You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@milagro.apache.org by br...@apache.org on 2018/11/08 00:12:54 UTC
[34/51] [partial] incubator-milagro-crypto-c git commit: update code
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/src/pair192.c.in
----------------------------------------------------------------------
diff --git a/src/pair192.c.in b/src/pair192.c.in
new file mode 100644
index 0000000..a3b6e32
--- /dev/null
+++ b/src/pair192.c.in
@@ -0,0 +1,652 @@
+/*
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+*/
+
+/* AMCL BLS Curve pairing functions */
+
+//#define HAS_MAIN
+
+#include "pair192_ZZZ.h"
+
+
+/* Line function */
+static void PAIR_ZZZ_line(FP24_YYY *v,ECP4_ZZZ *A,ECP4_ZZZ *B,FP_YYY *Qx,FP_YYY *Qy)
+{
+ FP4_YYY X1,Y1,T1,T2;
+ FP4_YYY XX,YY,ZZ,YZ;
+ FP8_YYY a,b,c;
+
+ if (A==B)
+ {
+ /* doubling */
+ FP4_YYY_copy(&XX,&(A->x)); //FP4_YYY XX=new FP4_YYY(A.getx()); //X
+ FP4_YYY_copy(&YY,&(A->y)); //FP4_YYY YY=new FP4_YYY(A.gety()); //Y
+ FP4_YYY_copy(&ZZ,&(A->z)); //FP4_YYY ZZ=new FP4_YYY(A.getz()); //Z
+
+
+ FP4_YYY_copy(&YZ,&YY); //FP4_YYY YZ=new FP4_YYY(YY); //Y
+ FP4_YYY_mul(&YZ,&YZ,&ZZ); //YZ.mul(ZZ); //YZ
+ FP4_YYY_sqr(&XX,&XX); //XX.sqr(); //X^2
+ FP4_YYY_sqr(&YY,&YY); //YY.sqr(); //Y^2
+ FP4_YYY_sqr(&ZZ,&ZZ); //ZZ.sqr(); //Z^2
+
+ FP4_YYY_imul(&YZ,&YZ,4); //YZ.imul(4);
+ FP4_YYY_neg(&YZ,&YZ); //YZ.neg();
+ FP4_YYY_norm(&YZ); //YZ.norm(); //-4YZ
+
+ FP4_YYY_imul(&XX,&XX,6); //6X^2
+ FP4_YYY_qmul(&XX,&XX,Qx); //6X^2.Xs
+
+ FP4_YYY_imul(&ZZ,&ZZ,3*CURVE_B_I_ZZZ); //3Bz^2
+
+ FP4_YYY_qmul(&YZ,&YZ,Qy); //-4YZ.Ys
+
+#if SEXTIC_TWIST_ZZZ==D_TYPE
+ FP4_YYY_div_2i(&ZZ); //6(b/i)z^2
+#endif
+#if SEXTIC_TWIST_ZZZ==M_TYPE
+ FP4_YYY_times_i(&ZZ);
+ FP4_YYY_add(&ZZ,&ZZ,&ZZ); // 6biz^2
+ FP4_YYY_times_i(&YZ);
+ FP4_YYY_norm(&YZ);
+#endif
+ FP4_YYY_norm(&ZZ); // 6bi.Z^2
+
+ FP4_YYY_add(&YY,&YY,&YY); // 2y^2
+ FP4_YYY_sub(&ZZ,&ZZ,&YY); //
+ FP4_YYY_norm(&ZZ); // 6b.Z^2-2Y^2
+
+ FP8_YYY_from_FP4s(&a,&YZ,&ZZ); // -4YZ.Ys | 6b.Z^2-2Y^2 | 6X^2.Xs
+#if SEXTIC_TWIST_ZZZ==D_TYPE
+ FP8_YYY_from_FP4(&b,&XX);
+ FP8_YYY_zero(&c);
+#endif
+#if SEXTIC_TWIST_ZZZ==M_TYPE
+ FP8_YYY_zero(&b);
+ FP8_YYY_from_FP4H(&c,&XX);
+#endif
+
+ ECP4_ZZZ_dbl(A); //A.dbl();
+ }
+ else
+ {
+ /* addition */
+
+ FP4_YYY_copy(&X1,&(A->x)); //FP4_YYY X1=new FP4_YYY(A.getx()); // X1
+ FP4_YYY_copy(&Y1,&(A->y)); //FP4_YYY Y1=new FP4_YYY(A.gety()); // Y1
+ FP4_YYY_copy(&T1,&(A->z)); //FP4_YYY T1=new FP4_YYY(A.getz()); // Z1
+
+ FP4_YYY_copy(&T2,&T1); //FP4_YYY T2=new FP4_YYY(A.getz()); // Z1
+
