mirror/gmsm
1
0
Fork 0
mirror of https://github.com/emmansun/gmsm.git synced 2025-04-25 19:56:18 +08:00
Code Issues Packages Projects Releases Wiki Activity
gmsm/sm9/bn256/bn_pair_b6.go

67 lines
1.5 KiB
Go
Raw Normal View History

sm9: implement 1-2-6-12 towering extensions for comparison
2023-04-28 16:52:10 +08:00
package bn256
func pairingB6(a *twistPoint, b *curvePoint) *gfP12 {
e := miller(a, b)
eb6 := (&gfP12b6{}).SetGfP12(e)
ret := finalExponentiationB6(eb6)
if a.IsInfinity() || b.IsInfinity() {
ret.SetOne()
}
return ret.ToGfP12()
}
// finalExponentiation computes the (p¹²-1)/Order-th power of an element of
// GF(p¹²) to obtain an element of GT. https://eprint.iacr.org/2007/390.pdf
// http://cryptojedi.org/papers/dclxvi-20100714.pdf
func finalExponentiationB6(in *gfP12b6) *gfP12b6 {
t1 := &gfP12b6{}
// This is the p^6-Frobenius
t1.x.Neg(&in.x)
t1.y.Set(&in.y)
inv := &gfP12b6{}
inv.Invert(in)
t1.Mul(t1, inv)
t2 := (&gfP12b6{}).FrobeniusP2(t1)
t1.Mul(t1, t2)
fp := (&gfP12b6{}).Frobenius(t1)
fp2 := (&gfP12b6{}).FrobeniusP2(t1)
fp3 := (&gfP12b6{}).Frobenius(fp2)
fu := (&gfP12b6{}).Exp(t1, u)
fu2 := (&gfP12b6{}).Exp(fu, u)
fu3 := (&gfP12b6{}).Exp(fu2, u)
y3 := (&gfP12b6{}).Frobenius(fu)
fu2p := (&gfP12b6{}).Frobenius(fu2)
fu3p := (&gfP12b6{}).Frobenius(fu3)
y2 := (&gfP12b6{}).FrobeniusP2(fu2)
y0 := &gfP12b6{}
y0.Mul(fp, fp2).Mul(y0, fp3)
y1 := (&gfP12b6{}).Conjugate(t1)
y5 := (&gfP12b6{}).Conjugate(fu2)
y3.Conjugate(y3)
y4 := (&gfP12b6{}).Mul(fu, fu2p)
y4.Conjugate(y4)
y6 := (&gfP12b6{}).Mul(fu3, fu3p)
y6.Conjugate(y6)
t0 := (&gfP12b6{}).Square(y6)
t0.Mul(t0, y4).Mul(t0, y5)
t1.Mul(y3, y5).Mul(t1, t0)
t0.Mul(t0, y2)
t1.Square(t1).Mul(t1, t0).Square(t1)
t0.Mul(t1, y1)
t1.Mul(t1, y0)
t0.Square(t0).Mul(t0, t1)
return t0
}
Reference in New Issue Copy Permalink