn_t k, ep4_t q, bn_t m) { #endif -void ep4_mul_sim_gen(ep4_t r, bn_t k, ep4_t q, bn_t m) { +void ep4_mul_sim_gen(ep4_t r, const bn_t k, const ep4_t q, const bn_t m) { ep4_t gen; ep4_null(gen); @@ -392,7 +396,7 @@ void ep4_mul_sim_gen(ep4_t r, bn_t k, ep4_t q, bn_t m) { } } -void ep4_mul_sim_dig(ep4_t r, ep4_t p[], dig_t k[], int len) { +void ep4_mul_sim_dig(ep4_t r, const ep4_t p[], const dig_t k[], int len) { ep4_t t; int max; @@ -426,7 +430,7 @@ void ep4_mul_sim_dig(ep4_t r, ep4_t p[], dig_t k[], int len) { } } -void ep4_mul_sim_lot(ep4_t r, ep4_t p[], const bn_t k[], int n) { +void ep4_mul_sim_lot(ep4_t r, const ep4_t p[], const bn_t k[], int n) { const int len = RLC_FP_BITS + 1; int i, j, m, l, *_l = RLC_ALLOCA(int, 8 * n); bn_t _k[8], q, x; @@ -466,7 +470,7 @@ void ep4_mul_sim_lot(ep4_t r, ep4_t p[], const bn_t k[], int n) { l = 0; for (i = 0; i < n; i++) { - bn_rec_frb(_k, 8, k[i], q, x, ep_curve_is_pairf()); + bn_rec_frb(_k, 8, k[i], q, x, ep_curve_is_pairf() == EP_BN); for (j = 0; j < 8; j++) { _l[8*i + j] = len; bn_rec_naf(&naf[(8*i + j)*len], &_l[8*i + j], _k[j], 2); @@ -549,7 +553,7 @@ void ep4_mul_sim_lot(ep4_t r, ep4_t p[], const bn_t k[], int n) { l = 0; for (i = 0; i < n; i++) { - bn_rec_frb(_k, 8, k[i], q, x, ep_curve_is_pairf()); + bn_rec_frb(_k, 8, k[i], q, x, ep_curve_is_pairf() == EP_BN); for (j = 0; j < 8; j++) { _l[8*i + j] = len; bn_rec_naf(&naf[(8*i + j)*len], &_l[8*i + j], _k[j], w); @@ -579,7 +583,7 @@ void ep4_mul_sim_lot(ep4_t r, ep4_t p[], const bn_t k[], int n) { if (bn_sign(_k[m]) == RLC_NEG) { ep4_neg(t, t); } - ep4_add(_p[m*c + (ptr >> 1)], _p[m*c + (ptr >> 1)], t); + ep4_add(_p[m*c + (ptr/2)], _p[m*c + (ptr/2)], t); } } } diff --git a/src/epx/relic_ep4_neg.c b/src/epx/relic_ep4_neg.c index 4351c809c..604fc116e 100644 --- a/src/epx/relic_ep4_neg.c +++ b/src/epx/relic_ep4_neg.c @@ -36,7 +36,7 @@ /* Public definitions */ /*============================================================================*/ -void ep4_neg(ep4_t r, ep4_t p) { +void ep4_neg(ep4_t r, const ep4_t p) { if (ep4_is_infty(p)) { ep4_set_infty(r); return; diff --git a/src/epx/relic_ep4_norm.c b/src/epx/relic_ep4_norm.c index 8ad02259c..ed41baa7f 100644 --- a/src/epx/relic_ep4_norm.c +++ b/src/epx/relic_ep4_norm.c @@ -44,7 +44,7 @@ * @param r - the result. * @param p - the point to normalize. */ -static void ep4_norm_imp(ep4_t r, ep4_t p, int inverted) { +static void ep4_norm_imp(ep4_t r, const ep4_t p, int inverted) { if (p->coord != BASIC) { fp4_t t0, t1; @@ -85,7 +85,7 @@ static void ep4_norm_imp(ep4_t r, ep4_t p, int inverted) { /* Public definitions */ /*============================================================================*/ -void ep4_norm(ep4_t r, ep4_t p) { +void ep4_norm(ep4_t r, const ep4_t p) { if (ep4_is_infty(p)) { ep4_set_infty(r); return; @@ -100,7 +100,7 @@ void ep4_norm(ep4_t r, ep4_t p) { #endif } -void ep4_norm_sim(ep4_t *r, ep4_t *t, int n) { +void ep4_norm_sim(ep4_t *r, const ep4_t *t, int n) { int i; fp4_t *a = RLC_ALLOCA(fp4_t, n); diff --git a/src/epx/relic_ep4_util.c b/src/epx/relic_ep4_util.c index 1bba16f2b..51b1dafe4 100644 --- a/src/epx/relic_ep4_util.c +++ b/src/epx/relic_ep4_util.c @@ -36,7 +36,7 @@ /* Public definitions */ /*============================================================================*/ -int ep4_is_infty(ep4_t p) { +int ep4_is_infty(const ep4_t p) { return (fp4_is_zero(p->z) == 1); } @@ -47,7 +47,7 @@ void ep4_set_infty(ep4_t p) { p->coord = BASIC; } -void ep4_copy(ep4_t r, ep4_t p) { +void ep4_copy(ep4_t r, const ep4_t p) { fp4_copy(r->x, p->x); fp4_copy(r->y, p->y); fp4_copy(r->z, p->z); @@ -78,7 +78,7 @@ void ep4_rand(ep4_t p) { } } -void ep4_blind(ep4_t r, ep4_t p) { +void ep4_blind(ep4_t r, const ep4_t p) { fp4_t rand; fp4_null(rand); @@ -104,7 +104,7 @@ void ep4_blind(ep4_t r, ep4_t p) { } } -void ep4_rhs(fp4_t rhs, ep4_t p) { +void ep4_rhs(fp4_t rhs, const ep4_t p) { fp4_t t0, t1; fp4_null(t0); @@ -121,17 +121,20 @@ void ep4_rhs(fp4_t rhs, ep4_t p) { break; #if FP_RDC != MONTY case RLC_MIN3: - fp4_sub_dig(t0, t0, 3); + fp_sub_dig(t0[0][0], t0[0][0], 3); break; case RLC_ONE: - fp4_add_dig(t0, t0, 1); + fp_add_dig(t0[0][0], t0[0][0], 1); break; case RLC_TWO: - fp4_add_dig(t0, t0, 2); + fp_add_dig(t0[0][0], t0[0][0], 2); break; case RLC_TINY: ep4_curve_get_a(t1); - fp4_mul_dig(t0, t0, t1[0][0]); + fp_mul_dig(t0[0][0], t0[0][0], t1[0][0][0]); + fp_mul_dig(t0[0][1], t0[0][1], t1[0][0][0]); + fp_mul_dig(t0[1][0], t0[0][0], t1[0][0][0]); + fp_mul_dig(t0[1][1], t0[1][1], t1[0][0][0]); break; #endif default: @@ -147,17 +150,20 @@ void ep4_rhs(fp4_t rhs, ep4_t p) { break; #if FP_RDC != MONTY case RLC_MIN3: - fp4_sub_dig(t0, t0, 3); + fp_sub_dig(t0[0][0], t0[0][0], 3); break; case RLC_ONE: - fp4_add_dig(t0, t0, 1); + fp_add_dig(t0[0][0], t0[0][0], 1); break; case RLC_TWO: - fp4_add_dig(t0, t0, 2); + fp_add_dig(t0[0][0], t0[0][0], 2); break; case RLC_TINY: ep4_curve_get_b(t1); - fp4_mul_dig(t0, t0, t1[0][0]); + fp_mul_dig(t0[0][0], t0[0][0], t1[0][0][0]); + fp_mul_dig(t0[0][1], t0[0][1], t1[0][0][0]); + fp_mul_dig(t0[1][0], t0[0][0], t1[0][0][0]); + fp_mul_dig(t0[1][1], t0[1][1], t1[0][0][0]); break; #endif default: @@ -176,7 +182,7 @@ void ep4_rhs(fp4_t rhs, ep4_t p) { } -int ep4_on_curve(ep4_t p) { +int ep4_on_curve(const ep4_t p) { ep4_t t; int r = 0; @@ -199,7 +205,7 @@ int ep4_on_curve(ep4_t p) { return r; } -void ep4_tab(ep4_t *t, ep4_t p, int w) { +void ep4_tab(ep4_t *t, const ep4_t p, int w) { if (w > 2) { ep4_dbl(t[0], p); #if defined(EP_MIXED) @@ -216,13 +222,13 @@ void ep4_tab(ep4_t *t, ep4_t p, int w) { ep4_copy(t[0], p); } -void ep4_print(ep4_t p) { +void ep4_print(const ep4_t p) { fp4_print(p->x); fp4_print(p->y); fp4_print(p->z); } -int ep4_size_bin(ep4_t a, int pack) { +int ep4_size_bin(const ep4_t a, int pack) { ep4_t t; int size = 0; @@ -282,7 +288,7 @@ void ep4_read_bin(ep4_t a, const uint8_t *bin, int len) { } } -void ep4_write_bin(uint8_t *bin, int len, ep4_t a, int pack) { +void ep4_write_bin(uint8_t *bin, int len, const ep4_t a, int pack) { ep4_t t; ep4_null(t); diff --git a/src/fb/relic_fb_util.c b/src/fb/relic_fb_util.c index f8964ec73..b576c8bab 100644 --- a/src/fb/relic_fb_util.c +++ b/src/fb/relic_fb_util.c @@ -189,46 +189,31 @@ int fb_size_str(const fb_t a, int radix) { } void fb_read_str(fb_t a, const char *str, int len, int radix) { - int i, j, l; - char c; - dig_t carry; + bn_t t; - fb_zero(a); + bn_null(t); - l = log_radix(radix); if (!valid_radix(radix)) { RLC_THROW(ERR_NO_VALID); - return; } - if (RLC_CEIL(l * (len - 1), RLC_DIG) > RLC_FB_DIGS) { - RLC_THROW(ERR_NO_BUFFER); - return; - } + RLC_TRY { + bn_new(t); - j = 0; - while (j < len) { - if (str[j] == 0) { - break; - } - c = (char)((radix < 36) ? RLC_UPP(str[j]) : str[j]); - for (i = 0; i < 64; i++) { - if (c == util_conv_char(i)) { - break; - } - } + bn_read_str(t, str, len, radix); - if (i < radix) { - carry = fb_lshb_low(a, a, l); - if (carry != 0) { - RLC_THROW(ERR_NO_BUFFER); - break; - } - fb_add_dig(a, a, (dig_t)i); - } else { - break; + if (bn_bits(t) > RLC_FB_BITS) { + RLC_THROW(ERR_NO_BUFFER); } - j++; + + fb_zero(a); + dv_copy(a, t->dp, t->used); + } + RLC_CATCH_ANY { + RLC_THROW(ERR_CAUGHT); + } + RLC_FINALLY { + bn_free(t); } } diff --git a/src/fbx/relic_fb2_inv.c b/src/fbx/relic_fb2_inv.c index 7f8187c02..6a77feda7 100644 --- a/src/fbx/relic_fb2_inv.c +++ b/src/fbx/relic_fb2_inv.c @@ -36,7 +36,7 @@ /* Public definitions */ /*============================================================================*/ -void fb2_inv(fb2_t c, fb2_t a) { +void fb2_inv(fb2_t c, const fb2_t a) { fb_t a0, a1, m0, m1; fb_null(a0); diff --git a/src/fbx/relic_fb2_mul.c b/src/fbx/relic_fb2_mul.c index 427b0764d..161ea9a02 100644 --- a/src/fbx/relic_fb2_mul.c +++ b/src/fbx/relic_fb2_mul.c @@ -37,7 +37,7 @@ /* Public definitions */ /*============================================================================*/ -void fb2_mul(fb2_t c, fb2_t a, fb2_t b) { +void fb2_mul(fb2_t c, const fb2_t a, const fb2_t b) { fb_t t0, t1, t2; fb_null(t0); @@ -67,7 +67,7 @@ void fb2_mul(fb2_t c, fb2_t a, fb2_t b) { } } -void fb2_mul_nor(fb2_t c, fb2_t a) { +void fb2_mul_nor(fb2_t c, const fb2_t a) { fb_t t; fb_null(t); @@ -84,4 +84,3 @@ void fb2_mul_nor(fb2_t c, fb2_t a) { fb_free(t); } } - diff --git a/src/fbx/relic_fb2_slv.c b/src/fbx/relic_fb2_slv.c index 2c6df6e07..ac3228786 100644 --- a/src/fbx/relic_fb2_slv.c +++ b/src/fbx/relic_fb2_slv.c @@ -36,7 +36,7 @@ /* Public definitions */ /*============================================================================*/ -void fb2_slv(fb2_t c, fb2_t a) { +void fb2_slv(fb2_t c, const fb2_t a) { /* Compute c_0 = a_0 + a_1. */ fb_add(c[0], a[0], a[1]); /* Compute c_1^2 + c_1 = a_1. */ diff --git a/src/fbx/relic_fb2_sqr.c b/src/fbx/relic_fb2_sqr.c index 8cb451d5d..bb8346d0d 100644 --- a/src/fbx/relic_fb2_sqr.c +++ b/src/fbx/relic_fb2_sqr.c @@ -36,7 +36,7 @@ /* Public definitions */ /*============================================================================*/ -void fb2_sqr(fb2_t c, fb2_t a) { +void fb2_sqr(fb2_t c, const fb2_t a) { fb_sqr(c[1], a[1]); fb_sqr(c[0], a[0]); fb_add(c[0], c[0], c[1]); diff --git a/src/fp/relic_fp_inv.c b/src/fp/relic_fp_inv.c index b8a06077f..6ec85f98a 100644 --- a/src/fp/relic_fp_inv.c +++ b/src/fp/relic_fp_inv.c @@ -402,26 +402,24 @@ void fp_inv_exgcd(fp_t c, const fp_t a) { #if FP_INV == DIVST || !defined(STRIP) void fp_inv_divst(fp_t c, const fp_t a) { - /* Compute number of iteratios based on modulus size. */ + /* Compute number of iterations based on modulus size. */ #if FP_PRIME < 46 - int d = (49 * FP_PRIME + 80)/17; + int d = (49 * FP_PRIME + 80) / 17; #else - int d = (49 * FP_PRIME + 57)/17; + int d = (49 * FP_PRIME + 57) / 17; #endif - dig_t g0, d0, fs, gs; - int delta = 1; + int g0, d0; + dig_t fs, gs, delta = 1; bn_t _t; - dv_t f, g, t, u; - fp_t precomp, v, r; + fp_t f, g, t, u, v, r; bn_null(_t); - dv_null(f); - dv_null(g); - dv_null(t); - dv_null(u); + fp_null(f); + fp_null(g); + fp_null(t); + fp_null(u); fp_null(v); fp_null(r); - fp_null(precomp); if (fp_is_zero(a)) { RLC_THROW(ERR_NO_VALID); @@ -430,25 +428,12 @@ void fp_inv_divst(fp_t c, const fp_t a) { RLC_TRY { bn_new(_t); - dv_new(f); - dv_new(g); - dv_new(t); - dv_new(u); + fp_new(f); + fp_new(g); + fp_new(t); + fp_new(u); fp_new(v); fp_new(r); - fp_new(precomp); - -#if WSIZE == 8 - bn_set_dig(_t, d >> 8); - bn_lsh(_t, _t, 8); - bn_add_dig(_t, _t, d & 0xFF); -#else - bn_set_dig(_t, d); -#endif - dv_copy(precomp, fp_prime_get(), RLC_FP_DIGS); - fp_add_dig(precomp, precomp, 1); - fp_hlv(precomp, precomp); - fp_exp(precomp, precomp, _t); fp_zero(v); fp_set_dig(r, 1); @@ -495,18 +480,322 @@ void fp_inv_divst(fp_t c, const fp_t a) { } fp_neg(t, v); dv_copy_cond(v, t, RLC_FP_DIGS, fs); - fp_mul(c, v, precomp); + + dv_copy(t, fp_prime_get(), RLC_FP_DIGS); + fp_add_dig(t, t, 1); + fp_hlv(t, t); +#if WSIZE == 8 + bn_set_dig(_t, d >> 8); + bn_lsh(_t, _t, 8); + bn_add_dig(_t, _t, d & 0xFF); +#else + bn_set_dig(_t, d); +#endif + fp_exp(t, t, _t); + + fp_mul(c, v, t); } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT) } RLC_FINALLY { bn_free(_t); - dv_free(f); - dv_free(g); - dv_free(t); - dv_free(u); + fp_free(f); + fp_free(g); + fp_free(t); + fp_free(u); fp_free(v); fp_free(r); - fp_free(precomp); + } +} + +#endif + +#if FP_INV == JMPDS || !defined(STRIP) + +static dis_t jumpdivstep(dis_t m[4], dis_t delta, dig_t f, dig_t g, int s) { + dig_t u = 1, v = 0, q = 0, r = 1, c0, c1; + + /* This is actually faster than my previous version, several tricks from + * https://github.com/bitcoin-core/secp256k1/blob/master/src/modinv64_impl.h + */ + for (s--; s >= 0; s--) { + /* First handle the else part: if delta < 0, compute -(f,u,v). */ + c0 = delta >> (RLC_DIG - 1); + c1 = -(g & 1); + c0 &= c1; + /* Conditionally add -(f,u,v) to (g,q,r) */ + g += ((f ^ c0) - c0) & c1; + q += ((u ^ c0) - c0) & c1; + r += ((v ^ c0) - c0) & c1; + /* Now handle the 'if' part, so c0 will be (delta < 0) && (g & 1)) */ + /* delta = RLC_SEL(delta, -delta, c0 & 1) - 2 (for half-divstep), thus + * delta = - delta - 2 or delta - 1 */ + delta = (delta ^ c0) - 1; + f = f + (g & c0); + u = u + (q & c0); + v = v + (r & c0); + g >>= 1; + u += u; + v += v; + } + m[0] = u; + m[1] = v; + m[2] = q; + m[3] = r; + return delta; +} + +static inline void bn_mul2_low(dig_t *c, const dig_t *a, dis_t digit, int size) { + int sd = digit >> (RLC_DIG - 1); + digit = (digit ^ sd) - sd; + c[size] = bn_mul1_low(c, a, digit, size); +} + +void fp_inv_jmpds(fp_t c, const fp_t a) { + dis_t m[4]; + /* Compute number of iterations based on modulus size. */ + int i, d = -1, s = RLC_DIG - 2; + /* Iterations taken directly from https://github.com/sipa/safegcd-bounds */ + int iterations = (45907 * FP_PRIME + 26313) / 19929; + dv_t f, g, t, p, t0, t1, u0, u1, v0, v1, p01, p11; + fp_t pre; + + if (fp_is_zero(a)) { + RLC_THROW(ERR_NO_VALID); + return; + } + + dv_null(f); + dv_null(g); + dv_null(t); + dv_null(p); + dv_null(t0); + dv_null(t1); + dv_null(u0); + dv_null(u1); + dv_null(v0); + dv_null(v1); + dv_null(p01); + dv_null(p11); + fp_null(pre); + + RLC_TRY { + dv_new(t0); + dv_new(f); + dv_new(t); + dv_new(p); + dv_new(g); + dv_new(t1); + dv_new(u0); + dv_new(u1); + dv_new(v0); + dv_new(v1); + dv_new(p01); + dv_new(p11); + fp_new(pre); + +#if (FP_PRIME % WSIZE) != 0 + int j = 0; + fp_copy(pre, core_get()->inv.dp); +#else + fp_copy(pre, core_get()->conv.dp); + fp_mul(pre, pre, core_get()->conv.dp); + fp_mul(pre, pre, core_get()->inv.dp); +#endif + + f[RLC_FP_DIGS] = g[RLC_FP_DIGS] = 0; + dv_zero(t, 2 * RLC_FP_DIGS); + dv_zero(p, 2 * RLC_FP_DIGS); + dv_zero(u0, 2 * RLC_FP_DIGS); + dv_zero(u1, 2 * RLC_FP_DIGS); + dv_zero(v0, 2 * RLC_FP_DIGS); + dv_zero(v1, 2 * RLC_FP_DIGS); + + dv_copy(f, fp_prime_get(), RLC_FP_DIGS); + dv_copy(p + 1, fp_prime_get(), RLC_FP_DIGS); +#if FP_RDC == MONTY + /* Convert a from Montgomery form. */ + fp_copy(t, a); + fp_rdcn_low(g, t); +#else + fp_copy(g, a); +#endif + d = jumpdivstep(m, d, f[0] & RLC_MASK(s), g[0] & RLC_MASK(s), s); + + t0[RLC_FP_DIGS] = bn_muls_low(t0, f, RLC_POS, m[0], RLC_FP_DIGS); + t1[RLC_FP_DIGS] = bn_muls_low(t1, g, RLC_POS, m[1], RLC_FP_DIGS); + bn_addn_low(t0, t0, t1, RLC_FP_DIGS + 1); + + f[RLC_FP_DIGS] = bn_muls_low(f, f, RLC_POS, m[2], RLC_FP_DIGS); + t1[RLC_FP_DIGS] = bn_muls_low(t1, g, RLC_POS, m[3], RLC_FP_DIGS); + bn_addn_low(t1, t1, f, RLC_FP_DIGS + 1); + + /* Update f and g. */ + bn_rshs_low(f, t0, RLC_FP_DIGS + 1, s); + bn_rshs_low(g, t1, RLC_FP_DIGS + 1, s); + + /* Update column vector below. */ + v1[0] = RLC_SEL(m[1], -m[1], RLC_SIGN(m[1])); + fp_negm_low(t, v1); + dv_copy_cond(v1, t, RLC_FP_DIGS, RLC_SIGN(m[1])); + u1[0] = RLC_SEL(m[3], -m[3], RLC_SIGN(m[3])); + fp_negm_low(t, u1); + dv_copy_cond(u1, t, RLC_FP_DIGS, RLC_SIGN(m[3])); + + dv_copy(p01, v1, 2 * RLC_FP_DIGS); + dv_copy(p11, u1, 2 * RLC_FP_DIGS); + + int loops = iterations / s; + loops = (iterations % s == 0 ? loops - 1 : loops); + + for (i = 1; i < loops; i++) { + d = jumpdivstep(m, d, f[0] & RLC_MASK(s), g[0] & RLC_MASK(s), s); + + t0[RLC_FP_DIGS] = bn_muls_low(t0, f, RLC_SIGN(f[RLC_FP_DIGS]), m[0], RLC_FP_DIGS); + t1[RLC_FP_DIGS] = bn_muls_low(t1, g, RLC_SIGN(g[RLC_FP_DIGS]), m[1], RLC_FP_DIGS); + bn_addn_low(t0, t0, t1, RLC_FP_DIGS + 1); + + f[RLC_FP_DIGS] = bn_muls_low(f, f, RLC_SIGN(f[RLC_FP_DIGS]), m[2], RLC_FP_DIGS); + t1[RLC_FP_DIGS] = bn_muls_low(t1, g, RLC_SIGN(g[RLC_FP_DIGS]), m[3], RLC_FP_DIGS); + bn_addn_low(t1, t1, f, RLC_FP_DIGS + 1); + + /* Update f and g. */ + bn_rshs_low(f, t0, RLC_FP_DIGS + 1, s); + bn_rshs_low(g, t1, RLC_FP_DIGS + 1, s); + +#if (FP_PRIME % WSIZE) != 0 + p[j] = 0; + dv_copy(p + j + 1, fp_prime_get(), RLC_FP_DIGS); + + /* Update column vector below. */ + bn_mul2_low(v0, p01, m[0], RLC_FP_DIGS + j); + fp_subd_low(t, p, v0); + dv_copy_cond(v0, t, RLC_FP_DIGS + j + 1, RLC_SIGN(m[0])); + + bn_mul2_low(v1, p11, m[1], RLC_FP_DIGS + j); + fp_subd_low(t, p, v1); + dv_copy_cond(v1, t, RLC_FP_DIGS + j + 1, RLC_SIGN(m[1])); + + bn_mul2_low(u0, p01, m[2], RLC_FP_DIGS + j); + fp_subd_low(t, p, u0); + dv_copy_cond(u0, t, RLC_FP_DIGS + j + 1, RLC_SIGN(m[2])); + + bn_mul2_low(u1, p11, m[3], RLC_FP_DIGS + j); + fp_subd_low(t, p, u1); + dv_copy_cond(u1, t, RLC_FP_DIGS + j + 1, RLC_SIGN(m[3])); + + j = i % RLC_FP_DIGS; + if (j == 0) { + fp_addd_low(t, u0, u1); + fp_rdcn_low(p11, t); + fp_addd_low(t, v0, v1); + fp_rdcn_low(p01, t); + dv_zero(v0, 2 * RLC_FP_DIGS); + dv_zero(v1, 2 * RLC_FP_DIGS); + } else { + fp_addd_low(p11, u0, u1); + fp_addd_low(p01, v0, v1); + } +#else + fp_zero(p); + dv_copy(p + RLC_FP_DIGS, fp_prime_get(), RLC_FP_DIGS); + + /* Update column vector below. */ + bn_mul2_low(v0, p01, m[0], 2 * RLC_FP_DIGS); + fp_subd_low(t, p, v0); + dv_copy_cond(v0, t, 2 * RLC_FP_DIGS, RLC_SIGN(m[0])); + + bn_mul2_low(v1, p11, m[1], 2 * RLC_FP_DIGS); + fp_subd_low(t, p, v1); + dv_copy_cond(v1, t, 2 * RLC_FP_DIGS, RLC_SIGN(m[1])); + + bn_mul2_low(u0, p01, m[2], 2 * RLC_FP_DIGS); + fp_subd_low(t, p, u0); + dv_copy_cond(u0, t, 2 * RLC_FP_DIGS, RLC_SIGN(m[2])); + + bn_mul2_low(u1, p11, m[3], 2 * RLC_FP_DIGS); + fp_subd_low(t, p, u1); + dv_copy_cond(u1, t, 2 * RLC_FP_DIGS, RLC_SIGN(m[3])); + + fp_addc_low(t, u0, u1); + fp_rdcn_low(p11, t); + fp_addc_low(t, v0, v1); + fp_rdcn_low(p01, t); + fp_mulm_low(pre, pre, core_get()->conv.dp); +#endif + } + + s = iterations - loops * s; + d = jumpdivstep(m, d, f[0] & RLC_MASK(s), g[0] & RLC_MASK(s), s); + + t0[RLC_FP_DIGS] = bn_muls_low(t0, f, RLC_SIGN(f[RLC_FP_DIGS]), m[0], RLC_FP_DIGS); + t1[RLC_FP_DIGS] = bn_muls_low(t1, g, RLC_SIGN(g[RLC_FP_DIGS]), m[1], RLC_FP_DIGS); + bn_addn_low(t0, t0, t1, RLC_FP_DIGS + 1); + + f[RLC_FP_DIGS] = bn_muls_low(f, f, RLC_SIGN(f[RLC_FP_DIGS]), m[2], RLC_FP_DIGS); + t1[RLC_FP_DIGS] = bn_muls_low(t1, g, RLC_SIGN(g[RLC_FP_DIGS]), m[3], RLC_FP_DIGS); + bn_addn_low(t1, t1, f, RLC_FP_DIGS + 1); + + /* Update f and g. */ + bn_rshs_low(f, t0, RLC_FP_DIGS + 1, s); + bn_rshs_low(g, t1, RLC_FP_DIGS + 1, s); + +#if (FP_PRIME % WSIZE) != 0 + p[j] = 0; + dv_copy(p + j + 1, fp_prime_get(), RLC_FP_DIGS); + + /* Update column vector below. */ + /* Update column vector below. */ + bn_mul2_low(v0, p01, m[0], RLC_FP_DIGS + j); + fp_subd_low(t, p, v0); + dv_copy_cond(v0, t, RLC_FP_DIGS + j + 1, RLC_SIGN(m[0])); + + bn_mul2_low(v1, p11, m[1], RLC_FP_DIGS + j); + fp_subd_low(t, p, v1); + dv_copy_cond(v1, t, RLC_FP_DIGS + j + 1, RLC_SIGN(m[1])); + + fp_addd_low(t, v0, v1); + fp_rdcn_low(p01, t); +#else + fp_zero(p); + dv_copy(p + RLC_FP_DIGS, fp_prime_get(), RLC_FP_DIGS); + + /* Update column vector below. */ + bn_mul2_low(v0, p01, m[0], 2 * RLC_FP_DIGS); + fp_subd_low(t, p, v0); + dv_copy_cond(v0, t, 2 * RLC_FP_DIGS, RLC_SIGN(m[0])); + + bn_mul2_low(v1, p11, m[1], 2 * RLC_FP_DIGS); + fp_subd_low(t, p, v1); + dv_copy_cond(v1, t, 2 * RLC_FP_DIGS, RLC_SIGN(m[1])); + + fp_addc_low(t, v0, v1); + fp_rdcn_low(p01, t); +#endif + + /* Negate based on sign of f at the end. */ + fp_negm_low(t, p01); + dv_copy_cond(p01, t, RLC_FP_DIGS, f[RLC_FP_DIGS] >> (RLC_DIG - 1)); + /* Multiply by (precomp * R^j) % p, one for each iteration of the loop, + * one for the constant, one more to be removed by reduction. */ + fp_mul(c, p01, pre); + } + RLC_CATCH_ANY { + RLC_THROW(ERR_CAUGHT); + } + RLC_FINALLY { + dv_free(t0); + dv_free(f); + dv_free(t); + dv_free(p); + dv_free(g); + dv_free(t1); + dv_free(u0); + dv_free(u1); + dv_free(v0); + dv_free(v1); + dv_free(p01); + dv_free(p11); + fp_free(pre); } } @@ -515,6 +804,11 @@ void fp_inv_divst(fp_t c, const fp_t a) { #if FP_INV == LOWER || !defined(STRIP) void fp_inv_lower(fp_t c, const fp_t a) { + if (fp_is_zero(a)) { + RLC_THROW(ERR_NO_VALID); + return; + } + fp_invm_low(c, a); } @@ -536,8 +830,8 @@ void fp_inv_sim(fp_t *c, const fp_t *a, int n) { } fp_new(u); - fp_copy(c[0], a[0]); fp_copy(t[0], a[0]); + fp_copy(c[0], a[0]); for (i = 1; i < n; i++) { fp_copy(t[i], a[i]); diff --git a/src/fp/relic_fp_param.c b/src/fp/relic_fp_param.c index ffc8b55f6..d4dabc1b8 100644 --- a/src/fp/relic_fp_param.c +++ b/src/fp/relic_fp_param.c @@ -259,6 +259,42 @@ void fp_param_set(int param) { bn_add_dig(t0, t0, 0x8A); fp_prime_set_pairf(t0, EP_BN); break; +#elif FP_PRIME == 315 + case B24_315: + /* x = -2^32 + 2^30 + 2^21 + 2^20 + 1. */ + bn_set_2b(t0, 32); + bn_neg(t0, t0); + bn_set_2b(t1, 30); + bn_set_bit(t1, 21, 1); + bn_set_bit(t1, 20, 1); + bn_add_dig(t1, t1, 1); + bn_add(t0, t0, t1); + fp_prime_set_pairf(t0, EP_B24); + break; +#elif FP_PRIME == 317 + case B24_317: + /* x = 2^31 + 2^30 + 2^28 + 2^27 + 2^24 + 2^16 + 2^15. */ + bn_set_2b(t0, 31); + bn_set_bit(t0, 30, 1); + bn_set_bit(t0, 28, 1); + bn_set_bit(t0, 27, 1); + bn_set_bit(t0, 24, 1); + bn_set_bit(t0, 16, 1); + bn_set_bit(t0, 15, 1); + fp_prime_set_pairf(t0, EP_B24); + break; +#elif FP_PRIME == 377 + case B12_377: + /* x = 2^63 + 2^58 + 2^56 + 2^51 + 2^47 + 2^46 + 1. */ + bn_set_2b(t0, 63); + bn_set_bit(t0, 58, 1); + bn_set_bit(t0, 56, 1); + bn_set_bit(t0, 51, 1); + bn_set_bit(t0, 47, 1); + bn_set_bit(t0, 46, 1); + bn_add_dig(t0, t0, 1); + fp_prime_set_pairf(t0, EP_B12); + break; #elif FP_PRIME == 381 case B12_381: /* x = -(2^63 + 2^62 + 2^60 + 2^57 + 2^48 + 2^16). */ @@ -615,6 +651,12 @@ int fp_param_set_any_tower(void) { fp_param_set(BN_254); #elif FP_PRIME == 256 fp_param_set(BN_256); +#elif FP_PRIME == 315 + fp_param_set(B24_315); +#elif FP_PRIME == 317 + fp_param_set(B24_317); +#elif FP_PRIME == 377 + fp_param_set(B12_377); #elif FP_PRIME == 381 fp_param_set(B12_381); #elif FP_PRIME == 382 diff --git a/src/fp/relic_fp_prime.c b/src/fp/relic_fp_prime.c index da1a783a7..7cbdbcb29 100644 --- a/src/fp/relic_fp_prime.c +++ b/src/fp/relic_fp_prime.c @@ -63,7 +63,7 @@ static void fp_prime_set(const bn_t p) { bn_copy(&(ctx->prime), p); - #if FP_RDC == MONTY || !defined(STRIP) +#if FP_RDC == MONTY || !defined(STRIP) bn_mod_pre_monty(t, &(ctx->prime)); ctx->u = t->dp[0]; @@ -81,7 +81,42 @@ static void fp_prime_set(const bn_t p) { ctx->conv.used = RLC_FP_DIGS; bn_trim(&(ctx->conv)); - #endif /* FP_RDC == MONTY */ +#endif /* FP_RDC == MONTY */ + +#if FP_INV == JUMPDS || !defined(STRIP) + + int d = (45907 * FP_PRIME + 26313) / 19929; + +#if WSIZE == 8 + bn_set_dig(t, d >> 8); + bn_lsh(t, t, 8); + bn_add_dig(t, t, d & 0xFF); +#else + bn_set_dig(t, d); +#endif + ctx->inv.used = RLC_FP_DIGS; + dv_copy(ctx->inv.dp, fp_prime_get(), RLC_FP_DIGS); + fp_add_dig(ctx->inv.dp, ctx->inv.dp, 1); + fp_hlv(ctx->inv.dp, ctx->inv.dp); + fp_exp(ctx->inv.dp, ctx->inv.dp, t); + +#if FP_RDC == MONTY + +#if (FP_PRIME % WSIZE) != 0 + fp_mul(ctx->inv.dp, ctx->inv.dp, ctx->conv.dp); + fp_mul(ctx->inv.dp, ctx->inv.dp, ctx->conv.dp); + + for (int i = 1, j = 0; i < d / (RLC_DIG - 2); i++) { + j = i % RLC_FP_DIGS; + if (j == 0) { + fp_mulm_low(ctx->inv.dp, ctx->inv.dp, ctx->conv.dp); + } + } +#endif + +#endif /* FP_RDC == MONTY */ + +#endif /* FP_INV */ /* Now look for proper quadratic/cubic non-residues. */ ctx->qnr = ctx->cnr = 0; @@ -157,6 +192,9 @@ void fp_prime_init(void) { bn_make(&(ctx->conv), RLC_FP_DIGS); bn_make(&(ctx->one), RLC_FP_DIGS); #endif +#if FP_INV == JUMPDS || !defined(STRIP) + bn_make(&(ctx->inv), RLC_FP_DIGS); +#endif /* FP_INV */ } void fp_prime_clean(void) { @@ -171,6 +209,9 @@ void fp_prime_clean(void) { bn_clean(&(ctx->one)); bn_clean(&(ctx->conv)); #endif +#if FP_INV == JUMPDS || !defined(STRIP) + bn_clean(&(ctx->inv)); +#endif /* FP_INV */ bn_clean(&(ctx->prime)); bn_clean(&(ctx->par)); } diff --git a/src/fp/relic_fp_smb.c b/src/fp/relic_fp_smb.c new file mode 100644 index 000000000..ee42147a5 --- /dev/null +++ b/src/fp/relic_fp_smb.c @@ -0,0 +1,326 @@ +/* + * RELIC is an Efficient LIbrary for Cryptography + * Copyright (c) 2021 RELIC Authors + * + * This file is part of RELIC. RELIC is legal property of its developers, + * whose names are not listed here. Please refer to the COPYRIGHT file + * for contact information. + * + * RELIC is free software; you can redistribute it and/or modify it under the + * terms of the version 2.1 (or later) of the GNU Lesser General Public License + * as published by the Free Software Foundation; or version 2.0 of the Apache + * License as published by the Apache Software Foundation. See the LICENSE files + * for more details. + * + * RELIC is distributed in the hope that it will be useful, but WITHOUT ANY + * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR + * A PARTICULAR PURPOSE. See the LICENSE files for more details. + * + * You should have received a copy of the GNU Lesser General Public or the + * Apache License along with RELIC. If not, see + * or . + */ + +/** + * @file + * + * Implementation of Legendre and Jacobi symbols for prime fields. + * + * @ingroup fp + */ + +#include "relic_core.h" +#include "relic_bn_low.h" +#include "relic_fp_low.h" + +/*============================================================================*/ +/* Public definitions */ +/*============================================================================*/ + +#if FP_SMB == BASIC || !defined(STRIP) + +int fp_smb_basic(const fp_t a) { + bn_t t; + int r = 0; + + bn_null(t); + + RLC_TRY { + bn_new(t); + + /* t = (b - 1)/2. */ + t->sign = RLC_POS; + t->used = RLC_FP_DIGS; + dv_copy(t->dp, fp_prime_get(), RLC_FP_DIGS); + bn_sub_dig(t, t, 1); + bn_hlv(t, t); + + fp_exp(t->dp, a, t); + r = (fp_cmp_dig(t->dp, 1) == RLC_EQ); + fp_neg(t->dp, t->dp); + r = RLC_SEL(r, -(fp_cmp_dig(t->dp, 1) == RLC_EQ), !r); + } + RLC_CATCH_ANY { + RLC_THROW(ERR_CAUGHT); + } + RLC_FINALLY { + bn_free(t); + } + return r; +} + +#endif + +#if FP_SMB == DIVST || !defined(STRIP) + +int fp_smb_divst(const fp_t a) { + /* Compute number of iterations based on modulus size. */ +#if FP_PRIME < 46 + int r, d = (49 * FP_PRIME + 80)/17; +#else + int r, d = (49 * FP_PRIME + 57)/17; +#endif + dig_t delta = 1, g0, d0, fs, gs, k, mask, s; + bn_t _t; + dv_t f, g, t; + + bn_null(_t); + dv_null(f); + dv_null(g); + dv_null(t); + + RLC_TRY { + bn_new(_t); + dv_new(f); + dv_new(g); + dv_new(t); + +#if WSIZE == 8 + bn_set_dig(_t, d >> 8); + bn_lsh(_t, _t, 8); + bn_add_dig(_t, _t, d & 0xFF); +#else + bn_set_dig(_t, d); +#endif + + k = 0; + fp_prime_back(_t, a); + dv_zero(g, RLC_FP_DIGS); + dv_copy(g, _t->dp, _t->used); + dv_copy(f, fp_prime_get(), RLC_FP_DIGS); + fs = gs = RLC_POS; + + for (int i = 0; i < d; i++) { + d0 = g[0] & ((int)delta > 0); + /* Conditionally negate delta if d0 is set. */ + delta = (delta ^ -d0) + d0; + k ^= (((g[0] >> (dig_t)1) & ((f[0] >> (dig_t)1) ^ 1)) ^ (~fs & gs)) & d0; + + /* Conditionally swap and negate based on d0. */ + mask = -d0; + s = (fs ^ gs) & mask; + fs ^= s; + gs ^= s ^ d0; + for (int j = 0; j < RLC_FP_DIGS; j++) { + s = (f[j] ^ g[j]) & mask; + f[j] ^= s; + g[j] ^= s ^ (-d0); + } + fp_add1_low(g, g, d0); + + k ^= (f[0] >> 1) ^ (f[0] >> 2); + k &= 1; + + delta++; + g0 = g[0] & 1; + for (int j = 0; j < RLC_FP_DIGS; j++) { + t[j] = f[j] & (-g0); + } + + /* Compute g = (g + g0*f) div 2 by conditionally copying f to u and + * updating the sign of g. */ + gs ^= g0 & (fs ^ bn_addn_low(g, g, t, RLC_FP_DIGS)); + /* Shift and restore the sign. */ + fp_rsh1_low(g, g); + g[RLC_FP_DIGS - 1] |= (dig_t)gs << (RLC_DIG - 1); + } + + for (int j = 0; j < RLC_FP_DIGS; j++) { + t[j] = 0; + f[j] ^= -fs; + } + t[0] = 1; + fp_add1_low(f, f, fs); + + r = !(dv_cmp_const(f, t, RLC_FP_DIGS) == RLC_NE); + r = RLC_SEL(r, -1, (r == 1 && k == 1)); + r = RLC_SEL(r, 1, (r == 1 && k == 0)); + } RLC_CATCH_ANY { + RLC_THROW(ERR_CAUGHT) + } RLC_FINALLY { + bn_free(_t); + dv_free(f); + dv_free(g); + dv_free(t); + } + return r; +} + +#endif + +#if FP_SMB == JMPDS || !defined(STRIP) + +static dis_t jumpdivstep(dis_t m[4], dig_t *k, dis_t delta, dis_t x, dis_t y, int s) { + dig_t c0, c1, yi, ai = 1, bi = 0, ci = 0, di = 1, u = 0; + for (; s > 0; s--) { + yi = y; + + c0 = ~(delta >> (RLC_DIG - 1)); + c1 = -(x & 1); + c0 &= c1; + + x += ((y ^ c0) - c0) & c1; + ai += ((ci ^ c0) - c0) & c1; + bi += ((di ^ c0) - c0) & c1; + + /* delta = RLC_SEL(delta + 1, -delta, c0) */ + delta = (delta ^ c0) + 1; + y = y + (x & c0); + ci = ci + (ai & c0); + di = di + (bi & c0); + x >>= 1; + ci += ci; + di += di; + + u += ((yi & y) ^ (y >> (dig_t)1)) & 2; + u += (u & (dig_t)1) ^ (ci >> (dig_t)(RLC_DIG - 1)); + u %= 4; + } + m[0] = ai; + m[1] = bi; + m[2] = ci; + m[3] = di; + *k = u; + return delta; +} + +int fp_smb_jmpds(const fp_t a) { + dis_t m[4], d = 0; + int r, i, s = RLC_DIG - 2; + /* Iterations taken directly from https://github.com/sipa/safegcd-bounds */ + int loops, iterations = (45907 * FP_PRIME + 26313) / 19929; + dv_t f, g, t, p, t0, t1, u0, u1, v0, v1, p01, p11; + dig_t j, k, mask = RLC_MASK(s + 2); + + dv_null(f); + dv_null(g); + dv_null(t); + dv_null(p); + dv_null(t0); + dv_null(t1); + dv_null(u0); + dv_null(u1); + dv_null(v0); + dv_null(v1); + dv_null(p01); + dv_null(p11); + + RLC_TRY { + dv_new(t0); + dv_new(f); + dv_new(t); + dv_new(p); + dv_new(g); + dv_new(t1); + dv_new(u0); + dv_new(u1); + dv_new(v0); + dv_new(v1); + dv_new(p01); + dv_new(p11); + + f[RLC_FP_DIGS] = g[RLC_FP_DIGS] = 0; + dv_zero(f, 2 * RLC_FP_DIGS); + dv_zero(g, 2 * RLC_FP_DIGS); + dv_zero(t, 2 * RLC_FP_DIGS); + dv_zero(p, 2 * RLC_FP_DIGS); + dv_zero(u0, 2 * RLC_FP_DIGS); + dv_zero(u1, 2 * RLC_FP_DIGS); + dv_zero(v0, 2 * RLC_FP_DIGS); + dv_zero(v1, 2 * RLC_FP_DIGS); + + dv_copy(g, fp_prime_get(), RLC_FP_DIGS); +#if FP_RDC == MONTY + /* Convert a from Montgomery form. */ + fp_copy(t, a); + fp_rdcn_low(f, t); +#else + fp_copy(f, a); +#endif + + loops = iterations / s; + loops = (iterations % s == 0 ? loops - 1 : loops); + + j = k = 0; + for (i = 0; i <= loops; i++) { + d = jumpdivstep(m, &k, d, f[0] & mask, g[0] & mask, s); + + t0[RLC_FP_DIGS] = bn_muls_low(t0, f, f[RLC_FP_DIGS] >> (RLC_DIG - 1), m[0], RLC_FP_DIGS); + t1[RLC_FP_DIGS] = bn_muls_low(t1, g, g[RLC_FP_DIGS] >> (RLC_DIG - 1), m[1], RLC_FP_DIGS); + bn_addn_low(t0, t0, t1, RLC_FP_DIGS + 1); + + f[RLC_FP_DIGS] = bn_muls_low(f, f, f[RLC_FP_DIGS] >> (RLC_DIG - 1), m[2], RLC_FP_DIGS); + t1[RLC_FP_DIGS] = bn_muls_low(t1, g, g[RLC_FP_DIGS] >> (RLC_DIG - 1), m[3], RLC_FP_DIGS); + bn_addn_low(t1, t1, f, RLC_FP_DIGS + 1); + + /* Update f and g. */ + bn_rshs_low(f, t0, RLC_FP_DIGS + 1, s); + bn_rshs_low(g, t1, RLC_FP_DIGS + 1, s); + + j = (j + k) % 4; + j = (j + ((j & 1) ^ (g[RLC_FP_DIGS] >> (RLC_DIG - 1)))) % 4; + } + + r = 0; + j = (j + (j & 1)) % 4; + + fp_zero(t0); + t0[0] = 1; + r = RLC_SEL(r, 1 - j, dv_cmp_const(g, t0, RLC_FP_DIGS) == RLC_EQ); + for (i = 0; i < RLC_FP_DIGS; i++) { + g[i] = ~g[i]; + } + bn_add1_low(g, g, 1, RLC_FP_DIGS); + r = RLC_SEL(r, 1 - j, dv_cmp_const(g, t0, RLC_FP_DIGS) == RLC_EQ); + r = RLC_SEL(r, 1 - j, fp_is_zero(g)); + } + RLC_CATCH_ANY { + RLC_THROW(ERR_CAUGHT); + } + RLC_FINALLY { + dv_free(t0); + dv_free(f); + dv_free(t); + dv_free(p); + dv_free(g); + dv_free(t1); + dv_free(u0); + dv_free(u1); + dv_free(v0); + dv_free(v1); + dv_free(p01); + dv_free(p11); + } + + return r; +} + +#endif + +#if FP_SMB == LOWER || !defined(STRIP) + +int fp_smb_lower(const fp_t a) { + return fp_smbm_low(a); +} + +#endif diff --git a/src/fpx/relic_fp12_mul.c b/src/fpx/relic_fp12_mul.c index c2e5be967..08b9d48e4 100644 --- a/src/fpx/relic_fp12_mul.c +++ b/src/fpx/relic_fp12_mul.c @@ -39,7 +39,7 @@ #if FPX_RDC == LAZYR || !defined(STRIP) -inline static void fp6_mul_dxs_unr_lazyr(dv6_t c, fp6_t a, fp6_t b) { +inline static void fp6_mul_dxs_unr_lazyr(dv6_t c, const fp6_t a, const fp6_t b) { dv2_t u0, u1, u2, u3; fp2_t t0, t1; @@ -58,26 +58,6 @@ inline static void fp6_mul_dxs_unr_lazyr(dv6_t c, fp6_t a, fp6_t b) { fp2_new(t0); fp2_new(t1); -#ifdef RLC_FP_ROOM - fp2_mulc_low(u0, a[0], b[0]); - fp2_mulc_low(u1, a[1], b[1]); - fp2_addn_low(t0, a[0], a[1]); - fp2_addn_low(t1, b[0], b[1]); - - /* c_1 = (a_0 + a_1)(b_0 + b_1) - a_0b_0 - a_1b_1 */ - fp2_muln_low(u2, t0, t1); - fp2_subc_low(u2, u2, u0); - fp2_subc_low(c[1], u2, u1); - - /* c_0 = a_0b_0 + E a_2b_1 */ - fp2_mulc_low(u2, a[2], b[1]); - fp2_norh_low(c[0], u2); - fp2_addc_low(c[0], u0, c[0]); - - /* c_2 = a_0b_2 + a_1b_1 */ - fp2_mulc_low(u2, a[2], b[0]); - fp2_addc_low(c[2], u1, u2); -#else fp2_muln_low(u0, a[0], b[0]); fp2_muln_low(u1, a[1], b[1]); fp2_addm_low(t0, a[0], a[1]); @@ -96,7 +76,6 @@ inline static void fp6_mul_dxs_unr_lazyr(dv6_t c, fp6_t a, fp6_t b) { /* c_2 = a_0b_2 + a_1b_1 */ fp2_muln_low(u2, a[2], b[0]); fp2_addc_low(c[2], u1, u2); -#endif } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { @@ -117,7 +96,7 @@ inline static void fp6_mul_dxs_unr_lazyr(dv6_t c, fp6_t a, fp6_t b) { #if FPX_RDC == BASIC || !defined(STRIP) -void fp12_mul_basic(fp12_t c, fp12_t a, fp12_t b) { +void fp12_mul_basic(fp12_t c, const fp12_t a, const fp12_t b) { fp6_t t0, t1, t2; fp6_null(t0); @@ -158,7 +137,7 @@ void fp12_mul_basic(fp12_t c, fp12_t a, fp12_t b) { } } -void fp12_mul_dxs_basic(fp12_t c, fp12_t a, fp12_t b) { +void fp12_mul_dxs_basic(fp12_t c, const fp12_t a, const fp12_t b) { fp6_t t0, t1, t2; fp6_null(t0); @@ -245,7 +224,7 @@ void fp12_mul_dxs_basic(fp12_t c, fp12_t a, fp12_t b) { #if FPX_RDC == LAZYR || !defined(STRIP) -void fp12_mul_unr(dv12_t c, fp12_t a, fp12_t b) { +void fp12_mul_unr(dv12_t c, const fp12_t a, const fp12_t b) { fp6_t t0, t1; dv6_t u0, u1, u2, u3; @@ -298,7 +277,7 @@ void fp12_mul_unr(dv12_t c, fp12_t a, fp12_t b) { } } -void fp12_mul_lazyr(fp12_t c, fp12_t a, fp12_t b) { +void fp12_mul_lazyr(fp12_t c, const fp12_t a, const fp12_t b) { dv12_t t; dv12_null(t); @@ -317,7 +296,7 @@ void fp12_mul_lazyr(fp12_t c, fp12_t a, fp12_t b) { } } -void fp12_mul_dxs_lazyr(fp12_t c, fp12_t a, fp12_t b) { +void fp12_mul_dxs_lazyr(fp12_t c, const fp12_t a, const fp12_t b) { fp6_t t0; dv6_t u0, u1, u2; @@ -347,15 +326,10 @@ void fp12_mul_dxs_lazyr(fp12_t c, fp12_t a, fp12_t b) { fp2_copy(t0[1], b[1][1]); #elif EP_ADD == PROJC || EP_ADD == JACOB /* t0 = a_0 * b_0. */ -#ifdef RLC_FP_ROOM - fp2_mulc_low(u0[0], a[0][0], b[0][0]); - fp2_mulc_low(u0[1], a[0][1], b[0][0]); - fp2_mulc_low(u0[2], a[0][2], b[0][0]); -#else fp2_muln_low(u0[0], a[0][0], b[0][0]); fp2_muln_low(u0[1], a[0][1], b[0][0]); fp2_muln_low(u0[2], a[0][2], b[0][0]); -#endif + /* t2 = b_0 + b_1. */ fp2_add(t0[0], b[0][0], b[1][0]); fp2_copy(t0[1], b[1][1]); @@ -421,7 +395,7 @@ void fp12_mul_dxs_lazyr(fp12_t c, fp12_t a, fp12_t b) { #endif -void fp12_mul_art(fp12_t c, fp12_t a) { +void fp12_mul_art(fp12_t c, const fp12_t a) { fp6_t t0; fp6_null(t0); diff --git a/src/fpx/relic_fp12_sqr.c b/src/fpx/relic_fp12_sqr.c index fee988beb..80ab5569d 100644 --- a/src/fpx/relic_fp12_sqr.c +++ b/src/fpx/relic_fp12_sqr.c @@ -39,7 +39,7 @@ #if FPX_RDC == BASIC || !defined(STRIP) -void fp12_sqr_basic(fp12_t c, fp12_t a) { +void fp12_sqr_basic(fp12_t c, const fp12_t a) { fp6_t t0, t1; fp6_null(t0); @@ -66,7 +66,7 @@ void fp12_sqr_basic(fp12_t c, fp12_t a) { } } -void fp12_sqr_cyc_basic(fp12_t c, fp12_t a) { +void fp12_sqr_cyc_basic(fp12_t c, const fp12_t a) { fp2_t t0, t1, t2, t3, t4, t5, t6; fp2_null(t0); @@ -160,7 +160,7 @@ void fp12_sqr_cyc_basic(fp12_t c, fp12_t a) { } } -void fp12_sqr_pck_basic(fp12_t c, fp12_t a) { +void fp12_sqr_pck_basic(fp12_t c, const fp12_t a) { fp2_t t0, t1, t2, t3, t4, t5, t6; fp2_null(t0); @@ -234,7 +234,7 @@ void fp12_sqr_pck_basic(fp12_t c, fp12_t a) { #if FPX_RDC == LAZYR || !defined(STRIP) -void fp12_sqr_unr(dv12_t c, fp12_t a) { +void fp12_sqr_unr(dv12_t c, const fp12_t a) { fp4_t t0, t1; dv4_t u0, u1, u2, u3, u4; @@ -337,7 +337,7 @@ void fp12_sqr_unr(dv12_t c, fp12_t a) { } } -void fp12_sqr_lazyr(fp12_t c, fp12_t a) { +void fp12_sqr_lazyr(fp12_t c, const fp12_t a) { dv12_t t; dv12_null(t); @@ -356,7 +356,7 @@ void fp12_sqr_lazyr(fp12_t c, fp12_t a) { } } -void fp12_sqr_cyc_lazyr(fp12_t c, fp12_t a) { +void fp12_sqr_cyc_lazyr(fp12_t c, const fp12_t a) { fp2_t t0, t1, t2; dv2_t u0, u1, u2, u3; @@ -452,7 +452,7 @@ void fp12_sqr_cyc_lazyr(fp12_t c, fp12_t a) { } } -void fp12_sqr_pck_lazyr(fp12_t c, fp12_t a) { +void fp12_sqr_pck_lazyr(fp12_t c, const fp12_t a) { fp2_t t0, t1, t2; dv2_t u0, u1, u2, u3; diff --git a/src/fpx/relic_fp18_mul.c b/src/fpx/relic_fp18_mul.c index eeba2d364..337c6e734 100644 --- a/src/fpx/relic_fp18_mul.c +++ b/src/fpx/relic_fp18_mul.c @@ -39,7 +39,7 @@ #if FPX_RDC == BASIC || !defined(STRIP) -void fp18_mul_basic(fp18_t c, fp18_t a, fp18_t b) { +void fp18_mul_basic(fp18_t c, const fp18_t a, const fp18_t b) { fp9_t t0, t1, t2; fp9_null(t0); @@ -84,7 +84,7 @@ void fp18_mul_basic(fp18_t c, fp18_t a, fp18_t b) { #if FPX_RDC == LAZYR || !defined(STRIP) -void fp18_mul_unr(dv18_t c, fp18_t a, fp18_t b) { +void fp18_mul_unr(dv18_t c, const fp18_t a, const fp18_t b) { fp9_t t0, t1; dv9_t u0, u1, u2, u3; @@ -137,7 +137,7 @@ void fp18_mul_unr(dv18_t c, fp18_t a, fp18_t b) { } } -void fp18_mul_lazyr(fp18_t c, fp18_t a, fp18_t b) { +void fp18_mul_lazyr(fp18_t c, const fp18_t a, const fp18_t b) { dv18_t t; dv18_null(t); @@ -159,7 +159,7 @@ void fp18_mul_lazyr(fp18_t c, fp18_t a, fp18_t b) { #endif -void fp18_mul_dxs(fp18_t c, fp18_t a, fp18_t b) { +void fp18_mul_dxs(fp18_t c, const fp18_t a, const fp18_t b) { fp9_t t0, t1, t2; fp9_null(t0); @@ -205,7 +205,7 @@ void fp18_mul_dxs(fp18_t c, fp18_t a, fp18_t b) { } } -void fp18_mul_art(fp18_t c, fp18_t a) { +void fp18_mul_art(fp18_t c, const fp18_t a) { fp9_t t0; fp9_null(t0); diff --git a/src/fpx/relic_fp18_sqr.c b/src/fpx/relic_fp18_sqr.c index 74fe09dc3..1382f49a1 100644 --- a/src/fpx/relic_fp18_sqr.c +++ b/src/fpx/relic_fp18_sqr.c @@ -39,7 +39,7 @@ #if FPX_RDC == BASIC || !defined(STRIP) -void fp18_sqr_basic(fp18_t c, fp18_t a) { +void fp18_sqr_basic(fp18_t c, const fp18_t a) { fp9_t t0, t1; fp9_null(t0); @@ -70,7 +70,7 @@ void fp18_sqr_basic(fp18_t c, fp18_t a) { #if FPX_RDC == LAZYR || !defined(STRIP) -void fp18_sqr_unr(dv18_t c, fp18_t a) { +void fp18_sqr_unr(dv18_t c, const fp18_t a) { fp9_t t; dv9_t u0, u1, u2; @@ -123,7 +123,7 @@ void fp18_sqr_unr(dv18_t