1 /** @file
2 *****************************************************************************
3 * @author This file is part of libff, developed by SCIPR Lab
4 * and contributors (see AUTHORS).
5 * @copyright MIT license (see LICENSE file)
6 *****************************************************************************/
7
8 #include <libff/algebra/curves/bn128/bn128_g1.hpp>
9 #include <libff/algebra/curves/bn128/bn128_g2.hpp>
10 #include <libff/algebra/curves/bn128/bn128_gt.hpp>
11 #include <libff/algebra/curves/bn128/bn128_init.hpp>
12
13 namespace libff {
14
15 bigint<bn128_r_limbs> bn128_modulus_r;
16 bigint<bn128_q_limbs> bn128_modulus_q;
17
18 bn::Fp bn128_coeff_b;
19 size_t bn128_Fq_s;
20 bn::Fp bn128_Fq_nqr_to_t;
21 mie::Vuint bn128_Fq_t_minus_1_over_2;
22
23 bn::Fp2 bn128_twist_coeff_b;
24 size_t bn128_Fq2_s;
25 bn::Fp2 bn128_Fq2_nqr_to_t;
26 mie::Vuint bn128_Fq2_t_minus_1_over_2;
27
init_bn128_params()28 void init_bn128_params()
29 {
30 bn::Param::init(); // init ate-pairing library
31
32 typedef bigint<bn128_r_limbs> bigint_r;
33 typedef bigint<bn128_q_limbs> bigint_q;
34
35 assert(sizeof(mp_limb_t) == 8 || sizeof(mp_limb_t) == 4); // Montgomery assumes this
36
37 /* parameters for scalar field Fr */
38 bn128_modulus_r = bigint_r("21888242871839275222246405745257275088548364400416034343698204186575808495617");
39 assert(bn128_Fr::modulus_is_valid());
40 if (sizeof(mp_limb_t) == 8)
41 {
42 bn128_Fr::Rsquared = bigint_r("944936681149208446651664254269745548490766851729442924617792859073125903783");
43 bn128_Fr::Rcubed = bigint_r("5866548545943845227489894872040244720403868105578784105281690076696998248512");
44 bn128_Fr::inv = 0xc2e1f593efffffff;
45 }
46 if (sizeof(mp_limb_t) == 4)
47 {
48 bn128_Fr::Rsquared = bigint_r("944936681149208446651664254269745548490766851729442924617792859073125903783");
49 bn128_Fr::Rcubed = bigint_r("5866548545943845227489894872040244720403868105578784105281690076696998248512");
50 bn128_Fr::inv = 0xefffffff;
51 }
52 bn128_Fr::num_bits = 254;
53 bn128_Fr::euler = bigint_r("10944121435919637611123202872628637544274182200208017171849102093287904247808");
54 bn128_Fr::s = 28;
55 bn128_Fr::t = bigint_r("81540058820840996586704275553141814055101440848469862132140264610111");
56 bn128_Fr::t_minus_1_over_2 = bigint_r("40770029410420498293352137776570907027550720424234931066070132305055");
57 bn128_Fr::multiplicative_generator = bn128_Fr("5");
58 bn128_Fr::root_of_unity = bn128_Fr("19103219067921713944291392827692070036145651957329286315305642004821462161904");
59 bn128_Fr::nqr = bn128_Fr("5");
60 bn128_Fr::nqr_to_t = bn128_Fr("19103219067921713944291392827692070036145651957329286315305642004821462161904");
61
62 /* parameters for base field Fq */
63 bn128_modulus_q = bigint_q("21888242871839275222246405745257275088696311157297823662689037894645226208583");
64 assert(bn128_Fq::modulus_is_valid());
65 if (sizeof(mp_limb_t) == 8)
66 {
67 bn128_Fq::Rsquared = bigint_q("3096616502983703923843567936837374451735540968419076528771170197431451843209");
68 bn128_Fq::Rcubed = bigint_q("14921786541159648185948152738563080959093619838510245177710943249661917737183");
69 bn128_Fq::inv = 0x87d20782e4866389;
70 }
71 if (sizeof(mp_limb_t) == 4)
72 {
73 bn128_Fq::Rsquared = bigint_q("3096616502983703923843567936837374451735540968419076528771170197431451843209");
74 bn128_Fq::Rcubed = bigint_q("14921786541159648185948152738563080959093619838510245177710943249661917737183");
75 bn128_Fq::inv = 0xe4866389;
76 }
77 bn128_Fq::num_bits = 254;
78 bn128_Fq::euler = bigint_q("10944121435919637611123202872628637544348155578648911831344518947322613104291");
79 bn128_Fq::s = 1;
80 bn128_Fq::t = bigint_q("10944121435919637611123202872628637544348155578648911831344518947322613104291");
81 bn128_Fq::t_minus_1_over_2 = bigint_q("5472060717959818805561601436314318772174077789324455915672259473661306552145");
