From 7ec31cd2f288b56530e72ed4f78b0098f22f757c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Iv=C3=A1n=20Litteri?= Date: Thu, 17 Aug 2023 12:47:43 -0300 Subject: [PATCH 1/5] Finish fp2 arithmetic --- .../quadratic_extension_field_arithmetic.py | 71 +++++++++++++------ 1 file changed, 51 insertions(+), 20 deletions(-) diff --git a/scripts/quadratic_extension_field_arithmetic.py b/scripts/quadratic_extension_field_arithmetic.py index 472b234b..c4da2e85 100644 --- a/scripts/quadratic_extension_field_arithmetic.py +++ b/scripts/quadratic_extension_field_arithmetic.py @@ -1,22 +1,37 @@ -import montgomery +import montgomery as monty # Base field order N = 21888242871839275222246405745257275088696311157297823662689037894645226208583 +BETA = monty.ONE -def add(augend0, augend1, addend0, addend1): - return montgomery.add(augend0, addend0), montgomery.add(augend1, addend1) +# Algorithm 5 from https://eprint.iacr.org/2010/354.pdf +def add(a0, a1, b0, b1): + return monty.add(a0, b0), monty.add(a1, b1) -def sub(minuend0, minuend1, subtrahend0, subtrahend1): - return montgomery.sub(minuend0, subtrahend0), montgomery.sub(minuend1, subtrahend1) +# Algorithm 6 from https://eprint.iacr.org/2010/354.pdf +def sub(a0, a1, b0, b1): + return monty.sub(a0, b0), monty.sub(a1, b1) -# [a, ib] * [c, id] = [ac - bd, (ad + bc)i] -> e = ac - bd, f = ad + bc -def mul(a, b, c, d): - e = montgomery.sub(montgomery.mul(a, c), montgomery.mul(b, d)) - f = montgomery.add(montgomery.mul(a, d), montgomery.mul(b, c)) +# Algorithm 7 from https://eprint.iacr.org/2010/354.pdf +def scalar_mul(a0, a1, scalar): + return monty.mul(a0, scalar), monty.mul(a1, scalar) + +def mul(a0, a1, b0, b1): + e = monty.sub(monty.mul(a0, b0), monty.mul(a1, b1)) + f = monty.add(monty.mul(a0, b1), monty.mul(a1, b0)) return e, f +# Algorithm 8 from https://eprint.iacr.org/2010/354.pdf +# β = 1 +def inv(a0, a1): + t0 = monty.mul(a0, a0) + t1 = monty.mul(a1, a1) + t0 = monty.sub(t0, monty.mul(BETA, t1)) + t1 = monty.inv(t0) + return monty.mul(a0, t1), monty.sub(0, monty.mul(a1, t1)) + def exp(base0, base1, exponent): - pow0 = montgomery.ONE + pow0 = monty.ONE pow1 = 0 while exponent > 0: if exponent % 2 == 1: @@ -27,27 +42,43 @@ def exp(base0, base1, exponent): def main(): # (1 + 2i) * (2 + 2i) = [ac - bd, (ad + bc)i] = -2 + 6i - fp2_a = montgomery.ONE, montgomery.TWO - fp2_b = montgomery.TWO, montgomery.TWO + fp2_a = monty.ONE, monty.TWO + fp2_b = monty.TWO, monty.TWO fp2_ab = mul(*fp2_a, *fp2_b) - assert(montgomery.out_of(fp2_ab[0]) == N - 2) - assert(montgomery.out_of(fp2_ab[1]) == 6) + assert(monty.out_of(fp2_ab[0]) == N - 2) + assert(monty.out_of(fp2_ab[1]) == 6) # (1 + 2i) ^ 0 = 1 fp2_one = exp(*fp2_a, 0) - assert(montgomery.out_of(fp2_one[0]) == 1) - assert(montgomery.out_of(fp2_one[1]) == 0) + assert(monty.out_of(fp2_one[0]) == 1) + assert(monty.out_of(fp2_one[1]) == 0) # (1 + 2i) ^ 2 = -3 + 4i fp2_a_squared = exp(*fp2_a, 2) - assert(montgomery.out_of(fp2_a_squared[0]) == N - 3) - assert(montgomery.out_of(fp2_a_squared[1]) == 4) + assert(monty.out_of(fp2_a_squared[0]) == N - 3) + assert(monty.out_of(fp2_a_squared[1]) == 4) # (1 + 2i) ^ 3 = (1 + 2i) * (-3 + 4i) = [ac - bd, (ad + bc)i] = -11 - 2i fp2_a_cubed = exp(*fp2_a, 3) - assert(montgomery.out_of(fp2_a_cubed[0]) == N - 11) - assert(montgomery.out_of(fp2_a_cubed[1]) == N - 2) + assert(monty.out_of(fp2_a_cubed[0]) == N - 11) + assert(monty.out_of(fp2_a_cubed[1]) == N - 2) + + # (1 + 2i) * 0 = 0 + fp2_zero = scalar_mul(*fp2_a, 0) + assert(fp2_zero == (0, 0)) + + # (1 + 2i) * 1 = 1 + 2i + fp2_one = scalar_mul(*fp2_a, monty.ONE) + assert(fp2_one == fp2_a) + + # (1 + 2i) * 2 = 2 + 4i + fp2_two = scalar_mul(*fp2_a, monty.TWO) + assert(fp2_two == (monty.TWO, monty.FOUR)) + # (1 + 2i) * 3 = 3 + 6i + fp2_three = scalar_mul(*fp2_a, monty.THREE) + assert(fp2_three == (monty.THREE, monty.SIX)) + if __name__ == '__main__': main() \ No newline at end of file From 0b96358b1e0d6b659109d09babdad8e4ae6b5503 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Iv=C3=A1n=20Litteri?