c, fp18_t a) { } } -void fp18_sqr_lazyr(fp18_t c, fp18_t a) { +void fp18_sqr_lazyr(fp18_t c, const fp18_t a) { dv18_t t; dv18_null(t); diff --git a/src/fpx/relic_fp24_mul.c b/src/fpx/relic_fp24_mul.c index 59701def7..c1b3ad09d 100644 --- a/src/fpx/relic_fp24_mul.c +++ b/src/fpx/relic_fp24_mul.c @@ -39,7 +39,7 @@ #if FPX_RDC == BASIC || !defined(STRIP) -void fp24_mul_basic(fp24_t c, fp24_t a, fp24_t b) { +void fp24_mul_basic(fp24_t c, const fp24_t a, const fp24_t b) { fp8_t t0, t1, t2, t3, t4, t5; fp8_null(t0); @@ -106,7 +106,7 @@ void fp24_mul_basic(fp24_t c, fp24_t a, fp24_t b) { #if FPX_RDC == LAZYR || !defined(STRIP) -void fp24_mul_unr(dv24_t c, fp24_t a, fp24_t b) { +void fp24_mul_unr(dv24_t c, const fp24_t a, const fp24_t b) { dv8_t u0, u1, u2, u3, u4; fp8_t t0, t1; @@ -194,7 +194,7 @@ void fp24_mul_unr(dv24_t c, fp24_t a, fp24_t b) { } } -void fp24_mul_lazyr(fp24_t c, fp24_t a, fp24_t b) { +void fp24_mul_lazyr(fp24_t c, const fp24_t a, const fp24_t b) { dv24_t t; dv24_null(t); @@ -217,7 +217,7 @@ void fp24_mul_lazyr(fp24_t c, fp24_t a, fp24_t b) { #endif -void fp24_mul_art(fp24_t c, fp24_t a) { +void fp24_mul_art(fp24_t c, const fp24_t a) { fp8_t t0; fp8_null(t0); @@ -237,7 +237,7 @@ void fp24_mul_art(fp24_t c, fp24_t a) { } } -void fp24_mul_dxs(fp24_t c, fp24_t a, fp24_t b) { +void fp24_mul_dxs(fp24_t c, const fp24_t a, const fp24_t b) { fp8_t t0, t1, t2, t3, t4; fp8_null(t0); @@ -257,27 +257,50 @@ void fp24_mul_dxs(fp24_t c, fp24_t a, fp24_t b) { /* t0 = a_0 * b_0. */ fp8_mul(t0, a[0], b[0]); - /* t1 = a_1 * b_1. */ - fp8_mul(t1, a[1], b[1]); - /* b_2 = 0. */ - fp8_add(t3, a[1], a[2]); - fp8_mul(t3, t3, b[1]); - fp8_sub(t3, t3, t1); - fp8_mul_art(t3, t3); - fp8_add(t3, t3, t0); - fp8_add(t4, a[0], a[1]); - fp8_add(t2, b[0], b[1]); - fp8_mul(t4, t4, t2); - fp8_sub(t4, t4, t0); - fp8_sub(c[1], t4, t1); - - fp8_add(t4, a[0], a[2]); - fp8_mul(c[2], t4, b[0]); - fp8_sub(c[2], c[2], t0); - fp8_add(c[2], c[2], t1); + if (fp8_is_zero(b[2])) { + /* t1 = a_1 * b_1. */ + fp8_mul(t1, a[1], b[1]); + /* b_2 = 0. */ + + fp8_mul(t3, t3, b[1]); + fp8_sub(t3, t3, t1); + fp8_mul_art(t3, t3); + fp8_add(t3, t3, t0); + + fp8_add(t2, b[0], b[1]); + fp8_mul(t4, t4, t2); + fp8_sub(t4, t4, t0); + fp8_sub(c[1], t4, t1); + + fp8_add(t4, a[0], a[2]); + fp8_mul(c[2], t4, b[0]); + fp8_sub(c[2], c[2], t0); + fp8_add(c[2], c[2], t1); + } else { + /* b_1 = 0. */ + /* t2 = a_2 * b_2. */ + fp8_mul(t1, a[2], b[2]); + + fp8_mul(t3, t3, b[2]); + fp8_sub(t3, t3, t1); + fp8_mul_art(t3, t3); + fp8_add(t3, t3, t0); + + fp8_mul(t4, t4, b[0]); + fp8_sub(t4, t4, t0); + fp8_mul_art(t2, t1); + fp8_add(c[1], t4, t2); + + fp8_add(t4, a[0], a[2]); + fp8_add(t2, b[0], b[2]); + fp8_mul(c[2], t4, t2); + fp8_sub(c[2], c[2], t0); + fp8_sub(c[2], c[2], t1); + } + fp8_copy(c[0], t3); } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); diff --git a/src/fpx/relic_fp24_sqr.c b/src/fpx/relic_fp24_sqr.c index 0e45d998c..77c850f7e 100644 --- a/src/fpx/relic_fp24_sqr.c +++ b/src/fpx/relic_fp24_sqr.c @@ -39,7 +39,7 @@ #if FPX_RDC == BASIC || !defined(STRIP) -void fp24_sqr_basic(fp24_t c, fp24_t a) { +void fp24_sqr_basic(fp24_t c, const fp24_t a) { fp8_t t0, t1, t2, t3, t4; fp8_null(t0); @@ -111,7 +111,7 @@ void fp24_sqr_basic(fp24_t c, fp24_t a) { } } -void fp24_sqr_cyc_basic(fp24_t c, fp24_t a) { +void fp24_sqr_cyc_basic(fp24_t c, const fp24_t a) { fp4_t t0, t1, t2, t3, t4, t5, t6; fp4_null(t0); @@ -200,7 +200,7 @@ void fp24_sqr_cyc_basic(fp24_t c, fp24_t a) { } } -void fp24_sqr_pck_basic(fp24_t c, fp24_t a) { +void fp24_sqr_pck_basic(fp24_t c, const fp24_t a) { fp4_t t0, t1, t2, t3, t4, t5, t6; fp4_null(t0); @@ -274,7 +274,7 @@ void fp24_sqr_pck_basic(fp24_t c, fp24_t a) { #if FPX_RDC == LAZYR || !defined(STRIP) -void fp24_sqr_unr(dv24_t c, fp24_t a) { +void fp24_sqr_unr(dv24_t c, const fp24_t a) { dv8_t u0, u1, u2, u3, u4; fp8_t t0, t1; @@ -376,7 +376,7 @@ void fp24_sqr_unr(dv24_t c, fp24_t a) { } } -void fp24_sqr_lazyr(fp24_t c, fp24_t a) { +void fp24_sqr_lazyr(fp24_t c, const fp24_t a) { dv24_t t; dv24_null(t); @@ -397,12 +397,12 @@ void fp24_sqr_lazyr(fp24_t c, fp24_t a) { } } -void fp24_sqr_cyc_lazyr(fp24_t c, fp24_t a) { +void fp24_sqr_cyc_lazyr(fp24_t c, const fp24_t a) { /* TODO: implement lazy reduction. */ fp24_sqr_cyc_basic(c, a); } -void fp24_sqr_pck_lazyr(fp24_t c, fp24_t a) { +void fp24_sqr_pck_lazyr(fp24_t c, const fp24_t a) { /* TODO: implement lazy reduction. */ fp24_sqr_pck_basic(c, a); } diff --git a/src/fpx/relic_fp2_mul.c b/src/fpx/relic_fp2_mul.c index dd4b9e472..6f39729e2 100644 --- a/src/fpx/relic_fp2_mul.c +++ b/src/fpx/relic_fp2_mul.c @@ -39,7 +39,7 @@ #if FPX_QDR == BASIC || !defined(STRIP) -void fp2_mul_basic(fp2_t c, fp2_t a, fp2_t b) { +void fp2_mul_basic(fp2_t c, const fp2_t a, const fp2_t b) { dv_t t0, t1, t2, t3, t4; dv_null(t0); @@ -103,7 +103,7 @@ void fp2_mul_basic(fp2_t c, fp2_t a, fp2_t b) { } } -void fp2_mul_nor_basic(fp2_t c, fp2_t a) { +void fp2_mul_nor_basic(fp2_t c, const fp2_t a) { fp2_t t; bn_t b; @@ -163,17 +163,17 @@ void fp2_mul_nor_basic(fp2_t c, fp2_t a) { #if FPX_QDR == INTEG || !defined(STRIP) -void fp2_mul_integ(fp2_t c, fp2_t a, fp2_t b) { +void fp2_mul_integ(fp2_t c, const fp2_t a, const fp2_t b) { fp2_mulm_low(c, a, b); } -void fp2_mul_nor_integ(fp2_t c, fp2_t a) { +void fp2_mul_nor_integ(fp2_t c, const fp2_t a) { fp2_norm_low(c, a); } #endif -void fp2_mul_art(fp2_t c, fp2_t a) { +void fp2_mul_art(fp2_t c, const fp2_t a) { fp_t t; fp_null(t); @@ -207,7 +207,7 @@ void fp2_mul_art(fp2_t c, fp2_t a) { } } -void fp2_mul_frb(fp2_t c, fp2_t a, int i, int j) { +void fp2_mul_frb(fp2_t c, const fp2_t a, int i, int j) { ctx_t *ctx = core_get(); #if ALLOC == AUTO diff --git a/src/fpx/relic_fp2_sqr.c b/src/fpx/relic_fp2_sqr.c index cc4c9f3f4..977dca572 100644 --- a/src/fpx/relic_fp2_sqr.c +++ b/src/fpx/relic_fp2_sqr.c @@ -38,7 +38,7 @@ #if FPX_QDR == BASIC || !defined(STRIP) -void fp2_sqr_basic(fp2_t c, fp2_t a) { +void fp2_sqr_basic(fp2_t c, const fp2_t a) { fp_t t0, t1, t2; fp_null(t0); @@ -103,7 +103,7 @@ void fp2_sqr_basic(fp2_t c, fp2_t a) { #if FPX_QDR == INTEG || !defined(STRIP) -void fp2_sqr_integ(fp2_t c, fp2_t a) { +void fp2_sqr_integ(fp2_t c, const fp2_t a) { fp2_sqrm_low(c, a); } diff --git a/src/fpx/relic_fp3_mul.c b/src/fpx/relic_fp3_mul.c index 1571e85b6..097bad426 100644 --- a/src/fpx/relic_fp3_mul.c +++ b/src/fpx/relic_fp3_mul.c @@ -39,7 +39,7 @@ #if FPX_CBC == BASIC || !defined(STRIP) -void fp3_mul_basic(fp3_t c, fp3_t a, fp3_t b) { +void fp3_mul_basic(fp3_t c, const fp3_t a, const fp3_t b) { dv_t t, t0, t1, t2, t3, t4, t5, t6; dv_null(t); @@ -143,13 +143,13 @@ void fp3_mul_basic(fp3_t c, fp3_t a, fp3_t b) { #if FPX_CBC == INTEG || !defined(STRIP) -void fp3_mul_integ(fp3_t c, fp3_t a, fp3_t b) { +void fp3_mul_integ(fp3_t c, const fp3_t a, const fp3_t b) { fp3_mulm_low(c, a, b); } #endif -void fp3_mul_nor(fp3_t c, fp3_t a) { +void fp3_mul_nor(fp3_t c, const fp3_t a) { fp_t t; fp_null(t); @@ -177,7 +177,7 @@ void fp3_mul_nor(fp3_t c, fp3_t a) { } } -void fp3_mul_frb(fp3_t c, fp3_t a, int i, int j) { +void fp3_mul_frb(fp3_t c, const fp3_t a, int i, int j) { ctx_t *ctx = core_get(); fp3_copy(c, a); switch (i % 3) { diff --git a/src/fpx/relic_fp3_sqr.c b/src/fpx/relic_fp3_sqr.c index f86167f39..1761e513b 100644 --- a/src/fpx/relic_fp3_sqr.c +++ b/src/fpx/relic_fp3_sqr.c @@ -39,7 +39,7 @@ #if FPX_CBC == BASIC || !defined(STRIP) -void fp3_sqr_basic(fp3_t c, fp3_t a) { +void fp3_sqr_basic(fp3_t c, const fp3_t a) { dv_t t0, t1, t2, t3, t4; dv_null(t0); @@ -123,7 +123,7 @@ void fp3_sqr_basic(fp3_t c, fp3_t a) { #if FPX_CBC == INTEG || !defined(STRIP) -void fp3_sqr_integ(fp3_t c, fp3_t a) { +void fp3_sqr_integ(fp3_t c, const fp3_t a) { fp3_sqrm_low(c, a); } diff --git a/src/fpx/relic_fp48_mul.c b/src/fpx/relic_fp48_mul.c index d0994cce3..3e2545195 100644 --- a/src/fpx/relic_fp48_mul.c +++ b/src/fpx/relic_fp48_mul.c @@ -39,7 +39,7 @@ #if FPX_RDC == BASIC || !defined(STRIP) -void fp48_mul_basic(fp48_t c, fp48_t a, fp48_t b) { +void fp48_mul_basic(fp48_t c, const fp48_t a, const fp48_t b) { fp24_t t0, t1, t2; fp24_null(t0); @@ -84,14 +84,14 @@ void fp48_mul_basic(fp48_t c, fp48_t a, fp48_t b) { #if FPX_RDC == LAZYR || !defined(STRIP) -void fp48_mul_lazyr(fp48_t c, fp48_t a, fp48_t b) { +void fp48_mul_lazyr(fp48_t c, const fp48_t a, const fp48_t b) { /* TODO: implement lazy reduction. */ fp48_mul_basic(c, a, b); } #endif -void fp48_mul_dxs(fp48_t c, fp48_t a, fp48_t b) { +void fp48_mul_dxs(fp48_t c, const fp48_t a, const fp48_t b) { fp24_t t0, t1, t2; fp24_null(t0); @@ -154,7 +154,7 @@ void fp48_mul_dxs(fp48_t c, fp48_t a, fp48_t b) { } } -void fp48_mul_art(fp48_t c, fp48_t a) { +void fp48_mul_art(fp48_t c, const fp48_t a) { fp24_t t0; fp24_null(t0); diff --git a/src/fpx/relic_fp48_sqr.c b/src/fpx/relic_fp48_sqr.c index 45032b65e..aec4d9f6d 100644 --- a/src/fpx/relic_fp48_sqr.c +++ b/src/fpx/relic_fp48_sqr.c @@ -39,7 +39,7 @@ #if FPX_RDC == BASIC || !defined(STRIP) -void fp48_sqr_basic(fp48_t c, fp48_t a) { +void fp48_sqr_basic(fp48_t c, const fp48_t a) { fp24_t t0, t1; fp24_null(t0); @@ -66,7 +66,7 @@ void fp48_sqr_basic(fp48_t c, fp48_t a) { } } -void fp48_sqr_cyc_basic(fp48_t c, fp48_t a) { +void fp48_sqr_cyc_basic(fp48_t c, const fp48_t a) { fp8_t t0, t1, t2, t3, t4, t5, t6; fp8_null(t0); @@ -155,7 +155,7 @@ void fp48_sqr_cyc_basic(fp48_t c, fp48_t a) { } } -void fp48_sqr_pck_basic(fp48_t c, fp48_t a) { +void fp48_sqr_pck_basic(fp48_t c, const fp48_t a) { fp8_t t0, t1, t2, t3, t4, t5, t6; fp8_null(t0); @@ -229,12 +229,12 @@ void fp48_sqr_pck_basic(fp48_t c, fp48_t a) { #if FPX_RDC == LAZYR || !defined(STRIP) -void fp48_sqr_lazyr(fp48_t c, fp48_t a) { +void fp48_sqr_lazyr(fp48_t c, const fp48_t a) { /* TODO: implement lazy reduction. */ fp48_sqr_basic(c, a); } -void fp48_sqr_cyc_lazyr(fp48_t c, fp48_t a) { +void fp48_sqr_cyc_lazyr(fp48_t c, const fp48_t a) { fp8_t t0, t1, t2, t3, t4, t5, t6; fp8_null(t0); @@ -323,7 +323,7 @@ void fp48_sqr_cyc_lazyr(fp48_t c, fp48_t a) { } } -void fp48_sqr_pck_lazyr(fp48_t c, fp48_t a) { +void fp48_sqr_pck_lazyr(fp48_t c, const fp48_t a) { fp8_t t0, t1, t2; dv8_t u0, u1, u2, u3; diff --git a/src/fpx/relic_fp4_mul.c b/src/fpx/relic_fp4_mul.c index 1ab92ea9e..54bc6c11a 100644 --- a/src/fpx/relic_fp4_mul.c +++ b/src/fpx/relic_fp4_mul.c @@ -39,7 +39,7 @@ #if FPX_RDC == BASIC || !defined(STRIP) -void fp4_mul_basic(fp4_t c, fp4_t a, fp4_t b) { +void fp4_mul_basic(fp4_t c, const fp4_t a, const fp4_t b) { fp2_t t0, t1, t2; fp2_null(t0); @@ -84,7 +84,7 @@ void fp4_mul_basic(fp4_t c, fp4_t a, fp4_t b) { #if PP_EXT == LAZYR || !defined(STRIP) -void fp4_mul_unr(dv4_t c, fp4_t a, fp4_t b) { +void fp4_mul_unr(dv4_t c, const fp4_t a, const fp4_t b) { fp2_t t0, t1; dv2_t u0, u1; @@ -99,25 +99,16 @@ void fp4_mul_unr(dv4_t c, fp4_t a, fp4_t b) { dv2_new(u0); dv2_new(u1); -#ifdef RLC_FP_ROOM - fp2_mulc_low(u0, a[0], b[0]); - fp2_mulc_low(u1, a[1], b[1]); - fp2_addn_low(t0, b[0], b[1]); - fp2_addn_low(t1, a[0], a[1]); -#else fp2_muln_low(u0, a[0], b[0]); fp2_muln_low(u1, a[1], b[1]); fp2_addm_low(t0, b[0], b[1]); fp2_addm_low(t1, a[0], a[1]); -#endif + fp2_muln_low(c[1], t1, t0); fp2_subc_low(c[1], c[1], u0); fp2_subc_low(c[1], c[1], u1); -#ifdef RLC_FP_ROOM - fp2_norh_low(c[0], u1); -#else + fp2_nord_low(c[0], u1); -#endif fp2_addc_low(c[0], c[0], u0); } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); @@ -129,7 +120,7 @@ void fp4_mul_unr(dv4_t c, fp4_t a, fp4_t b) { } } -void fp4_mul_lazyr(fp4_t c, fp4_t a, fp4_t b) { +void fp4_mul_lazyr(fp4_t c, const fp4_t a, const fp4_t b) { dv4_t t; dv4_null(t); @@ -148,7 +139,7 @@ void fp4_mul_lazyr(fp4_t c, fp4_t a, fp4_t b) { #endif -void fp4_mul_art(fp4_t c, fp4_t a) { +void fp4_mul_art(fp4_t c, const fp4_t a) { fp2_t t0; fp2_null(t0); @@ -167,7 +158,7 @@ void fp4_mul_art(fp4_t c, fp4_t a) { } } -void fp4_mul_frb(fp4_t c, fp4_t a, int i, int j) { +void fp4_mul_frb(fp4_t c, const fp4_t a, int i, int j) { fp2_t t; fp2_null(t); @@ -177,11 +168,15 @@ void fp4_mul_frb(fp4_t c, fp4_t a, int i, int j) { fp_copy(t[0], core_get()->fp4_p1[0]); fp_copy(t[1], core_get()->fp4_p1[1]); + if (i == 1) { for (int k = 0; k < j; k++) { fp2_mul(c[0], a[0], t); fp2_mul(c[1], a[1], t); - fp4_mul_art(c, c); + /* If constant in base field, then second component is zero. */ + if (core_get()->frb4 == 1) { + fp4_mul_art(c, c); + } } } else { RLC_THROW(ERR_NO_VALID); diff --git a/src/fpx/relic_fp4_sqr.c b/src/fpx/relic_fp4_sqr.c index 354ccbc58..31b348d9d 100644 --- a/src/fpx/relic_fp4_sqr.c +++ b/src/fpx/relic_fp4_sqr.c @@ -39,7 +39,7 @@ #if FPX_RDC == BASIC || !defined(STRIP) -void fp4_sqr_basic(fp4_t c, fp4_t a) { +void fp4_sqr_basic(fp4_t c, const fp4_t a) { fp2_t t0, t1; fp2_null(t0); @@ -70,7 +70,7 @@ void fp4_sqr_basic(fp4_t c, fp4_t a) { #if PP_EXT == LAZYR || !defined(STRIP) -void fp4_sqr_unr(dv4_t c, fp4_t a) { +void fp4_sqr_unr(dv4_t c, const fp4_t a) { fp2_t t; dv2_t u0, u1; @@ -107,7 +107,7 @@ void fp4_sqr_unr(dv4_t c, fp4_t a) { } } -void fp4_sqr_lazyr(fp4_t c, fp4_t a) { +void fp4_sqr_lazyr(fp4_t c, const fp4_t a) { dv4_t t; dv4_null(t); diff --git a/src/fpx/relic_fp54_mul.c b/src/fpx/relic_fp54_mul.c index fb45581e4..cd0e0d5a7 100644 --- a/src/fpx/relic_fp54_mul.c +++ b/src/fpx/relic_fp54_mul.c @@ -39,7 +39,7 @@ #if FPX_RDC == BASIC || !defined(STRIP) -void fp54_mul_basic(fp54_t c, fp54_t a, fp54_t b) { +void fp54_mul_basic(fp54_t c, const fp54_t a, const fp54_t b) { fp18_t t0, t1, t2, t3, t4, t5; fp18_null(t0); @@ -106,14 +106,14 @@ void fp54_mul_basic(fp54_t c, fp54_t a, fp54_t b) { #if FPX_RDC == LAZYR || !defined(STRIP) -void fp54_mul_lazyr(fp54_t c, fp54_t a, fp54_t b) { +void fp54_mul_lazyr(fp54_t c, const fp54_t a, const fp54_t b) { /* TODO: implement lazy reduction. */ fp54_mul_basic(c, a, b); } #endif -void fp54_mul_dxs(fp54_t c, fp54_t a, fp54_t b) { +void fp54_mul_dxs(fp54_t c, const fp54_t a, const fp54_t b) { fp18_t t0, t1, t2, t3, t4; fp18_null(t0); @@ -181,7 +181,7 @@ void fp54_mul_dxs(fp54_t c, fp54_t a, fp54_t b) { } } -void fp54_mul_art(fp54_t c, fp54_t a) { +void fp54_mul_art(fp54_t c, const fp54_t a) { fp18_t t0; fp18_null(t0); diff --git a/src/fpx/relic_fp54_sqr.c b/src/fpx/relic_fp54_sqr.c index 37a75744b..a08e5b611 100644 --- a/src/fpx/relic_fp54_sqr.c +++ b/src/fpx/relic_fp54_sqr.c @@ -39,7 +39,7 @@ #if FPX_RDC == BASIC || !defined(STRIP) -void fp54_sqr_basic(fp54_t c, fp54_t a) { +void fp54_sqr_basic(fp54_t c, const fp54_t a) { fp18_t t0, t1, t2, t3, t4; fp18_null(t0); @@ -111,7 +111,7 @@ void fp54_sqr_basic(fp54_t c, fp54_t a) { } } -void fp54_sqr_cyc_basic(fp54_t c, fp54_t a) { +void fp54_sqr_cyc_basic(fp54_t c, const fp54_t a) { fp9_t t0, t1, t2, t3, t4, t5, t6; fp9_null(t0); @@ -200,7 +200,7 @@ void fp54_sqr_cyc_basic(fp54_t c, fp54_t a) { } } -void fp54_sqr_pck_basic(fp54_t c, fp54_t a) { +void fp54_sqr_pck_basic(fp54_t c, const fp54_t a) { fp9_t t0, t1, t2, t3, t4, t5, t6; fp9_null(t0); @@ -274,17 +274,17 @@ void fp54_sqr_pck_basic(fp54_t c, fp54_t a) { #if FPX_RDC == LAZYR || !defined(STRIP) -void fp54_sqr_lazyr(fp54_t c, fp54_t a) { +void fp54_sqr_lazyr(fp54_t c, const fp54_t a) { /* TODO: implement lazy reduction. */ fp54_sqr_basic(c, a); } -void fp54_sqr_cyc_lazyr(fp54_t c, fp54_t a) { +void fp54_sqr_cyc_lazyr(fp54_t c, const fp54_t a) { /* TODO: implement lazy reduction. */ fp54_sqr_cyc_basic(c, a); } -void fp54_sqr_pck_lazyr(fp54_t c, fp54_t a) { +void fp54_sqr_pck_lazyr(fp54_t c, const fp54_t a) { fp9_t t0, t1, t2; dv9_t u0, u1, u2, u3; diff --git a/src/fpx/relic_fp6_mul.c b/src/fpx/relic_fp6_mul.c index dcb1e5db5..09c586ee9 100644 --- a/src/fpx/relic_fp6_mul.c +++ b/src/fpx/relic_fp6_mul.c @@ -38,7 +38,7 @@ #if FPX_RDC == BASIC || !defined(STRIP) -void fp6_mul_basic(fp6_t c, fp6_t a, fp6_t b) { +void fp6_mul_basic(fp6_t c, const fp6_t a, const fp6_t b) { fp2_t v0, v1, v2, t0, t1, t2; fp2_null(v0); @@ -110,7 +110,7 @@ void fp6_mul_basic(fp6_t c, fp6_t a, fp6_t b) { #if PP_EXT == LAZYR || !defined(STRIP) /* MSVC needs this to be exported, so remove inline */ -void fp6_mul_unr(dv6_t c, fp6_t a, fp6_t b) { +void fp6_mul_unr(dv6_t c, const fp6_t a, const fp6_t b) { dv2_t u0, u1, u2, u3; fp2_t t0, t1; @@ -132,60 +132,47 @@ void fp6_mul_unr(dv6_t c, fp6_t a, fp6_t b) { /* v0 = a_0b_0, v1 = a_1b_1, v2 = a_2b_2, * t0 = a_1 + a_2, t1 = b_1 + b_2, * u4 = u1 + u2, u5 = u0 + u1, u6 = u0 + u2 */ + fp2_muln_low(u0, a[0], b[0]); + fp2_muln_low(u1, a[1], b[1]); + fp2_muln_low(u2, a[2], b[2]); #ifdef RLC_FP_ROOM - fp2_mulc_low(u0, a[0], b[0]); - fp2_mulc_low(u1, a[1], b[1]); - fp2_mulc_low(u2, a[2], b[2]); fp2_addn_low(t0, a[1], a[2]); fp2_addn_low(t1, b[1], b[2]); - fp2_addd_low(c[0], u1, u2); #else - fp2_muln_low(u0, a[0], b[0]); - fp2_muln_low(u1, a[1], b[1]); - fp2_muln_low(u2, a[2], b[2]); fp2_addm_low(t0, a[1], a[2]); fp2_addm_low(t1, b[1], b[2]); - fp2_addc_low(c[0], u1, u2); #endif + fp2_addc_low(c[0], u1, u2); + /* t2 (c_0) = v0 + E((a_1 + a_2)(b_1 + b_2) - v1 - v2) */ fp2_muln_low(u3, t0, t1); fp2_subc_low(u3, u3, c[0]); -#ifdef RLC_FP_ROOM - fp2_norh_low(c[0], u3); -#else fp2_nord_low(c[0], u3); -#endif fp2_addc_low(c[0], c[0], u0); /* c_1 = (a_0 + a_1)(b_0 + b_1) - v0 - v1 + Ev2 */ #ifdef RLC_FP_ROOM fp2_addn_low(t0, a[0], a[1]); fp2_addn_low(t1, b[0], b[1]); - fp2_addd_low(c[1], u0, u1); #else fp2_addm_low(t0, a[0], a[1]); fp2_addm_low(t1, b[0], b[1]); - fp2_addc_low(c[1], u0, u1); #endif + fp2_addc_low(c[1], u0, u1); fp2_muln_low(u3, t0, t1); fp2_subc_low(u3, u3, c[1]); -#ifdef RLC_FP_ROOM - fp2_norh_low(c[2], u2); -#else fp2_nord_low(c[2], u2); -#endif fp2_addc_low(c[1], u3, c[2]); /* c_2 = (a_0 + a_2)(b_0 + b_2) - v0 + v1 - v2 */ #ifdef RLC_FP_ROOM fp2_addn_low(t0, a[0], a[2]); fp2_addn_low(t1, b[0], b[2]); - fp2_addd_low(c[2], u0, u2); #else fp2_addm_low(t0, a[0], a[2]); fp2_addm_low(t1, b[0], b[2]); - fp2_addc_low(c[2], u0, u2); #endif + fp2_addc_low(c[2], u0, u2); fp2_muln_low(u3, t0, t1); fp2_subc_low(u3, u3, c[2]); fp2_addc_low(c[2], u3, u1); @@ -201,7 +188,7 @@ void fp6_mul_unr(dv6_t c, fp6_t a, fp6_t b) { } } -void fp6_mul_lazyr(fp6_t c, fp6_t a, fp6_t b) { +void fp6_mul_lazyr(fp6_t c, const fp6_t a, const fp6_t b) { dv6_t t; dv6_null(t); @@ -221,7 +208,7 @@ void fp6_mul_lazyr(fp6_t c, fp6_t a, fp6_t b) { #endif -void fp6_mul_dxs(fp6_t c, fp6_t a, fp6_t b) { +void fp6_mul_dxs(fp6_t c, const fp6_t a, const fp6_t b) { fp2_t v0, v1, t0, t1, t2; fp2_null(v0); @@ -278,7 +265,7 @@ void fp6_mul_dxs(fp6_t c, fp6_t a, fp6_t b) { } } -void fp6_mul_art(fp6_t c, fp6_t a) { +void fp6_mul_art(fp6_t c, const fp6_t a) { fp2_t t0; fp2_null(t0); diff --git a/src/fpx/relic_fp6_sqr.c b/src/fpx/relic_fp6_sqr.c index 713614522..7ffe527e8 100644 --- a/src/fpx/relic_fp6_sqr.c +++ b/src/fpx/relic_fp6_sqr.c @@ -39,7 +39,7 @@ #if FPX_RDC == BASIC || !defined(STRIP) -void fp6_sqr_basic(fp6_t c, fp6_t a) { +void fp6_sqr_basic(fp6_t c, const fp6_t a) { fp2_t t0, t1, t2, t3, t4; fp2_null(t0); @@ -111,7 +111,7 @@ void fp6_sqr_basic(fp6_t c, fp6_t a) { #if PP_EXT == LAZYR || !defined(STRIP) -void fp6_sqr_unr(dv6_t c, fp6_t a) { +void fp6_sqr_unr(dv6_t c, const fp6_t a) { dv2_t u0, u1, u2, u3, u4, u5; fp2_t t0, t1, t2, t3; @@ -144,11 +144,7 @@ void fp6_sqr_unr(dv6_t c, fp6_t a) { /* t1 = 2 * a_1 * a_2 */ fp2_dblm_low(t0, a[1]); -#ifdef RLC_FP_ROOM - fp2_mulc_low(u1, t0, a[2]); -#else fp2_muln_low(u1, t0, a[2]); -#endif /* u2 = a_2^2. */ fp2_sqrn_low(u2, a[2]); @@ -165,28 +161,17 @@ void fp6_sqr_unr(dv6_t c, fp6_t a) { fp2_sqrn_low(u4, t1); /* u4 = (u4 + u3)/2. */ -#ifdef RLC_FP_ROOM - fp2_addd_low(u4, u4, u3); -#else fp2_addc_low(u4, u4, u3); -#endif + fp_hlvd_low(u4[0], u4[0]); fp_hlvd_low(u4[1], u4[1]); /* u3 = u3 - u4 - u1. */ -#ifdef RLC_FP_ROOM - fp2_addd_low(u5, u1, u4); -#else fp2_addc_low(u5, u1, u4); -#endif fp2_subc_low(u3, u3, u5); /* c2 = u4 - u0 - u2. */ -#ifdef RLC_FP_ROOM - fp2_addd_low(u5, u0, u2); -#else fp2_addc_low(u5, u0, u2); -#endif fp2_subc_low(c[2], u4, u5); /* c0 = u0 + u1 * E. */ @@ -212,7 +197,7 @@ void fp6_sqr_unr(dv6_t c, fp6_t a) { } } -void fp6_sqr_lazyr(fp6_t c, fp6_t a) { +void fp6_sqr_lazyr(fp6_t c, const fp6_t a) { dv6_t t; dv6_null(t); diff --git a/src/fpx/relic_fp8_mul.c b/src/fpx/relic_fp8_mul.c index c8c918963..fc587f18c 100644 --- a/src/fpx/relic_fp8_mul.c +++ b/src/fpx/relic_fp8_mul.c @@ -39,7 +39,7 @@ #if FPX_RDC == BASIC || !defined(STRIP) -void fp8_mul_basic(fp8_t c, fp8_t a, fp8_t b) { +void fp8_mul_basic(fp8_t c, const fp8_t a, const fp8_t b) { fp4_t t0, t1, t4; fp4_null(t0); @@ -84,7 +84,7 @@ void fp8_mul_basic(fp8_t c, fp8_t a, fp8_t b) { #if PP_EXT == LAZYR || !defined(STRIP) -static void fp4_mul_dxs_unr(dv4_t c, fp4_t a, fp4_t b) { +static void fp4_mul_dxs_unr(dv4_t c, const fp4_t a, const fp4_t b) { fp2_t t0, t1; dv2_t u0, u1; @@ -99,15 +99,10 @@ static void fp4_mul_dxs_unr(dv4_t c, fp4_t a, fp4_t b) { dv2_new(u0); dv2_new(u1); -#ifdef RLC_FP_ROOM - fp2_mulc_low(u1, a[1], b[1]); - fp2_addn_low(t0, b[0], b[1]); - fp2_addn_low(t1, a[0], a[1]); -#else fp2_muln_low(u1, a[1], b[1]); fp2_addm_low(t0, b[0], b[1]); fp2_addm_low(t1, a[0], a[1]); -#endif + fp2_muln_low(c[1], t1, t0); fp2_subc_low(c[1], c[1], u1); fp2_norh_low(c[0], u1); @@ -121,7 +116,7 @@ static void fp4_mul_dxs_unr(dv4_t c, fp4_t a, fp4_t b) { } } -void fp8_mul_dxs(fp8_t c, fp8_t a, fp8_t b) { +void fp8_mul_dxs(fp8_t c, const fp8_t a, const fp8_t b) { fp4_t t0, t1; dv4_t u0, u1, u2, u3; @@ -179,7 +174,7 @@ void fp8_mul_dxs(fp8_t c, fp8_t a, fp8_t b) { } } -void fp8_mul_unr(dv8_t c, fp8_t a, fp8_t b) { +void fp8_mul_unr(dv8_t c, const fp8_t a, const fp8_t b) { fp4_t t0, t1; dv4_t u0, u1, u2, u3; @@ -234,7 +229,7 @@ void fp8_mul_unr(dv8_t c, fp8_t a, fp8_t b) { } } -void fp8_mul_lazyr(fp8_t c, fp8_t a, fp8_t b) { +void fp8_mul_lazyr(fp8_t c, const fp8_t a, const fp8_t b) { dv8_t t; dv8_null(t); @@ -255,7 +250,7 @@ void fp8_mul_lazyr(fp8_t c, fp8_t a, fp8_t b) { #endif -void fp8_mul_art(fp8_t c, fp8_t a) { +void fp8_mul_art(fp8_t c, const fp8_t a) { fp4_t t0; fp4_null(t0); diff --git a/src/fpx/relic_fp8_sqr.c b/src/fpx/relic_fp8_sqr.c index c2b5f99d1..570da4751 100644 --- a/src/fpx/relic_fp8_sqr.c +++ b/src/fpx/relic_fp8_sqr.c @@ -39,7 +39,7 @@ #if FPX_RDC == BASIC || !defined(STRIP) -void fp8_sqr_basic(fp8_t c, fp8_t a) { +void fp8_sqr_basic(fp8_t c, const fp8_t a) { fp4_t t0, t1; fp4_null(t0); @@ -70,7 +70,7 @@ void fp8_sqr_basic(fp8_t c, fp8_t a) { #if PP_EXT == LAZYR || !defined(STRIP) -void fp8_sqr_unr(dv8_t c, fp8_t a) { +void fp8_sqr_unr(dv8_t c, const fp8_t a) { fp4_t t; dv4_t u0, u1, u2; @@ -116,7 +116,7 @@ void fp8_sqr_unr(dv8_t c, fp8_t a) { } } -void fp8_sqr_lazyr(fp8_t c, fp8_t a) { +void fp8_sqr_lazyr(fp8_t c, const fp8_t a) { dv8_t t; dv8_null(t); @@ -137,7 +137,7 @@ void fp8_sqr_lazyr(fp8_t c, fp8_t a) { #endif -void fp8_sqr_cyc(fp8_t c, fp8_t a) { +void fp8_sqr_cyc(fp8_t c, const fp8_t a) { fp4_t t0, t1, t2; fp4_null(t0); diff --git a/src/fpx/relic_fp9_mul.c b/src/fpx/relic_fp9_mul.c index d796d77fd..3d33e7aaa 100644 --- a/src/fpx/relic_fp9_mul.c +++ b/src/fpx/relic_fp9_mul.c @@ -38,7 +38,7 @@ #if FPX_RDC == BASIC || !defined(STRIP) -void fp9_mul_basic(fp9_t c, fp9_t a, fp9_t b) { +void fp9_mul_basic(fp9_t c, const fp9_t a, const fp9_t b) { fp3_t v0, v1, v2, t0, t1, t2; fp3_null(v0); @@ -109,7 +109,7 @@ void fp9_mul_basic(fp9_t c, fp9_t a, fp9_t b) { #if PP_EXT == LAZYR || !defined(STRIP) -void fp9_mul_unr(dv9_t c, fp9_t a, fp9_t b) { +void fp9_mul_unr(dv9_t c, const fp9_t a, const fp9_t b) { dv3_t u0, u1, u2, u3; fp3_t t0, t1; @@ -182,7 +182,7 @@ void fp9_mul_unr(dv9_t c, fp9_t a, fp9_t b) { } } -void fp9_mul_lazyr(fp9_t c, fp9_t a, fp9_t b) { +void fp9_mul_lazyr(fp9_t c, const fp9_t a, const fp9_t b) { dv9_t t; dv9_null(t); @@ -202,7 +202,7 @@ void fp9_mul_lazyr(fp9_t c, fp9_t a, fp9_t b) { #endif -void fp9_mul_dxs(fp9_t c, fp9_t a, fp9_t b) { +void fp9_mul_dxs(fp9_t c, const fp9_t a, const fp9_t b) { fp3_t v0, v1, t0, t1, t2; fp3_null(v0); @@ -259,7 +259,7 @@ void fp9_mul_dxs(fp9_t c, fp9_t a, fp9_t b) { } } -void fp9_mul_art(fp9_t c, fp9_t a) { +void fp9_mul_art(fp9_t c, const fp9_t a) { fp3_t t0; fp3_null(t0); diff --git a/src/fpx/relic_fp9_sqr.c b/src/fpx/relic_fp9_sqr.c index 572e627fd..94347ed4b 100644 --- a/src/fpx/relic_fp9_sqr.c +++ b/src/fpx/relic_fp9_sqr.c @@ -39,7 +39,7 @@ #if FPX_RDC == BASIC || !defined(STRIP) -void fp9_sqr_basic(fp9_t c, fp9_t a) { +void fp9_sqr_basic(fp9_t c, const fp9_t a) { fp3_t t0, t1, t2, t3, t4; fp3_null(t0); @@ -112,7 +112,7 @@ void fp9_sqr_basic(fp9_t c, fp9_t a) { #if PP_EXT == LAZYR || !defined(STRIP) -void fp9_sqr_unr(dv9_t c, fp9_t a) { +void fp9_sqr_unr(dv9_t c, const fp9_t a) { dv3_t u0, u1, u2, u3, u4, u5; fp3_t t0, t1, t2, t3; @@ -201,7 +201,7 @@ void fp9_sqr_unr(dv9_t c, fp9_t a) { } } -void fp9_sqr_lazyr(fp9_t c, fp9_t a) { +void fp9_sqr_lazyr(fp9_t c, const fp9_t a) { dv9_t t; dv9_null(t); diff --git a/src/fpx/relic_fpx_add.c b/src/fpx/relic_fpx_add.c index ca1fbf8ce..3423aaea9 100644 --- a/src/fpx/relic_fpx_add.c +++ b/src/fpx/relic_fpx_add.c @@ -38,17 +38,17 @@ #if FPX_QDR == BASIC || !defined(STRIP) -void fp2_add_basic(fp2_t c, fp2_t a, fp2_t b) { +void fp2_add_basic(fp2_t c, const fp2_t a, const fp2_t b) { fp_add(c[0], a[0], b[0]); fp_add(c[1], a[1], b[1]); } -void fp2_sub_basic(fp2_t c, fp2_t a, fp2_t b) { +void fp2_sub_basic(fp2_t c, const fp2_t a, const fp2_t b) { fp_sub(c[0], a[0], b[0]); fp_sub(c[1], a[1], b[1]); } -void fp2_dbl_basic(fp2_t c, fp2_t a) { +void fp2_dbl_basic(fp2_t c, const fp2_t a) { /* 2 * (a_0 + a_1 * u) = 2 * a_0 + 2 * a_1 * u. */ fp_dbl(c[0], a[0]); fp_dbl(c[1], a[1]); @@ -58,15 +58,15 @@ void fp2_dbl_basic(fp2_t c, fp2_t a) { #if FPX_QDR == INTEG || !defined(STRIP) -void fp2_add_integ(fp2_t c, fp2_t a, fp2_t b) { +void fp2_add_integ(fp2_t c, const fp2_t a, const fp2_t b) { fp2_addm_low(c, a, b); } -void fp2_sub_integ(fp2_t c, fp2_t a, fp2_t b) { +void fp2_sub_integ(fp2_t c, const fp2_t a, const fp2_t b) { fp2_subm_low(c, a, b); } -void fp2_dbl_integ(fp2_t c, fp2_t a) { +void fp2_dbl_integ(fp2_t c, const fp2_t a) { fp2_dblm_low(c, a); } @@ -82,26 +82,26 @@ void fp2_sub_dig(fp2_t c, const fp2_t a, dig_t dig) { fp_copy(c[1], a[1]); } -void fp2_neg(fp2_t c, fp2_t a) { +void fp2_neg(fp2_t c, const fp2_t a) { fp_neg(c[0], a[0]); fp_neg(c[1], a[1]); } #if FPX_CBC == BASIC || !defined(STRIP) -void fp3_add_basic(fp3_t c, fp3_t a, fp3_t b) { +void fp3_add_basic(fp3_t c, const fp3_t a, const fp3_t b) { fp_add(c[0], a[0], b[0]); fp_add(c[1], a[1], b[1]); fp_add(c[2], a[2], b[2]); } -void fp3_sub_basic(fp3_t c, fp3_t a, fp3_t b) { +void fp3_sub_basic(fp3_t c, const fp3_t a, const fp3_t b) { fp_sub(c[0], a[0], b[0]); fp_sub(c[1], a[1], b[1]); fp_sub(c[2], a[2], b[2]); } -void fp3_dbl_basic(fp3_t c, fp3_t a) { +void fp3_dbl_basic(fp3_t c, const fp3_t a) { /* 2 * (a_0 + a_1 * u) = 2 * a_0 + 2 * a_1 * u. */ fp_dbl(c[0], a[0]); fp_dbl(c[1], a[1]); @@ -110,7 +110,7 @@ void fp3_dbl_basic(fp3_t c, fp3_t a) { #endif -void fp3_neg(fp3_t c, fp3_t a) { +void fp3_neg(fp3_t c, const fp3_t a) { fp_neg(c[0], a[0]); fp_neg(c[1], a[1]); fp_neg(c[2], a[2]); @@ -118,212 +118,212 @@ void fp3_neg(fp3_t c, fp3_t a) { #if FPX_CBC == INTEG || !defined(STRIP) -void fp3_add_integ(fp3_t c, fp3_t a, fp3_t b) { +void fp3_add_integ(fp3_t c, const fp3_t a, const fp3_t b) { fp3_addm_low(c, a, b); } -void fp3_sub_integ(fp3_t c, fp3_t a, fp3_t b) { +void fp3_sub_integ(fp3_t c, const fp3_t a, const fp3_t b) { fp3_subm_low(c, a, b); } -void fp3_dbl_integ(fp3_t c, fp3_t a) { +void fp3_dbl_integ(fp3_t c, const fp3_t a) { fp3_dblm_low(c, a); } #endif -void fp4_add(fp4_t c, fp4_t a, fp4_t b) { +void fp4_add(fp4_t c, const fp4_t a, const fp4_t b) { fp2_add(c[0], a[0], b[0]); fp2_add(c[1], a[1], b[1]); } -void fp4_sub(fp4_t c, fp4_t a, fp4_t b) { +void fp4_sub(fp4_t c, const fp4_t a, const fp4_t b) { fp2_sub(c[0], a[0], b[0]); fp2_sub(c[1], a[1], b[1]); } -void fp4_dbl(fp4_t c, fp4_t a) { +void fp4_dbl(fp4_t c, const fp4_t a) { /* 2 * (a_0 + a_1 * v + a_2 * v^2) = 2 * a_0 + 2 * a_1 * v + 2 * a_2 * v^2. */ fp2_dbl(c[0], a[0]); fp2_dbl(c[1], a[1]); } -void fp4_neg(fp4_t c, fp4_t a) { +void fp4_neg(fp4_t c, const fp4_t a) { fp2_neg(c[0], a[0]); fp2_neg(c[1], a[1]); } -void fp6_add(fp6_t c, fp6_t a, fp6_t b) { +void fp6_add(fp6_t c, const fp6_t a, const fp6_t b) { fp2_add(c[0], a[0], b[0]); fp2_add(c[1], a[1], b[1]); fp2_add(c[2], a[2], b[2]); } -void fp6_sub(fp6_t c, fp6_t a, fp6_t b) { +void fp6_sub(fp6_t c, const fp6_t a, const fp6_t b) { fp2_sub(c[0], a[0], b[0]); fp2_sub(c[1], a[1], b[1]); fp2_sub(c[2], a[2], b[2]); } -void fp6_dbl(fp6_t c, fp6_t a) { +void fp6_dbl(fp6_t c, const fp6_t a) { fp2_dbl(c[0], a[0]); fp2_dbl(c[1], a[1]); fp2_dbl(c[2], a[2]); } -void fp6_neg(fp6_t c, fp6_t a) { +void fp6_neg(fp6_t c, const fp6_t a) { fp2_neg(c[0], a[0]); fp2_neg(c[1], a[1]); fp2_neg(c[2], a[2]); } -void fp8_add(fp8_t c, fp8_t a, fp8_t b) { +void fp8_add(fp8_t c, const fp8_t a, const fp8_t b) { fp4_add(c[0], a[0], b[0]); fp4_add(c[1], a[1], b[1]); } -void fp8_sub(fp8_t c, fp8_t a, fp8_t b) { +void fp8_sub(fp8_t c, const fp8_t a, const fp8_t b) { fp4_sub(c[0], a[0], b[0]); fp4_sub(c[1], a[1], b[1]); } -void fp8_dbl(fp8_t c, fp8_t a) { +void fp8_dbl(fp8_t c, const fp8_t a) { fp4_dbl(c[0], a[0]); fp4_dbl(c[1], a[1]); } -void fp8_neg(fp8_t c, fp8_t a) { +void fp8_neg(fp8_t c, const fp8_t a) { fp4_neg(c[0], a[0]); fp4_neg(c[1], a[1]); } -void fp9_add(fp9_t c, fp9_t a, fp9_t b) { +void fp9_add(fp9_t c, const fp9_t a, const fp9_t b) { fp3_add(c[0], a[0], b[0]); fp3_add(c[1], a[1], b[1]); fp3_add(c[2], a[2], b[2]); } -void fp9_sub(fp9_t c, fp9_t a, fp9_t b) { +void fp9_sub(fp9_t c, const fp9_t a, const fp9_t b) { fp3_sub(c[0], a[0], b[0]); fp3_sub(c[1], a[1], b[1]); fp3_sub(c[2], a[2], b[2]); } -void fp9_dbl(fp9_t c, fp9_t a) { +void fp9_dbl(fp9_t c, const fp9_t a) { fp3_dbl(c[0], a[0]); fp3_dbl(c[1], a[1]); fp3_dbl(c[2], a[2]); } -void fp9_neg(fp9_t c, fp9_t a) { +void fp9_neg(fp9_t c, const fp9_t a) { fp3_neg(c[0], a[0]); fp3_neg(c[1], a[1]); fp3_neg(c[2], a[2]); } -void fp12_add(fp12_t c, fp12_t a, fp12_t b) { +void fp12_add(fp12_t c, const fp12_t a, const fp12_t b) { fp6_add(c[0], a[0], b[0]); fp6_add(c[1], a[1], b[1]); } -void fp12_sub(fp12_t c, fp12_t a, fp12_t b) { +void fp12_sub(fp12_t c, const fp12_t a, const fp12_t b) { fp6_sub(c[0], a[0], b[0]); fp6_sub(c[1], a[1], b[1]); } -void fp12_neg(fp12_t c, fp12_t a) { +void fp12_neg(fp12_t c, const fp12_t a) { fp6_neg(c[0], a[0]); fp6_neg(c[1], a[1]); } -void fp12_dbl(fp12_t c, fp12_t a) { +void fp12_dbl(fp12_t c, const fp12_t a) { fp6_dbl(c[0], a[0]); fp6_dbl(c[1], a[1]); } -void fp18_add(fp18_t c, fp18_t a, fp18_t b) { +void fp18_add(fp18_t c, const fp18_t a, const fp18_t b) { fp9_add(c[0], a[0], b[0]); fp9_add(c[1], a[1], b[1]); } -void fp18_sub(fp18_t c, fp18_t a, fp18_t b) { +void fp18_sub(fp18_t c, const fp18_t a, const fp18_t b) { fp9_sub(c[0], a[0], b[0]); fp9_sub(c[1], a[1], b[1]); } -void fp18_dbl(fp18_t c, fp18_t a) { +void fp18_dbl(fp18_t c, const fp18_t a) { fp9_dbl(c[0], a[0]); fp9_dbl(c[1], a[1]); } -void fp18_neg(fp18_t c, fp18_t a) { +void fp18_neg(fp18_t c, const fp18_t a) { fp9_neg(c[0], a[0]); fp9_neg(c[1], a[1]); } -void fp24_add(fp24_t c, fp24_t a, fp24_t b) { +void fp24_add(fp24_t c, const fp24_t a, const fp24_t b) { fp8_add(c[0], a[0], b[0]); fp8_add(c[1], a[1], b[1]); fp8_add(c[2], a[2], b[2]); } -void fp24_sub(fp24_t c, fp24_t a, fp24_t b) { +void fp24_sub(fp24_t c, const fp24_t a, const fp24_t b) { fp8_sub(c[0], a[0], b[0]); fp8_sub(c[1], a[1], b[1]); fp8_sub(c[2], a[2], b[2]); } -void fp24_neg(fp24_t c, fp24_t a) { +void fp24_neg(fp24_t c, const fp24_t a) { fp8_neg(c[0], a[0]); fp8_neg(c[1], a[1]); fp8_neg(c[2], a[2]); } -void fp24_dbl(fp24_t c, fp24_t a) { +void fp24_dbl(fp24_t c, const fp24_t a) { fp8_dbl(c[0], a[0]); fp8_dbl(c[1], a[1]); fp8_dbl(c[2], a[2]); } -void fp48_add(fp48_t c, fp48_t a, fp48_t b) { +void fp48_add(fp48_t c, const fp48_t a, const fp48_t b) { fp24_add(c[0], a[0], b[0]); fp24_add(c[1], a[1], b[1]); } -void fp48_sub(fp48_t c, fp48_t a, fp48_t b) { +void fp48_sub(fp48_t c, const fp48_t a, const fp48_t b) { fp24_sub(c[0], a[0], b[0]); fp24_sub(c[1], a[1], b[1]); } -void fp48_neg(fp48_t c, fp48_t a) { +void fp48_neg(fp48_t c, const fp48_t a) { fp24_neg(c[0], a[0]); fp24_neg(c[1], a[1]); } -void fp48_dbl(fp48_t c, fp48_t a) { +void fp48_dbl(fp48_t c, const fp48_t a) { fp24_dbl(c[0], a[0]); fp24_dbl(c[1], a[1]); } -void fp54_add(fp54_t c, fp54_t a, fp54_t b) { +void fp54_add(fp54_t c, const fp54_t a, const fp54_t b) { fp18_add(c[0], a[0], b[0]); fp18_add(c[1], a[1], b[1]); fp18_add(c[2], a[2], b[2]); } -void fp54_sub(fp54_t c, fp54_t a, fp54_t b) { +void fp54_sub(fp54_t c, const fp54_t a, const fp54_t b) { fp18_sub(c[0], a[0], b[0]); fp18_sub(c[1], a[1], b[1]); fp18_sub(c[2], a[2], b[2]); } -void fp54_neg(fp54_t c, fp54_t a) { +void fp54_neg(fp54_t c, const fp54_t a) { fp18_neg(c[0], a[0]); fp18_neg(c[1], a[1]); fp18_neg(c[2], a[2]); } -void fp54_dbl(fp54_t c, fp54_t a) { +void fp54_dbl(fp54_t c, const fp54_t a) { fp18_dbl(c[0], a[0]); fp18_dbl(c[1], a[1]); fp18_dbl(c[2], a[2]); diff --git a/src/fpx/relic_fpx_cmp.c b/src/fpx/relic_fpx_cmp.c index d10dd2d96..9655fccd5 100644 --- a/src/fpx/relic_fpx_cmp.c +++ b/src/fpx/relic_fpx_cmp.c @@ -36,112 +36,112 @@ /* Public definitions */ /*============================================================================*/ -int fp2_cmp(fp2_t a, fp2_t b) { +int fp2_cmp(const fp2_t a, const fp2_t b) { return (fp_cmp(a[0], b[0]) == RLC_EQ) && (fp_cmp(a[1], b[1]) == RLC_EQ) ? RLC_EQ : RLC_NE; } -int fp2_cmp_dig(fp2_t a, dig_t b) { +int fp2_cmp_dig(const fp2_t a, const dig_t b) { return (fp_cmp_dig(a[0], b) == RLC_EQ) && fp_is_zero(a[1]) ? RLC_EQ : RLC_NE; } -int fp3_cmp(fp3_t a, fp3_t b) { +int fp3_cmp(const fp3_t a, const fp3_t b) { return (fp_cmp(a[0], b[0]) == RLC_EQ) && (fp_cmp(a[1], b[1]) == RLC_EQ) && (fp_cmp(a[2], b[2]) == RLC_EQ) ? RLC_EQ : RLC_NE; } -int fp3_cmp_dig(fp3_t a, dig_t b) { +int fp3_cmp_dig(const fp3_t a, const dig_t b) { return (fp_cmp_dig(a[0], b) == RLC_EQ) && fp_is_zero(a[1]) && fp_is_zero(a[2]) ? RLC_EQ : RLC_NE; } -int fp4_cmp(fp4_t a, fp4_t b) { +int fp4_cmp(const fp4_t a, const fp4_t b) { return (fp2_cmp(a[0], b[0]) == RLC_EQ) && (fp2_cmp(a[1], b[1]) == RLC_EQ) ? RLC_EQ : RLC_NE; } -int fp4_cmp_dig(fp4_t a, dig_t b) { +int fp4_cmp_dig(const fp4_t a, const dig_t b) { return (fp2_cmp_dig(a[0], b) == RLC_EQ) && fp2_is_zero(a[1]) ? RLC_EQ : RLC_NE; } -int fp6_cmp(fp6_t a, fp6_t b) { +int fp6_cmp(const fp6_t a, const fp6_t b) { return (fp2_cmp(a[0], b[0]) == RLC_EQ) && (fp2_cmp(a[1], b[1]) == RLC_EQ) && (fp2_cmp(a[2], b[2]) == RLC_EQ) ? RLC_EQ : RLC_NE; } -int fp6_cmp_dig(fp6_t a, dig_t b) { +int fp6_cmp_dig(const fp6_t a, const dig_t b) { return (fp2_cmp_dig(a[0], b) == RLC_EQ) && fp2_is_zero(a[1]) && fp2_is_zero(a[2]) ? RLC_EQ : RLC_NE; } -int fp9_cmp(fp9_t a, fp9_t b) { +int fp9_cmp(const fp9_t a, const fp9_t b) { return (fp3_cmp(a[0], b[0]) == RLC_EQ) && (fp3_cmp(a[1], b[1]) == RLC_EQ) && (fp3_cmp(a[2], b[2]) == RLC_EQ) ? RLC_EQ : RLC_NE; } -int fp9_cmp_dig(fp9_t a, dig_t b) { +int fp9_cmp_dig(const fp9_t a, const dig_t b) { return (fp3_cmp_dig(a[0], b) == RLC_EQ) && fp3_is_zero(a[1]) && fp3_is_zero(a[2]) ? RLC_EQ : RLC_NE; } -int fp8_cmp(fp8_t a, fp8_t b) { +int fp8_cmp(const fp8_t a, const fp8_t b) { return (fp4_cmp(a[0], b[0]) == RLC_EQ) && (fp4_cmp(a[1], b[1]) == RLC_EQ) ? RLC_EQ : RLC_NE; } -int fp8_cmp_dig(fp8_t a, dig_t b) { +int fp8_cmp_dig(const fp8_t a, const dig_t b) { return (fp4_cmp_dig(a[0], b) == RLC_EQ) && fp4_is_zero(a[1]) ? RLC_EQ : RLC_NE; } -int fp12_cmp(fp12_t a, fp12_t b) { +int fp12_cmp(const fp12_t a, const fp12_t b) { return (fp6_cmp(a[0], b[0]) == RLC_EQ) && (fp6_cmp(a[1], b[1]) == RLC_EQ) ? RLC_EQ : RLC_NE; } -int fp12_cmp_dig(fp12_t a, dig_t b) { +int fp12_cmp_dig(const fp12_t a, const dig_t b) { return (fp6_cmp_dig(a[0], b) == RLC_EQ) && fp6_is_zero(a[1]) ? RLC_EQ : RLC_NE; } -int fp18_cmp(fp18_t a, fp18_t b) { +int fp18_cmp(const fp18_t a, const fp18_t b) { return (fp9_cmp(a[0], b[0]) == RLC_EQ) && (fp9_cmp(a[1], b[1]) == RLC_EQ) ? RLC_EQ : RLC_NE; } -int fp18_cmp_dig(fp18_t a, dig_t b) { +int fp18_cmp_dig(const fp18_t a, const dig_t b) { return (fp9_cmp_dig(a[0], b) == RLC_EQ) && fp9_is_zero(a[1]) ? RLC_EQ : RLC_NE; } -int fp24_cmp(fp24_t a, fp24_t b) { +int fp24_cmp(const fp24_t a, const fp24_t b) { return (fp8_cmp(a[0], b[0]) == RLC_EQ) && (fp8_cmp(a[1], b[1]) == RLC_EQ) && (fp8_cmp(a[2], b[2]) == RLC_EQ) ? RLC_EQ : RLC_NE; } -int fp24_cmp_dig(fp24_t a, dig_t b) { +int fp24_cmp_dig(const fp24_t a, const dig_t b) { return (fp8_cmp_dig(a[0], b) == RLC_EQ) && fp8_is_zero(a[1]) && fp8_is_zero(a[2]) ? RLC_EQ : RLC_NE; } -int fp48_cmp(fp48_t a, fp48_t b) { +int fp48_cmp(const fp48_t a, const fp48_t b) { return (fp24_cmp(a[0], b[0]) == RLC_EQ) && (fp24_cmp(a[1], b[1]) == RLC_EQ) ? RLC_EQ : RLC_NE; } -int fp48_cmp_dig(fp48_t a, dig_t b) { +int fp48_cmp_dig(const fp48_t a, const dig_t b) { return (fp24_cmp_dig(a[0], b) == RLC_EQ) && fp24_is_zero(a[1]) ? RLC_EQ : RLC_NE; } -int fp54_cmp(fp54_t a, fp54_t b) { +int fp54_cmp(const fp54_t a, const fp54_t b) { return (fp18_cmp(a[0], b[0]) == RLC_EQ) && (fp18_cmp(a[1], b[1]) == RLC_EQ) && (fp18_cmp(a[2], b[2]) == RLC_EQ) ? RLC_EQ : RLC_NE; } -int fp54_cmp_dig(fp54_t a, dig_t b) { +int fp54_cmp_dig(const fp54_t a, const dig_t b) { return (fp18_cmp_dig(a[0], b) == RLC_EQ) && fp18_is_zero(a[1]) && fp18_is_zero(a[2]) ? RLC_EQ : RLC_NE; } diff --git a/src/fpx/relic_fpx_cyc.c b/src/fpx/relic_fpx_cyc.c index 5f8e0310f..459c195d9 100644 --- a/src/fpx/relic_fpx_cyc.c +++ b/src/fpx/relic_fpx_cyc.c @@ -36,7 +36,7 @@ /* Public definitions */ /*============================================================================*/ -void fp2_conv_cyc(fp2_t c, fp2_t a) { +void fp2_conv_cyc(fp2_t c, const fp2_t a) { fp2_t t; fp2_null(t); @@ -59,7 +59,7 @@ void fp2_conv_cyc(fp2_t