/* needed for SOK */
public static ECP2 mapit2(sbyte[] h)
{
BIG q = new BIG(ROM.Modulus);
BIG x = BIG.fromBytes(h);
BIG one = new BIG(1);
FP2 X;
ECP2 Q, T, K;
x.mod(q);
while (true)
{
X = new FP2(one, x);
Q = new ECP2(X);
if (!Q.is_infinity())
{
break;
}
x.inc(1);
x.norm();
}
/* Fast Hashing to G2 - Fuentes-Castaneda, Knapp and Rodriguez-Henriquez */
BIG Fra = new BIG(ROM.CURVE_Fra);
BIG Frb = new BIG(ROM.CURVE_Frb);
X = new FP2(Fra, Frb);
x = new BIG(ROM.CURVE_Bnx);
T = new ECP2();
T.copy(Q);
T.mul(x);
T.neg();
K = new ECP2();
K.copy(T);
K.dbl();
K.add(T);
K.affine();
K.frob(X);
Q.frob(X);
Q.frob(X);
Q.frob(X);
Q.add(T);
Q.add(K);
T.frob(X);
T.frob(X);
Q.add(T);
Q.affine();
return(Q);
}
/* P=u0.Q0+u1*Q1+u2*Q2+u3*Q3 */
public static ECP2 mul4(ECP2[] Q, BIG[] u)
{
int i, j, nb;
int[] a = new int[4];
ECP2 T = new ECP2();
ECP2 C = new ECP2();
ECP2 P = new ECP2();
ECP2[] W = new ECP2[8];
BIG mt = new BIG();
BIG[] t = new BIG[4];
sbyte[] w = new sbyte[ROM.NLEN * ROM.BASEBITS + 1];
for (i = 0; i < 4; i++)
{
t[i] = new BIG(u[i]);
Q[i].affine();
}
/* precompute table */
W[0] = new ECP2();
W[0].copy(Q[0]);
W[0].sub(Q[1]);
W[1] = new ECP2();
W[1].copy(W[0]);
W[2] = new ECP2();
W[2].copy(W[0]);
W[3] = new ECP2();
W[3].copy(W[0]);
W[4] = new ECP2();
W[4].copy(Q[0]);
W[4].add(Q[1]);
W[5] = new ECP2();
W[5].copy(W[4]);
W[6] = new ECP2();
W[6].copy(W[4]);
W[7] = new ECP2();
W[7].copy(W[4]);
T.copy(Q[2]);
T.sub(Q[3]);
W[1].sub(T);
W[2].add(T);
W[5].sub(T);
W[6].add(T);
T.copy(Q[2]);
T.add(Q[3]);
W[0].sub(T);
W[3].add(T);
W[4].sub(T);
W[7].add(T);
multiaffine(8, W);
/* if multiplier is even add 1 to multiplier, and add P to correction */
mt.zero();
C.inf();
for (i = 0; i < 4; i++)
{
if (t[i].parity() == 0)
{
t[i].inc(1);
t[i].norm();
C.add(Q[i]);
}
mt.add(t[i]);
mt.norm();
}
nb = 1 + mt.nbits();
/* convert exponent to signed 1-bit window */
for (j = 0; j < nb; j++)
{
for (i = 0; i < 4; i++)
{
a[i] = (sbyte)(t[i].lastbits(2) - 2);
t[i].dec(a[i]);
t[i].norm();
t[i].fshr(1);
}
w[j] = (sbyte)(8 * a[0] + 4 * a[1] + 2 * a[2] + a[3]);
}
w[nb] = (sbyte)(8 * t[0].lastbits(2) + 4 * t[1].lastbits(2) + 2 * t[2].lastbits(2) + t[3].lastbits(2));
P.copy(W[(w[nb] - 1) / 2]);
for (i = nb - 1; i >= 0; i--)
{
T.select(W, w[i]);
P.dbl();
P.add(T);
}
P.sub(C); // apply correction
P.affine();
return(P);
}
/* P*=e */
public ECP2 mul(BIG e)
{
/* fixed size windows */
int i, b, nb, m, s, ns;
BIG mt = new BIG();
BIG t = new BIG();
ECP2 P = new ECP2();
ECP2 Q = new ECP2();
ECP2 C = new ECP2();
ECP2[] W = new ECP2[8];
sbyte[] w = new sbyte[1 + (ROM.NLEN * ROM.BASEBITS + 3) / 4];
if (is_infinity())
{
return(new ECP2());
}
affine();
/* precompute table */
Q.copy(this);
Q.dbl();
W[0] = new ECP2();
W[0].copy(this);
for (i = 1; i < 8; i++)
{
W[i] = new ECP2();
W[i].copy(W[i - 1]);
W[i].add(Q);
}
/* convert the table to affine */
multiaffine(8, W);
/* make exponent odd - add 2P if even, P if odd */
t.copy(e);
s = t.parity();
t.inc(1);
t.norm();
ns = t.parity();
mt.copy(t);
mt.inc(1);
mt.norm();
t.cmove(mt, s);
Q.cmove(this, ns);
C.copy(Q);
nb = 1 + (t.nbits() + 3) / 4;
/* convert exponent to signed 4-bit window */
for (i = 0; i < nb; i++)
{
w[i] = (sbyte)(t.lastbits(5) - 16);
t.dec(w[i]);
t.norm();
t.fshr(4);
}
w[nb] = (sbyte)t.lastbits(5);
P.copy(W[(w[nb] - 1) / 2]);
for (i = nb - 1; i >= 0; i--)
{
Q.select(W, w[i]);
P.dbl();
P.dbl();
P.dbl();
P.dbl();
P.add(Q);
}
P.sub(C);
P.affine();
return(P);
}
/* Line function */
public static FP12 line(ECP2 A, ECP2 B, FP Qx, FP Qy)
{
ECP2 P = new ECP2();
FP4 a, b, c;
P.copy(A);
FP2 ZZ = new FP2(P.getz());
ZZ.sqr();
int D;
if (A == B)
{
D = A.dbl(); // Check this return value in amcl_ec2.c
}
else
{
D = A.add(B);
}
if (D < 0)
{
return(new FP12(1));
}
FP2 Z3 = new FP2(A.getz());
c = new FP4(0);
if (D == 0)
{ // Addition
FP2 X = new FP2(B.getx());
FP2 Y = new FP2(B.gety());
FP2 T = new FP2(P.getz());
T.mul(Y);
ZZ.mul(T);
FP2 NY = new FP2(P.gety());
NY.neg();
ZZ.add(NY);
Z3.pmul(Qy);
T.mul(P.getx());
X.mul(NY);
T.add(X);
a = new FP4(Z3, T);
ZZ.neg();
ZZ.pmul(Qx);
b = new FP4(ZZ);
}
else
{ // Doubling
FP2 X = new FP2(P.getx());
FP2 Y = new FP2(P.gety());
FP2 T = new FP2(P.getx());
T.sqr();
T.imul(3);
Y.sqr();
Y.add(Y);
Z3.mul(ZZ);
Z3.pmul(Qy);
X.mul(T);
X.sub(Y);
a = new FP4(Z3, X);
T.neg();
ZZ.mul(T);
ZZ.pmul(Qx);
b = new FP4(ZZ);
}
return(new FP12(a, b, c));
}