= Date: Thu, 17 Aug 2023 12:47:57 -0300 Subject: [PATCH 2/5] Add more precomputed values --- scripts/montgomery.py | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/scripts/montgomery.py b/scripts/montgomery.py index 4d6487a8..ad4654ed 100644 --- a/scripts/montgomery.py +++ b/scripts/montgomery.py @@ -18,6 +18,13 @@ ONE = 6350874878119819312338956282401532409788428879151445726012394534686998597021 TWO = 12701749756239638624677912564803064819576857758302891452024789069373997194042 +THREE = 19052624634359457937016868847204597229365286637454337178037183604060995791063 +FOUR = 3515256640640002027109419384348854550457404359307959241360540244102768179501 +FIVE = 9866131518759821339448375666750386960245833238459404967372934778789766776522 +SIX = 16217006396879640651787331949151919370034262117610850693385329313476765373543 +SEVEN = 679638403160184741879882486296176691126379839464472756708685953518537761981 +EIGHT = 7030513281280004054218838768697709100914808718615918482721080488205536359002 +NINE = 13381388159399823366557795051099241510703237597767364208733475022892534956023 # Extended euclidean algorithm to find modular inverses for integers. def prime_field_inv(a, modulus): From 2d9295bd2862a19b0ba4acb6a19749a55b39fdd2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Iv=C3=A1n=20Litteri?= Date: Thu, 17 Aug 2023 17:32:31 -0300 Subject: [PATCH 3/5] Fix fp2 inv --- scripts/quadratic_extension_field_arithmetic.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/quadratic_extension_field_arithmetic.py b/scripts/quadratic_extension_field_arithmetic.py index c4da2e85..d89dec4b 100644 --- a/scripts/quadratic_extension_field_arithmetic.py +++ b/scripts/quadratic_extension_field_arithmetic.py @@ -2,7 +2,6 @@ # Base field order N = 21888242871839275222246405745257275088696311157297823662689037894645226208583 -BETA = monty.ONE # Algorithm 5 from https://eprint.iacr.org/2010/354.pdf def add(a0, a1, b0, b1): @@ -22,11 +21,12 @@ def mul(a0, a1, b0, b1): return e, f # Algorithm 8 from https://eprint.iacr.org/2010/354.pdf -# β = 1 +# β = -1 def inv(a0, a1): t0 = monty.mul(a0, a0) t1 = monty.mul(a1, a1) - t0 = monty.sub(t0, monty.mul(BETA, t1)) + # This step is actually to - β * t1 but β = -1 so we can just add t1 to t0. + t0 = monty.add(t0, t1) t1 = monty.inv(t0) return monty.mul(a0, t1), monty.sub(0, monty.mul(a1, t1)) From bc45ea8bd1812c47c39d2caf62fbc13234d0130e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Iv=C3=A1n=20Litteri?= Date: Thu, 17 Aug 2023 17:39:55 -0300 Subject: [PATCH 4/5] Add EOF --- scripts/quadratic_extension_field_arithmetic.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/quadratic_extension_field_arithmetic.py b/scripts/quadratic_extension_field_arithmetic.py index d89dec4b..9c212594 100644 --- a/scripts/quadratic_extension_field_arithmetic.py +++ b/scripts/quadratic_extension_field_arithmetic.py @@ -81,4 +81,5 @@ def main(): assert(fp2_three == (monty.THREE, monty.SIX)) if __name__ == '__main__': - main() \ No newline at end of file + main() + \ No newline at end of file From 5b17ebca7e0259e2fb26e2f368814550874d611a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Iv=C3=A1n=20Litteri?= Date: Thu, 17 Aug 2023 17:50:31 -0300 Subject: [PATCH 5/5] Rename module --- scripts/{quadratic_extension_field_arithmetic.py => fp2.py} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename scripts/{quadratic_extension_field_arithmetic.py => fp2.py} (100%) diff --git a/scripts/quadratic_extension_field_arithmetic.py b/scripts/fp2.py similarity index 100% rename from scripts/quadratic_extension_field_arithmetic.py rename to scripts/fp2.py