+ FP4_YYY_mul(&T1,&T1,&(B->y)); //T1.mul(B.gety()); // T1=Z1.Y2
+ FP4_YYY_mul(&T2,&T2,&(B->x)); //T2.mul(B.getx()); // T2=Z1.X2
+
+ FP4_YYY_sub(&X1,&X1,&T2); //X1.sub(T2);
+ FP4_YYY_norm(&X1); //X1.norm(); // X1=X1-Z1.X2
+ FP4_YYY_sub(&Y1,&Y1,&T1); //Y1.sub(T1);
+ FP4_YYY_norm(&Y1); //Y1.norm(); // Y1=Y1-Z1.Y2
+
+ FP4_YYY_copy(&T1,&X1); //T1.copy(X1); // T1=X1-Z1.X2
+
+ FP4_YYY_qmul(&X1,&X1,Qy); //X1.pmul(Qy); // X1=(X1-Z1.X2).Ys
+#if SEXTIC_TWIST_ZZZ==M_TYPE
+ FP4_YYY_times_i(&X1);
+ FP4_YYY_norm(&X1);
+#endif
+
+ FP4_YYY_mul(&T1,&T1,&(B->y)); //T1.mul(B.gety()); // T1=(X1-Z1.X2).Y2
+
+ FP4_YYY_copy(&T2,&Y1); //T2.copy(Y1); // T2=Y1-Z1.Y2
+ FP4_YYY_mul(&T2,&T2,&(B->x)); //T2.mul(B.getx()); // T2=(Y1-Z1.Y2).X2
+ FP4_YYY_sub(&T2,&T2,&T1); //T2.sub(T1);
+ FP4_YYY_norm(&T2); //T2.norm(); // T2=(Y1-Z1.Y2).X2 - (X1-Z1.X2).Y2
+ FP4_YYY_qmul(&Y1,&Y1,Qx); //Y1.pmul(Qx);
+ FP4_YYY_neg(&Y1,&Y1); //Y1.neg();
+ FP4_YYY_norm(&Y1); //Y1.norm(); // Y1=-(Y1-Z1.Y2).Xs
+
+ FP8_YYY_from_FP4s(&a,&X1,&T2); // (X1-Z1.X2).Ys | (Y1-Z1.Y2).X2 - (X1-Z1.X2).Y2 | - (Y1-Z1.Y2).Xs
+#if SEXTIC_TWIST_ZZZ==D_TYPE
+ FP8_YYY_from_FP4(&b,&Y1); //b=new FP4(Y1);
+ FP8_YYY_zero(&c);
+#endif
+#if SEXTIC_TWIST_ZZZ==M_TYPE
+ FP8_YYY_zero(&b);
+ FP8_YYY_from_FP4H(&c,&Y1); //b=new FP4(Y1);
+#endif
+ ECP4_ZZZ_add(A,B); //A.add(B);
+ }
+
+ FP24_YYY_from_FP8s(v,&a,&b,&c);
+}
+
+/* Optimal R-ate pairing r=e(P,Q) */
+void PAIR_ZZZ_ate(FP24_YYY *r,ECP4_ZZZ *P,ECP_ZZZ *Q)
+{
+ BIG_XXX x,n,n3;
+ FP_YYY Qx,Qy;
+ int i,j,nb,bt;
+ ECP4_ZZZ A;
+ FP24_YYY lv;
+
+ BIG_XXX_rcopy(x,CURVE_Bnx_ZZZ);
+
+ BIG_XXX_copy(n,x);
+
+ BIG_XXX_pmul(n3,n,3);
+ BIG_XXX_norm(n3);
+
+ FP_YYY_copy(&Qx,&(Q->x));
+ FP_YYY_copy(&Qy,&(Q->y));
+
+ ECP4_ZZZ_copy(&A,P);
+ FP24_YYY_one(r);
+ nb=BIG_XXX_nbits(n3); // n3
+
+ j=0;
+ /* Main Miller Loop */
+ for (i=nb-2; i>=1; i--)
+ {
+ j++;
+ FP24_YYY_sqr(r,r);
+ PAIR_ZZZ_line(&lv,&A,&A,&Qx,&Qy);
+ FP24_YYY_smul(r,&lv,SEXTIC_TWIST_ZZZ);
+ bt= BIG_XXX_bit(n3,i)-BIG_XXX_bit(n,i);
+ if (bt==1)
+ {
+ PAIR_ZZZ_line(&lv,&A,P,&Qx,&Qy);
+ FP24_YYY_smul(r,&lv,SEXTIC_TWIST_ZZZ);
+ }
+ if (bt==-1)
+ {
+ ECP4_ZZZ_neg(P);
+ PAIR_ZZZ_line(&lv,&A,P,&Qx,&Qy);
+ FP24_YYY_smul(r,&lv,SEXTIC_TWIST_ZZZ);
+ ECP4_ZZZ_neg(P);
+ }
+
+ }
+
+#if SIGN_OF_X_ZZZ==NEGATIVEX
+ FP24_YYY_conj(r,r);
+#endif
+
+}
+
+/* Optimal R-ate double pairing e(P,Q).e(R,S) */
+void PAIR_ZZZ_double_ate(FP24_YYY *r,ECP4_ZZZ *P,ECP_ZZZ *Q,ECP4_ZZZ *R,ECP_ZZZ *S)
+{
+ BIG_XXX x,n,n3;
+ FP_YYY Qx,Qy,Sx,Sy;
+ int i,nb,bt;
+ ECP4_ZZZ A,B;
+ FP24_YYY lv;
+
+ BIG_XXX_rcopy(x,CURVE_Bnx_ZZZ);