82 bn128_Fq::multiplicative_generator = bn128_Fq("3");
83 bn128_Fq::root_of_unity = bn128_Fq("21888242871839275222246405745257275088696311157297823662689037894645226208582");
84 bn128_Fq::nqr = bn128_Fq("3");
85 bn128_Fq::nqr_to_t = bn128_Fq("21888242871839275222246405745257275088696311157297823662689037894645226208582");
86
87 /* additional parameters for square roots in Fq/Fq2 */
88 bn128_coeff_b = bn::Fp(3);
89 bn128_Fq_s = 1;
90 bn128_Fq_nqr_to_t = bn::Fp("21888242871839275222246405745257275088696311157297823662689037894645226208582");
91 bn128_Fq_t_minus_1_over_2 = mie::Vuint("5472060717959818805561601436314318772174077789324455915672259473661306552145");
92
93 bn128_twist_coeff_b = bn::Fp2(bn::Fp("19485874751759354771024239261021720505790618469301721065564631296452457478373"),
94 bn::Fp("266929791119991161246907387137283842545076965332900288569378510910307636690"));
95 bn128_Fq2_s = 4;
96 bn128_Fq2_nqr_to_t = bn::Fp2(bn::Fp("5033503716262624267312492558379982687175200734934877598599011485707452665730"),
97 bn::Fp("314498342015008975724433667930697407966947188435857772134235984660852259084"));
98 bn128_Fq2_t_minus_1_over_2 = mie::Vuint("14971724250519463826312126413021210649976634891596900701138993820439690427699319920245032869357433499099632259837909383182382988566862092145199781964621");
99
100 /* choice of group G1 */
101 bn128_G1::G1_zero.coord[0] = bn::Fp(1);
102 bn128_G1::G1_zero.coord[1] = bn::Fp(1);
103 bn128_G1::G1_zero.coord[2] = bn::Fp(0);
104
105 bn128_G1::G1_one.coord[0] = bn::Fp(1);
106 bn128_G1::G1_one.coord[1] = bn::Fp(2);
107 bn128_G1::G1_one.coord[2] = bn::Fp(1);
108
109 bn128_G1::wnaf_window_table.resize(0);
110 bn128_G1::wnaf_window_table.push_back(10);
111 bn128_G1::wnaf_window_table.push_back(24);
112 bn128_G1::wnaf_window_table.push_back(40);
113 bn128_G1::wnaf_window_table.push_back(132);
114
115 bn128_G1::fixed_base_exp_window_table.resize(0);
116 // window 1 is unbeaten in [-inf, 4.24]
117 bn128_G1::fixed_base_exp_window_table.push_back(1);
118 // window 2 is unbeaten in [4.24, 10.43]
119 bn128_G1::fixed_base_exp_window_table.push_back(4);
120 // window 3 is unbeaten in [10.43, 24.88]
121 bn128_G1::fixed_base_exp_window_table.push_back(10);
122 // window 4 is unbeaten in [24.88, 62.10]
123 bn128_G1::fixed_base_exp_window_table.push_back(25);
124 // window 5 is unbeaten in [62.10, 157.80]
125 bn128_G1::fixed_base_exp_window_table.push_back(62);
126 // window 6 is unbeaten in [157.80, 362.05]
127 bn128_G1::fixed_base_exp_window_table.push_back(158);
128 // window 7 is unbeaten in [362.05, 806.67]
129 bn128_G1::fixed_base_exp_window_table.push_back(362);
130 // window 8 is unbeaten in [806.67, 2090.34]
131 bn128_G1::fixed_base_exp_window_table.push_back(807);
132 // window 9 is unbeaten in [2090.34, 4459.58]
133 bn128_G1::fixed_base_exp_window_table.push_back(2090);
134 // window 10 is unbeaten in [4459.58, 9280.12]
135 bn128_G1::fixed_base_exp_window_table.push_back(4460);
136 // window 11 is unbeaten in [9280.12, 43302.64]
137 bn128_G1::fixed_base_exp_window_table.push_back(9280);
138 // window 12 is unbeaten in [43302.64, 210998.73]
139 bn128_G1::fixed_base_exp_window_table.push_back(43303);
140 // window 13 is never the best
141 bn128_G1::fixed_base_exp_window_table.push_back(0);
142 // window 14 is never the best
143 bn128_G1::fixed_base_exp_window_table.push_back(0);
144 // window 15 is unbeaten in [210998.73, 506869.47]
145 bn128_G1::fixed_base_exp_window_table.push_back(210999);
146 // window 16 is unbeaten in [506869.47, 930023.36]
147 bn128_G1::fixed_base_exp_window_table.push_back(506869);
148 // window 17 is unbeaten in [930023.36, 8350812.20]
149 bn128_G1::fixed_base_exp_window_table.push_back(930023);
150 // window 18 is never the best
151 bn128_G1::fixed_base_exp_window_table.push_back(0);
152 // window 19 is never the best
153 bn128_G1::fixed_base_exp_window_table.push_back(0);