c, fp2_t a) { } } -int fp2_test_cyc(fp2_t a) { +int fp2_test_cyc(const fp2_t a) { fp2_t t; int result = 0; @@ -81,7 +81,7 @@ int fp2_test_cyc(fp2_t a) { return result; } -void fp2_exp_cyc(fp2_t c, fp2_t a, bn_t b) { +void fp2_exp_cyc(fp2_t c, const fp2_t a, const bn_t b) { fp2_t r, s, t[1 << (FP_WIDTH - 2)]; int i, l; int8_t naf[RLC_FP_BITS + 1], *k; @@ -146,7 +146,7 @@ void fp2_exp_cyc(fp2_t c, fp2_t a, bn_t b) { } } -void fp8_conv_cyc(fp8_t c, fp8_t a) { +void fp8_conv_cyc(fp8_t c, const fp8_t a) { fp8_t t; fp8_null(t); @@ -169,7 +169,7 @@ void fp8_conv_cyc(fp8_t c, fp8_t a) { } } -int fp8_test_cyc(fp8_t a) { +int fp8_test_cyc(const fp8_t a) { fp8_t t; int result = 0; @@ -191,7 +191,7 @@ int fp8_test_cyc(fp8_t a) { return result; } -void fp8_exp_cyc(fp8_t c, fp8_t a, bn_t b) { +void fp8_exp_cyc(fp8_t c, const fp8_t a, const bn_t b) { fp8_t r, s, t[1 << (FP_WIDTH - 2)]; int i, l; int8_t naf[RLC_FP_BITS + 1], *k; @@ -256,7 +256,7 @@ void fp8_exp_cyc(fp8_t c, fp8_t a, bn_t b) { } } -void fp12_conv_cyc(fp12_t c, fp12_t a) { +void fp12_conv_cyc(fp12_t c, const fp12_t a) { fp12_t t; fp12_null(t); @@ -287,7 +287,7 @@ void fp12_conv_cyc(fp12_t c, fp12_t a) { } } -int fp12_test_cyc(fp12_t a) { +int fp12_test_cyc(const fp12_t a) { fp12_t t0, t1; int result = 0; @@ -316,7 +316,7 @@ int fp12_test_cyc(fp12_t a) { return result; } -void fp12_back_cyc(fp12_t c, fp12_t a) { +void fp12_back_cyc(fp12_t c, const fp12_t a) { fp2_t t0, t1, t2; fp2_null(t0); @@ -328,19 +328,27 @@ void fp12_back_cyc(fp12_t c, fp12_t a) { fp2_new(t1); fp2_new(t2); - /* t0 = g4^2. */ - fp2_sqr(t0, a[0][1]); - /* t1 = 3 * g4^2 - 2 * g3. */ - fp2_sub(t1, t0, a[0][2]); - fp2_dbl(t1, t1); - fp2_add(t1, t1, t0); - /* t0 = E * g5^2 + t1. */ - fp2_sqr(t2, a[1][2]); - fp2_mul_nor(t0, t2); - fp2_add(t0, t0, t1); - /* t1 = 1/(4 * g2). */ - fp2_dbl(t1, a[1][0]); - fp2_dbl(t1, t1); + if (fp2_is_zero(a[1][0])) { + /* t0 = 2 * g4 * g5 */ + fp2_mul(t0, a[0][1], a[1][2]); + fp2_dbl(t0, t0); + fp2_copy(t1, a[0][2]); + } else { + /* t0 = g4^2. */ + fp2_sqr(t0, a[0][1]); + /* t1 = 3 * g4^2 - 2 * g3. */ + fp2_sub(t1, t0, a[0][2]); + fp2_dbl(t1, t1); + fp2_add(t1, t1, t0); + /* t0 = E * g5^2 + t1. */ + fp2_sqr(t2, a[1][2]); + fp2_mul_nor(t0, t2); + fp2_add(t0, t0, t1); + /* t1 = 1/(4 * g2). */ + fp2_dbl(t1, a[1][0]); + fp2_dbl(t1, t1); + } + fp2_inv(t1, t1); /* c_1 = g1. */ fp2_mul(c[1][1], t0, t1); @@ -374,7 +382,7 @@ void fp12_back_cyc(fp12_t c, fp12_t a) { } } -void fp12_back_cyc_sim(fp12_t c[], fp12_t a[], int n) { +void fp12_back_cyc_sim(fp12_t c[], const fp12_t a[], int n) { fp2_t *t = RLC_ALLOCA(fp2_t, n * 3); fp2_t *t0 = t + 0 * n, @@ -400,19 +408,27 @@ void fp12_back_cyc_sim(fp12_t c[], fp12_t a[], int n) { } for (int i = 0; i < n; i++) { - /* t0 = g4^2. */ - fp2_sqr(t0[i], a[i][0][1]); - /* t1 = 3 * g4^2 - 2 * g3. */ - fp2_sub(t1[i], t0[i], a[i][0][2]); - fp2_dbl(t1[i], t1[i]); - fp2_add(t1[i], t1[i], t0[i]); - /* t0 = E * g5^2 + t1. */ - fp2_sqr(t2[i], a[i][1][2]); - fp2_mul_nor(t0[i], t2[i]); - fp2_add(t0[i], t0[i], t1[i]); - /* t1 = (4 * g2). */ - fp2_dbl(t1[i], a[i][1][0]); - fp2_dbl(t1[i], t1[i]); + /* TODO: make this constant time. */ + if (fp2_is_zero(a[i][1][0])) { + /* t0 = 2 * g4 * g5 */ + fp2_mul(t0[i], a[i][0][1], a[i][1][2]); + fp2_dbl(t0[i], t0[i]); + fp2_copy(t1[i], a[i][0][2]); + } else { + /* t0 = g4^2. */ + fp2_sqr(t0[i], a[i][0][1]); + /* t1 = 3 * g4^2 - 2 * g3. */ + fp2_sub(t1[i], t0[i], a[i][0][2]); + fp2_dbl(t1[i], t1[i]); + fp2_add(t1[i], t1[i], t0[i]); + /* t0 = E * g5^2 + t1. */ + fp2_sqr(t2[i], a[i][1][2]); + fp2_mul_nor(t0[i], t2[i]); + fp2_add(t0[i], t0[i], t1[i]); + /* t1 = (4 * g2). */ + fp2_dbl(t1[i], a[i][1][0]); + fp2_dbl(t1[i], t1[i]); + } } /* t1 = 1 / t1. */ @@ -453,7 +469,7 @@ void fp12_back_cyc_sim(fp12_t c[], fp12_t a[], int n) { } } -void fp12_exp_cyc(fp12_t c, fp12_t a, bn_t b) { +void fp12_exp_cyc(fp12_t c, const fp12_t a, const bn_t b) { int i, j, k, l, w = bn_ham(b); if (bn_is_zero(b)) { @@ -481,8 +497,7 @@ void fp12_exp_cyc(fp12_t c, fp12_t a, bn_t b) { ep_curve_get_ord(n); fp_prime_get_par(u); - bn_rec_frb(_b, 4, b, u, n, ep_curve_is_pairf() == EP_B12 || - ep_curve_is_pairf() == EP_B24 || ep_curve_is_pairf() == EP_B48); + bn_rec_frb(_b, 4, b, u, n, ep_curve_is_pairf() == EP_BN); if (ep_curve_is_pairf()) { fp12_copy(t[0], a); @@ -602,7 +617,7 @@ void fp12_exp_cyc(fp12_t c, fp12_t a, bn_t b) { } } -void fp2_exp_cyc_sim(fp2_t e, fp2_t a, bn_t b, fp2_t c, bn_t d) { +void fp2_exp_cyc_sim(fp2_t e, const fp2_t a, const bn_t b, const fp2_t c, const bn_t d) { int i, l, n0, n1, l0, l1; int8_t naf0[RLC_FP_BITS + 1], naf1[RLC_FP_BITS + 1], *_k, *_m; fp2_t r, t0[1 << (EP_WIDTH - 2)]; @@ -703,7 +718,7 @@ void fp2_exp_cyc_sim(fp2_t e, fp2_t a, bn_t b, fp2_t c, bn_t d) { } -void fp12_exp_cyc_sim(fp12_t e, fp12_t a, bn_t b, fp12_t c, bn_t d) { +void fp12_exp_cyc_sim(fp12_t e, const fp12_t a, const bn_t b, const fp12_t c, const bn_t d) { int i, j, l; bn_t _b[4], _d[4], n, x; fp12_t t[4], u[4]; @@ -735,8 +750,8 @@ void fp12_exp_cyc_sim(fp12_t e, fp12_t a, bn_t b, fp12_t c, bn_t d) { ep_curve_get_ord(n); fp_prime_get_par(x); - bn_rec_frb(_b, 4, b, x, n, ep_curve_is_pairf() == EP_B12); - bn_rec_frb(_d, 4, d, x, n, ep_curve_is_pairf() == EP_B12); + bn_rec_frb(_b, 4, b, x, n, ep_curve_is_pairf() == EP_BN); + bn_rec_frb(_d, 4, d, x, n, ep_curve_is_pairf() == EP_BN); if (ep_curve_is_pairf()) { for (i = 0; i < 4; i++) { @@ -805,7 +820,7 @@ void fp12_exp_cyc_sim(fp12_t e, fp12_t a, bn_t b, fp12_t c, bn_t d) { } } -void fp12_exp_cyc_sps(fp12_t c, fp12_t a, const int *b, int len, int sign) { +void fp12_exp_cyc_sps(fp12_t c, const fp12_t a, const int *b, int len, int sign) { int i, j, k, w = len; fp12_t t, *u = RLC_ALLOCA(fp12_t, w); @@ -884,7 +899,7 @@ void fp12_exp_cyc_sps(fp12_t c, fp12_t a, const int *b, int len, int sign) { } } -void fp24_conv_cyc(fp24_t c, fp24_t a) { +void fp24_conv_cyc(fp24_t c, const fp24_t a) { fp24_t t; fp24_null(t); @@ -915,7 +930,7 @@ void fp24_conv_cyc(fp24_t c, fp24_t a) { } } -int fp24_test_cyc(fp24_t a) { +int fp24_test_cyc(const fp24_t a) { fp24_t t0, t1; int result = 0; @@ -944,7 +959,7 @@ int fp24_test_cyc(fp24_t a) { return result; } -void fp24_back_cyc(fp24_t c, fp24_t a) { +void fp24_back_cyc(fp24_t c, const fp24_t a) { fp4_t t0, t1, t2; fp4_null(t0); @@ -1002,7 +1017,7 @@ void fp24_back_cyc(fp24_t c, fp24_t a) { } } -void fp24_back_cyc_sim(fp24_t c[], fp24_t a[], int n) { +void fp24_back_cyc_sim(fp24_t c[], const fp24_t a[], int n) { fp4_t *t = RLC_ALLOCA(fp4_t, n * 3); fp4_t *t0 = t + 0 * n, @@ -1081,7 +1096,7 @@ void fp24_back_cyc_sim(fp24_t c[], fp24_t a[], int n) { } } -void fp24_exp_cyc(fp24_t c, fp24_t a, bn_t b) { +void fp24_exp_cyc(fp24_t c, const fp24_t a, const bn_t b) { int i, j, k, w = bn_ham(b); if (bn_is_zero(b)) { @@ -1110,7 +1125,7 @@ void fp24_exp_cyc(fp24_t c, fp24_t a, bn_t b) { ep_curve_get_ord(n); fp_prime_get_par(x); - bn_rec_frb(_b, 8, b, x, n, ep_curve_is_pairf()); + bn_rec_frb(_b, 8, b, x, n, ep_curve_is_pairf() == EP_BN); if (ep_curve_is_pairf()) { l = 0; @@ -1233,7 +1248,7 @@ void fp24_exp_cyc(fp24_t c, fp24_t a, bn_t b) { } } -void fp24_exp_cyc_sim(fp24_t e, fp24_t a, bn_t b, fp24_t c, bn_t d) { +void fp24_exp_cyc_sim(fp24_t e, const fp24_t a, const bn_t b, const fp24_t c, const bn_t d) { int i, l, n0, n1, l0, l1; int8_t naf0[RLC_FP_BITS + 1], naf1[RLC_FP_BITS + 1], *_k, *_m; fp24_t r, t0[1 << (EP_WIDTH - 2)]; @@ -1333,7 +1348,7 @@ void fp24_exp_cyc_sim(fp24_t e, fp24_t a, bn_t b, fp24_t c, bn_t d) { } } -void fp24_exp_cyc_sps(fp24_t c, fp24_t a, const int *b, int len, int sign) { +void fp24_exp_cyc_sps(fp24_t c, const fp24_t a, const int *b, int len, int sign) { int i, j, k, w = len; fp24_t t, *u = RLC_ALLOCA(fp24_t, w); @@ -1412,7 +1427,7 @@ void fp24_exp_cyc_sps(fp24_t c, fp24_t a, const int *b, int len, int sign) { } } -void fp48_conv_cyc(fp48_t c, fp48_t a) { +void fp48_conv_cyc(fp48_t c, const fp48_t a) { fp48_t t; fp48_null(t); @@ -1443,7 +1458,7 @@ void fp48_conv_cyc(fp48_t c, fp48_t a) { } } -int fp48_test_cyc(fp48_t a) { +int fp48_test_cyc(const fp48_t a) { fp48_t t0, t1; int result = 0; @@ -1472,7 +1487,7 @@ int fp48_test_cyc(fp48_t a) { return result; } -void fp48_back_cyc(fp48_t c, fp48_t a) { +void fp48_back_cyc(fp48_t c, const fp48_t a) { fp8_t t0, t1, t2; fp8_null(t0); @@ -1530,7 +1545,7 @@ void fp48_back_cyc(fp48_t c, fp48_t a) { } } -void fp48_back_cyc_sim(fp48_t c[], fp48_t a[], int n) { +void fp48_back_cyc_sim(fp48_t c[], const fp48_t a[], int n) { fp8_t *t = RLC_ALLOCA(fp8_t, n * 3); fp8_t *t0 = t + 0 * n, @@ -1609,7 +1624,7 @@ void fp48_back_cyc_sim(fp48_t c[], fp48_t a[], int n) { } } -void fp48_exp_cyc(fp48_t c, fp48_t a, bn_t b) { +void fp48_exp_cyc(fp48_t c, const fp48_t a, const bn_t b) { int i, j, k, w = bn_ham(b); if (bn_is_zero(b)) { @@ -1704,7 +1719,7 @@ void fp48_exp_cyc(fp48_t c, fp48_t a, bn_t b) { } } -void fp48_exp_cyc_sps(fp48_t c, fp48_t a, const int *b, int len, int sign) { +void fp48_exp_cyc_sps(fp48_t c, const fp48_t a, const int *b, int len, int sign) { int i, j, k, w = len; fp48_t t, *u = RLC_ALLOCA(fp48_t, w); @@ -1783,7 +1798,7 @@ void fp48_exp_cyc_sps(fp48_t c, fp48_t a, const int *b, int len, int sign) { } } -void fp54_conv_cyc(fp54_t c, fp54_t a) { +void fp54_conv_cyc(fp54_t c, const fp54_t a) { fp54_t t; fp54_null(t); @@ -1814,7 +1829,7 @@ void fp54_conv_cyc(fp54_t c, fp54_t a) { } } -int fp54_test_cyc(fp54_t a) { +int fp54_test_cyc(const fp54_t a) { fp54_t t0, t1; int result = 0; @@ -1842,7 +1857,7 @@ int fp54_test_cyc(fp54_t a) { return result; } -void fp54_back_cyc(fp54_t c, fp54_t a) { +void fp54_back_cyc(fp54_t c, const fp54_t a) { fp9_t t0, t1, t2; fp9_null(t0); @@ -1900,7 +1915,7 @@ void fp54_back_cyc(fp54_t c, fp54_t a) { } } -void fp54_back_cyc_sim(fp54_t c[], fp54_t a[], int n) { +void fp54_back_cyc_sim(fp54_t c[], const fp54_t a[], int n) { fp9_t *t = RLC_ALLOCA(fp9_t, n * 3); fp9_t *t0 = t + 0 * n, @@ -1979,7 +1994,7 @@ void fp54_back_cyc_sim(fp54_t c[], fp54_t a[], int n) { } } -void fp54_exp_cyc(fp54_t c, fp54_t a, bn_t b) { +void fp54_exp_cyc(fp54_t c, const fp54_t a, const bn_t b) { int i, j, k, w = bn_ham(b); if (bn_is_zero(b)) { @@ -2075,7 +2090,7 @@ void fp54_exp_cyc(fp54_t c, fp54_t a, bn_t b) { } } -void fp54_exp_cyc_sps(fp54_t c, fp54_t a, const int *b, int len, int sign) { +void fp54_exp_cyc_sps(fp54_t c, const fp54_t a, const int *b, int len, int sign) { int i, j, k, w = len; fp54_t t, *u = RLC_ALLOCA(fp54_t, w); diff --git a/src/fpx/relic_fpx_exp.c b/src/fpx/relic_fpx_exp.c index e559e7ffe..02d4a62c7 100644 --- a/src/fpx/relic_fpx_exp.c +++ b/src/fpx/relic_fpx_exp.c @@ -35,7 +35,7 @@ /* Public definitions */ /*============================================================================*/ -void fp2_exp(fp2_t c, fp2_t a, bn_t b) { +void fp2_exp(fp2_t c, const fp2_t a, const bn_t b) { fp2_t t; if (bn_is_zero(b)) { @@ -70,7 +70,7 @@ void fp2_exp(fp2_t c, fp2_t a, bn_t b) { } } -void fp2_exp_dig(fp2_t c, fp2_t a, dig_t b) { +void fp2_exp_dig(fp2_t c, const fp2_t a, dig_t b) { fp2_t t; if (b == 0) { @@ -101,7 +101,7 @@ void fp2_exp_dig(fp2_t c, fp2_t a, dig_t b) { } } -void fp3_exp(fp3_t c, fp3_t a, bn_t b) { +void fp3_exp(fp3_t c, const fp3_t a, const bn_t b) { fp3_t t; if (bn_is_zero(b)) { @@ -137,7 +137,7 @@ void fp3_exp(fp3_t c, fp3_t a, bn_t b) { } } -void fp4_exp(fp4_t c, fp4_t a, bn_t b) { +void fp4_exp(fp4_t c, const fp4_t a, const bn_t b) { fp4_t t; if (bn_is_zero(b)) { @@ -173,7 +173,7 @@ void fp4_exp(fp4_t c, fp4_t a, bn_t b) { } } -void fp6_exp(fp6_t c, fp6_t a, bn_t b) { +void fp6_exp(fp6_t c, const fp6_t a, const bn_t b) { fp6_t t; if (bn_is_zero(b)) { @@ -209,7 +209,7 @@ void fp6_exp(fp6_t c, fp6_t a, bn_t b) { } } -void fp8_exp(fp8_t c, fp8_t a, bn_t b) { +void fp8_exp(fp8_t c, const fp8_t a, const bn_t b) { fp8_t t; if (bn_is_zero(b)) { @@ -249,7 +249,7 @@ void fp8_exp(fp8_t c, fp8_t a, bn_t b) { } } -void fp9_exp(fp9_t c, fp9_t a, bn_t b) { +void fp9_exp(fp9_t c, const fp9_t a, const bn_t b) { fp9_t t; if (bn_is_zero(b)) { @@ -285,7 +285,7 @@ void fp9_exp(fp9_t c, fp9_t a, bn_t b) { } } -void fp12_exp(fp12_t c, fp12_t a, bn_t b) { +void fp12_exp(fp12_t c, const fp12_t a, const bn_t b) { fp12_t t; if (bn_is_zero(b)) { @@ -325,7 +325,7 @@ void fp12_exp(fp12_t c, fp12_t a, bn_t b) { } } -void fp12_exp_dig(fp12_t c, fp12_t a, dig_t b) { +void fp12_exp_dig(fp12_t c, const fp12_t a, dig_t b) { bn_t _b; fp12_t t, v; int8_t u, naf[RLC_DIG + 1]; @@ -385,7 +385,7 @@ void fp12_exp_dig(fp12_t c, fp12_t a, dig_t b) { } } -void fp18_exp(fp18_t c, fp18_t a, bn_t b) { +void fp18_exp(fp18_t c, const fp18_t a, const bn_t b) { fp18_t t; if (bn_is_zero(b)) { @@ -421,7 +421,7 @@ void fp18_exp(fp18_t c, fp18_t a, bn_t b) { } } -void fp24_exp(fp24_t c, fp24_t a, bn_t b) { +void fp24_exp(fp24_t c, const fp24_t a, const bn_t b) { fp24_t t; if (bn_is_zero(b)) { @@ -457,7 +457,7 @@ void fp24_exp(fp24_t c, fp24_t a, bn_t b) { } } -void fp24_exp_dig(fp24_t c, fp24_t a, dig_t b) { +void fp24_exp_dig(fp24_t c, const fp24_t a, dig_t b) { bn_t _b; fp24_t t, v; int8_t u, naf[RLC_DIG + 1]; @@ -517,7 +517,7 @@ void fp24_exp_dig(fp24_t c, fp24_t a, dig_t b) { } } -void fp48_exp(fp48_t c, fp48_t a, bn_t b) { +void fp48_exp(fp48_t c, const fp48_t a, const bn_t b) { fp48_t t; if (bn_is_zero(b)) { @@ -557,7 +557,7 @@ void fp48_exp(fp48_t c, fp48_t a, bn_t b) { } } -void fp48_exp_dig(fp48_t c, fp48_t a, dig_t b) { +void fp48_exp_dig(fp48_t c, const fp48_t a, dig_t b) { bn_t _b; fp48_t t, v; int8_t u, naf[RLC_DIG + 1]; @@ -617,7 +617,7 @@ void fp48_exp_dig(fp48_t c, fp48_t a, dig_t b) { } } -void fp54_exp(fp54_t c, fp54_t a, bn_t b) { +void fp54_exp(fp54_t c, const fp54_t a, const bn_t b) { fp54_t t; if (bn_is_zero(b)) { @@ -653,7 +653,7 @@ void fp54_exp(fp54_t c, fp54_t a, bn_t b) { } } -void fp54_exp_dig(fp54_t c, fp54_t a, dig_t b) { +void fp54_exp_dig(fp54_t c, const fp54_t a, dig_t b) { bn_t _b; fp54_t t, v; int8_t u, naf[RLC_DIG + 1]; diff --git a/src/fpx/relic_fpx_field.c b/src/fpx/relic_fpx_field.c index 92d9557e3..e4f039624 100644 --- a/src/fpx/relic_fpx_field.c +++ b/src/fpx/relic_fpx_field.c @@ -242,8 +242,15 @@ void fp4_field_init() { bn_sub_dig(e, e, 1); bn_div_dig(e, e, 6); fp4_exp(t0, t0, e); - fp_copy(ctx->fp4_p1[0], t0[1][0]); - fp_copy(ctx->fp4_p1[1], t0[1][1]); + if (fp2_is_zero(t0[1])) { + ctx->frb4 = 0; + fp_copy(ctx->fp4_p1[0], t0[0][0]); + fp_copy(ctx->fp4_p1[1], t0[0][1]); + } else { + ctx->frb4 = 1; + fp_copy(ctx->fp4_p1[0], t0[1][0]); + fp_copy(ctx->fp4_p1[1], t0[1][1]); + } } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { diff --git a/src/fpx/relic_fpx_frb.c b/src/fpx/relic_fpx_frb.c index 2f16e6657..970671bfe 100644 --- a/src/fpx/relic_fpx_frb.c +++ b/src/fpx/relic_fpx_frb.c @@ -36,7 +36,7 @@ /* Public definitions */ /*============================================================================*/ -void fp2_frb(fp2_t c, fp2_t a, int i) { +void fp2_frb(fp2_t c, const fp2_t a, int i) { switch (i % 2) { case 0: fp2_copy(c, a); @@ -49,7 +49,7 @@ void fp2_frb(fp2_t c, fp2_t a, int i) { } } -void fp3_frb(fp3_t c, fp3_t a, int i) { +void fp3_frb(fp3_t c, const fp3_t a, int i) { fp3_copy(c, a); switch (i % 3) { case 1: @@ -61,7 +61,7 @@ void fp3_frb(fp3_t c, fp3_t a, int i) { } } -void fp4_frb(fp4_t c, fp4_t a, int i) { +void fp4_frb(fp4_t c, const fp4_t a, int i) { /* Cost of a single multiplication in Fp^2 per Frobenius. */ fp4_copy(c, a); for (; i % 4 > 0; i--) { @@ -71,7 +71,7 @@ void fp4_frb(fp4_t c, fp4_t a, int i) { } } -void fp6_frb(fp6_t c, fp6_t a, int i) { +void fp6_frb(fp6_t c, const fp6_t a, int i) { /* Cost of two multiplication in Fp^2 per Frobenius. */ fp6_copy(c, a); for (; i % 6 > 0; i--) { @@ -83,7 +83,7 @@ void fp6_frb(fp6_t c, fp6_t a, int i) { } } -void fp8_frb(fp8_t c, fp8_t a, int i) { +void fp8_frb(fp8_t c, const fp8_t a, int i) { /* Cost of four multiplication in Fp^2 per Frobenius. */ fp8_copy(c, a); for (; i % 8 > 0; i--) { @@ -91,13 +91,13 @@ void fp8_frb(fp8_t c, fp8_t a, int i) { fp4_frb(c[1], c[1], 1); fp2_mul_frb(c[1][0], c[1][0], 2, 1); fp2_mul_frb(c[1][1], c[1][1], 2, 1); - if (fp_prime_get_mod8() != 1) { + if (fp_prime_get_mod8() != 1 && fp_prime_get_mod8() != 5) { fp4_mul_art(c[1], c[1]); } } } -void fp9_frb(fp9_t c, fp9_t a, int i) { +void fp9_frb(fp9_t c, const fp9_t a, int i) { /* Cost of two multiplication in Fp^3 per Frobenius. */ fp9_copy(c, a); for (; i % 9 > 0; i--) { @@ -109,7 +109,7 @@ void fp9_frb(fp9_t c, fp9_t a, int i) { } } -void fp12_frb(fp12_t c, fp12_t a, int i) { +void fp12_frb(fp12_t c, const fp12_t a, int i) { /* Cost of five multiplication in Fp^2 per Frobenius. */ fp12_copy(c, a); for (; i % 12 > 0; i--) { @@ -123,7 +123,7 @@ void fp12_frb(fp12_t c, fp12_t a, int i) { } } -void fp18_frb(fp18_t c, fp18_t a, int i) { +void fp18_frb(fp18_t c, const fp18_t a, int i) { /* Cost of five multiplication in Fp^2 per Frobenius. */ fp18_copy(c, a); for (; i % 18 > 0; i--) { @@ -137,7 +137,7 @@ void fp18_frb(fp18_t c, fp18_t a, int i) { } } -void fp24_frb(fp24_t c, fp24_t a, int i) { +void fp24_frb(fp24_t c, const fp24_t a, int i) { /* Cost of 20 multiplication in Fp^2 per Frobenius. */ fp24_copy(c, a); for (; i % 24 > 0; i--) { @@ -156,7 +156,7 @@ void fp24_frb(fp24_t c, fp24_t a, int i) { } } -void fp48_frb(fp48_t c, fp48_t a, int i) { +void fp48_frb(fp48_t c, const fp48_t a, int i) { /* Cost of 52 multiplication in Fp^2 per Frobenius. */ fp48_copy(c, a); for (; i % 48 > 0; i--) { @@ -178,7 +178,7 @@ void fp48_frb(fp48_t c, fp48_t a, int i) { } } -void fp54_frb(fp54_t c, fp54_t a, int i) { +void fp54_frb(fp54_t c, const fp54_t a, int i) { /* Cost of 20 multiplication in Fp^2 per Frobenius. */ fp54_copy(c, a); for (; i % 54 > 0; i--) { diff --git a/src/fpx/relic_fpx_inv.c b/src/fpx/relic_fpx_inv.c index b279f879c..1ffe85d37 100644 --- a/src/fpx/relic_fpx_inv.c +++ b/src/fpx/relic_fpx_inv.c @@ -36,7 +36,7 @@ /* Public definitions */ /*============================================================================*/ -void fp2_inv(fp2_t c, fp2_t a) { +void fp2_inv(fp2_t c, const fp2_t a) { fp_t t0, t1; fp_null(t0); @@ -89,12 +89,12 @@ void fp2_inv(fp2_t c, fp2_t a) { } } -void fp2_inv_cyc(fp2_t c, fp2_t a) { +void fp2_inv_cyc(fp2_t c, const fp2_t a) { fp_copy(c[0], a[0]); fp_neg(c[1], a[1]); } -void fp2_inv_sim(fp2_t *c, fp2_t *a, int n) { +void fp2_inv_sim(fp2_t *c, const fp2_t *a, int n) { int i; fp2_t u, *t = RLC_ALLOCA(fp2_t, n); @@ -137,7 +137,7 @@ void fp2_inv_sim(fp2_t *c, fp2_t *a, int n) { } } -void fp3_inv(fp3_t c, fp3_t a) { +void fp3_inv(fp3_t c, const fp3_t a) { fp_t v0; fp_t v1; fp_t v2; @@ -220,7 +220,7 @@ void fp3_inv(fp3_t c, fp3_t a) { } } -void fp3_inv_sim(fp3_t * c, fp3_t * a, int n) { +void fp3_inv_sim(fp3_t * c, const fp3_t * a, int n) { int i; fp3_t u, *t = RLC_ALLOCA(fp3_t, n); @@ -263,12 +263,12 @@ void fp3_inv_sim(fp3_t * c, fp3_t * a, int n) { } } -void fp4_inv_cyc(fp4_t c, fp4_t a) { +void fp4_inv_cyc(fp4_t c, const fp4_t a) { fp2_copy(c[0], a[0]); fp2_neg(c[1], a[1]); } -void fp4_inv(fp4_t c, fp4_t a) { +void fp4_inv(fp4_t c, const fp4_t a) { fp2_t t0; fp2_t t1; @@ -296,7 +296,7 @@ void fp4_inv(fp4_t c, fp4_t a) { } } -void fp4_inv_sim(fp4_t * c, fp4_t * a, int n) { +void fp4_inv_sim(fp4_t * c, const fp4_t * a, int n) { int i; fp4_t u, *t = RLC_ALLOCA(fp4_t, n); @@ -339,7 +339,7 @@ void fp4_inv_sim(fp4_t * c, fp4_t * a, int n) { } } -void fp6_inv(fp6_t c, fp6_t a) { +void fp6_inv(fp6_t c, const fp6_t a) { fp2_t v0; fp2_t v1; fp2_t v2; @@ -398,12 +398,12 @@ void fp6_inv(fp6_t c, fp6_t a) { } } -void fp8_inv_cyc(fp8_t c, fp8_t a) { +void fp8_inv_cyc(fp8_t c, const fp8_t a) { fp4_copy(c[0], a[0]); fp4_neg(c[1], a[1]); } -void fp8_inv(fp8_t c, fp8_t a) { +void fp8_inv(fp8_t c, const fp8_t a) { fp4_t t0; fp4_t t1; @@ -431,7 +431,7 @@ void fp8_inv(fp8_t c, fp8_t a) { } } -void fp8_inv_sim(fp8_t *c, fp8_t *a, int n) { +void fp8_inv_sim(fp8_t *c, const fp8_t *a, int n) { int i; fp8_t u, *t = RLC_ALLOCA(fp8_t, n); @@ -474,7 +474,7 @@ void fp8_inv_sim(fp8_t *c, fp8_t *a, int n) { } } -void fp9_inv(fp9_t c, fp9_t a) { +void fp9_inv(fp9_t c, const fp9_t a) { fp3_t v0; fp3_t v1; fp3_t v2; @@ -533,7 +533,7 @@ void fp9_inv(fp9_t c, fp9_t a) { } } -void fp9_inv_sim(fp9_t * c, fp9_t * a, int n) { +void fp9_inv_sim(fp9_t * c, const fp9_t * a, int n) { int i; fp9_t u, *t = RLC_ALLOCA(fp9_t, n); @@ -576,7 +576,7 @@ void fp9_inv_sim(fp9_t * c, fp9_t * a, int n) { } } -void fp12_inv(fp12_t c, fp12_t a) { +void fp12_inv(fp12_t c, const fp12_t a) { fp6_t t0; fp6_t t1; @@ -604,12 +604,12 @@ void fp12_inv(fp12_t c, fp12_t a) { } } -void fp12_inv_cyc(fp12_t c, fp12_t a) { +void fp12_inv_cyc(fp12_t c, const fp12_t a) { fp6_copy(c[0], a[0]); fp6_neg(c[1], a[1]); } -void fp18_inv(fp18_t c, fp18_t a) { +void fp18_inv(fp18_t c, const fp18_t a) { fp9_t t0; fp9_t t1; @@ -637,12 +637,12 @@ void fp18_inv(fp18_t c, fp18_t a) { } } -void fp18_inv_cyc(fp18_t c, fp18_t a) { +void fp18_inv_cyc(fp18_t c, const fp18_t a) { fp9_copy(c[0], a[0]); fp9_neg(c[1], a[1]); } -void fp24_inv(fp24_t c, fp24_t a) { +void fp24_inv(fp24_t c, const fp24_t a) { fp8_t v0; fp8_t v1; fp8_t v2; @@ -701,14 +701,14 @@ void fp24_inv(fp24_t c, fp24_t a) { } } -void fp24_inv_cyc(fp24_t c, fp24_t a) { +void fp24_inv_cyc(fp24_t c, const fp24_t a) { fp8_inv_cyc(c[0], a[0]); fp8_inv_cyc(c[1], a[1]); fp8_neg(c[1], c[1]); fp8_inv_cyc(c[2], a[2]); } -void fp48_inv(fp48_t c, fp48_t a) { +void fp48_inv(fp48_t c, const fp48_t a) { fp24_t t0; fp24_t t1; @@ -736,12 +736,12 @@ void fp48_inv(fp48_t c, fp48_t a) { } } -void fp48_inv_cyc(fp48_t c, fp48_t a) { +void fp48_inv_cyc(fp48_t c, const fp48_t a) { fp24_copy(c[0], a[0]); fp24_neg(c[1], a[1]); } -void fp54_inv(fp54_t c, fp54_t a) { +void fp54_inv(fp54_t c, const fp54_t a) { fp18_t v0; fp18_t v1; fp18_t v2; @@ -800,7 +800,7 @@ void fp54_inv(fp54_t c, fp54_t a) { } } -void fp54_inv_cyc(fp54_t c, fp54_t a) { +void fp54_inv_cyc(fp54_t c, const fp54_t a) { fp18_inv_cyc(c[0], a[0]); fp18_inv_cyc(c[1], a[1]); fp18_neg(c[1], c[1]); diff --git a/src/fpx/relic_fpx_pck.c b/src/fpx/relic_fpx_pck.c index 1f9b6b9f9..a480f92cd 100644 --- a/src/fpx/relic_fpx_pck.c +++ b/src/fpx/relic_fpx_pck.c @@ -35,7 +35,7 @@ /* Public definitions */ /*============================================================================*/ -void fp2_pck(fp2_t c, fp2_t a) { +void fp2_pck(fp2_t c, const fp2_t a) { int b = fp_get_bit(a[1], 0); fp2_copy(c, a); if (fp2_test_cyc(a)) { @@ -45,7 +45,7 @@ void fp2_pck(fp2_t c, fp2_t a) { } } -int fp2_upk(fp2_t c, fp2_t a) { +int fp2_upk(fp2_t c, const fp2_t a) { if (fp_bits(a[1]) <= 1) { int result, b = fp_get_bit(a[1], 0); fp_t t; @@ -84,7 +84,7 @@ int fp2_upk(fp2_t c, fp2_t a) { } } -void fp12_pck(fp12_t c, fp12_t a) { +void fp12_pck(fp12_t c, const fp12_t a) { fp12_copy(c, a); if (fp12_test_cyc(c)) { fp2_zero(c[0][0]); @@ -92,7 +92,7 @@ void fp12_pck(fp12_t c, fp12_t a) { } } -int fp12_upk(fp12_t c, fp12_t a) { +int fp12_upk(fp12_t c, const fp12_t a) { if (fp2_is_zero(a[0][0]) && fp2_is_zero(a[1][1])) { fp12_back_cyc(c, a); if (fp12_test_cyc(c)) { @@ -106,7 +106,7 @@ int fp12_upk(fp12_t c, fp12_t a) { } } -void fp12_pck_max(fp12_t c, fp12_t a) { +void fp12_pck_max(fp12_t c, const fp12_t a) { fp12_copy(c, a); if (fp12_test_cyc(c)) { /* Use torus-based compression from Section 4.1 in @@ -119,7 +119,7 @@ void fp12_pck_max(fp12_t c, fp12_t a) { } } -int fp12_upk_max(fp12_t c, fp12_t a) { +int fp12_upk_max(fp12_t c, const fp12_t a) { if (fp6_is_zero(a[1])) { fp12_t t; @@ -155,7 +155,7 @@ int fp12_upk_max(fp12_t c, fp12_t a) { } } -void fp24_pck(fp24_t c, fp24_t a) { +void fp24_pck(fp24_t c, const fp24_t a) { fp24_copy(c, a); if (fp24_test_cyc(c)) { fp4_zero(c[0][0]); @@ -163,7 +163,7 @@ void fp24_pck(fp24_t c, fp24_t a) { } } -int fp24_upk(fp24_t c, fp24_t a) { +int fp24_upk(fp24_t c, const fp24_t a) { if (fp4_is_zero(a[0][0]) && fp4_is_zero(a[0][1])) { fp24_back_cyc(c, a); if (fp24_test_cyc(c)) { @@ -177,7 +177,7 @@ int fp24_upk(fp24_t c, fp24_t a) { } } -void fp48_pck(fp48_t c, fp48_t a) { +void fp48_pck(fp48_t c, const fp48_t a) { fp48_copy(c, a); if (fp48_test_cyc(c)) { fp8_zero(c[0][0]); @@ -185,7 +185,7 @@ void fp48_pck(fp48_t c, fp48_t a) { } } -int fp48_upk(fp48_t c, fp48_t a) { +int fp48_upk(fp48_t c, const fp48_t a) { if (fp8_is_zero(a[0][0]) && fp8_is_zero(a[1][1])) { fp48_back_cyc(c, a); if (fp48_test_cyc(c)) { @@ -199,7 +199,7 @@ int fp48_upk(fp48_t c, fp48_t a) { } } -void fp54_pck(fp54_t c, fp54_t a) { +void fp54_pck(fp54_t c, const fp54_t a) { fp54_copy(c, a); if (fp54_test_cyc(c)) { fp9_zero(c[0][0]); @@ -207,7 +207,7 @@ void fp54_pck(fp54_t c, fp54_t a) { } } -int fp54_upk(fp54_t c, fp54_t a) { +int fp54_upk(fp54_t c, const fp54_t a) { if (fp9_is_zero(a[0][0]) && fp9_is_zero(a[0][1])) { fp54_back_cyc(c, a); if (fp54_test_cyc(c)) { diff --git a/src/fpx/relic_fpx_srt.c b/src/fpx/relic_fpx_srt.c index 2da52b750..5a08cd827 100644 --- a/src/fpx/relic_fpx_srt.c +++ b/src/fpx/relic_fpx_srt.c @@ -36,7 +36,7 @@ /* Public definitions */ /*============================================================================*/ -int fp2_srt(fp2_t c, fp2_t a) { +int fp2_srt(fp2_t c, const fp2_t a) { int r = 0; fp_t t0; fp_t t1; @@ -127,7 +127,7 @@ int fp2_srt(fp2_t c, fp2_t a) { return r; } -int fp3_srt(fp3_t c, fp3_t a) { +int fp3_srt(fp3_t c, const fp3_t a) { int r = 0; fp3_t t0, t1, t2, t3; bn_t e; @@ -216,7 +216,7 @@ int fp3_srt(fp3_t c, fp3_t a) { return r; } -int fp4_srt(fp4_t c, fp4_t a) { +int fp4_srt(fp4_t c, const fp4_t a) { int r = 0; fp2_t t0, t1, t2; @@ -247,13 +247,11 @@ int fp4_srt(fp4_t c, fp4_t a) { fp2_mul_nor(t0, t0); fp2_inv(t0, t0); fp2_mul(t0, a[0], t0); - fp2_neg(t0, t0); fp2_zero(c[0]); if (!fp2_srt(c[1], t0)) { /* should never happen! */ RLC_THROW(ERR_NO_VALID); } - fp2_mul_art(c[1], c[1]); } } else { /* t0 = a[0]^2 - s^2 * a[1]^2 */ @@ -261,7 +259,6 @@ int fp4_srt(fp4_t c, fp4_t a) { fp2_sqr(t1, a[1]); fp2_mul_nor(t2, t1); fp2_sub(t0, t0, t2); - if (fp2_srt(t1, t0)) { /* t0 = (a_0 + sqrt(t0)) / 2 */ fp2_add(t0, a[0], t1); diff --git a/src/fpx/relic_fpx_util.c b/src/fpx/relic_fpx_util.c index 1de8cc6fc..7f0c9459a 100644 --- a/src/fpx/relic_fpx_util.c +++ b/src/fpx/relic_fpx_util.c @@ -36,7 +36,7 @@ /* Public definitions */ /*============================================================================*/ -void fp2_copy(fp2_t c, fp2_t a) { +void fp2_copy(fp2_t c, const fp2_t a) { fp_copy(c[0], a[0]); fp_copy(c[1], a[1]); } @@ -46,7 +46,7 @@ void fp2_zero(fp2_t a) { fp_zero(a[1]); } -int fp2_is_zero(fp2_t a) { +int fp2_is_zero(const fp2_t a) { return fp_is_zero(a[0]) && fp_is_zero(a[1]); } @@ -55,7 +55,7 @@ void fp2_rand(fp2_t a) { fp_rand(a[1]); } -void fp2_print(fp2_t a) { +void fp2_print(const fp2_t a) { fp_print(a[0]); fp_print(a[1]); } @@ -89,7 +89,7 @@ void fp2_read_bin(fp2_t a, const uint8_t *bin, int len) { } } -void fp2_write_bin(uint8_t *bin, int len, fp2_t a, int pack) { +void fp2_write_bin(uint8_t *bin, int len, const fp2_t a, int pack) { fp2_t t; fp2_null(t); @@ -123,12 +123,12 @@ void fp2_write_bin(uint8_t *bin, int len, fp2_t a, int pack) { } } -void fp2_set_dig(fp2_t a, dig_t b) { +void fp2_set_dig(fp2_t a, const dig_t b) { fp_set_dig(a[0], b); fp_zero(a[1]); } -void fp3_copy(fp3_t c, fp3_t a) { +void fp3_copy(fp3_t c, const fp3_t a) { fp_copy(c[0], a[0]); fp_copy(c[1], a[1]); fp_copy(c[2], a[2]); @@ -140,7 +140,7 @@ void fp3_zero(fp3_t a) { fp_zero(a[2]); } -int fp3_is_zero(fp3_t a) { +int fp3_is_zero(const fp3_t a) { return fp_is_zero(a[0]) && fp_is_zero(a[1]) && fp_is_zero(a[2]); } @@ -150,7 +150,7 @@ void fp3_rand(fp3_t a) { fp_rand(a[2]); } -void fp3_print(fp3_t a) { +void fp3_print(const fp3_t a) { fp_print(a[0]); fp_print(a[1]); fp_print(a[2]); @@ -170,7 +170,7 @@ void fp3_read_bin(fp3_t a, const uint8_t *bin, int len) { fp_read_bin(a[2], bin + 2 * RLC_FP_BYTES, RLC_FP_BYTES); } -void fp3_write_bin(uint8_t *bin, int len, fp3_t a) { +void fp3_write_bin(uint8_t *bin, int len, const fp3_t a) { if (len != 3 * RLC_FP_BYTES) { RLC_THROW(ERR_NO_BUFFER); return; @@ -180,13 +180,13 @@ void fp3_write_bin(uint8_t *bin, int len, fp3_t a) { fp_write_bin(bin + 2 * RLC_FP_BYTES, RLC_FP_BYTES, a[2]); } -void fp3_set_dig(fp3_t a, dig_t b) { +void fp3_set_dig(fp3_t a, const dig_t b) { fp_set_dig(a[0], b); fp_zero(a[1]); fp_zero(a[2]); } -void fp4_copy(fp4_t c, fp4_t a) { +void fp4_copy(fp4_t c, const fp4_t a) { fp2_copy(c[0], a[0]); fp2_copy(c[1], a[1]); } @@ -196,7 +196,7 @@ void fp4_zero(fp4_t a) { fp2_zero(a[1]); } -int fp4_is_zero(fp4_t a) { +int fp4_is_zero(const fp4_t a) { return fp2_is_zero(a[0]) && fp2_is_zero(a[1]); } @@ -205,7 +205,7 @@ void fp4_rand(fp4_t a) { fp2_rand(a[1]); } -void fp4_print(fp4_t a) { +void fp4_print(const fp4_t a) { fp2_print(a[0]); fp2_print(a[1]); } @@ -223,7 +223,7 @@ void fp4_read_bin(fp4_t a, const uint8_t *bin, int len) { fp2_read_bin(a[1], bin + 2 * RLC_FP_BYTES, 2 * RLC_FP_BYTES); } -void fp4_write_bin(uint8_t *bin, int len, fp4_t a) { +void fp4_write_bin(uint8_t *bin, int len, const fp4_t a) { if (len != 4 * RLC_FP_BYTES) { RLC_THROW(ERR_NO_BUFFER); return; @@ -232,12 +232,12 @@ void fp4_write_bin(uint8_t *bin, int len, fp4_t a) { fp2_write_bin(bin + 2 * RLC_FP_BYTES, 2 * RLC_FP_BYTES, a[1], 0); } -void fp4_set_dig(fp4_t a, dig_t b) { +void fp4_set_dig(fp4_t a, const dig_t b) { fp2_set_dig(a[0], b); fp2_zero(a[1]); } -void fp6_copy(fp6_t c, fp6_t a) { +void fp6_copy(fp6_t c, const fp6_t a) { fp2_copy(c[0], a[0]); fp2_copy(c[1], a[1]); fp2_copy(c[2], a[2]); @@ -249,7 +249,7 @@ void fp6_zero(fp6_t a) { fp2_zero(a[2]); } -int fp6_is_zero(fp6_t a) { +int fp6_is_zero(const fp6_t a) { return fp2_is_zero(a[0]) && fp2_is_zero(a[1]) && fp2_is_zero(a[2]); } @@ -259,7 +259,7 @@ void fp6_rand(fp6_t a) { fp2_rand(a[2]); } -void fp6_print(fp6_t a) { +void fp6_print(const fp6_t a) { fp2_print(a[0]); fp2_print(a[1]); fp2_print(a[2]); @@ -279,7 +279,7 @@ void fp6_read_bin(fp6_t a, const uint8_t *bin, int len) { fp2_read_bin(a[2], bin + 4 * RLC_FP_BYTES, 2 * RLC_FP_BYTES); } -void fp6_write_bin(uint8_t *bin, int len, fp6_t a) { +void fp6_write_bin(uint8_t *bin, int len, const fp6_t a) { if (len != 6 * RLC_FP_BYTES) { RLC_THROW(ERR_NO_BUFFER); return; @@ -289,13 +289,13 @@ void fp6_write_bin(uint8_t *bin, int len, fp6_t a) { fp2_write_bin(bin + 4 * RLC_FP_BYTES, 2 * RLC_FP_BYTES, a[2], 0); } -void fp6_set_dig(fp6_t a, dig_t b) { +void fp6_set_dig(fp6_t a, const dig_t b) { fp2_set_dig(a[0], b); fp2_zero(a[1]); fp2_zero(a[2]); } -void fp8_copy(fp8_t c, fp8_t a) { +void fp8_copy(fp8_t c, const fp8_t a) { fp4_copy(c[0], a[0]); fp4_copy(c[1], a[1]); } @@ -305,7 +305,7 @@ void fp8_zero(fp8_t a) { fp4_zero(a[1]); } -int fp8_is_zero(fp8_t a) { +int fp8_is_zero(const fp8_t a) { return fp4_is_zero(a[0]) && fp4_is_zero(a[1]); } @@ -314,7 +314,7 @@ void fp8_rand(fp8_t a) { fp4_rand(a[1]); } -void fp8_print(fp8_t a) { +void fp8_print(const fp8_t a) { fp4_print(a[0]); fp4_print(a[1]); } @@ -340,7 +340,7 @@ void fp8_read_bin(fp8_t a, const uint8_t *bin, int len) { fp4_read_bin(a[1], bin + 4 * RLC_FP_BYTES, 4 * RLC_FP_BYTES); } -void fp8_write_bin(uint8_t *bin, int len, fp8_t a) { +void fp8_write_bin(uint8_t *bin, int len, const fp8_t a) { if (len != 8 * RLC_FP_BYTES) { RLC_THROW(ERR_NO_BUFFER); return; @@ -349,12 +349,12 @@ void fp8_write_bin(uint8_t *bin, int len, fp8_t a) { fp4_write_bin(bin + 4 * RLC_FP_BYTES, 4 * RLC_FP_BYTES, a[1]); } -void fp8_set_dig(fp8_t a, dig_t b) { +void fp8_set_dig(fp8_t a, const dig_t b) { fp4_set_dig(a[0], b); fp4_zero(a[1]); } -void fp9_copy(fp9_t c, fp9_t a) { +void fp9_copy(fp9_t c, const fp9_t a) { fp3_copy(c[0], a[0]); fp3_copy(c[1], a[1]); fp3_copy(c[2], a[2]); @@ -366,7 +366,7 @@ void fp9_zero(fp9_t a) { fp3_zero(a[2]); } -int fp9_is_zero(fp9_t a) { +int fp9_is_zero(const fp9_t a) { return fp3_is_zero(a[0]) && fp3_is_zero(a[1]) && fp3_is_zero(a[2]); } @@ -376,7 +376,7 @@ void fp9_rand(fp9_t a) { fp3_rand(a[2]); } -void fp9_print(fp9_t a) { +void fp9_print(const fp9_t a) { fp3_print(a[0]); fp3_print(a[1]); fp3_print(a[2]); @@ -396,7 +396,7 @@ void fp9_read_bin(fp9_t a, const uint8_t *bin, int len) { fp3_read_bin(a[2], bin + 6 * RLC_FP_BYTES, 3 * RLC_FP_BYTES); } -void fp9_write_bin(uint8_t *bin, int len, fp9_t a) { +void fp9_write_bin(uint8_t *bin, int len, const fp9_t a) { if (len != 9 * RLC_FP_BYTES) { RLC_THROW(ERR_NO_BUFFER); return; @@ -406,13 +406,13 @@ void fp9_write_bin(uint8_t *bin, int len, fp9_t a) { fp3_write_bin(bin + 6 * RLC_FP_BYTES, 3 * RLC_FP_BYTES, a[2]); } -void fp9_set_dig(fp9_t a, dig_t b) { +void fp9_set_dig(fp9_t a, const dig_t b) { fp3_set_dig(a[0], b); fp3_zero(a[1]); fp3_zero(a[2]); } -void fp12_copy(fp12_t c, fp12_t a) { +void fp12_copy(fp12_t c, const fp12_t a) { fp6_copy(c[0], a[0]); fp6_copy(c[1], a[1]); } @@ -422,7 +422,7 @@ void fp12_zero(fp12_t a) { fp6_zero(a[1]); } -int fp12_is_zero(fp12_t a) { +int fp12_is_zero(const fp12_t a) { return (fp6_is_zero(a[0]) && fp6_is_zero(a[1])); } @@ -431,7 +431,7 @@ void fp12_rand(fp12_t a) { fp6_rand(a[1]); } -void fp12_print(fp12_t a) { +void fp12_print(const fp12_t a) { fp6_print(a[0]); fp6_print(a[1]); } @@ -468,7 +468,7 @@ void fp12_read_bin(fp12_t a, const uint8_t *bin, int len) { } } -void fp12_write_bin(uint8_t *bin, int len, fp12_t a, int pack) { +void fp12_write_bin(uint8_t *bin, int len, const fp12_t a, int pack) { fp12_t t; fp12_null(t); @@ -499,12 +499,12 @@ void fp12_write_bin(uint8_t *bin, int len, fp12_t a, int pack) { } } -void fp12_set_dig(fp12_t a, dig_t b) { +void fp12_set_dig(fp12_t a, const dig_t b) { fp6_set_dig(a[0], b); fp6_zero(a[1]); } -void fp18_copy(fp18_t c, fp18_t a) { +void fp18_copy(fp18_t c, const fp18_t a) { fp9_copy(c[0], a[0]); fp9_copy(c[1], a[1]); } @@ -514,7 +514,7 @@ void fp18_zero(fp18_t a) { fp9_zero(a[1]); } -int fp18_is_zero(fp18_t a) { +int fp18_is_zero(const fp18_t a) { return (fp9_is_zero(a[0]) && fp9_is_zero(a[1])); } @@ -523,7 +523,7 @@ void fp18_rand(fp18_t a) { fp9_rand(a[1]); } -void fp18_print(fp18_t a) { +void fp18_print(const fp18_t a) { fp9_print(a[0]); fp9_print(a[1]); } @@ -541,7 +541,7 @@ void fp18_read_bin(fp18_t a, const uint8_t *bin, int len) { fp9_read_bin(a[1], bin + 9 * RLC_FP_BYTES, 9 * RLC_FP_BYTES); } -void fp18_write_bin(uint8_t *bin, int len, fp18_t a) { +void fp18_write_bin(uint8_t *bin, int len, const fp18_t a) { if (len != 18 * RLC_FP_BYTES) { RLC_THROW(ERR_NO_BUFFER); return; @@ -550,12 +550,12 @@ void fp18_write_bin(uint8_t *bin, int len, fp18_t a) { fp9_write_bin(bin + 9 * RLC_FP_BYTES, 9 * RLC_FP_BYTES, a[1]); } -void fp18_set_dig(fp18_t a, dig_t b) { +void fp18_set_dig(fp18_t a, const dig_t b) { fp9_set_dig(a[0], b); fp9_zero(a[1]); } -void fp24_copy(fp24_t c, fp24_t a) { +void fp24_copy(fp24_t c, const fp24_t a) { fp8_copy(c[0], a[0]); fp8_copy(c[1], a[1]); fp8_copy(c[2], a[2]); @@ -567,7 +567,7 @@ void fp24_zero(fp24_t a) { fp8_zero(a[2]); } -int fp24_is_zero(fp24_t a) { +int fp24_is_zero(const fp24_t a) { return fp8_is_zero(a[0]) && fp8_is_zero(a[1]) && fp8_is_zero(a[2]); } @@ -577,7 +577,7 @@ void fp24_rand(fp24_t a) { fp8_rand(a[2]); } -void fp24_print(fp24_t a) { +void fp24_print(const fp24_t a) { fp8_print(a[0]); fp8_print(a[1]); fp8_print(a[2]); @@ -616,7 +616,7 @@ void fp24_read_bin(fp24_t a, const uint8_t *bin, int len) { } } -void fp24_write_bin(uint8_t *bin, int len, fp24_t a, int pack) { +void fp24_write_bin(uint8_t *bin, int len, const fp24_t a, int pack) { fp24_t t; fp24_null(t); @@ -648,13 +648,13 @@ void fp24_write_bin(uint8_t *bin, int len, fp24_t a, int pack) { } } -void fp24_set_dig(fp24_t a, dig_t b) { +void fp24_set_dig(fp24_t a, const dig_t b) { fp8_set_dig(a[0], b); fp8_zero(a[1]); fp8_zero(a[2]); } -void fp48_copy(fp48_t c, fp48_t a) { +void fp48_copy(fp48_t c, const fp48_t a) { fp24_copy(c[0], a[0]); fp24_copy(c[1], a[1]); } @@ -664,7 +664,7 @@ void fp48_zero(fp48_t a) { fp24_zero(a[1]); } -int fp48_is_zero(fp48_t a) { +int fp48_is_zero(const fp48_t a) { return (fp24_is_zero(a[0]) && fp24_is_zero(a[1])); } @@ -673,7 +673,7 @@ void fp48_rand(fp48_t a) { fp24_rand(a[1]); } -void fp48_print(fp48_t a) { +void fp48_print(const fp48_t a) { fp24_print(a[0]); fp24_print(a[1]); } @@ -710,7 +710,7 @@ void fp48_read_bin(fp48_t a, const uint8_t *bin, int len) { } } -void fp48_write_bin(uint8_t *bin, int len, fp48_t a, int pack) { +void fp48_write_bin(uint8_t *bin, int len, const fp48_t a, int pack) { fp48_t t; fp48_null(t); @@ -741,12 +741,12 @@ void fp48_write_bin(uint8_t *bin, int len, fp48_t a, int pack) { } } -void fp48_set_dig(fp48_t a, dig_t b) { +void fp48_set_dig(fp48_t a, const dig_t b) { fp24_set_dig(a[0], b); fp24_zero(a[1]); } -void fp54_copy(fp54_t c, fp54_t a) { +void fp54_copy(fp54_t c, const fp54_t a) { fp18_copy(c[0], a[0]); fp18_copy(c[1], a[1]); fp18_copy(c[2], a[2]); @@ -758,7 +758,7 @@ void fp54_zero(fp54_t a) { fp18_zero(a[2]); } -int fp54_is_zero(fp54_t a) { +int fp54_is_zero(const fp54_t a) { return (fp18_is_zero(a[0]) && fp18_is_zero(a[1]) && fp18_is_zero(a[2])); } @@ -768,7 +768,7 @@ void fp54_rand(fp54_t a) { fp18_rand(a[2]); } -void fp54_print(fp54_t a) { +void fp54_print(const fp54_t a) { fp18_print(a[0]); fp18_print(a[1]); fp18_print(a[2]); @@ -807,7 +807,7 @@ void fp54_read_bin(fp54_t a, const uint8_t *bin, int len) { } } -void fp54_write_bin(uint8_t *bin, int len, fp54_t a, int pack) { +void fp54_write_bin(uint8_t *bin, int len, const fp54_t a, int pack) { fp54_t t; fp54_null(t); diff --git a/src/low/easy/relic_bn_div_low.c b/src/low/easy/relic_bn_div_low.c index b86f9c8eb..c03e37fa9 100644 --- a/src/low/easy/relic_bn_div_low.c +++ b/src/low/easy/relic_bn_div_low.c @@ -78,8 +78,6 @@ void bn_divn_low(dig_t *c, dig_t *d, dig_t *a, int sa, dig_t *b, int sb) { /* Find the remaining digits. */ for (i = n; i >= (t + 1); i--) { - dig_t tmp; - if (i > sa) { continue; } @@ -87,7 +85,7 @@ void bn_divn_low(dig_t *c, dig_t *d, dig_t *a, int sa, dig_t *b, int sb) { if (a[i] == b[t]) { c[i - t - 1] = RLC_MASK(RLC_DIG); } else { - RLC_DIV_DIG(c[i - t - 1], tmp, a[i], a[i - 1], b[t]); + RLC_DIV_DIG(c[i - t - 1], carry, a[i], a[i - 1], b[t]); } c[i - t - 1]++; diff --git a/src/low/easy/relic_bn_mul_low.c b/src/low/easy/relic_bn_mul_low.c index 7909a6d26..0e4c67e4d 100644 --- a/src/low/easy/relic_bn_mul_low.c +++ b/src/low/easy/relic_bn_mul_low.c @@ -64,6 +64,33 @@ dig_t bn_mul1_low(dig_t *c, const dig_t *a, dig_t digit, int size) { return carry; } +dig_t bn_muls_low(dig_t *c, const dig_t *a, dig_t sa, dis_t digit, int size) { + dig_t r, _a, _c, c0, c1, c2, sign, sd = digit >> (RLC_DIG - 1); + + sa = -sa; + sign = sa ^ sd; + digit = (digit ^ sd) - sd; + + _a = (a[0] ^ sa) - sa; + c2 = (_a < (a[0] ^ sa)); + RLC_MUL_DIG(r, _c, _a, (dig_t)digit); + _c ^= sign; + c[0] = _c - sign; + c1 = (c[0] < _c); + c0 = r; + for (int i = 1; i < size; i++) { + _a = (a[i] ^ sa) + c2; + c2 = (_a < c2); + RLC_MUL_DIG(r, _c, _a, (dig_t)digit); + _c += c0; + c0 = r + (_c < c0); + _c ^= sign; + c[i] = _c + c1; + c1 = (c[i] < _c); + } + return (c0 ^ sign) + c1; +} + void bn_muln_low(dig_t *c, const dig_t *a, const dig_t *b, int size) { int i, j; const dig_t *tmpa, *tmpb; diff --git a/src/low/easy/relic_bn_shift_low.c b/src/low/easy/relic_bn_shift_low.c index e2555162a..d333df931 100644 --- a/src/low/easy/relic_bn_shift_low.c +++ b/src/low/easy/relic_bn_shift_low.c @@ -126,3 +126,19 @@ dig_t bn_rshb_low(dig_t *c, const dig_t *a, int size, int bits) { } return carry; } + +dig_t bn_rshs_low(dig_t *c, const dig_t *a, int size, int bits) { + dig_t r, carry, shift, mask; + + /* Prepare the bit mask. */ + shift = (RLC_DIG - bits) % RLC_DIG; + mask = RLC_MASK(bits); + carry = a[size - 1] & mask; + c[size - 1] = (dis_t)a[size - 1] >> bits; + for (int i = size - 2; i >= 0; i--) { + r = a[i] & mask; + c[i] = (a[i] >> bits) | (carry << shift); + carry = r; + } + return carry; +} diff --git a/src/low/easy/relic_bn_sqr_low.c b/src/low/easy/relic_bn_sqr_low.c index d6688c661..ad4872f9f 100644 --- a/src/low/easy/relic_bn_sqr_low.c +++ b/src/low/easy/relic_bn_sqr_low.c @@ -40,12 +40,13 @@ dig_t bn_sqra_low(dig_t *c, const dig_t *a, int size) { int i; - dig_t t, c0, c1; + dig_t c0, c1; + +#ifdef RLC_CONF_NODBL + dig_t r0, r1, _r0, _r1, s0, s1, t, t0, t1; t = a[0]; -#ifdef RLC_CONF_NODBL - dig_t r0, r1, _r0, _r1, s0, s1, t0, t1; /* Accumulate this column with the square of a->dp[i]. */ RLC_MUL_DIG(_r1, _r0, t, t); r0 = _r0 + c[0]; diff --git a/src/low/easy/relic_fp_smb_low.c b/src/low/easy/relic_fp_smb_low.c new file mode 100644 index 000000000..2e35c4f8b --- /dev/null +++ b/src/low/easy/relic_fp_smb_low.c @@ -0,0 +1,65 @@ +/* + * RELIC is an Efficient LIbrary for Cryptography + * Copyright (c) 2021 RELIC Authors + * + * This file is part of RELIC. RELIC is legal property of its developers, + * whose names are not listed here. Please refer to the COPYRIGHT file + * for contact information. + * + * RELIC is free software; you can redistribute it and/or modify it under the + * terms of the version 2.1 (or later) of the GNU Lesser General Public License + * as published by the Free Software Foundation; or version 2.0 of the Apache + * License as published by the Apache Software Foundation. See the LICENSE files + * for more details. + * + * RELIC is distributed in the hope that it will be useful, but WITHOUT ANY + * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR + * A PARTICULAR PURPOSE. See the LICENSE files for more details. + * + * You should have received a copy of the GNU Lesser General Public or the + * Apache License along with RELIC. If not, see + * or . + */ + +/** + * @file + * + * Implementation of the low-level inversion functions. + * + * @&version $Id$ + * @ingroup fp + */ + +#include "relic_bn.h" +#include "relic_bn_low.h" +#include "relic_fp.h" +#include "relic_fp_low.h" +#include "relic_core.h" + +/*============================================================================*/ +/* Public definitions */ +/*============================================================================*/ + +int fp_smbm_low(const dig_t *a) { + bn_st e; + dig_t t[RLC_FP_DIGS]; + + bn_make(&e, RLC_FP_DIGS); + + e.used = RLC_FP_DIGS; + dv_copy(e.dp, fp_prime_get(), RLC_FP_DIGS); + bn_rsh1_low(e.dp, e.dp, RLC_FP_DIGS); +#if AUTO == ALLOC + fp_exp(t, a, &e); +#else + fp_exp(t, (const fp_t)a, &e); +#endif + + int r = (fp_cmp_dig(t, 1) == RLC_EQ); + fp_negm_low(t, t); + r = RLC_SEL(r, -(fp_cmp_dig(t, 1) == RLC_EQ), !r); + + bn_clean(&e); + + return r; +} diff --git a/src/low/easy/relic_fpx_mul_low.c b/src/low/easy/relic_fpx_mul_low.c index 4a88aa05b..050759350 100755 --- a/src/low/easy/relic_fpx_mul_low.c +++ b/src/low/easy/relic_fpx_mul_low.c @@ -38,7 +38,7 @@ /* Public definitions */ /*============================================================================*/ -void fp2_muln_low(dv2_t c, fp2_t a, fp2_t b) { +void fp2_muln_low(dv2_t c, const fp2_t a, const fp2_t b) { rlc_align dig_t t0[2 * RLC_FP_DIGS], t1[2 * RLC_FP_DIGS], t2[2 * RLC_FP_DIGS]; /* Karatsuba algorithm. */ @@ -82,43 +82,7 @@ void fp2_muln_low(dv2_t c, fp2_t a, fp2_t b) { #endif } -void fp2_mulc_low(dv2_t c, fp2_t a, fp2_t b) { - rlc_align dig_t t0[2 * RLC_FP_DIGS], t1[2 * RLC_FP_DIGS], t2[2 * RLC_FP_DIGS]; - - /* Karatsuba algorithm. */ - - /* t0 = a_0 + a_1, t1 = b_0 + b_1. */ - fp_addn_low(t0, a[0], a[1]); - fp_addn_low(t1, b[0], b[1]); - - /* c_0 = a_0 * b_0, c_1 = a_1 * b_1, t2 = (a_0 + a_1) * (b_0 + b_1). */ - fp_muln_low(c[0], a[0], b[0]); - fp_muln_low(c[1], a[1], b[1]); - fp_muln_low(t2, t0, t1); - - /* t0 = (a_0 * b_0) + (a_1 * b_1). */ - fp_addd_low(t0, c[0], c[1]); - - /* c_0 = (a_0 * b_0) + u^2 * (a_1 * b_1). */ - fp_subd_low(c[0], c[0], c[1]); - -#ifndef FP_QNRES - /* t1 = u^2 * (a_1 * b_1). */ - for (int i = -1; i > fp_prime_get_qnr(); i--) { - fp_subd_low(c[0], c[0], c[1]); - } -#endif - - /* c_1 = (t2 - t0). */ - fp_subd_low(c[1], t2, t0); - - /* c_0 = c_0 + 2^N * p/4. */ - bn_lshb_low(c[0] + RLC_FP_DIGS - 1, c[0] + RLC_FP_DIGS - 1, RLC_FP_DIGS + 1, 2); - fp_addn_low(c[0] + RLC_FP_DIGS, c[0] + RLC_FP_DIGS, fp_prime_get()); - bn_rshb_low(c[0] + RLC_FP_DIGS - 1, c[0] + RLC_FP_DIGS - 1, RLC_FP_DIGS + 1, 2); -} - -void fp2_mulm_low(fp2_t c, fp2_t a, fp2_t b) { +void fp2_mulm_low(fp2_t c, const fp2_t a, const fp2_t b) { rlc_align dv2_t t; dv2_null(t); @@ -134,7 +98,7 @@ void fp2_mulm_low(fp2_t c, fp2_t a, fp2_t b) { } } -void fp3_muln_low(dv3_t c, fp3_t a, fp3_t b) { +void fp3_muln_low(dv3_t c, const fp3_t a, const fp3_t b) { rlc_align dig_t t0[2 * RLC_FP_DIGS], t1[2 * RLC_FP_DIGS], t2[2 * RLC_FP_DIGS], t3[2 * RLC_FP_DIGS]; rlc_align dig_t t4[2 * RLC_FP_DIGS], t5[2 * RLC_FP_DIGS], t6[2 * RLC_FP_DIGS]; @@ -207,7 +171,7 @@ void fp3_muln_low(dv3_t c, fp3_t a, fp3_t b) { fp_addc_low(c[2], t5, t1); } -void fp3_mulm_low(fp3_t c, fp3_t a, fp3_t b) { +void fp3_mulm_low(fp3_t c, const fp3_t a, const fp3_t b) { dv3_t t; dv3_null(t); diff --git a/src/low/easy/relic_fpx_sqr_low.c b/src/low/easy/relic_fpx_sqr_low.c index 01e55cc82..82870342a 100755 --- a/src/low/easy/relic_fpx_sqr_low.c +++ b/src/low/easy/relic_fpx_sqr_low.c @@ -37,7 +37,7 @@ /* Public definitions */ /*============================================================================*/ -void fp2_sqrn_low(dv2_t c, fp2_t a) { +void fp2_sqrn_low(dv2_t c, const fp2_t a) { rlc_align dig_t t0[2 * RLC_FP_DIGS], t1[2 * RLC_FP_DIGS], t2[2 * RLC_FP_DIGS]; /* t0 = (a0 + a1). */ @@ -85,22 +85,16 @@ void fp2_sqrn_low(dv2_t c, fp2_t a) { /* c0 = a0^2 + b_0^2 * u^2. */ fp_muln_low(c[0], t0, t1); -#ifdef RLC_FP_ROOM for (int i = -1; i > fp_prime_get_qnr(); i--) { - fp_addd_low(c[0], c[0], c[1]); + fp_addc_low(c[0], c[0], c[1]); } for (int i = 1; i < fp_prime_get_qnr(); i++) { - fp_subd_low(c[0], c[0], c[1]); + fp_subc_low(c[0], c[0], c[1]); } +#ifdef RLC_FP_ROOM /* c1 = 2 * a0 * a1. */ fp_addd_low(c[1], c[1], c[1]); #else - for (int i = -1; i > fp_prime_get_qnr(); i--) { - fp_addc_low(c[0], c[0], c[1]); - } - for (int i = 1; i < fp_prime_get_qnr(); i++) { - fp_subc_low(c[0], c[0], c[1]); - } /* c1 = 2 * a0 * a1. */ fp_addc_low(c[1], c[1], c[1]); #endif @@ -109,7 +103,7 @@ void fp2_sqrn_low(dv2_t c, fp2_t a) { /* c = c0 + c1 * u. */ } -void fp2_sqrm_low(fp2_t c, fp2_t a) { +void fp2_sqrm_low(fp2_t c, const fp2_t a) { rlc_align dv2_t t; dv2_null(t); @@ -125,7 +119,7 @@ void fp2_sqrm_low(fp2_t c, fp2_t a) { } } -void fp3_sqrn_low(dv3_t c, fp3_t a) { +void fp3_sqrn_low(dv3_t c, const fp3_t a) { rlc_align dig_t t0[2 * RLC_FP_DIGS], t1[2 * RLC_FP_DIGS], t2[2 * RLC_FP_DIGS]; rlc_align dig_t t3[2 * RLC_FP_DIGS], t4[2 * RLC_FP_DIGS]; @@ -191,7 +185,7 @@ void fp3_sqrn_low(dv3_t c, fp3_t a) { } } -void fp3_sqrm_low(fp3_t c, fp3_t a) { +void fp3_sqrm_low(fp3_t c, const fp3_t a) { rlc_align dv3_t t; dv3_null(t); diff --git a/src/low/gmp-sec/relic_bn_mul_low.c b/src/low/gmp-sec/relic_bn_mul_low.c index ee999713b..5fa5d265e 100644 --- a/src/low/gmp-sec/relic_bn_mul_low.c +++ b/src/low/gmp-sec/relic_bn_mul_low.c @@ -54,6 +54,24 @@ dig_t bn_mul1_low(dig_t *c, const dig_t *a, dig_t digit, int size) { return u[size]; } +dig_t bn_muls_low(dig_t *c, const dig_t *a, dig_t sa, dis_t digit, int size) { + dig_t _a[size], carry, sign, sd = digit >> (RLC_DIG - 1); + + sa = -sa; + sign = sa ^ sd; + digit = (digit ^ sd) - sd; + + for (size_t i = 0; i < size; i++) { + _a[i] = a[i] ^ sa; + } + bn_add1_low(_a, _a, -sa, size); + carry = bn_mul1_low(c, _a, (dig_t)digit, size); + for (size_t i = 0; i < size; i++) { + c[i] = c[i] ^ sign; + } + return (carry ^ sign) + bn_add1_low(c, c, -sign, size); +} + void bn_muln_low(dig_t *c, const dig_t *a, const dig_t *b, int size) { dig_t *t = RLC_ALLOCA(dig_t, mpn_sec_mul_itch(size, size)); mpn_sec_mul(c, a, size, b, size, t); diff --git a/src/low/gmp-sec/relic_bn_shift_low.c b/src/low/gmp-sec/relic_bn_shift_low.c index 4ca729761..5127b3e4a 100644 --- a/src/low/gmp-sec/relic_bn_shift_low.c +++ b/src/low/gmp-sec/relic_bn_shift_low.c @@ -56,3 +56,16 @@ dig_t bn_rsh1_low(dig_t *c, const dig_t *a, int size) { dig_t bn_rshb_low(dig_t *c, const dig_t *a, int size, int bits) { return mpn_rshift(c, a, size, bits); } + +dig_t bn_rshs_low(dig_t *c, const dig_t *a, int size, int bits) { + dig_t r, carry, shift, mask; + + /* Prepare the bit mask. */ + shift = (RLC_DIG - bits) % RLC_DIG; + mask = RLC_MASK(bits); + r = a[size - 1] & mask; + c[size - 1] = (dis_t)a[size - 1] >> bits; + carry = mpn_rshift(c, a, size - 1, bits); + c[size - 2] |= (r << shift); + return carry; +} diff --git a/src/low/gmp-sec/relic_fp_add_low.c b/src/low/gmp-sec/relic_fp_add_low.c index 943a6a027..66305f681 100644 --- a/src/low/gmp-sec/relic_fp_add_low.c +++ b/src/low/gmp-sec/relic_fp_add_low.c @@ -90,7 +90,7 @@ dig_t fp_subd_low(dig_t *c, const dig_t *a, const dig_t *b) { void fp_subc_low(dig_t *c, const dig_t *a, const dig_t *b) { dig_t carry = mpn_sub_n(c, a, b, 2 * RLC_FP_DIGS); - mpn_cnd_sub_n(carry, c + RLC_FP_DIGS, c + RLC_FP_DIGS, + mpn_cnd_add_n(carry, c + RLC_FP_DIGS, c + RLC_FP_DIGS, fp_prime_get(), RLC_FP_DIGS); } @@ -124,6 +124,6 @@ void fp_hlvd_low(dig_t *c, const dig_t *a) { mpn_sec_add_1(c + RLC_FP_DIGS, a + RLC_FP_DIGS, RLC_FP_DIGS, carry, t); carry = mpn_rshift(c + RLC_FP_DIGS, c + RLC_FP_DIGS, RLC_FP_DIGS, 1); mpn_rshift(c, c, RLC_FP_DIGS, 1); - c[RLC_FP_DIGS - 1] ^= ((dig_t)carry << (RLC_DIG - 1)); + c[RLC_FP_DIGS - 1] ^= carry; RLC_FREE(t); } diff --git a/src/low/gmp/relic_bn_mul_low.c b/src/low/gmp/relic_bn_mul_low.c index 2229b6d2e..a6806a55f 100644 --- a/src/low/gmp/relic_bn_mul_low.c +++ b/src/low/gmp/relic_bn_mul_low.c @@ -48,6 +48,24 @@ dig_t bn_mul1_low(dig_t *c, const dig_t *a, dig_t digit, int size) { return mpn_mul_1(c, a, size, digit); } +dig_t bn_muls_low(dig_t *c, const dig_t *a, dig_t sa, dis_t digit, int size) { + dig_t _a[size], carry, sign, sd = digit >> (RLC_DIG - 1); + + sa = -sa; + sign = sa ^ sd; + digit = (digit ^ sd) - sd; + + for (size_t i = 0; i < size; i++) { + _a[i] = a[i] ^ sa; + } + mpn_add_1(_a, _a, size, -sa); + carry = mpn_mul_1(c, _a, size, digit); + for (size_t i = 0; i < size; i++) { + c[i] = c[i] ^ sign; + } + return (carry ^ sign) + mpn_add_1(c, c, size, -sign); +} + void bn_muln_low(dig_t *c, const dig_t *a, const dig_t *b, int size) { mpn_mul_n(c, a, b, size); } diff --git a/src/low/gmp/relic_bn_shift_low.c b/src/low/gmp/relic_bn_shift_low.c index 0445b5ab8..eb8ed87b1 100644 --- a/src/low/gmp/relic_bn_shift_low.c +++ b/src/low/gmp/relic_bn_shift_low.c @@ -56,3 +56,16 @@ dig_t bn_rsh1_low(dig_t *c, const dig_t *a, int size) { dig_t bn_rshb_low(dig_t *c, const dig_t *a, int size, int bits) { return mpn_rshift(c, a, size, bits); } + +dig_t bn_rshs_low(dig_t *c, const dig_t *a, int size, int bits) { + dig_t r, carry, shift, mask; + + /* Prepare the bit mask. */ + shift = (RLC_DIG - bits) % RLC_DIG; + mask = RLC_MASK(bits); + r = a[size - 1] & mask; + c[size - 1] = (dis_t)a[size - 1] >> bits; + carry = mpn_rshift(c, a, size - 1, bits); + c[size - 2] |= (r << shift); + return carry; +} diff --git a/src/low/gmp/relic_fp_add_low.c b/src/low/gmp/relic_fp_add_low.c index a445aa2d9..b5c6dc505 100644 --- a/src/low/gmp/relic_fp_add_low.c +++ b/src/low/gmp/relic_fp_add_low.c @@ -124,9 +124,7 @@ void fp_hlvm_low(dig_t *c, const dig_t *a) { dv_copy(c, a, RLC_FP_DIGS); } mpn_rshift(c, c, RLC_FP_DIGS, 1); - if (carry) { - c[RLC_FP_DIGS - 1] ^= ((dig_t)1 << (RLC_DIG - 1)); - } + c[RLC_FP_DIGS - 1] ^= ((dig_t)carry << (RLC_DIG - 1)); } void fp_hlvd_low(dig_t *c, const dig_t *a) { @@ -142,7 +140,5 @@ void fp_hlvd_low(dig_t *c, const dig_t *a) { carry = mpn_rshift(c + RLC_FP_DIGS, c + RLC_FP_DIGS, RLC_FP_DIGS, 1); mpn_rshift(c, c, RLC_FP_DIGS, 1); - if (carry) { - c[RLC_FP_DIGS - 1] ^= ((dig_t)1 << (RLC_DIG - 1)); - } + c[RLC_FP_DIGS - 1] ^= carry; } diff --git a/src/low/x64-asm-446/CMakeLists.txt b/src/low/x64-asm-10l/CMakeLists.txt similarity index 100% rename from src/low/x64-asm-446/CMakeLists.txt rename to src/low/x64-asm-10l/CMakeLists.txt diff --git a/src/low/x64-asm-638/macro.s b/src/low/x64-asm-10l/macro.s similarity index 100% rename from src/low/x64-asm-638/macro.s rename to src/low/x64-asm-10l/macro.s diff --git a/src/low/x64-asm-638/relic_fp_add_low.s b/src/low/x64-asm-10l/relic_fp_add_low.s similarity index 100% rename from src/low/x64-asm-638/relic_fp_add_low.s rename to src/low/x64-asm-10l/relic_fp_add_low.s diff --git a/src/low/x64-asm-638/relic_fp_mul_low.c b/src/low/x64-asm-10l/relic_fp_mul_low.c similarity index 100% rename from src/low/x64-asm-638/relic_fp_mul_low.c rename to src/low/x64-asm-10l/relic_fp_mul_low.c diff --git a/src/low/x64-asm-638/relic_fp_mul_low.s b/src/low/x64-asm-10l/relic_fp_mul_low.s similarity index 100% rename from src/low/x64-asm-638/relic_fp_mul_low.s rename to src/low/x64-asm-10l/relic_fp_mul_low.s diff --git a/src/low/x64-asm-638/relic_fp_rdc_low.c b/src/low/x64-asm-10l/relic_fp_rdc_low.c similarity index 100% rename from src/low/x64-asm-638/relic_fp_rdc_low.c rename to src/low/x64-asm-10l/relic_fp_rdc_low.c diff --git a/src/low/x64-asm-638/relic_fp_rdc_low.s b/src/low/x64-asm-10l/relic_fp_rdc_low.s similarity index 100% rename from src/low/x64-asm-638/relic_fp_rdc_low.s rename to src/low/x64-asm-10l/relic_fp_rdc_low.s diff --git a/src/low/x64-asm-455/relic_fp_sqr_low.c b/src/low/x64-asm-10l/relic_fp_sqr_low.c similarity index 100% rename from src/low/x64-asm-455/relic_fp_sqr_low.c rename to src/low/x64-asm-10l/relic_fp_sqr_low.c diff --git a/src/low/x64-asm-638/relic_fpx_rdc_low.c b/src/low/x64-asm-10l/relic_fpx_rdc_low.c similarity index 100% rename from src/low/x64-asm-638/relic_fpx_rdc_low.c rename to src/low/x64-asm-10l/relic_fpx_rdc_low.c diff --git a/src/low/x64-asm-638/relic_fpx_rdc_low.s b/src/low/x64-asm-10l/relic_fpx_rdc_low.s similarity index 100% rename from src/low/x64-asm-638/relic_fpx_rdc_low.s rename to src/low/x64-asm-10l/relic_fpx_rdc_low.s diff --git a/src/low/x64-asm-455/relic_fp_inv_low.s b/src/low/x64-asm-455/relic_fp_inv_low.s deleted file mode 100644 index 296ec6b29..000000000 --- a/src/low/x64-asm-455/relic_fp_inv_low.s +++ /dev/null @@ -1,296 +0,0 @@ -/* - * RELIC is an Efficient LIbrary for Cryptography - * Copyright (c) 2017 RELIC Authors - * - * This file is part of RELIC. RELIC is legal property of its developers, - * whose names are not listed here. Please refer to the COPYRIGHT file - * for contact information. - * - * RELIC is free software; you can redistribute it and/or modify it under the - * terms of the version 2.1 (or later) of the GNU Lesser General Public License - * as published by the Free Software Foundation; or version 2.0 of the Apache - * License as published by the Apache Software Foundation. See the LICENSE files - * for more details. - * - * RELIC is distributed in the hope that it will be useful, but WITHOUT ANY - * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR - * A PARTICULAR PURPOSE. See the LICENSE files for more details. - * - * You should have received a copy of the GNU Lesser General Public or the - * Apache License along with RELIC. If not, see - * or . - */ - -/** - * @file - * - * Implementation of the low-level in&version functions. - * - * @ingroup fp - */ - -#include "macro.s" - - -/*============================================================================*/ -/* Public definitions */ -/*============================================================================*/ - -/* No carry */ -.macro _DBL R, i - movq \i+0(\R), %rdx - addq %rdx, \i+0(\R) - movq \i+8(\R), %rdx - adcq %rdx, \i+8(\R) - movq \i+16(\R), %rdx - adcq %rdx, \i+16(\R) - movq \i+24(\R), %rdx - adcq %rdx, \i+24(\R) - movq \i+32(\R), %rdx - adcq %rdx, \i+32(\R) - movq \i+40(\R), %rdx - adcq %rdx, \i+40(\R) - movq \i+48(\R), %rdx - adcq %rdx, \i+48(\R) - movq \i+56(\R), %rdx - adcq %rdx, \i+56(\R) -.endm - -.global fp_invn_asm - -/** - * rdi = x1, rsi = a - */ -fp_invn_asm: - push %r12 - push %r13 - push %r14 - push %r15 - push %rbp - push %rbx - subq $256, %rsp - - /* v = p. */ - movq $P0, %r8 - movq $P1, %r9 - movq $P2, %r10 - movq $P3, %r11 - movq $P4, %r12 - movq $P5, %r13 - movq $P6, %r14 - movq $P7, %r15 - - /* rsp[0..7] = u = a. */ - movq 0(%rsi),%rax - movq %rax,0(%rsp) - movq 8(%rsi),%rax - movq %rax,8(%rsp) - movq 16(%rsi),%rax - movq %rax,16(%rsp) - movq 24(%rsi),%rax - movq %rax,24(%rsp) - movq 32(%rsi),%rax - movq %rax,32(%rsp) - movq 40(%rsi),%rax - movq %rax,40(%rsp) - movq 48(%rsi),%rax - movq %rax,48(%rsp) - movq 56(%rsi),%rax - movq %rax,56(%rsp) - xorq %rax, %rax - - /* rsp[7..15] = x1 = 1. */ - movq $1,64(%rsp) - movq $0,72(%rsp) - movq $0,80(%rsp) - movq $0,88(%rsp) - movq $0,96(%rsp) - movq $0,104(%rsp) - movq $0,112(%rsp) - movq $0,120(%rsp) - - /* rsp[16..23] = x2 = 0. */ - movq $0,128(%rsp) - movq $0,136(%rsp) - movq $0,144(%rsp) - movq $0,152(%rsp) - movq $0,160(%rsp) - movq $0,168(%rsp) - movq $0,176(%rsp) - movq $0,184(%rsp) - -loop: - movq %r8,%rdx - orq %r9,%rdx - orq %r10,%rdx - orq %r11,%rdx - orq %r12,%rdx - orq %r13,%rdx - orq %r14,%rdx - orq %r15,%rdx - jz end - - inc %rax - test $1, %r8 - jnz v_odd - - /* fp_rsh1_low(v). */ - shrd $1, %r9, %r8 - shrd $1, %r10, %r9 - shrd $1, %r11, %r10 - shrd $1, %r12, %r11 - shrd $1, %r13, %r12 - shrd $1, %r14, %r13 - shrd $1, %r15, %r14 - shr $1, %r15 - - /* fp_dbln_low(x1). */ - _DBL %rsp, 64 - jmp loop -v_odd: - movq 0(%rsp),%rdx - test $1, %rdx - jnz u_odd - - /* fp_rsh1_low(u). */ - movq 8(%rsp), %rdx - shrd $1, %rdx, 0(%rsp) - movq 16(%rsp), %rdx - shrd $1, %rdx, 8(%rsp) - movq 24(%rsp), %rdx - shrd $1, %rdx, 16(%rsp) - movq 32(%rsp), %rdx - shrd $1, %rdx, 24(%rsp) - movq 40(%rsp), %rdx - shrd $1, %rdx, 32(%rsp) - movq 48(%rsp), %rdx - shrd $1, %rdx, 40(%rsp) - movq 56(%rsp), %rdx - shrd $1, %rdx, 48(%rsp) - shr $1, %rdx - movq %rdx, 56(%rsp) - - /* fp_dbln_low(x2). */ - _DBL %rsp, 128 - jmp loop -u_odd: - subq 0(%rsp), %r8 - sbbq 8(%rsp), %r9 - sbbq 16(%rsp), %r10 - sbbq 24(%rsp), %r11 - sbbq 32(%rsp), %r12 - sbbq 40(%rsp), %r13 - sbbq 48(%rsp), %r14 - sbbq 56(%rsp), %r15 - jc cmp_lt - - /* fp_rsh1_low(v). */ - shrd $1, %r9, %r8 - shrd $1, %r10, %r9 - shrd $1, %r11, %r10 - shrd $1, %r12, %r11 - shrd $1, %r13, %r12 - shrd $1, %r14, %r13 - shrd $1, %r15, %r14 - shr $1, %r15 - - movq 64(%rsp), %rdx - addq %rdx, 128(%rsp) - movq 72(%rsp), %rdx - adcq %rdx, 136(%rsp) - movq 80(%rsp), %rdx - adcq %rdx, 144(%rsp) - movq 88(%rsp), %rdx - adcq %rdx, 152(%rsp) - movq 96(%rsp), %rdx - adcq %rdx, 160(%rsp) - movq 104(%rsp), %rdx - adcq %rdx, 168(%rsp) - movq 112(%rsp), %rdx - adcq %rdx, 176(%rsp) - movq 120(%rsp), %rdx - adcq %rdx, 184(%rsp) - - _DBL %rsp, 64 - jmp loop -cmp_lt: - addq 0(%rsp), %r8 - adcq 8(%rsp), %r9 - adcq 16(%rsp), %r10 - adcq 24(%rsp), %r11 - adcq 32(%rsp), %r12 - adcq 40(%rsp), %r13 - adcq 48(%rsp), %r14 - adcq 56(%rsp), %r15 - - subq %r8, 0(%rsp) - sbbq %r9, 8(%rsp) - sbbq %r10, 16(%rsp) - sbbq %r11, 24(%rsp) - sbbq %r12, 32(%rsp) - sbbq %r13, 40(%rsp) - sbbq %r14, 48(%rsp) - sbbq %r15, 56(%rsp) - - movq 8(%rsp), %rdx - shrd $1, %rdx, 0(%rsp) - movq 16(%rsp), %rdx - shrd $1, %rdx, 8(%rsp) - movq 24(%rsp), %rdx - shrd $1, %rdx, 16(%rsp) - movq 32(%rsp), %rdx - shrd $1, %rdx, 24(%rsp) - movq 40(%rsp), %rdx - shrd $1, %rdx, 32(%rsp) - movq 48(%rsp), %rdx - shrd $1, %rdx, 40(%rsp) - movq 56(%rsp), %rdx - shrd $1, %rdx, 48(%rsp) - shr $1, %rdx - movq %rdx, 56(%rsp) - - movq 128(%rsp), %rdx - addq %rdx, 64(%rsp) - movq 136(%rsp), %rdx - adcq %rdx, 72(%rsp) - movq 144(%rsp), %rdx - adcq %rdx, 80(%rsp) - movq 152(%rsp), %rdx - adcq %rdx, 88(%rsp) - movq 160(%rsp), %rdx - adcq %rdx, 96(%rsp) - movq 168(%rsp), %rdx - adcq %rdx, 104(%rsp) - movq 176(%rsp), %rdx - adcq %rdx, 112(%rsp) - movq 184(%rsp), %rdx - adcq %rdx, 120(%rsp) - - _DBL %rsp, 128 - jmp loop -end: - movq 64(%rsp), %r9 - movq %r9, 0(%rdi) - movq 72(%rsp), %r9 - movq %r9, 8(%rdi) - movq 80(%rsp), %r9 - movq %r9, 16(%rdi) - movq 88(%rsp), %r9 - movq %r9, 24(%rdi) - movq 96(%rsp), %r9 - movq %r9, 32(%rdi) - movq 104(%rsp), %r9 - movq %r9, 40(%rdi) - movq 112(%rsp), %r9 - movq %r9, 48(%rdi) - movq 120(%rsp), %r9 - movq %r9, 56(%rdi) -exit: - addq $256, %rsp - pop %rbx - pop %rbp - pop %r15 - pop %r14 - pop %r13 - pop %r12 - ret diff --git a/src/low/x64-asm-4l/relic_fpx_mul_low.c b/src/low/x64-asm-4l/relic_fpx_mul_low.c index 0b76c5ae7..5bc093b8f 100755 --- a/src/low/x64-asm-4l/relic_fpx_mul_low.c +++ b/src/low/x64-asm-4l/relic_fpx_mul_low.c @@ -38,7 +38,7 @@ /* Public definitions */ /*============================================================================*/ -void fp3_muln_low(dv3_t c, fp3_t a, fp3_t b) { +void fp3_muln_low(dv3_t c, const fp3_t a, const fp3_t b) { rlc_align dig_t t0[2 * RLC_FP_DIGS], t1[2 * RLC_FP_DIGS], t2[2 * RLC_FP_DIGS], t3[2 * RLC_FP_DIGS]; rlc_align dig_t t4[2 * RLC_FP_DIGS], t5[2 * RLC_FP_DIGS], t6[2 * RLC_FP_DIGS]; @@ -111,7 +111,7 @@ void fp3_muln_low(dv3_t c, fp3_t a, fp3_t b) { fp_addc_low(c[2], t5, t1); } -void fp3_mulm_low(fp3_t c, fp3_t a, fp3_t b) { +void fp3_mulm_low(fp3_t c, const fp3_t a, const fp3_t b) { dv3_t t; dv3_null(t); diff --git a/src/low/x64-asm-4l/relic_fpx_mul_low.s b/src/low/x64-asm-4l/relic_fpx_mul_low.s index 3940d983f..3da643aaa 100755 --- a/src/low/x64-asm-4l/relic_fpx_mul_low.s +++ b/src/low/x64-asm-4l/relic_fpx_mul_low.s @@ -27,7 +27,6 @@ .global cdecl(fp2_mulm_low) .global cdecl(fp2_muln_low) -.global cdecl(fp2_mulc_low) /* * Function: fp2_mulm_low @@ -284,135 +283,3 @@ cdecl(fp2_muln_low): pop %r13 pop %r12 ret - -cdecl(fp2_mulc_low): - push %r12 - push %r13 - push %r14 - push %r15 - push %rbx - push %rbp - - subq $256, %rsp - movq %rdx, %rcx - - /* rsp[0..7] = t0 = a0 * b0. */ - FP_MULN_LOW %rsp, %r8, %r9, %r10, 0(%rsi), 8(%rsi), 16(%rsi), 24(%rsi), 0(%rcx), 8(%rcx), 16(%rcx), 24(%rcx) - - addq $64, %rsp - /* rsp[8..15] = t4 = a1 * b1 */ - FP_MULN_LOW %rsp, %r8, %r9, %r10, 32(%rsi), 40(%rsi), 48(%rsi), 56(%rsi), 32(%rcx), 40(%rcx), 48(%rcx), 56(%rcx) - - /* t2 = (r11, r10, r9, r8) = a0 + a1 */ - movq 0(%rsi), %r8 - addq 32(%rsi), %r8 - movq 8(%rsi), %r9 - adcq 40(%rsi), %r9 - movq 16(%rsi), %r10 - adcq 48(%rsi), %r10 - movq 24(%rsi), %r11 - adcq 56(%rsi), %r11 - - // t1 = (r15, r14, r3, r12) = b0 + b1 - movq 0(%rcx), %r12 - addq 32(%rcx), %r12 - movq 8(%rcx), %r13 - adcq 40(%rcx), %r13 - movq 16(%rcx), %r14 - adcq 48(%rcx), %r14 - movq 24(%rcx), %r15 - adcq 56(%rcx), %r15 - - addq $64, %rsp - /* rsp[16..23] = t3 = (a0 + a1) * (b0 + b1) */ - FP_MULN_LOW %rsp, %rbx, %rbp, %rcx, %r8, %r9, %r10, %r11, %r12, %r13, %r14, %r15 - subq $128, %rsp - - movq 0(%rsp), %r8 - addq 64(%rsp), %r8 - movq 8(%rsp), %r9 - adcq 72(%rsp), %r9 - movq 16(%rsp), %r10 - adcq 80(%rsp), %r10 - movq 24(%rsp), %r11 - adcq 88(%rsp), %r11 - movq 32(%rsp), %r12 - adcq 96(%rsp), %r12 - movq 40(%rsp), %r13 - adcq 104(%rsp), %r13 - movq 48(%rsp), %r14 - adcq 112(%rsp), %r14 - movq 56(%rsp), %r15 - adcq 120(%rsp), %r15 - - /* rsp[0..8] = t4 = t3 - t2 */ - movq 128(%rsp), %rcx - subq %r8, %rcx - movq %rcx, 8*RLC_DV_DIGS(%rdi) - movq 136(%rsp), %rcx - sbbq %r9, %rcx - movq %rcx, 8*RLC_DV_DIGS+8(%rdi) - movq 144(%rsp), %rcx - sbbq %r10, %rcx - movq %rcx, 8*RLC_DV_DIGS+16(%rdi) - movq 152(%rsp), %rcx - sbbq %r11, %rcx - movq %rcx, 8*RLC_DV_DIGS+24(%rdi) - movq 160(%rsp), %rcx - sbbq %r12, %rcx - movq %rcx, 8*RLC_DV_DIGS+32(%rdi) - movq 168(%rsp), %rcx - sbbq %r13, %rcx - movq %rcx, 8*RLC_DV_DIGS+40(%rdi) - movq 176(%rsp), %rcx - sbbq %r14, %rcx - movq %rcx, 8*RLC_DV_DIGS+48(%rdi) - movq 184(%rsp), %rcx - sbbq %r15, %rcx - movq %rcx, 8*RLC_DV_DIGS+56(%rdi) - - /* rsp[0..8] = t1 = (a0 * a1) + u^2 * (a1 * b1) */ - movq NP40, %rax - movq NP41, %r8 - movq NP42, %r9 - movq NP43, %r10 - movq NP44, %r11 - movq 24(%rsp), %rcx - addq %rcx, %rax - movq 32(%rsp), %rcx - adcq %rcx, %r8 - movq 40(%rsp), %rcx - adcq %rcx, %r9 - movq 48(%rsp), %rcx - adcq %rcx, %r10 - movq 56(%rsp), %rcx - adcq %rcx, %r11 - - movq 0(%rsp), %rcx - subq 64(%rsp), %rcx - movq %rcx, 0(%rdi) - movq 8(%rsp), %rcx - sbbq 72(%rsp), %rcx - movq %rcx, 8(%rdi) - movq 16(%rsp), %rcx - sbbq 80(%rsp), %rcx - movq %rcx, 16(%rdi) - sbbq 88(%rsp), %rax - movq %rax, 24(%rdi) - sbbq 96(%rsp), %r8 - movq %r8, 32(%rdi) - sbbq 104(%rsp), %r9 - movq %r9, 40(%rdi) - sbbq 112(%rsp), %r10 - movq %r10, 48(%rdi) - sbbq 120(%rsp), %r11 - movq %r11, 56(%rdi) - - addq $256, %rsp - pop %rbp - pop %rbx - pop %r15 - pop %r14 - pop %r13 - pop %r12 - ret diff --git a/src/low/x64-asm-4l/relic_fpx_sqr_low.c b/src/low/x64-asm-4l/relic_fpx_sqr_low.c index 8529c1093..82edcf2e4 100755 --- a/src/low/x64-asm-4l/relic_fpx_sqr_low.c +++ b/src/low/x64-asm-4l/relic_fpx_sqr_low.c @@ -37,7 +37,7 @@ /* Public definitions */ /*============================================================================*/ -void fp3_sqrn_low(dv3_t c, fp3_t a) { +void fp3_sqrn_low(dv3_t c, const fp3_t a) { rlc_align dig_t t0[2 * RLC_FP_DIGS], t1[2 * RLC_FP_DIGS], t2[2 * RLC_FP_DIGS]; rlc_align dig_t t3[2 * RLC_FP_DIGS], t4[2 * RLC_FP_DIGS]; @@ -103,7 +103,7 @@ void fp3_sqrn_low(dv3_t c, fp3_t a) { } } -void fp3_sqrm_low(fp3_t c, fp3_t a) { +void fp3_sqrm_low(fp3_t c, const fp3_t a) { dv3_t t; dv3_null(t); diff --git a/src/low/x64-asm-455/CMakeLists.txt b/src/low/x64-asm-5l/CMakeLists.txt old mode 100755 new mode 100644 similarity index 100% rename from src/low/x64-asm-455/CMakeLists.txt rename to src/low/x64-asm-5l/CMakeLists.txt diff --git a/src/low/x64-asm-455/macro.s b/src/low/x64-asm-5l/macro.s similarity index 71% rename from src/low/x64-asm-455/macro.s rename to src/low/x64-asm-5l/macro.s index 1c97f9930..a4a5a316f 100644 --- a/src/low/x64-asm-455/macro.s +++ b/src/low/x64-asm-5l/macro.s @@ -32,15 +32,21 @@ * @ingroup fp */ -#define P0 0xAAA00001800002AB -#define P1 0xA6C589556B2AA956 -#define P2 0xB3DB9994ACE86D1B -#define P3 0x4BD93954FCB314B8 -#define P4 0x3F665E3A5B1D5623 -#define P5 0xA00E0F95B4920300 -#define P6 0x555955557955572A -#define P7 0x0000000000000055 -#define U0 0x4B3EF8137F4017FD +#if FP_PRIME == 315 +#define P0 0x6FE802FF40300001 +#define P1 0x421EE5DA52BDE502 +#define P2 0xDEC1D01AA27A1AE0 +#define P3 0xD3F7498BE97C5EAF +#define P4 0x04C23A02B586D650 +#define U0 0x702FF9FF402FFFFF +#elif FP_PRIME == 317 +#define P0 0x8D512E565DAB2AAB +#define P1 0xD6F339E43424BF7E +#define P2 0x169A61E684C73446 +#define P3 0xF28FC5A0B7F9D039 +#define P4 0x1058CA226F60892C +#define U0 0x55B5E0028B047FFD +#endif .text @@ -123,30 +129,18 @@ xorq \R2,\R2 MULN 0, 4, 0, \C, \R0, \R1, \R2, \A, \B xorq \R0,\R0 - MULN 0, 5, 0, \C, \R1, \R2, \R0, \A, \B + MULN 1, 4, 1, \C, \R1, \R2, \R0, \A, \B xorq \R1,\R1 - MULN 0, 6, 0, \C, \R2, \R0, \R1, \A, \B + MULN 2, 4, 2, \C, \R2, \R0, \R1, \A, \B xorq \R2,\R2 - MULN 0, 7, 0, \C, \R0, \R1, \R2, \A, \B - xorq \R0,\R0 - MULN 1, 7, 1, \C, \R1, \R2, \R0, \A, \B - xorq \R1,\R1 - MULN 2, 7, 2, \C, \R2, \R0, \R1, \A, \B - xorq \R2,\R2 - MULN 3, 7, 3, \C, \R0, \R1, \R2, \A, \B - xorq \R0,\R0 - MULN 4, 7, 4, \C, \R1, \R2, \R0, \A, \B - xorq \R1,\R1 - MULN 5, 7, 5, \C, \R2, \R0, \R1, \A, \B - xorq \R2,\R2 - MULN 6, 7, 6, \C, \R0, \R1, \R2, \A, \B + MULN 3, 4, 3, \C, \R0, \R1, \R2, \A, \B - movq 56(\A),%rax - mulq 56(\B) + movq 32(\A),%rax + mulq 32(\B) addq %rax ,\R1 - movq \R1 ,112(\C) + movq \R1 ,64(\C) adcq %rdx ,\R2 - movq \R2 ,120(\C) + movq \R2 ,72(\C) .endm .macro _RDCN0 i, j, k, R0, R1, R2 A, P @@ -216,51 +210,33 @@ RDCN0 0, 2, \R2, \R0, \R1, \A, \P RDCN0 0, 3, \R0, \R1, \R2, \A, \P RDCN0 0, 4, \R1, \R2, \R0, \A, \P - RDCN0 0, 5, \R2, \R0, \R1, \A, \P - RDCN0 0, 6, \R0, \R1, \R2, \A, \P - RDCN0 0, 7, \R1, \R2, \R0, \A, \P - RDCN1 1, 7, \R2, \R0, \R1, \A, \P - RDCN1 2, 7, \R0, \R1, \R2, \A, \P - RDCN1 3, 7, \R1, \R2, \R0, \A, \P - RDCN1 4, 7, \R2, \R0, \R1, \A, \P - RDCN1 5, 7, \R0, \R1, \R2, \A, \P - RDCN1 6, 7, \R1, \R2, \R0, \A, \P - RDCN1 7, 7, \R2, \R0, \R1, \A, \P - addq 8*15(\A), \R0 - movq \R0, 120(\A) - - movq 64(\A), %r11 - movq 72(\A), %r12 - movq 80(\A), %r13 - movq 88(\A), %r14 - movq 96(\A), %r15 - movq 104(\A), %rcx - movq 112(\A), %rbp - movq 120(\A), %rdx + RDCN1 1, 4, \R2, \R0, \R1, \A, \P + RDCN1 2, 4, \R0, \R1, \R2, \A, \P + RDCN1 3, 4, \R1, \R2, \R0, \A, \P + RDCN1 4, 4, \R2, \R0, \R1, \A, \P + addq 8*9(\A), \R0 + movq \R0, 8*9(\A) + + movq 40(\A), %r11 + movq 48(\A), %r12 + movq 56(\A), %r13 + movq 64(\A), %r14 + movq 72(\A), %rcx subq p0(%rip), %r11 sbbq p1(%rip), %r12 sbbq p2(%rip), %r13 sbbq p3(%rip), %r14 - sbbq p4(%rip), %r15 - sbbq p5(%rip), %rcx - sbbq p6(%rip), %rbp - sbbq p7(%rip), %rdx + sbbq p4(%rip), %rcx - cmovc 64(\A), %r11 - cmovc 72(\A), %r12 - cmovc 80(\A), %r13 - cmovc 88(\A), %r14 - cmovc 96(\A), %r15 - cmovc 104(\A), %rcx - cmovc 112(\A), %rbp - cmovc 120(\A), %rdx + cmovc 40(\A), %r11 + cmovc 48(\A), %r12 + cmovc 56(\A), %r13 + cmovc 64(\A), %r14 + cmovc 72(\A), %rcx movq %r11,0(\C) movq %r12,8(\C) movq %r13,16(\C) movq %r14,24(\C) - movq %r15,32(\C) - movq %rcx,40(\C) - movq %rbp,48(\C) - movq %rdx,56(\C) + movq %rcx,32(\C) .endm diff --git a/src/low/x64-asm-455/relic_fp_add_low.s b/src/low/x64-asm-5l/relic_fp_add_low.s similarity index 51% rename from src/low/x64-asm-455/relic_fp_add_low.s rename to src/low/x64-asm-5l/relic_fp_add_low.s index df1253cdb..a32aef221 100644 --- a/src/low/x64-asm-455/relic_fp_add_low.s +++ b/src/low/x64-asm-5l/relic_fp_add_low.s @@ -29,6 +29,7 @@ * Implementation of the low-level prime field addition and subtraction * functions. * + * @version $Id: relic_fp_add_low.c 88 2009-09-06 21:27:19Z dfaranha $ * @ingroup fp */ @@ -41,27 +42,22 @@ p1: .quad P1 p2: .quad P2 p3: .quad P3 p4: .quad P4 -p5: .quad P5 -p6: .quad P6 -p7: .quad P7 .global p0 .global p1 .global p2 .global p3 .global p4 -.global p5 -.global p6 -.global p7 + +#if OPSYS != WINDOWS .hidden p0 .hidden p1 .hidden p2 .hidden p3 .hidden p4 -.hidden p5 -.hidden p6 -.hidden p7 + +#endif .text @@ -87,29 +83,48 @@ fp_add1_low: movq %r10 , 0(%rdi) ADD1 1 (RLC_FP_DIGS - 1) + xorq %rax, %rax ret fp_addn_low: + xorq %rax, %rax movq 0(%rdx), %r11 addq 0(%rsi), %r11 movq %r11 , 0(%rdi) ADDN 1 (RLC_FP_DIGS - 1) + adcq $0, %rax + + ret + +bn_incp_low: + movq 0(%rsi), %r10 + addq %rdx , %r10 + movq %r10 , 0(%rdi) + + ADD1 1 (RLC_FP_DIGS) xorq %rax, %rax ret +.global bn_addp_low +bn_addp_low: + xorq %rax, %rax + movq 0(%rdx), %r11 + addq 0(%rsi), %r11 + movq %r11 , 0(%rdi) + + ADDN 1 (RLC_FP_DIGS) + + adcq $0, %rax + + ret + fp_addm_low: push %rbx - push %rbp push %r12 - push %r13 - push %r14 - push %r15 - push %rdi - subq $16, %rsp movq 0(%rdx), %r8 addq 0(%rsi), %r8 @@ -121,62 +136,32 @@ fp_addm_low: adcq 24(%rsi), %r11 movq 32(%rdx), %r12 adcq 32(%rsi), %r12 - movq 40(%rdx), %r13 - adcq 40(%rsi), %r13 - movq 48(%rdx), %r14 - adcq 48(%rsi), %r14 - movq 56(%rdx), %r15 - adcq 56(%rsi), %r15 movq %r8 , %rax movq %r9 , %rcx movq %r10, %rdx movq %r11, %rsi movq %r12, %rbx - movq %r13, %rbp - movq %r14, %rdi - movq %r15, 0(%rsp) - movq %r15, 8(%rsp) subq p0(%rip), %rax sbbq p1(%rip), %rcx sbbq p2(%rip), %rdx sbbq p3(%rip), %rsi sbbq p4(%rip), %rbx - sbbq p5(%rip), %rbp - sbbq p6(%rip), %rdi - sbbq p7(%rip), %r15 - movq %r15, 0(%rsp) - - movq 8(%rsp), %r15 cmovnc %rax, %r8 cmovnc %rcx, %r9 cmovnc %rdx, %r10 cmovnc %rsi, %r11 cmovnc %rbx, %r12 - cmovnc %rbp, %r13 - cmovnc %rdi, %r14 - cmovnc 0(%rsp), %r15 - - addq $16, %rsp - pop %rdi movq %r8 , 0(%rdi) movq %r9 , 8(%rdi) movq %r10, 16(%rdi) movq %r11, 24(%rdi) movq %r12, 32(%rdi) - movq %r13, 40(%rdi) - movq %r14, 48(%rdi) - movq %r15, 56(%rdi) - xorq %rax, %rax - pop %r15 - pop %r14 - pop %r13 pop %r12 - pop %rbp pop %rbx ret @@ -191,13 +176,7 @@ fp_addd_low: fp_addc_low: push %rbx - push %rbp push %r12 - push %r13 - push %r14 - push %r15 - push %rdi - subq $16, %rsp movq 0(%rsi), %r8 addq 0(%rdx), %r8 @@ -205,72 +184,44 @@ fp_addc_low: ADDN 1 (RLC_FP_DIGS - 1) - movq 64(%rsi), %r8 - adcq 64(%rdx), %r8 - movq 72(%rsi), %r9 - adcq 72(%rdx), %r9 - movq 80(%rsi), %r10 - adcq 80(%rdx), %r10 - movq 88(%rsi), %r11 - adcq 88(%rdx), %r11 - movq 96(%rsi), %r12 - adcq 96(%rdx), %r12 - movq 104(%rsi), %r13 - adcq 104(%rdx), %r13 - movq 112(%rsi), %r14 - adcq 112(%rdx), %r14 - movq 120(%rsi), %r15 - adcq 120(%rdx), %r15 + movq 40(%rsi), %r8 + adcq 40(%rdx), %r8 + movq 48(%rsi), %r9 + adcq 48(%rdx), %r9 + movq 56(%rsi), %r10 + adcq 56(%rdx), %r10 + movq 64(%rsi), %r11 + adcq 64(%rdx), %r11 + movq 72(%rsi), %r12 + adcq 72(%rdx), %r12 movq %r8 , %rax movq %r9 , %rcx movq %r10, %rdx movq %r11, %rsi movq %r12, %rbx - movq %r13, %rbp - movq %r14, %rdi - movq %r15, 0(%rsp) - movq %r15, 8(%rsp) subq p0(%rip), %rax sbbq p1(%rip), %rcx sbbq p2(%rip), %rdx sbbq p3(%rip), %rsi sbbq p4(%rip), %rbx - sbbq p5(%rip), %rbp - sbbq p6(%rip), %rdi - sbbq p7(%rip), %r15 - movq %r15, 0(%rsp) - mov 8(%rsp), %r15 cmovnc %rax, %r8 cmovnc %rcx, %r9 cmovnc %rdx, %r10 cmovnc %rsi, %r11 cmovnc %rbx, %r12 - cmovnc %rbp, %r13 - cmovnc %rdi, %r14 - cmovnc 0(%rsp), %r15 - - addq $16, %rsp - pop %rdi - - movq %r8 , 64(%rdi) - movq %r9 , 72(%rdi) - movq %r10, 80(%rdi) - movq %r11, 88(%rdi) - movq %r12, 96(%rdi) - movq %r13, 104(%rdi) - movq %r14, 112(%rdi) - movq %r15, 120(%rdi) + + movq %r8 , 40(%rdi) + movq %r9 , 48(%rdi) + movq %r10, 56(%rdi) + movq %r11, 64(%rdi) + movq %r12, 72(%rdi) xorq %rax, %rax - pop %r15 - pop %r14 - pop %r13 - pop %r12 - pop %rbp - pop %rbx + pop %r12 + pop %rbx ret fp_sub1_low: @@ -279,6 +230,7 @@ fp_sub1_low: movq %r10 , 0(%rdi) SUB1 1 (RLC_FP_DIGS - 1) + xorq %rax, %rax ret @@ -295,41 +247,47 @@ fp_subn_low: ret fp_subm_low: - xorq %rax, %rax - xorq %rcx, %rcx - - movq 0(%rsi), %r8 - subq 0(%rdx), %r8 - movq %r8 , 0(%rdi) - - SUBN 1 (RLC_FP_DIGS - 1) - - movq $0, %r8 - movq $0, %r9 - movq $0, %r10 - movq $0, %r11 - movq $0, %rdx - movq $0, %rsi - - cmovc p0(%rip), %rax - cmovc p1(%rip), %rcx - cmovc p2(%rip), %r8 - cmovc p3(%rip), %r9 - cmovc p4(%rip), %r10 - cmovc p5(%rip), %r11 - cmovc p6(%rip), %rdx - cmovc p7(%rip), %rsi - - addq %rax, 0(%rdi) - adcq %rcx, 8(%rdi) - adcq %r8, 16(%rdi) - adcq %r9, 24(%rdi) - adcq %r10, 32(%rdi) - adcq %r11, 40(%rdi) - adcq %rdx, 48(%rdi) - adcq %rsi, 56(%rdi) - - ret + push %rbx + push %r12 + + movq 0(%rsi), %r8 + subq 0(%rdx), %r8 + movq 8(%rsi), %r9 + sbbq 8(%rdx), %r9 + movq 16(%rsi), %r10 + sbbq 16(%rdx), %r10 + movq 24(%rsi), %r11 + sbbq 24(%rdx), %r11 + movq 32(%rsi), %r12 + sbbq 32(%rdx), %r12 + + movq $0, %rax + movq $0, %rcx + movq $0, %rdx + movq $0, %rsi + movq $0, %rbx + + cmovc p0(%rip), %rax + cmovc p1(%rip), %rcx + cmovc p2(%rip), %rdx + cmovc p3(%rip), %rsi + cmovc p4(%rip), %rbx + + addq %rax, %r8 + adcq %rcx, %r9 + adcq %rdx, %r10 + adcq %rsi, %r11 + adcq %rbx, %r12 + + movq %r8 , 0(%rdi) + movq %r9 , 8(%rdi) + movq %r10, 16(%rdi) + movq %r11, 24(%rdi) + movq %r12, 32(%rdi) + + pop %r12 + pop %rbx + ret fp_subd_low: movq 0(%rsi), %r8 @@ -354,26 +312,18 @@ fp_subc_low: movq $0, %r9 movq $0, %r10 movq $0, %r11 - movq $0, %rsi - movq $0, %rdx cmovc p0(%rip), %rax cmovc p1(%rip), %rcx cmovc p2(%rip), %r8 cmovc p3(%rip), %r9 cmovc p4(%rip), %r10 - cmovc p5(%rip), %r11 - cmovc p6(%rip), %rsi - cmovc p7(%rip), %rdx - - addq %rax, 64(%rdi) - adcq %rcx, 72(%rdi) - adcq %r8, 80(%rdi) - adcq %r9, 88(%rdi) - adcq %r10, 96(%rdi) - adcq %r11, 104(%rdi) - adcq %rsi, 112(%rdi) - adcq %rdx, 120(%rdi) + + addq %rax, 40(%rdi) + adcq %rcx, 48(%rdi) + adcq %r8, 56(%rdi) + adcq %r9, 64(%rdi) + adcq %r10, 72(%rdi) ret @@ -383,9 +333,6 @@ fp_negm_low: or 16(%rsi), %r8 or 24(%rsi), %r8 or 32(%rsi), %r8 - or 40(%rsi), %r8 - or 48(%rsi), %r8 - or 56(%rsi), %r8 test %r8, %r8 cmovnz p0(%rip), %r8 subq 0(%rsi) , %r8 @@ -402,15 +349,6 @@ fp_negm_low: cmovnz p4(%rip), %r8 sbbq 32(%rsi), %r8 movq %r8 , 32(%rdi) - cmovnz p5(%rip), %r8 - sbbq 40(%rsi), %r8 - movq %r8 , 40(%rdi) - cmovnz p6(%rip), %r8 - sbbq 48(%rsi), %r8 - movq %r8 , 48(%rdi) - cmovnz p7(%rip), %r8 - sbbq 56(%rsi), %r8 - movq %r8 , 56(%rdi) ret fp_dbln_low: @@ -425,13 +363,7 @@ fp_dbln_low: fp_dblm_low: push %rbx - push %rbp push %r12 - push %r13 - push %r14 - push %r15 - push %rdi - subq $16, %rsp xorq %rax, %rax xorq %rcx, %rcx @@ -447,69 +379,38 @@ fp_dblm_low: adcq %r11 , %r11 movq 32(%rsi), %r12 adcq %r12 , %r12 - movq 40(%rsi), %r13 - adcq %r13 , %r13 - movq 48(%rsi), %r14 - adcq %r14 , %r14 - movq 56(%rsi), %r15 - adcq %r15 , %r15 movq %r8 , %rax movq %r9 , %rcx movq %r10, %rdx movq %r11, %rsi movq %r12, %rbx - movq %r13, %rbp - movq %r14, %rdi - movq %r15, 0(%rsp) - movq %r15, 8(%rsp) subq p0(%rip), %rax sbbq p1(%rip), %rcx sbbq p2(%rip), %rdx sbbq p3(%rip), %rsi sbbq p4(%rip), %rbx - sbbq p5(%rip), %rbp - sbbq p6(%rip), %rdi - sbbq p7(%rip), %r15 - movq %r15, 0(%rsp) - movq 8(%rsp), %r15 cmovnc %rax, %r8 cmovnc %rcx, %r9 cmovnc %rdx, %r10 cmovnc %rsi, %r11 cmovnc %rbx, %r12 - cmovnc %rbp, %r13 - cmovnc %rdi, %r14 - cmovnc 0(%rsp), %r15 - - addq $16, %rsp - pop %rdi movq %r8 , 0(%rdi) movq %r9 , 8(%rdi) movq %r10, 16(%rdi) movq %r11, 24(%rdi) movq %r12, 32(%rdi) - movq %r13, 40(%rdi) - movq %r14, 48(%rdi) - movq %r15, 56(%rdi) xorq %rax, %rax - pop %r15 - pop %r14 - pop %r13 - pop %r12 - pop %rbp - pop %rbx + pop %r12 + pop %rbx ret fp_hlvm_low: push %r12 - push %r13 - push %r14 - push %r15 xorq %rdx, %rdx @@ -518,9 +419,6 @@ fp_hlvm_low: movq $P2, %r10 movq $P3, %r11 movq $P4, %r12 - movq $P5, %r13 - movq $P6, %r14 - movq $P7, %r15 movq $1 ,%rax movq 0(%rsi),%rcx @@ -531,9 +429,6 @@ fp_hlvm_low: cmovz %rdx, %r10 cmovz %rdx, %r11 cmovz %rdx, %r12 - cmovz %rdx, %r13 - cmovz %rdx, %r14 - cmovz %rdx, %r15 addq %rcx , %r8 movq 8(%rsi) , %rdx @@ -544,16 +439,7 @@ fp_hlvm_low: adcq %rdx , %r11 movq 32(%rsi), %rdx adcq %rdx , %r12 - movq 40(%rsi), %rdx - adcq %rdx , %r13 - movq 48(%rsi), %rdx - adcq %rdx , %r14 - movq 56(%rsi), %rdx - adcq %rdx , %r15 - rcrq $1, %r15 - rcrq $1, %r14 - rcrq $1, %r13 rcrq $1, %r12 rcrq $1, %r11 rcrq $1, %r10 @@ -565,130 +451,14 @@ fp_hlvm_low: movq %r10, 16(%rdi) movq %r11, 24(%rdi) movq %r12, 32(%rdi) - movq %r13, 40(%rdi) - movq %r14, 48(%rdi) - movq %r15, 56(%rdi) xorq %rax, %rax - pop %r15 - pop %r14 - pop %r13 pop %r12 ret -/* -fp_hlvd_low2: - push %rbx - push %rbp - push %r12 - push %r13 - push %r14 - push %r15 - push %rdi - movq %rsp, b0 - xorq %rdx, %rdx - - movq $P0, %r8 - movq $P1, %r9 - movq $P2, %r10 - movq $P3, %r11 - movq $P4, %r12 - movq $P5, %r13 - movq $P6, %r14 - movq $P7, %r15 - - movq $1 ,%rax - movq 0(%rsi),%rcx - andq %rcx ,%rax - - cmovz %rdx, %r8 - cmovz %rdx, %r9 - cmovz %rdx, %r10 - cmovz %rdx, %r11 - cmovz %rdx, %r12 - cmovz %rdx, %r13 - cmovz %rdx, %r14 - cmovz %rdx, %r15 - - addq %rcx , %r8 - adcq 8(%rsi) , %r9 - adcq 16(%rsi) , %r10 - adcq 24(%rsi) , %r11 - adcq 32(%rsi) , %r12 - adcq 40(%rsi) , %r13 - adcq 48(%rsi) , %r14 - adcq 56(%rsi) , %r15 - movq 64(%rsi) , %rax - adcq $0 , %rax - movq 72(%rsi) , %rbx - adcq $0 , %rbx - movq 80(%rsi) , %rcx - adcq $0 , %rcx - movq 88(%rsi) , %rdx - adcq $0 , %rdx - movq 96(%rsi) , %rbp - adcq $0 , %rbp - movq 104(%rsi), %rsi - adcq $0 , %rsi - movq 112(%rsi), %rsi - adcq $0 , %rsi - movq 120(%rsi), %rsp - adcq $0 , %rsp - - rcrq $1, %rdi - rcrq $1, %rsp - rcrq $1, %rsi - rcrq $1, %rbp - rcrq $1, %rdx - rcrq $1, %rcx - rcrq $1, %rbx - rcrq $1, %rax - rcrq $1, %r15 - rcrq $1, %r14 - rcrq $1, %r13 - rcrq $1, %r12 - rcrq $1, %r11 - rcrq $1, %r10 - rcrq $1, %r9 - rcrq $1, %r8 - - xchgq b0 , %rsp - movq %rdi, b1 - pop %rdi - - xchgq b1 , %rsp - movq %rsp, 120(%rdi) - xchgq b0 , %rsp - movq %rsp, 112(%rdi) - xchgq b1 , %rsp - movq %rsi, 104(%rdi) - movq %rbp, 96(%rdi) - movq %rdx, 88(%rdi) - movq %rcx, 80(%rdi) - movq %rbx, 72(%rdi) - movq %rax, 64(%rdi) - movq %r15, 56(%rdi) - movq %r14, 48(%rdi) - movq %r13, 40(%rdi) - movq %r12, 32(%rdi) - movq %r11, 24(%rdi) - movq %r10, 16(%rdi) - movq %r9 , 8(%rdi) - movq %r8 , 0(%rdi) - - pop %r15 - pop %r14 - pop %r13 - pop %r12 - pop %rbp - pop %rbx - ret -*/ fp_hlvd_low: push %rbx - push %rbp push %r12 - push %r13 push %r14 push %r15 @@ -699,9 +469,6 @@ fp_hlvd_low: movq $P2, %r10 movq $P3, %r11 movq $P4, %r12 - movq $P5, %r13 - movq $P6, %r14 - movq $P7, %r15 movq $1 ,%rax movq 0(%rsi),%rcx @@ -712,68 +479,39 @@ fp_hlvd_low: cmovz %rdx, %r10 cmovz %rdx, %r11 cmovz %rdx, %r12 - cmovz %rdx, %r13 - cmovz %rdx, %r14 - cmovz %rdx, %r15 addq %rcx , %r8 adcq 8(%rsi) , %r9 adcq 16(%rsi) , %r10 adcq 24(%rsi) , %r11 adcq 32(%rsi) , %r12 - adcq 40(%rsi) , %r13 - adcq 48(%rsi) , %r14 - adcq 56(%rsi) , %r15 - movq 64(%rsi) , %rax + movq 40(%rsi) , %r14 + adcq $0 , %r14 + movq 48(%rsi) , %r15 + adcq $0 , %r15 + movq 56(%rsi) , %rax adcq $0 , %rax - movq 72(%rsi) , %rbx + movq 64(%rsi) , %rbx adcq $0 , %rbx - movq 80(%rsi) , %rcx + movq 72(%rsi) , %rcx adcq $0 , %rcx - movq 88(%rsi) , %rdx - adcq $0 , %rdx - movq 96(%rsi) , %rbp - adcq $0 , %rbp - - push %rbp - - movq 104(%rsi), %rbp - adcq $0 , %rbp - movq %rbp , 104(%rdi) - movq 112(%rsi), %rbp - adcq $0 , %rbp - movq %rbp , 112(%rdi) - movq 120(%rsi), %rbp - adcq $0 , %rbp - movq %rbp , 120(%rdi) - - pop %rbp - - rcrq $1, 120(%rdi) - rcrq $1, 112(%rdi) - rcrq $1, 104(%rdi) - rcrq $1, %rbp - rcrq $1, %rdx + rcrq $1, %rcx rcrq $1, %rbx rcrq $1, %rax rcrq $1, %r15 rcrq $1, %r14 - rcrq $1, %r13 rcrq $1, %r12 rcrq $1, %r11 rcrq $1, %r10 rcrq $1, %r9 rcrq $1, %r8 - movq %rbp, 96(%rdi) - movq %rdx, 88(%rdi) - movq %rcx, 80(%rdi) - movq %rbx, 72(%rdi) - movq %rax, 64(%rdi) - movq %r15, 56(%rdi) - movq %r14, 48(%rdi) - movq %r13, 40(%rdi) + movq %rcx, 72(%rdi) + movq %rbx, 64(%rdi) + movq %rax, 56(%rdi) + movq %r15, 48(%rdi) + movq %r14, 40(%rdi) movq %r12, 32(%rdi) movq %r11, 24(%rdi) movq %r10, 16(%rdi) @@ -782,8 +520,6 @@ fp_hlvd_low: pop %r15 pop %r14 - pop %r13 pop %r12 - pop %rbp pop %rbx ret diff --git a/src/low/x64-asm-455/relic_fp_inv_low.c b/src/low/x64-asm-5l/relic_fp_inv_low.c similarity index 100% rename from src/low/x64-asm-455/relic_fp_inv_low.c rename to src/low/x64-asm-5l/relic_fp_inv_low.c diff --git a/src/low/x64-asm-455/relic_fp_mul_low.c b/src/low/x64-asm-5l/relic_fp_mul_low.c similarity index 95% rename from src/low/x64-asm-455/relic_fp_mul_low.c rename to src/low/x64-asm-5l/relic_fp_mul_low.c index 283dd2167..badc7665e 100644 --- a/src/low/x64-asm-455/relic_fp_mul_low.c +++ b/src/low/x64-asm-5l/relic_fp_mul_low.c @@ -26,7 +26,6 @@ * * Implementation of the low-level prime field multiplication functions. * - * @version $Id: relic_fp_mul_low.c 683 2011-03-10 23:51:23Z dfaranha $ * @ingroup bn */ diff --git a/src/low/x64-asm-455/relic_fp_mul_low.s b/src/low/x64-asm-5l/relic_fp_mul_low.s similarity index 93% rename from src/low/x64-asm-455/relic_fp_mul_low.s rename to src/low/x64-asm-5l/relic_fp_mul_low.s index a934a77c4..fb4d5add1 100644 --- a/src/low/x64-asm-455/relic_fp_mul_low.s +++ b/src/low/x64-asm-5l/relic_fp_mul_low.s @@ -26,6 +26,7 @@ * * Implementation of the low-level prime field multiplication functions. * + * @version $Id: relic_fp_mul_low.c 683 2011-03-10 23:51:23Z dfaranha $ * @ingroup bn */ @@ -48,7 +49,7 @@ fp_mulm_low: push %r15 push %rbx push %rbp - subq $128, %rsp + subq $80, %rsp movq %rdx,%rcx leaq p0(%rip), %rbx @@ -57,7 +58,7 @@ fp_mulm_low: FP_RDCN_LOW %rdi, %r8, %r9, %r10, %rsp, %rbx - addq $128, %rsp + addq $80, %rsp pop %rbp pop %rbx diff --git a/src/low/x64-asm-455/relic_fp_rdc_low.c b/src/low/x64-asm-5l/relic_fp_rdc_low.c similarity index 100% rename from src/low/x64-asm-455/relic_fp_rdc_low.c rename to src/low/x64-asm-5l/relic_fp_rdc_low.c diff --git a/src/low/x64-asm-455/relic_fp_rdc_low.s b/src/low/x64-asm-5l/relic_fp_rdc_low.s similarity index 95% rename from src/low/x64-asm-455/relic_fp_rdc_low.s rename to src/low/x64-asm-5l/relic_fp_rdc_low.s index ff721bae2..04df8c0a5 100644 --- a/src/low/x64-asm-455/relic_fp_rdc_low.s +++ b/src/low/x64-asm-5l/relic_fp_rdc_low.s @@ -26,6 +26,7 @@ * * Implementation of low-level prime field modular reduction. * + * @version $Id: relic_fp_add_low.c 88 2009-09-06 21:27:19Z dfaranha $ * @ingroup fp */ diff --git a/src/low/x64-asm-455/relic_fp_shift_low.c b/src/low/x64-asm-5l/relic_fp_shift_low.c similarity index 100% rename from src/low/x64-asm-455/relic_fp_shift_low.c rename to src/low/x64-asm-5l/relic_fp_shift_low.c diff --git a/src/low/x64-asm-455/relic_fp_shift_low.s b/src/low/x64-asm-5l/relic_fp_shift_low.s similarity index 82% rename from src/low/x64-asm-455/relic_fp_shift_low.s rename to src/low/x64-asm-5l/relic_fp_shift_low.s index e72f36029..509fcae15 100644 --- a/src/low/x64-asm-455/relic_fp_shift_low.s +++ b/src/low/x64-asm-5l/relic_fp_shift_low.s @@ -43,25 +43,16 @@ fp_rsh1_low: movq 16(%rsi), %r10 movq 24(%rsi), %r11 movq 32(%rsi), %rax - movq 40(%rsi), %rcx - movq 48(%rsi), %rdx - movq 56(%rsi), %rsi shrd $1, %r9, %r8 shrd $1, %r10, %r9 shrd $1, %r11, %r10 shrd $1, %rax, %r11 - shrd $1, %rcx, %rax - shrd $1, %rdx, %rcx - shrd $1, %rsi, %rdx - shr $1, %rsi + shr $1, %rax movq %r8,0(%rdi) movq %r9,8(%rdi) movq %r10,16(%rdi) movq %r11,24(%rdi) movq %rax,32(%rdi) - movq %rcx,40(%rdi) - movq %rdx,48(%rdi) - movq %rsi,56(%rdi) ret fp_lsh1_low: @@ -70,24 +61,15 @@ fp_lsh1_low: movq 16(%rsi), %r10 movq 24(%rsi), %r11 movq 32(%rsi), %rax - movq 40(%rsi), %rcx - movq 48(%rsi), %rdx - movq 56(%rsi), %rsi - shld $1, %rdx, %rsi - shld $1, %rcx, %rdx - shld $1, %rax, %rcx shld $1, %r11, %rax shld $1, %r10, %r11 shld $1, %r9, %r10 shld $1, %r8, %r9 - shl $1, %r8 + shl $1, %r8 movq %r8,0(%rdi) movq %r9,8(%rdi) movq %r10,16(%rdi) movq %r11,24(%rdi) movq %rax,32(%rdi) - movq %rcx,40(%rdi) - movq %rdx,48(%rdi) - movq %rsi,56(%rdi) xorq %rax, %rax ret diff --git a/src/low/x64-asm-5l/relic_fp_smb_low.c b/src/low/x64-asm-5l/relic_fp_smb_low.c new file mode 100644 index 000000000..d25200282 --- /dev/null +++ b/src/low/x64-asm-5l/relic_fp_smb_low.c @@ -0,0 +1,67 @@ +/* + * RELIC is an Efficient LIbrary for Cryptography + * Copyright (c) 2021 RELIC Authors + * + * This file is part of RELIC. RELIC is legal property of its developers, + * whose names are not listed here. Please refer to the COPYRIGHT file + * for contact information. + * + * RELIC is free software; you can redistribute it and/or modify it under the + * terms of the version 2.1 (or later) of the GNU Lesser General Public License + * as published by the Free Software Foundation; or version 2.0 of the Apache + * License as published by the Apache Software Foundation. See the LICENSE files + * for more details. + * + * RELIC is distributed in the hope that it will be useful, but WITHOUT ANY + * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR + * A PARTICULAR PURPOSE. See the LICENSE files for more details. + * + * You should have received a copy of the GNU Lesser General Public or the + * Apache License along with RELIC. If not, see + * or . + */ + +/** + * @file + * + * Implementation of the low-level inversion functions. + * + * @&version $Id$ + * @ingroup fp + */ + +#include + +#include "relic_fp.h" +#include "relic_fp_low.h" +#include "relic_core.h" + +/*============================================================================*/ +/* Public definitions */ +/*============================================================================*/ + +int fp_smbm_low(const dig_t *a) { + mpz_t n, p; + rlc_align dig_t t[2 * RLC_FP_DIGS], u[RLC_FP_DIGS]; + int res; + + mpz_init(n); + mpz_init(p); + +#if FP_RDC == MONTY + dv_zero(t + RLC_FP_DIGS, RLC_FP_DIGS); + dv_copy(t, a, RLC_FP_DIGS); + fp_rdcn_low(u, t); +#else + fp_copy(u, a); +#endif + + mpz_import(n, RLC_FP_DIGS, -1, sizeof(dig_t), 0, 0, u); + mpz_import(p, RLC_FP_DIGS, -1, sizeof(dig_t), 0, 0, fp_prime_get()); + + res = mpz_jacobi(n, p); + + mpz_clear(n); + mpz_clear(p); + return res; +} diff --git a/src/low/x64-asm-638/relic_fp_sqr_low.c b/src/low/x64-asm-5l/relic_fp_sqr_low.c similarity index 100% rename from src/low/x64-asm-638/relic_fp_sqr_low.c rename to src/low/x64-asm-5l/relic_fp_sqr_low.c diff --git a/src/low/x64-asm-6l/macro.s b/src/low/x64-asm-6l/macro.s index e477e69ed..bdf23114d 100644 --- a/src/low/x64-asm-6l/macro.s +++ b/src/low/x64-asm-6l/macro.s @@ -32,7 +32,15 @@ * @ingroup fp */ -#if FP_PRIME == 381 +#if FP_PRIME == 377 +#define P0 0x8508C00000000001 +#define P1 0x170B5D4430000000 +#define P2 0x1EF3622FBA094800 +#define P3 0x1A22D9F300F5138F +#define P4 0xC63B05C06CA1493B +#define P5 0X01AE3A4617C510EA +#define U0 0x8508BFFFFFFFFFFF +#elif FP_PRIME == 381 #define P0 0xB9FEFFFFFFFFAAAB #define P1 0x1EABFFFEB153FFFF #define P2 0x6730D2A0F6B0F624 diff --git a/src/low/x64-asm-6l/relic_fp_smb_low.c b/src/low/x64-asm-6l/relic_fp_smb_low.c new file mode 100644 index 000000000..d25200282 --- /dev/null +++ b/src/low/x64-asm-6l/relic_fp_smb_low.c @@ -0,0 +1,67 @@ +/* + * RELIC is an Efficient LIbrary for Cryptography + * Copyright (c) 2021 RELIC Authors + * + * This file is part of RELIC. RELIC is legal property of its developers, + * whose names are not listed here. Please refer to the COPYRIGHT file + * for contact information. + * + * RELIC is free software; you can redistribute it and/or modify it under the + * terms of the version 2.1 (or later) of the GNU Lesser General Public License + * as published by the Free Software Foundation; or version 2.0 of the Apache + * License as published by the Apache Software Foundation. See the LICENSE files + * for more details. + * + * RELIC is distributed in the hope that it will be useful, but WITHOUT ANY + * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR + * A PARTICULAR PURPOSE. See the LICENSE files for more details. + * + * You should have received a copy of the GNU Lesser General Public or the + * Apache License along with RELIC. If not, see + * or . + */ + +/** + * @file + * + * Implementation of the low-level inversion functions. + * + * @&version $Id$ + * @ingroup fp + */ + +#include + +#include "relic_fp.h" +#include "relic_fp_low.h" +#include "relic_core.h" + +/*============================================================================*/ +/* Public definitions */ +/*============================================================================*/ + +int fp_smbm_low(const dig_t *a) { + mpz_t n, p; + rlc_align dig_t t[2 * RLC_FP_DIGS], u[RLC_FP_DIGS]; + int res; + + mpz_init(n); + mpz_init(p); + +#if FP_RDC == MONTY + dv_zero(t + RLC_FP_DIGS, RLC_FP_DIGS); + dv_copy(t, a, RLC_FP_DIGS); + fp_rdcn_low(u, t); +#else + fp_copy(u, a); +#endif + + mpz_import(n, RLC_FP_DIGS, -1, sizeof(dig_t), 0, 0, u); + mpz_import(p, RLC_FP_DIGS, -1, sizeof(dig_t), 0, 0, fp_prime_get()); + + res = mpz_jacobi(n, p); + + mpz_clear(n); + mpz_clear(p); + return res; +} diff --git a/src/low/x64-asm-544/CMakeLists.txt b/src/low/x64-asm-7l/CMakeLists.txt similarity index 100% rename from src/low/x64-asm-544/CMakeLists.txt rename to src/low/x64-asm-7l/CMakeLists.txt diff --git a/src/low/x64-asm-446/macro.s b/src/low/x64-asm-7l/macro.s similarity index 100% rename from src/low/x64-asm-446/macro.s rename to src/low/x64-asm-7l/macro.s diff --git a/src/low/x64-asm-446/relic_fp_add_low.s b/src/low/x64-asm-7l/relic_fp_add_low.s similarity index 100% rename from src/low/x64-asm-446/relic_fp_add_low.s rename to src/low/x64-asm-7l/relic_fp_add_low.s diff --git a/src/low/x64-asm-446/relic_fp_inv_low.c b/src/low/x64-asm-7l/relic_fp_inv_low.c similarity index 100% rename from src/low/x64-asm-446/relic_fp_inv_low.c rename to src/low/x64-asm-7l/relic_fp_inv_low.c diff --git a/src/low/x64-asm-446/relic_fp_inv_low.s b/src/low/x64-asm-7l/relic_fp_inv_low.s similarity index 100% rename from src/low/x64-asm-446/relic_fp_inv_low.s rename to src/low/x64-asm-7l/relic_fp_inv_low.s diff --git a/src/low/x64-asm-446/relic_fp_mul_low.c b/src/low/x64-asm-7l/relic_fp_mul_low.c similarity index 100% rename from src/low/x64-asm-446/relic_fp_mul_low.c rename to src/low/x64-asm-7l/relic_fp_mul_low.c diff --git a/src/low/x64-asm-446/relic_fp_mul_low.s b/src/low/x64-asm-7l/relic_fp_mul_low.s similarity index 100% rename from src/low/x64-asm-446/relic_fp_mul_low.s rename to src/low/x64-asm-7l/relic_fp_mul_low.s diff --git a/src/low/x64-asm-446/relic_fp_rdc_low.c b/src/low/x64-asm-7l/relic_fp_rdc_low.c similarity index 100% rename from src/low/x64-asm-446/relic_fp_rdc_low.c rename to src/low/x64-asm-7l/relic_fp_rdc_low.c diff --git a/src/low/x64-asm-446/relic_fp_rdc_low.s b/src/low/x64-asm-7l/relic_fp_rdc_low.s similarity index 100% rename from src/low/x64-asm-446/relic_fp_rdc_low.s rename to src/low/x64-asm-7l/relic_fp_rdc_low.s diff --git a/src/low/x64-asm-446/relic_fp_shift_low.c b/src/low/x64-asm-7l/relic_fp_shift_low.c similarity index 100% rename from src/low/x64-asm-446/relic_fp_shift_low.c rename to src/low/x64-asm-7l/relic_fp_shift_low.c diff --git a/src/low/x64-asm-446/relic_fp_shift_low.s b/src/low/x64-asm-7l/relic_fp_shift_low.s similarity index 100% rename from src/low/x64-asm-446/relic_fp_shift_low.s rename to src/low/x64-asm-7l/relic_fp_shift_low.s diff --git a/src/low/x64-asm-446/relic_fp_sqr_low.c b/src/low/x64-asm-7l/relic_fp_sqr_low.c similarity index 100% rename from src/low/x64-asm-446/relic_fp_sqr_low.c rename to src/low/x64-asm-7l/relic_fp_sqr_low.c diff --git a/src/low/x64-asm-638/CMakeLists.txt b/src/low/x64-asm-8.5l/CMakeLists.txt similarity index 100% rename from src/low/x64-asm-638/CMakeLists.txt rename to src/low/x64-asm-8.5l/CMakeLists.txt diff --git a/src/low/x64-asm-544/macro.s b/src/low/x64-asm-8.5l/macro.s similarity index 100% rename from src/low/x64-asm-544/macro.s rename to src/low/x64-asm-8.5l/macro.s diff --git a/src/low/x64-asm-544/relic_fp_add_low.s b/src/low/x64-asm-8.5l/relic_fp_add_low.s similarity index 100% rename from src/low/x64-asm-544/relic_fp_add_low.s rename to src/low/x64-asm-8.5l/relic_fp_add_low.s diff --git a/src/low/x64-asm-544/relic_fp_mul_low.c b/src/low/x64-asm-8.5l/relic_fp_mul_low.c similarity index 100% rename from src/low/x64-asm-544/relic_fp_mul_low.c rename to src/low/x64-asm-8.5l/relic_fp_mul_low.c diff --git a/src/low/x64-asm-544/relic_fp_mul_low.s b/src/low/x64-asm-8.5l/relic_fp_mul_low.s similarity index 100% rename from src/low/x64-asm-544/relic_fp_mul_low.s rename to src/low/x64-asm-8.5l/relic_fp_mul_low.s diff --git a/src/low/x64-asm-544/relic_fp_rdc_low.c b/src/low/x64-asm-8.5l/relic_fp_rdc_low.c similarity index 100% rename from src/low/x64-asm-544/relic_fp_rdc_low.c rename to src/low/x64-asm-8.5l/relic_fp_rdc_low.c diff --git a/src/low/x64-asm-544/relic_fp_rdc_low.s b/src/low/x64-asm-8.5l/relic_fp_rdc_low.s similarity index 100% rename from src/low/x64-asm-544/relic_fp_rdc_low.s rename to src/low/x64-asm-8.5l/relic_fp_rdc_low.s diff --git a/src/low/x64-asm-544/relic_fp_sqr_low.c b/src/low/x64-asm-8.5l/relic_fp_sqr_low.c similarity index 100% rename from src/low/x64-asm-544/relic_fp_sqr_low.c rename to src/low/x64-asm-8.5l/relic_fp_sqr_low.c diff --git a/src/low/x64-asm-544/relic_fpx_add_low.c b/src/low/x64-asm-8.5l/relic_fpx_add_low.c similarity index 100% rename from src/low/x64-asm-544/relic_fpx_add_low.c rename to src/low/x64-asm-8.5l/relic_fpx_add_low.c diff --git a/src/low/x64-asm-544/relic_fpx_mul_low.c b/src/low/x64-asm-8.5l/relic_fpx_mul_low.c similarity index 94% rename from src/low/x64-asm-544/relic_fpx_mul_low.c rename to src/low/x64-asm-8.5l/relic_fpx_mul_low.c index 934e36148..be2229e94 100644 --- a/src/low/x64-asm-544/relic_fpx_mul_low.c +++ b/src/low/x64-asm-8.5l/relic_fpx_mul_low.c @@ -38,7 +38,7 @@ /* Public definitions */ /*============================================================================*/ -void fp2_muln_low(dv2_t c, fp2_t a, fp2_t b) { +void fp2_muln_low(dv2_t c, const fp2_t a, const fp2_t b) { rlc_align dig_t t0[2 * RLC_FP_DIGS], t1[2 * RLC_FP_DIGS], t2[2 * RLC_FP_DIGS]; /* Karatsuba algorithm. */ @@ -78,7 +78,7 @@ void fp2_muln_low(dv2_t c, fp2_t a, fp2_t b) { #endif } -void fp2_mulm_low(fp2_t c, fp2_t a, fp2_t b) { +void fp2_mulm_low(fp2_t c, const fp2_t a, const fp2_t b) { rlc_align dv2_t t; dv2_null(t); @@ -94,7 +94,7 @@ void fp2_mulm_low(fp2_t c, fp2_t a, fp2_t b) { } } -void fp3_muln_low(dv3_t c, fp3_t a, fp3_t b) { +void fp3_muln_low(dv3_t c, const fp3_t a, const fp3_t b) { rlc_align dig_t t0[2 * RLC_FP_DIGS], t1[2 * RLC_FP_DIGS], t2[2 * RLC_FP_DIGS], t3[2 * RLC_FP_DIGS]; rlc_align dig_t t4[2 * RLC_FP_DIGS], t5[2 * RLC_FP_DIGS], t6[2 * RLC_FP_DIGS]; @@ -167,7 +167,7 @@ void fp3_muln_low(dv3_t c, fp3_t a, fp3_t b) { fp_addc_low(c[2], t5, t1); } -void fp3_mulm_low(fp3_t c, fp3_t a, fp3_t b) { +void fp3_mulm_low(fp3_t c, const fp3_t a, const fp3_t b) { dv3_t t; dv3_null(t); diff --git a/src/low/x64-asm-544/relic_fpx_rdc_low.c b/src/low/x64-asm-8.5l/relic_fpx_rdc_low.c similarity index 100% rename from src/low/x64-asm-544/relic_fpx_rdc_low.c rename to src/low/x64-asm-8.5l/relic_fpx_rdc_low.c diff --git a/src/low/x64-asm-544/relic_fpx_rdc_low.s b/src/low/x64-asm-8.5l/relic_fpx_rdc_low.s similarity index 100% rename from src/low/x64-asm-544/relic_fpx_rdc_low.s rename to src/low/x64-asm-8.5l/relic_fpx_rdc_low.s diff --git a/src/low/x64-asm-544/relic_fpx_sqr_low.c b/src/low/x64-asm-8.5l/relic_fpx_sqr_low.c similarity index 95% rename from src/low/x64-asm-544/relic_fpx_sqr_low.c rename to src/low/x64-asm-8.5l/relic_fpx_sqr_low.c index 9410fbf3c..910af8222 100644 --- a/src/low/x64-asm-544/relic_fpx_sqr_low.c +++ b/src/low/x64-asm-8.5l/relic_fpx_sqr_low.c @@ -37,7 +37,7 @@ /* Public definitions */ /*============================================================================*/ -void fp2_sqrn_low(dv2_t c, fp2_t a) { +void fp2_sqrn_low(dv2_t c, const fp2_t a) { rlc_align dig_t t0[2 * RLC_FP_DIGS], t1[2 * RLC_FP_DIGS], t2[2 * RLC_FP_DIGS]; /* t0 = (a0 + a1). */ @@ -73,7 +73,7 @@ void fp2_sqrn_low(dv2_t c, fp2_t a) { /* c = c0 + c1 * u. */ } -void fp2_sqrm_low(fp2_t c, fp2_t a) { +void fp2_sqrm_low(fp2_t c, const fp2_t a) { rlc_align dv2_t t; dv2_null(t); @@ -89,7 +89,7 @@ void fp2_sqrm_low(fp2_t c, fp2_t a) { } } -void fp3_sqrn_low(dv3_t c, fp3_t a) { +void fp3_sqrn_low(dv3_t c, const fp3_t a) { rlc_align dig_t t0[2 * RLC_FP_DIGS], t1[2 * RLC_FP_DIGS], t2[2 * RLC_FP_DIGS]; rlc_align dig_t t3[2 * RLC_FP_DIGS], t4[2 * RLC_FP_DIGS]; @@ -155,7 +155,7 @@ void fp3_sqrn_low(dv3_t c, fp3_t a) { } } -void fp3_sqrm_low(fp3_t c, fp3_t a) { +void fp3_sqrm_low(fp3_t c, const fp3_t a) { rlc_align dv3_t t; dv3_null(t); diff --git a/src/low/x64-asm-8l/macro.s b/src/low/x64-asm-8l/macro.s index af7492df8..f17329514 100644 --- a/src/low/x64-asm-8l/macro.s +++ b/src/low/x64-asm-8l/macro.s @@ -32,7 +32,17 @@ * @ingroup fp */ -#if FP_PRIME == 511 +#if FP_PRIME == 455 +#define P0 0xAAA00001800002AB +#define P1 0xA6C589556B2AA956 +#define P2 0xB3DB9994ACE86D1B +#define P3 0x4BD93954FCB314B8 +#define P4 0x3F665E3A5B1D5623 +#define P5 0xA00E0F95B4920300 +#define P6 0x555955557955572A +#define P7 0x0000000000000055 +#define U0 0x4B3EF8137F4017FD +#elif FP_PRIME == 511 #define P0 0x84DD401C8E4AB001 #define P1 0x98707BD8B8D7F1F5 #define P2 0x9BF81D9D036E1774 diff --git a/src/low/x64-asm-8l/relic_fp_smb_low.c b/src/low/x64-asm-8l/relic_fp_smb_low.c new file mode 100644 index 000000000..d25200282 --- /dev/null +++ b/src/low/x64-asm-8l/relic_fp_smb_low.c @@ -0,0 +1,67 @@ +/* + * RELIC is an Efficient LIbrary for Cryptography + * Copyright (c) 2021 RELIC Authors + * + * This file is part of RELIC. RELIC is legal property of its developers, + * whose names are not listed here. Please refer to the COPYRIGHT file + * for contact information. + * + * RELIC is free software; you can redistribute it and/or modify it under the + * terms of the version 2.1 (or later) of the GNU Lesser General Public License + * as published by the Free Software Foundation; or version 2.0 of the Apache + * License as published by the Apache Software Foundation. See the LICENSE files + * for more details. + * + * RELIC is distributed in the hope that it will be useful, but WITHOUT ANY + * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR + * A PARTICULAR PURPOSE. See the LICENSE files for more details. + * + * You should have received a copy of the GNU Lesser General Public or the + * Apache License along with RELIC. If not, see + * or . + */ + +/** + * @file + * + * Implementation of the low-level inversion functions. + * + * @&version $Id$ + * @ingroup fp + */ + +#include + +#include "relic_fp.h" +#include "relic_fp_low.h" +#include "relic_core.h" + +/*============================================================================*/ +/* Public definitions */ +/*============================================================================*/ + +int fp_smbm_low(const dig_t *a) { + mpz_t n, p; + rlc_align dig_t t[2 * RLC_FP_DIGS], u[RLC_FP_DIGS]; + int res; + + mpz_init(n); + mpz_init(p); + +#if FP_RDC == MONTY + dv_zero(t + RLC_FP_DIGS, RLC_FP_DIGS); + dv_copy(t, a, RLC_FP_DIGS); + fp_rdcn_low(u, t); +#else + fp_copy(u, a); +#endif + + mpz_import(n, RLC_FP_DIGS, -1, sizeof(dig_t), 0, 0, u); + mpz_import(p, RLC_FP_DIGS, -1, sizeof(dig_t), 0, 0, fp_prime_get()); + + res = mpz_jacobi(n, p); + + mpz_clear(n); + mpz_clear(p); + return res; +} diff --git a/src/low/x64-asm-9l/relic_fp_smb_low.c b/src/low/x64-asm-9l/relic_fp_smb_low.c new file mode 100644 index 000000000..d25200282 --- /dev/null +++ b/src/low/x64-asm-9l/relic_fp_smb_low.c @@ -0,0 +1,67 @@ +/* + * RELIC is an Efficient LIbrary for Cryptography + * Copyright (c) 2021 RELIC Authors + * + * This file is part of RELIC. RELIC is legal property of its developers, + * whose names are not listed here. Please refer to the COPYRIGHT file + * for contact information. + * + * RELIC is free software; you can redistribute it and/or modify it under the + * terms of the version 2.1 (or later) of the GNU Lesser General Public License + * as published by the Free Software Foundation; or version 2.0 of the Apache + * License as published by the Apache Software Foundation. See the LICENSE files + * for more details. + * + * RELIC is distributed in the hope that it will be useful, but WITHOUT ANY + * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR + * A PARTICULAR PURPOSE. See the LICENSE files for more details. + * + * You should have received a copy of the GNU Lesser General Public or the + * Apache License along with RELIC. If not, see + * or . + */ + +/** + * @file + * + * Implementation of the low-level inversion functions. + * + * @&version $Id$ + * @ingroup fp + */ + +#include + +#include "relic_fp.h" +#include "relic_fp_low.h" +#include "relic_core.h" + +/*============================================================================*/ +/* Public definitions */ +/*============================================================================*/ + +int fp_smbm_low(const dig_t *a) { + mpz_t n, p; + rlc_align dig_t t[2 * RLC_FP_DIGS], u[RLC_FP_DIGS]; + int res; + + mpz_init(n); + mpz_init(p); + +#if FP_RDC == MONTY + dv_zero(t + RLC_FP_DIGS, RLC_FP_DIGS); + dv_copy(t, a, RLC_FP_DIGS); + fp_rdcn_low(u, t); +#else + fp_copy(u, a); +#endif + + mpz_import(n, RLC_FP_DIGS, -1, sizeof(dig_t), 0, 0, u); + mpz_import(p, RLC_FP_DIGS, -1, sizeof(dig_t), 0, 0, fp_prime_get()); + + res = mpz_jacobi(n, p); + + mpz_clear(n); + mpz_clear(p); + return res; +} diff --git a/src/mpc/relic_mt_mpc.c b/src/mpc/relic_mpc_mt.c similarity index 91% rename from src/mpc/relic_mt_mpc.c rename to src/mpc/relic_mpc_mt.c index 5875f9b48..f7304f06b 100644 --- a/src/mpc/relic_mt_mpc.c +++ b/src/mpc/relic_mpc_mt.c @@ -38,7 +38,7 @@ /* Public definitions */ /*============================================================================*/ -void mt_gen(mt_t tri[2], bn_t order) { +void mpc_mt_gen(mt_t tri[2], const bn_t order) { for (int i = 0; i < 2; i++) { bn_rand_mod(tri[i]->a, order); bn_rand_mod(tri[i]->b, order); @@ -58,7 +58,8 @@ void mt_gen(mt_t tri[2], bn_t order) { } } -void mt_mul_lcl(bn_t d, bn_t e, bn_t x, bn_t y, bn_t n, mt_t tri) { +void mpc_mt_lcl(bn_t d, bn_t e, const bn_t x, const bn_t y, const bn_t n, + const mt_t tri) { bn_t t; bn_null(t); @@ -88,7 +89,7 @@ void mt_mul_lcl(bn_t d, bn_t e, bn_t x, bn_t y, bn_t n, mt_t tri) { } } -void mt_mul_bct(bn_t d[2], bn_t e[2], bn_t n) { +void mpc_mt_bct(bn_t d[2], bn_t e[2], bn_t n) { /* Open values d and e. */ bn_add(d[0], d[0], d[1]); bn_mod(d[0], d[0], n); @@ -98,7 +99,8 @@ void mt_mul_bct(bn_t d[2], bn_t e[2], bn_t n) { bn_copy(e[1], e[0]); } -void mt_mul_mpc(bn_t r, bn_t d, bn_t e, bn_t n, mt_t tri, int party) { +void mpc_mt_mul(bn_t r, const bn_t d, const bn_t e, const bn_t n, + const mt_t tri, int party) { bn_t t; bn_null(t); diff --git a/src/mpc/relic_pc_mpc.c b/src/mpc/relic_mpc_pc.c similarity index 90% rename from src/mpc/relic_pc_mpc.c rename to src/mpc/relic_mpc_pc.c index 75ba3a595..db4d5dd47 100644 --- a/src/mpc/relic_pc_mpc.c +++ b/src/mpc/relic_mpc_pc.c @@ -37,7 +37,7 @@ /* Public definitions */ /*============================================================================*/ -void g1_mul_lcl(bn_t d, g1_t q, bn_t x, g1_t p, mt_t tri) { +void g1_mul_lcl(bn_t d, g1_t q, const bn_t x, const g1_t p, const mt_t tri) { bn_t n; bn_null(n); @@ -89,7 +89,7 @@ void g1_mul_bct(bn_t d[2], g1_t q[2]) { } } -void g1_mul_mpc(g1_t r, bn_t d, g1_t q, mt_t tri, int party) { +void g1_mul_mpc(g1_t r, const bn_t d, const g1_t q, const mt_t tri, int party) { g1_t t; g1_null(t); @@ -116,7 +116,7 @@ void g1_mul_mpc(g1_t r, bn_t d, g1_t q, mt_t tri, int party) { } } -void g2_mul_lcl(bn_t d, g2_t q, bn_t x, g2_t p, mt_t tri) { +void g2_mul_lcl(bn_t d, g2_t q, const bn_t x, const g2_t p, const mt_t tri) { bn_t n; bn_null(n); @@ -168,7 +168,7 @@ void g2_mul_bct(bn_t d[2], g2_t q[2]) { } } -void g2_mul_mpc(g2_t r, bn_t d, g2_t q, mt_t tri, int party) { +void g2_mul_mpc(g2_t r, const bn_t d, const g2_t q, const mt_t tri, int party) { g2_t t; g2_null(t); @@ -195,7 +195,7 @@ void g2_mul_mpc(g2_t r, bn_t d, g2_t q, mt_t tri, int party) { } } -void gt_exp_lcl(bn_t d, gt_t q, bn_t x, gt_t p, mt_t tri) { +void gt_exp_lcl(bn_t d, gt_t q, const bn_t x, const gt_t p, const mt_t tri) { bn_t n; bn_null(n); @@ -247,7 +247,7 @@ void gt_exp_bct(bn_t d[2], gt_t q[2]) { } } -void gt_exp_mpc(gt_t r, bn_t d, gt_t q, mt_t tri, int party) { +void gt_exp_mpc(gt_t r, const bn_t d, const gt_t q, const mt_t tri, int party) { gt_t t; gt_null(t); @@ -286,7 +286,7 @@ void pc_map_tri(pt_t t[2]) { mt_new(tri[1]); g1_get_ord(n); - mt_gen(tri, n); + mpc_mt_gen(tri, n); for (int i = 0; i < 2; i++) { g1_mul_gen(t[i]->a, tri[i]->a); @@ -302,7 +302,7 @@ void pc_map_tri(pt_t t[2]) { } } -void pc_map_lcl(g1_t d, g2_t e, g1_t p, g2_t q, pt_t t) { +void pc_map_lcl(g1_t d, g2_t e, const g1_t p, const g2_t q, const pt_t t) { /* Compute public values for transmission. */ g1_sub(d, p, t->a); g1_norm(d, d); @@ -320,7 +320,8 @@ void pc_map_bct(g1_t d[2], g2_t e[2]) { g2_copy(e[1], e[0]); } -void pc_map_mpc(gt_t r, g1_t d1, g2_t d2, pt_t triple, int party) { +void pc_map_mpc(gt_t r, const g1_t d1, const g2_t d2, const pt_t triple, + int party) { gt_t t; g1_t _p[2]; g2_t _q[2]; diff --git a/src/mpc/relic_mpc_sss.c b/src/mpc/relic_mpc_sss.c new file mode 100644 index 000000000..290ff12a8 --- /dev/null +++ b/src/mpc/relic_mpc_sss.c @@ -0,0 +1,148 @@ +/* + * RELIC is an Efficient LIbrary for Cryptography + * Copyright (c) 2020 RELIC Authors + * + * This file is part of RELIC. RELIC is legal property of its developers, + * whose names are not listed here. Please refer to the COPYRIGHT file + * for contact information. + * + * RELIC is free software; you can redistribute it and/or modify it under the + * terms of the version 2.1 (or later) of the GNU Lesser General Public License + * as published by the Free Software Foundation; or version 2.0 of the Apache + * License as published by the Apache Software Foundation. See the LICENSE files + * for more details. + * + * RELIC is distributed in the hope that it will be useful, but WITHOUT ANY + * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR + * A PARTICULAR PURPOSE. See the LICENSE files for more details. + * + * You should have received a copy of the GNU Lesser General Public or the + * Apache License along with RELIC. If not, see + * or . + */ + +/** + * @file + * + * Implementation of Shamir Secret Sharing. + * + * @ingroup mpc + */ + +#include "relic_core.h" +#include "relic_bn.h" +#include "relic_mpc.h" +#include "relic_util.h" + +/*============================================================================*/ +/* Public definitions */ +/*============================================================================*/ +int mpc_sss_gen(bn_t *x, bn_t *y, const bn_t secret, const bn_t order, + size_t k, size_t n) { + bn_t t, *a = RLC_ALLOCA(bn_t, k); + + if (k < 2 || n < k) { + return RLC_ERR; + } + + bn_null(t); + + RLC_TRY { + if (a == NULL) { + RLC_THROW(ERR_NO_MEMORY); + } + + bn_new(t); + bn_null(a[0]); + bn_new(a[0]); + bn_copy(a[0], secret); + for (int i = 1; i < k; i++) { + bn_null(a[i]); + bn_new(a[i]); + bn_rand_mod(a[i], order); + } + for (int i = 0; i < n; i++) { + bn_set_dig(x[i], i + 1); + bn_evl(y[i], a, x[i], order, k); + } + } RLC_CATCH_ANY { + RLC_THROW(ERR_CAUGHT); + } RLC_FINALLY { + bn_free(t); + for (int i = 0; i < k; i++) { + bn_free(a[i]); + } + RLC_FREE(a); + } + + return RLC_OK; +} + +int mpc_sss_key(bn_t key, const bn_t *x, const bn_t *y, const bn_t order, + size_t k) { + bn_t t; + bn_t *a = RLC_ALLOCA(bn_t, k); + bn_t *b = RLC_ALLOCA(bn_t, k); + + if (k < 2) { + RLC_FREE(a); + RLC_FREE(b); + return RLC_ERR; + } + + bn_null(t); + + RLC_TRY { + if (a == NULL || b == NULL) { + RLC_THROW(ERR_NO_MEMORY); + } + + bn_new(t); + for (int i = 0; i < k; i++) { + bn_null(a[i]); + bn_null(b[i]); + bn_new(a[i]); + bn_new(b[i]); + } + + for (int i = 0; i < k; i++) { + bn_set_dig(a[i], 1); + bn_set_dig(b[i], 1); + for (int m = 0; m < k; m++) { + if (m != i) { + bn_sub(t, x[m], x[i]); + bn_mod(t, t, order); + bn_mul(a[i], a[i], x[m]); + bn_mul(b[i], b[i], t); + bn_mod(a[i], a[i], order); + bn_mod(b[i], b[i], order); + } + } + } + bn_mod_inv_sim(b, b, order, k); + bn_mul(a[0], a[0], b[0]); + bn_mod(a[0], a[0], order); + bn_mul(a[0], a[0], y[0]); + bn_mod(key, a[0], order); + for (int i = 1; i < k; i++) { + bn_mul(a[i], a[i], b[i]); + bn_mod(a[i], a[i], order); + bn_mul(a[i], a[i], y[i]); + bn_mod(a[i], a[i], order); + bn_add(key, key, a[i]); + bn_mod(key, key, order); + } + } RLC_CATCH_ANY { + RLC_THROW(ERR_CAUGHT); + } RLC_FINALLY { + bn_free(t); + for (int i = 0; i < k; i++) { + bn_free(a[i]); + bn_free(b[i]); + } + RLC_FREE(a); + RLC_FREE(b); + } + + return RLC_OK; +} diff --git a/src/pc/relic_pc_exp.c b/src/pc/relic_pc_exp.c index 38e994455..a7c6d8ce7 100644 --- a/src/pc/relic_pc_exp.c +++ b/src/pc/relic_pc_exp.c @@ -35,7 +35,7 @@ /* Public definitions */ /*============================================================================*/ -void g1_mul(g1_t c, g1_t a, bn_t b) { +void g1_mul(g1_t c, const g1_t a, const bn_t b) { bn_t n, _b; bn_null(n); @@ -65,7 +65,7 @@ void g1_mul(g1_t c, g1_t a, bn_t b) { } } -void g1_mul_gen(g1_t c, bn_t b) { +void g1_mul_gen(g1_t c, const bn_t b) { bn_t n, _b; bn_null(n); @@ -87,7 +87,7 @@ void g1_mul_gen(g1_t c, bn_t b) { } } -void g2_mul(g2_t c, g2_t a, bn_t b) { +void g2_mul(g2_t c, const g2_t a, const bn_t b) { bn_t n, _b; bn_null(n); @@ -117,7 +117,7 @@ void g2_mul(g2_t c, g2_t a, bn_t b) { } } -void g2_mul_gen(g2_t c, bn_t b) { +void g2_mul_gen(g2_t c, const bn_t b) { bn_t n, _b; bn_null(n); @@ -139,7 +139,7 @@ void g2_mul_gen(g2_t c, bn_t b) { } } -void gt_exp(gt_t c, gt_t a, bn_t b) { +void gt_exp(gt_t c, const gt_t a, const bn_t b) { bn_t n, _b; bn_null(n); @@ -169,7 +169,7 @@ void gt_exp(gt_t c, gt_t a, bn_t b) { } } -void gt_exp_dig(gt_t c, gt_t a, dig_t b) { +void gt_exp_dig(gt_t c, const gt_t a, dig_t b) { gt_t t; if (b == 0) { @@ -200,7 +200,7 @@ void gt_exp_dig(gt_t c, gt_t a, dig_t b) { } } -void gt_exp_sim(gt_t e, gt_t a, bn_t b, gt_t c, bn_t d) { +void gt_exp_sim(gt_t e, const gt_t a, const bn_t b, const gt_t c, const bn_t d) { bn_t n, _b, _d; bn_null(n); @@ -226,7 +226,7 @@ void gt_exp_sim(gt_t e, gt_t a, bn_t b, gt_t c, bn_t d) { } } -void gt_exp_gen(gt_t c, bn_t b) { +void gt_exp_gen(gt_t c, const bn_t b) { bn_t n, _b; gt_t g; diff --git a/src/pc/relic_pc_util.c b/src/pc/relic_pc_util.c index bfd4905e0..daadb5343 100644 --- a/src/pc/relic_pc_util.c +++ b/src/pc/relic_pc_util.c @@ -50,7 +50,7 @@ void gt_rand(gt_t a) { gt_rand_imp(a); #if FP_PRIME < 1536 -#if FP_PRIME == 509 +#if FP_PRIME == 315 || FP_PRIME == 317 || FP_PRIME == 509 pp_exp_k24(a, a); #else pp_exp_k12(a, a); @@ -64,9 +64,9 @@ void gt_get_gen(gt_t g) { gt_copy(g, core_get()->gt_g); } -int g1_is_valid(g1_t a) { +int g1_is_valid(const g1_t a) { bn_t n; - g1_t t, u, v; + g1_t u, v; int r = 0; if (g1_is_infty(a)) { @@ -74,13 +74,11 @@ int g1_is_valid(g1_t a) { } bn_null(n); - g1_null(t); g1_null(u); g1_null(v); RLC_TRY { bn_new(n); - g1_new(t); g1_new(u); g1_new(v); @@ -90,24 +88,26 @@ int g1_is_valid(g1_t a) { r = g1_on_curve(a); } else { switch (ep_curve_is_pairf()) { - /* Formulas from "Faster Subgroup Checks for BLS12-381" by Bowe. - * https://eprint.iacr.org/2019/814.pdf, together with tweaks - * by Mike Scott. */ + /* Formulas from "Co-factor clearing and subgroup membership + * testing on pairing-friendly curves" by El Housni, Guillevic, + * Piellard. https://eprint.iacr.org/2022/352.pdf */ case EP_B12: - /* Check [(z^2−1)](\psi(P)+P) == -P.