You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@milagro.apache.org by br...@apache.org on 2019/01/15 15:19:19 UTC
[14/51] [partial] incubator-milagro-crypto git commit: update code
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/fp12.h
----------------------------------------------------------------------
diff --git a/version3/c/fp12.h b/version3/c/fp12.h
deleted file mode 100644
index 99fed17..0000000
--- a/version3/c/fp12.h
+++ /dev/null
@@ -1,216 +0,0 @@
-/*
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-*/
-
-/**
- * @file fp12.h
- * @author Mike Scott
- * @brief FP12 Header File
- *
- */
-
-#ifndef FP12_YYY_H
-#define FP12_YYY_H
-
-#include "fp4_YYY.h"
-
-/**
- @brief FP12 Structure - towered over three FP4
-*/
-
-typedef struct
-{
- FP4_YYY a; /**< first part of FP12 */
- FP4_YYY b; /**< second part of FP12 */
- FP4_YYY c; /**< third part of FP12 */
-} FP12_YYY;
-
-extern const BIG_XXX Fra_YYY; /**< real part of BN curve Frobenius Constant */
-extern const BIG_XXX Frb_YYY; /**< imaginary part of BN curve Frobenius Constant */
-
-/* FP12 prototypes */
-/** @brief Tests for FP12 equal to zero
- *
- @param x FP12 number to be tested
- @return 1 if zero, else returns 0
- */
-extern int FP12_YYY_iszilch(FP12_YYY *x);
-/** @brief Tests for FP12 equal to unity
- *
- @param x FP12 number to be tested
- @return 1 if unity, else returns 0
- */
-extern int FP12_YYY_isunity(FP12_YYY *x);
-/** @brief Copy FP12 to another FP12
- *
- @param x FP12 instance, on exit = y
- @param y FP12 instance to be copied
- */
-extern void FP12_YYY_copy(FP12_YYY *x,FP12_YYY *y);
-/** @brief Set FP12 to unity
- *
- @param x FP12 instance to be set to one
- */
-extern void FP12_YYY_one(FP12_YYY *x);
-/** @brief Tests for equality of two FP12s
- *
- @param x FP12 instance to be compared
- @param y FP12 instance to be compared
- @return 1 if x=y, else returns 0
- */
-extern int FP12_YYY_equals(FP12_YYY *x,FP12_YYY *y);
-/** @brief Conjugation of FP12
- *
- If y=(a,b,c) (where a,b,c are its three FP4 components) on exit x=(conj(a),-conj(b),conj(c))
- @param x FP12 instance, on exit = conj(y)
- @param y FP12 instance
- */
-extern void FP12_YYY_conj(FP12_YYY *x,FP12_YYY *y);
-/** @brief Initialise FP12 from single FP4
- *
- Sets first FP4 component of an FP12, other components set to zero
- @param x FP12 instance to be initialised
- @param a FP4 to form first part of FP4
- */
-extern void FP12_YYY_from_FP4(FP12_YYY *x,FP4_YYY *a);
-/** @brief Initialise FP12 from three FP4s
- *
- @param x FP12 instance to be initialised
- @param a FP4 to form first part of FP12
- @param b FP4 to form second part of FP12
- @param c FP4 to form third part of FP12
- */
-extern void FP12_YYY_from_FP4s(FP12_YYY *x,FP4_YYY *a,FP4_YYY* b,FP4_YYY *c);
-/** @brief Fast Squaring of an FP12 in "unitary" form
- *
- @param x FP12 instance, on exit = y^2
- @param y FP4 instance, must be unitary
- */
-extern void FP12_YYY_usqr(FP12_YYY *x,FP12_YYY *y);
-/** @brief Squaring an FP12
- *
- @param x FP12 instance, on exit = y^2
- @param y FP12 instance
- */
-extern void FP12_YYY_sqr(FP12_YYY *x,FP12_YYY *y);
-/** @brief Fast multiplication of an FP12 by an FP12 that arises from an ATE pairing line function
- *
- Here the multiplier has a special form that can be exploited
- @param x FP12 instance, on exit = x*y
- @param y FP12 instance, of special form
- @param t D_TYPE or M_TYPE twist
- */
-extern void FP12_YYY_smul(FP12_YYY *x,FP12_YYY *y,int t);
-/** @brief Multiplication of two FP12s
- *
- @param x FP12 instance, on exit = x*y
- @param y FP12 instance, the multiplier
- */
-extern void FP12_YYY_mul(FP12_YYY *x,FP12_YYY *y);
-/** @brief Inverting an FP12
- *
- @param x FP12 instance, on exit = 1/y
- @param y FP12 instance
- */
-extern void FP12_YYY_inv(FP12_YYY *x,FP12_YYY *y);
-/** @brief Raises an FP12 to the power of a BIG
- *
- @param r FP12 instance, on exit = y^b
- @param x FP12 instance
- @param b BIG number
- */
-extern void FP12_YYY_pow(FP12_YYY *r,FP12_YYY *x,BIG_XXX b);
-/** @brief Raises an FP12 instance x to a small integer power, side-channel resistant
- *
- @param x FP12 instance, on exit = x^i
- @param i small integer exponent
- @param b maximum number of bits in exponent
- */
-extern void FP12_YYY_pinpow(FP12_YYY *x,int i,int b);
-
-/** @brief Raises an FP12 instance x to a BIG power, compressed to FP4
- *
- @param c FP4 instance, on exit = x^(e mod r) as FP4
- @param x FP12 input
- @param e BIG exponent
- @param r BIG group order
- */
-extern void FP12_YYY_compow(FP4_YYY *c,FP12_YYY *x,BIG_XXX e,BIG_XXX r);
-
-/** @brief Calculate x[0]^b[0].x[1]^b[1].x[2]^b[2].x[3]^b[3], side-channel resistant
- *
- @param r FP12 instance, on exit = x[0]^b[0].x[1]^b[1].x[2]^b[2].x[3]^b[3]
- @param x FP12 array with 4 FP12s
- @param b BIG array of 4 exponents
- */
-extern void FP12_YYY_pow4(FP12_YYY *r,FP12_YYY *x,BIG_XXX *b);
-/** @brief Raises an FP12 to the power of the internal modulus p, using the Frobenius
- *
- @param x FP12 instance, on exit = x^p
- @param f FP2 precalculated Frobenius constant
- */
-extern void FP12_YYY_frob(FP12_YYY *x,FP2_YYY *f);
-/** @brief Reduces all components of possibly unreduced FP12 mod Modulus
- *
- @param x FP12 instance, on exit reduced mod Modulus
- */
-extern void FP12_YYY_reduce(FP12_YYY *x);
-/** @brief Normalises the components of an FP12
- *
- @param x FP12 instance to be normalised
- */
-extern void FP12_YYY_norm(FP12_YYY *x);
-/** @brief Formats and outputs an FP12 to the console
- *
- @param x FP12 instance to be printed
- */
-extern void FP12_YYY_output(FP12_YYY *x);
-/** @brief Formats and outputs an FP12 instance to an octet string
- *
- Serializes the components of an FP12 to big-endian base 256 form.
- @param S output octet string
- @param x FP12 instance to be converted to an octet string
- */
-extern void FP12_YYY_toOctet(octet *S,FP12_YYY *x);
-/** @brief Creates an FP12 instance from an octet string
- *
- De-serializes the components of an FP12 to create an FP12 from big-endian base 256 components.
- @param x FP12 instance to be created from an octet string
- @param S input octet string
-
- */
-extern void FP12_YYY_fromOctet(FP12_YYY *x,octet *S);
-/** @brief Calculate the trace of an FP12
- *
- @param t FP4 trace of x, on exit = tr(x)
- @param x FP12 instance
-
- */
-extern void FP12_YYY_trace(FP4_YYY *t,FP12_YYY *x);
-
-/** @brief Conditional copy of FP12 number
- *
- Conditionally copies second parameter to the first (without branching)
- @param x FP12 instance, set to y if s!=0
- @param y another FP12 instance
- @param s copy only takes place if not equal to 0
- */
-extern void FP12_YYY_cmove(FP12_YYY *x,FP12_YYY *y,int s);
-
-
-#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/fp16.c
----------------------------------------------------------------------
diff --git a/version3/c/fp16.c b/version3/c/fp16.c
deleted file mode 100644
index 623e87b..0000000
--- a/version3/c/fp16.c
+++ /dev/null
@@ -1,693 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AMCL Fp^8 functions */
-
-/* FP16 elements are of the form a+ib, where i is sqrt(sqrt(-1+sqrt(-1))) */
-
-#include "fp16_YYY.h"
-
-
-/* test x==0 ? */
-int FP16_YYY_iszilch(FP16_YYY *x)
-{
- if (FP8_YYY_iszilch(&(x->a)) && FP8_YYY_iszilch(&(x->b))) return 1;
- return 0;
-}
-
-/* test x==1 ? */
-int FP16_YYY_isunity(FP16_YYY *x)
-{
- if (FP8_YYY_isunity(&(x->a)) && FP8_YYY_iszilch(&(x->b))) return 1;
- return 0;
-}
-
-/* test is w real? That is in a+ib test b is zero */
-int FP16_YYY_isreal(FP16_YYY *w)
-{
- return FP8_YYY_iszilch(&(w->b));
-}
-
-/* return 1 if x==y, else 0 */
-int FP16_YYY_equals(FP16_YYY *x,FP16_YYY *y)
-{
- if (FP8_YYY_equals(&(x->a),&(y->a)) && FP8_YYY_equals(&(x->b),&(y->b)))
- return 1;
- return 0;
-}
-
-/* set FP16 from two FP8s */
-void FP16_YYY_from_FP8s(FP16_YYY *w,FP8_YYY * x,FP8_YYY* y)
-{
- FP8_YYY_copy(&(w->a), x);
- FP8_YYY_copy(&(w->b), y);
-}
-
-/* set FP16 from FP8 */
-void FP16_YYY_from_FP8(FP16_YYY *w,FP8_YYY *x)
-{
- FP8_YYY_copy(&(w->a), x);
- FP8_YYY_zero(&(w->b));
-}
-
-/* set high part of FP16 from FP8 */
-void FP16_YYY_from_FP8H(FP16_YYY *w,FP8_YYY *x)
-{
- FP8_YYY_copy(&(w->b), x);
- FP8_YYY_zero(&(w->a));
-}
-
-/* FP16 copy w=x */
-void FP16_YYY_copy(FP16_YYY *w,FP16_YYY *x)
-{
- if (w==x) return;
- FP8_YYY_copy(&(w->a), &(x->a));
- FP8_YYY_copy(&(w->b), &(x->b));
-}
-
-/* FP16 w=0 */
-void FP16_YYY_zero(FP16_YYY *w)
-{
- FP8_YYY_zero(&(w->a));
- FP8_YYY_zero(&(w->b));
-}
-
-/* FP16 w=1 */
-void FP16_YYY_one(FP16_YYY *w)
-{
- FP8_YYY_one(&(w->a));
- FP8_YYY_zero(&(w->b));
-}
-
-/* Set w=-x */
-void FP16_YYY_neg(FP16_YYY *w,FP16_YYY *x)
-{
- /* Just one field neg */
- FP8_YYY m,t;
- FP16_YYY_norm(x);
- FP8_YYY_add(&m,&(x->a),&(x->b));
- FP8_YYY_norm(&m);
- FP8_YYY_neg(&m,&m);
- FP8_YYY_add(&t,&m,&(x->b));
- FP8_YYY_add(&(w->b),&m,&(x->a));
- FP8_YYY_copy(&(w->a),&t);
- FP16_YYY_norm(w);
-}
-
-/* Set w=conj(x) */
-void FP16_YYY_conj(FP16_YYY *w,FP16_YYY *x)
-{
- FP8_YYY_copy(&(w->a), &(x->a));
- FP8_YYY_neg(&(w->b), &(x->b));
- FP16_YYY_norm(w);
-}
-
-/* Set w=-conj(x) */
-void FP16_YYY_nconj(FP16_YYY *w,FP16_YYY *x)
-{
- FP8_YYY_copy(&(w->b),&(x->b));
- FP8_YYY_neg(&(w->a), &(x->a));
- FP16_YYY_norm(w);
-}
-
-/* Set w=x+y */
-void FP16_YYY_add(FP16_YYY *w,FP16_YYY *x,FP16_YYY *y)
-{
- FP8_YYY_add(&(w->a), &(x->a), &(y->a));
- FP8_YYY_add(&(w->b), &(x->b), &(y->b));
-}
-
-/* Set w=x-y */