154 // window 20 is unbeaten in [8350812.20, 21708138.87]
155 bn128_G1::fixed_base_exp_window_table.push_back(8350812);
156 // window 21 is unbeaten in [21708138.87, 29482995.52]
157 bn128_G1::fixed_base_exp_window_table.push_back(21708139);
158 // window 22 is unbeaten in [29482995.52, inf]
159 bn128_G1::fixed_base_exp_window_table.push_back(29482996);
160
161 /* choice of group G2 */
162 bn128_G2::G2_zero.coord[0] = bn::Fp2(bn::Fp(1), bn::Fp(0));
163 bn128_G2::G2_zero.coord[1] = bn::Fp2(bn::Fp(1), bn::Fp(0));
164 bn128_G2::G2_zero.coord[2] = bn::Fp2(bn::Fp(0), bn::Fp(0));
165
166 bn128_G2::G2_one.coord[0] = bn::Fp2(bn::Fp("15267802884793550383558706039165621050290089775961208824303765753922461897946"),
167 bn::Fp("9034493566019742339402378670461897774509967669562610788113215988055021632533"));
168 bn128_G2::G2_one.coord[1] = bn::Fp2(bn::Fp("644888581738283025171396578091639672120333224302184904896215738366765861164"),
169 bn::Fp("20532875081203448695448744255224543661959516361327385779878476709582931298750"));
170 bn128_G2::G2_one.coord[2] = bn::Fp2(bn::Fp(1), bn::Fp(0));
171
172 bn128_G2::wnaf_window_table.resize(0);
173 bn128_G2::wnaf_window_table.push_back(7);
174 bn128_G2::wnaf_window_table.push_back(18);
175 bn128_G2::wnaf_window_table.push_back(35);
176 bn128_G2::wnaf_window_table.push_back(116);
177
178 bn128_G2::fixed_base_exp_window_table.resize(0);
179 // window 1 is unbeaten in [-inf, 4.13]
180 bn128_G2::fixed_base_exp_window_table.push_back(1);
181 // window 2 is unbeaten in [4.13, 10.72]
182 bn128_G2::fixed_base_exp_window_table.push_back(4);
183 // window 3 is unbeaten in [10.72, 25.60]
184 bn128_G2::fixed_base_exp_window_table.push_back(11);
185 // window 4 is unbeaten in [25.60, 60.99]
186 bn128_G2::fixed_base_exp_window_table.push_back(26);
187 // window 5 is unbeaten in [60.99, 153.66]
188 bn128_G2::fixed_base_exp_window_table.push_back(61);
189 // window 6 is unbeaten in [153.66, 353.13]
190 bn128_G2::fixed_base_exp_window_table.push_back(154);
191 // window 7 is unbeaten in [353.13, 771.87]
192 bn128_G2::fixed_base_exp_window_table.push_back(353);
193 // window 8 is unbeaten in [771.87, 2025.85]
194 bn128_G2::fixed_base_exp_window_table.push_back(772);
195 // window 9 is unbeaten in [2025.85, 4398.65]
196 bn128_G2::fixed_base_exp_window_table.push_back(2026);
197 // window 10 is unbeaten in [4398.65, 10493.42]
198 bn128_G2::fixed_base_exp_window_table.push_back(4399);
199 // window 11 is unbeaten in [10493.42, 37054.73]
200 bn128_G2::fixed_base_exp_window_table.push_back(10493);
201 // window 12 is unbeaten in [37054.73, 49928.78]
202 bn128_G2::fixed_base_exp_window_table.push_back(37055);
203 // window 13 is unbeaten in [49928.78, 114502.82]
204 bn128_G2::fixed_base_exp_window_table.push_back(49929);
205 // window 14 is unbeaten in [114502.82, 161445.26]
206 bn128_G2::fixed_base_exp_window_table.push_back(114503);
207 // window 15 is unbeaten in [161445.26, 470648.01]
208 bn128_G2::fixed_base_exp_window_table.push_back(161445);
209 // window 16 is unbeaten in [470648.01, 1059821.87]
210 bn128_G2::fixed_base_exp_window_table.push_back(470648);
211 // window 17 is unbeaten in [1059821.87, 5450848.25]
212 bn128_G2::fixed_base_exp_window_table.push_back(1059822);
213 // window 18 is never the best
214 bn128_G2::fixed_base_exp_window_table.push_back(0);
215 // window 19 is unbeaten in [5450848.25, 5566795.57]
216 bn128_G2::fixed_base_exp_window_table.push_back(5450848);
217 // window 20 is unbeaten in [5566795.57, 33055217.52]
218 bn128_G2::fixed_base_exp_window_table.push_back(5566796);
219 // window 21 is never the best
220 bn128_G2::fixed_base_exp_window_table.push_back(0);
221 // window 22 is unbeaten in [33055217.52, inf]
222 bn128_G2::fixed_base_exp_window_table.push_back(33055218);
223
224 bn128_GT::GT_one.elem = bn::Fp12(1);
225 }
226 } // libff
227