*/ + case EP_B24: + /* Check [\psi(P) == [z^2 - 1]P. */ fp_prime_get_par(n); bn_sqr(n, n); + if (ep_curve_is_pairf() == EP_B24) { + bn_sqr(n, n); + } bn_sub_dig(n, n, 1); - ep_psi(t, a); - ep_add(t, t, a); - ep_copy(u, t); + ep_copy(u, a); for (int i = bn_bits(n) - 2; i >= 0; i--) { g1_dbl(u, u); if (bn_get_bit(n, i)) { - g1_add(u, u, t); + g1_add(u, u, a); } } - g1_neg(v, a); + ep_psi(v, a); r = g1_on_curve(a) && (g1_cmp(v, u) == RLC_EQ); break; default: @@ -126,7 +126,6 @@ int g1_is_valid(g1_t a) { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { bn_free(n); - g1_free(t); g1_free(u); g1_free(v); } @@ -134,7 +133,7 @@ int g1_is_valid(g1_t a) { return r; } -int g2_is_valid(g2_t a) { +int g2_is_valid(const g2_t a) { #if FP_PRIME >= 1536 if (pc_map_is_type1()) { return g1_is_valid(a); @@ -172,7 +171,13 @@ int g2_is_valid(g2_t a) { /* Compute trace t = p - n + 1. */ bn_sub(n, p, n); bn_add_dig(n, n, 1); - g2_mul(u, a, n); + g2_copy(u, a); + for (int i = bn_bits(n) - 2; i >= 0; i--) { + g2_dbl(u, u); + if (bn_get_bit(n, i)) { + g2_add(u, u, a); + } + } if (bn_sign(n) == RLC_NEG) { g2_neg(u, u); } @@ -183,9 +188,11 @@ int g2_is_valid(g2_t a) { r = g2_on_curve(a) && (g2_cmp(u, v) == RLC_EQ); } else { switch (ep_curve_is_pairf()) { - /* Formulas from "Faster Subgroup Checks for BLS12-381" by Bowe. - * https://eprint.iacr.org/2019/814.pdf */ + /* Formulas from "Co-factor clearing and subgroup membership + * testing on pairing-friendly curves" by El Housni, Guillevic, + * Piellard. https://eprint.iacr.org/2022/352.pdf */ case EP_B12: + case EP_B24: #if FP_PRIME == 383 /* Since p mod n = r, we can check instead that * psi^4(P) + P == \psi^2(P). */ @@ -193,7 +200,7 @@ int g2_is_valid(g2_t a) { ep2_add(u, u, a); ep2_frb(v, a, 2); #else - /* Check [z]psi^3(P) + P == \psi^2(P). */ + /* Check \psi(P) == [z]P. */ fp_prime_get_par(n); g2_copy(u, a); for (int i = bn_bits(n) - 2; i >= 0; i--) { @@ -205,9 +212,7 @@ int g2_is_valid(g2_t a) { if (bn_sign(n) == RLC_NEG) { g2_neg(u, u); } - g2_frb(u, u, 3); - g2_frb(v, a, 2); - g2_add(u, u, a); + g2_frb(v, a, 1); #endif r = g2_on_curve(a) && (g2_cmp(u, v) == RLC_EQ); break; @@ -236,9 +241,7 @@ int g2_is_valid(g2_t a) { #endif } -#define GLS_MEMBER - -int gt_is_valid(gt_t a) { +int gt_is_valid(const gt_t a) { bn_t p, n; gt_t u, v; int l, r = 0; @@ -292,68 +295,28 @@ int gt_is_valid(gt_t a) { fp_prime_get_par(n); b = fp_prime_get_par_sps(&l); switch (ep_curve_is_pairf()) { - /* Formulas from "Faster Subgroup Checks for BLS12-381" by Bowe. - * https://eprint.iacr.org/2019/814.pdf */ + /* Formulas from "Families of SNARK-friendly 2-chains of + * elliptic curves" by Housni and Guillevic. + * https://eprint.iacr.org/2021/1359.pdf */ case EP_B12: #if FP_PRIME == 383 /* GT-strong, so test for cyclotomic only. */ r = 1; #else -#ifdef GLS_MEMBER - /* The 4-GLS recoding of the exponent gives this. */ - fp12_exp_cyc_sps((void *)u, (void *)a, b, l, RLC_POS); - gt_inv(u, u); - gt_mul(u, u, a); - gt_inv(u, u); - gt_frb(u, u, 2); - gt_frb(v, u, 1); - gt_inv(v, v); - gt_mul(u, u, v); - gt_inv(u, u); - r = (gt_cmp(u, a) == RLC_EQ); -#else + /* Check that a^u = a^p. */ gt_frb(u, a, 1); fp12_exp_cyc_sps((void *)v, (void *)a, b, l, bn_sign(n)); r = (gt_cmp(u, v) == RLC_EQ); - fp12_exp_cyc_sps((void *)u, (void *)v, b, l, bn_sign(n)); - gt_mul(u, u, a); - gt_sqr(v, v); - r &= (gt_cmp(u, v) != RLC_EQ); -#endif #endif r &= fp12_test_cyc((void *)a); break; -#if FP_PRIME == 509 case EP_B24: -#ifdef GLS_MEMBER - /* The 8-GLS recoding of the exponent gives this. */ - fp24_exp_cyc_sps((void *)u, (void *)a, b, l, bn_sign(n)); - gt_mul(u, u, a); - gt_inv(u, u); - gt_frb(u, u, 4); - gt_frb(v, u, 1); - gt_inv(v, v); - gt_mul(u, u, v); - gt_frb(v, v, 1); - gt_inv(v, v); - gt_mul(u, u, v); - gt_frb(v, v, 1); - gt_inv(v, v); - gt_mul(u, u, v); - gt_inv(u, u); - r = (gt_cmp(u, a) == RLC_EQ); -#else + /* Check that a^u = a^p. */ gt_frb(u, a, 1); fp24_exp_cyc_sps((void *)v, (void *)a, b, l, bn_sign(n)); r = (gt_cmp(u, v) == RLC_EQ); - fp24_exp_cyc_sps((void *)u, (void *)v, b, l, bn_sign(n)); - gt_mul(u, u, a); - gt_sqr(v, v); - r &= (gt_cmp(u, v) != RLC_EQ); -#endif - r = fp24_test_cyc((void *)a); + r &= fp24_test_cyc((void *)a); break; -#endif default: /* Common case. */ bn_sub_dig(n, n, 1); diff --git a/src/pp/relic_pp_add_k12.c b/src/pp/relic_pp_add_k12.c index 295e123a9..dcf828a85 100644 --- a/src/pp/relic_pp_add_k12.c +++ b/src/pp/relic_pp_add_k12.c @@ -41,7 +41,7 @@ #if EP_ADD == BASIC || !defined(STRIP) -void pp_add_k12_basic(fp12_t l, ep2_t r, ep2_t q, ep_t p) { +void pp_add_k12_basic(fp12_t l, ep2_t r, const ep2_t q, const ep_t p) { int one = 1, zero = 0; fp2_t s; ep2_t t; @@ -82,7 +82,7 @@ void pp_add_k12_basic(fp12_t l, ep2_t r, ep2_t q, ep_t p) { #if PP_EXT == BASIC || !defined(STRIP) -void pp_add_k12_projc_basic(fp12_t l, ep2_t r, ep2_t q, ep_t p) { +void pp_add_k12_projc_basic(fp12_t l, ep2_t r, const ep2_t q, const ep_t p) { fp2_t t0, t1, t2, t3, t4; int one = 1, zero = 0; @@ -170,7 +170,7 @@ void pp_add_k12_projc_basic(fp12_t l, ep2_t r, ep2_t q, ep_t p) { #if PP_EXT == LAZYR || !defined(STRIP) -void pp_add_k12_projc_lazyr(fp12_t l, ep2_t r, ep2_t q, ep_t p) { +void pp_add_k12_projc_lazyr(fp12_t l, ep2_t r, const ep2_t q, const ep_t p) { fp2_t t0, t1, t2, t3; dv2_t u0, u1; int one = 1, zero = 0; @@ -205,13 +205,10 @@ void pp_add_k12_projc_lazyr(fp12_t l, ep2_t r, ep2_t q, ep_t p) { fp2_sub(t3, t3, r->x); fp2_sub(t3, t3, r->x); fp2_sub(r->x, r->x, t3); -#ifdef RLC_FP_ROOM - fp2_mulc_low(u0, t1, r->x); - fp2_mulc_low(u1, t2, r->y); -#else + fp2_muln_low(u0, t1, r->x); fp2_muln_low(u1, t2, r->y); -#endif + fp2_subc_low(u1, u0, u1); fp2_rdcn_low(r->y, u1); fp2_mul(r->x, t0, t3); @@ -226,13 +223,9 @@ void pp_add_k12_projc_lazyr(fp12_t l, ep2_t r, ep2_t q, ep_t p) { fp_mul(l[one][zero][0], t1[0], t3[0]); fp_mul(l[one][zero][1], t1[1], t3[0]); -#ifdef RLC_FP_ROOM - fp2_mulc_low(u0, q->x, t1); - fp2_mulc_low(u1, q->y, t0); -#else fp2_muln_low(u0, q->x, t1); fp2_muln_low(u1, q->y, t0); -#endif + fp2_subc_low(u0, u0, u1); fp2_rdcn_low(l[one][one], u0); @@ -258,7 +251,7 @@ void pp_add_k12_projc_lazyr(fp12_t l, ep2_t r, ep2_t q, ep_t p) { #endif -void pp_add_lit_k12(fp12_t l, ep_t r, ep_t p, ep2_t q) { +void pp_add_lit_k12(fp12_t l, ep_t r, const ep_t p, const ep2_t q) { fp_t t0, t1, t2, t3; int one = 1, zero = 0; diff --git a/src/pp/relic_pp_add_k2.c b/src/pp/relic_pp_add_k2.c index 9bbb085bb..3f374e930 100644 --- a/src/pp/relic_pp_add_k2.c +++ b/src/pp/relic_pp_add_k2.c @@ -41,7 +41,7 @@ #if EP_ADD == BASIC || !defined(STRIP) -void pp_add_k2_basic(fp2_t l, ep_t r, ep_t p, ep_t q) { +void pp_add_k2_basic(fp2_t l, ep_t r, const ep_t p, const ep_t q) { fp_t s; ep_t t; @@ -72,7 +72,7 @@ void pp_add_k2_basic(fp2_t l, ep_t r, ep_t p, ep_t q) { #if PP_EXT == BASIC || !defined(STRIP) -void pp_add_k2_projc_basic(fp2_t l, ep_t r, ep_t p, ep_t q) { +void pp_add_k2_projc_basic(fp2_t l, ep_t r, const ep_t p, const ep_t q) { fp_t t0, t1, t2, t3, t4, t5; fp_null(t0); @@ -154,7 +154,7 @@ void pp_add_k2_projc_basic(fp2_t l, ep_t r, ep_t p, ep_t q) { #if PP_EXT == LAZYR || !defined(STRIP) -void pp_add_k2_projc_lazyr(fp2_t l, ep_t r, ep_t p, ep_t q) { +void pp_add_k2_projc_lazyr(fp2_t l, ep_t r, const ep_t p, const ep_t q) { fp_t t0, t1, t2, t3, t4, t5; dv_t u0, u1; diff --git a/src/pp/relic_pp_add_k24.c b/src/pp/relic_pp_add_k24.c index f64d499fe..376a995c7 100644 --- a/src/pp/relic_pp_add_k24.c +++ b/src/pp/relic_pp_add_k24.c @@ -39,9 +39,10 @@ #if EP_ADD == BASIC || !defined(STRIP) -void pp_add_k24_basic(fp24_t l, ep4_t r, ep4_t q, ep_t p) { +void pp_add_k24_basic(fp24_t l, ep4_t r, const ep4_t q, const ep_t p) { fp4_t s; ep4_t t; + int two = 1, one = 1; fp4_null(s); ep4_null(t); @@ -53,14 +54,22 @@ void pp_add_k24_basic(fp24_t l, ep4_t r, ep4_t q, ep_t p) { ep4_copy(t, r); ep4_add_slp_basic(r, s, r, q); - fp_mul(l[1][1][0][0], s[0][0], p->x); - fp_mul(l[1][1][0][1], s[0][1], p->x); - fp_mul(l[1][1][1][0], s[1][0], p->x); - fp_mul(l[1][1][1][1], s[1][1], p->x); + if (ep4_curve_is_twist() == RLC_EP_MTYPE) { + two += 1; + one ^= 1; + } + + fp_mul(l[two][one][0][0], s[0][0], p->x); + fp_mul(l[two][one][0][1], s[0][1], p->x); + fp_mul(l[two][one][1][0], s[1][0], p->x); + fp_mul(l[two][one][1][1], s[1][1], p->x); fp4_mul(l[0][0], s, t->x); fp4_sub(l[0][0], t->y, l[0][0]); - fp4_mul_art(l[0][0], l[0][0]); + + if (ep4_curve_is_twist() != RLC_EP_MTYPE) { + fp4_mul_art(l[0][0], l[0][0]); + } fp_neg(l[0][1][0][0], p->y); } @@ -77,8 +86,9 @@ void pp_add_k24_basic(fp24_t l, ep4_t r, ep4_t q, ep_t p) { #if EP_ADD == PROJC || !defined(STRIP) -void pp_add_k24_projc(fp24_t l, ep4_t r, ep4_t q, ep_t p) { +void pp_add_k24_projc(fp24_t l, ep4_t r, const ep4_t q, const ep_t p) { fp4_t t0, t1, t2, t3, t4; + int two = 1, one = 1; fp4_null(t0); fp4_null(t1); @@ -86,6 +96,11 @@ void pp_add_k24_projc(fp24_t l, ep4_t r, ep4_t q, ep_t p) { fp4_null(t3); fp4_null(t4); + if (ep4_curve_is_twist() == RLC_EP_MTYPE) { + two += 1; + one ^= 1; + } + RLC_TRY { fp4_new(t0); fp4_new(t1); @@ -114,10 +129,10 @@ void pp_add_k24_projc(fp24_t l, ep4_t r, ep4_t q, ep_t p) { /* l10 = - (A * xp). */ fp_neg(t4[0][0], p->x); - fp_mul(l[1][1][0][0], t1[0][0], t4[0][0]); - fp_mul(l[1][1][0][1], t1[0][1], t4[0][0]); - fp_mul(l[1][1][1][0], t1[1][0], t4[0][0]); - fp_mul(l[1][1][1][1], t1[1][1], t4[0][0]); + fp_mul(l[two][one][0][0], t1[0][0], t4[0][0]); + fp_mul(l[two][one][0][1], t1[0][1], t4[0][0]); + fp_mul(l[two][one][1][0], t1[1][0], t4[0][0]); + fp_mul(l[two][one][1][1], t1[1][1], t4[0][0]); /* t4 = B * x2. */ fp4_mul(t4, q->x, t1); @@ -138,7 +153,10 @@ void pp_add_k24_projc(fp24_t l, ep4_t r, ep4_t q, ep_t p) { /* l11 = J = B * x2 - A * y2. */ fp4_mul(t2, q->y, t0); fp4_sub(l[0][0], t4, t2); - fp4_mul_art(l[0][0], l[0][0]); + + if (ep4_curve_is_twist() != RLC_EP_MTYPE) { + fp4_mul_art(l[0][0], l[0][0]); + } /* l00 = B * yp. */ fp_mul(l[0][1][0][0], p->y, t0[0][0]); diff --git a/src/pp/relic_pp_add_k48.c b/src/pp/relic_pp_add_k48.c index 225612b74..3be9b9dfb 100644 --- a/src/pp/relic_pp_add_k48.c +++ b/src/pp/relic_pp_add_k48.c @@ -37,7 +37,8 @@ /* Private definitions */ /*============================================================================*/ -static void ep8_add_basic(fp8_t s, fp8_t rx, fp8_t ry, fp8_t qx, fp8_t qy) { +static void ep8_add_basic(fp8_t s, fp8_t rx, fp8_t ry, const fp8_t qx, + const fp8_t qy) { fp8_t t0, t1, t2; fp8_null(t0); @@ -104,7 +105,7 @@ static void ep8_add_basic(fp8_t s, fp8_t rx, fp8_t ry, fp8_t qx, fp8_t qy) { #if EP_ADD == BASIC || !defined(STRIP) -void pp_add_k48_basic(fp48_t l, fp8_t rx, fp8_t ry, fp8_t qx, fp8_t qy, ep_t p) { +void pp_add_k48_basic(fp48_t l, fp8_t rx, fp8_t ry, fp8_t qx, fp8_t qy, const ep_t p) { fp8_t s, tx, ty; fp8_null(s); @@ -149,8 +150,8 @@ void pp_add_k48_basic(fp48_t l, fp8_t rx, fp8_t ry, fp8_t qx, fp8_t qy, ep_t p) #if EP_ADD == PROJC || !defined(STRIP) -void pp_add_k48_projc(fp48_t l, fp8_t rx, fp8_t ry, fp8_t rz, fp8_t qx, - fp8_t qy, ep_t p) { +void pp_add_k48_projc(fp48_t l, fp8_t rx, fp8_t ry, fp8_t rz, const fp8_t qx, + const fp8_t qy, const ep_t p) { fp8_t t0, t1, t2, t3, t4; fp8_null(t0); diff --git a/src/pp/relic_pp_add_k54.c b/src/pp/relic_pp_add_k54.c index bdbdcde90..38758909f 100644 --- a/src/pp/relic_pp_add_k54.c +++ b/src/pp/relic_pp_add_k54.c @@ -37,7 +37,7 @@ /* Private definitions */ /*============================================================================*/ -static void ep9_add_basic(fp9_t s, fp9_t rx, fp9_t ry, fp9_t qx, fp9_t qy) { +static void ep9_add_basic(fp9_t s, fp9_t rx, fp9_t ry, const fp9_t qx, const fp9_t qy) { fp9_t t0, t1, t2; fp9_null(t0); @@ -104,7 +104,7 @@ static void ep9_add_basic(fp9_t s, fp9_t rx, fp9_t ry, fp9_t qx, fp9_t qy) { #if EP_ADD == BASIC || !defined(STRIP) -void pp_add_k54_basic(fp54_t l, fp9_t rx, fp9_t ry, fp9_t qx, fp9_t qy, ep_t p) { +void pp_add_k54_basic(fp54_t l, fp9_t rx, fp9_t ry, const fp9_t qx, const fp9_t qy, const ep_t p) { fp9_t s, tx, ty; fp9_null(s); @@ -150,8 +150,8 @@ void pp_add_k54_basic(fp54_t l, fp9_t rx, fp9_t ry, fp9_t qx, fp9_t qy, ep_t p) #if EP_ADD == PROJC || !defined(STRIP) -void pp_add_k54_projc(fp54_t l, fp9_t rx, fp9_t ry, fp9_t rz, fp9_t qx, - fp9_t qy, ep_t p) { +void pp_add_k54_projc(fp54_t l, fp9_t rx, fp9_t ry, fp9_t rz, const fp9_t qx, + const fp9_t qy, const ep_t p) { fp9_t t0, t1, t2, t3, t4; fp9_null(t0); diff --git a/src/pp/relic_pp_add_k8.c b/src/pp/relic_pp_add_k8.c index ccd4e78b2..91fea6f36 100644 --- a/src/pp/relic_pp_add_k8.c +++ b/src/pp/relic_pp_add_k8.c @@ -41,7 +41,7 @@ #if EP_ADD == BASIC || !defined(STRIP) -void pp_add_k8_basic(fp8_t l, ep2_t r, ep2_t q, ep_t p) { +void pp_add_k8_basic(fp8_t l, ep2_t r, const ep2_t q, const ep_t p) { int one = 1, zero = 0; fp2_t s; ep2_t t; @@ -82,7 +82,7 @@ void pp_add_k8_basic(fp8_t l, ep2_t r, ep2_t q, ep_t p) { #if PP_EXT == BASIC || !defined(STRIP) -void pp_add_k8_projc_basic(fp8_t l, ep2_t r, ep2_t q, ep_t p) { +void pp_add_k8_projc_basic(fp8_t l, ep2_t r, const ep2_t q, const ep_t p) { fp2_t t0, t1, t2, t3, t4, t5; int one = 1, zero = 0; @@ -175,7 +175,7 @@ void pp_add_k8_projc_basic(fp8_t l, ep2_t r, ep2_t q, ep_t p) { #if PP_EXT == LAZYR || !defined(STRIP) -void pp_add_k8_projc_lazyr(fp8_t l, ep2_t r, ep2_t q, ep_t p) { +void pp_add_k8_projc_lazyr(fp8_t l, ep2_t r, const ep2_t q, const ep_t p) { fp2_t t0, t1, t2, t3, t4, t5; int one = 1, zero = 0; diff --git a/src/pp/relic_pp_dbl_k12.c b/src/pp/relic_pp_dbl_k12.c index 743eb365a..cdb04ade7 100644 --- a/src/pp/relic_pp_dbl_k12.c +++ b/src/pp/relic_pp_dbl_k12.c @@ -41,7 +41,7 @@ #if EP_ADD == BASIC || !defined(STRIP) -void pp_dbl_k12_basic(fp12_t l, ep2_t r, ep2_t q, ep_t p) { +void pp_dbl_k12_basic(fp12_t l, ep2_t r, const ep2_t q, const ep_t p) { fp2_t s; ep2_t t; int one = 1, zero = 0; @@ -81,7 +81,7 @@ void pp_dbl_k12_basic(fp12_t l, ep2_t r, ep2_t q, ep_t p) { #if PP_EXT == BASIC || !defined(STRIP) -void pp_dbl_k12_projc_basic(fp12_t l, ep2_t r, ep2_t q, ep_t p) { +void pp_dbl_k12_projc_basic(fp12_t l, ep2_t r, const ep2_t q, const ep_t p) { fp2_t t0, t1, t2, t3, t4, t5, t6; int one = 1, zero = 0; @@ -234,7 +234,7 @@ void pp_dbl_k12_projc_basic(fp12_t l, ep2_t r, ep2_t q, ep_t p) { #if PP_EXT == LAZYR || !defined(STRIP) -void pp_dbl_k12_projc_lazyr(fp12_t l, ep2_t r, ep2_t q, ep_t p) { +void pp_dbl_k12_projc_lazyr(fp12_t l, ep2_t r, const ep2_t q, const ep_t p) { fp2_t t0, t1, t2, t3, t4, t5, t6; dv2_t u0, u1; int one = 1, zero = 0; @@ -402,7 +402,7 @@ void pp_dbl_k12_projc_lazyr(fp12_t l, ep2_t r, ep2_t q, ep_t p) { #endif -void pp_dbl_lit_k12(fp12_t l, ep_t r, ep_t p, ep2_t q) { +void pp_dbl_lit_k12(fp12_t l, ep_t r, const ep_t p, const ep2_t q) { fp_t t0, t1, t2, t3, t4, t5, t6; int one = 1, zero = 0; diff --git a/src/pp/relic_pp_dbl_k2.c b/src/pp/relic_pp_dbl_k2.c index ad1688ff0..df56a1b92 100644 --- a/src/pp/relic_pp_dbl_k2.c +++ b/src/pp/relic_pp_dbl_k2.c @@ -41,7 +41,7 @@ #if EP_ADD == BASIC || !defined(STRIP) -void pp_dbl_k2_basic(fp2_t l, ep_t r, ep_t p, ep_t q) { +void pp_dbl_k2_basic(fp2_t l, ep_t r, const ep_t p, const ep_t q) { fp_t s; ep_t t; @@ -72,7 +72,7 @@ void pp_dbl_k2_basic(fp2_t l, ep_t r, ep_t p, ep_t q) { #if PP_EXT == BASIC || !defined(STRIP) -void pp_dbl_k2_projc_basic(fp2_t l, ep_t r, ep_t p, ep_t q) { +void pp_dbl_k2_projc_basic(fp2_t l, ep_t r, const ep_t p, const ep_t q) { fp_t t0, t1, t2, t3, t4, t5; fp_null(t0); @@ -161,7 +161,7 @@ void pp_dbl_k2_projc_basic(fp2_t l, ep_t r, ep_t p, ep_t q) { #if PP_EXT == LAZYR || !defined(STRIP) -void pp_dbl_k2_projc_lazyr(fp2_t l, ep_t r, ep_t p, ep_t q) { +void pp_dbl_k2_projc_lazyr(fp2_t l, ep_t r, const ep_t p, const ep_t q) { fp_t t0, t1, t2, t3, t4, t5; dv_t u0, u1; diff --git a/src/pp/relic_pp_dbl_k24.c b/src/pp/relic_pp_dbl_k24.c index 3935047ae..6057a976e 100644 --- a/src/pp/relic_pp_dbl_k24.c +++ b/src/pp/relic_pp_dbl_k24.c @@ -39,9 +39,10 @@ #if EP_ADD == PROJC || !defined(STRIP) -void pp_dbl_k24_basic(fp24_t l, ep4_t r, ep4_t q, ep_t p) { +void pp_dbl_k24_basic(fp24_t l, ep4_t r, const ep4_t q, const ep_t p) { fp4_t s; ep4_t t; + int two = 1, one = 1; fp4_null(s); ep4_null(t); @@ -53,14 +54,22 @@ void pp_dbl_k24_basic(fp24_t l, ep4_t r, ep4_t q, ep_t p) { ep4_dbl_slp_basic(r, s, q); fp24_zero(l); - fp_mul(l[1][1][0][0], s[0][0], p->x); - fp_mul(l[1][1][0][1], s[0][1], p->x); - fp_mul(l[1][1][1][0], s[1][0], p->x); - fp_mul(l[1][1][1][1], s[1][1], p->x); + if (ep4_curve_is_twist() == RLC_EP_MTYPE) { + two += 1; + one ^= 1; + } + + fp_mul(l[two][one][0][0], s[0][0], p->x); + fp_mul(l[two][one][0][1], s[0][1], p->x); + fp_mul(l[two][one][1][0], s[1][0], p->x); + fp_mul(l[two][one][1][1], s[1][1], p->x); fp4_mul(l[0][0], s, t->x); fp4_sub(l[0][0], t->y, l[0][0]); - fp4_mul_art(l[0][0], l[0][0]); + + if (ep4_curve_is_twist() != RLC_EP_MTYPE) { + fp4_mul_art(l[0][0], l[0][0]); + } fp_copy(l[0][1][0][0], p->y); } @@ -77,8 +86,9 @@ void pp_dbl_k24_basic(fp24_t l, ep4_t r, ep4_t q, ep_t p) { #if EP_ADD == PROJC || !defined(STRIP) -void pp_dbl_k24_projc(fp24_t l, ep4_t r, ep4_t q, ep_t p) { +void pp_dbl_k24_projc(fp24_t l, ep4_t r, const ep4_t q, const ep_t p) { fp4_t t0, t1, t2, t3, t4, t5, t6; + int two = 1, one = 1; fp4_null(t0); fp4_null(t1); @@ -88,6 +98,11 @@ void pp_dbl_k24_projc(fp24_t l, ep4_t r, ep4_t q, ep_t p) { fp4_null(t5); fp4_null(t6); + if (ep4_curve_is_twist() == RLC_EP_MTYPE) { + two += 1; + one ^= 1; + } + RLC_TRY { fp4_new(t0); fp4_new(t1); @@ -146,13 +161,16 @@ void pp_dbl_k24_projc(fp24_t l, ep4_t r, ep4_t q, ep_t p) { /* l11 = D - B. */ fp4_sub(l[0][0], t3, t1); - fp4_mul_art(l[0][0], l[0][0]); + + if (ep4_curve_is_twist() != RLC_EP_MTYPE) { + fp4_mul_art(l[0][0], l[0][0]); + } /* l10 = (3 * xp) * A. */ - fp_mul(l[1][1][0][0], p->x, t0[0][0]); - fp_mul(l[1][1][0][1], p->x, t0[0][1]); - fp_mul(l[1][1][1][0], p->x, t0[1][0]); - fp_mul(l[1][1][1][1], p->x, t0[1][1]); + fp_mul(l[two][one][0][0], p->x, t0[0][0]); + fp_mul(l[two][one][0][1], p->x, t0[0][1]); + fp_mul(l[two][one][1][0], p->x, t0[1][0]); + fp_mul(l[two][one][1][1], p->x, t0[1][1]); /* l00 = F * (-yp). */ fp_mul(l[0][1][0][0], p->y, t5[0][0]); diff --git a/src/pp/relic_pp_dbl_k48.c b/src/pp/relic_pp_dbl_k48.c index 3d26f8568..743518c2b 100644 --- a/src/pp/relic_pp_dbl_k48.c +++ b/src/pp/relic_pp_dbl_k48.c @@ -98,7 +98,7 @@ static void ep8_dbl_basic(fp8_t s, fp8_t rx, fp8_t ry) { #if EP_ADD == BASIC || !defined(STRIP) -void pp_dbl_k48_basic(fp48_t l, fp8_t rx, fp8_t ry, ep_t p) { +void pp_dbl_k48_basic(fp48_t l, fp8_t rx, fp8_t ry, const ep_t p) { fp8_t s, tx, ty; fp8_null(s); @@ -142,7 +142,7 @@ void pp_dbl_k48_basic(fp48_t l, fp8_t rx, fp8_t ry, ep_t p) { #if EP_ADD == PROJC || !defined(STRIP) -void pp_dbl_k48_projc(fp48_t l, fp8_t rx, fp8_t ry, fp8_t rz, ep_t p) { +void pp_dbl_k48_projc(fp48_t l, fp8_t rx, fp8_t ry, fp8_t rz, const ep_t p) { fp8_t t0, t1, t2, t3, t4, t5, t6; fp8_null(t0); diff --git a/src/pp/relic_pp_dbl_k54.c b/src/pp/relic_pp_dbl_k54.c index c69ba29b0..df1c9827a 100644 --- a/src/pp/relic_pp_dbl_k54.c +++ b/src/pp/relic_pp_dbl_k54.c @@ -98,7 +98,7 @@ static void ep9_dbl_basic(fp9_t s, fp9_t rx, fp9_t ry) { #if EP_ADD == PROJC || !defined(STRIP) -void pp_dbl_k54_basic(fp54_t l, fp9_t rx, fp9_t ry, ep_t p) { +void pp_dbl_k54_basic(fp54_t l, fp9_t rx, fp9_t ry, const ep_t p) { fp9_t s, tx, ty; fp9_null(s); @@ -143,7 +143,7 @@ void pp_dbl_k54_basic(fp54_t l, fp9_t rx, fp9_t ry, ep_t p) { #if EP_ADD == PROJC || !defined(STRIP) -void pp_dbl_k54_projc(fp54_t l, fp9_t rx, fp9_t ry, fp9_t rz, ep_t p) { +void pp_dbl_k54_projc(fp54_t l, fp9_t rx, fp9_t ry, fp9_t rz, const ep_t p) { fp9_t t0, t1, t2, t3, t4, t5, t6; fp9_null(t0); diff --git a/src/pp/relic_pp_dbl_k8.c b/src/pp/relic_pp_dbl_k8.c index fa0b8af5e..a15901b9b 100644 --- a/src/pp/relic_pp_dbl_k8.c +++ b/src/pp/relic_pp_dbl_k8.c @@ -41,7 +41,7 @@ #if EP_ADD == BASIC || !defined(STRIP) -void pp_dbl_k8_basic(fp8_t l, ep2_t r, ep2_t q, ep_t p) { +void pp_dbl_k8_basic(fp8_t l, ep2_t r, const ep2_t q, const ep_t p) { fp2_t s; ep2_t t; int one = 1, zero = 0; @@ -81,7 +81,7 @@ void pp_dbl_k8_basic(fp8_t l, ep2_t r, ep2_t q, ep_t p) { #if PP_EXT == BASIC || !defined(STRIP) -void pp_dbl_k8_projc_new(fp8_t l, ep2_t r, ep2_t q, ep_t p) { +void pp_dbl_k8_projc_new(fp8_t l, ep2_t r, const ep2_t q, const ep_t p) { fp2_t t0, t1, t2, t3, t4; int one = 1, zero = 0; @@ -150,7 +150,7 @@ void pp_dbl_k8_projc_new(fp8_t l, ep2_t r, ep2_t q, ep_t p) { } } -void pp_dbl_k8_projc_basic(fp8_t l, ep2_t r, ep2_t q, ep_t p) { +void pp_dbl_k8_projc_basic(fp8_t l, ep2_t r, const ep2_t q, const ep_t p) { fp2_t t0, t1, t2, t3, t4, t5, t6; int one = 1, zero = 0; @@ -258,7 +258,7 @@ void pp_dbl_k8_projc_basic(fp8_t l, ep2_t r, ep2_t q, ep_t p) { #if PP_EXT == LAZYR || !defined(STRIP) -void pp_dbl_k8_projc_lazyr(fp8_t l, ep2_t r, ep2_t q, ep_t p) { +void pp_dbl_k8_projc_lazyr(fp8_t l, ep2_t r, const ep2_t q, const ep_t p) { fp2_t t0, t1, t2, t3, t4, t5, t6; dv2_t u0, u1; int one = 1, zero = 0; @@ -372,7 +372,7 @@ void pp_dbl_k8_projc_lazyr(fp8_t l, ep2_t r, ep2_t q, ep_t p) { } } -void pp_dbl_k8_projc_lazyr_new(fp8_t l, ep2_t r, ep2_t q, ep_t p) { +void pp_dbl_k8_projc_lazyr_new(fp8_t l, ep2_t r, const ep2_t q, const ep_t p) { fp2_t t0, t1, t2, t3; dv2_t u2, u3; int one = 1, zero = 0; diff --git a/src/pp/relic_pp_exp_k12.c b/src/pp/relic_pp_exp_k12.c index 91353402b..72d8ed320 100644 --- a/src/pp/relic_pp_exp_k12.c +++ b/src/pp/relic_pp_exp_k12.c @@ -151,8 +151,9 @@ static void pp_exp_b12(fp12_t c, fp12_t a) { bn_new(x); /* - * Final exponentiation following Ghammam and Fouotsa: - * On the Computation of Optimal Ate Pairing at the 192-bit Level. + * Final exponentiation following Hayashida, Hayasaka and Teruya: + * Efficient Final Exponentiation via Cyclotomic Structure for Pairings + * over Families of Elliptic Curves */ fp_prime_get_par(x); b = fp_prime_get_par_sps(&l); @@ -164,42 +165,62 @@ static void pp_exp_b12(fp12_t c, fp12_t a) { /* t0 = f^2. */ fp12_sqr_cyc(t0, c); - /* t1 = f^x. */ - fp12_exp_cyc_sps(t1, c, b, l, bn_sign(x)); + /* t3 = 1/f. */ + fp12_inv_cyc(t3, c); - /* t2 = f^(x^2). */ - fp12_exp_cyc_sps(t2, t1, b, l, bn_sign(x)); + if (b[0] == 0) { + /* t1 = f^x. */ + fp12_exp_cyc_sps(t1, c, b, l, bn_sign(x)); + + /* t2 = f^(x^2). */ + fp12_exp_cyc_sps(t2, t1, b, l, bn_sign(x)); + + /* t1 = t2/(t1^2 * f). */ + fp12_sqr_cyc(t1, t1); + } else { + /* + * Variant from Ghammam and Fouotsa saves computing (x-1)^2 power: + * Improving the computation of the optimal ate pairing for a high + * security level + */ + int _b[RLC_TERMS + 1]; + + for (int i = 0; i < l; i++) { + if (b[i] > 0) { + _b[i] = b[i] - 1; + } else { + _b[i] = b[i] + 1; + } + } + + /* t1 = f^x. */ + fp12_exp_cyc_sps(t1, t0, b, l, bn_sign(x)); + + /* t2 = f^(x^2). */ + fp12_exp_cyc_sps(t2, t1, _b, l, bn_sign(x)); + } - /* t1 = t2/(t1^2 * f). */ - fp12_inv_cyc(t3, c); - fp12_sqr_cyc(t1, t1); + /* t1 = f^(u^2 - 2u + 1). */ fp12_mul(t1, t1, t3); fp12_inv_cyc(t1, t1); fp12_mul(t1, t1, t2); - /* t2 = t1^x. */ + /* t2 = t1^(x + p). */ fp12_exp_cyc_sps(t2, t1, b, l, bn_sign(x)); + fp12_frb(t3, t1, 1); + fp12_mul(t2, t2, t3); - /* t3 = t2^x/t1. */ + /* t3 = t2^(x^2 + p^2 - 1) */ fp12_exp_cyc_sps(t3, t2, b, l, bn_sign(x)); - fp12_inv_cyc(t1, t1); - fp12_mul(t3, t1, t3); - - /* t1 = t1^(-p^3 ) * t2^(p^2). */ - fp12_inv_cyc(t1, t1); - fp12_frb(t1, t1, 3); - fp12_frb(t2, t2, 2); + fp12_exp_cyc_sps(t3, t3, b, l, bn_sign(x)); + fp12_frb(t1, t2, 2); + fp12_inv_cyc(t2, t2); fp12_mul(t1, t1, t2); + fp12_mul(t3, t3, t1); - /* t2 = f * f^2 * t3^x. */ - fp12_exp_cyc_sps(t2, t3, b, l, bn_sign(x)); - fp12_mul(t2, t2, t0); - fp12_mul(t2, t2, c); - - /* Compute t1 * t2 * t3^p. */ - fp12_mul(t1, t1, t2); - fp12_frb(t2, t3, 1); - fp12_mul(c, t1, t2); + /* c = t3 * f^3. */ + fp12_mul(t0, t0, c); + fp12_mul(c, t0, t3); } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); diff --git a/src/pp/relic_pp_exp_k24.c b/src/pp/relic_pp_exp_k24.c index 7f075d680..ff930ac6f 100644 --- a/src/pp/relic_pp_exp_k24.c +++ b/src/pp/relic_pp_exp_k24.c @@ -38,70 +38,77 @@ /*============================================================================*/ void pp_exp_k24(fp24_t c, fp24_t a) { - fp24_t t[8]; + fp24_t t0, t1, t2; const int *b; bn_t x; int l; bn_null(x); + fp24_null(t0); + fp24_null(t1); + fp24_null(t2); RLC_TRY { bn_new(x); - for (int i = 0; i < 8; i++) { - fp24_null(t[i]); - fp24_new(t[i]); - } - + fp24_new(t0); + fp24_new(t1); + fp24_new(t2); + + /* + * Final exponentiation following Hayashida, Hayasaka and Teruya: + * Efficient Final Exponentiation via Cyclotomic Structure for Pairings + * over Families of Elliptic Curves + */ fp_prime_get_par(x); b = fp_prime_get_par_sps(&l); /* First, compute m^(p^12 - 1)(p^4 + 1). */ fp24_conv_cyc(c, a); - /* v7 = f^x. */ - fp24_exp_cyc_sps(t[7], c, b, l, bn_sign(x)); - - /* v6 = f^(-2x + 1). */ - fp24_sqr_cyc(t[6], t[7]); - fp24_inv_cyc(t[6], t[6]); - fp24_mul(t[6], t[6], c); - - /* v7 = f^(x^2 - 2x + 1). */ - fp24_exp_cyc_sps(t[7], t[7], b, l, bn_sign(x)); - fp24_mul(t[7], t[7], t[6]); - - fp24_exp_cyc_sps(t[6], t[7], b, l, bn_sign(x)); - - fp24_exp_cyc_sps(t[5], t[6], b, l, bn_sign(x)); - - fp24_exp_cyc_sps(t[4], t[5], b, l, bn_sign(x)); - - fp24_exp_cyc_sps(t[3], t[4], b, l, bn_sign(x)); - fp24_inv_cyc(t[2], t[7]); - fp24_mul(t[3], t[3], t[2]); - - fp24_exp_cyc_sps(t[2], t[3], b, l, bn_sign(x)); - - fp24_exp_cyc_sps(t[1], t[2], b, l, bn_sign(x)); + /* t0 = f^x. */ + fp24_exp_cyc_sps(t0, c, b, l, bn_sign(x)); + + /* t1 = f^(-2x + 1). */ + fp24_sqr_cyc(t1, t0); + fp24_inv_cyc(t1, t1); + fp24_mul(t1, t1, c); + + /* t0 = f^(x^2 - 2x + 1). */ + fp24_exp_cyc_sps(t0, t0, b, l, bn_sign(x)); + fp24_mul(t0, t0, t1); + + /* t1 = t0^(x + p). */ + fp24_exp_cyc_sps(t1, t0, b, l, bn_sign(x)); + fp24_frb(t0, t0, 1); + fp24_mul(t1, t1, t0); + + /* t0 = t1^(x^2 + p^2). */ + fp24_exp_cyc_sps(t0, t1, b, l, bn_sign(x)); + fp24_exp_cyc_sps(t0, t0, b, l, bn_sign(x)); + fp24_frb(t1, t1, 2); + fp24_mul(t0, t0, t1); + + /* t1 = t0^(x^4 + p^4 - 1). */ + fp24_exp_cyc_sps(t1, t0, b, l, bn_sign(x)); + fp24_exp_cyc_sps(t1, t1, b, l, bn_sign(x)); + fp24_exp_cyc_sps(t1, t1, b, l, bn_sign(x)); + fp24_exp_cyc_sps(t1, t1, b, l, bn_sign(x)); + fp24_inv_cyc(t2, t0); + fp24_frb(t0, t0, 4); + fp24_mul(t1, t1, t0); + fp24_mul(t1, t1, t2); /* c = c^3. */ - fp24_sqr_cyc(t[0], c); - fp24_mul(c, c, t[0]); - - fp24_exp_cyc_sps(t[0], t[1], b, l, bn_sign(x)); - - fp24_mul(c, c, t[0]); - for (int i = 1; i < 8; i++) { - fp24_frb(t[i], t[i], i); - fp24_mul(c, c, t[i]); - } + fp24_sqr_cyc(t0, c); + fp24_mul(c, c, t0); + fp24_mul(c, c, t1); } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { bn_free(x); - for (int i = 0; i < 8; i++) { - fp24_free(t[i]); - } + fp24_free(t0); + fp24_free(t1); + fp24_free(t2); } } diff --git a/src/pp/relic_pp_map_k12.c b/src/pp/relic_pp_map_k12.c index 8f4f35ba6..4f2287633 100644 --- a/src/pp/relic_pp_map_k12.c +++ b/src/pp/relic_pp_map_k12.c @@ -236,7 +236,7 @@ static void pp_fin_k12_oatep(fp12_t r, ep2_t t, ep2_t q, ep_t p) { #if PP_MAP == TATEP || !defined(STRIP) -void pp_map_tatep_k12(fp12_t r, ep_t p, ep2_t q) { +void pp_map_tatep_k12(fp12_t r, const ep_t p, const ep2_t q) { ep_t _p[1], t[1]; ep2_t _q[1]; bn_t n; @@ -273,7 +273,7 @@ void pp_map_tatep_k12(fp12_t r, ep_t p, ep2_t q) { } } -void pp_map_sim_tatep_k12(fp12_t r, ep_t *p, ep2_t *q, int m) { +void pp_map_sim_tatep_k12(fp12_t r, const ep_t *p, const ep2_t *q, int m) { ep_t *_p = RLC_ALLOCA(ep_t, m), *t = RLC_ALLOCA(ep_t, m); ep2_t *_q = RLC_ALLOCA(ep2_t, m); bn_t n; @@ -330,7 +330,7 @@ void pp_map_sim_tatep_k12(fp12_t r, ep_t *p, ep2_t *q, int m) { #if PP_MAP == WEILP || !defined(STRIP) -void pp_map_weilp_k12(fp12_t r, ep_t p, ep2_t q) { +void pp_map_weilp_k12(fp12_t r, const ep_t p, const ep2_t q) { ep_t _p[1], t0[1]; ep2_t _q[1], t1[1]; fp12_t r0, r1; @@ -384,7 +384,7 @@ void pp_map_weilp_k12(fp12_t r, ep_t p, ep2_t q) { } } -void pp_map_sim_weilp_k12(fp12_t r, ep_t *p, ep2_t *q, int m) { +void pp_map_sim_weilp_k12(fp12_t r, const ep_t *p, const ep2_t *q, int m) { ep_t *_p = RLC_ALLOCA(ep_t, m), *t0 = RLC_ALLOCA(ep_t, m); ep2_t *_q = RLC_ALLOCA(ep2_t, m), *t1 = RLC_ALLOCA(ep2_t, m); fp12_t r0, r1; @@ -460,7 +460,7 @@ void pp_map_sim_weilp_k12(fp12_t r, ep_t *p, ep2_t *q, int m) { #if PP_MAP == OATEP || !defined(STRIP) -void pp_map_oatep_k12(fp12_t r, ep_t p, ep2_t q) { +void pp_map_oatep_k12(fp12_t r, const ep_t p, const ep2_t q) { ep_t _p[1]; ep2_t t[1], _q[1]; bn_t a; @@ -520,7 +520,7 @@ void pp_map_oatep_k12(fp12_t r, ep_t p, ep2_t q) { } } -void pp_map_sim_oatep_k12(fp12_t r, ep_t *p, ep2_t *q, int m) { +void pp_map_sim_oatep_k12(fp12_t r, const ep_t *p, const ep2_t *q, int m) { ep_t *_p = RLC_ALLOCA(ep_t, m); ep2_t *t = RLC_ALLOCA(ep2_t, m), *_q = RLC_ALLOCA(ep2_t, m); bn_t a; diff --git a/src/pp/relic_pp_map_k2.c b/src/pp/relic_pp_map_k2.c index f4dbabf96..1217738f9 100644 --- a/src/pp/relic_pp_map_k2.c +++ b/src/pp/relic_pp_map_k2.c @@ -158,7 +158,7 @@ static void pp_mil_lit_k2(fp2_t r, ep_t *t, ep_t *p, ep_t *q, int m, bn_t a) { #if PP_MAP == TATEP || PP_MAP == OATEP || !defined(STRIP) -void pp_map_tatep_k2(fp2_t r, ep_t p, ep_t q) { +void pp_map_tatep_k2(fp2_t r, const ep_t p, const ep_t q) { ep_t _p[1], _q[1], t[1]; bn_t n; @@ -194,7 +194,7 @@ void pp_map_tatep_k2(fp2_t r, ep_t p, ep_t q) { } } -void pp_map_sim_tatep_k2(fp2_t r, ep_t *p, ep_t *q, int m) { +void pp_map_sim_tatep_k2(fp2_t r, const ep_t *p, const ep_t *q, int m) { ep_t *_p = RLC_ALLOCA(ep_t, m), *_q = RLC_ALLOCA(ep_t, m), *t = RLC_ALLOCA(ep_t, m); bn_t n; @@ -252,7 +252,7 @@ void pp_map_sim_tatep_k2(fp2_t r, ep_t *p, ep_t *q, int m) { #if PP_MAP == WEILP || !defined(STRIP) -void pp_map_weilp_k2(fp2_t r, ep_t p, ep_t q) { +void pp_map_weilp_k2(fp2_t r, const ep_t p, const ep_t q) { ep_t _p[1], _q[1], t0[1], t1[1]; fp2_t r0, r1; bn_t n; @@ -306,7 +306,7 @@ void pp_map_weilp_k2(fp2_t r, ep_t p, ep_t q) { } } -void pp_map_sim_weilp_k2(fp2_t r, ep_t *p, ep_t *q, int m) { +void pp_map_sim_weilp_k2(fp2_t r, const ep_t *p, const ep_t *q, int m) { ep_t *_p = RLC_ALLOCA(ep_t, m), *_q = RLC_ALLOCA(ep_t, m), *t0 = RLC_ALLOCA(ep_t, m), *t1 = RLC_ALLOCA(ep_t, m); diff --git a/src/pp/relic_pp_map_k24.c b/src/pp/relic_pp_map_k24.c index 70af03e18..26ebe9cd2 100644 --- a/src/pp/relic_pp_map_k24.c +++ b/src/pp/relic_pp_map_k24.c @@ -106,7 +106,7 @@ static void pp_mil_k24(fp24_t r, ep4_t *t, ep4_t *q, ep_t *p, int m, bn_t a) { fp24_sqr(r, r); for (j = 0; j < m; j++) { pp_dbl_k24(l, t[j], t[j], _p[j]); - fp24_mul(r, r, l); + fp24_mul_dxs(r, r, l); if (s[i] > 0) { pp_add_k24(l, t[j], q[j], p[j]); fp24_mul_dxs(r, r, l); @@ -138,7 +138,7 @@ static void pp_mil_k24(fp24_t r, ep4_t *t, ep4_t *q, ep_t *p, int m, bn_t a) { #if PP_MAP == OATEP || !defined(STRIP) -void pp_map_k24(fp24_t r, ep_t p, ep4_t q) { +void pp_map_k24(fp24_t r, const ep_t p, const ep4_t q) { ep_t _p[1]; ep4_t t[1], _q[1]; bn_t a; @@ -185,7 +185,7 @@ void pp_map_k24(fp24_t r, ep_t p, ep4_t q) { } } -void pp_map_sim_k24(fp24_t r, ep_t *p, ep4_t *q, int m) { +void pp_map_sim_k24(fp24_t r, const ep_t *p, const ep4_t *q, int m) { ep_t *_p = RLC_ALLOCA(ep_t, m); ep4_t *t = RLC_ALLOCA(ep4_t, m), *_q = RLC_ALLOCA(ep4_t, m); bn_t a; diff --git a/src/pp/relic_pp_map_k48.c b/src/pp/relic_pp_map_k48.c index 2f14fd534..e17d28c72 100644 --- a/src/pp/relic_pp_map_k48.c +++ b/src/pp/relic_pp_map_k48.c @@ -37,10 +37,11 @@ /* Private definitions */ /*============================================================================*/ -static void pp_mil_k48(fp48_t r, fp8_t qx, fp8_t qy, ep_t p, bn_t a) { +static void pp_mil_k48(fp48_t r, const fp8_t qx, const fp8_t qy, const ep_t p, + const bn_t a) { fp48_t l; ep_t _p; - fp8_t rx, ry, rz; + fp8_t rx, ry, rz, qn; int i, len = bn_bits(a) + 1; int8_t s[RLC_FP_BITS + 1]; @@ -49,6 +50,7 @@ static void pp_mil_k48(fp48_t r, fp8_t qx, fp8_t qy, ep_t p, bn_t a) { fp8_null(rx); fp8_null(ry); fp8_null(rz); + fp8_null(qn); RLC_TRY { fp48_new(l); @@ -56,6 +58,7 @@ static void pp_mil_k48(fp48_t r, fp8_t qx, fp8_t qy, ep_t p, bn_t a) { fp8_new(rx); fp8_new(ry); fp8_new(rz); + fp8_new(qn); fp48_zero(l); fp8_copy(rx, qx); @@ -68,6 +71,7 @@ static void pp_mil_k48(fp48_t r, fp8_t qx, fp8_t qy, ep_t p, bn_t a) { fp_add(_p->x, _p->x, p->x); fp_neg(_p->y, p->y); #endif + fp8_neg(qn, qy); bn_rec_naf(s, &len, a, 2); for (i = len - 2; i >= 0; i--) { @@ -79,9 +83,7 @@ static void pp_mil_k48(fp48_t r, fp8_t qx, fp8_t qy, ep_t p, bn_t a) { fp48_mul_dxs(r, r, l); } if (s[i] < 0) { - fp8_neg(qy, qy); - pp_add_k48(l, rx, ry, rz, qx, qy, p); - fp8_neg(qy, qy); + pp_add_k48(l, rx, ry, rz, qx, qn, p); fp48_mul_dxs(r, r, l); } } @@ -95,6 +97,7 @@ static void pp_mil_k48(fp48_t r, fp8_t qx, fp8_t qy, ep_t p, bn_t a) { fp8_free(rx); fp8_free(ry); fp8_free(rz); + fp8_free(qn); } } @@ -102,7 +105,7 @@ static void pp_mil_k48(fp48_t r, fp8_t qx, fp8_t qy, ep_t p, bn_t a) { /* Public definitions */ /*============================================================================*/ -void pp_map_k48(fp48_t r, ep_t p, fp8_t qx, fp8_t qy) { +void pp_map_k48(fp48_t r, const ep_t p, const fp8_t qx, const fp8_t qy) { bn_t a; bn_null(a); diff --git a/src/pp/relic_pp_map_k54.c b/src/pp/relic_pp_map_k54.c index 604f4a9e7..f5184d54f 100644 --- a/src/pp/relic_pp_map_k54.c +++ b/src/pp/relic_pp_map_k54.c @@ -37,10 +37,11 @@ /* Private definitions */ /*============================================================================*/ -static void pp_mil_k54(fp54_t r, fp9_t qx, fp9_t qy, ep_t p, bn_t a) { +static void pp_mil_k54(fp54_t r, const fp9_t qx, const fp9_t qy, const ep_t p, + const bn_t a) { fp54_t l; ep_t _p; - fp9_t rx, ry, rz, sx, sy, sz; + fp9_t rx, ry, rz, sx, sy, sz, qn; int i, len = bn_bits(a) + 1; int8_t s[RLC_FP_BITS + 1]; @@ -62,6 +63,7 @@ static void pp_mil_k54(fp54_t r, fp9_t qx, fp9_t qy, ep_t p, bn_t a) { fp9_new(sx); fp9_new(sy); fp9_new(sz); + fp9_new(qn); fp54_zero(l); fp9_copy(rx, qx); @@ -74,6 +76,7 @@ static void pp_mil_k54(fp54_t r, fp9_t qx, fp9_t qy, ep_t p, bn_t a) { fp_add(_p->x, _p->x, p->x); fp_neg(_p->y, p->y); #endif + fp9_neg(qn, qy); bn_rec_naf(s, &len, a, 2); for (i = len - 2; i >= 0; i--) { @@ -85,9 +88,7 @@ static void pp_mil_k54(fp54_t r, fp9_t qx, fp9_t qy, ep_t p, bn_t a) { fp54_mul_dxs(r, r, l); } if (s[i] < 0) { - fp9_neg(qy, qy); - pp_add_k54(l, rx, ry, rz, qx, qy, p); - fp9_neg(qy, qy); + pp_add_k54(l, rx, ry, rz, qx, qn, p); fp54_mul_dxs(r, r, l); } } @@ -152,6 +153,7 @@ static void pp_mil_k54(fp54_t r, fp9_t qx, fp9_t qy, ep_t p, bn_t a) { fp9_free(sx); fp9_free(sy); fp9_free(sz); + fp9_free(qn); } } @@ -159,7 +161,7 @@ static void pp_mil_k54(fp54_t r, fp9_t qx, fp9_t qy, ep_t p, bn_t a) { /* Public definitions */ /*============================================================================*/ -void pp_map_k54(fp54_t r, ep_t p, fp9_t qx, fp9_t qy) { +void pp_map_k54(fp54_t r, const ep_t p, const fp9_t qx, const fp9_t qy) { bn_t a; bn_null(a); diff --git a/src/pp/relic_pp_map_k8.c b/src/pp/relic_pp_map_k8.c index 0f31472bf..28e42a71d 100644 --- a/src/pp/relic_pp_map_k8.c +++ b/src/pp/relic_pp_map_k8.c @@ -120,7 +120,7 @@ static void pp_mil_k8(fp8_t r, ep2_t *t, ep2_t *q, ep_t *p, int m, bn_t a) { /* Public definitions */ /*============================================================================*/ -void pp_map_oatep_k8(fp8_t r, ep_t p, ep2_t q) { +void pp_map_oatep_k8(fp8_t r, const ep_t p, const ep2_t q) { ep_t _p[1]; ep2_t t[1], _q[1]; bn_t a; diff --git a/src/pp/relic_pp_norm.c b/src/pp/relic_pp_norm.c index b2a8f8521..eeca1d73c 100644 --- a/src/pp/relic_pp_norm.c +++ b/src/pp/relic_pp_norm.c @@ -39,11 +39,11 @@ /* Public definitions */ /*============================================================================*/ -void pp_norm_k2(ep_t r, ep_t p) { +void pp_norm_k2(ep_t r, const ep_t p) { ep_norm(r, p); } -void pp_norm_k8(ep2_t r, ep2_t p) { +void pp_norm_k8(ep2_t r, const ep2_t p) { if (ep2_is_infty(p)) { ep2_set_infty(r); return; @@ -63,7 +63,7 @@ void pp_norm_k8(ep2_t r, ep2_t p) { #endif } -void pp_norm_k12(ep2_t r, ep2_t p) { +void pp_norm_k12(ep2_t r, const ep2_t p) { if (ep2_is_infty(p)) { ep2_set_infty(r); return; @@ -82,7 +82,7 @@ void pp_norm_k12(ep2_t r, ep2_t p) { #endif } -void pp_norm_k24(ep4_t r, ep4_t p) { +void pp_norm_k24(ep4_t r, const ep4_t p) { if (ep4_is_infty(p)) { ep4_set_infty(r); return; diff --git a/src/relic_util.c b/src/relic_util.c index 3bb369d00..ba7840f75 100644 --- a/src/relic_util.c +++ b/src/relic_util.c @@ -151,6 +151,17 @@ int util_cmp_const(const void *a, const void *b, int size) { return (result == 0 ? RLC_EQ : RLC_NE); } +void util_perm(unsigned int p[], int n) { + size_t i, j, k; + + for (i = 0; i < n; i++) { + rand_bytes((uint8_t *)&k, sizeof(size_t)); + j = k % (i+1); + p[i] = p[j]; + p[j] = i; + } +} + #ifndef QUIET void util_print(const char *format, ...) { #if ARCH == AVR && !defined(OPSYS) diff --git a/test/test_bn.c b/test/test_bn.c index e8064c800..30a925362 100644 --- a/test/test_bn.c +++ b/test/test_bn.c @@ -905,6 +905,10 @@ static int reduction(void) { if (bn_cmp(a, c) == RLC_LT) { bn_mod_basic(e, a, b); TEST_ASSERT(bn_cmp(e, d) == RLC_EQ, end); + bn_neg(a, a); + bn_mod_basic(e, a, b); + bn_sub(e, b, e); + TEST_ASSERT(bn_cmp(e, d) == RLC_EQ, end); } } TEST_END; @@ -917,8 +921,12 @@ static int reduction(void) { bn_div_rem(c, d, a, b); bn_sqr(c, b); if (bn_cmp(a, c) == RLC_LT) { - bn_mod_pre_barrt(e, b); - bn_mod_barrt(e, a, b, e); + bn_mod_pre_barrt(c, b); + bn_mod_barrt(e, a, b, c); + TEST_ASSERT(bn_cmp(e, d) == RLC_EQ, end); + bn_neg(a, a); + bn_mod_barrt(e, a, b, c); + bn_sub(e, b, e); TEST_ASSERT(bn_cmp(e, d) == RLC_EQ, end); } } @@ -937,6 +945,11 @@ static int reduction(void) { bn_mod_pre_monty(e, b); bn_mod_monty_basic(d, c, b, e); TEST_ASSERT(bn_cmp(a, d) == RLC_EQ, end); + bn_neg(a, a); + bn_mod_monty_conv(c, a, b); + bn_mod_monty_basic(d, c, b, e); + bn_add(a, a, b); + TEST_ASSERT(bn_cmp(a, d) == RLC_EQ, end); } TEST_END; #endif @@ -953,6 +966,11 @@ static int reduction(void) { bn_mod_pre_monty(e, b); bn_mod_monty_comba(d, c, b, e); TEST_ASSERT(bn_cmp(a, d) == RLC_EQ, end); + bn_neg(a, a); + bn_mod_monty_conv(c, a, b); + bn_mod_monty_comba(d, c, b, e); + bn_add(a, a, b); + TEST_ASSERT(bn_cmp(a, d) == RLC_EQ, end); } TEST_END; #endif @@ -962,14 +980,19 @@ static int reduction(void) { bn_rand(a, RLC_POS, RLC_BN_BITS); bn_rand(b, RLC_POS, RLC_BN_BITS / 2); bn_rand(c, RLC_POS, RLC_BN_BITS / 4); - if (bn_is_zero(c)) + if (bn_is_zero(c)) { bn_set_dig(c, 1); + } bn_set_2b(b, RLC_BN_BITS / 