-/* Input y MUST be normed */
-void FP16_YYY_sub(FP16_YYY *w,FP16_YYY *x,FP16_YYY *y)
-{
- FP16_YYY my;
-
- FP16_YYY_neg(&my, y);
- FP16_YYY_add(w, x, &my);
-
-}
-
-/* reduce all components of w mod Modulus */
-void FP16_YYY_reduce(FP16_YYY *w)
-{
- FP8_YYY_reduce(&(w->a));
- FP8_YYY_reduce(&(w->b));
-}
-
-/* normalise all elements of w */
-void FP16_YYY_norm(FP16_YYY *w)
-{
- FP8_YYY_norm(&(w->a));
- FP8_YYY_norm(&(w->b));
-}
-
-/* Set w=s*x, where s is FP8 */
-void FP16_YYY_pmul(FP16_YYY *w,FP16_YYY *x,FP8_YYY *s)
-{
- FP8_YYY_mul(&(w->a),&(x->a),s);
- FP8_YYY_mul(&(w->b),&(x->b),s);
-}
-
-/* Set w=s*x, where s is FP2 */
-void FP16_YYY_qmul(FP16_YYY *w,FP16_YYY *x,FP2_YYY *s)
-{
- FP8_YYY_qmul(&(w->a),&(x->a),s);
- FP8_YYY_qmul(&(w->b),&(x->b),s);
-}
-
-/* Set w=s*x, where s is int */
-void FP16_YYY_imul(FP16_YYY *w,FP16_YYY *x,int s)
-{
- FP8_YYY_imul(&(w->a),&(x->a),s);
- FP8_YYY_imul(&(w->b),&(x->b),s);
-}
-
-/* Set w=x^2 */
-/* Input MUST be normed */
-void FP16_YYY_sqr(FP16_YYY *w,FP16_YYY *x)
-{
- FP8_YYY t1,t2,t3;
-
- FP8_YYY_mul(&t3,&(x->a),&(x->b)); /* norms x */
- FP8_YYY_copy(&t2,&(x->b));
- FP8_YYY_add(&t1,&(x->a),&(x->b));
- FP8_YYY_times_i(&t2);
-
- FP8_YYY_add(&t2,&(x->a),&t2);
-
- FP8_YYY_norm(&t1); // 2
- FP8_YYY_norm(&t2); // 2
-
- FP8_YYY_mul(&(w->a),&t1,&t2);
-
- FP8_YYY_copy(&t2,&t3);
- FP8_YYY_times_i(&t2);
-
- FP8_YYY_add(&t2,&t2,&t3);
-
- FP8_YYY_norm(&t2); // 2
- FP8_YYY_neg(&t2,&t2);
- FP8_YYY_add(&(w->a),&(w->a),&t2); /* a=(a+b)(a+i^2.b)-i^2.ab-ab = a*a+ib*ib */
- FP8_YYY_add(&(w->b),&t3,&t3); /* b=2ab */
-
- FP16_YYY_norm(w);
-}
-
-/* Set w=x*y */
-/* Inputs MUST be normed */
-void FP16_YYY_mul(FP16_YYY *w,FP16_YYY *x,FP16_YYY *y)
-{
-
- FP8_YYY t1,t2,t3,t4;
- FP8_YYY_mul(&t1,&(x->a),&(y->a));
- FP8_YYY_mul(&t2,&(x->b),&(y->b));
-
- FP8_YYY_add(&t3,&(y->b),&(y->a));
- FP8_YYY_add(&t4,&(x->b),&(x->a));
-
- FP8_YYY_norm(&t4); // 2
- FP8_YYY_norm(&t3); // 2
-
- FP8_YYY_mul(&t4,&t4,&t3); /* (xa+xb)(ya+yb) */
-
- FP8_YYY_neg(&t3,&t1); // 1
- FP8_YYY_add(&t4,&t4,&t3); //t4E=3
- FP8_YYY_norm(&t4);
-
- FP8_YYY_neg(&t3,&t2); // 1
- FP8_YYY_add(&(w->b),&t4,&t3); //wbE=3
-
- FP8_YYY_times_i(&t2);
- FP8_YYY_add(&(w->a),&t2,&t1);
-
- FP16_YYY_norm(w);
-}
-
-/* output FP16 in format [a,b] */
-void FP16_YYY_output(FP16_YYY *w)
-{
- printf("[");
- FP8_YYY_output(&(w->a));
- printf(",");
- FP8_YYY_output(&(w->b));
- printf("]");
-}
-
-void FP16_YYY_rawoutput(FP16_YYY *w)
-{
- printf("[");
- FP8_YYY_rawoutput(&(w->a));
- printf(",");
- FP8_YYY_rawoutput(&(w->b));
- printf("]");
-}
-
-/* Set w=1/x */
-void FP16_YYY_inv(FP16_YYY *w,FP16_YYY *x)
-{
- FP8_YYY t1,t2;
- FP8_YYY_sqr(&t1,&(x->a));
- FP8_YYY_sqr(&t2,&(x->b));
- FP8_YYY_times_i(&t2);
- FP8_YYY_norm(&t2);
-
- FP8_YYY_sub(&t1,&t1,&t2);
- FP8_YYY_norm(&t1);
-
- FP8_YYY_inv(&t1,&t1);
-
- FP8_YYY_mul(&(w->a),&t1,&(x->a));
- FP8_YYY_neg(&t1,&t1);
- FP8_YYY_norm(&t1);
- FP8_YYY_mul(&(w->b),&t1,&(x->b));
-}
-
-/* w*=i where i = sqrt(sqrt(-1+sqrt(-1))) */
-void FP16_YYY_times_i(FP16_YYY *w)
-{
- FP8_YYY s,t;
- FP8_YYY_copy(&s,&(w->b));
- FP8_YYY_copy(&t,&(w->a));
- FP8_YYY_times_i(&s);
- FP8_YYY_copy(&(w->a),&s);
- FP8_YYY_copy(&(w->b),&t);
- FP16_YYY_norm(w);
-}
-
-void FP16_YYY_times_i2(FP16_YYY *w)
-{
- FP8_YYY_times_i(&(w->a));
- FP8_YYY_times_i(&(w->b));
-}
-
-void FP16_YYY_times_i4(FP16_YYY *w)
-{
- FP8_YYY_times_i2(&(w->a));
- FP8_YYY_times_i2(&(w->b));
-}
-
-/* Set w=w^p using Frobenius */
-void FP16_YYY_frob(FP16_YYY *w,FP2_YYY *f)
-{ // f=(i+1)^(p-3)/8
- FP2_YYY ff;
-
- FP2_YYY_sqr(&ff,f); // (i+1)^(p-3)/4
- FP2_YYY_norm(&ff);
-
- FP8_YYY_frob(&(w->a),&ff);
- FP8_YYY_frob(&(w->b),&ff);
-
- FP8_YYY_qmul(&(w->b),&(w->b),f); // times (1+i)^(p-3)/8
- FP8_YYY_times_i(&(w->b)); // (i+1)^(p-1)/8
-}
-
-/* Set r=a^b mod m */
-void FP16_YYY_pow(FP16_YYY *r,FP16_YYY * a,BIG_XXX b)
-{
- FP16_YYY w;
- BIG_XXX z,zilch;
- int bt;
-
- BIG_XXX_zero(zilch);
-
- BIG_XXX_copy(z,b);
- FP16_YYY_copy(&w,a);
- FP16_YYY_one(r);
- BIG_XXX_norm(z);
- while(1)
- {
- bt=BIG_XXX_parity(z);
- BIG_XXX_shr(z,1);
- if (bt) FP16_YYY_mul(r,r,&w);
- if (BIG_XXX_comp(z,zilch)==0) break;
- FP16_YYY_sqr(&w,&w);
- }
- FP16_YYY_reduce(r);
-}
-
-/* Move b to a if d=1 */
-void FP16_YYY_cmove(FP16_YYY *f,FP16_YYY *g,int d)
-{
- FP8_YYY_cmove(&(f->a),&(g->a),d);
- FP8_YYY_cmove(&(f->b),&(g->b),d);
-}
-
-#if CURVE_SECURITY_ZZZ == 256
-
-/* XTR xtr_a function */
-void FP16_YYY_xtr_A(FP16_YYY *r,FP16_YYY *w,FP16_YYY *x,FP16_YYY *y,FP16_YYY *z)
-{
- FP16_YYY t1,t2;
-
- FP16_YYY_copy(r,x);
- FP16_YYY_sub(&t1,w,y);
- FP16_YYY_norm(&t1);
- FP16_YYY_pmul(&t1,&t1,&(r->a));
- FP16_YYY_add(&t2,w,y);
- FP16_YYY_norm(&t2);
- FP16_YYY_pmul(&t2,&t2,&(r->b));
- FP16_YYY_times_i(&t2);
-
- FP16_YYY_add(r,&t1,&t2);
- FP16_YYY_add(r,r,z);
-
- FP16_YYY_reduce(r);
-}
-
-/* XTR xtr_d function */
-void FP16_YYY_xtr_D(FP16_YYY *r,FP16_YYY *x)
-{
- FP16_YYY w;
- FP16_YYY_copy(r,x);
- FP16_YYY_conj(&w,r);
- FP16_YYY_add(&w,&w,&w);
- FP16_YYY_sqr(r,r);
- FP16_YYY_norm(&w);
- FP16_YYY_sub(r,r,&w);
- FP16_YYY_reduce(r); /* reduce here as multiple calls trigger automatic reductions */
-}
-
-/* r=x^n using XTR method on traces of FP12s */
-void FP16_YYY_xtr_pow(FP16_YYY *r,FP16_YYY *x,BIG_XXX n)
-{
- int i,par,nb;
- BIG_XXX v;
- FP2_YYY w2;
- FP4_YYY w4;
- FP8_YYY w8;
- FP16_YYY t,a,b,c,sf;
-
- BIG_XXX_zero(v);
- BIG_XXX_inc(v,3);
- BIG_XXX_norm(v);
- FP2_YYY_from_BIG(&w2,v);
- FP4_YYY_from_FP2(&w4,&w2);
- FP8_YYY_from_FP4(&w8,&w4);
- FP16_YYY_from_FP8(&a,&w8);
- FP16_YYY_copy(&sf,x);
- FP16_YYY_norm(&sf);
- FP16_YYY_copy(&b,&sf);
- FP16_YYY_xtr_D(&c,&sf);
-
-
- par=BIG_XXX_parity(n);
- BIG_XXX_copy(v,n);
- BIG_XXX_norm(v);
- BIG_XXX_shr(v,1);
- if (par==0)
- {
- BIG_XXX_dec(v,1);
- BIG_XXX_norm(v);
- }
-
- nb=BIG_XXX_nbits(v);
- for (i=nb-1; i>=0; i--)
- {
- if (!BIG_XXX_bit(v,i))
- {
- FP16_YYY_copy(&t,&b);
- FP16_YYY_conj(&sf,&sf);
- FP16_YYY_conj(&c,&c);
- FP16_YYY_xtr_A(&b,&a,&b,&sf,&c);
- FP16_YYY_conj(&sf,&sf);
- FP16_YYY_xtr_D(&c,&t);
- FP16_YYY_xtr_D(&a,&a);
- }
- else
- {
- FP16_YYY_conj(&t,&a);
- FP16_YYY_xtr_D(&a,&b);
- FP16_YYY_xtr_A(&b,&c,&b,&sf,&t);
- FP16_YYY_xtr_D(&c,&c);
- }
- }
-
- if (par==0) FP16_YYY_copy(r,&c);
- else FP16_YYY_copy(r,&b);
- FP16_YYY_reduce(r);
-}
-
-/* r=ck^a.cl^n using XTR double exponentiation method on traces of FP12s. See Stam thesis. */
-void FP16_YYY_xtr_pow2(FP16_YYY *r,FP16_YYY *ck,FP16_YYY *cl,FP16_YYY *ckml,FP16_YYY *ckm2l,BIG_XXX a,BIG_XXX b)
-{
- int i,f2;
- BIG_XXX d,e,w;
- FP16_YYY t,cu,cv,cumv,cum2v;
-
-
- BIG_XXX_copy(e,a);
- BIG_XXX_copy(d,b);
- BIG_XXX_norm(d);
- BIG_XXX_norm(e);
- FP16_YYY_copy(&cu,ck);
- FP16_YYY_copy(&cv,cl);
- FP16_YYY_copy(&cumv,ckml);
- FP16_YYY_copy(&cum2v,ckm2l);
-
- f2=0;
- while (BIG_XXX_parity(d)==0 && BIG_XXX_parity(e)==0)
- {
- BIG_XXX_shr(d,1);
- BIG_XXX_shr(e,1);
- f2++;
- }
- while (BIG_XXX_comp(d,e)!=0)
- {
- if (BIG_XXX_comp(d,e)>0)
- {
- BIG_XXX_imul(w,e,4);
- BIG_XXX_norm(w);
- if (BIG_XXX_comp(d,w)<=0)
- {
- BIG_XXX_copy(w,d);
- BIG_XXX_copy(d,e);
- BIG_XXX_sub(e,w,e);
- BIG_XXX_norm(e);
- FP16_YYY_xtr_A(&t,&cu,&cv,&cumv,&cum2v);
- FP16_YYY_conj(&cum2v,&cumv);
- FP16_YYY_copy(&cumv,&cv);
- FP16_YYY_copy(&cv,&cu);
- FP16_YYY_copy(&cu,&t);
- }
- else if (BIG_XXX_parity(d)==0)
- {
- BIG_XXX_shr(d,1);
- FP16_YYY_conj(r,&cum2v);
- FP16_YYY_xtr_A(&t,&cu,&cumv,&cv,r);
- FP16_YYY_xtr_D(&cum2v,&cumv);
- FP16_YYY_copy(&cumv,&t);
- FP16_YYY_xtr_D(&cu,&cu);
- }
- else if (BIG_XXX_parity(e)==1)
- {
- BIG_XXX_sub(d,d,e);
- BIG_XXX_norm(d);
- BIG_XXX_shr(d,1);
- FP16_YYY_xtr_A(&t,&cu,&cv,&cumv,&cum2v);
- FP16_YYY_xtr_D(&cu,&cu);
- FP16_YYY_xtr_D(&cum2v,&cv);
- FP16_YYY_conj(&cum2v,&cum2v);
- FP16_YYY_copy(&cv,&t);
- }
- else
- {
- BIG_XXX_copy(w,d);
- BIG_XXX_copy(d,e);
- BIG_XXX_shr(d,1);
- BIG_XXX_copy(e,w);
- FP16_YYY_xtr_D(&t,&cumv);
- FP16_YYY_conj(&cumv,&cum2v);
- FP16_YYY_conj(&cum2v,&t);
- FP16_YYY_xtr_D(&t,&cv);
- FP16_YYY_copy(&cv,&cu);
- FP16_YYY_copy(&cu,&t);
- }
- }
- if (BIG_XXX_comp(d,e)<0)
- {
- BIG_XXX_imul(w,d,4);
- BIG_XXX_norm(w);
- if (BIG_XXX_comp(e,w)<=0)
- {
- BIG_XXX_sub(e,e,d);
- BIG_XXX_norm(e);
- FP16_YYY_xtr_A(&t,&cu,&cv,&cumv,&cum2v);
- FP16_YYY_copy(&cum2v,&cumv);
- FP16_YYY_copy(&cumv,&cu);
- FP16_YYY_copy(&cu,&t);
- }
- else if (BIG_XXX_parity(e)==0)
- {
- BIG_XXX_copy(w,d);
- BIG_XXX_copy(d,e);
- BIG_XXX_shr(d,1);
- BIG_XXX_copy(e,w);
- FP16_YYY_xtr_D(&t,&cumv);
- FP16_YYY_conj(&cumv,&cum2v);
- FP16_YYY_conj(&cum2v,&t);
- FP16_YYY_xtr_D(&t,&cv);
- FP16_YYY_copy(&cv,&cu);
- FP16_YYY_copy(&cu,&t);
- }
- else if (BIG_XXX_parity(d)==1)
- {
- BIG_XXX_copy(w,e);
- BIG_XXX_copy(e,d);
- BIG_XXX_sub(w,w,d);
- BIG_XXX_norm(w);
- BIG_XXX_copy(d,w);
- BIG_XXX_shr(d,1);
- FP16_YYY_xtr_A(&t,&cu,&cv,&cumv,&cum2v);
- FP16_YYY_conj(&cumv,&cumv);
- FP16_YYY_xtr_D(&cum2v,&cu);
- FP16_YYY_conj(&cum2v,&cum2v);
- FP16_YYY_xtr_D(&cu,&cv);
- FP16_YYY_copy(&cv,&t);
- }
- else
- {
- BIG_XXX_shr(d,1);
- FP16_YYY_conj(r,&cum2v);
- FP16_YYY_xtr_A(&t,&cu,&cumv,&cv,r);
- FP16_YYY_xtr_D(&cum2v,&cumv);
- FP16_YYY_copy(&cumv,&t);
- FP16_YYY_xtr_D(&cu,&cu);
- }
- }
- }
- FP16_YYY_xtr_A(r,&cu,&cv,&cumv,&cum2v);
- for (i=0; i<f2; i++) FP16_YYY_xtr_D(r,r);
- FP16_YYY_xtr_pow(r,r,d);
-}
-
-#endif
-
-
-
-/*
-int main(){
- FP2 w0,w1,f;
- FP8 w,t;
- FP8 c1,c2,c3,c4,cr;
- BIG a,b;
- BIG e,e1,e2;
- BIG p,md;
-
-
- BIG_rcopy(md,Modulus);
- //Test w^(P^4) = w mod p^2
- BIG_zero(a); BIG_inc(a,27);
- BIG_zero(b); BIG_inc(b,45);
- FP2_from_BIGs(&w0,a,b);