+ BIG_XXX_copy(n,x);
+
+ BIG_XXX_pmul(n3,n,3);
+ BIG_XXX_norm(n3);
+
+ FP_YYY_copy(&Qx,&(Q->x));
+ FP_YYY_copy(&Qy,&(Q->y));
+
+ FP_YYY_copy(&Sx,&(S->x));
+ FP_YYY_copy(&Sy,&(S->y));
+
+ ECP4_ZZZ_copy(&A,P);
+ ECP4_ZZZ_copy(&B,R);
+ FP24_YYY_one(r);
+ nb=BIG_XXX_nbits(n3);
+
+ /* Main Miller Loop */
+ for (i=nb-2; i>=1; i--)
+ {
+ FP24_YYY_sqr(r,r);
+ PAIR_ZZZ_line(&lv,&A,&A,&Qx,&Qy);
+ FP24_YYY_smul(r,&lv,SEXTIC_TWIST_ZZZ);
+
+ PAIR_ZZZ_line(&lv,&B,&B,&Sx,&Sy);
+ FP24_YYY_smul(r,&lv,SEXTIC_TWIST_ZZZ);
+
+ bt=BIG_XXX_bit(n3,i)-BIG_XXX_bit(n,i);
+ if (bt==1)
+ {
+ PAIR_ZZZ_line(&lv,&A,P,&Qx,&Qy);
+ FP24_YYY_smul(r,&lv,SEXTIC_TWIST_ZZZ);
+
+ PAIR_ZZZ_line(&lv,&B,R,&Sx,&Sy);
+ FP24_YYY_smul(r,&lv,SEXTIC_TWIST_ZZZ);
+ }
+ if (bt==-1)
+ {
+ ECP4_ZZZ_neg(P);
+ PAIR_ZZZ_line(&lv,&A,P,&Qx,&Qy);
+ FP24_YYY_smul(r,&lv,SEXTIC_TWIST_ZZZ);
+ ECP4_ZZZ_neg(P);
+ ECP4_ZZZ_neg(R);
+ PAIR_ZZZ_line(&lv,&B,R,&Sx,&Sy);
+ FP24_YYY_smul(r,&lv,SEXTIC_TWIST_ZZZ);
+ ECP4_ZZZ_neg(R);
+ }
+ }
+
+
+
+#if SIGN_OF_X_ZZZ==NEGATIVEX
+ FP24_YYY_conj(r,r);
+#endif
+
+}
+
+/* final exponentiation - keep separate for multi-pairings and to avoid thrashing stack */
+
+void PAIR_ZZZ_fexp(FP24_YYY *r)
+{
+ FP2_YYY X;
+ BIG_XXX x;
+ FP_YYY a,b;
+ FP24_YYY t0,t1,t2,t3,t4,t5,t6,t7; // could lose one of these - r=t3
+
+ BIG_XXX_rcopy(x,CURVE_Bnx_ZZZ);
+ FP_YYY_rcopy(&a,Fra_YYY);
+ FP_YYY_rcopy(&b,Frb_YYY);
+ FP2_YYY_from_FPs(&X,&a,&b);
+
+ /* Easy part of final exp - r^(p^12-1)(p^4+1)*/
+
+ FP24_YYY_inv(&t0,r);
+ FP24_YYY_conj(r,r);
+
+ FP24_YYY_mul(r,&t0);
+ FP24_YYY_copy(&t0,r);
+
+ FP24_YYY_frob(r,&X,4);
+
+ FP24_YYY_mul(r,&t0);
+
+ // Ghamman & Fouotsa Method - (completely garbled in https://eprint.iacr.org/2016/130)
+
+ FP24_YYY_usqr(&t7,r); // t7=f^2
+ FP24_YYY_pow(&t1,&t7,x); // t1=t7^u
+
+ BIG_XXX_fshr(x,1);
+ FP24_YYY_pow(&t2,&t1,x); // t2=t1^(u/2)
+ BIG_XXX_fshl(x,1); // x must be even
+
+#if SIGN_OF_X_ZZZ==NEGATIVEX
+ FP24_YYY_conj(&t1,&t1);
+#endif
+
+ FP24_YYY_conj(&t3,&t1); // t3=1/t1
+ FP24_YYY_mul(&t2,&t3); // t2=t1*t3
+ FP24_YYY_mul(&t2,r); // t2=t2*f
+
+
+ FP24_YYY_pow(&t3,&t2,x); // t3=t2^u
+ FP24_YYY_pow(&t4,&t3,x); // t4=t3^u
+ FP24_YYY_pow(&t5,&t4,x); // t5=t4^u
+
+#if SIGN_OF_X_ZZZ==NEGATIVEX
+ FP24_YYY_conj(&t3,&t3);
+ FP24_YYY_conj(&t5,&t5);
+#endif
+
+ FP24_YYY_frob(&t3,&X,6);
+ FP24_YYY_frob(&t4,&X,5);
+
+ FP24_YYY_mul(&t3,&t4); // t3=t3.t4
+
+
+ FP24_YYY_pow(&t6,&t5,x); // t6=t5^u
+#if SIGN_OF_X_ZZZ==NEGATIVEX
+ FP24_YYY_conj(&t6,&t6);
+#endif
+
+
+ FP24_YYY_frob(&t5,&X,4);
+ FP24_YYY_mul(&t3,&t5); // ??