2); bn_sub(b, b, c); bn_mod(c, a, b); bn_mod_pre_pmers(e, b); bn_mod_pmers(d, a, b, e); TEST_ASSERT(bn_cmp(c, d) == RLC_EQ, end); + bn_neg(a, a); + bn_mod(c, a, b); + bn_mod_pmers(d, a, b, e); + TEST_ASSERT(bn_cmp(c, d) == RLC_EQ, end); } TEST_END; #endif @@ -991,17 +1014,20 @@ static int reduction(void) { static int exponentiation(void) { int code = RLC_ERR; bn_t a, b, c, p; + crt_t crt; bn_null(a); bn_null(b); bn_null(c); bn_null(p); + crt_null(crt); RLC_TRY { bn_new(a); bn_new(b); bn_new(c); bn_new(p); + crt_new(crt); #if BN_MOD != PMERS bn_gen_prime(p, RLC_BN_BITS); @@ -1073,6 +1099,31 @@ static int exponentiation(void) { } TEST_END; #endif + + do { + bn_gen_prime(crt->p, RLC_BN_BITS / 2); + bn_gen_prime(crt->q, RLC_BN_BITS / 2); + } while (bn_is_even(crt->p) || bn_is_even(crt->q)); + + /* n = pq. */ + bn_mul(crt->n, crt->p, crt->q); + /* qInv = q^(-1) mod p. */ + bn_mod_inv(crt->qi, crt->q, crt->p); + bn_sub_dig(crt->dp, crt->p, 1); + bn_sub_dig(crt->dq, crt->q, 1); + + TEST_CASE("chinese remainder theorem modular exponentiation is correct") { + bn_rand(a, RLC_POS, RLC_BN_BITS); + bn_rand(b, RLC_POS, RLC_BN_BITS); + bn_mod(a, a, crt->n); + bn_mul(c, crt->dp, crt->dq); + bn_mod(b, b, c); + bn_mxp(p, a, b, crt->n); + bn_mod(c, b, crt->dp); + bn_mod(b, b, crt->dq); + bn_mxp_crt(c, a, c, b, crt, 0); + TEST_ASSERT(bn_cmp(c, p) == RLC_EQ, end); + } TEST_END; } RLC_CATCH_ANY { RLC_ERROR(end); @@ -1083,6 +1134,7 @@ static int exponentiation(void) { bn_free(b); bn_free(c); bn_free(p); + crt_free(crt); return code; } @@ -1138,7 +1190,7 @@ static int square_root(void) { static int gcd(void) { int code = RLC_ERR; - bn_t a, b, c, d, e, f; + bn_t a, b, c, d, e, f, g, h; bn_null(a); bn_null(b); @@ -1146,6 +1198,8 @@ static int gcd(void) { bn_null(d); bn_null(e); bn_null(f); + bn_null(g); + bn_null(h); RLC_TRY { bn_new(a); @@ -1154,6 +1208,8 @@ static int gcd(void) { bn_new(d); bn_new(e); bn_new(f); + bn_new(g); + bn_new(h); TEST_CASE("greatest common divisor is correct") { bn_rand(a, RLC_POS, RLC_BN_BITS); @@ -1199,53 +1255,66 @@ static int gcd(void) { TEST_CASE("basic extended greatest common divisor is correct") { bn_rand(a, RLC_POS, RLC_BN_BITS); bn_rand(b, RLC_POS, RLC_BN_BITS); + bn_gcd_basic(f, a, b); bn_gcd_ext_basic(c, d, e, a, b); bn_mul(d, d, a); bn_mul(e, e, b); bn_add(d, d, e); - bn_gcd_basic(f, a, b); TEST_ASSERT(bn_cmp(c, d) == RLC_EQ && bn_cmp(c, f) == RLC_EQ, end); + bn_gcd_ext(c, d, e, a, b); + bn_gcd_ext_basic(f, g, h, a, b); + TEST_ASSERT(bn_cmp(c, f) == RLC_EQ && bn_cmp(d, g) == RLC_EQ + && bn_cmp(e, h) == RLC_EQ, end); } TEST_END; #endif -#if BN_GCD == LEHME || !defined(STRIP) - TEST_CASE("lehmer greatest common divisor is correct") { +#if BN_GCD == BINAR || !defined(STRIP) + TEST_CASE("binary greatest common divisor is correct") { bn_rand(a, RLC_POS, RLC_BN_BITS); bn_rand(b, RLC_POS, RLC_BN_BITS); bn_gcd(c, a, b); - bn_gcd_lehme(d, a, b); + bn_gcd_binar(d, a, b); TEST_ASSERT(bn_cmp(c, d) == RLC_EQ, end); } TEST_END; - TEST_CASE("lehmer extended greatest common divisor is correct") { + TEST_CASE("binary extended greatest common divisor is correct") { bn_rand(a, RLC_POS, RLC_BN_BITS); bn_rand(b, RLC_POS, RLC_BN_BITS); - bn_gcd_ext_lehme(c, d, e, a, b); + bn_gcd_binar(f, a, b); + bn_gcd_ext_binar(c, d, e, a, b); bn_mul(d, d, a); bn_mul(e, e, b); bn_add(d, d, e); - bn_gcd_lehme(f, a, b); TEST_ASSERT(bn_cmp(c, d) == RLC_EQ && bn_cmp(c, f) == RLC_EQ, end); + bn_gcd_ext(c, d, e, a, b); + bn_gcd_ext_binar(f, g, h, a, b); + TEST_ASSERT(bn_cmp(c, f) == RLC_EQ && bn_cmp(d, g) == RLC_EQ + && bn_cmp(e, h) == RLC_EQ, end); } TEST_END; #endif -#if BN_GCD == STEIN || !defined(STRIP) - TEST_CASE("stein greatest common divisor is correct") { +#if BN_GCD == LEHME || !defined(STRIP) + TEST_CASE("lehmer greatest common divisor is correct") { bn_rand(a, RLC_POS, RLC_BN_BITS); bn_rand(b, RLC_POS, RLC_BN_BITS); bn_gcd(c, a, b); - bn_gcd_stein(d, a, b); + bn_gcd_lehme(d, a, b); TEST_ASSERT(bn_cmp(c, d) == RLC_EQ, end); } TEST_END; - TEST_CASE("stein extended greatest common divisor is correct") { + TEST_CASE("lehmer extended greatest common divisor is correct") { bn_rand(a, RLC_POS, RLC_BN_BITS); bn_rand(b, RLC_POS, RLC_BN_BITS); - bn_gcd_ext_stein(c, d, e, a, b); + bn_gcd_lehme(f, a, b); + bn_gcd_ext_lehme(c, d, e, a, b); bn_mul(d, d, a); bn_mul(e, e, b); bn_add(d, d, e); - TEST_ASSERT(bn_cmp(c, d) == RLC_EQ, end); + TEST_ASSERT(bn_cmp(c, d) == RLC_EQ && bn_cmp(c, f) == RLC_EQ, end); + bn_gcd_ext(c, d, e, a, b); + bn_gcd_ext_lehme(f, g, h, a, b); + TEST_ASSERT(bn_cmp(c, f) == RLC_EQ && bn_cmp(d, g) == RLC_EQ + && bn_cmp(e, h) == RLC_EQ, end); } TEST_END; #endif @@ -1272,6 +1341,8 @@ static int gcd(void) { bn_free(d); bn_free(e); bn_free(f); + bn_free(g); + bn_free(h); return code; } @@ -1309,7 +1380,7 @@ static int lcm(void) { } static int symbol(void) { - int code = RLC_ERR; + int r, code = RLC_ERR; bn_t a, b, c, p, q; bn_null(a); @@ -1331,35 +1402,33 @@ static int symbol(void) { } while (bn_is_even(p) || bn_is_even(q)); TEST_CASE("legendre symbol is correct") { - bn_smb_leg(c, p, p); - TEST_ASSERT(bn_is_zero(c) == 1, end); + TEST_ASSERT(bn_smb_leg(p, p) == 0, end); bn_rand(a, RLC_POS, RLC_BN_BITS); bn_sqr(a, a); bn_mod(a, a, p); - bn_smb_leg(c, a, p); - TEST_ASSERT(bn_cmp_dig(c, 1) == RLC_EQ, end); + TEST_ASSERT(bn_smb_leg(a, p) == 1, end); bn_rand(a, RLC_POS, RLC_BN_BITS); - bn_smb_leg(c, a, p); - bn_set_dig(a, 1); - TEST_ASSERT(bn_cmp_abs(c, a) == RLC_EQ, end); + r = bn_smb_leg(a, p); + TEST_ASSERT(r == 1 || r == -1, end); } TEST_END; TEST_CASE("legendre symbol is a homomorphism") { bn_rand(a, RLC_POS, RLC_BN_BITS / 2); bn_rand(b, RLC_POS, RLC_BN_BITS / 2); bn_mul(c, a, b); - bn_smb_leg(a, a, p); - bn_smb_leg(b, b, p); - bn_smb_leg(c, c, p); - bn_mul(a, a, b); - TEST_ASSERT(bn_cmp(a, c) == RLC_EQ, end); + r = bn_smb_leg(a, p) * bn_smb_leg(b, p); + TEST_ASSERT(r == bn_smb_leg(c, p), end); } TEST_END; TEST_ONCE("legendre symbol satisfies quadratic reciprocity") { /* Check the first supplement: (-1|p) = (-1)^(p-1)/2. */ bn_set_dig(a, 1); bn_neg(a, a); - bn_smb_leg(b, a, p); + r = bn_smb_leg(a, p); + bn_set_dig(b, (r < 0 ? -r : r)); + if (r < 0) { + bn_neg(b, b); + } bn_sub_dig(c, p, 1); bn_rsh(c, c, 1); if (bn_is_even(c)) { @@ -1368,7 +1437,11 @@ static int symbol(void) { TEST_ASSERT(bn_cmp(a, b) == RLC_EQ, end); /* Check second supplement: (2|p) = (-1)^(p^2-1)/8. */ bn_set_dig(a, 2); - bn_smb_leg(b, a, p); + r = bn_smb_leg(a, p); + bn_set_dig(b, (r < 0 ? -r : r)); + if (r < 0) { + bn_neg(b, b); + } bn_sqr(c, p); bn_sub_dig(c, c, 1); bn_rsh(c, c, 3); @@ -1378,8 +1451,16 @@ static int symbol(void) { } TEST_ASSERT(bn_cmp(a, b) == RLC_EQ, end); /* Check quadratic reciprocity law. */ - bn_smb_leg(a, q, p); - bn_smb_leg(b, p, q); + r = bn_smb_leg(q, p); + bn_set_dig(a, (r < 0 ? -r : r)); + if (r < 0) { + bn_neg(a, a); + } + r = bn_smb_leg(p, q); + bn_set_dig(b, (r < 0 ? -r : r)); + if (r < 0) { + bn_neg(b, b); + } bn_sub_dig(c, p, 1); bn_rsh(c, c, 1); if (!bn_is_even(c)) { @@ -1394,9 +1475,7 @@ static int symbol(void) { TEST_CASE("jacobi symbol is correct") { bn_rand(a, RLC_POS, RLC_BN_BITS); - bn_smb_leg(c, a, p); - bn_smb_jac(b, a, p); - TEST_ASSERT(bn_cmp_abs(c, b) == RLC_EQ, end); + TEST_ASSERT(bn_smb_leg(a, p) == bn_smb_jac(a, p), end); } TEST_END; TEST_CASE("jacobi symbol is a homomorphism") { @@ -1407,11 +1486,8 @@ static int symbol(void) { bn_add_dig(p, p, 1); } bn_mul(c, a, b); - bn_smb_jac(a, a, p); - bn_smb_jac(b, b, p); - bn_smb_jac(c, c, p); - bn_mul(a, a, b); - TEST_ASSERT(bn_cmp(a, c) == RLC_EQ, end); + r = bn_smb_jac(a, p) * bn_smb_jac(b, p); + TEST_ASSERT(r == bn_smb_jac(c, p), end); } TEST_END; TEST_CASE("jacobi symbol is consistent with gcd") { @@ -1420,13 +1496,16 @@ static int symbol(void) { if (bn_is_even(p)) { bn_add_dig(p, p, 1); } - bn_smb_jac(c, a, p); + r = bn_smb_jac(a, p); + bn_set_dig(c, (r < 0 ? -r : r)); + if (r < 0) { + bn_neg(c, c); + } bn_gcd(b, a, p); if (bn_cmp_dig(b, 1) != RLC_EQ) { - TEST_ASSERT(bn_is_zero(c), end); + TEST_ASSERT(r == 0, end); } else { - bn_set_dig(a, 1); - TEST_ASSERT(bn_cmp_abs(c, a) == RLC_EQ, end); + TEST_ASSERT(r == 1 || r == -1, end); } } TEST_END; @@ -1442,7 +1521,11 @@ static int symbol(void) { /* Check the first supplement: (-1|n) = (-1)^(n-1)/2. */ bn_set_dig(a, 1); bn_neg(a, a); - bn_smb_jac(b, a, p); + r = bn_smb_jac(a, p); + bn_set_dig(b, (r < 0 ? -r : r)); + if (r < 0) { + bn_neg(b, b); + } bn_sub_dig(c, p, 1); bn_rsh(c, c, 1); if (bn_is_even(c)) { @@ -1451,7 +1534,11 @@ static int symbol(void) { TEST_ASSERT(bn_cmp(a, b) == RLC_EQ, end); /* Check second supplement: (2|p) = (-1)^(p^2-1)/8. */ bn_set_dig(a, 2); - bn_smb_jac(b, a, p); + r = bn_smb_jac(a, p); + bn_set_dig(b, (r < 0 ? -r : r)); + if (r < 0) { + bn_neg(b, b); + } bn_sqr(c, p); bn_sub_dig(c, c, 1); bn_rsh(c, c, 3); @@ -1461,8 +1548,16 @@ static int symbol(void) { } TEST_ASSERT(bn_cmp(a, b) == RLC_EQ, end); /* Check quadratic reciprocity law. */ - bn_smb_jac(a, p, q); - bn_smb_jac(b, q, p); + r = bn_smb_jac(p, q); + bn_set_dig(a, (r < 0 ? -r : r)); + if (r < 0) { + bn_neg(a, a); + } + r = bn_smb_jac(q, p); + bn_set_dig(b, (r < 0 ? -r : r)); + if (r < 0) { + bn_neg(b, b); + } bn_sub_dig(c, p, 1); bn_rsh(c, c, 1); if (!bn_is_even(c)) { @@ -1621,12 +1716,14 @@ static int digit(void) { static int prime(void) { int code = RLC_ERR; - bn_t p; + bn_t p, q; bn_null(p); + bn_null(q); RLC_TRY { bn_new(p); + bn_new(q); TEST_ONCE("prime generation is consistent") { bn_gen_prime(p, RLC_BN_BITS); @@ -1656,7 +1753,6 @@ static int prime(void) { TEST_ASSERT(bn_is_prime(p) == 1, end); } TEST_END; #endif - bn_gen_prime(p, RLC_BN_BITS); TEST_ONCE("basic prime testing is correct") { @@ -1670,6 +1766,17 @@ static int prime(void) { TEST_ONCE("solovay-strassen prime testing is correct") { TEST_ASSERT(bn_is_prime_solov(p) == 1, end); } TEST_END; + + bn_gen_prime_factor(q, p, RLC_BN_BITS>>1, RLC_BN_BITS); + TEST_ONCE("prime with large (p-1) prime factor testing is correct") { + TEST_ASSERT(bn_is_prime(p) == 1, end); + TEST_ASSERT(bn_is_prime(q) == 1, end); + bn_sub_dig(p, p, 1); // (p-1) + bn_div(p, p, q); // (p-1)/q + bn_mul(p, p, q); // ((p-1)/q)*q + bn_add_dig(p, p, 1); // ((p-1)/q)*q+1 + TEST_ASSERT(bn_is_prime(p) == 1, end); + } TEST_END; } RLC_CATCH_ANY { RLC_ERROR(end); @@ -1677,6 +1784,7 @@ static int prime(void) { code = RLC_OK; end: bn_free(p); + bn_free(q); return code; } @@ -1742,16 +1850,20 @@ static int small_primes(void) { static int inversion(void) { int code = RLC_ERR; - bn_t a, b, c; + bn_t a, b, c, d[2]; bn_null(a); bn_null(b); bn_null(c); + bn_null(d[0]); + bn_null(d[1]); RLC_TRY { bn_new(a); bn_new(b); bn_new(c); + bn_new(d[0]); + bn_new(d[1]); bn_gen_prime(a, RLC_BN_BITS); @@ -1762,6 +1874,17 @@ static int inversion(void) { bn_mul(c, b, c); bn_mod(c, c, a); TEST_ASSERT(bn_cmp_dig(c, 1) == RLC_EQ, end); + bn_rand_mod(b, a); + bn_rand_mod(c, a); + bn_copy(d[0], b); + bn_copy(d[1], c); + bn_mod_inv_sim(d, d, a, 2); + bn_mul(b, b, d[0]); + bn_mod(b, b, a); + bn_mul(c, c, d[1]); + bn_mod(c, c, a); + TEST_ASSERT(bn_cmp_dig(b, 1) == RLC_EQ, end); + TEST_ASSERT(bn_cmp_dig(c, 1) == RLC_EQ, end); } TEST_END; } RLC_CATCH_ANY { @@ -1772,6 +1895,8 @@ static int inversion(void) { bn_free(a); bn_free(b); bn_free(c); + bn_free(d[0]); + bn_free(d[1]); return code; } diff --git a/test/test_cp.c b/test/test_cp.c index 22cfcc30f..f6baec561 100644 --- a/test/test_cp.c +++ b/test/test_cp.c @@ -39,7 +39,7 @@ static int rsa(void) { int code = RLC_ERR; rsa_t pub, prv; uint8_t in[10], out[RLC_BN_BITS / 8 + 1], h[RLC_MD_LEN]; - int il, ol; + size_t il, ol; int result; rsa_null(pub); @@ -90,7 +90,7 @@ static int rabin(void) { rabin_t pub, prv; uint8_t in[10]; uint8_t out[RLC_BN_BITS / 8 + 1]; - int in_len, out_len; + size_t in_len, out_len; int result; rabin_null(pub); @@ -130,7 +130,7 @@ static int benaloh(void) { bn_t a, b; dig_t in, out; uint8_t buf[RLC_BN_BITS / 8 + 1]; - int len; + size_t len; int result; bn_null(a); @@ -228,9 +228,7 @@ static int paillier(void) { bn_rand_mod(b, pub); TEST_ASSERT(cp_phpe_enc(c, a, pub) == RLC_OK, end); TEST_ASSERT(cp_phpe_enc(d, b, pub) == RLC_OK, end); - bn_mul(c, c, d); - bn_sqr(d, pub); - bn_mod(c, c, d); + TEST_ASSERT(cp_phpe_add(c, c, d, pub) == RLC_OK, end); TEST_ASSERT(cp_phpe_dec(d, c, prv) == RLC_OK, end); bn_add(a, a, b); bn_mod(a, a, pub); @@ -290,6 +288,84 @@ static int paillier(void) { return code; } + +static int subgroup_paillier() { + int code = RLC_ERR; + bn_t a, b, c, d; + shpe_t pub, prv; + int result, bits; + + bn_null(a); + bn_null(b); + bn_null(c); + bn_null(d); + shpe_null(pub); + shpe_null(prv); + + RLC_TRY { + bn_new(a); + bn_new(b); + bn_new(c); + bn_new(d); + shpe_new(pub); + shpe_new(prv); + + for (bits = 3; bits < 6; bits++) { + result = cp_shpe_gen(pub, prv, RLC_BN_BITS / (bits * 2), RLC_BN_BITS / 2); + + util_print("(o = %d, |n| = %d) ", RLC_BN_BITS / (bits * 2), RLC_BN_BITS / 2); + TEST_CASE("subgroup paillier encryption/decryption is correct") { + TEST_ASSERT(result == RLC_OK, end); + bn_rand_mod(a, pub->crt->n); + TEST_ASSERT(cp_shpe_enc(c, a, pub) == RLC_OK, end); + TEST_ASSERT(cp_shpe_dec(b, c, prv) == RLC_OK, end); + TEST_ASSERT(bn_cmp(a, b) == RLC_EQ, end); + } + TEST_END; + + util_print("(o = %d, |n| = %d) ", RLC_BN_BITS / (bits * 2), RLC_BN_BITS / 2); + TEST_CASE("subgroup paillier faster encryption with private key is correct") { + TEST_ASSERT(result == RLC_OK, end); + bn_rand_mod(a, pub->crt->n); + TEST_ASSERT(cp_shpe_enc_prv(c, a, prv) == RLC_OK, end); + TEST_ASSERT(cp_shpe_dec(b, c, prv) == RLC_OK, end); + TEST_ASSERT(bn_cmp(a, b) == RLC_EQ, end); + } + TEST_END; + + util_print("(o = %d, |n| = %d) ", RLC_BN_BITS / (bits * 2), RLC_BN_BITS / 2); + TEST_CASE("subgroup paillier encryption/decryption is homomorphic") { + TEST_ASSERT(result == RLC_OK, end); + bn_rand_mod(a, pub->crt->n); + bn_rand_mod(b, pub->crt->n); + TEST_ASSERT(cp_shpe_enc(c, a, pub) == RLC_OK, end); + TEST_ASSERT(cp_shpe_enc(d, b, pub) == RLC_OK, end); + bn_mul(c, c, d); + bn_sqr(d, pub->crt->n); + bn_mod(c, c, d); + TEST_ASSERT(cp_shpe_dec(d, c, prv) == RLC_OK, end); + bn_add(a, a, b); + bn_mod(a, a, pub->crt->n); + TEST_ASSERT(bn_cmp(a, d) == RLC_EQ, end); + } + TEST_END; + } + } + RLC_CATCH_ANY { + RLC_ERROR(end); + } + code = RLC_OK; + + end: + bn_free(a); + bn_free(b); + bn_free(c); + bn_free(d); + shpe_free(pub); + shpe_free(prv); + return code; +} + #if defined(WITH_EC) /* Test vectors generated by BouncyCastle. */ @@ -445,7 +521,7 @@ static int ecies(void) { ec_t r; bn_t da, d_b; ec_t qa, q_b; - int l, in_len, out_len; + size_t l, in_len, out_len; uint8_t in[RLC_BC_LEN - 1], out[RLC_BC_LEN + RLC_MD_LEN]; ec_null(r); @@ -736,7 +812,7 @@ static int pok(void) { static int sok(void) { int code = RLC_ERR; bn_t c[2], n, r[2], x; - ec_t y[2]; + ec_t g[2], y[2]; uint8_t m[5] = { 0, 1, 2, 3, 4 }; bn_null(n); @@ -748,9 +824,11 @@ static int sok(void) { for (int i = 0; i < 2; i++) { bn_null(c[i]); bn_null(r[i]); + ec_null(g[i]); ec_null(y[i]); bn_new(c[i]); bn_new(r[i]); + ec_new(g[i]); ec_new(y[i]); } ec_curve_get_ord(n); @@ -771,20 +849,42 @@ static int sok(void) { ec_rand(y[0]); ec_mul_gen(y[1], x); } while (ec_cmp(y[0], y[1]) == RLC_EQ); - TEST_ASSERT(cp_sokor_sig(c, r, m, 5, y, x, 0) == RLC_OK, end); - TEST_ASSERT(cp_sokor_ver(c, r, m, 5, y) == 1, end); + TEST_ASSERT(cp_sokor_sig(c, r, m, 5, y, NULL, x, 0) == RLC_OK, end); + TEST_ASSERT(cp_sokor_ver(c, r, m, 5, y, NULL) == 1, end); ec_dbl(y[1], y[1]); ec_norm(y[1], y[1]); - TEST_ASSERT(cp_sokor_ver(c, r, m, 5, y) == 0, end); + TEST_ASSERT(cp_sokor_ver(c, r, m, 5, y, NULL) == 0, end); do { ec_mul_gen(y[0], x); ec_rand(y[1]); } while (ec_cmp(y[0], y[1]) == RLC_EQ); - TEST_ASSERT(cp_sokor_sig(c, r, m, 5, y, x, 1) == RLC_OK, end); - TEST_ASSERT(cp_sokor_ver(c, r, m, 5, y) == 1, end); + TEST_ASSERT(cp_sokor_sig(c, r, m, 5, y, NULL, x, 1) == RLC_OK, end); + TEST_ASSERT(cp_sokor_ver(c, r, m, 5, y, NULL) == 1, end); ec_dbl(y[0], y[0]); ec_norm(y[0], y[0]); - TEST_ASSERT(cp_sokor_ver(c, r, m, 5, y) == 0, end); + TEST_ASSERT(cp_sokor_ver(c, r, m, 5, y, NULL) == 0, end); + do { + ec_curve_get_gen(g[0]); + ec_rand(g[1]); + ec_rand(y[0]); + ec_mul(y[1], g[1], x); + } while (ec_cmp(y[0], y[1]) == RLC_EQ); + TEST_ASSERT(cp_sokor_sig(c, r, m, 5, y, g, x, 0) == RLC_OK, end); + TEST_ASSERT(cp_sokor_ver(c, r, m, 5, y, g) == 1, end); + ec_dbl(y[1], y[1]); + ec_norm(y[1], y[1]); + TEST_ASSERT(cp_sokor_ver(c, r, m, 5, y, g) == 0, end); + do { + ec_rand(g[0]); + ec_mul(y[0], g[0], x); + ec_curve_get_gen(g[1]); + ec_rand(y[1]); + } while (ec_cmp(y[0], y[1]) == RLC_EQ); + TEST_ASSERT(cp_sokor_sig(c, r, m, 5, y, g, x, 1) == RLC_OK, end); + TEST_ASSERT(cp_sokor_ver(c, r, m, 5, y, g) == 1, end); + ec_dbl(y[0], y[0]); + ec_norm(y[0], y[0]); + TEST_ASSERT(cp_sokor_ver(c, r, m, 5, y, g) == 0, end); } TEST_END; } RLC_CATCH_ANY { @@ -798,17 +898,19 @@ static int sok(void) { for (int i = 0; i < 2; i++) { bn_free(c[i]); bn_free(r[i]); + ec_free(g[i]); ec_free(y[i]); } return code; } static int ers(void) { - int size, code = RLC_ERR; + int code = RLC_ERR; ec_t pp, pk[4]; bn_t sk[4], td; ers_t ring[4]; - uint8_t m[5] = { 0, 1, 2, 3, 4 }; + const uint8_t m[5] = { 0, 1, 2, 3, 4 }; + size_t size; bn_null(td); ec_null(pp); @@ -856,13 +958,68 @@ static int ers(void) { return code; } +static int smlers(void) { + int code = RLC_ERR; + ec_t pp, pk[4]; + bn_t sk[4], td; + smlers_t ring[4]; + const uint8_t m[5] = { 0, 1, 2, 3, 4 }; + size_t size; + + bn_null(td); + ec_null(pp); + + RLC_TRY { + bn_new(td); + ec_new(pp); + for (int i = 0; i < 4; i++) { + bn_null(sk[i]); + bn_new(sk[i]); + ec_null(pk[i]); + ec_new(pk[i]); + smlers_null(ring[i]); + smlers_new(ring[i]); + cp_ers_gen_key(sk[i], pk[i]); + } + + cp_ers_gen(pp); + + TEST_CASE("same-message linkable ext. ring signature scheme is correct") { + TEST_ASSERT(cp_smlers_sig(td, ring[0], m, 5, sk[0], pk[0], pp) == RLC_OK, end); + TEST_ASSERT(cp_smlers_ver(td, ring, 1, m, 5, pp) == 1, end); + TEST_ASSERT(cp_smlers_ver(td, ring, 1, m, 0, pp) == 0, end); + size = 1; + for (int j = 1; j < 4; j++) { + TEST_ASSERT(cp_smlers_ext(td, ring, &size, m, 5, pk[j], pp) == RLC_OK, end); + TEST_ASSERT(cp_smlers_ver(td, ring, size, m, 5, pp) == 1, end); + TEST_ASSERT(cp_smlers_ver(td, ring, size, m, 0, pp) == 0, end); + TEST_ASSERT(ec_cmp(ring[0]->tau, ring[j]->tau) == RLC_EQ, end); + } + } TEST_END; + } + RLC_CATCH_ANY { + RLC_ERROR(end); + } + code = RLC_OK; + +end: + bn_free(td); + ec_free(pp); + for (int i = 0; i < 4; i++) { + bn_free(sk[i]); + ec_free(pk[i]); + smlers_free(ring[i]) + } + return code; +} + static int etrs(void) { - int size, code = RLC_ERR; + int code = RLC_ERR; ec_t pp, pk[4]; bn_t sk[4], td[4], y[4]; etrs_t ring[4]; - uint8_t m[5] = { 0, 1, 2, 3, 4 }; - + const uint8_t m[5] = { 0, 1, 2, 3, 4 }; + size_t size; ec_null(pp); @@ -879,10 +1036,10 @@ static int etrs(void) { ec_new(pk[i]); etrs_null(ring[i]); etrs_new(ring[i]); - cp_etrs_gen_key(sk[i], pk[i]); + cp_ers_gen_key(sk[i], pk[i]); } - cp_etrs_gen(pp); + cp_ers_gen(pp); TEST_CASE("extendable threshold ring signature scheme is correct") { TEST_ASSERT(cp_etrs_sig(td, y, 4, ring[0], m, 5, sk[0], pk[0], pp) == RLC_OK, end); @@ -1011,7 +1168,7 @@ static int pdpub(void) { gt_free(g[0]); gt_free(g[1]); gt_free(g[2]); - return code; + return code; } static int pdprv(void) { @@ -1105,7 +1262,7 @@ static int pdprv(void) { g2_free(w2[i]); gt_free(g[i]); } - return code; + return code; } static int sokaka(void) { @@ -1153,7 +1310,7 @@ static int ibe(void) { g2_t prv; uint8_t in[10], out[10 + 2 * RLC_FP_BYTES + 1]; char *id = "Alice"; - int il, ol; + size_t il, ol; int result; bn_null(s); @@ -1268,10 +1425,15 @@ static int bgn(void) { out = in % 17; TEST_ASSERT(cp_bgn_enc1(c, in, pub) == RLC_OK, end); TEST_ASSERT(cp_bgn_enc2(e, out, pub) == RLC_OK, end); + TEST_ASSERT(cp_bgn_enc1(d, out, pub) == RLC_OK, end); + TEST_ASSERT(cp_bgn_enc2(f, in, pub) == RLC_OK, end); in = in * out; TEST_ASSERT(cp_bgn_mul(g, c, e) == RLC_OK, end); TEST_ASSERT(cp_bgn_dec(&t, g, prv) == RLC_OK, end); TEST_ASSERT(in == t, end); + TEST_ASSERT(cp_bgn_mul(g, d, f) == RLC_OK, end); + TEST_ASSERT(cp_bgn_dec(&t, g, prv) == RLC_OK, end); + TEST_ASSERT(in == t, end); TEST_ASSERT(cp_bgn_add(g, g, g) == RLC_OK, end); TEST_ASSERT(cp_bgn_dec(&t, g, prv) == RLC_OK, end); TEST_ASSERT(in + in == t, end); @@ -1385,9 +1547,9 @@ static int cls(void) { bn_t r, t, u, v, vs[4]; g1_t a, A, b, B, c, As[4], Bs[4]; g2_t x, y, z, zs[4]; - uint8_t m[5] = { 0, 1, 2, 3, 4 }; - uint8_t *msgs[5] = {m, m, m, m, m}; - int lens[5] = {sizeof(m), sizeof(m), sizeof(m), sizeof(m), sizeof(m)}; + const uint8_t m[5] = { 0, 1, 2, 3, 4 }; + const uint8_t *ms[5] = {m, m, m, m, m}; + const size_t ls[5] = {sizeof(m), sizeof(m), sizeof(m), sizeof(m), sizeof(m)}; bn_null(r); bn_null(t); @@ -1443,8 +1605,10 @@ static int cls(void) { TEST_CASE("camenisch-lysyanskaya message-independent signature is correct") { bn_rand(r, RLC_POS, 2 * pc_param_level()); TEST_ASSERT(cp_cli_gen(t, u, v, x, y, z) == RLC_OK, end); - TEST_ASSERT(cp_cli_sig(a, A, b, B, c, m, sizeof(m), r, t, u, v) == RLC_OK, end); - TEST_ASSERT(cp_cli_ver(a, A, b, B, c, m, sizeof(m), r, x, y, z) == 1, end); + TEST_ASSERT(cp_cli_sig(a, A, b, B, c, m, sizeof(m), r, t, u, v) + == RLC_OK, end); + TEST_ASSERT(cp_cli_ver(a, A, b, B, c, m, sizeof(m), r, x, y, z) + == 1, end); /* Check adversarial signature. */ g1_set_infty(a); g1_set_infty(A); @@ -1457,8 +1621,10 @@ static int cls(void) { TEST_CASE("camenisch-lysyanskaya message-block signature is correct") { TEST_ASSERT(cp_clb_gen(t, u, vs, x, y, zs, 5) == RLC_OK, end); - TEST_ASSERT(cp_clb_sig(a, As, b, Bs, c, msgs, lens, t, u, vs, 5) == RLC_OK, end); - TEST_ASSERT(cp_clb_ver(a, As, b, Bs, c, msgs, lens, x, y, zs, 5) == 1, end); + TEST_ASSERT(cp_clb_sig(a, As, b, Bs, c, ms, ls, t, u, vs, 5) + == RLC_OK, end); + TEST_ASSERT(cp_clb_ver(a, As, b, Bs, c, ms, ls, x, y, zs, 5) + == 1, end); } TEST_END; } @@ -1468,8 +1634,8 @@ static int cls(void) { code = RLC_OK; end: - bn_free(r); - bn_free(t); + bn_free(r); + bn_free(t); bn_free(u); bn_free(v); g1_free(a); @@ -1486,7 +1652,7 @@ static int cls(void) { g1_free(Bs[i]); g2_free(zs[i]); } - return code; + return code; } static int pss(void) { @@ -1563,7 +1729,7 @@ static int pss(void) { bn_free(_v[i]); g2_free(_y[i]); } - return code; + return code; } #if defined(WITH_MPC) @@ -1625,9 +1791,9 @@ static int mpss(void) { TEST_CASE("multi-party pointcheval-sanders simple signature is correct") { pc_map_tri(t); - mt_gen(tri[0], n); - mt_gen(tri[1], n); - mt_gen(tri[2], n); + mpc_mt_gen(tri[0], n); + mpc_mt_gen(tri[1], n); + mpc_mt_gen(tri[2], n); gt_exp_gen(e[0], tri[2][0]->b); gt_exp_gen(e[1], tri[2][1]->b); gt_exp_gen(f[0], tri[2][0]->c); @@ -1655,9 +1821,9 @@ static int mpss(void) { TEST_CASE("multi-party pointcheval-sanders block signature is correct") { g1_get_ord(n); pc_map_tri(t); - mt_gen(tri[0], n); - mt_gen(tri[1], n); - mt_gen(tri[2], n); + mpc_mt_gen(tri[0], n); + mpc_mt_gen(tri[1], n); + mpc_mt_gen(tri[2], n); gt_exp_gen(e[0], tri[2][0]->b); gt_exp_gen(e[1], tri[2][1]->b); gt_exp_gen(f[0], tri[2][0]->c); @@ -1689,7 +1855,7 @@ static int mpss(void) { code = RLC_OK; end: - bn_free(n); + bn_free(n); g1_free(g); g2_free(h); for (i = 0; i < 2; i++) { @@ -1711,7 +1877,7 @@ static int mpss(void) { g2_free(_y[j][i]); } } - return code; + return code; } #endif @@ -1770,10 +1936,11 @@ static int lhs(void) { g1_t a[S][L], c[S][L], r[S][L]; g2_t _s, s[S][L], pk[S], y[S], z[S]; gt_t *hs[S], vk; - char *data = "database-identifier"; - char *id[S] = { "Alice", "Bob" }; - dig_t *f[S] = { NULL }; - int flen[S]; + const char *data = "database-identifier"; + const char *id[S] = { "Alice", "Bob" }; + dig_t ft[S], *f[S] = { NULL }; + size_t flen[S]; + char *ls[L] = { NULL }; bn_null(m); bn_null(n); @@ -1843,20 +2010,21 @@ static int lhs(void) { /* Initialize scheme for messages of single components. */ g1_get_ord(n); cp_cmlhs_init(h); - for (int j = 0; j < S; j++) { - cp_cmlhs_gen(x[j], hs[j], L, k[j], K, sk[j], pk[j], d[j], y[j]); - } TEST_CASE("context-hiding linear homomorphic signature is correct") { - int label[L]; - /* Compute all signatures. */ + int label[L], b = i % 2; + + for (int j = 0; j < S; j++) { + cp_cmlhs_gen(x[j], hs[j], L, k[j], K, sk[j], pk[j], d[j], y[j], b); + } + /* Compute all signatures (ECDSA if b = 0; BLS if b = 1). */ for (int j = 0; j < S; j++) { for (int l = 0; l < L; l++) { label[l] = l; bn_rand_mod(msg[j][l], n); - cp_cmlhs_sig(sig[j], z[j], a[j][l], c[j][l], r[j][l], s[j][l], - msg[j][l], data, label[l], x[j][l], h, k[j], K, - d[j], sk[j]); + cp_cmlhs_sig(sig[j], z[j], a[j][l], c[j][l], r[j][l], + s[j][l], msg[j][l], data, label[l], x[j][l], h, k[j], K, + d[j], sk[j], b); } } /* Apply linear function over signatures. */ @@ -1883,17 +2051,15 @@ static int lhs(void) { } TEST_ASSERT(cp_cmlhs_ver(_r, _s, sig, z, as, cs, m, data, h, label, - hs, f, flen, y, pk, S) == 1, end); + (const gt_t **)hs, (const dig_t **)f, flen, y, pk, S, b), end); - cp_cmlhs_off(vk, h, label, hs, f, flen, y, pk, S); + cp_cmlhs_off(vk, h, label, (const gt_t **)hs, (const dig_t **)f, + flen, S); TEST_ASSERT(cp_cmlhs_onv(_r, _s, sig, z, as, cs, m, data, h, vk, - y, pk, S) == 1, end); + y, pk, S, b) == 1, end); } TEST_END; - char *ls[L] = { NULL }; - dig_t ft[S]; - TEST_CASE("simple linear multi-key homomorphic signature is correct") { for (int j = 0; j < S; j++) { cp_mklhs_gen(sk[j], pk[j]); @@ -1924,9 +2090,11 @@ static int lhs(void) { } } - TEST_ASSERT(cp_mklhs_ver(_r, m, d, data, id, ls, f, flen, pk, S), end); + TEST_ASSERT(cp_mklhs_ver(_r, m, d, data, id, (const char **)ls, + (const dig_t **)f, flen, pk, S), end); - cp_mklhs_off(as, ft, id, ls, f, flen, S); + cp_mklhs_off(as, ft, id, (const char **)ls, (const dig_t **)f, + flen, S); TEST_ASSERT(cp_mklhs_onv(_r, m, d, data, id, as, ft, pk, S), end); } TEST_END; @@ -1937,36 +2105,186 @@ static int lhs(void) { code = RLC_OK; end: - bn_free(n); - bn_free(m); - g1_free(h); - g1_free(_r); - g2_free(_s); - gt_free(vk); - - for (int i = 0; i < S; i++) { - RLC_FREE(f[i]); - for (int j = 0; j < RLC_TERMS; j++) { + bn_free(n); + bn_free(m); + g1_free(h); + g1_free(_r); + g2_free(_s); + gt_free(vk); + + for (int i = 0; i < S; i++) { + RLC_FREE(f[i]); + for (int j = 0; j < RLC_TERMS; j++) { gt_free(hs[i][j]); - } - RLC_FREE(hs[i]); - for (int j = 0; j < L; j++) { - bn_free(x[i][j]); - bn_free(msg[i][j]); - g1_free(a[i][j]); - g1_free(c[i][j]); - g1_free(r[i][j]); - g2_free(s[i][j]); - } - bn_free(sk[i]); - bn_free(d[i]); - g1_free(sig[i]); - g1_free(as[i]); - g1_free(cs[i]); - g2_free(y[i]); - g2_free(z[i]); - g2_free(pk[i]); - } + } + RLC_FREE(hs[i]); + for (int j = 0; j < L; j++) { + bn_free(x[i][j]); + bn_free(msg[i][j]); + g1_free(a[i][j]); + g1_free(c[i][j]); + g1_free(r[i][j]); + g2_free(s[i][j]); + } + bn_free(sk[i]); + bn_free(d[i]); + g1_free(sig[i]); + g1_free(as[i]); + g1_free(cs[i]); + g2_free(y[i]); + g2_free(z[i]); + g2_free(pk[i]); + } + return code; +} + +#define M 5 /* Number of server messages (larger). */ +#define N 2 /* Number of client messages. */ + +static int psi(void) { + int result, code = RLC_ERR; + bn_t g, n, q, r, p[M], x[M], v[N], w[N], y[N], z[M]; + g1_t u[M], ss; + g2_t d[M + 1], s[M + 1]; + gt_t t[M]; + crt_t crt; + size_t l; + + bn_null(g); + bn_null(n); + bn_null(q); + bn_null(r); + g1_null(ss); + crt_null(crt); + + RLC_TRY { + bn_new(g); + bn_new(n); + bn_new(q); + bn_new(r); + g1_new(ss); + for (int i = 0; i < M; i++) { + bn_null(p[i]); + bn_null(x[i]); + bn_null(z[i]); + g2_null(d[i]); + g2_null(s[i]); + bn_new(p[i]); + bn_new(x[i]); + bn_new(z[i]); + g2_new(d[i]); + g2_new(s[i]); + } + g2_null(s[M]); + g2_new(s[M]); + g2_null(d[M]); + g2_new(d[M]); + for (int i = 0; i < N; i++) { + bn_null(v[i]); + bn_null(w[i]); + bn_null(y[i]); + g1_null(u[i]); + gt_null(t[i]); + bn_new(v[i]); + bn_new(w[i]); + bn_new(y[i]); + g1_new(u[i]); + gt_new(t[i]); + } + crt_new(crt); + + result = cp_rsapsi_gen(g, n, RLC_BN_BITS); + + TEST_CASE("factoring-based laconic private set intersection is correct") { + TEST_ASSERT(result == RLC_OK, end); + for (int j = 0; j < M; j++) { + bn_rand_mod(x[j], n); + } + for (int j = 0; j < N; j++) { + bn_rand_mod(y[j], n); + } + TEST_ASSERT(cp_rsapsi_ask(q, r, p, g, n, x, M) == RLC_OK, end); + for (int k = 0; k <= N; k++) { + for (int j = 0; j < k; j++) { + bn_copy(y[j], x[j]); + } + TEST_ASSERT(cp_rsapsi_ans(v, w, q, g, n, y, N) == RLC_OK, end); + TEST_ASSERT(cp_rsapsi_int(z, &l, r, p, n, x, M, v, w, N) == RLC_OK, end); + TEST_ASSERT(l == k, end); + } + } TEST_END; + + result = cp_shipsi_gen(g, crt, RLC_BN_BITS); + + TEST_CASE("factoring-based size-hiding private set intersection is correct") { + TEST_ASSERT(result == RLC_OK, end); + for (int j = 0; j < M; j++) { + bn_rand_mod(x[j], crt->n); + } + for (int j = 0; j < N; j++) { + bn_rand_mod(y[j], crt->n); + } + TEST_ASSERT(cp_shipsi_ask(q, r, p, g, crt->n, x, M) == RLC_OK, end); + for (int k = 0; k <= N; k++) { + for (int j = 0; j < k; j++) { + bn_copy(y[j], x[j]); + } + TEST_ASSERT(cp_shipsi_ans(v, w[0], q, g, crt, y, N) == RLC_OK, + end); + TEST_ASSERT(cp_shipsi_int(z, &l, r, p, crt->n, x, M, v, w[0], + N) == RLC_OK, end); + TEST_ASSERT(l == k, end); + } + } TEST_END; + + TEST_CASE("pairing-based laconic private set intersection is correct") { + pc_get_ord(q); + for (int j = 0; j < M; j++) { + bn_rand_mod(x[j], q); + } + for (int j = 0; j < N; j++) { + bn_rand_mod(y[j], q); + } + TEST_ASSERT(cp_pbpsi_gen(q, ss, s, M) == RLC_OK, end); + TEST_ASSERT(cp_pbpsi_ask(d, r, x, s, M) == RLC_OK, end); + for (int k = 0; k <= N; k++) { + for (int j = 0; j < k; j++) { + bn_copy(y[j], x[j]); + } + TEST_ASSERT(cp_pbpsi_ans(t, u, ss, d[0], y, N) == RLC_OK, end); + TEST_ASSERT(cp_pbpsi_int(z, &l, d, x, M, t, u, N) == RLC_OK, + end); + TEST_ASSERT(l == k, end); + } + } TEST_END; + } + RLC_CATCH_ANY { + RLC_ERROR(end); + } + code = RLC_OK; + end: + bn_free(g); + bn_free(n); + bn_free(q); + bn_free(r); + g1_free(ss); + for (int i = 0; i < M; i++) { + bn_free(p[i]); + bn_free(x[i]); + bn_free(z[i]); + g2_free(d[i]); + g2_free(s[i]); + } + g2_free(d[M]); + g2_free(s[M]); + for (int i = 0; i < N; i++) { + bn_free(v[i]); + bn_free(w[i]); + bn_free(y[i]); + g1_free(u[i]); + gt_free(t[i]); + } + crt_free(crt); return code; } @@ -1980,9 +2298,18 @@ int main(void) { util_banner("Tests for the CP module", 0); + #if defined(WITH_BN) && defined(WITH_PC) + util_banner("Protocols based on accumulators:\n", 0); + if (pc_param_set_any() == RLC_OK) { + if (psi() != RLC_OK) { + core_clean(); + return 1; + } + } + #endif + #if defined(WITH_BN) util_banner("Protocols based on integer factorization:\n", 0); - if (rsa() != RLC_OK) { core_clean(); return 1; @@ -2003,6 +2330,10 @@ int main(void) { return 1; } + if (subgroup_paillier() != RLC_OK) { + core_clean(); + return 1; + } #endif #if defined(WITH_EC) @@ -2055,6 +2386,11 @@ int main(void) { return 1; } + if (smlers() != RLC_OK) { + core_clean(); + return 1; + } + if (etrs() != RLC_OK) { core_clean(); return 1; diff --git a/test/test_ec.c b/test/test_ec.c index bd2dc7f93..63e89d6c7 100644 --- a/test/test_ec.c +++ b/test/test_ec.c @@ -391,14 +391,14 @@ static int multiplication(void) { } TEST_END; TEST_CASE("point multiplication by digit is correct") { - ep_mul_dig(r, p, 0); - TEST_ASSERT(ep_is_infty(r), end); - ep_mul_dig(r, p, 1); - TEST_ASSERT(ep_cmp(p, r) == RLC_EQ, end); + ec_mul_dig(r, p, 0); + TEST_ASSERT(ec_is_infty(r), end); + ec_mul_dig(r, p, 1); + TEST_ASSERT(ec_cmp(p, r) == RLC_EQ, end); bn_rand(k, RLC_POS, RLC_DIG); - ep_mul(q, p, k); - ep_mul_dig(r, p, k->dp[0]); - TEST_ASSERT(ep_cmp(q, r) == RLC_EQ, end); + ec_mul(q, p, k); + ec_mul_dig(r, p, k->dp[0]); + TEST_ASSERT(ec_cmp(q, r) == RLC_EQ, end); } TEST_END; } diff --git a/test/test_ed.c b/test/test_ed.c index e1e371f26..f593297f3 100644 --- a/test/test_ed.c +++ b/test/test_ed.c @@ -874,232 +874,304 @@ static int fixed(void) { static int simultaneous(void) { int code = RLC_ERR; - bn_t n, k, l; - ed_t p, q, r; + bn_t n, k[17]; + ed_t p[17], r; bn_null(n); - bn_null(k); - bn_null(l); - ed_null(p); - ed_null(q); ed_null(r); RLC_TRY { bn_new(n); - bn_new(k); - bn_new(l); - ed_new(p); - ed_new(q); ed_new(r); + for (int i = 0; i <= 16; i++) { + bn_null(k[i]); + bn_new(k[i]); + ed_null(p[i]); + ed_new(p[i]); + } - ed_curve_get_gen(p); + ed_curve_get_gen(p[0]); ed_curve_get_ord(n); TEST_CASE("simultaneous point multiplication is correct") { - bn_zero(k); - bn_rand_mod(l, n); - ed_mul(q, p, l); - ed_mul_sim(r, p, k, p, l); - TEST_ASSERT(ed_cmp(q, r) == RLC_EQ, end); - bn_rand_mod(k, n); - bn_zero(l); - ed_mul(q, p, k); - ed_mul_sim(r, p, k, p, l); - TEST_ASSERT(ed_cmp(q, r) == RLC_EQ, end); - bn_rand_mod(k, n); - bn_rand_mod(l, n); - ed_mul_sim(r, p, k, q, l); - ed_mul(p, p, k); - ed_mul(q, q, l); - ed_add(q, q, p); - ed_norm(q, q); - TEST_ASSERT(ed_cmp(q, r) == RLC_EQ, end); - bn_neg(k, k); - ed_mul_sim(r, p, k, q, l); - ed_mul(p, p, k); - ed_mul(q, q, l); - ed_add(q, q, p); - ed_norm(q, q); - TEST_ASSERT(ed_cmp(q, r) == RLC_EQ, end); - bn_neg(l, l); - ed_mul_sim(r, p, k, q, l); - ed_mul(p, p, k); - ed_mul(q, q, l); - ed_add(q, q, p); - TEST_ASSERT(ed_cmp(q, r) == RLC_EQ, end); + bn_zero(k[0]); + bn_rand_mod(k[1], n); + ed_mul(p[1], p[0], k[1]); + ed_mul_sim(r, p[0], k[0], p[0], k[1]); + TEST_ASSERT(ed_cmp(p[1], r) == RLC_EQ, end); + bn_rand_mod(k[0], n); + bn_zero(k[1]); + ed_mul(p[1], p[0], k[0]); + ed_mul_sim(r, p[0], k[0], p[0], k[1]); + TEST_ASSERT(ed_cmp(p[1], r) == RLC_EQ, end); + bn_rand_mod(k[0], n); + bn_rand_mod(k[1], n); + ed_mul_sim(r, p[0], k[0], p[1], k[1]); + ed_mul(p[0], p[0], k[0]); + ed_mul(p[1], p[1], k[1]); + ed_add(p[1], p[1], p[0]); + TEST_ASSERT(ed_cmp(p[1], r) == RLC_EQ, end); + bn_neg(k[0], k[0]); + ed_mul_sim(r, p[0], k[0], p[1], k[1]); + ed_mul(p[0], p[0], k[0]); + ed_mul(p[1], p[1], k[1]); + ed_add(p[1], p[1], p[0]); + TEST_ASSERT(ed_cmp(p[1], r) == RLC_EQ, end); + bn_neg(k[1], k[1]); + ed_mul_sim(r, p[0], k[0], p[1], k[1]); + ed_mul(p[0], p[0], k[0]); + ed_mul(p[1], p[1], k[1]); + ed_add(p[1], p[1], p[0]); + TEST_ASSERT(ed_cmp(p[1], r) == RLC_EQ, end); + bn_rand_mod(k[0], n); + bn_rand_mod(k[1], n); + bn_add(k[0], k[0], n); + bn_add(k[1], k[1], n); + ed_mul_sim(r, p[0], k[0], p[1], k[1]); + ed_mul(p[0], p[0], k[0]); + ed_mul(p[1], p[1], k[1]); + ed_add(p[1], p[1], p[0]); + TEST_ASSERT(ed_cmp(p[1], r) == RLC_EQ, end); + ed_mul_sim(r, p[0], k[0], p[1], k[1]); + ed_mul_sim_lot(p[1], p, k, 2); + TEST_ASSERT(ed_cmp(p[1], r) == RLC_EQ, end); } TEST_END; -#if ED_SIM == BASIC || !defined(STRIP) +#if EP_SIM == BASIC || !defined(STRIP) TEST_CASE("basic simultaneous point multiplication is correct") { - bn_zero(k); - bn_rand_mod(l, n); - ed_mul(q, p, l); - ed_mul_sim_basic(r, p, k, p, l); - TEST_ASSERT(ed_cmp(q, r) == RLC_EQ, end); - bn_rand_mod(k, n); - bn_zero(l); - ed_mul(q, p, k); - ed_mul_sim_basic(r, p, k, p, l); - TEST_ASSERT(ed_cmp(q, r) == RLC_EQ, end); - bn_rand_mod(k, n); - bn_rand_mod(l, n); - ed_mul_sim_basic(r, p, k, q, l); - ed_mul(p, p, k); - ed_mul(q, q, l); - ed_add(q, q, p); - ed_norm(q, q); - TEST_ASSERT(ed_cmp(q, r) == RLC_EQ, end); - bn_neg(k, k); - ed_mul_sim_basic(r, p, k, q, l); - ed_mul(p, p, k); - ed_mul(q, q, l); - ed_add(q, q, p); - ed_norm(q, q); - TEST_ASSERT(ed_cmp(q, r) == RLC_EQ, end); - bn_neg(l, l); - ed_mul_sim_basic(r, p, k, q, l); - ed_mul(p, p, k); - ed_mul(q, q, l); - ed_add(q, q, p); - TEST_ASSERT(ed_cmp(q, r) == RLC_EQ, end); + bn_zero(k[0]); + bn_rand_mod(k[1], n); + ed_mul(p[1], p[0], k[1]); + ed_mul_sim_basic(r, p[0], k[0], p[0], k[1]); + TEST_ASSERT(ed_cmp(p[1], r) == RLC_EQ, end); + bn_rand_mod(k[0], n); + bn_zero(k[1]); + ed_mul(p[1], p[0], k[0]); + ed_mul_sim_basic(r, p[0], k[0], p[0], k[1]); + TEST_ASSERT(ed_cmp(p[1], r) == RLC_EQ, end); + bn_rand_mod(k[0], n); + bn_rand_mod(k[1], n); + ed_mul_sim_basic(r, p[0], k[0], p[1], k[1]); + ed_mul(p[0], p[0], k[0]); + ed_mul(p[1], p[1], k[1]); + ed_add(p[1], p[1], p[0]); + TEST_ASSERT(ed_cmp(p[1], r) == RLC_EQ, end); + bn_neg(k[0], k[0]); + ed_mul_sim_basic(r, p[0], k[0], p[1], k[1]); + ed_mul(p[0], p[0], k[0]); + ed_mul(p[1], p[1], k[1]); + ed_add(p[1], p[1], p[0]); + TEST_ASSERT(ed_cmp(p[1], r) == RLC_EQ, end); + bn_neg(k[1], k[1]); + ed_mul_sim_basic(r, p[0], k[0], p[1], k[1]); + ed_mul(p[0], p[0], k[0]); + ed_mul(p[1], p[1], k[1]); + ed_add(p[1], p[1], p[0]); + TEST_ASSERT(ed_cmp(p[1], r) == RLC_EQ, end); + bn_rand_mod(k[0], n); + bn_rand_mod(k[1], n); + bn_add(k[0], k[0], n); + bn_add(k[1], k[1], n); + ed_mul_sim_basic(r, p[0], k[0], p[1], k[1]); + ed_mul(p[0], p[0], k[0]); + ed_mul(p[1], p[1], k[1]); + ed_add(p[1], p[1], p[0]); + TEST_ASSERT(ed_cmp(p[1], r) == RLC_EQ, end); } TEST_END; #endif -#if ED_SIM == TRICK || !defined(STRIP) +#if EP_SIM == TRICK || !defined(STRIP) TEST_CASE("shamir's trick for simultaneous multiplication is correct") { - bn_zero(k); - bn_rand_mod(l, n); - ed_mul(q, p, l); - ed_mul_sim_trick(r, p, k, p, l); - TEST_ASSERT(ed_cmp(q, r) == RLC_EQ, end); - bn_rand_mod(k, n); - bn_zero(l); - ed_mul(q, p, k); - ed_mul_sim_trick(r, p, k, p, l); - TEST_ASSERT(ed_cmp(q, r) == RLC_EQ, end); - bn_rand_mod(k, n); - bn_rand_mod(l, n); - ed_mul_sim_trick(r, p, k, q, l); - ed_mul(p, p, k); - ed_mul(q, q, l); - ed_add(q, q, p); - ed_norm(q, q); - TEST_ASSERT(ed_cmp(q, r) == RLC_EQ, end); - bn_neg(k, k); - ed_mul_sim_trick(r, p, k, q, l); - ed_mul(p, p, k); - ed_mul(q, q, l); - ed_add(q, q, p); - ed_norm(q, q); - TEST_ASSERT(ed_cmp(q, r) == RLC_EQ, end); - bn_neg(l, l); - ed_mul_sim_trick(r, p, k, q, l); - ed_mul(p, p, k); - ed_mul(q, q, l); - ed_add(q, q, p); - TEST_ASSERT(ed_cmp(q, r) == RLC_EQ, end); + bn_zero(k[0]); + bn_rand_mod(k[1], n); + ed_mul(p[1], p[0], k[1]); + ed_mul_sim_trick(r, p[0], k[0], p[0], k[1]); + TEST_ASSERT(ed_cmp(p[1], r) == RLC_EQ, end); + bn_rand_mod(k[0], n); + bn_zero(k[1]); + ed_mul(p[1], p[0], k[0]); + ed_mul_sim_trick(r, p[0], k[0], p[0], k[1]); + TEST_ASSERT(ed_cmp(p[1], r) == RLC_EQ, end); + bn_rand_mod(k[0], n); + bn_rand_mod(k[1], n); + ed_mul_sim_trick(r, p[0], k[0], p[1], k[1]); + ed_mul(p[0], p[0], k[0]); + ed_mul(p[1], p[1], k[1]); + ed_add(p[1], p[1], p[0]); + TEST_ASSERT(ed_cmp(p[1], r) == RLC_EQ, end); + bn_neg(k[0], k[0]); + ed_mul_sim_trick(r, p[0], k[0], p[1], k[1]); + ed_mul(p[0], p[0], k[0]); + ed_mul(p[1], p[1], k[1]); + ed_add(p[1], p[1], p[0]); + TEST_ASSERT(ed_cmp(p[1], r) == RLC_EQ, end); + bn_neg(k[1], k[1]); + ed_mul_sim_trick(r, p[0], k[0], p[1], k[1]); + ed_mul(p[0], p[0], k[0]); + ed_mul(p[1], p[1], k[1]); + ed_add(p[1], p[1], p[0]); + TEST_ASSERT(ed_cmp(p[1], r) == RLC_EQ, end); + bn_rand_mod(k[0], n); + bn_rand_mod(k[1], n); + bn_add(k[0], k[0], n); + bn_add(k[1], k[1], n); + ed_mul_sim_trick(r, p[0], k[0], p[1], k[1]); + ed_mul(p[0], p[0], k[0]); + ed_mul(p[1], p[1], k[1]); + ed_add(p[1], p[1], p[0]); + TEST_ASSERT(ed_cmp(p[1], r) == RLC_EQ, end); } TEST_END; #endif -#if ED_SIM == INTER || !defined(STRIP) +#if EP_SIM == INTER || !defined(STRIP) TEST_CASE("interleaving for simultaneous multiplication is correct") { - bn_zero(k); - bn_rand_mod(l, n); - ed_mul(q, p, l); - ed_mul_sim_inter(r, p, k, p, l); - TEST_ASSERT(ed_cmp(q, r) == RLC_EQ, end); - bn_rand_mod(k, n); - bn_zero(l); - ed_mul(q, p, k); - ed_mul_sim_inter(r, p, k, p, l); - TEST_ASSERT(ed_cmp(q, r) == RLC_EQ, end); - bn_rand_mod(k, n); - bn_rand_mod(l, n); - ed_mul_sim_inter(r, p, k, q, l); - ed_mul(p, p, k); - ed_mul(q, q, l); - ed_add(q, q, p); - ed_norm(q, q); - TEST_ASSERT(ed_cmp(q, r) == RLC_EQ, end); - bn_neg(k, k); - ed_mul_sim_inter(r, p, k, q, l); - ed_mul(p, p, k); - ed_mul(q, q, l); - ed_add(q, q, p); - ed_norm(q, q); - TEST_ASSERT(ed_cmp(q, r) == RLC_EQ, end); - bn_neg(l, l); - ed_mul_sim_inter(r, p, k, q, l); - ed_mul(p, p, k); - ed_mul(q, q, l); - ed_add(q, q, p); - TEST_ASSERT(ed_cmp(q, r) == RLC_EQ, end); + bn_zero(k[0]); + bn_rand_mod(k[1], n); + ed_mul(p[1], p[0], k[1]); + ed_mul_sim_inter(r, p[0], k[0], p[0], k[1]); + TEST_ASSERT(ed_cmp(p[1], r) == RLC_EQ, end); + bn_rand_mod(k[0], n); + bn_zero(k[1]); + ed_mul(p[1], p[0], k[0]); + ed_mul_sim_inter(r, p[0], k[0], p[0], k[1]); + TEST_ASSERT(ed_cmp(p[1], r) == RLC_EQ, end); + bn_rand_mod(k[0], n); + bn_rand_mod(k[1], n); + ed_mul_sim_inter(r, p[0], k[0], p[1], k[1]); + ed_mul(p[0], p[0], k[0]); + ed_mul(p[1], p[1], k[1]); + ed_add(p[1], p[1], p[0]); + TEST_ASSERT(ed_cmp(p[1], r) == RLC_EQ, end); + bn_neg(k[0], k[0]); + ed_mul_sim_inter(r, p[0], k[0], p[1], k[1]); + ed_mul(p[0], p[0], k[0]); + ed_mul(p[1], p[1], k[1]); + ed_add(p[1], p[1], p[0]); + TEST_ASSERT(ed_cmp(p[1], r) == RLC_EQ, end); + bn_neg(k[1], k[1]); + ed_mul_sim_inter(r, p[0], k[0], p[1], k[1]); + ed_mul(p[0], p[0], k[0]); + ed_mul(p[1], p[1], k[1]); + ed_add(p[1], p[1], p[0]); + TEST_ASSERT(ed_cmp(p[1], r) == RLC_EQ, end); + bn_rand_mod(k[0], n); + bn_rand_mod(k[1], n); + bn_add(k[0], k[0], n); + bn_add(k[1], k[1], n); + ed_mul_sim_inter(r, p[0], k[0], p[1], k[1]); + ed_mul(p[0], p[0], k[0]); + ed_mul(p[1], p[1], k[1]); + ed_add(p[1], p[1], p[0]); + TEST_ASSERT(ed_cmp(p[1], r) == RLC_EQ, end); } TEST_END; #endif -#if ED_SIM == JOINT || !defined(STRIP) +#if EP_SIM == JOINT || !defined(STRIP) TEST_CASE("jsf for simultaneous multiplication is correct") { - bn_zero(k); - bn_rand_mod(l, n); - ed_mul(q, p, l); - ed_mul_sim_joint(r, p, k, p, l); - TEST_ASSERT(ed_cmp(q, r) == RLC_EQ, end); - bn_rand_mod(k, n); - bn_zero(l); - ed_mul(q, p, k); - ed_mul_sim_joint(r, p, k, p, l); - TEST_ASSERT(ed_cmp(q, r) == RLC_EQ, end); - bn_rand_mod(k, n); - bn_rand_mod(l, n); - ed_mul_sim_joint(r, p, k, q, l); - ed_mul(p, p, k); - ed_mul(q, q, l); - ed_add(q, q, p); - ed_norm(q, q); - TEST_ASSERT(ed_cmp(q, r) == RLC_EQ, end); - bn_neg(k, k); - ed_mul_sim_joint(r, p, k, q, l); - ed_mul(p, p, k); - ed_mul(q, q, l); - ed_add(q, q, p); - ed_norm(q, q); - TEST_ASSERT(ed_cmp(q, r) == RLC_EQ, end); - bn_neg(l, l); - ed_mul_sim_joint(r, p, k, q, l); - ed_mul(p, p, k); - ed_mul(q, q, l); - ed_add(q, q, p); - TEST_ASSERT(ed_cmp(q, r) == RLC_EQ, end); + bn_zero(k[0]); + bn_rand_mod(k[1], n); + ed_mul(p[1], p[0], k[1]); + ed_mul_sim_joint(r, p[0], k[0], p[0], k[1]); + TEST_ASSERT(ed_cmp(p[1], r) == RLC_EQ, end); + bn_rand_mod(k[0], n); + bn_zero(k[1]); + ed_mul(p[1], p[0], k[0]); + ed_mul_sim_joint(r, p[0], k[0], p[0], k[1]); + TEST_ASSERT(ed_cmp(p[1], r) == RLC_EQ, end); + bn_rand_mod(k[0], n); + bn_rand_mod(k[1], n); + ed_mul_sim_joint(r, p[0], k[0], p[1], k[1]); + ed_mul(p[0], p[0], k[0]); + ed_mul(p[1], p[1], k[1]); + ed_add(p[1], p[1], p[0]); + TEST_ASSERT(ed_cmp(p[1], r) == RLC_EQ, end); + bn_neg(k[0], k[0]); + ed_mul_sim_joint(r, p[0], k[0], p[1], k[1]); + ed_mul(p[0], p[0], k[0]); + ed_mul(p[1], p[1], k[1]); + ed_add(p[1], p[1], p[0]); + TEST_ASSERT(ed_cmp(p[1], r) == RLC_EQ, end); + bn_neg(k[1], k[1]); + ed_mul_sim_joint(r, p[0], k[0], p[1], k[1]); + ed_mul(p[0], p[0], k[0]); + ed_mul(p[1], p[1], k[1]); + ed_add(p[1], p[1], p[0]); + TEST_ASSERT(ed_cmp(p[1], r) == RLC_EQ, end); + bn_rand_mod(k[0], n); + bn_rand_mod(k[1], n); + bn_add(k[0], k[0], n); + bn_add(k[1], k[1], n); + ed_mul_sim_joint(r, p[0], k[0], p[1], k[1]); + ed_mul(p[0], p[0], k[0]); + ed_mul(p[1], p[1], k[1]); + ed_add(p[1], p[1], p[0]); + TEST_ASSERT(ed_cmp(p[1], r) == RLC_EQ, end); } TEST_END; #endif TEST_CASE("simultaneous multiplication with generator is correct") { - bn_zero(k); - bn_rand_mod(l, n); - ed_mul(q, p, l); - ed_mul_sim_gen(r, k, p, l); - TEST_ASSERT(ed_cmp(q, r) == RLC_EQ, end); - bn_rand_mod(k, n); - bn_zero(l); - ed_mul_gen(q, k); - ed_mul_sim_gen(r, k, p, l); - TEST_ASSERT(ed_cmp(q, r) == RLC_EQ, end); - bn_rand_mod(k, n); - bn_rand_mod(l, n); - ed_mul_sim_gen(r, k, q, l); - ed_curve_get_gen(p); - ed_mul_sim(q, p, k, q, l); - TEST_ASSERT(ed_cmp(q, r) == RLC_EQ, end); - bn_neg(k, k); - ed_mul_sim_gen(r, k, q, l); - ed_curve_get_gen(p); - ed_mul_sim(q, p, k, q, l); - TEST_ASSERT(ed_cmp(q, r) == RLC_EQ, end); - bn_neg(l, l); - ed_mul_sim_gen(r, k, q, l); - ed_curve_get_gen(p); - ed_mul_sim(q, p, k, q, l); - TEST_ASSERT(ed_cmp(q, r) == RLC_EQ, end); + bn_zero(k[0]); + bn_rand_mod(k[1], n); + ed_mul(p[1], p[0], k[1]); + ed_mul_sim_gen(r, k[0], p[0], k[1]); + TEST_ASSERT(ed_cmp(p[1], r) == RLC_EQ, end); + bn_rand_mod(k[0], n); + bn_zero(k[1]); + ed_mul_gen(p[1], k[0]); + ed_mul_sim_gen(r, k[0], p[0], k[1]); + TEST_ASSERT(ed_cmp(p[1], r) == RLC_EQ, end); + bn_rand_mod(k[0], n); + bn_rand_mod(k[1], n); + ed_mul_sim_gen(r, k[0], p[1], k[1]); + ed_curve_get_gen(p[0]); + ed_mul_sim(p[1], p[0], k[0], p[1], k[1]); + TEST_ASSERT(ed_cmp(p[1], r) == RLC_EQ, end); + bn_neg(k[0], k[0]); + ed_mul_sim_gen(r, k[0], p[1], k[1]); + ed_curve_get_gen(p[0]); + ed_mul_sim(p[1], p[0], k[0], p[1], k[1]); + TEST_ASSERT(ed_cmp(p[1], r) == RLC_EQ, end); + bn_neg(k[1], k[1]); + ed_mul_sim_gen(r, k[0], p[1], k[1]); + ed_curve_get_gen(p[0]); + ed_mul_sim(p[1], p[0], k[0], p[1], k[1]); + TEST_ASSERT(ed_cmp(p[1], r) == RLC_EQ, end); + bn_rand_mod(k[0], n); + bn_rand_mod(k[1], n); + bn_add(k[0], k[0], n); + bn_add(k[1], k[1], n); + ed_mul_sim_gen(r, k[0], p[1], k[1]); + ed_curve_get_gen(p[0]); + ed_mul_sim(p[1], p[0], k[0], p[1], k[1]); + TEST_ASSERT(ed_cmp(p[1], r) == RLC_EQ, end); + } TEST_END; + + TEST_CASE("many simultaneous point multiplications are correct") { + ed_set_infty(r); + ed_mul_sim_lot(p[16], p, k, 0); + TEST_ASSERT(ed_cmp(p[16], r) == RLC_EQ, end); + for (int j = 0; j < 16; j++) { + bn_rand_mod(k[j], n); + ed_rand(p[j]); + ed_mul(p[16], p[j], k[j]); + ed_add(r, r, p[16]); + ed_mul_sim_lot(p[16], p, k, j + 1); + TEST_ASSERT(ed_cmp(p[16], r) == RLC_EQ, end); + } + ed_mul(p[16], p[0], k[0]); + ed_sub(r, r, p[16]); + bn_zero(k[0]); + ed_mul_sim_lot(p[16], p, k, 16); + TEST_ASSERT(ed_cmp(p[16], r) == RLC_EQ, end); + ed_mul(p[16], p[1], k[1]); + ed_sub(r, r, p[16]); + ed_sub(r, r, p[16]); + bn_neg(k[1], k[1]); + ed_mul_sim_lot(p[16], p, k, 16); + TEST_ASSERT(ed_cmp(p[16], r) == RLC_EQ, end); + bn_add(k[2], k[2], n); + ed_mul_sim_lot(p[16], p, k, 16); + TEST_ASSERT(ed_cmp(p[16], r) == RLC_EQ, end); } TEST_END; } RLC_CATCH_ANY { @@ -1109,10 +1181,10 @@ static int simultaneous(void) { code = RLC_OK; end: bn_free(n); - bn_free(k); - bn_free(l); - ed_free(p); - ed_free(q); + for (int i = 0; i <= 16; i++) { + bn_free(k[i]); + ed_free(p[i]); + } ed_free(r); return code; } diff --git a/test/test_ep.c b/test/test_ep.c index 0de7803ba..e6aa8f71f 100644 --- a/test/test_ep.c +++ b/test/test_ep.c @@ -513,17 +513,15 @@ static int endomorphism(void) { } bn_mul(v1[0], v2[1], v1[1]); bn_mod(l, v1[0], v2[0]); - bn_sub(v1[1], v2[0], l); - if (bn_cmp(v1[1], l) == RLC_LT) { - bn_copy(l, v1[1]); - } TEST_CASE("endomorphism is correct") { /* Test if \psi(P) = [l]P. */ ep_rand(a); ep_psi(b, a); ep_mul(c, a, l); - TEST_ASSERT(ep_cmp(b, c) == RLC_EQ, end); + ep_neg(a, b); + TEST_ASSERT(ep_cmp(b, c) == RLC_EQ || + ep_cmp(a, c) == RLC_EQ, end); } TEST_END; @@ -532,7 +530,9 @@ static int endomorphism(void) { ep_rand(a); ep_psi(b, a); ep_mul(c, a, l); - TEST_ASSERT(ep_cmp(b, c) == RLC_EQ, end); + ep_neg(a, b); + TEST_ASSERT(ep_cmp(b, c) == RLC_EQ || + ep_cmp(a, c) == RLC_EQ, end); } TEST_END; #endif @@ -541,10 +541,11 @@ static int endomorphism(void) { TEST_CASE("endomorphism in projective coordinates is correct") { ep_rand(a); ep_dbl_projc(a, a); - ep_norm(a, a); ep_psi(b, a); ep_mul(c, a, l); - TEST_ASSERT(ep_cmp(b, c) == RLC_EQ, end); + ep_neg(a, b); + TEST_ASSERT(ep_cmp(b, c) == RLC_EQ || + ep_cmp(a, c) == RLC_EQ, end); } TEST_END; #endif @@ -832,6 +833,11 @@ static int fixed(void) { ep_mul_fix(r, (const ep_t *)t, k); ep_neg(r, r); TEST_ASSERT(ep_cmp(q, r) == RLC_EQ, end); + bn_rand_mod(k, n); + ep_mul_fix(q, (const ep_t *)t, k); + bn_add(k, k, n); + ep_mul_fix(r, (const ep_t *)t, k); + TEST_ASSERT(ep_cmp(q, r) == RLC_EQ, end); } TEST_END; for (int i = 0; i < RLC_EP_TABLE; i++) { ep_free(t[i]); @@ -981,23 +987,21 @@ static int fixed(void) { static int simultaneous(void) { int code = RLC_ERR; - bn_t n, k[2]; - ep_t p[2], r; + bn_t n, k[17]; + ep_t p[17], r; bn_null(n); - bn_null(k[0]); - bn_null(k[1]); - ep_null(p[0]); - ep_null(p[1]); ep_null(r); RLC_TRY { bn_new(n); - bn_new(k[0]); - bn_new(k[1]); - ep_new(p[0]); - ep_new(p[1]); ep_new(r); + for (int i = 0; i <= 16; i++) { + bn_null(k[i]); + bn_new(k[i]); + ep_null(p[i]); + ep_new(p[i]); + } ep_curve_get_gen(p[0]); ep_curve_get_ord(n); @@ -1032,9 +1036,6 @@ static int simultaneous(void) { ep_mul(p[1], p[1], k[1]); ep_add(p[1], p[1], p[0]); TEST_ASSERT(ep_cmp(p[1], r) == RLC_EQ, end); - ep_mul_sim(r, p[0], k[0], p[1], k[1]); - ep_mul_sim_lot(p[1], p, k, 2); - TEST_ASSERT(ep_cmp(p[1], r) == RLC_EQ, end); bn_rand_mod(k[0], n); bn_rand_mod(k[1], n); bn_add(k[0], k[0], n); @@ -1044,6 +1045,9 @@ static int simultaneous(void) { ep_mul(p[1], p[1], k[1]); ep_add(p[1], p[1], p[0]); TEST_ASSERT(ep_cmp(p[1], r) == RLC_EQ, end); + ep_mul_sim(r, p[0], k[0], p[1], k[1]); + ep_mul_sim_lot(p[1], p, k, 2); + TEST_ASSERT(ep_cmp(p[1], r) == RLC_EQ, end); } TEST_END; #if EP_SIM == BASIC || !defined(STRIP) @@ -1254,6 +1258,34 @@ static int simultaneous(void) { ep_mul_sim(p[1], p[0], k[0], p[1], k[1]); TEST_ASSERT(ep_cmp(p[1], r) == RLC_EQ, end); } TEST_END; + + TEST_CASE("many simultaneous point multiplications are correct") { + ep_set_infty(r); + ep_mul_sim_lot(p[16], p, k, 0); + TEST_ASSERT(ep_cmp(p[16], r) == RLC_EQ, end); + for (int j = 0; j < 16; j++) { + bn_rand_mod(k[j], n); + ep_rand(p[j]); + ep_mul(p[16], p[j], k[j]); + ep_add(r, r, p[16]); + ep_mul_sim_lot(p[16], p, k, j + 1); + TEST_ASSERT(ep_cmp(p[16], r) == RLC_EQ, end); + } + ep_mul(p[16], p[0], k[0]); + ep_sub(r, r, p[16]); + bn_zero(k[0]); + ep_mul_sim_lot(p[16], p, k, 16); + TEST_ASSERT(ep_cmp(p[16], r) == RLC_EQ, end); + ep_mul(p[16], p[1], k[1]); + ep_sub(r, r, p[16]); + ep_sub(r, r, p[16]); + bn_neg(k[1], k[1]); + ep_mul_sim_lot(p[16], p, k, 16); + TEST_ASSERT(ep_cmp(p[16], r) == RLC_EQ, end); + bn_add(k[2], k[2], n); + ep_mul_sim_lot(p[16], p, k, 16); + TEST_ASSERT(ep_cmp(p[16], r) == RLC_EQ, end); + } TEST_END; } RLC_CATCH_ANY { util_print("FATAL ERROR!\n"); @@ -1262,10 +1294,10 @@ static int simultaneous(void) { code = RLC_OK; end: bn_free(n); - bn_free(k[0]); - bn_free(k[1]); - ep_free(p[0]); - ep_free(p[1]); + for (int i = 0; i <= 16; i++) { + bn_free(k[i]); + ep_free(p[i]); + } ep_free(r); return code; } diff --git a/test/test_epx.c b/test/test_epx.c index 7429ec424..34b5d8a18 100644 --- a/test/test_epx.c +++ b/test/test_epx.c @@ -449,6 +449,11 @@ static int multiplication2(void) { ep2_mul_gen(r, k); ep2_neg(r, r); TEST_ASSERT(ep2_cmp(q, r) == RLC_EQ, end); + bn_rand_mod(k, n); + ep2_mul_gen(q, k); + bn_add(k, k, n); + ep2_mul_gen(r, k); + TEST_ASSERT(ep2_cmp(q, r) == RLC_EQ, end); } TEST_END; #if EP_MUL == BASIC || !defined(STRIP) @@ -470,6 +475,11 @@ static int multiplication2(void) { ep2_mul_basic(r, p, k); ep2_neg(r, r); TEST_ASSERT(ep2_cmp(q, r) == RLC_EQ, end); + bn_rand_mod(k, n); + ep2_mul_basic(q, p, k); + bn_add(k, k, n); + ep2_mul_basic(r, p, k); + TEST_ASSERT(ep2_cmp(q, r) == RLC_EQ, end); } TEST_END; #endif @@ -492,6 +502,11 @@ static int multiplication2(void) { ep2_mul_slide(r, p, k); ep2_neg(r, r); TEST_ASSERT(ep2_cmp(q, r) == RLC_EQ, end); + bn_rand_mod(k, n); + ep2_mul_slide(q, p, k); + bn_add(k, k, n); + ep2_mul_slide(r, p, k); + TEST_ASSERT(ep2_cmp(q, r) == RLC_EQ, end); } TEST_END; #endif @@ -515,6 +530,11 @@ static int multiplication2(void) { ep2_mul_monty(r, p, k); ep2_neg(r, r); TEST_ASSERT(ep2_cmp(q, r) == RLC_EQ, end); + bn_rand_mod(k, n); + ep2_mul_monty(q, p, k); + bn_add(k, k, n); + ep2_mul_monty(r, p, k); + TEST_ASSERT(ep2_cmp(q, r) == RLC_EQ, end); } TEST_END; #endif @@ -538,6 +558,11 @@ static int multiplication2(void) { ep2_mul_lwnaf(r, p, k); ep2_neg(r, r); TEST_ASSERT(ep2_cmp(q, r) == RLC_EQ, end); + bn_rand_mod(k, n); + ep2_mul_lwnaf(q, p, k); + bn_add(k, k, n); + ep2_mul_lwnaf(r, p, k); + TEST_ASSERT(ep2_cmp(q, r) == RLC_EQ, end); } TEST_END; #endif @@ -614,6 +639,11 @@ static int fixed2(void) { ep2_mul_fix(r, t, k); ep2_neg(r, r); TEST_ASSERT(ep2_cmp(q, r) == RLC_EQ, end); + bn_rand_mod(k, n); + ep2_mul_fix(q, t, k); + bn_add(k, k, n); + ep2_mul_fix(r, t, k); + TEST_ASSERT(ep2_cmp(q, r) == RLC_EQ, end); } TEST_END; for (int i = 0; i < RLC_EP_TABLE; i++) { ep2_free(t[i]); @@ -640,6 +670,11 @@ static int fixed2(void) { ep2_mul_fix_basic(r, t, k); ep2_neg(r, r); TEST_ASSERT(ep2_cmp(q, r) == RLC_EQ, end); + bn_rand_mod(k, n); + ep2_mul_fix_basic(q, t, k); + bn_add(k, k, n); + ep2_mul_fix_basic(r, t, k); + TEST_ASSERT(ep2_cmp(q, r) == RLC_EQ, end); } TEST_END; for (int i = 0; i < RLC_EP_TABLE_BASIC; i++) { ep2_free(t[i]); @@ -667,6 +702,11 @@ static int fixed2(void) { ep2_mul_fix_combs(r, t, k); ep2_neg(r, r); TEST_ASSERT(ep2_cmp(q, r) == RLC_EQ, end); + bn_rand_mod(k, n); + ep2_mul_fix_combs(q, t, k); + bn_add(k, k, n); + ep2_mul_fix_combs(r, t, k); + TEST_ASSERT(ep2_cmp(q, r) == RLC_EQ, end); } TEST_END; for (int i = 0; i < RLC_EP_TABLE_COMBS; i++) { ep2_free(t[i]); @@ -694,6 +734,11 @@ static int fixed2(void) { ep2_mul_fix_combd(r, t, k); ep2_neg(r, r); TEST_ASSERT(ep2_cmp(q, r) == RLC_EQ, end); + bn_rand_mod(k, n); + ep2_mul_fix_combd(q, t, k); + bn_add(k, k, n); + ep2_mul_fix_combd(r, t, k); + TEST_ASSERT(ep2_cmp(q, r) == RLC_EQ, end); } TEST_END; for (int i = 0; i < RLC_EP_TABLE_COMBD; i++) { ep2_free(t[i]); @@ -721,6 +766,11 @@ static int fixed2(void) { ep2_mul_fix_lwnaf(r, t, k); ep2_neg(r, r); TEST_ASSERT(ep2_cmp(q, r) == RLC_EQ, end); + bn_rand_mod(k, n); + ep2_mul_fix_lwnaf(q, t, k); + bn_add(k, k, n); + ep2_mul_fix_lwnaf(r, t, k); + TEST_ASSERT(ep2_cmp(q, r) == RLC_EQ, end); } TEST_END; for (int i = 0; i < RLC_EP_TABLE_LWNAF; i++) { ep2_free(t[i]); @@ -743,23 +793,20 @@ static int fixed2(void) { static int simultaneous2(void) { int code = RLC_ERR; - bn_t n, k[2]; - ep2_t p[2], r; + bn_t n, k[17]; + ep2_t p[17], r; bn_null(n); - bn_null(k[0]); - bn_null(k[1]); - ep2_null(p[0]); - ep2_null(p[1]); ep2_null(r); - RLC_TRY { bn_new(n); - bn_new(k[0]); - bn_new(k[1]); - ep2_new(p[0]); - ep2_new(p[1]); ep2_new(r); + for (int i = 0; i <= 16; i++) { + bn_null(k[i]); + bn_new(k[i]); + ep2_null(p[i]); + ep2_new(p[i]); + } ep2_curve_get_gen(p[0]); ep2_curve_get_ord(n); @@ -794,9 +841,6 @@ static int simultaneous2(void) { ep2_mul(p[1], p[1], k[1]); ep2_add(p[1], p[1], p[0]); TEST_ASSERT(ep2_cmp(p[1], r) == RLC_EQ, end); - ep2_mul_sim(r, p[0], k[0], p[1], k[1]); - ep2_mul_sim_lot(p[1], p, k, 2); - TEST_ASSERT(ep2_cmp(p[1], r) == RLC_EQ, end); bn_rand_mod(k[0], n); bn_rand_mod(k[1], n); bn_add(k[0], k[0], n); @@ -806,6 +850,9 @@ static int simultaneous2(void) { ep2_mul(p[1], p[1], k[1]); ep2_add(p[1], p[1], p[0]); TEST_ASSERT(ep2_cmp(p[1], r) == RLC_EQ, end); + ep2_mul_sim(r, p[0], k[0], p[1], k[1]); + ep2_mul_sim_lot(p[1], p, k, 2); + TEST_ASSERT(ep2_cmp(p[1], r) == RLC_EQ, end); } TEST_END; #if EP_SIM == BASIC || !defined(STRIP) @@ -972,6 +1019,32 @@ static int simultaneous2(void) { ep2_mul_sim(p[1], p[0], k[0], p[1], k[1]); TEST_ASSERT(ep2_cmp(p[1], r) == RLC_EQ, end); } TEST_END; + + TEST_CASE("many simultaneous point multiplications are correct") { + ep2_set_infty(r); + for (int j = 0; j < 16; j++) { + bn_rand_mod(k[j], n); + ep2_rand(p[j]); + ep2_mul(p[16], p[j], k[j]); + ep2_add(r, r, p[16]); + ep2_mul_sim_lot(p[16], p, k, j + 1); + TEST_ASSERT(ep2_cmp(p[16], r) == RLC_EQ, end); + } + ep2_mul(p[16], p[0], k[0]); + ep2_sub(r, r, p[16]); + bn_zero(k[0]); + ep2_mul_sim_lot(p[16], p, k, 16); + TEST_ASSERT(ep2_cmp(p[16], r) == RLC_EQ, end); + ep2_mul(p[16], p[1], k[1]); + ep2_sub(r, r, p[16]); + ep2_sub(r, r, p[16]); + bn_neg(k[1], k[1]); + ep2_mul_sim_lot(p[16], p, k, 16); + TEST_ASSERT(ep2_cmp(p[16], r) == RLC_EQ, end); + bn_add(k[2], k[2], n); + ep2_mul_sim_lot(p[16], p, k, 16); + TEST_ASSERT(ep2_cmp(p[16], r) == RLC_EQ, end); + } TEST_END; } RLC_CATCH_ANY { util_print("FATAL ERROR!\n"); @@ -980,11 +1053,11 @@ static int simultaneous2(void) { code = RLC_OK; end: bn_free(n); - bn_free(k[0]); - bn_free(k[1]); - ep2_free(p[0]); - ep2_free(p[1]); ep2_free(r); + for (int i = 0; i <= 16; i++) { + bn_free(k[i]); + ep2_free(p[i]); + } return code; } diff --git a/test/test_fp.c b/test/test_fp.c index 291829f8b..05ce289e4 100644 --- a/test/test_fp.c +++ b/test/test_fp.c @@ -856,6 +856,17 @@ static int inversion(void) { } TEST_END; #endif +#if FP_INV == JMPDS || !defined(STRIP) + TEST_CASE("jump division step inversion is correct") { + do { + fp_rand(a); + } while (fp_is_zero(a)); + fp_inv(b, a); + fp_inv_jmpds(c, a); + TEST_ASSERT(fp_cmp(c, b) == RLC_EQ, end); + } TEST_END; +#endif + #if FP_INV == LOWER || !defined(STRIP) TEST_CASE("lower inversion is correct") { do { @@ -894,6 +905,66 @@ static int inversion(void) { return code; } +static int symbol(void) { + int code = RLC_ERR; + fp_t a, b; + + fp_null(a); + fp_null(b); + + RLC_TRY { + fp_new(a); + fp_new(b); + + TEST_CASE("symbol computation is correct") { + fp_zero(a); + TEST_ASSERT(fp_smb(a) == 0, end); + fp_rand(a); + fp_sqr(a, a); + TEST_ASSERT(fp_smb(a) == 1, end); + do { + fp_rand(a); + } while(fp_srt(b, a) == 1); + TEST_ASSERT(fp_smb(a) == -1, end); + } + TEST_END; + +#if FP_SMB == BASIC || !defined(STRIP) + TEST_CASE("basic symbol computation is correct") { + fp_rand(a); + TEST_ASSERT(fp_smb(a) == fp_smb_basic(a), end); + } TEST_END; +#endif + +#if FP_SMB == DIVST || !defined(STRIP) + TEST_CASE("division step symbol computation is correct") { + fp_rand(a); + TEST_ASSERT(fp_smb(a) == fp_smb_divst(a), end); + } TEST_END; +#endif +#if FP_SMB == JMPDS || !defined(STRIP) + TEST_CASE("jump division step symbol computation is correct") { + fp_rand(a); + TEST_ASSERT(fp_smb(a) == fp_smb_jmpds(a), end); + } TEST_END; +#endif +#if FP_SMB == LOWER || !defined(STRIP) + TEST_CASE("lower symbol computation is correct") { + fp_rand(a); + TEST_ASSERT(fp_smb(a) == fp_smb_lower(a), end); + } TEST_END; +#endif + } + RLC_CATCH_ANY { + RLC_ERROR(end); + } + code = RLC_OK; + end: + fp_free(a); + fp_free(b); + return code; +} + static int exponentiation(void) { int code = RLC_ERR; fp_t a, b, c; @@ -1147,6 +1218,11 @@ int main(void) { return 1; } + if (symbol() != RLC_OK) { + core_clean(); + return 1; + } + if (exponentiation() != RLC_OK) { core_clean(); return 1; diff --git a/test/test_fpx.c b/test/test_fpx.c index a7c8eaa23..11e21785e 100644 --- a/test/test_fpx.c +++ b/test/test_fpx.c @@ -682,7 +682,7 @@ static int exponentiation2(void) { d->used = RLC_FP_DIGS; dv_copy(d->dp, fp_prime_get(), RLC_FP_DIGS); fp2_exp(c, a, d); - TEST_ASSERT(fp2_cmp(c, b) == RLC_EQ, end); + TEST_ASSERT(fp2_cmp(b, c) == RLC_EQ, end); } TEST_END; TEST_CASE("exponentiation of cyclotomic element is correct") { @@ -1424,7 +1424,7 @@ static int exponentiation3(void) { d->used = RLC_FP_DIGS; dv_copy(d->dp, fp_prime_get(), RLC_FP_DIGS); fp3_exp(c, a, d); - TEST_ASSERT(fp3_cmp(c, b) == RLC_EQ, end); + TEST_ASSERT(fp3_cmp(b, c) == RLC_EQ, end); } TEST_END; } RLC_CATCH_ANY { @@ -2002,7 +2002,7 @@ static int exponentiation4(void) { d->used = RLC_FP_DIGS; dv_copy(d->dp, fp_prime_get(), RLC_FP_DIGS); fp4_exp(c, a, d); - TEST_ASSERT(fp4_cmp(c, b) == RLC_EQ, end); + TEST_ASSERT(fp4_cmp(b, c) == RLC_EQ, end); } TEST_END; } RLC_CATCH_ANY { @@ -2589,7 +2589,7 @@ static int exponentiation6(void) { d->used = RLC_FP_DIGS; dv_copy(d->dp, fp_prime_get(), RLC_FP_DIGS); fp6_exp(c, a, d); - TEST_ASSERT(fp6_cmp(c, b) == RLC_EQ, end); + TEST_ASSERT(fp6_cmp(b, c) == RLC_EQ, end); } TEST_END; } RLC_CATCH_ANY { @@ -3214,7 +3214,7 @@ static int exponentiation8(void) { d->used = RLC_FP_DIGS; dv_copy(d->dp, fp_prime_get(), RLC_FP_DIGS); fp8_exp(c, a, d); - TEST_ASSERT(fp8_cmp(c, b) == RLC_EQ, end); + TEST_ASSERT(fp8_cmp(b, c) == RLC_EQ, end); } TEST_END; } RLC_CATCH_ANY { @@ -3789,7 +3789,7 @@ static int exponentiation9(void) { d->used = RLC_FP_DIGS; dv_copy(d->dp, fp_prime_get(), RLC_FP_DIGS); fp9_exp(c, a, d); - TEST_ASSERT(fp9_cmp(c, b) == RLC_EQ, end); + TEST_ASSERT(fp9_cmp(b, c) == RLC_EQ, end); } TEST_END; } RLC_CATCH_ANY { @@ -4234,7 +4234,7 @@ static int cyclotomic12(void) { fp12_null(b); fp12_null(c); fp12_null(d[0]); - fp12_null(d[1]) + fp12_null(d[1]); fp12_null(e[0]); bn_null(f); @@ -4505,7 +4505,7 @@ static int exponentiation12(void) { d->used = RLC_FP_DIGS; dv_copy(d->dp, fp_prime_get(), RLC_FP_DIGS); fp12_exp(c, a, d); - TEST_ASSERT(fp12_cmp(c, b) == RLC_EQ, end); + TEST_ASSERT(fp12_cmp(b, c) == RLC_EQ, end); } TEST_END; } RLC_CATCH_ANY { @@ -5049,7 +5049,7 @@ static int exponentiation18(void) { d->used = RLC_FP_DIGS; dv_copy(d->dp, fp_prime_get(), RLC_FP_DIGS); fp18_exp(c, a, d); - TEST_ASSERT(fp18_cmp(c, b) == RLC_EQ, end); + TEST_ASSERT(fp18_cmp(b, c) == RLC_EQ, end); } TEST_END; } RLC_CATCH_ANY { @@ -5741,7 +5741,7 @@ static int exponentiation24(void) { d->used = RLC_FP_DIGS; dv_copy(d->dp, fp_prime_get(), RLC_FP_DIGS); fp24_exp(c, a, d); - TEST_ASSERT(fp24_cmp(c, b) == RLC_EQ, end); + TEST_ASSERT(fp24_cmp(b, c) == RLC_EQ, end); } TEST_END; } RLC_CATCH_ANY { @@ -6543,7 +6543,7 @@ static int exponentiation48(void) { d->used = RLC_FP_DIGS; dv_copy(d->dp, fp_prime_get(), RLC_FP_DIGS); fp48_exp(c, a, d); - TEST_ASSERT(fp48_cmp(c, b) == RLC_EQ, end); + TEST_ASSERT(fp48_cmp(b, c) == RLC_EQ, end); } TEST_END; } RLC_CATCH_ANY { @@ -7230,7 +7230,7 @@ static int inversion54(void) { fp54_conv_cyc(a, a); fp54_inv(b, a); fp54_inv_cyc(c, a); - //TEST_ASSERT(fp54_cmp(b, c) == RLC_EQ, end); + TEST_ASSERT(fp54_cmp(b, c) == RLC_EQ, end); } TEST_END; } RLC_CATCH_ANY { @@ -7290,7 +7290,7 @@ static int exponentiation54(void) { d->used = RLC_FP_DIGS; dv_copy(d->dp, fp_prime_get(), RLC_FP_DIGS); fp54_exp(c, a, d); - TEST_ASSERT(fp54_cmp(c, b) == RLC_EQ, end); + TEST_ASSERT(fp54_cmp(b, c) == RLC_EQ, end); } TEST_END; } RLC_CATCH_ANY { @@ -7559,7 +7559,9 @@ int main(void) { core_clean(); return 1; } + } + if (fp_prime_get_qnr() && (ep_param_embed() >= 8)) { util_banner("Octic extension: (j) as CNR", 0); util_banner("Utilities:", 1); @@ -7617,7 +7619,7 @@ int main(void) { } /* Only execute these if there is an assigned cubic non-residue. */ - if (fp_prime_get_cnr()) { + if (fp_prime_get_cnr() && (ep_param_embed() >= 9)) { util_print("\n-- Nonic extension: (j) as CNR\n"); util_banner("Utilities:", 1); @@ -7669,7 +7671,7 @@ int main(void) { } } - if (fp_prime_get_qnr()) { + if (fp_prime_get_qnr() && (ep_param_embed() >= 12)) { util_banner("Dodecic extension:", 0); util_banner("Utilities:", 1); @@ -7724,9 +7726,10 @@ int main(void) { core_clean(); return 1; } + } - if (fp_prime_get_cnr()) { + if (fp_prime_get_cnr() && (ep_param_embed() >= 18)) { util_banner("Octdecic extension:", 0); util_banner("Utilities:", 1); @@ -7773,7 +7776,7 @@ int main(void) { } } - if (fp_prime_get_qnr()) { + if (fp_prime_get_qnr() && (ep_param_embed() >= 24)) { util_banner("Extension of degree 24:", 0); util_banner("Utilities:", 1); @@ -7828,7 +7831,9 @@ int main(void) { core_clean(); return 1; } + } + if (fp_prime_get_qnr() && (ep_param_embed() >= 48)) { util_banner("Extension of degree 48:", 0); util_banner("Utilities:", 1); @@ -7885,7 +7890,7 @@ int main(void) { } } - if (fp_prime_get_cnr()) { + if (fp_prime_get_cnr() && (ep_param_embed() == 54)) { util_banner("Extension of degree 54:", 0); util_banner("Utilities:", 1); diff --git a/test/test_mpc.c b/test/test_mpc.c index c554d69af..9fe1acd54 100644 --- a/test/test_mpc.c +++ b/test/test_mpc.c @@ -68,7 +68,7 @@ static int triple(void) { bn_gen_prime(n, RLC_BN_BITS); TEST_CASE("multiplication triples are generated correctly") { - mt_gen(tri, n); + mpc_mt_gen(tri, n); bn_add(t, tri[0]->a, tri[1]->a); bn_mod(t, t, n); bn_add(u, tri[0]->b, tri[1]->b); @@ -81,7 +81,7 @@ static int triple(void) { } TEST_END; TEST_CASE("multiplication triples are consistent") { - mt_gen(tri, n); + mpc_mt_gen(tri, n); /* Generate random inputs. */ bn_rand_mod(x[0], n); bn_rand_mod(y[0], n); @@ -102,14 +102,14 @@ static int triple(void) { bn_mod(y[0], y[0], n); /* Compute public values locally. */ - mt_mul_lcl(d[0], e[0], x[0], y[0], n, tri[0]); - mt_mul_lcl(d[1], e[1], x[1], y[1], n, tri[1]); + mpc_mt_lcl(d[0], e[0], x[0], y[0], n, tri[0]); + mpc_mt_lcl(d[1], e[1], x[1], y[1], n, tri[1]); /* Broadcast public values. */ - mt_mul_bct(d, e, n); + mpc_mt_bct(d, e, n); TEST_ASSERT(bn_cmp(d[0], d[1]) == RLC_EQ, end); TEST_ASSERT(bn_cmp(e[0], e[1]) == RLC_EQ, end); - mt_mul_mpc(d[0], d[0], e[0], n, tri[0], 0); - mt_mul_mpc(d[1], d[1], e[1], n, tri[1], 1); + mpc_mt_mul(d[0], d[0], e[0], n, tri[0], 0); + mpc_mt_mul(d[1], d[1], e[1], n, tri[1], 1); bn_add(d[0], d[0], d[1]); bn_mod(d[0], d[0], n); TEST_ASSERT(bn_cmp(t, d[0]) == RLC_EQ, end); @@ -127,10 +127,65 @@ static int triple(void) { mt_free(tri[0]); mt_free(tri[1]); for (int j = 0; j < 2; j++) { - bn_free(d[j]); - bn_free(e[j]); - bn_free(x[j]); - bn_free(y[j]); + bn_free(d[j]); + bn_free(e[j]); + bn_free(x[j]); + bn_free(y[j]); + } + return code; +} + +static int shamir(void) { + int code = RLC_ERR; + bn_t q, t, s, x[10], y[10]; + + bn_null(q); + bn_null(t); + bn_null(s); + + RLC_TRY { + bn_new(q); + bn_new(t); + bn_new(s); + for (int j = 0; j < 10; j++) { + bn_null(y[j]); + bn_new(y[j]); + bn_null(x[j]); + bn_new(x[j]); + } + + bn_gen_prime(q, RLC_BN_BITS); + + TEST_CASE("shamir secret shares are generated correctly") { + for (int i = 2; i < 10; i++) { + for (int j = 2; j <= i; j++) { + bn_rand_mod(s, q); + bn_zero(t); + TEST_ASSERT(mpc_sss_gen(x, y, s, q, j, i) == RLC_OK, end); + if (j > 2) { + TEST_ASSERT(mpc_sss_key(t, x, y, q, j - 1) == RLC_OK, end); + TEST_ASSERT(bn_cmp(t, s) != RLC_EQ, end); + } else { + TEST_ASSERT(mpc_sss_key(t, x, y, q, j - 1) == RLC_ERR, end); + } + TEST_ASSERT(mpc_sss_key(t, x, y, q, j) == RLC_OK, end); + TEST_ASSERT(bn_cmp(t, s) == RLC_EQ, end); + } + } + } TEST_END; + } RLC_CATCH_ANY { + util_print("FATAL ERROR!\n"); + RLC_ERROR(end); + } + + code = RLC_OK; + end: + bn_free(t); + bn_free(q); + bn_free(s); + for (int j = 0; j < 10; j++) { + bn_free(x[j]); + bn_free(y[j]); } return code; } @@ -193,7 +248,7 @@ static int pairing(void) { g1_get_ord(n); TEST_CASE("scalar multiplication triples in g1 are consistent") { - mt_gen(tri, n); + mpc_mt_gen(tri, n); /* Generate random inputs. */ g1_rand(p[0]); bn_rand_mod(k[0], n); @@ -392,6 +447,11 @@ int main(void) { core_clean(); return 1; } + + if (shamir()) { + core_clean(); + return 1; + } #endif #if defined(WITH_PC) diff --git a/test/test_pc.c b/test/test_pc.c index 01b4b13e0..dff4fab84 100644 --- a/test/test_pc.c +++ b/test/test_pc.c @@ -1245,8 +1245,9 @@ static int memory(void) { } int util(void) { - int code = RLC_ERR; + int l, code = RLC_ERR; gt_t a, b, c; + uint8_t bin[24 * RLC_PC_BYTES]; gt_null(a); gt_null(b); diff --git a/tools/relic_gen_label.sh b/tools/relic-gen-label.sh similarity index 96% rename from tools/relic_gen_label.sh rename to tools/relic-gen-label.sh index 46920725e..9dd532e70 100755 --- a/tools/relic_gen_label.sh +++ b/tools/relic-gen-label.sh @@ -152,6 +152,13 @@ echo "#define ep2_t RLC_PREFIX(ep2_t)" echo REDEF2 epx ep2 +echo "#undef ep4_st" +echo "#undef ep4_t" +echo "#define ep4_st RLC_PREFIX(ep4_st)" +echo "#define ep4_t RLC_PREFIX(ep4_t)" +echo +REDEF2 epx ep4 + echo "#undef fp2_st" echo "#undef fp2_t" echo "#undef dv2_t" @@ -231,6 +238,8 @@ REDEF2 fbx fb2 REDEF2 fbx fb4 REDEF pp +REDEF pc +REDEF mpc echo "#undef crt_t" echo "#undef rsa_t" @@ -238,8 +247,8 @@ echo "#undef rabin_t" echo "#undef phpe_t" echo "#undef bdpe_t" echo "#undef sokaka_t" -echo "#define crt_t RLC_PREFIX(crt_t)" -echo "#define rsa_t RLC_PREFIX(rsa_t)" +echo "#define crt_t RLC_PREFIX(crt_t)" +echo "#define rsa_t RLC_PREFIX(rsa_t)" echo "#define rabin_t RLC_PREFIX(rabin_t)" echo "#define phpe_t RLC_PREFIX(phpe_t)" echo "#define bdpe_t RLC_PREFIX(bdpe_t)" diff --git a/tools/run-pairings.sh b/tools/run-pairings.sh new file mode 100755 index 000000000..c6b4988d5 --- /dev/null +++ b/tools/run-pairings.sh @@ -0,0 +1,13 @@ +set -e + +for script in preset/x64-pbc-*; do + file=${script##*/} + file=${file%.sh} + echo target-$file + mkdir -p target-$file + cd target-$file + ../$script ../ + make + ./bin/test_fpx && ./bin/test_pc + cd .. +done From e6c65c3fa9e6c3c87b6ef7ad7712bd0ece324ce8 Mon Sep 17 00:00:00 2001 From: Kittywhiskers Van Gogh <63189531+kwvg@users.noreply.github.com> Date: Thu, 26 Sep 2024 07:13:14 +0000 Subject: [PATCH 3/4] build: update relic autoconf annotations and make definitions --- Makefile.relic.include | 16 +++++++++++++--- configure.ac | 24 +++++++++++++----------- 2 files changed, 26 insertions(+), 14 deletions(-) diff --git a/Makefile.relic.include b/Makefile.relic.include index 92bd7c7e8..6c5075dc2 100644 --- a/Makefile.relic.include +++ b/Makefile.relic.include @@ -62,6 +62,7 @@ BN_SOURCES = \ depends/relic/src/bn/relic_bn_factor.c \ depends/relic/src/bn/relic_bn_gcd.c \ depends/relic/src/bn/relic_bn_inv.c \ + depends/relic/src/bn/relic_bn_lag.c \ depends/relic/src/bn/relic_bn_lcm.c \ depends/relic/src/bn/relic_bn_mem.c \ depends/relic/src/bn/relic_bn_mod.c \ @@ -83,6 +84,7 @@ FP_SOURCES = \ depends/relic/src/fp/relic_fp_mul.c \ depends/relic/src/fp/relic_fp_param.c \ depends/relic/src/fp/relic_fp_prime.c \ + depends/relic/src/fp/relic_fp_smb.c \ depends/relic/src/fp/relic_fp_rdc.c \ depends/relic/src/fp/relic_fp_shift.c \ depends/relic/src/fp/relic_fp_sqr.c \ @@ -271,6 +273,7 @@ MD_SOURCES = \ EXTRA_DIST += \ depends/relic/src/arch/relic_arch_arm.c \ + depends/relic/src/arch/relic_arch_a64.c \ depends/relic/src/arch/relic_arch_none.c \ depends/relic/src/arch/relic_arch_x64.c \ depends/relic/src/arch/relic_arch_x86.c @@ -296,7 +299,8 @@ RELIC_SOURCES += $(BN_SOURCES) \ depends/relic/src/low/easy/relic_bn_mod_low.c \ depends/relic/src/low/easy/relic_bn_mul_low.c \ depends/relic/src/low/easy/relic_bn_shift_low.c \ - depends/relic/src/low/easy/relic_bn_sqr_low.c + depends/relic/src/low/easy/relic_bn_sqr_low.c \ + depends/relic/src/low/easy/relic_fp_smb_low.c endif if WITH_FP @@ -427,12 +431,17 @@ RELIC_SOURCES += \ depends/relic/src/cp/relic_cp_ibe.c \ depends/relic/src/cp/relic_cp_mklhs.c \ depends/relic/src/cp/relic_cp_mpss.c \ + depends/relic/src/cp/relic_cp_pbpsi.c \ depends/relic/src/cp/relic_cp_pcdel.c \ depends/relic/src/cp/relic_cp_phpe.c \ depends/relic/src/cp/relic_cp_pok.c \ depends/relic/src/cp/relic_cp_pss.c \ depends/relic/src/cp/relic_cp_rabin.c \ depends/relic/src/cp/relic_cp_rsa.c \ + depends/relic/src/cp/relic_cp_rsapsi.c \ + depends/relic/src/cp/relic_cp_shipsi.c \ + depends/relic/src/cp/relic_cp_shpe.c \ + depends/relic/src/cp/relic_cp_smlers.c \ depends/relic/src/cp/relic_cp_sok.c \ depends/relic/src/cp/relic_cp_sokaka.c \ depends/relic/src/cp/relic_cp_vbnn.c \ @@ -454,8 +463,9 @@ endif if WITH_MPC RELIC_SOURCES += \ - depends/relic/src/mpc/relic_mt_mpc.c \ - depends/relic/src/mpc/relic_pc_mpc.c + depends/relic/src/mpc/relic_mpc_sss.c \ + depends/relic/src/mpc/relic_mpc_mt.c \ + depends/relic/src/mpc/relic_mpc_pc.c endif librelic_la_SOURCES = \ diff --git a/configure.ac b/configure.ac index ca499c31a..2d1ea04e5 100644 --- a/configure.ac +++ b/configure.ac @@ -137,12 +137,13 @@ fi dnl Define enum mappings for relic config AC_DEFINE([RLC_VERSION], ["0.5.0"], [Relic Version]) -dnl dashbls: Library processor architecture +dnl Relic: Library processor architecture AC_DEFINE([AVR], [1], [Atmel AVR ATMega128 8-bit architecture.]) AC_DEFINE([MSP], [2], [MSP430 16-bit architecture.]) AC_DEFINE([ARM], [3], [ARM 32-bit architecture.]) -AC_DEFINE([X86], [4], [Intel x86-compatible 32-bit architecture.]) -AC_DEFINE([X64], [5], [AMD64-compatible 64-bit architecture.]) +AC_DEFINE([A64], [4], [ARM 64-bit architecture.]) +AC_DEFINE([X86], [5], [Intel x86-compatible 32-bit architecture.]) +AC_DEFINE([X64], [6], [AMD64-compatible 64-bit architecture.]) dnl Relic: Generic options AC_DEFINE([RELIC_NONE], [0], [Unknown or unrecognized parameter.]) @@ -247,11 +248,11 @@ AC_DEFINE([PTHREAD], [2], [POSIX multithreading support.]) dnl Relic: Supported operating systems AC_DEFINE([LINUX], [1], [GNU/Linux operating system.]) AC_DEFINE([FREEBSD], [2], [FreeBSD operating system.]) -AC_DEFINE([MACOSX], [3], [MacOS operating system.]) -AC_DEFINE([WINDOWS], [4], [Windows operating system.]) -AC_DEFINE([DROID], [5], [Android operating system.]) -AC_DEFINE([DUINO], [6], [Arduino platform.]) -dnl AC_DEFINE([OPENBSD], [7], [OpenBSD operating system.]) +AC_DEFINE([NETBSD], [3], [NetBSD operating system.]) +AC_DEFINE([MACOSX], [4], [MacOS operating system.]) +AC_DEFINE([WINDOWS], [5], [Windows operating system.]) +AC_DEFINE([DROID], [6], [Android operating system.]) +AC_DEFINE([DUINO], [7], [Arduino platform.]) dnl Relic: Supported timers AC_DEFINE([HREAL], [1], [Per-process high-resolution timer.]) @@ -273,8 +274,8 @@ AC_DEFINE([DOUBLE], [3], [A multiple precision integer can store the result of dnl Relic (BN): Greatest Common Divisor dnl AC_DEFINE([BASIC], [1], [Euclid's standard GCD algorithm.]) -AC_DEFINE([LEHME], [2], [Lehmer's fast GCD Algorithm.]) -AC_DEFINE([STEIN], [3], [Stein's binary GCD Algorithm.]) +dnl AC_DEFINE([BINAR], [2], [Binary GCD algorithm.]) +AC_DEFINE([LEHME], [3], [Lehmer's fast GCD Algorithm.]) dnl Relic (BN): Integer multiplication dnl AC_DEFINE([BASIC], [1], [Schoolbook multiplication.]) @@ -654,7 +655,7 @@ AC_DEFINE(BN_GCD, BASIC, Chosen multiple precision greatest common divisor metho AC_DEFINE(BN_GEN, BASIC, Chosen prime generation algorithm.) AC_DEFINE(FP_PRIME, 381, Prime field size in bits.) -AC_DEFINE(FP_METHD, "INTEG;INTEG;INTEG;MONTY;LOWER;SLIDE", Prime field arithmetic method.) +AC_DEFINE(FP_METHD, "INTEG;INTEG;INTEG;MONTY;MONTY;JMPDS;SLIDE", Prime field arithmetic method.) AC_DEFINE(FP_KARAT, 0, Number of Karatsuba steps.) AC_DEFINE(FP_WIDTH, 4, Width of window processing for exponentiation methods.) AC_DEFINE(FP_ADD, INTEG, Chosen prime field multiplication method.) @@ -662,6 +663,7 @@ AC_DEFINE(FP_MUL, INTEG, Chosen prime field multiplication method.) AC_DEFINE(FP_SQR, INTEG, Chosen prime field multiplication method.) AC_DEFINE(FP_RDC, MONTY, Chosen prime field reduction method.) AC_DEFINE(FP_INV, LOWER, Chosen prime field inversion method.) +AC_DEFINE(FP_SMB, JMPDS, Chosen prime field Legendre symbol.) AC_DEFINE(FP_EXP, SLIDE, Chosen multiple precision modular exponentiation method.) AC_DEFINE(FPX_METHD, "INTEG;INTEG;LAZYR", Prime extension field arithmetic method.) From a9d20ced96a125dfb904edf19a0521791b989a0b Mon Sep 17 00:00:00 2001 From: Kittywhiskers Van Gogh <63189531+kwvg@users.noreply.github.com> Date: Thu, 26 Sep 2024 07:23:54 +0000 Subject: [PATCH 4/4] build: update CMake and Autotools build files for new relic changes --- CMakeLists.txt | 2 +- configure.ac | 5 ++--- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index f413f97cc..84943b413 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -80,7 +80,7 @@ else() set(FP_QNRES "on" CACHE STRING "") endif() -set(FP_METHD "INTEG;INTEG;INTEG;MONTY;LOWER;SLIDE" CACHE STRING "") +set(FP_METHD "INTEG;INTEG;INTEG;MONTY;MONTY;JMPDS;SLIDE" CACHE STRING "") if(MSVC) set(COMP_FLAGS "" CACHE STRING "") diff --git a/configure.ac b/configure.ac index 2d1ea04e5..564001c72 100644 --- a/configure.ac +++ b/configure.ac @@ -490,9 +490,8 @@ if [[[ "$host_cpu" == x86_64 && "$use_optimizations" == "yes" ]]]; then AC_DEFINE([WSIZE], [64], [Size of word in this architecture.]) elif [[[ "$host_cpu" == aarch* && "$use_optimizations" == "yes" ]]]; then dnl Support for 64-bit ARM processors - dnl Relic doesn't support aarch64 yet, set CPU_ARCH to none and ARCH to RELIC_NONE. - CPU_ARCH="none" - AC_DEFINE([ARCH], [RELIC_NONE], [Architecture.]) + CPU_ARCH="a64" + AC_DEFINE([ARCH], [A64], [Architecture.]) AC_DEFINE([WSIZE], [64], [Size of word in this architecture.]) elif [[[ "$host_cpu" == i?86 && "$use_optimizations" == "yes" ]]]; then dnl Support for Intel x86 processors