ignore .swp

3 files changed, 208 insertions, 0 deletions

diff --git a/.gitignore b/.gitignore
index e550799..5302ad3 100644
--- a/.gitignore
+++ b/.gitignore
@@ -9,3 +9,4 @@ GTAGS
 *.o
 *.d
 *.exe
+*.swp
diff --git a/include/mcl/bls12.hpp b/include/mcl/bls12.hpp
new file mode 100644
index 0000000..3ec0de9
--- /dev/null
+++ b/include/mcl/bls12.hpp
@@ -0,0 +1,168 @@
+#pragma once
+/**
+	@file
+	@brief BLS12-381 curve
+	@author MITSUNARI Shigeo(@herumi)
+	@license modified new BSD license
+	http://opensource.org/licenses/BSD-3-Clause
+*/
+#define MCL_MTYPE
+#include <mcl/pairing_util.hpp>
+
+namespace mcl { namespace bls12 {
+
+using mcl::CurveParam;
+using mcl::getCurveParam;
+
+
+/*
+	twisted Frobenius for G2
+*/
+template<class G2>
+struct HaveFrobenius : public G2 {
+	typedef typename G2::Fp Fp2;
+	static Fp2 g2;
+	static Fp2 g3;
+	/*
+		BN254 is Dtype
+		BLS12-381 is Mtype
+	*/
+	static void init(bool isMtype)
+	{
+		g2 = Fp2::get_gTbl()[0];
+		g3 = Fp2::get_gTbl()[3];
+		if (isMtype) {
+			Fp2::inv(g2, g2);
+			Fp2::inv(g3, g3);
+		}
+	}
+	/*
+		FrobeniusOnTwist for Dtype
+		p mod 6 = 1, w^6 = xi
+		Frob(x', y') = phi Frob phi^-1(x', y')
+		= phi Frob (x' w^2, y' w^3)
+		= phi (x'^p w^2p, y'^p w^3p)
+		= (F(x') w^2(p - 1), F(y') w^3(p - 1))
+		= (F(x') g^2, F(y') g^3)
+
+		FrobeniusOnTwist for Dtype
+		use (1/g) instead of g
+	*/
+	static void Frobenius(G2& D, const G2& S)
+	{
+		Fp2::Frobenius(D.x, S.x);
+		Fp2::Frobenius(D.y, S.y);
+		Fp2::Frobenius(D.z, S.z);
+		D.x *= g2;
+		D.y *= g3;
+	}
+	static void Frobenius(HaveFrobenius& y, const HaveFrobenius& x)
+	{
+		Frobenius(static_cast<G2&>(y), static_cast<const G2&>(x));
+	}
+};
+template<class G2>
+typename G2::Fp HaveFrobenius<G2>::g2;
+template<class G2>
+typename G2::Fp HaveFrobenius<G2>::g3;
+
+template<class Fp>
+struct ParamT : public util::CommonParamT<Fp> {
+	typedef util::CommonParamT<Fp> Common;
+	typedef Fp2T<Fp> Fp2;
+	typedef mcl::EcT<Fp> G1;
+	typedef mcl::EcT<Fp2> G2;
+
+	void init(const CurveParam& cp = CurveFp381, fp::Mode mode = fp::FP_AUTO)
+	{
+		Common::initCommonParam(cp, mode, true);
+	}
+};
+
+template<class Fp>
+struct BLS12T {
+	typedef mcl::Fp2T<Fp> Fp2;
+	typedef mcl::Fp6T<Fp> Fp6;
+	typedef mcl::Fp12T<Fp> Fp12;
+	typedef mcl::EcT<Fp> G1;
+	typedef mcl::EcT<Fp2> G2;
+	typedef HaveFrobenius<G2> G2withF;
+	typedef mcl::FpDblT<Fp> FpDbl;
+	typedef mcl::Fp2DblT<Fp> Fp2Dbl;
+	typedef ParamT<Fp> Param;
+	static Param param;
+
+	static void init(const mcl::bls12::CurveParam& cp = CurveFp381, fp::Mode mode = fp::FP_AUTO)
+	{
+		param.init(cp, mode);
+		G2withF::init(param.isMtype);
+	}
+////////////////////////////////////////////////////////////////////////////////////
+	#define MCL_USE_BLS12
+	#include "ml-fe.hpp"
+	/*
+		Implementing Pairings at the 192-bit Security Level