+
+
+ FP24_YYY_conj(&t0,&t2); // t0=1/t2
+ FP24_YYY_mul(&t6,&t0); // t6=t6*t0
+
+ FP24_YYY_copy(&t5,&t6);
+ FP24_YYY_frob(&t5,&X,3);
+
+ FP24_YYY_mul(&t3,&t5); // t3=t3*t5
+ FP24_YYY_pow(&t5,&t6,x); // t5=t6^x
+ FP24_YYY_pow(&t6,&t5,x); // t6=t5^x
+
+#if SIGN_OF_X_ZZZ==NEGATIVEX
+ FP24_YYY_conj(&t5,&t5);
+#endif
+
+ FP24_YYY_copy(&t0,&t5);
+ FP24_YYY_frob(&t0,&X,2);
+ FP24_YYY_mul(&t3,&t0); // t3=t3*t0
+ FP24_YYY_copy(&t0,&t6); //
+ FP24_YYY_frob(&t0,&X,1);
+
+ FP24_YYY_mul(&t3,&t0); // t3=t3*t0
+ FP24_YYY_pow(&t5,&t6,x); // t5=t6*x
+
+#if SIGN_OF_X_ZZZ==NEGATIVEX
+ FP24_YYY_conj(&t5,&t5);
+#endif
+
+ FP24_YYY_frob(&t2,&X,7);
+
+ FP24_YYY_mul(&t5,&t7); // t5=t5*t7
+ FP24_YYY_mul(&t3,&t2); // t3=t3*t2
+ FP24_YYY_mul(&t3,&t5); // t3=t3*t5
+
+ FP24_YYY_mul(r,&t3);
+ FP24_YYY_reduce(r);
+
+}
+
+#ifdef USE_GLV_ZZZ
+/* GLV method */
+static void glv(BIG_XXX u[2],BIG_XXX e)
+{
+ // -(x^4).P = (Beta.x,y)
+ BIG_XXX x,x2,q;
+ BIG_XXX_rcopy(x,CURVE_Bnx_ZZZ);
+ BIG_XXX_smul(x2,x,x);
+ BIG_XXX_smul(x,x2,x2);
+ BIG_XXX_copy(u[0],e);
+ BIG_XXX_mod(u[0],x);
+ BIG_XXX_copy(u[1],e);
+ BIG_XXX_sdiv(u[1],x);
+
+ BIG_XXX_rcopy(q,CURVE_Order_ZZZ);
+ BIG_XXX_sub(u[1],q,u[1]);
+
+ return;
+}
+#endif // USE_GLV
+
+/* Galbraith & Scott Method */
+static void gs(BIG_XXX u[8],BIG_XXX e)
+{
+ int i;
+
+ BIG_XXX x,w,q;
+ BIG_XXX_rcopy(q,CURVE_Order_ZZZ);
+ BIG_XXX_rcopy(x,CURVE_Bnx_ZZZ);
+ BIG_XXX_copy(w,e);
+
+ for (i=0; i<7; i++)
+ {
+ BIG_XXX_copy(u[i],w);
+ BIG_XXX_mod(u[i],x);
+ BIG_XXX_sdiv(w,x);
+ }
+ BIG_XXX_copy(u[7],w);
+
+#if SIGN_OF_X_ZZZ==NEGATIVEX
+ BIG_XXX_modneg(u[1],u[1],q);
+ BIG_XXX_modneg(u[3],u[3],q);
+ BIG_XXX_modneg(u[5],u[5],q);
+ BIG_XXX_modneg(u[7],u[7],q);
+#endif
+
+
+ return;
+}
+
+/* Multiply P by e in group G1 */
+void PAIR_ZZZ_G1mul(ECP_ZZZ *P,BIG_XXX e)
+{
+#ifdef USE_GLV_ZZZ /* Note this method is patented */
+ int np,nn;
+ ECP_ZZZ Q;
+ FP_YYY cru;
+ BIG_XXX t,q;
+ BIG_XXX u[2];
+
+ BIG_XXX_rcopy(q,CURVE_Order_ZZZ);
+ glv(u,e);
+
+ ECP_ZZZ_affine(P);
+ ECP_ZZZ_copy(&Q,P);
+ FP_YYY_rcopy(&cru,CURVE_Cru_ZZZ);
+ FP_YYY_mul(&(Q.x),&(Q.x),&cru);
+
+ /* note that -a.B = a.(-B). Use a or -a depending on which is smaller */
+
+ np=BIG_XXX_nbits(u[0]);
+ BIG_XXX_modneg(t,u[0],q);
+ nn=BIG_XXX_nbits(t);
+ if (nn<np)
+ {
+ BIG_XXX_copy(u[0],t);
+ ECP_ZZZ_neg(P);
+ }
+
+ np=BIG_XXX_nbits(u[1]);
+ BIG_XXX_modneg(t,u[1],q);
+ nn=BIG_XXX_nbits(t);
+ if (nn<np)
+ {
+ BIG_XXX_copy(u[1],t);
+ ECP_ZZZ_neg(&Q);
+ }
+ BIG_XXX_norm(u[0]);
+ BIG_XXX_norm(u[1]);
+ ECP_ZZZ_mul2(P,&Q,u[0],u[1]);
+
+#else
+ ECP_ZZZ_mul(P,e);
+#endif
+}
+
+/* Multiply P by e in group G2 */
+void PAIR_ZZZ_G2mul(ECP4_ZZZ *P,BIG_XXX e)
+{
+#ifdef USE_GS_G2_ZZZ /* Well I didn't patent it :) */
+ int i,np,nn;
+ ECP4_ZZZ Q[8];
+ FP2_YYY X[3];