-
- BIG_zero(a); BIG_inc(a,33);
- BIG_zero(b); BIG_inc(b,54);
- FP2_from_BIGs(&w1,a,b);
-
- FP8_from_FP2s(&w,&w0,&w1);
- FP8_reduce(&w);
-
- printf("w= ");
- FP8_output(&w);
- printf("\n");
-
-
- FP8_copy(&t,&w);
-
-
- BIG_copy(p,md);
- FP8_pow(&w,&w,p);
-
- printf("w^p= ");
- FP8_output(&w);
- printf("\n");
-//exit(0);
-
- BIG_rcopy(a,CURVE_Fra);
- BIG_rcopy(b,CURVE_Frb);
- FP2_from_BIGs(&f,a,b);
-
- FP8_frob(&t,&f);
- printf("w^p= ");
- FP8_output(&t);
- printf("\n");
-
- FP8_pow(&w,&w,p);
- FP8_pow(&w,&w,p);
- FP8_pow(&w,&w,p);
- printf("w^p4= ");
- FP8_output(&w);
- printf("\n");
-
-// Test 1/(1/x) = x mod p^4
- FP8_from_FP2s(&w,&w0,&w1);
- printf("Test Inversion \nw= ");
- FP8_output(&w);
- printf("\n");
-
- FP8_inv(&w,&w);
- printf("1/w mod p^4 = ");
- FP8_output(&w);
- printf("\n");
-
- FP8_inv(&w,&w);
- printf("1/(1/w) mod p^4 = ");
- FP8_output(&w);
- printf("\n");
-
- BIG_zero(e); BIG_inc(e,12);
-
-
-
- // FP8_xtr_A(&w,&t,&w,&t,&t);
- FP8_xtr_pow(&w,&w,e);
-
- printf("w^e= ");
- FP8_output(&w);
- printf("\n");
-
-
- BIG_zero(a); BIG_inc(a,37);
- BIG_zero(b); BIG_inc(b,17);
- FP2_from_BIGs(&w0,a,b);
-
- BIG_zero(a); BIG_inc(a,49);
- BIG_zero(b); BIG_inc(b,31);
- FP2_from_BIGs(&w1,a,b);
-
- FP8_from_FP2s(&c1,&w0,&w1);
- FP8_from_FP2s(&c2,&w0,&w1);
- FP8_from_FP2s(&c3,&w0,&w1);
- FP8_from_FP2s(&c4,&w0,&w1);
-
- BIG_zero(e1); BIG_inc(e1,3331);
- BIG_zero(e2); BIG_inc(e2,3372);
-
- FP8_xtr_pow2(&w,&c1,&w,&c2,&c3,e1,e2);
-
- printf("c^e= ");
- FP8_output(&w);
- printf("\n");
-
-
- return 0;
-}
-*/
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/fp16.h
----------------------------------------------------------------------
diff --git a/version3/c/fp16.h b/version3/c/fp16.h
deleted file mode 100644
index d2d87d3..0000000
--- a/version3/c/fp16.h
+++ /dev/null
@@ -1,260 +0,0 @@
-#ifndef FP16_YYY_H
-#define FP16_YYY_H
-
-#include "fp8_YYY.h"
-#include "config_curve_ZZZ.h"
-
-
-/**
- @brief FP16 Structure - towered over two FP8
-*/
-
-typedef struct
-{
- FP8_YYY a; /**< real part of FP16 */
- FP8_YYY b; /**< imaginary part of FP16 */
-} FP16_YYY;
-
-
-/* FP16 prototypes */
-/** @brief Tests for FP16 equal to zero
- *
- @param x FP16 number to be tested
- @return 1 if zero, else returns 0
- */
-extern int FP16_YYY_iszilch(FP16_YYY *x);
-/** @brief Tests for FP16 equal to unity
- *
- @param x FP16 number to be tested
- @return 1 if unity, else returns 0
- */
-extern int FP16_YYY_isunity(FP16_YYY *x);
-/** @brief Tests for equality of two FP16s
- *
- @param x FP16 instance to be compared
- @param y FP16 instance to be compared
- @return 1 if x=y, else returns 0
- */
-extern int FP16_YYY_equals(FP16_YYY *x,FP16_YYY *y);
-/** @brief Tests for FP16 having only a real part and no imaginary part
- *
- @param x FP16 number to be tested
- @return 1 if real, else returns 0
- */
-extern int FP16_YYY_isreal(FP16_YYY *x);
-/** @brief Initialise FP16 from two FP8s
- *
- @param x FP16 instance to be initialised
- @param a FP8 to form real part of FP16
- @param b FP8 to form imaginary part of FP16
- */
-extern void FP16_YYY_from_FP8s(FP16_YYY *x,FP8_YYY *a,FP8_YYY *b);
-/** @brief Initialise FP16 from single FP8
- *
- Imaginary part is set to zero
- @param x FP16 instance to be initialised
- @param a FP8 to form real part of FP16
- */
-extern void FP16_YYY_from_FP8(FP16_YYY *x,FP8_YYY *a);
-
-/** @brief Initialise FP16 from single FP8
- *
- real part is set to zero
- @param x FP16 instance to be initialised
- @param a FP8 to form imaginary part of FP16
- */
-extern void FP16_YYY_from_FP8H(FP16_YYY *x,FP8_YYY *a);
-
-
-/** @brief Copy FP16 to another FP16
- *
- @param x FP16 instance, on exit = y
- @param y FP16 instance to be copied
- */
-extern void FP16_YYY_copy(FP16_YYY *x,FP16_YYY *y);
-/** @brief Set FP16 to zero
- *
- @param x FP16 instance to be set to zero
- */
-extern void FP16_YYY_zero(FP16_YYY *x);
-/** @brief Set FP16 to unity
- *
- @param x FP16 instance to be set to one
- */
-extern void FP16_YYY_one(FP16_YYY *x);
-/** @brief Negation of FP16
- *
- @param x FP16 instance, on exit = -y
- @param y FP16 instance
- */
-extern void FP16_YYY_neg(FP16_YYY *x,FP16_YYY *y);
-/** @brief Conjugation of FP16
- *
- If y=(a,b) on exit x=(a,-b)
- @param x FP16 instance, on exit = conj(y)
- @param y FP16 instance
- */
-extern void FP16_YYY_conj(FP16_YYY *x,FP16_YYY *y);
-/** @brief Negative conjugation of FP16
- *
- If y=(a,b) on exit x=(-a,b)
- @param x FP16 instance, on exit = -conj(y)
- @param y FP16 instance
- */
-extern void FP16_YYY_nconj(FP16_YYY *x,FP16_YYY *y);
-/** @brief addition of two FP16s
- *
- @param x FP16 instance, on exit = y+z
- @param y FP16 instance
- @param z FP16 instance
- */
-extern void FP16_YYY_add(FP16_YYY *x,FP16_YYY *y,FP16_YYY *z);
-/** @brief subtraction of two FP16s
- *
- @param x FP16 instance, on exit = y-z
- @param y FP16 instance
- @param z FP16 instance
- */
-extern void FP16_YYY_sub(FP16_YYY *x,FP16_YYY *y,FP16_YYY *z);
-/** @brief Multiplication of an FP16 by an FP8
- *
- @param x FP16 instance, on exit = y*a
- @param y FP16 instance
- @param a FP8 multiplier
- */
-extern void FP16_YYY_pmul(FP16_YYY *x,FP16_YYY *y,FP8_YYY *a);
-
-/** @brief Multiplication of an FP16 by an FP2
- *
- @param x FP16 instance, on exit = y*a
- @param y FP16 instance
- @param a FP2 multiplier
- */
-extern void FP16_YYY_qmul(FP16_YYY *x,FP16_YYY *y,FP2_YYY *a);
-
-/** @brief Multiplication of an FP16 by a small integer
- *
- @param x FP16 instance, on exit = y*i
- @param y FP16 instance
- @param i an integer
- */
-extern void FP16_YYY_imul(FP16_YYY *x,FP16_YYY *y,int i);
-/** @brief Squaring an FP16
- *
- @param x FP16 instance, on exit = y^2
- @param y FP16 instance
- */
-extern void FP16_YYY_sqr(FP16_YYY *x,FP16_YYY *y);
-/** @brief Multiplication of two FP16s
- *
- @param x FP16 instance, on exit = y*z
- @param y FP16 instance
- @param z FP16 instance
- */
-extern void FP16_YYY_mul(FP16_YYY *x,FP16_YYY *y,FP16_YYY *z);
-/** @brief Inverting an FP16
- *
- @param x FP16 instance, on exit = 1/y
- @param y FP16 instance
- */
-extern void FP16_YYY_inv(FP16_YYY *x,FP16_YYY *y);
-/** @brief Formats and outputs an FP16 to the console
- *
- @param x FP16 instance to be printed
- */
-extern void FP16_YYY_output(FP16_YYY *x);
-/** @brief Formats and outputs an FP16 to the console in raw form (for debugging)
- *
- @param x FP16 instance to be printed
- */
-extern void FP16_YYY_rawoutput(FP16_YYY *x);
-/** @brief multiplies an FP16 instance by irreducible polynomial sqrt(1+sqrt(-1))
- *
- @param x FP16 instance, on exit = sqrt(1+sqrt(-1)*x
- */
-extern void FP16_YYY_times_i(FP16_YYY *x);
-/** @brief multiplies an FP16 instance by irreducible polynomial (1+sqrt(-1))
- *
- @param x FP16 instance, on exit = sqrt(1+sqrt(-1))^2*x
- */
-extern void FP16_YYY_times_i2(FP16_YYY *x);
-
-/** @brief multiplies an FP16 instance by irreducible polynomial (1+sqrt(-1))
- *
- @param x FP16 instance, on exit = sqrt(1+sqrt(-1))^4*x
- */
-extern void FP16_YYY_times_i4(FP16_YYY *x);
-
-
-/** @brief Normalises the components of an FP16
- *
- @param x FP16 instance to be normalised
- */
-extern void FP16_YYY_norm(FP16_YYY *x);
-/** @brief Reduces all components of possibly unreduced FP16 mod Modulus
- *
- @param x FP16 instance, on exit reduced mod Modulus
- */
-extern void FP16_YYY_reduce(FP16_YYY *x);
-/** @brief Raises an FP16 to the power of a BIG
- *
- @param x FP16 instance, on exit = y^b
- @param y FP16 instance
- @param b BIG number
- */
-extern void FP16_YYY_pow(FP16_YYY *x,FP16_YYY *y,BIG_XXX b);
-/** @brief Raises an FP16 to the power of the internal modulus p, using the Frobenius
- *
- @param x FP16 instance, on exit = x^p
- @param f FP2 precalculated Frobenius constant
- */
-extern void FP16_YYY_frob(FP16_YYY *x,FP2_YYY *f);
-/** @brief Calculates the XTR addition function r=w*x-conj(x)*y+z
- *
- @param r FP16 instance, on exit = w*x-conj(x)*y+z
- @param w FP16 instance
- @param x FP16 instance
- @param y FP16 instance
- @param z FP16 instance
- */
-extern void FP16_YYY_xtr_A(FP16_YYY *r,FP16_YYY *w,FP16_YYY *x,FP16_YYY *y,FP16_YYY *z);
-/** @brief Calculates the XTR doubling function r=x^2-2*conj(x)
- *
- @param r FP16 instance, on exit = x^2-2*conj(x)
- @param x FP16 instance
- */
-extern void FP16_YYY_xtr_D(FP16_YYY *r,FP16_YYY *x);
-/** @brief Calculates FP16 trace of an FP12 raised to the power of a BIG number
- *
- XTR single exponentiation
- @param r FP16 instance, on exit = trace(w^b)
- @param x FP16 instance, trace of an FP12 w
- @param b BIG number
- */
-extern void FP16_YYY_xtr_pow(FP16_YYY *r,FP16_YYY *x,BIG_XXX b);
-/** @brief Calculates FP16 trace of c^a.d^b, where c and d are derived from FP16 traces of FP12s
- *
- XTR double exponentiation
- Assumes c=tr(x^m), d=tr(x^n), e=tr(x^(m-n)), f=tr(x^(m-2n))
- @param r FP16 instance, on exit = trace(c^a.d^b)
- @param c FP16 instance, trace of an FP12
- @param d FP16 instance, trace of an FP12
- @param e FP16 instance, trace of an FP12
- @param f FP16 instance, trace of an FP12
- @param a BIG number
- @param b BIG number
- */
-extern void FP16_YYY_xtr_pow2(FP16_YYY *r,FP16_YYY *c,FP16_YYY *d,FP16_YYY *e,FP16_YYY *f,BIG_XXX a,BIG_XXX b);
-
-/** @brief Conditional copy of FP16 number
- *
- Conditionally copies second parameter to the first (without branching)
- @param x FP16 instance, set to y if s!=0
- @param y another FP16 instance
- @param s copy only takes place if not equal to 0
