1 // A subgroup of the group of points on an elliptic curve. 2 // Also used to represent quotient groups. 3 // 4 // We use the field_t structure even though E(K) is a group. Addition and 5 // multiplication both refer to the group operation. 6 7 // Requires: 8 // * stdio.h 9 // * gmp.h 10 // * field.h 11 #ifndef __PBC_CURVE_H__ 12 #define __PBC_CURVE_H__ 13 14 // Some initialization functions take an order parameter. This is meant to 15 // be the order of the subgroup, but might actually be the order of the twist. 16 // Certain routines initialize a curve, test a random point to see if it has 17 // the correct order, and if not, immediately twist the curve so that it does. 18 // TODO: Move such code into curve.c, so 'order' is always accurate. 19 20 // If cofac != NULL, then the field_t represents the subgroup of 21 // order = #E(K) / cofac. 22 // 23 // If not, and order = #E(K) then the field_t represents the entire E(K). 24 // 25 // Otherwise, if order is a factor of #E(K), then the field_t represents 26 // the quotient group of that order, namely E(K)/(#E(K)/order). No attempt is 27 // made to standardize the coset representative. This mode is useful for the 28 // Tate pairing (see thesis), where any coset representative of G2 suffices 29 // during the pairing computation. 30 31 // Initialize a subgroup of points on the curve Y^2 = X^3 + b. 32 void field_init_curve_b(field_ptr f, element_ptr b, mpz_t order, mpz_t cofac); 33 34 // Initialize a subgroup of points on the curve with the given j-invariant. 35 void field_init_curve_j(field_t f, element_ptr j, mpz_t order, mpz_t cofac); 36 37 // Initialize a subgroup of points on the curve Y^2 = X^3 + a X + b. 38 void field_init_curve_ab(field_ptr f, element_ptr a, element_ptr b, mpz_t order, mpz_t cofac); 39 40 // Reinitialize as the subgroup of points on the twist curve. 41 // Requires j-invariant of the original curve != 0, 1728. 42 // Mangles f, thus existing points of f become invalid. 43 // TODO: Refactor so we can remove this from the interface. 44 void field_reinit_curve_twist(field_t f); 45 46 // Compute trace of Frobenius at q^n given trace at q. 47 void pbc_mpz_trace_n(mpz_t res, mpz_t q, mpz_t trace, int n); 48 49 // Given q, t such that #E(F_q) = q - t + 1, compute #E(F_q^k). 50 void pbc_mpz_curve_order_extn(mpz_t res, mpz_t q, mpz_t t, int k); 51 52 void field_init_curve_with_map(field_ptr cnew, field_ptr c, 53 field_ptr dstfield, fieldmap map); 54 55 void field_init_curve_ab_map(field_t cnew, field_t c, 56 fieldmap map, field_ptr mapdest, 57 mpz_t ordernew, mpz_t cofacnew); 58 59 void field_curve_use_random_solvefory(field_ptr f); 60 61 void field_curve_set_quotient_cmp(field_ptr c, mpz_t quotient_cmp); 62 63 #pragma GCC visibility push(hidden) 64 // Internal: 65 66 element_ptr curve_x_coord(element_t e); 67 element_ptr curve_y_coord(element_t e); 68 element_ptr curve_a_coeff(element_t e); 69 element_ptr curve_b_coeff(element_t e); 70 element_ptr curve_field_a_coeff(field_t f); 71 element_ptr curve_field_b_coeff(field_t f); 72 73 void curve_from_x(element_ptr e, element_t x); 74 void curve_set_si(element_t R, long int x, long int y); 75 void curve_set_gen_no_cofac(element_ptr a); 76 77 #pragma GCC visibility pop 78 79 #endif //__PBC_CURVE_H__ 80