+ BIG_XXX x,y,u[8];
+
+ ECP4_ZZZ_frob_constants(X);
+
+ BIG_XXX_rcopy(y,CURVE_Order_ZZZ);
+ gs(u,e);
+
+ ECP4_ZZZ_affine(P);
+
+ ECP4_ZZZ_copy(&Q[0],P);
+ for (i=1; i<8; i++)
+ {
+ ECP4_ZZZ_copy(&Q[i],&Q[i-1]);
+ ECP4_ZZZ_frob(&Q[i],X,1);
+ }
+
+ for (i=0; i<8; i++)
+ {
+ np=BIG_XXX_nbits(u[i]);
+ BIG_XXX_modneg(x,u[i],y);
+ nn=BIG_XXX_nbits(x);
+ if (nn<np)
+ {
+ BIG_XXX_copy(u[i],x);
+ ECP4_ZZZ_neg(&Q[i]);
+ }
+ BIG_XXX_norm(u[i]);
+ }
+
+ ECP4_ZZZ_mul8(P,Q,u);
+
+#else
+ ECP4_ZZZ_mul(P,e);
+#endif
+}
+
+/* f=f^e */
+void PAIR_ZZZ_GTpow(FP24_YYY *f,BIG_XXX e)
+{
+#ifdef USE_GS_GT_ZZZ /* Note that this option requires a lot of RAM! Maybe better to use compressed XTR method, see FP8.c */
+ int i,np,nn;
+ FP24_YYY g[8];
+ FP2_YYY X;
+ BIG_XXX t,q;
+ FP_YYY fx,fy;
+ BIG_XXX u[8];
+
+ FP_YYY_rcopy(&fx,Fra_YYY);
+ FP_YYY_rcopy(&fy,Frb_YYY);
+ FP2_YYY_from_FPs(&X,&fx,&fy);
+
+ BIG_XXX_rcopy(q,CURVE_Order_ZZZ);
+ gs(u,e);
+
+ FP24_YYY_copy(&g[0],f);
+ for (i=1; i<8; i++)
+ {
+ FP24_YYY_copy(&g[i],&g[i-1]);
+ FP24_YYY_frob(&g[i],&X,1);
+ }
+
+ for (i=0; i<8; i++)
+ {
+ np=BIG_XXX_nbits(u[i]);
+ BIG_XXX_modneg(t,u[i],q);
+ nn=BIG_XXX_nbits(t);
+ if (nn<np)
+ {
+ BIG_XXX_copy(u[i],t);
+ FP24_YYY_conj(&g[i],&g[i]);
+ }
+ BIG_XXX_norm(u[i]);
+ }
+ FP24_YYY_pow8(f,g,u);
+
+#else
+ FP24_YYY_pow(f,f,e);
+#endif
+}
+
+#ifdef HAS_MAIN
+// g++ -O2 pair192_BLS24.cpp ecp4_BLS24.cpp fp24_BLS24.cpp fp8_BLS24.cpp fp4_BLS24.cpp fp2_BLS24.cpp ecp_BLS24.cpp fp_BLS24.cpp big_XXX.cpp rom_curve_BLS24.cpp rom_field_BLS24.cpp rand.cpp hash.cpp oct.cpp -o pair192_BLS24.exe
+
+int main()
+{
+ int i;
+ char byt[32];
+ csprng rng;
+ BIG_XXX xa,xb,ya,yb,w,a,b,t1,q,u[2],v[4],m,r,xx,x2,x4,p;
+ ECP4_ZZZ P,G;
+ ECP_ZZZ Q,R;
+ FP24_YYY g,gp;
+ FP8_YYY t,c,cp,cpm1,cpm2;
+ FP4_YYY X,Y;
+ FP2_YYY x,y,f,Aa,Bb;
+ FP_YYY cru;
+
+ for (i=0; i<32; i++)
+ byt[i]=i+9;
+ RAND_seed(&rng,32,byt);
+
+ BIG_XXX_rcopy(r,CURVE_Order);
+ BIG_XXX_rcopy(p,Modulus);
+
+
+ BIG_XXX_rcopy(xa,CURVE_Gx);
+ BIG_XXX_rcopy(ya,CURVE_Gy);
+
+ ECP_ZZZ_set(&Q,xa,ya);
+ if (Q.inf) printf("Failed to set - point not on curve\n");
+ else printf("G1 set success\n");
+
+ printf("Q= ");
+ ECP_ZZZ_output(&Q);
+ printf("\n");
+
+ ECP4_ZZZ_generator(&P);
+
+ if (P.inf) printf("Failed to set - point not on curve\n");
+ else printf("G2 set success\n");
+
+ BIG_XXX_rcopy(a,Fra);
+ BIG_XXX_rcopy(b,Frb);
+ FP2_YYY from_BIGs(&f,a,b);
+
+ PAIR_ZZZ_ate(&g,&P,&Q);
+
+ printf("gb= ");
+ FP24_YYY_output(&g);
+ printf("\n");
+ PAIR_ZZZ_fexp(&g);
+
+ printf("g= ");
+ FP24_YYY_output(&g);
+ printf("\n");
+
+ ECP_ZZZ_copy(&R,&Q);
+ ECP4_ZZZ_copy(&G,&P);
+
+ ECP4_ZZZ_dbl(&G);
+ ECP_ZZZ_dbl(&R);
+ ECP_ZZZ_affine(&R);
+
+ PAIR_ZZZ_ate(&g,&G,&Q);
+ PAIR_ZZZ_fexp(&g);
+
+ printf("g1= ");