- */
-extern void FP16_YYY_cmove(FP16_YYY *x,FP16_YYY *y,int s);
-
-
-#endif
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/fp2.c
----------------------------------------------------------------------
diff --git a/version3/c/fp2.c b/version3/c/fp2.c
deleted file mode 100644
index d0c8e3f..0000000
--- a/version3/c/fp2.c
+++ /dev/null
@@ -1,489 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AMCL Fp^2 functions */
-/* SU=m, m is Stack Usage (no lazy )*/
-
-/* FP2 elements are of the form a+ib, where i is sqrt(-1) */
-
-#include "fp2_YYY.h"
-
-/* test x==0 ? */
-/* SU= 8 */
-int FP2_YYY_iszilch(FP2_YYY *x)
-{
- // FP2_YYY_reduce(x);
- if (FP_YYY_iszilch(&(x->a)) && FP_YYY_iszilch(&(x->b))) return 1;
- return 0;
-}
-
-/* Move b to a if d=1 */
-void FP2_YYY_cmove(FP2_YYY *f,FP2_YYY *g,int d)
-{
- FP_YYY_cmove(&(f->a),&(g->a),d);
- FP_YYY_cmove(&(f->b),&(g->b),d);
-}
-
-/* test x==1 ? */
-/* SU= 48 */
-int FP2_YYY_isunity(FP2_YYY *x)
-{
- FP_YYY one;
- FP_YYY_one(&one);
- //FP2_YYY_reduce(x);
- if (FP_YYY_equals(&(x->a),&one) && FP_YYY_iszilch(&(x->b))) return 1;
- return 0;
-}
-
-/* SU= 8 */
-/* Fully reduce a and b mod Modulus */
-void FP2_YYY_reduce(FP2_YYY *w)
-{
- FP_YYY_reduce(&(w->a));
- FP_YYY_reduce(&(w->b));
-}
-
-/* return 1 if x==y, else 0 */
-/* SU= 16 */
-int FP2_YYY_equals(FP2_YYY *x,FP2_YYY *y)
-{
- if (FP_YYY_equals(&(x->a),&(y->a)) && FP_YYY_equals(&(x->b),&(y->b)))
- return 1;
- return 0;
-}
-
-/* Create FP2 from two FPs */
-/* SU= 16 */
-void FP2_YYY_from_FPs(FP2_YYY *w,FP_YYY *x,FP_YYY *y)
-{
- FP_YYY_copy(&(w->a),x);
- FP_YYY_copy(&(w->b),y);
-}
-
-/* Create FP2 from two BIGS */
-/* SU= 16 */
-void FP2_YYY_from_BIGs(FP2_YYY *w,BIG_XXX x,BIG_XXX y)
-{
- FP_YYY_nres(&(w->a),x);
- FP_YYY_nres(&(w->b),y);
-}
-
-/* Create FP2 from FP */
-/* SU= 8 */
-void FP2_YYY_from_FP(FP2_YYY *w,FP_YYY *x)
-{
- FP_YYY_copy(&(w->a),x);
- FP_YYY_zero(&(w->b));
-}
-
-/* Create FP2 from BIG */
-/* SU= 8 */
-void FP2_YYY_from_BIG(FP2_YYY *w,BIG_XXX x)
-{
- FP_YYY_nres(&(w->a),x);
- FP_YYY_zero(&(w->b));
-}
-
-/* FP2 copy w=x */
-/* SU= 16 */
-void FP2_YYY_copy(FP2_YYY *w,FP2_YYY *x)
-{
- if (w==x) return;
- FP_YYY_copy(&(w->a),&(x->a));
- FP_YYY_copy(&(w->b),&(x->b));
-}
-
-/* FP2 set w=0 */
-/* SU= 8 */
-void FP2_YYY_zero(FP2_YYY *w)
-{
- FP_YYY_zero(&(w->a));
- FP_YYY_zero(&(w->b));
-}
-
-/* FP2 set w=1 */
-/* SU= 48 */
-void FP2_YYY_one(FP2_YYY *w)
-{
- FP_YYY one;
- FP_YYY_one(&one);
- FP2_YYY_from_FP(w,&one);
-}
-
-/* Set w=-x */
-/* SU= 88 */
-void FP2_YYY_neg(FP2_YYY *w,FP2_YYY *x)
-{
- /* Just one neg! */
- FP_YYY m,t;
-// FP2_YYY_norm(x);
- FP_YYY_add(&m,&(x->a),&(x->b));
- FP_YYY_neg(&m,&m);
- FP_YYY_add(&t,&m,&(x->b));
- FP_YYY_add(&(w->b),&m,&(x->a));
- FP_YYY_copy(&(w->a),&t);
-
-}
-
-/* Set w=conj(x) */
-/* SU= 16 */
-void FP2_YYY_conj(FP2_YYY *w,FP2_YYY *x)
-{
- FP_YYY_copy(&(w->a),&(x->a));
-// BIG_XXX_norm(x->b);
- FP_YYY_neg(&(w->b),&(x->b));
- FP_YYY_norm(&(w->b));
-}
-
-/* Set w=x+y */
-/* SU= 16 */
-void FP2_YYY_add(FP2_YYY *w,FP2_YYY *x,FP2_YYY *y)
-{
- FP_YYY_add(&(w->a),&(x->a),&(y->a));
- FP_YYY_add(&(w->b),&(x->b),&(y->b));
-}
-
-/* Set w=x-y */
-/* Input y MUST be normed */
-void FP2_YYY_sub(FP2_YYY *w,FP2_YYY *x,FP2_YYY *y)
-{
- FP2_YYY m;
- FP2_YYY_neg(&m,y);
- FP2_YYY_add(w,x,&m);
-}
-
-/* Set w=s*x, where s is FP */
-/* SU= 16 */
-void FP2_YYY_pmul(FP2_YYY *w,FP2_YYY *x,FP_YYY *s)
-{
- FP_YYY_mul(&(w->a),&(x->a),s);
- FP_YYY_mul(&(w->b),&(x->b),s);
-}
-
-/* SU= 16 */
-/* Set w=s*x, where s is int */
-void FP2_YYY_imul(FP2_YYY *w,FP2_YYY *x,int s)
-{
- FP_YYY_imul(&(w->a),&(x->a),s);
- FP_YYY_imul(&(w->b),&(x->b),s);
-}
-
-/* Set w=x^2 */
-/* SU= 128 */
-void FP2_YYY_sqr(FP2_YYY *w,FP2_YYY *x)
-{
- FP_YYY w1,w3,mb;
-
- FP_YYY_add(&w1,&(x->a),&(x->b));
- FP_YYY_neg(&mb,&(x->b));
-
- FP_YYY_add(&w3,&(x->a),&(x->a));
- FP_YYY_norm(&w3);
- FP_YYY_mul(&(w->b),&w3,&(x->b));
-
- FP_YYY_add(&(w->a),&(x->a),&mb);
-
- FP_YYY_norm(&w1);
- FP_YYY_norm(&(w->a));
-
- FP_YYY_mul(&(w->a),&w1,&(w->a)); /* w->a#2 w->a=1 w1&w2=6 w1*w2=2 */
-}
-
-
-/* Set w=x*y */
-/* Inputs MUST be normed */
-/* Now uses Lazy reduction */
-void FP2_YYY_mul(FP2_YYY *w,FP2_YYY *x,FP2_YYY *y)
-{
- DBIG_XXX A,B,E,F,pR;
- BIG_XXX C,D,p;
-
- BIG_XXX_rcopy(p,Modulus_YYY);
- BIG_XXX_dsucopy(pR,p);
-
-// reduce excesses of a and b as required (so product < pR)
-
- if ((sign64)(x->a.XES+x->b.XES)*(y->a.XES+y->b.XES)>(sign64)FEXCESS_YYY)
- {
-#ifdef DEBUG_REDUCE
- printf("FP2 Product too large - reducing it\n");
-#endif
- if (x->a.XES>1) FP_YYY_reduce(&(x->a));
- if (x->b.XES>1) FP_YYY_reduce(&(x->b));
- }
-
- BIG_XXX_mul(A,x->a.g,y->a.g);
- BIG_XXX_mul(B,x->b.g,y->b.g);
-
- BIG_XXX_add(C,x->a.g,x->b.g);
- BIG_XXX_norm(C);
- BIG_XXX_add(D,y->a.g,y->b.g);
- BIG_XXX_norm(D);
-
- BIG_XXX_mul(E,C,D);
- BIG_XXX_dadd(F,A,B);
- BIG_XXX_dsub(B,pR,B); //
-
- BIG_XXX_dadd(A,A,B); // A<pR? Not necessarily, but <2pR
- BIG_XXX_dsub(E,E,F); // E<pR ? Yes
-
- BIG_XXX_dnorm(A);
- FP_YYY_mod(w->a.g,A);
- w->a.XES=3;// may drift above 2p...
- BIG_XXX_dnorm(E);
- FP_YYY_mod(w->b.g,E);
- w->b.XES=2;
-
-}
-
-/* output FP2 in hex format [a,b] */
-/* SU= 16 */
-void FP2_YYY_output(FP2_YYY *w)
-{
- BIG_XXX bx,by;
- FP2_YYY_reduce(w);
- FP_YYY_redc(bx,&(w->a));
- FP_YYY_redc(by,&(w->b));
- printf("[");
- BIG_XXX_output(bx);
- printf(",");
- BIG_XXX_output(by);
- printf("]");
- FP_YYY_nres(&(w->a),bx);
- FP_YYY_nres(&(w->b),by);
-}
-
-/* SU= 8 */
-void FP2_YYY_rawoutput(FP2_YYY *w)
-{
- printf("[");
- BIG_XXX_rawoutput(w->a.g);
- printf(",");
- BIG_XXX_rawoutput(w->b.g);
- printf("]");
-}
-
-
-/* Set w=1/x */
-/* SU= 128 */
-void FP2_YYY_inv(FP2_YYY *w,FP2_YYY *x)
-{
- BIG_XXX m,b;
- FP_YYY w1,w2;
-
- FP2_YYY_norm(x);
- FP_YYY_sqr(&w1,&(x->a));
- FP_YYY_sqr(&w2,&(x->b));
- FP_YYY_add(&w1,&w1,&w2);
-
- FP_YYY_inv(&w1,&w1);
-
- FP_YYY_mul(&(w->a),&(x->a),&w1);
- FP_YYY_neg(&w1,&w1);
- FP_YYY_norm(&w1);
- FP_YYY_mul(&(w->b),&(x->b),&w1);
-// FP2_YYY_norm(w);
-}
-
-
-/* Set w=x/2 */
-/* SU= 16 */
-void FP2_YYY_div2(FP2_YYY *w,FP2_YYY *x)
-{
- FP_YYY_div2(&(w->a),&(x->a));
- FP_YYY_div2(&(w->b),&(x->b));
-}
-
-/* Set w*=(1+sqrt(-1)) */
-/* where X^2-(1+sqrt(-1)) is irreducible for FP4, assumes p=3 mod 8 */
-
-/* Input MUST be normed */
-void FP2_YYY_mul_ip(FP2_YYY *w)
-{
- FP_YYY z;
- FP2_YYY t;
-
-// FP2_YYY_norm(w);
- FP2_YYY_copy(&t,w);
-
- FP_YYY_copy(&z,&(w->a));
- FP_YYY_neg(&(w->a),&(w->b));
- FP_YYY_copy(&(w->b),&z);
-
- FP2_YYY_add(w,&t,w);
-// Output NOT normed, so use with care
-}
-
-
-void FP2_YYY_div_ip2(FP2_YYY *w)
-{
- FP2_YYY t;
- FP2_YYY_norm(w);
- FP_YYY_add(&(t.a),&(w->a),&(w->b));
- FP_YYY_sub(&(t.b),&(w->b),&(w->a));
- FP2_YYY_norm(&t);
- FP2_YYY_copy(w,&t);
-}
-
-/* Set w/=(1+sqrt(-1)) */
-/* SU= 88 */
-void FP2_YYY_div_ip(FP2_YYY *w)
-{
- FP2_YYY t;
- FP2_YYY_norm(w);
- FP_YYY_add(&t.a,&(w->a),&(w->b));
- FP_YYY_sub(&t.b,&(w->b),&(w->a));
- FP2_YYY_norm(&t);
- FP2_YYY_div2(w,&t);
-}
-
-/* SU= 8 */
-/* normalise a and b components of w */
-void FP2_YYY_norm(FP2_YYY *w)
-{
- FP_YYY_norm(&(w->a));
- FP_YYY_norm(&(w->b));
-}
-
-/* Set w=a^b mod m */
-/* SU= 208 */
-void FP2_YYY_pow(FP2_YYY *r,FP2_YYY* a,BIG_XXX b)
-{
- FP2_YYY w;
- FP_YYY one;
- BIG_XXX z,zilch;
- int bt;
-
- BIG_XXX_norm(b);
- BIG_XXX_copy(z,b);
- FP2_YYY_copy(&w,a);
- FP_YYY_one(&one);
- BIG_XXX_zero(zilch);
- FP2_YYY_from_FP(r,&one);
- while(1)
- {
- bt=BIG_XXX_parity(z);
- BIG_XXX_shr(z,1);
- if (bt) FP2_YYY_mul(r,r,&w);
- if (BIG_XXX_comp(z,zilch)==0) break;
- FP2_YYY_sqr(&w,&w);
- }
- FP2_YYY_reduce(r);
-}
-
-/* sqrt(a+ib) = sqrt(a+sqrt(a*a-n*b*b)/2)+ib/(2*sqrt(a+sqrt(a*a-n*b*b)/2)) */
-/* returns true if u is QR */
-
-int FP2_YYY_sqrt(FP2_YYY *w,FP2_YYY *u)
-{
- BIG_XXX b;
- FP_YYY w1,w2;
- FP2_YYY_copy(w,u);
- if (FP2_YYY_iszilch(w)) return 1;
-
- FP_YYY_sqr(&w1,&(w->b));
- FP_YYY_sqr(&w2,&(w->a));
- FP_YYY_add(&w1,&w1,&w2);
- if (!FP_YYY_qr(&w1))
- {
- FP2_YYY_zero(w);
- return 0;
- }
- FP_YYY_sqrt(&w1,&w1);
- FP_YYY_add(&w2,&(w->a),&w1);
- FP_YYY_norm(&w2);
- FP_YYY_div2(&w2,&w2);
- if (!FP_YYY_qr(&w2))
- {
- FP_YYY_sub(&w2,&(w->a),&w1);
- FP_YYY_norm(&w2);
- FP_YYY_div2(&w2,&w2);
- if (!FP_YYY_qr(&w2))
- {
- FP2_YYY_zero(w);
- return 0;
- }
- }
- FP_YYY_sqrt(&w2,&w2);
- FP_YYY_copy(&(w->a),&w2);
- FP_YYY_add(&w2,&w2,&w2);
-
- FP_YYY_inv(&w2,&w2);
-
- FP_YYY_mul(&(w->b),&(w->b),&w2);
- return 1;
-}
-
-/* New stuff for ECp4 support */
-
-/* Input MUST be normed */
-void FP2_YYY_times_i(FP2_YYY *w)
-{
- FP_YYY z;
-
- // FP2_norm(w);
-
- FP_YYY_copy(&z,&(w->a));
- FP_YYY_neg(&(w->a),&(w->b));
- FP_YYY_copy(&(w->b),&z);
-
-// Output NOT normed, so use with care
-}
-
-/*
-int main()
-{
- int i;
- FP2_YYY w,z;
- BIG_XXX a,b,e;
- BIG_XXX pp1,pm1;
- BIG_XXX_unity(a); BIG_XXX_unity(b);
- FP2_YYY_from_BIGs(&w,a,b);
-// for (i=0;i<100;i++)
-// {
-// BIG_XXX_randomnum(a); BIG_XXX_randomnum(b);
-// BIG_XXX_mod(a,Modulus_YYY); BIG_XXX_mod(b,Modulus_YYY);
-// FP2_YYY_from_FPs(&w,a,b);
-// FP2_YYY_output(&w);
-// FP2_YYY_inv(&z,&w);
-// FP2_YYY_output(&z);
-// FP2_YYY_inv(&z,&z);
-// FP2_YYY_output(&z);
-// FP2_YYY_output(&w);
-// if (FP2_YYY_comp(&w,&z)!=1) printf("error \n");
-// else printf("OK \n");
-// }
-//exit(0);
- printf("w= "); FP2_YYY_output(&w); printf("\n");
- BIG_XXX_zero(e); BIG_XXX_inc(e,27);
- FP2_YYY_pow(&w,&w,e);
- FP2_YYY_output(&w);
-exit(0);
- BIG_XXX_rcopy(pp1,Modulus_YYY);
- BIG_XXX_rcopy(pm1,Modulus_YYY);
- BIG_XXX_inc(pp1,1);