+		D.F.Aranha, L, F. Castaneda, E.Knapp, A.Menezes, F.R.Henriquez
+		section 4
+		d = (p^4 - p^2 + 1) / r * 3 = c0 + c1 p + c2 p^2 + c3 p^3
+		c0 = z^5 - 2z^4 + 2z^2 - z + 3
+		c1 = z^4 - 2z^3 + 2z - 1
+		c2 = z^3 - 2z^2 + z
+		c3 = z^2 - 2z + 1
+	*/
+	static void exp_d(Fp12& y, const Fp12& x)
+	{
+#if 0
+		const mpz_class& p = param.p;
+		mpz_class p2 = p * p;
+		mpz_class p4 = p2 * p2;
+		Fp12::pow(y, x, (p4 - p2 + 1) / param.r * 3);
+		return;
+#endif
+#if 1
+		Fp12 a0, a1, a2, a3, a4, a5, a6, a7;
+		Fp12::unitaryInv(a0, x); // a0 = x^-1
+		fasterSqr(a1, a0); // x^-2
+		pow_z(a2, x); // x^z
+		fasterSqr(a3, a2); // x^2z
+		a1 *= a2; // a1 = x^(z-2)
+		pow_z(a7, a1); // a7 = x^(z^2-2z)
+		pow_z(a4, a7); // a4 = x^(z^3-2z^2)
+		pow_z(a5, a4); // a5 = x^(z^4-2z^3)
+		a3 *= a5; // a3 = x^(z^4-2z^3+2z)
+		pow_z(a6, a3); // a6 = x^(z^5-2z^4+2z^2)
+
+		Fp12::unitaryInv(a1, a1); // x^(2-z)
+		a1 *= a6; // x^(z^5-2z^4+2z^2-z+2)
+		a1 *= x; // x^(z^5-2z^4+2z^2-z+3) = x^c0
+		a3 *= a0; // x^(z^4-2z^3-1) = x^c1
+		Fp12::Frobenius(a3, a3); // x^(c1 p)
+		a1 *= a3; // x^(c0 + c1 p)
+		a4 *= a2; // x^(z^3-2z^2+z) = x^c2
+		Fp12::Frobenius2(a4, a4);  // x^(c2 p^2)
+		a1 *= a4; // x^(c0 + c1 p + c2 p^2)
+		a7 *= x; // x^(z^2-2z+1) = x^c3
+		Fp12::Frobenius3(y, a7);
+		y *= a1;
+#else
+		Fp12 t1, t2, t3;
+		Fp12::Frobenius(t1, x);
+		Fp12::Frobenius(t2, t1);
+		Fp12::Frobenius(t3, t2);
+		Fp12::pow(t1, t1, param.exp_c1);
+		Fp12::pow(t2, t2, param.exp_c2);
+		Fp12::pow(t3, t3, param.exp_c3);
+		Fp12::pow(y, x, param.exp_c0);
+		y *= t1;
+		y *= t2;
+		y *= t3;
+#endif
+	}
+////////////////////////////////////////////////////////////////////////////////////
+};
+
+template<class Fp>
+ParamT<Fp> BLS12T<Fp>::param;
+
+} } // mcl::bls12
+
diff --git a/include/mcl/bls12_381.hpp b/include/mcl/bls12_381.hpp
new file mode 100644
index 0000000..e5e4906
--- /dev/null
+++ b/include/mcl/bls12_381.hpp
@@ -0,0 +1,39 @@
+#pragma once
+/**
+	@file
+	@brief preset class for 381-bit optimal ate pairing over BLS12 curves
+	@author MITSUNARI Shigeo(@herumi)
+	@license modified new BSD license
+	http://opensource.org/licenses/BSD-3-Clause
+*/
+#include <mcl/bls12.hpp>
+
+namespace mcl { namespace bls12_381 {
+
+namespace local {
+struct FpTag;
+struct FrTag;
+}
+
+typedef mcl::FpT<local::FpTag, 384> Fp;
+typedef mcl::bls12::BLS12T<Fp> BLS12;
+typedef BLS12::Fp2 Fp2;
+typedef BLS12::Fp6 Fp6;
+typedef BLS12::Fp12 Fp12;
+typedef BLS12::G1 G1;
+typedef BLS12::G2 G2;
+typedef BLS12::Fp12 GT;
+
+/* the order of G1 is r */
+typedef mcl::FpT<local::FrTag, 256> Fr;
+
+static inline void initPairing(const mcl::bls12::CurveParam& cp = mcl::bls12::CurveFp381, fp::Mode mode = fp::FP_AUTO)
+{
+	BLS12::init(cp, mode);
+	G1::setCompressedExpression();
+	G2::setCompressedExpression();
+	Fr::init(BLS12::param.r);
+}
+
+} } // mcl::bls12_381
+