+ FP24_YYY_output(&g);
+ printf("\n");
+
+ PAIR_ZZZ_ate(&g,&P,&R);
+ PAIR_ZZZ_fexp(&g);
+
+ printf("g2= ");
+ FP24_YYY_output(&g);
+ printf("\n");
+
+
+ PAIR_ZZZ_G1mul(&Q,r);
+ printf("rQ= ");
+ ECP_ZZZ_output(&Q);
+ printf("\n");
+
+ PAIR_ZZZ_G2mul(&P,r);
+ printf("rP= ");
+ ECP4_ZZZ_output(&P);
+ printf("\n");
+
+ BIG_XXX_randomnum(w,r,&rng);
+
+ FP24_YYY_copy(&gp,&g);
+
+ PAIR_ZZZ_GTpow(&g,w);
+
+ FP24_YYY_trace(&t,&g);
+
+ printf("g^r= ");
+ FP8_YYY_output(&t);
+ printf("\n");
+
+ FP24_compow(&t,&gp,w,r);
+
+ printf("t(g)= ");
+ FP8_YYY_output(&t);
+ printf("\n");
+}
+#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/src/pair256.c.in
----------------------------------------------------------------------
diff --git a/src/pair256.c.in b/src/pair256.c.in
new file mode 100644
index 0000000..3530593
--- /dev/null
+++ b/src/pair256.c.in
@@ -0,0 +1,730 @@
+/*
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+*/
+
+/* AMCL BLS Curve pairing functions */
+
+//#define HAS_MAIN
+
+#include "pair256_ZZZ.h"
+
+/* Line function */
+static void PAIR_ZZZ_line(FP48_YYY *v,ECP8_ZZZ *A,ECP8_ZZZ *B,FP_YYY *Qx,FP_YYY *Qy)
+{
+ //FP2_YYY t;
+
+ FP8_YYY X1,Y1,T1,T2;
+ FP8_YYY XX,YY,ZZ,YZ;
+ FP16_YYY a,b,c;
+
+ if (A==B)
+ {
+ /* doubling */
+ FP8_YYY_copy(&XX,&(A->x)); //FP8_YYY XX=new FP8_YYY(A.getx()); //X
+ FP8_YYY_copy(&YY,&(A->y)); //FP8_YYY YY=new FP8_YYY(A.gety()); //Y
+ FP8_YYY_copy(&ZZ,&(A->z)); //FP8_YYY ZZ=new FP8_YYY(A.getz()); //Z
+
+
+ FP8_YYY_copy(&YZ,&YY); //FP8_YYY YZ=new FP8_YYY(YY); //Y
+ FP8_YYY_mul(&YZ,&YZ,&ZZ); //YZ.mul(ZZ); //YZ
+ FP8_YYY_sqr(&XX,&XX); //XX.sqr(); //X^2
+ FP8_YYY_sqr(&YY,&YY); //YY.sqr(); //Y^2
+ FP8_YYY_sqr(&ZZ,&ZZ); //ZZ.sqr(); //Z^2
+
+ FP8_YYY_imul(&YZ,&YZ,4); //YZ.imul(4);
+ FP8_YYY_neg(&YZ,&YZ); //YZ.neg();
+ FP8_YYY_norm(&YZ); //YZ.norm(); //-4YZ
+
+ FP8_YYY_imul(&XX,&XX,6); //6X^2
+ FP8_YYY_tmul(&XX,&XX,Qx); //6X^2.Xs
+
+ FP8_YYY_imul(&ZZ,&ZZ,3*CURVE_B_I_ZZZ); //3Bz^2
+ FP8_YYY_tmul(&YZ,&YZ,Qy); //-4YZ.Ys
+
+#if SEXTIC_TWIST_ZZZ==D_TYPE
+ FP8_YYY_div_2i(&ZZ); //6(b/i)z^2
+#endif
+#if SEXTIC_TWIST_ZZZ==M_TYPE
+ FP8_YYY_times_i(&ZZ);
+ FP8_YYY_add(&ZZ,&ZZ,&ZZ); // 6biz^2
+ FP8_YYY_times_i(&YZ);
+ FP8_YYY_norm(&YZ);
+#endif
+ FP8_YYY_norm(&ZZ); // 6bi.Z^2
+
+ FP8_YYY_add(&YY,&YY,&YY); // 2y^2
+ FP8_YYY_sub(&ZZ,&ZZ,&YY); //
+ FP8_YYY_norm(&ZZ); // 6b.Z^2-2Y^2
+
+ FP16_YYY_from_FP8s(&a,&YZ,&ZZ); // -4YZ.Ys | 6b.Z^2-2Y^2 | 6X^2.Xs
+#if SEXTIC_TWIST_ZZZ==D_TYPE
+ FP16_YYY_from_FP8(&b,&XX);
+ FP16_YYY_zero(&c);
+#endif
+#if SEXTIC_TWIST_ZZZ==M_TYPE
+ FP16_YYY_zero(&b);
+ FP16_YYY_from_FP8H(&c,&XX);
+#endif
+
+ ECP8_ZZZ_dbl(A); //A.dbl();
+ }
+ else
+ {
+ /* addition */
+ FP8_YYY_copy(&X1,&(A->x)); //FP8_YYY X1=new FP8_YYY(A.getx()); // X1