- BIG_XXX_dec(pm1,1);
- BIG_XXX_norm(pp1);
- BIG_XXX_norm(pm1);
- FP2_YYY_pow(&w,&w,pp1);
- FP2_YYY_pow(&w,&w,pm1);
- FP2_YYY_output(&w);
-}
-
-*/
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/fp2.h
----------------------------------------------------------------------
diff --git a/version3/c/fp2.h b/version3/c/fp2.h
deleted file mode 100644
index 6767685..0000000
--- a/version3/c/fp2.h
+++ /dev/null
@@ -1,240 +0,0 @@
-/*
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-*/
-
-/**
- * @file fp2.h
- * @author Mike Scott
- * @brief FP2 Header File
- *
- */
-
-#ifndef FP2_YYY_H
-#define FP2_YYY_H
-
-#include "fp_YYY.h"
-
-/**
- @brief FP2 Structure - quadratic extension field
-*/
-
-typedef struct
-{
- FP_YYY a; /**< real part of FP2 */
- FP_YYY b; /**< imaginary part of FP2 */
-} FP2_YYY;
-
-/* FP2 prototypes */
-
-/** @brief Tests for FP2 equal to zero
- *
- @param x FP2 number to be tested
- @return 1 if zero, else returns 0
- */
-extern int FP2_YYY_iszilch(FP2_YYY *x);
-/** @brief Conditional copy of FP2 number
- *
- Conditionally copies second parameter to the first (without branching)
- @param x FP2 instance, set to y if s!=0
- @param y another FP2 instance
- @param s copy only takes place if not equal to 0
- */
-extern void FP2_YYY_cmove(FP2_YYY *x,FP2_YYY *y,int s);
-/** @brief Tests for FP2 equal to one
- *
- @param x FP2 instance to be tested
- @return 1 if x=1, else returns 0
- */
-extern int FP2_YYY_isunity(FP2_YYY *x);
-/** @brief Tests for equality of two FP2s
- *
- @param x FP2 instance to be compared
- @param y FP2 instance to be compared
- @return 1 if x=y, else returns 0
- */
-extern int FP2_YYY_equals(FP2_YYY *x,FP2_YYY *y);
-/** @brief Initialise FP2 from two FP numbers
- *
- @param x FP2 instance to be initialised
- @param a FP to form real part of FP2
- @param b FP to form imaginary part of FP2
- */
-extern void FP2_YYY_from_FPs(FP2_YYY *x,FP_YYY *a,FP_YYY *b);
-/** @brief Initialise FP2 from two BIG integers
- *
- @param x FP2 instance to be initialised
- @param a BIG to form real part of FP2
- @param b BIG to form imaginary part of FP2
- */
-extern void FP2_YYY_from_BIGs(FP2_YYY *x,BIG_XXX a,BIG_XXX b);
-/** @brief Initialise FP2 from single FP
- *
- Imaginary part is set to zero
- @param x FP2 instance to be initialised
- @param a FP to form real part of FP2
- */
-extern void FP2_YYY_from_FP(FP2_YYY *x,FP_YYY *a);
-/** @brief Initialise FP2 from single BIG
- *
- Imaginary part is set to zero
- @param x FP2 instance to be initialised
- @param a BIG to form real part of FP2
- */
-extern void FP2_YYY_from_BIG(FP2_YYY *x,BIG_XXX a);
-/** @brief Copy FP2 to another FP2
- *
- @param x FP2 instance, on exit = y
- @param y FP2 instance to be copied
- */
-extern void FP2_YYY_copy(FP2_YYY *x,FP2_YYY *y);
-/** @brief Set FP2 to zero
- *
- @param x FP2 instance to be set to zero
- */
-extern void FP2_YYY_zero(FP2_YYY *x);
-/** @brief Set FP2 to unity
- *
- @param x FP2 instance to be set to one
- */
-extern void FP2_YYY_one(FP2_YYY *x);
-/** @brief Negation of FP2
- *
- @param x FP2 instance, on exit = -y
- @param y FP2 instance
- */
-extern void FP2_YYY_neg(FP2_YYY *x,FP2_YYY *y);
-/** @brief Conjugation of FP2
- *
- If y=(a,b) on exit x=(a,-b)
- @param x FP2 instance, on exit = conj(y)
- @param y FP2 instance
- */
-extern void FP2_YYY_conj(FP2_YYY *x,FP2_YYY *y);
-/** @brief addition of two FP2s
- *
- @param x FP2 instance, on exit = y+z
- @param y FP2 instance
- @param z FP2 instance
- */
-extern void FP2_YYY_add(FP2_YYY *x,FP2_YYY *y,FP2_YYY *z);
-/** @brief subtraction of two FP2s
- *
- @param x FP2 instance, on exit = y-z
- @param y FP2 instance
- @param z FP2 instance
- */
-extern void FP2_YYY_sub(FP2_YYY *x,FP2_YYY *y,FP2_YYY *z);
-/** @brief Multiplication of an FP2 by an FP
- *
- @param x FP2 instance, on exit = y*b
- @param y FP2 instance
- @param b FP residue
- */
-extern void FP2_YYY_pmul(FP2_YYY *x,FP2_YYY *y,FP_YYY *b);
-/** @brief Multiplication of an FP2 by a small integer
- *
- @param x FP2 instance, on exit = y*i
- @param y FP2 instance
- @param i an integer
- */
-extern void FP2_YYY_imul(FP2_YYY *x,FP2_YYY *y,int i);
-/** @brief Squaring an FP2
- *
- @param x FP2 instance, on exit = y^2
- @param y FP2 instance
- */
-extern void FP2_YYY_sqr(FP2_YYY *x,FP2_YYY *y);
-/** @brief Multiplication of two FP2s
- *
- @param x FP2 instance, on exit = y*z
- @param y FP2 instance
- @param z FP2 instance
- */
-extern void FP2_YYY_mul(FP2_YYY *x,FP2_YYY *y,FP2_YYY *z);
-/** @brief Formats and outputs an FP2 to the console
- *
- @param x FP2 instance
- */
-extern void FP2_YYY_output(FP2_YYY *x);
-/** @brief Formats and outputs an FP2 to the console in raw form (for debugging)
- *
- @param x FP2 instance
- */
-extern void FP2_YYY_rawoutput(FP2_YYY *x);
-/** @brief Inverting an FP2
- *
- @param x FP2 instance, on exit = 1/y
- @param y FP2 instance
- */
-extern void FP2_YYY_inv(FP2_YYY *x,FP2_YYY *y);
-/** @brief Divide an FP2 by 2
- *
- @param x FP2 instance, on exit = y/2
- @param y FP2 instance
- */
-extern void FP2_YYY_div2(FP2_YYY *x,FP2_YYY *y);
-/** @brief Multiply an FP2 by (1+sqrt(-1))
- *
- Note that (1+sqrt(-1)) is irreducible for FP4
- @param x FP2 instance, on exit = x*(1+sqrt(-1))
- */
-extern void FP2_YYY_mul_ip(FP2_YYY *x);
-/** @brief Divide an FP2 by (1+sqrt(-1))/2 -
- *
- Note that (1+sqrt(-1)) is irreducible for FP4
- @param x FP2 instance, on exit = 2x/(1+sqrt(-1))
- */
-extern void FP2_YYY_div_ip2(FP2_YYY *x);
-/** @brief Divide an FP2 by (1+sqrt(-1))
- *
- Note that (1+sqrt(-1)) is irreducible for FP4
- @param x FP2 instance, on exit = x/(1+sqrt(-1))
- */
-extern void FP2_YYY_div_ip(FP2_YYY *x);
-/** @brief Normalises the components of an FP2
- *
- @param x FP2 instance to be normalised
- */
-extern void FP2_YYY_norm(FP2_YYY *x);
-/** @brief Reduces all components of possibly unreduced FP2 mod Modulus
- *
- @param x FP2 instance, on exit reduced mod Modulus
- */
-extern void FP2_YYY_reduce(FP2_YYY *x);
-/** @brief Raises an FP2 to the power of a BIG
- *
- @param x FP2 instance, on exit = y^b
- @param y FP2 instance
- @param b BIG number
- */
-extern void FP2_YYY_pow(FP2_YYY *x,FP2_YYY *y,BIG_XXX b);
-/** @brief Square root of an FP2
- *
- @param x FP2 instance, on exit = sqrt(y)
- @param y FP2 instance
- */
-extern int FP2_YYY_sqrt(FP2_YYY *x,FP2_YYY *y);
-
-/** @brief Multiply an FP2 by sqrt(-1)
- *
- Note that -1 is QNR
- @param x FP2 instance, on exit = x*sqrt(-1)
- */
-extern void FP2_YYY_times_i(FP2_YYY *x);
-
-#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/fp24.c
----------------------------------------------------------------------
diff --git a/version3/c/fp24.c b/version3/c/fp24.c
deleted file mode 100644
index 07a6525..0000000
--- a/version3/c/fp24.c
+++ /dev/null
@@ -1,1123 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AMCL Fp^12 functions */
-/* SU=m, m is Stack Usage (no lazy )*/
-/* FP24 elements are of the form a+i.b+i^2.c */
-
-#include "fp24_YYY.h"
-
-/* return 1 if b==c, no branching */
-static int teq(sign32 b,sign32 c)
-{
- sign32 x=b^c;
- x-=1; // if x=0, x now -1
- return (int)((x>>31)&1);
-}
-
-
-/* Constant time select from pre-computed table */
-static void FP24_YYY_select(FP24_YYY *f,FP24_YYY g[],sign32 b)
-{
- FP24_YYY invf;
- sign32 m=b>>31;
- sign32 babs=(b^m)-m;
-
- babs=(babs-1)/2;
-
- FP24_YYY_cmove(f,&g[0],teq(babs,0)); // conditional move
- FP24_YYY_cmove(f,&g[1],teq(babs,1));
- FP24_YYY_cmove(f,&g[2],teq(babs,2));
- FP24_YYY_cmove(f,&g[3],teq(babs,3));
- FP24_YYY_cmove(f,&g[4],teq(babs,4));
- FP24_YYY_cmove(f,&g[5],teq(babs,5));
- FP24_YYY_cmove(f,&g[6],teq(babs,6));
- FP24_YYY_cmove(f,&g[7],teq(babs,7));
-
- FP24_YYY_copy(&invf,f);
- FP24_YYY_conj(&invf,&invf); // 1/f
- FP24_YYY_cmove(f,&invf,(int)(m&1));
-}
-
-/* test x==0 ? */
-/* SU= 8 */
-int FP24_YYY_iszilch(FP24_YYY *x)
-{
- if (FP8_YYY_iszilch(&(x->a)) && FP8_YYY_iszilch(&(x->b)) && FP8_YYY_iszilch(&(x->c))) return 1;
- return 0;
-}
-
-/* test x==1 ? */
-/* SU= 8 */
-int FP24_YYY_isunity(FP24_YYY *x)
-{
- if (FP8_YYY_isunity(&(x->a)) && FP8_YYY_iszilch(&(x->b)) && FP8_YYY_iszilch(&(x->c))) return 1;
- return 0;
-}
-
-/* FP24 copy w=x */
-/* SU= 16 */
-void FP24_YYY_copy(FP24_YYY *w,FP24_YYY *x)
-{
- if (x==w) return;
- FP8_YYY_copy(&(w->a),&(x->a));
- FP8_YYY_copy(&(w->b),&(x->b));
- FP8_YYY_copy(&(w->c),&(x->c));
-}
-
-/* FP24 w=1 */
-/* SU= 8 */
-void FP24_YYY_one(FP24_YYY *w)
-{
- FP8_YYY_one(&(w->a));
- FP8_YYY_zero(&(w->b));
- FP8_YYY_zero(&(w->c));
-}
-
-/* return 1 if x==y, else 0 */
-/* SU= 16 */
-int FP24_YYY_equals(FP24_YYY *x,FP24_YYY *y)
-{
- if (FP8_YYY_equals(&(x->a),&(y->a)) && FP8_YYY_equals(&(x->b),&(y->b)) && FP8_YYY_equals(&(x->b),&(y->b)))
- return 1;
- return 0;
-}
-
-/* Set w=conj(x) */
-/* SU= 8 */
-void FP24_YYY_conj(FP24_YYY *w,FP24_YYY *x)
-{
- FP24_YYY_copy(w,x);
- FP8_YYY_conj(&(w->a),&(w->a));
- FP8_YYY_nconj(&(w->b),&(w->b));
- FP8_YYY_conj(&(w->c),&(w->c));
-}
-
-/* Create FP24 from FP8 */
-/* SU= 8 */
-void FP24_YYY_from_FP8(FP24_YYY *w,FP8_YYY *a)
-{
- FP8_YYY_copy(&(w->a),a);
- FP8_YYY_zero(&(w->b));
- FP8_YYY_zero(&(w->c));
-}
-
-/* Create FP24 from 3 FP8's */
-/* SU= 16 */
-void FP24_YYY_from_FP8s(FP24_YYY *w,FP8_YYY *a,FP8_YYY *b,FP8_YYY *c)
-{
- FP8_YYY_copy(&(w->a),a);
- FP8_YYY_copy(&(w->b),b);
- FP8_YYY_copy(&(w->c),c);
-}
-
-/* Granger-Scott Unitary Squaring. This does not benefit from lazy reduction */
-/* SU= 600 */
