Merge branch 'develop' of github.com:ConsenSys/gnark-crypto into develop

Author: gbotrel

ecc/bls12-377/fp/element_utils.go

@@ -0,0 +1,29 @@
+// Copyright 2020 ConsenSys Software Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package fp
+
+// MulByNonResidueInv ...
+func (z *Element) MulByNonResidueInv(x *Element) *Element {
+	qnrInv := Element{
+		9255502405446297221,
+		10229180150694123945,
+		9215585410771530959,
+		13357015519562362907,
+		5437107869987383107,
+		16259554076827459,
+	}
+	z.Mul(x, &qnrInv)
+	return z
+}

ecc/bls12-377/internal/fptower/e2_bls377.go

@@ -104,3 +104,14 @@ func (z *E2) norm(x *fp.Element) {
 	fp.MulBy5(&tmp)
 	x.Square(&z.A0).Add(x, &tmp)
 }
+
+// MulBybTwistCurveCoeff multiplies by 1/(0,1)
+func (z *E2) MulBybTwistCurveCoeff(x *E2) *E2 {
+
+	var res E2
+	res.A0.Set(&x.A1)
+	res.A1.MulByNonResidueInv(&x.A0)
+	z.Set(&res)
+
+	return z
+}

ecc/bls12-377/pairing.go

@@ -176,7 +176,7 @@ func (p *g2Proj) DoubleStep(evaluations *lineEvaluation) {
 	C.Square(&p.z)
 	D.Double(&C).
 		Add(&D, &C)
-	E.Mul(&D, &bTwistCurveCoeff)
+	E.MulBybTwistCurveCoeff(&D)
 	F.Double(&E).
 		Add(&F, &E)
 	G.Add(&B, &F)

ecc/bls12-381/internal/fptower/e2_bls381.go

@@ -89,3 +89,15 @@ func (z *E2) norm(x *fp.Element) {
 	tmp.Square(&z.A1)
 	x.Add(x, &tmp)
 }
+
+// MulBybTwistCurveCoeff multiplies by 4(1,1)
+func (z *E2) MulBybTwistCurveCoeff(x *E2) *E2 {
+
+	var res E2
+	res.A0.Sub(&x.A0, &x.A1)
+	res.A1.Add(&x.A0, &x.A1)
+	z.Double(&res).
+		Double(z)
+
+	return z
+}

ecc/bls12-381/pairing.go

@@ -180,7 +180,7 @@ func (p *g2Proj) DoubleStep(l *lineEvaluation) {
 	C.Square(&p.z)
 	D.Double(&C).
 		Add(&D, &C)
-	E.Mul(&D, &bTwistCurveCoeff)
+	E.MulBybTwistCurveCoeff(&D)
 	F.Double(&E).
 		Add(&F, &E)
 	G.Add(&B, &F)

ecc/bls24-315/internal/fptower/e4_bls315.go

@@ -0,0 +1,26 @@
+// Copyright 2020 ConsenSys AG
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package fptower
+
+// MulBybTwistCurveCoeff multiplies by 1/(0,1)
+func (z *E4) MulBybTwistCurveCoeff(x *E4) *E4 {
+
+	var res E4
+	res.B0.Set(&x.B1)
+	res.B1.MulByNonResidueInv(&x.B0)
+	z.Set(&res)
+
+	return z
+}

ecc/bls24-315/pairing.go

@@ -190,7 +190,7 @@ func (p *g2Proj) DoubleStep(evaluations *lineEvaluation) {
 	C.Square(&p.z)
 	D.Double(&C).
 		Add(&D, &C)
-	E.Mul(&D, &bTwistCurveCoeff)
+	E.MulBybTwistCurveCoeff(&D)
 	F.Double(&E).
 		Add(&F, &E)
 	G.Add(&B, &F)

ecc/bn254/g2.go

@@ -322,7 +322,11 @@ func (p *g1Proj) DoubleStep(evaluations *lineEvaluation) {
 	C.Square(&p.z)
 	D.Double(&C).
 		Add(&D, &C)
-	E.Mul(&D, &bCurveCoeff)
+
+		// E.Mul(&D, &bCurveCoeff)
+	E.Double(&D).
+		Double(&E)
+
 	F.Double(&E).
 		Add(&F, &E)
 	G.Add(&B, &F)

ecc/bw6-633/pairing.go

@@ -297,7 +297,10 @@ func (p *g1Proj) DoubleStep(evaluations *lineEvaluation) {
 	C.Square(&p.z)
 	D.Double(&C).
 		Add(&D, &C)
-	E.Mul(&D, &bCurveCoeff)
+
+		// E.Mul(&D, &bCurveCoeff)
+	E.Neg(&D)
+
 	F.Double(&E).
 		Add(&F, &E)
 	G.Add(&B, &F)