+ FP8_YYY_copy(&Y1,&(A->y)); //FP8_YYY Y1=new FP8_YYY(A.gety()); // Y1
+ FP8_YYY_copy(&T1,&(A->z)); //FP8_YYY T1=new FP8_YYY(A.getz()); // Z1
+
+ FP8_YYY_copy(&T2,&T1); //FP8_YYY T2=new FP8_YYY(A.getz()); // Z1
+
+ FP8_YYY_mul(&T1,&T1,&(B->y)); //T1.mul(B.gety()); // T1=Z1.Y2
+ FP8_YYY_mul(&T2,&T2,&(B->x)); //T2.mul(B.getx()); // T2=Z1.X2
+
+ FP8_YYY_sub(&X1,&X1,&T2); //X1.sub(T2);
+ FP8_YYY_norm(&X1); //X1.norm(); // X1=X1-Z1.X2
+ FP8_YYY_sub(&Y1,&Y1,&T1); //Y1.sub(T1);
+ FP8_YYY_norm(&Y1); //Y1.norm(); // Y1=Y1-Z1.Y2
+
+ FP8_YYY_copy(&T1,&X1); //T1.copy(X1); // T1=X1-Z1.X2
+ FP8_YYY_tmul(&X1,&X1,Qy); //X1.pmul(Qy); // X1=(X1-Z1.X2).Ys
+#if SEXTIC_TWIST_ZZZ==M_TYPE
+ FP8_YYY_times_i(&X1);
+ FP8_YYY_norm(&X1);
+#endif
+ FP8_YYY_mul(&T1,&T1,&(B->y)); //T1.mul(B.gety()); // T1=(X1-Z1.X2).Y2
+
+ FP8_YYY_copy(&T2,&Y1); //T2.copy(Y1); // T2=Y1-Z1.Y2
+ FP8_YYY_mul(&T2,&T2,&(B->x)); //T2.mul(B.getx()); // T2=(Y1-Z1.Y2).X2
+ FP8_YYY_sub(&T2,&T2,&T1); //T2.sub(T1);
+ FP8_YYY_norm(&T2); //T2.norm(); // T2=(Y1-Z1.Y2).X2 - (X1-Z1.X2).Y2
+ FP8_YYY_tmul(&Y1,&Y1,Qx); //Y1.pmul(Qx);
+ FP8_YYY_neg(&Y1,&Y1); //Y1.neg();
+ FP8_YYY_norm(&Y1); //Y1.norm(); // Y1=-(Y1-Z1.Y2).Xs
+
+ FP16_YYY_from_FP8s(&a,&X1,&T2); // (X1-Z1.X2).Ys | (Y1-Z1.Y2).X2 - (X1-Z1.X2).Y2 | - (Y1-Z1.Y2).Xs
+#if SEXTIC_TWIST_ZZZ==D_TYPE
+ FP16_YYY_from_FP8(&b,&Y1); //b=new FP4(Y1);
+ FP16_YYY_zero(&c);
+#endif
+#if SEXTIC_TWIST_ZZZ==M_TYPE
+ FP16_YYY_zero(&b);
+ FP16_YYY_from_FP8H(&c,&Y1); //b=new FP4(Y1);
+#endif
+ ECP8_ZZZ_add(A,B); // A.add(B);
+ }
+
+ FP48_YYY_from_FP16s(v,&a,&b,&c);
+}
+
+/* Optimal R-ate pairing r=e(P,Q) */
+void PAIR_ZZZ_ate(FP48_YYY *r,ECP8_ZZZ *P,ECP_ZZZ *Q)
+{
+ BIG_XXX x,n,n3;
+ FP_YYY Qx,Qy;
+ int i,j,nb,bt;
+ ECP8_ZZZ A;
+ FP48_YYY lv;
+
+ BIG_XXX_rcopy(x,CURVE_Bnx_ZZZ);
+
+ BIG_XXX_copy(n,x);
+
+ BIG_XXX_pmul(n3,n,3);
+ BIG_XXX_norm(n3);
+
+ FP_YYY_copy(&Qx,&(Q->x));
+ FP_YYY_copy(&Qy,&(Q->y));
+
+ ECP8_ZZZ_copy(&A,P);
+ FP48_YYY_one(r);
+ nb=BIG_XXX_nbits(n3); // n3
+
+ j=0;
+ /* Main Miller Loop */
+ for (i=nb-2; i>=1; i--)
+ {
+ j++;
+ FP48_YYY_sqr(r,r);
+ PAIR_ZZZ_line(&lv,&A,&A,&Qx,&Qy);
+ FP48_YYY_smul(r,&lv,SEXTIC_TWIST_ZZZ);
+ bt= BIG_XXX_bit(n3,i)-BIG_XXX_bit(n,i);
+ if (bt==1)
+ {
+ PAIR_ZZZ_line(&lv,&A,P,&Qx,&Qy);
+ FP48_YYY_smul(r,&lv,SEXTIC_TWIST_ZZZ);
+ }
+ if (bt==-1)
+ {
+ ECP8_ZZZ_neg(P);
+ PAIR_ZZZ_line(&lv,&A,P,&Qx,&Qy);
+ FP48_YYY_smul(r,&lv,SEXTIC_TWIST_ZZZ);
+ ECP8_ZZZ_neg(P);
+ }
+
+ }
+
+#if SIGN_OF_X_ZZZ==NEGATIVEX
+ FP48_YYY_conj(r,r);
+#endif
+
+}
+
+/* Optimal R-ate double pairing e(P,Q).e(R,S) */
+void PAIR_ZZZ_double_ate(FP48_YYY *r,ECP8_ZZZ *P,ECP_ZZZ *Q,ECP8_ZZZ *R,ECP_ZZZ *S)
+{
+ BIG_XXX x,n,n3;
+ FP_YYY Qx,Qy,Sx,Sy;
+ int i,nb,bt;
+ ECP8_ZZZ A,B;
+ FP48_YYY lv;
+
+ BIG_XXX_rcopy(x,CURVE_Bnx_ZZZ);
+ BIG_XXX_copy(n,x);