-void FP24_YYY_usqr(FP24_YYY *w,FP24_YYY *x)
-{
- FP8_YYY A,B,C,D;
-
- FP8_YYY_copy(&A,&(x->a));
-
- FP8_YYY_sqr(&(w->a),&(x->a));
- FP8_YYY_add(&D,&(w->a),&(w->a));
- FP8_YYY_add(&(w->a),&D,&(w->a));
-
- FP8_YYY_norm(&(w->a));
- FP8_YYY_nconj(&A,&A);
-
- FP8_YYY_add(&A,&A,&A);
- FP8_YYY_add(&(w->a),&(w->a),&A);
- FP8_YYY_sqr(&B,&(x->c));
- FP8_YYY_times_i(&B);
-
- FP8_YYY_add(&D,&B,&B);
- FP8_YYY_add(&B,&B,&D);
- FP8_YYY_norm(&B);
-
- FP8_YYY_sqr(&C,&(x->b));
-
- FP8_YYY_add(&D,&C,&C);
- FP8_YYY_add(&C,&C,&D);
-
- FP8_YYY_norm(&C);
- FP8_YYY_conj(&(w->b),&(x->b));
- FP8_YYY_add(&(w->b),&(w->b),&(w->b));
- FP8_YYY_nconj(&(w->c),&(x->c));
-
- FP8_YYY_add(&(w->c),&(w->c),&(w->c));
- FP8_YYY_add(&(w->b),&B,&(w->b));
- FP8_YYY_add(&(w->c),&C,&(w->c));
-
- FP24_YYY_reduce(w); /* reduce here as in pow function repeated squarings would trigger multiple reductions */
-}
-
-/* FP24 squaring w=x^2 */
-/* SU= 600 */
-void FP24_YYY_sqr(FP24_YYY *w,FP24_YYY *x)
-{
- /* Use Chung-Hasan SQR2 method from http://cacr.uwaterloo.ca/techreports/2006/cacr2006-24.pdf */
-
- FP8_YYY A,B,C,D;
-
- FP8_YYY_sqr(&A,&(x->a));
- FP8_YYY_mul(&B,&(x->b),&(x->c));
- FP8_YYY_add(&B,&B,&B);
-FP8_YYY_norm(&B);
- FP8_YYY_sqr(&C,&(x->c));
-
- FP8_YYY_mul(&D,&(x->a),&(x->b));
- FP8_YYY_add(&D,&D,&D);
-
- FP8_YYY_add(&(w->c),&(x->a),&(x->c));
- FP8_YYY_add(&(w->c),&(x->b),&(w->c));
-FP8_YYY_norm(&(w->c));
-
- FP8_YYY_sqr(&(w->c),&(w->c));
-
- FP8_YYY_copy(&(w->a),&A);
- FP8_YYY_add(&A,&A,&B);
-
- FP8_YYY_norm(&A);
-
- FP8_YYY_add(&A,&A,&C);
- FP8_YYY_add(&A,&A,&D);
-
- FP8_YYY_norm(&A);
-
- FP8_YYY_neg(&A,&A);
- FP8_YYY_times_i(&B);
- FP8_YYY_times_i(&C);
-
- FP8_YYY_add(&(w->a),&(w->a),&B);
- FP8_YYY_add(&(w->b),&C,&D);
- FP8_YYY_add(&(w->c),&(w->c),&A);
-
- FP24_YYY_norm(w);
-}
-
-/* FP24 full multiplication w=w*y */
-
-
-/* SU= 896 */
-/* FP24 full multiplication w=w*y */
-void FP24_YYY_mul(FP24_YYY *w,FP24_YYY *y)
-{
- FP8_YYY z0,z1,z2,z3,t0,t1;
-
- FP8_YYY_mul(&z0,&(w->a),&(y->a));
- FP8_YYY_mul(&z2,&(w->b),&(y->b)); //
-
- FP8_YYY_add(&t0,&(w->a),&(w->b));
- FP8_YYY_add(&t1,&(y->a),&(y->b)); //
-
-FP8_YYY_norm(&t0);
-FP8_YYY_norm(&t1);
-
- FP8_YYY_mul(&z1,&t0,&t1);
- FP8_YYY_add(&t0,&(w->b),&(w->c));
- FP8_YYY_add(&t1,&(y->b),&(y->c)); //
-
-FP8_YYY_norm(&t0);
-FP8_YYY_norm(&t1);
-
- FP8_YYY_mul(&z3,&t0,&t1);
-
- FP8_YYY_neg(&t0,&z0);
- FP8_YYY_neg(&t1,&z2);
-
- FP8_YYY_add(&z1,&z1,&t0); // z1=z1-z0
-// FP8_YYY_norm(&z1);
- FP8_YYY_add(&(w->b),&z1,&t1);
-// z1=z1-z2
- FP8_YYY_add(&z3,&z3,&t1); // z3=z3-z2
- FP8_YYY_add(&z2,&z2,&t0); // z2=z2-z0
-
- FP8_YYY_add(&t0,&(w->a),&(w->c));
- FP8_YYY_add(&t1,&(y->a),&(y->c));
-
-FP8_YYY_norm(&t0);
-FP8_YYY_norm(&t1);
-
- FP8_YYY_mul(&t0,&t1,&t0);
- FP8_YYY_add(&z2,&z2,&t0);
-
- FP8_YYY_mul(&t0,&(w->c),&(y->c));
- FP8_YYY_neg(&t1,&t0);
-
- FP8_YYY_add(&(w->c),&z2,&t1);
- FP8_YYY_add(&z3,&z3,&t1);
- FP8_YYY_times_i(&t0);
- FP8_YYY_add(&(w->b),&(w->b),&t0);
-FP8_YYY_norm(&z3);
- FP8_YYY_times_i(&z3);
- FP8_YYY_add(&(w->a),&z0,&z3);
-
- FP24_YYY_norm(w);
-}
-
-/* FP24 multiplication w=w*y */
-/* SU= 744 */
-/* catering for special case that arises from special form of ATE pairing line function */
-void FP24_YYY_smul(FP24_YYY *w,FP24_YYY *y,int type)
-{
- FP8_YYY z0,z1,z2,z3,t0,t1;
-
- if (type==D_TYPE)
- { // y->c is 0
-
- FP8_YYY_copy(&z3,&(w->b));
- FP8_YYY_mul(&z0,&(w->a),&(y->a));
-
- FP8_YYY_pmul(&z2,&(w->b),&(y->b).a);
- FP8_YYY_add(&(w->b),&(w->a),&(w->b));
- FP8_YYY_copy(&t1,&(y->a));
- FP4_YYY_add(&t1.a,&t1.a,&(y->b).a);
-
- FP8_YYY_norm(&t1);
- FP8_YYY_norm(&(w->b));
-
- FP8_YYY_mul(&(w->b),&(w->b),&t1);
- FP8_YYY_add(&z3,&z3,&(w->c));
- FP8_YYY_norm(&z3);
- FP8_YYY_pmul(&z3,&z3,&(y->b).a);
- FP8_YYY_neg(&t0,&z0);
- FP8_YYY_neg(&t1,&z2);
-
- FP8_YYY_add(&(w->b),&(w->b),&t0); // z1=z1-z0
-// FP8_YYY_norm(&(w->b));
- FP8_YYY_add(&(w->b),&(w->b),&t1); // z1=z1-z2
-
- FP8_YYY_add(&z3,&z3,&t1); // z3=z3-z2
- FP8_YYY_add(&z2,&z2,&t0); // z2=z2-z0
-
- FP8_YYY_add(&t0,&(w->a),&(w->c));
-
- FP8_YYY_norm(&t0);
- FP8_YYY_norm(&z3);
-
- FP8_YYY_mul(&t0,&(y->a),&t0);
- FP8_YYY_add(&(w->c),&z2,&t0);
-
- FP8_YYY_times_i(&z3);
- FP8_YYY_add(&(w->a),&z0,&z3);
- }
-
- if (type==M_TYPE)
- { // y->b is zero
- FP8_YYY_mul(&z0,&(w->a),&(y->a));
- FP8_YYY_add(&t0,&(w->a),&(w->b));
- FP8_YYY_norm(&t0);
-
- FP8_YYY_mul(&z1,&t0,&(y->a));
- FP8_YYY_add(&t0,&(w->b),&(w->c));
- FP8_YYY_norm(&t0);
-
- FP8_YYY_pmul(&z3,&t0,&(y->c).b);
- FP8_YYY_times_i(&z3);
-
- FP8_YYY_neg(&t0,&z0);
- FP8_YYY_add(&z1,&z1,&t0); // z1=z1-z0
-
- FP8_YYY_copy(&(w->b),&z1);
-
- FP8_YYY_copy(&z2,&t0);
-
- FP8_YYY_add(&t0,&(w->a),&(w->c));
- FP8_YYY_add(&t1,&(y->a),&(y->c));
-
- FP8_YYY_norm(&t0);
- FP8_YYY_norm(&t1);
-
- FP8_YYY_mul(&t0,&t1,&t0);
- FP8_YYY_add(&z2,&z2,&t0);
-
- FP8_YYY_pmul(&t0,&(w->c),&(y->c).b);
- FP8_YYY_times_i(&t0);
- FP8_YYY_neg(&t1,&t0);
- FP8_YYY_times_i(&t0);
-
- FP8_YYY_add(&(w->c),&z2,&t1);
- FP8_YYY_add(&z3,&z3,&t1);
-
- FP8_YYY_add(&(w->b),&(w->b),&t0);
- FP8_YYY_norm(&z3);
- FP8_YYY_times_i(&z3);
- FP8_YYY_add(&(w->a),&z0,&z3);
- }
- FP24_YYY_norm(w);
-}
-
-/* Set w=1/x */
-/* SU= 600 */
-void FP24_YYY_inv(FP24_YYY *w,FP24_YYY *x)
-{
- FP8_YYY f0,f1,f2,f3;
-// FP24_norm(x);
-
- FP8_YYY_sqr(&f0,&(x->a));
- FP8_YYY_mul(&f1,&(x->b),&(x->c));
- FP8_YYY_times_i(&f1);
- FP8_YYY_sub(&f0,&f0,&f1); /* y.a */
- FP8_YYY_norm(&f0);
-
- FP8_YYY_sqr(&f1,&(x->c));
- FP8_YYY_times_i(&f1);
- FP8_YYY_mul(&f2,&(x->a),&(x->b));
- FP8_YYY_sub(&f1,&f1,&f2); /* y.b */
- FP8_YYY_norm(&f1);
-
- FP8_YYY_sqr(&f2,&(x->b));
- FP8_YYY_mul(&f3,&(x->a),&(x->c));
- FP8_YYY_sub(&f2,&f2,&f3); /* y.c */
- FP8_YYY_norm(&f2);
-
- FP8_YYY_mul(&f3,&(x->b),&f2);
- FP8_YYY_times_i(&f3);
- FP8_YYY_mul(&(w->a),&f0,&(x->a));
- FP8_YYY_add(&f3,&(w->a),&f3);
- FP8_YYY_mul(&(w->c),&f1,&(x->c));
- FP8_YYY_times_i(&(w->c));
-
-
-
- FP8_YYY_add(&f3,&(w->c),&f3);
- FP8_YYY_norm(&f3);
-
- FP8_YYY_inv(&f3,&f3);
- FP8_YYY_mul(&(w->a),&f0,&f3);
- FP8_YYY_mul(&(w->b),&f1,&f3);
- FP8_YYY_mul(&(w->c),&f2,&f3);
-
-}
-
-/* constant time powering by small integer of max length bts */
-
-void FP24_YYY_pinpow(FP24_YYY *r,int e,int bts)
-{
- int i,b;
- FP24_YYY R[2];
-
- FP24_YYY_one(&R[0]);
- FP24_YYY_copy(&R[1],r);
-
- for (i=bts-1; i>=0; i--)
- {
- b=(e>>i)&1;
- FP24_YYY_mul(&R[1-b],&R[b]);
- FP24_YYY_usqr(&R[b],&R[b]);
- }
- FP24_YYY_copy(r,&R[0]);
-}
-
-/* Compressed powering of unitary elements y=x^(e mod r) */
-
-void FP24_YYY_compow(FP8_YYY *c,FP24_YYY *x,BIG_XXX e,BIG_XXX r)
-{
- FP24_YYY g1,g2;
- FP8_YYY cp,cpm1,cpm2;
- FP2_YYY f;
- BIG_XXX q,a,b,m;
-
- BIG_XXX_rcopy(a,Fra_YYY);
- BIG_XXX_rcopy(b,Frb_YYY);
- FP2_YYY_from_BIGs(&f,a,b);
-
- BIG_XXX_rcopy(q,Modulus_YYY);
-
- FP24_YYY_copy(&g1,x);
- FP24_YYY_copy(&g2,x);
-
- BIG_XXX_copy(m,q);
- BIG_XXX_mod(m,r);
-
- BIG_XXX_copy(a,e);
- BIG_XXX_mod(a,m);
-
- BIG_XXX_copy(b,e);
- BIG_XXX_sdiv(b,m);
-
- FP24_YYY_trace(c,&g1);
-
- if (BIG_XXX_iszilch(b))
- {
- FP8_YYY_xtr_pow(c,c,e);
- return;
- }
-
- FP24_YYY_frob(&g2,&f,1);
- FP24_YYY_trace(&cp,&g2);
- FP24_YYY_conj(&g1,&g1);
- FP24_YYY_mul(&g2,&g1);
- FP24_YYY_trace(&cpm1,&g2);
- FP24_YYY_mul(&g2,&g1);
-
- FP24_YYY_trace(&cpm2,&g2);
-
- FP8_YYY_xtr_pow2(c,&cp,c,&cpm1,&cpm2,a,b);
-
-}
-
-/* Note this is simple square and multiply, so not side-channel safe */
-
-void FP24_YYY_pow(FP24_YYY *r,FP24_YYY *a,BIG_XXX b)
-{
- FP24_YYY w,sf;
- BIG_XXX b1,b3;
- int i,nb,bt;
- BIG_XXX_copy(b1,b);
- BIG_XXX_norm(b1);
- BIG_XXX_pmul(b3,b1,3);
- BIG_XXX_norm(b3);
-
- FP24_YYY_copy(&sf,a);
- FP24_YYY_norm(&sf);
- FP24_YYY_copy(&w,&sf);
-
-
- nb=BIG_XXX_nbits(b3);
- for (i=nb-2;i>=1;i--)
- {
- FP24_YYY_usqr(&w,&w);
- bt=BIG_XXX_bit(b3,i)-BIG_XXX_bit(b1,i);
- if (bt==1)
- FP24_YYY_mul(&w,&sf);
- if (bt==-1)
- {
- FP24_YYY_conj(&sf,&sf);
- FP24_YYY_mul(&w,&sf);
- FP24_YYY_conj(&sf,&sf);
- }
- }
-
- FP24_YYY_copy(r,&w);
- FP24_YYY_reduce(r);
-}
-
-
-/* SU= 528 */
-/* set r=a^b */
-/* Note this is simple square and multiply, so not side-channel safe
-
-void FP24_ppow(FP24 *r,FP24 *a,BIG_XXX b)
-{
- FP24 w;
- BIG_XXX z,zilch;
- int bt;
- BIG_XXX_zero(zilch);
- BIG_XXX_norm(b);
- BIG_XXX_copy(z,b);
- FP24_copy(&w,a);
- FP24_one(r);
-
- while(1)
- {
- bt=BIG_XXX_parity(z);
- BIG_XXX_shr(z,1);
- if (bt)
- {
- //printf("In mul\n");
- FP24_mul(r,&w);
- //printf("Out of mul\n");
- }
- if (BIG_XXX_comp(z,zilch)==0) break;
- //printf("In sqr\n");
- FP24_sqr(&w,&w);
- //printf("Out of sqr\n");
- }
-
- FP24_reduce(r);
-} */
-
-
-/* p=q0^u0.q1^u1.q2^u2.q3^u3... */
-/* Side channel attack secure */
-// Bos & Costello https://eprint.iacr.org/2013/458.pdf
-// Faz-Hernandez & Longa & Sanchez https://eprint.iacr.org/2013/158.pdf
-
-void FP24_YYY_pow8(FP24_YYY *p,FP24_YYY *q,BIG_XXX u[8])
-{
- int i,j,k,nb,pb1,pb2,bt;
- FP24_YYY g1[8],g2[8],r;
- BIG_XXX t[8],mt;
- sign8 w1[NLEN_XXX*BASEBITS_XXX+1];
- sign8 s1[NLEN_XXX*BASEBITS_XXX+1];
- sign8 w2[NLEN_XXX*BASEBITS_XXX+1];
- sign8 s2[NLEN_XXX*BASEBITS_XXX+1];
- FP_YYY fx,fy;
- FP2_YYY X;
-
- FP_YYY_rcopy(&fx,Fra_YYY);
- FP_YYY_rcopy(&fy,Frb_YYY);
- FP2_YYY_from_FPs(&X,&fx,&fy);
-
- for (i=0; i<8; i++)
- BIG_XXX_copy(t[i],u[i]);
-
-// Precomputed table
- FP24_YYY_copy(&g1[0],&q[0]); // q[0]
- FP24_YYY_copy(&g1[1],&g1[0]);
- FP24_YYY_mul(&g1[1],&q[1]); // q[0].q[1]
- FP24_YYY_copy(&g1[2],&g1[0]);
- FP24_YYY_mul(&g1[2],&q[2]); // q[0].q[2]
- FP24_YYY_copy(&g1[3],&g1[1]);
- FP24_YYY_mul(&g1[3],&q[2]); // q[0].q[1].q[2]
- FP24_YYY_copy(&g1[4],&g1[0]);
