diff options
| author | MITSUNARI Shigeo <herumi@nifty.com> | 2018-09-22 07:51:34 +0800 |
|---|---|---|
| committer | MITSUNARI Shigeo <herumi@nifty.com> | 2018-09-22 07:51:34 +0800 |
| commit | 76b13b05edab0bdf26b918286670bccf9013a0bf (patch) | |
| tree | 10e55674a6b0a95ec7669ff2a15918373d897b41 | |
| parent | be1211d42ef2098015eda3a9f09992b9cfddba40 (diff) | |
| download | dexon-mcl-76b13b05edab0bdf26b918286670bccf9013a0bf.tar.gz dexon-mcl-76b13b05edab0bdf26b918286670bccf9013a0bf.tar.zst dexon-mcl-76b13b05edab0bdf26b918286670bccf9013a0bf.zip | |
mapToFunction for BLS12 is changed to calcBN
| -rw-r--r-- | include/mcl/bn.hpp | 18 | ||||
| -rw-r--r-- | readme.md | 4 | ||||
| -rw-r--r-- | test/bls12_test.cpp | 13 |
3 files changed, 34 insertions, 1 deletions
diff --git a/include/mcl/bn.hpp b/include/mcl/bn.hpp index 38f3f8d..8e9a9c6 100644 --- a/include/mcl/bn.hpp +++ b/include/mcl/bn.hpp @@ -414,6 +414,9 @@ struct MapTo { #endif #endif } + /* + 1.2~1.4 times faster than calBN + */ template<class G, class F> void naiveMapTo(G& P, const F& t) const { @@ -480,6 +483,10 @@ struct MapTo { z_ = z; // cofactor for G1 cofactor_ = (z - 1) * (z - 1) / 3; + bool b = Fp::squareRoot(c1_, -3); + assert(b); + (void)b; + c2_ = (c1_ - 1) / 2; } void init(const mpz_class& cofactor, const mpz_class &z, bool isBN, int curveType = -1) { @@ -494,8 +501,13 @@ struct MapTo { { if (isBN_) { if (!calcBN<G1, Fp>(P, t)) return false; + // no subgroup } else { +#ifdef MCL_USE_OLD_MAPTO_FOR_BLS12 naiveMapTo<G1, Fp>(P, t); +#else + if (!calcBN<G1, Fp>(P, t)) return false; +#endif mulByCofactorBLS12(P, P); } assert(P.isValid()); @@ -510,7 +522,11 @@ struct MapTo { if (!calcBN<G2, Fp2>(P, t)) return false; mulByCofactorBN(P, P); } else { - naiveMapTo<G2, Fp2>(P, t); +#ifdef MCL_USE_OLD_MAPTO_FOR_BLS12 + naiveMapTo<G1, Fp>(P, t); +#else + if (!calcBN<G2, Fp2>(P, t)) return false; +#endif mulByCofactorBLS12(P, P); } assert(P.isValid()); @@ -9,6 +9,10 @@ A portable and fast pairing-based cryptography library. mcl is a library for pairing-based cryptography.
The current version supports the optimal Ate pairing over BN curves and BLS12-381 curves.
+# News
+* break backward compatibility of mapToGi for BLS12. A map-to-function for BN is used.
+If `MCL_USE_OLD_MAPTO_FOR_BLS12` is defined, then the old function is used, but this will be removed in the future.
+
# Support architecture
* x86-64 Windows + Visual Studio
diff --git a/test/bls12_test.cpp b/test/bls12_test.cpp index 7046a95..0aa06ae 100644 --- a/test/bls12_test.cpp +++ b/test/bls12_test.cpp @@ -631,10 +631,23 @@ void testCurve(const mcl::CurveParam& cp) } CYBOZU_TEST_AUTO(multi) { + G1 P; + G2 Q; + int i; puts("BN254"); testCurve(mcl::BN254); + i = 1; + CYBOZU_BENCH_C("calcBN1", 100, (BN::param.mapTo.calcBN<G1, Fp>), P, i++); + CYBOZU_BENCH_C("naiveG2", 100, (BN::param.mapTo.naiveMapTo<G1, Fp>), P, i++); + CYBOZU_BENCH_C("calcBN2", 100, (BN::param.mapTo.calcBN<G2, Fp2>), Q, i++); + CYBOZU_BENCH_C("naiveG2", 100, (BN::param.mapTo.naiveMapTo<G2, Fp2>), Q, i++); puts("BLS12_381"); testCurve(mcl::BLS12_381); + i = 1; + CYBOZU_BENCH_C("calcBN1", 100, (BN::param.mapTo.calcBN<G1, Fp>), P, i++); + CYBOZU_BENCH_C("naiveG1", 100, (BN::param.mapTo.naiveMapTo<G1, Fp>), P, i++); + CYBOZU_BENCH_C("calcBN2", 100, (BN::param.mapTo.calcBN<G2, Fp2>), Q, i++); + CYBOZU_BENCH_C("naiveG2", 100, (BN::param.mapTo.naiveMapTo<G2, Fp2>), Q, i++); } CYBOZU_TEST_AUTO(BLS12_G1mulCofactor) |