- FP24_YYY_mul(&g1[4],&q[3]); // q[0].q[3]
- FP24_YYY_copy(&g1[5],&g1[1]);
- FP24_YYY_mul(&g1[5],&q[3]); // q[0].q[1].q[3]
- FP24_YYY_copy(&g1[6],&g1[2]);
- FP24_YYY_mul(&g1[6],&q[3]); // q[0].q[2].q[3]
- FP24_YYY_copy(&g1[7],&g1[3]);
- FP24_YYY_mul(&g1[7],&q[3]); // q[0].q[1].q[2].q[3]
-
-// Use Frobenius
-
- for (i=0;i<8;i++)
- {
- FP24_YYY_copy(&g2[i],&g1[i]);
- FP24_YYY_frob(&g2[i],&X,4);
- }
-
-// Make it odd
- pb1=1-BIG_XXX_parity(t[0]);
- BIG_XXX_inc(t[0],pb1);
- BIG_XXX_norm(t[0]);
-
- pb2=1-BIG_XXX_parity(t[4]);
- BIG_XXX_inc(t[4],pb2);
- BIG_XXX_norm(t[4]);
-
-// Number of bits
- BIG_XXX_zero(mt);
- for (i=0; i<8; i++)
- {
- BIG_XXX_or(mt,mt,t[i]);
- }
- nb=1+BIG_XXX_nbits(mt);
-
-// Sign pivot
- s1[nb-1]=1;
- s2[nb-1]=1;
- for (i=0;i<nb-1;i++)
- {
- BIG_XXX_fshr(t[0],1);
- s1[i]=2*BIG_XXX_parity(t[0])-1;
- BIG_XXX_fshr(t[4],1);
- s2[i]=2*BIG_XXX_parity(t[4])-1;
- }
-
-// Recoded exponents
- for (i=0; i<nb; i++)
- {
- w1[i]=0;
- k=1;
- for (j=1; j<4; j++)
- {
- bt=s1[i]*BIG_XXX_parity(t[j]);
- BIG_XXX_fshr(t[j],1);
-
- BIG_XXX_dec(t[j],(bt>>1));
- BIG_XXX_norm(t[j]);
- w1[i]+=bt*k;
- k*=2;
- }
-
- w2[i]=0;
- k=1;
- for (j=5; j<8; j++)
- {
- bt=s2[i]*BIG_XXX_parity(t[j]);
- BIG_XXX_fshr(t[j],1);
-
- BIG_XXX_dec(t[j],(bt>>1));
- BIG_XXX_norm(t[j]);
- w2[i]+=bt*k;
- k*=2;
- }
- }
-
-// Main loop
- FP24_YYY_select(p,g1,2*w1[nb-1]+1);
- FP24_YYY_select(&r,g2,2*w2[nb-1]+1);
- FP24_YYY_mul(p,&r);
- for (i=nb-2; i>=0; i--)
- {
- FP24_YYY_usqr(p,p);
- FP24_YYY_select(&r,g1,2*w1[i]+s1[i]);
- FP24_YYY_mul(p,&r);
- FP24_YYY_select(&r,g2,2*w2[i]+s2[i]);
- FP24_YYY_mul(p,&r);
- }
-
-// apply correction
- FP24_YYY_conj(&r,&q[0]);
- FP24_YYY_mul(&r,p);
- FP24_YYY_cmove(p,&r,pb1);
- FP24_YYY_conj(&r,&q[4]);
- FP24_YYY_mul(&r,p);
- FP24_YYY_cmove(p,&r,pb2);
-
- FP24_YYY_reduce(p);
-}
-
-/*
-void FP24_YYY_pow8(FP24_YYY *p,FP24_YYY *q,BIG_XXX u[8])
-{
- int i,j,a[4],nb,m;
- FP24_YYY g[8],f[8],c,s[2];
- BIG_XXX t[8],mt;
- sign8 w[NLEN_XXX*BASEBITS_XXX+1];
- sign8 z[NLEN_XXX*BASEBITS_XXX+1];
- FP fx,fy;
- FP2 X;
-
- FP_rcopy(&fx,Fra_YYY);
- FP_rcopy(&fy,Frb_YYY);
- FP2_from_FPs(&X,&fx,&fy);
-
- for (i=0; i<8; i++)
- BIG_XXX_copy(t[i],u[i]);
-
- FP24_YYY_copy(&g[0],&q[0]);
- FP24_YYY_conj(&s[0],&q[1]);
- FP24_YYY_mul(&g[0],&s[0]); // P/Q
- FP24_YYY_copy(&g[1],&g[0]);
- FP24_YYY_copy(&g[2],&g[0]);
- FP24_YYY_copy(&g[3],&g[0]);
- FP24_YYY_copy(&g[4],&q[0]);
- FP24_YYY_mul(&g[4],&q[1]); // P*Q
- FP24_YYY_copy(&g[5],&g[4]);
- FP24_YYY_copy(&g[6],&g[4]);
- FP24_YYY_copy(&g[7],&g[4]);
-
- FP24_YYY_copy(&s[1],&q[2]);
- FP24_YYY_conj(&s[0],&q[3]);
- FP24_YYY_mul(&s[1],&s[0]); // R/S
- FP24_YYY_conj(&s[0],&s[1]);
- FP24_YYY_mul(&g[1],&s[0]);
- FP24_YYY_mul(&g[2],&s[1]);
- FP24_YYY_mul(&g[5],&s[0]);
- FP24_YYY_mul(&g[6],&s[1]);
- FP24_YYY_copy(&s[1],&q[2]);
- FP24_YYY_mul(&s[1],&q[3]); // R*S
- FP24_YYY_conj(&s[0],&s[1]);
- FP24_YYY_mul(&g[0],&s[0]);
- FP24_YYY_mul(&g[3],&s[1]);
- FP24_YYY_mul(&g[4],&s[0]);
- FP24_YYY_mul(&g[7],&s[1]);
-
-// Use Frobenius
-
- for (i=0;i<8;i++)
- {
- FP24_YYY_copy(&f[i],&g[i]);
- FP24_YYY_frob(&f[i],&X,4);
- }
-
-
- // if power is even add 1 to power, and add q to correction
- FP24_YYY_one(&c);
-
- BIG_XXX_zero(mt);
- for (i=0; i<8; i++)
- {
- if (BIG_XXX_parity(t[i])==0)
- {
- BIG_XXX_inc(t[i],1);
- BIG_XXX_norm(t[i]);
- FP24_YYY_mul(&c,&q[i]);
- }
- BIG_XXX_add(mt,mt,t[i]);
- BIG_XXX_norm(mt);
- }
-
- FP24_YYY_conj(&c,&c);
- nb=1+BIG_XXX_nbits(mt);
-
- // convert exponents to signed 1-bit windows
- for (j=0; j<nb; j++)
- {
- for (i=0; i<4; i++)
- {
- a[i]=BIG_XXX_lastbits(t[i],2)-2;
- BIG_XXX_dec(t[i],a[i]);
- BIG_XXX_norm(t[i]);
- BIG_XXX_fshr(t[i],1);
- }
- w[j]=8*a[0]+4*a[1]+2*a[2]+a[3];
- }
- w[nb]=8*BIG_XXX_lastbits(t[0],2)+4*BIG_XXX_lastbits(t[1],2)+2*BIG_XXX_lastbits(t[2],2)+BIG_XXX_lastbits(t[3],2);
-
-
- for (j=0; j<nb; j++)
- {
- for (i=0; i<4; i++)
- {
- a[i]=BIG_XXX_lastbits(t[i+4],2)-2;
- BIG_XXX_dec(t[i+4],a[i]);
- BIG_XXX_norm(t[i+4]);
- BIG_XXX_fshr(t[i+4],1);
- }
- z[j]=8*a[0]+4*a[1]+2*a[2]+a[3];
- }
- z[nb]=8*BIG_XXX_lastbits(t[4],2)+4*BIG_XXX_lastbits(t[5],2)+2*BIG_XXX_lastbits(t[6],2)+BIG_XXX_lastbits(t[7],2);
-
-
- FP24_YYY_copy(p,&g[(w[nb]-1)/2]);
- FP24_YYY_mul(p,&f[(z[nb]-1)/2]);
- for (i=nb-1; i>=0; i--)
- {
- FP24_YYY_usqr(p,p);
-
- m=w[i]>>7;
- j=(w[i]^m)-m; // j=abs(w[i])
- j=(j-1)/2;
- FP24_YYY_copy(&s[0],&g[j]);
- FP24_YYY_conj(&s[1],&g[j]);
- FP24_YYY_mul(p,&s[m&1]);
-
- m=z[i]>>7;
- j=(z[i]^m)-m; // j=abs(w[i])
- j=(j-1)/2;
- FP24_YYY_copy(&s[0],&f[j]);
- FP24_YYY_conj(&s[1],&f[j]);
- FP24_YYY_mul(p,&s[m&1]);
-
- }
- FP24_YYY_mul(p,&c); // apply correction
- FP24_YYY_reduce(p);
-}
-*/
-
-/* Set w=w^p using Frobenius */
-/* SU= 160 */
-void FP24_YYY_frob(FP24_YYY *w,FP2_YYY *f,int n)
-{
- int i;
- FP4_YYY X2,X4;
- FP2_YYY f3,f2; // f=(1+i)^(p-7)/12
- FP2_YYY_sqr(&f2,f); //
- FP2_YYY_mul(&f3,&f2,f); // f3=f^3=(1+i)^(p-7)/4
-
- FP2_YYY_mul_ip(&f3); // f3 = (1+i).f3 = (1+i)^(p-3)/4
- FP2_YYY_norm(&f3);
-
- for (i=0;i<n;i++)
- {
- FP8_YYY_frob(&(w->a),&f3); // a=a^p
- FP8_YYY_frob(&(w->b),&f3); // b=b^p
- FP8_YYY_frob(&(w->c),&f3); // c=c^p
-
- FP8_YYY_qmul(&(w->b),&(w->b),f); FP8_YYY_times_i2(&(w->b));
- FP8_YYY_qmul(&(w->c),&(w->c),&f2); FP8_YYY_times_i2(&(w->c)); FP8_YYY_times_i2(&(w->c));
- }
-}
-
-
-/* SU= 8 */
-/* normalise all components of w */
-void FP24_YYY_norm(FP24_YYY *w)
-{
- FP8_YYY_norm(&(w->a));
- FP8_YYY_norm(&(w->b));
- FP8_YYY_norm(&(w->c));
-}
-
-/* SU= 8 */
-/* reduce all components of w */
-void FP24_YYY_reduce(FP24_YYY *w)
-{
- FP8_YYY_reduce(&(w->a));
- FP8_YYY_reduce(&(w->b));
- FP8_YYY_reduce(&(w->c));
-}
-
-/* trace function w=trace(x) */
-/* SU= 8 */
-void FP24_YYY_trace(FP8_YYY *w,FP24_YYY *x)
-{
- FP8_YYY_imul(w,&(x->a),3);
- FP8_YYY_reduce(w);
-}
-
-/* SU= 8 */
-/* Output w in hex */
-void FP24_YYY_output(FP24_YYY *w)
-{
- printf("[");
- FP8_YYY_output(&(w->a));
- printf(",");
- FP8_YYY_output(&(w->b));
- printf(",");
- FP8_YYY_output(&(w->c));
- printf("]");
-}
-
-/* SU= 64 */
-/* Convert g to octet string w */
-void FP24_YYY_toOctet(octet *W,FP24_YYY *g)
-{
- BIG_XXX a;
- W->len=24*MODBYTES_XXX;
-
- FP_YYY_redc(a,&(g->a.a.a.a));
- BIG_XXX_toBytes(&(W->val[0]),a);
- FP_YYY_redc(a,&(g->a.a.a.b));
- BIG_XXX_toBytes(&(W->val[MODBYTES_XXX]),a);
- FP_YYY_redc(a,&(g->a.a.b.a));
- BIG_XXX_toBytes(&(W->val[2*MODBYTES_XXX]),a);
- FP_YYY_redc(a,&(g->a.a.b.b));
- BIG_XXX_toBytes(&(W->val[3*MODBYTES_XXX]),a);
- FP_YYY_redc(a,&(g->a.b.a.a));
- BIG_XXX_toBytes(&(W->val[4*MODBYTES_XXX]),a);
- FP_YYY_redc(a,&(g->a.b.a.b));
- BIG_XXX_toBytes(&(W->val[5*MODBYTES_XXX]),a);
- FP_YYY_redc(a,&(g->a.b.b.a));
- BIG_XXX_toBytes(&(W->val[6*MODBYTES_XXX]),a);
- FP_YYY_redc(a,&(g->a.b.b.b));
- BIG_XXX_toBytes(&(W->val[7*MODBYTES_XXX]),a);
-
- FP_YYY_redc(a,&(g->b.a.a.a));
- BIG_XXX_toBytes(&(W->val[8*MODBYTES_XXX]),a);
- FP_YYY_redc(a,&(g->b.a.a.b));
- BIG_XXX_toBytes(&(W->val[9*MODBYTES_XXX]),a);
- FP_YYY_redc(a,&(g->b.a.b.a));
- BIG_XXX_toBytes(&(W->val[10*MODBYTES_XXX]),a);
- FP_YYY_redc(a,&(g->b.a.b.b));
- BIG_XXX_toBytes(&(W->val[11*MODBYTES_XXX]),a);
- FP_YYY_redc(a,&(g->b.b.a.a));
- BIG_XXX_toBytes(&(W->val[12*MODBYTES_XXX]),a);
- FP_YYY_redc(a,&(g->b.b.a.b));
- BIG_XXX_toBytes(&(W->val[13*MODBYTES_XXX]),a);
- FP_YYY_redc(a,&(g->b.b.b.a));
- BIG_XXX_toBytes(&(W->val[14*MODBYTES_XXX]),a);
- FP_YYY_redc(a,&(g->b.b.b.b));
- BIG_XXX_toBytes(&(W->val[15*MODBYTES_XXX]),a);
-
- FP_YYY_redc(a,&(g->c.a.a.a));
- BIG_XXX_toBytes(&(W->val[16*MODBYTES_XXX]),a);
- FP_YYY_redc(a,&(g->c.a.a.b));
- BIG_XXX_toBytes(&(W->val[17*MODBYTES_XXX]),a);
- FP_YYY_redc(a,&(g->c.a.b.a));
- BIG_XXX_toBytes(&(W->val[18*MODBYTES_XXX]),a);
- FP_YYY_redc(a,&(g->c.a.b.b));
- BIG_XXX_toBytes(&(W->val[19*MODBYTES_XXX]),a);
- FP_YYY_redc(a,&(g->c.b.a.a));
- BIG_XXX_toBytes(&(W->val[20*MODBYTES_XXX]),a);
- FP_YYY_redc(a,&(g->c.b.a.b));
- BIG_XXX_toBytes(&(W->val[21*MODBYTES_XXX]),a);
- FP_YYY_redc(a,&(g->c.b.b.a));
- BIG_XXX_toBytes(&(W->val[22*MODBYTES_XXX]),a);
- FP_YYY_redc(a,&(g->c.b.b.b));
- BIG_XXX_toBytes(&(W->val[23*MODBYTES_XXX]),a);
-}
-
-/* SU= 24 */
-/* Restore g from octet string w */
-void FP24_YYY_fromOctet(FP24_YYY *g,octet *W)
-{
- BIG_XXX b;
-
- BIG_XXX_fromBytes(b,&W->val[0]);
- FP_YYY_nres(&(g->a.a.a.a),b);
- BIG_XXX_fromBytes(b,&W->val[MODBYTES_XXX]);
- FP_YYY_nres(&(g->a.a.a.b),b);
- BIG_XXX_fromBytes(b,&W->val[2*MODBYTES_XXX]);
- FP_YYY_nres(&(g->a.a.b.a),b);
- BIG_XXX_fromBytes(b,&W->val[3*MODBYTES_XXX]);
- FP_YYY_nres(&(g->a.a.b.b),b);
- BIG_XXX_fromBytes(b,&W->val[4*MODBYTES_XXX]);
- FP_YYY_nres(&(g->a.b.a.a),b);
- BIG_XXX_fromBytes(b,&W->val[5*MODBYTES_XXX]);
- FP_YYY_nres(&(g->a.b.a.b),b);
- BIG_XXX_fromBytes(b,&W->val[6*MODBYTES_XXX]);
- FP_YYY_nres(&(g->a.b.b.a),b);
- BIG_XXX_fromBytes(b,&W->val[7*MODBYTES_XXX]);
- FP_YYY_nres(&(g->a.b.b.b),b);
-
- BIG_XXX_fromBytes(b,&W->val[8*MODBYTES_XXX]);
- FP_YYY_nres(&(g->b.a.a.a),b);
- BIG_XXX_fromBytes(b,&W->val[9*MODBYTES_XXX]);
- FP_YYY_nres(&(g->b.a.a.b),b);
- BIG_XXX_fromBytes(b,&W->val[10*MODBYTES_XXX]);
- FP_YYY_nres(&(g->b.a.b.a),b);
- BIG_XXX_fromBytes(b,&W->val[11*MODBYTES_XXX]);
- FP_YYY_nres(&(g->b.a.b.b),b);
- BIG_XXX_fromBytes(b,&W->val[12*MODBYTES_XXX]);
- FP_YYY_nres(&(g->b.b.a.a),b);
- BIG_XXX_fromBytes(b,&W->val[13*MODBYTES_XXX]);
- FP_YYY_nres(&(g->b.b.a.b),b);
- BIG_XXX_fromBytes(b,&W->val[14*MODBYTES_XXX]);
- FP_YYY_nres(&(g->b.b.b.a),b);
- BIG_XXX_fromBytes(b,&W->val[15*MODBYTES_XXX]);
- FP_YYY_nres(&(g->b.b.b.b),b);
-
- BIG_XXX_fromBytes(b,&W->val[16*MODBYTES_XXX]);
- FP_YYY_nres(&(g->c.a.a.a),b);
- BIG_XXX_fromBytes(b,&W->val[17*MODBYTES_XXX]);
- FP_YYY_nres(&(g->c.a.a.b),b);
- BIG_XXX_fromBytes(b,&W->val[18*MODBYTES_XXX]);
- FP_YYY_nres(&(g->c.a.b.a),b);
- BIG_XXX_fromBytes(b,&W->val[19*MODBYTES_XXX]);
- FP_YYY_nres(&(g->c.a.b.b),b);
- BIG_XXX_fromBytes(b,&W->val[20*MODBYTES_XXX]);
- FP_YYY_nres(&(g->c.b.a.a),b);
- BIG_XXX_fromBytes(b,&W->val[21*MODBYTES_XXX]);
- FP_YYY_nres(&(g->c.b.a.b),b);
- BIG_XXX_fromBytes(b,&W->val[22*MODBYTES_XXX]);
- FP_YYY_nres(&(g->c.b.b.a),b);
- BIG_XXX_fromBytes(b,&W->val[23*MODBYTES_XXX]);
- FP_YYY_nres(&(g->c.b.b.b),b);
-}
-
-/* Move b to a if d=1 */
-void FP24_YYY_cmove(FP24_YYY *f,FP24_YYY *g,int d)
-{
- FP8_YYY_cmove(&(f->a),&(g->a),d);
- FP8_YYY_cmove(&(f->b),&(g->b),d);
- FP8_YYY_cmove(&(f->c),&(g->c),d);
-}
-
-/*
-using namespace YYY;
-
-int main() {
- int i;
- FP2 f,w0,w1,X;
- FP4 f0,f1;
- FP8 t0,t1,t2;
- FP24 w,t,lv;
- BIG a,b;
- BIG p;
-
-
- char raw[100];
- csprng RNG; // Crypto Strong RNG
-
- for (i=0; i<100; i++) raw[i]=i;
-
- BIG_rcopy(a,Fra_YYY);
- BIG_rcopy(b,Frb_YYY);
- FP2_from_BIGs(&X,a,b);
-
-
-
- RAND_seed(&RNG,100,raw); // initialise strong RNG
-
- BIG_rcopy(p,Modulus);
-
- BIG_randomnum(a,p,&RNG);
- BIG_randomnum(b,p,&RNG);
- FP2_from_BIGs(&w0,a,b);
-
- BIG_randomnum(a,p,&RNG);
- BIG_randomnum(b,p,&RNG);
- FP2_from_BIGs(&w1,a,b);
-
- FP4_from_FP2s(&f0,&w0,&w1);
-
- BIG_randomnum(a,p,&RNG);
- BIG_randomnum(b,p,&RNG);
- FP2_from_BIGs(&w0,a,b);
-
- BIG_randomnum(a,p,&RNG);
- BIG_randomnum(b,p,&RNG);
- FP2_from_BIGs(&w1,a,b);
-
- FP4_from_FP2s(&f1,&w0,&w1);
- FP8_from_FP4s(&t0,&f0,&f1);
-
- BIG_randomnum(a,p,&RNG);
- BIG_randomnum(b,p,&RNG);
- FP2_from_BIGs(&w0,a,b);
-
- BIG_randomnum(a,p,&RNG);
- BIG_randomnum(b,p,&RNG);
- FP2_from_BIGs(&w1,a,b);
-
- FP4_from_FP2s(&f0,&w0,&w1);
-
- BIG_randomnum(a,p,&RNG);
- BIG_randomnum(b,p,&RNG);
- FP2_from_BIGs(&w0,a,b);
-
- BIG_randomnum(a,p,&RNG);
- BIG_randomnum(b,p,&RNG);
- FP2_from_BIGs(&w1,a,b);
-
- FP4_from_FP2s(&f1,&w0,&w1);
- FP8_from_FP4s(&t1,&f0,&f1);
-
- BIG_randomnum(a,p,&RNG);
- BIG_randomnum(b,p,&RNG);
- FP2_from_BIGs(&w0,a,b);
-
- BIG_randomnum(a,p,&RNG);
- BIG_randomnum(b,p,&RNG);
- FP2_from_BIGs(&w1,a,b);
-
- FP4_from_FP2s(&f0,&w0,&w1);
-
- BIG_randomnum(a,p,&RNG);
- BIG_randomnum(b,p,&RNG);
- FP2_from_BIGs(&w0,a,b);
-
- BIG_randomnum(a,p,&RNG);
- BIG_randomnum(b,p,&RNG);
- FP2_from_BIGs(&w1,a,b);
-
- FP4_from_FP2s(&f1,&w0,&w1);
- FP8_from_FP4s(&t2,&f0,&f1);
-
- FP24_from_FP8s(&w,&t0,&t1,&t2);
-
-
- FP24_copy(&t,&w);
-
- printf("w= ");
- FP24_output(&w);
- printf("\n");
-
- FP24_norm(&w);
-
- printf("w^p= ");
- FP24_frob(&w,&X);
- FP24_output(&w);
- printf("\n");
-
-// printf("p.w= ");
-// FP24_ppow(&t,&t,p);
-// FP24_output(&t);
-// printf("\n");
-
- printf("1/w= ");
- FP24_inv(&t,&w);
- FP24_output(&t);
- printf("\n");
-
- printf("w= ");
- FP24_inv(&w,&t);
- FP24_output(&w);
- printf("\n");
-
- return 0;
-}
-
-*/
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/fp24.h
----------------------------------------------------------------------
diff --git a/version3/c/fp24.h b/version3/c/fp24.h
deleted file mode 100644
index 13ff25c..0000000
--- a/version3/c/fp24.h
+++ /dev/null
@@ -1,196 +0,0 @@
-#ifndef FP24_YYY_H
-#define FP24_YYY_H
-
-#include "fp8_YYY.h"
-
-/**
- @brief FP12 Structure - towered over three FP8
-*/
-
-typedef struct
-{
- FP8_YYY a; /**< first part of FP12 */
- FP8_YYY b; /**< second part of FP12 */
- FP8_YYY c; /**< third part of FP12 */
-} FP24_YYY;
-
-extern const BIG_XXX Fra_YYY; /**< real part of BN curve Frobenius Constant */
-extern const BIG_XXX Frb_YYY; /**< imaginary part of BN curve Frobenius Constant */
-
-/* FP24 prototypes */
-/** @brief Tests for FP24 equal to zero
- *
- @param x FP24 number to be tested
- @return 1 if zero, else returns 0
- */
-extern int FP24_YYY_iszilch(FP24_YYY *x);
-/** @brief Tests for FP24 equal to unity
- *
- @param x FP24 number to be tested
- @return 1 if unity, else returns 0
- */
-extern int FP24_YYY_isunity(FP24_YYY *x);
-/** @brief Copy FP24 to another FP24
- *
- @param x FP24 instance, on exit = y
- @param y FP24 instance to be copied
- */
-extern void FP24_YYY_copy(FP24_YYY *x,FP24_YYY *y);
-/** @brief Set FP24 to unity
- *
- @param x FP24 instance to be set to one
- */
-extern void FP24_YYY_one(FP24_YYY *x);
-/** @brief Tests for equality of two FP24s
- *
- @param x FP24 instance to be compared
- @param y FP24 instance to be compared
- @return 1 if x=y, else returns 0
- */
-extern int FP24_YYY_equals(FP24_YYY *x,FP24_YYY *y);
-/** @brief Conjugation of FP24
- *
- If y=(a,b,c) (where a,b,c are its three FP8 components) on exit x=(conj(a),-conj(b),conj(c))
- @param x FP24 instance, on exit = conj(y)
- @param y FP24 instance
- */
-extern void FP24_YYY_conj(FP24_YYY *x,FP24_YYY *y);
-/** @brief Initialise FP24 from single FP8
- *
- Sets first FP8 component of an FP24, other components set to zero
- @param x FP24 instance to be initialised
- @param a FP8 to form first part of FP8
- */
-extern void FP24_YYY_from_FP8(FP24_YYY *x,FP8_YYY *a);
-/** @brief Initialise FP24 from three FP8s
- *
- @param x FP24 instance to be initialised
- @param a FP8 to form first part of FP24
- @param b FP8 to form second part of FP24
- @param c FP8 to form third part of FP24
- */
-extern void FP24_YYY_from_FP8s(FP24_YYY *x,FP8_YYY *a,FP8_YYY* b,FP8_YYY *c);
-/** @brief Fast Squaring of an FP24 in "unitary" form
- *
- @param x FP24 instance, on exit = y^2
- @param y FP8 instance, must be unitary
- */
-extern void FP24_YYY_usqr(FP24_YYY *x,FP24_YYY *y);
-/** @brief Squaring an FP24
- *
- @param x FP24 instance, on exit = y^2
- @param y FP24 instance
- */
-extern void FP24_YYY_sqr(FP24_YYY *x,FP24_YYY *y);
-/** @brief Fast multiplication of an FP24 by an FP24 that arises from an ATE pairing line function
- *
- Here the multiplier has a special form that can be exploited
- @param x FP24 instance, on exit = x*y
- @param y FP24 instance, of special form
- @param t D_TYPE or M_TYPE twist
- */
-extern void FP24_YYY_smul(FP24_YYY *x,FP24_YYY *y,int t);
-/** @brief Multiplication of two FP24s
- *
- @param x FP24 instance, on exit = x*y
- @param y FP24 instance, the multiplier
- */
-extern void FP24_YYY_mul(FP24_YYY *x,FP24_YYY *y);
-/** @brief Inverting an FP24
- *
- @param x FP24 instance, on exit = 1/y
- @param y FP24 instance
- */
-extern void FP24_YYY_inv(FP24_YYY *x,FP24_YYY *y);
-/** @brief Raises an FP24 to the power of a BIG
- *
- @param r FP24 instance, on exit = y^b
- @param x FP24 instance
- @param b BIG number
- */
-extern void FP24_YYY_pow(FP24_YYY *r,FP24_YYY *x,BIG_XXX b);
-
-//extern void FP24_ppow(FP24 *r,FP24 *x,BIG b);
-
-/** @brief Raises an FP24 instance x to a small integer power, side-channel resistant
- *
- @param x FP24 instance, on exit = x^i
- @param i small integer exponent
- @param b maximum number of bits in exponent
- */
-extern void FP24_YYY_pinpow(FP24_YYY *x,int i,int b);
-
-/** @brief Raises an FP24 instance x to a BIG power, compressed to FP8
- *
- @param c FP8 instance, on exit = x^(e mod r) as FP8
- @param x FP24 input
- @param e BIG exponent
- @param r BIG group order
- */
-extern void FP24_YYY_compow(FP8_YYY *c,FP24_YYY *x,BIG_XXX e,BIG_XXX r);
-
-/** @brief Calculate Pi x[i]^b[i] for i=0 to 7, side-channel resistant
- *
- @param r FP24 instance, on exit = Pi x[i]^b[i] for i=0 to 7
- @param x FP24 array with 4 FP24s
- @param b BIG array of 4 exponents
- */
-extern void FP24_YYY_pow8(FP24_YYY *r,FP24_YYY *x,BIG_XXX *b);
-
-
-/** @brief Raises an FP24 to the power of the internal modulus p, using the Frobenius
- *
- @param x FP24 instance, on exit = x^p^n
- @param f FP2 precalculated Frobenius constant
- @param n power of p
- */
-extern void FP24_YYY_frob(FP24_YYY *x,FP2_YYY *f,int n);
-
-/** @brief Reduces all components of possibly unreduced FP24 mod Modulus
- *
- @param x FP24 instance, on exit reduced mod Modulus
- */
-extern void FP24_YYY_reduce(FP24_YYY *x);
-/** @brief Normalises the components of an FP24
- *
- @param x FP24 instance to be normalised
- */
-extern void FP24_YYY_norm(FP24_YYY *x);
-/** @brief Formats and outputs an FP24 to the console
- *
- @param x FP24 instance to be printed
- */
-extern void FP24_YYY_output(FP24_YYY *x);
-/** @brief Formats and outputs an FP24 instance to an octet string
- *
- Serializes the components of an FP24 to big-endian base 256 form.
- @param S output octet string
- @param x FP24 instance to be converted to an octet string
- */
-extern void FP24_YYY_toOctet(octet *S,FP24_YYY *x);
-/** @brief Creates an FP24 instance from an octet string
- *
- De-serializes the components of an FP24 to create an FP24 from big-endian base 256 components.
- @param x FP24 instance to be created from an octet string
- @param S input octet string
-
- */
-extern void FP24_YYY_fromOctet(FP24_YYY *x,octet *S);
-/** @brief Calculate the trace of an FP24
- *
- @param t FP8 trace of x, on exit = tr(x)
- @param x FP24 instance
-
- */
-extern void FP24_YYY_trace(FP8_YYY *t,FP24_YYY *x);
-
-/** @brief Conditional copy of FP24_YYY number
- *
- Conditionally copies second parameter to the first (without branching)
- @param x FP24_YYY instance, set to y if s!=0
- @param y another FP24_YYY instance
- @param s copy only takes place if not equal to 0
- */
-extern void FP24_YYY_cmove(FP24_YYY *x,FP24_YYY *y,int s);
-
-#endif