+ BIG_XXX_pmul(n3,n,3);
+ BIG_XXX_norm(n3);
+
+ FP_YYY_copy(&Qx,&(Q->x));
+ FP_YYY_copy(&Qy,&(Q->y));
+
+ FP_YYY_copy(&Sx,&(S->x));
+ FP_YYY_copy(&Sy,&(S->y));
+
+ ECP8_ZZZ_copy(&A,P);
+ ECP8_ZZZ_copy(&B,R);
+ FP48_YYY_one(r);
+ nb=BIG_XXX_nbits(n3);
+
+ /* Main Miller Loop */
+ for (i=nb-2; i>=1; i--)
+ {
+ FP48_YYY_sqr(r,r);
+ PAIR_ZZZ_line(&lv,&A,&A,&Qx,&Qy);
+ FP48_YYY_smul(r,&lv,SEXTIC_TWIST_ZZZ);
+
+ PAIR_ZZZ_line(&lv,&B,&B,&Sx,&Sy);
+ FP48_YYY_smul(r,&lv,SEXTIC_TWIST_ZZZ);
+
+ bt=BIG_XXX_bit(n3,i)-BIG_XXX_bit(n,i);
+ if (bt==1)
+ {
+ PAIR_ZZZ_line(&lv,&A,P,&Qx,&Qy);
+ FP48_YYY_smul(r,&lv,SEXTIC_TWIST_ZZZ);
+
+ PAIR_ZZZ_line(&lv,&B,R,&Sx,&Sy);
+ FP48_YYY_smul(r,&lv,SEXTIC_TWIST_ZZZ);
+ }
+ if (bt==-1)
+ {
+ ECP8_ZZZ_neg(P);
+ PAIR_ZZZ_line(&lv,&A,P,&Qx,&Qy);
+ FP48_YYY_smul(r,&lv,SEXTIC_TWIST_ZZZ);
+ ECP8_ZZZ_neg(P);
+ ECP8_ZZZ_neg(R);
+ PAIR_ZZZ_line(&lv,&B,R,&Sx,&Sy);
+ FP48_YYY_smul(r,&lv,SEXTIC_TWIST_ZZZ);
+ ECP8_ZZZ_neg(R);
+ }
+ }
+
+
+
+#if SIGN_OF_X_ZZZ==NEGATIVEX
+ FP48_YYY_conj(r,r);
+#endif
+
+}
+
+/* final exponentiation - keep separate for multi-pairings and to avoid thrashing stack */
+
+void PAIR_ZZZ_fexp(FP48_YYY *r)
+{
+ FP2_YYY X;
+ BIG_XXX x;
+ FP_YYY a,b;
+ FP48_YYY t1,t2,t3,t7;
+
+ BIG_XXX_rcopy(x,CURVE_Bnx_ZZZ);
+ FP_YYY_rcopy(&a,Fra_YYY);
+ FP_YYY_rcopy(&b,Frb_YYY);
+ FP2_YYY_from_FPs(&X,&a,&b);
+
+ /* Easy part of final exp - r^(p^24-1)(p^8+1)*/
+
+ FP48_YYY_inv(&t7,r);
+ FP48_YYY_conj(r,r);
+
+ FP48_YYY_mul(r,&t7);
+ FP48_YYY_copy(&t7,r);
+
+ FP48_YYY_frob(r,&X,8);
+
+ FP48_YYY_mul(r,&t7);
+
+ // f^e0.f^e1^p.f^e2^p^2.. .. f^e14^p^14.f^e15^p^15
+
+ FP48_YYY_usqr(&t7,r); // t7=f^2
+ FP48_YYY_pow(&t1,&t7,x); // t1=f^2u
+
+ BIG_XXX_fshr(x,1);
+ FP48_YYY_pow(&t2,&t1,x); // t2=f^2u^(u/2) = f^u^2
+ BIG_XXX_fshl(x,1); // x must be even
+
+#if SIGN_OF_X_ZZZ==NEGATIVEX
+ FP48_YYY_conj(&t1,&t1);
+#endif
+
+ FP48_YYY_conj(&t3,&t1); // t3=f^-2u
+ FP48_YYY_mul(&t2,&t3); // t2=f^u^2.f^-2u
+ FP48_YYY_mul(&t2,r); // t2=f^u^2.f^-2u.f = f^(u^2-2u+1) = f^e15
+
+ FP48_YYY_mul(r,&t7); // f^3
+
+ FP48_YYY_pow(&t1,&t2,x); // f^e15^u = f^(u.e15) = f^(u^3-2u^2+u) = f^(e14)
+#if SIGN_OF_X_ZZZ==NEGATIVEX
+ FP48_YYY_conj(&t1,&t1);
+#endif
+ FP48_YYY_copy(&t3,&t1);
+ FP48_YYY_frob(&t3,&X,14); // f^(u^3-2u^2+u)^p^14
+ FP48_YYY_mul(r,&t3); // f^3.f^(u^3-2u^2+u)^p^14
+
+ FP48_YYY_pow(&t1,&t1,x); // f^(u.e14) = f^(u^4-2u^3+u^2) = f^(e13)
+#if SIGN_OF_X_ZZZ==NEGATIVEX
+ FP48_YYY_conj(&t1,&t1);
+#endif
+ FP48_YYY_copy(&t3,&t1);
+ FP48_YYY_frob(&t3,&X,13); // f^(e13)^p^13
+ FP48_YYY_mul(r,&t3); // f^3.f^(u^3-2u^2+u)^p^14.f^(u^4-2u^3+u^2)^p^13
+
+ FP48_YYY_pow(&t1,&t1,x); // f^(u.e13)
+#if SIGN_OF_X_ZZZ==NEGATIVEX
+ FP48_YYY_conj(&t1,&t1);
+#endif
+ FP48_YYY_copy(&t3,&t1);
+ FP48_YYY_frob(&t3,&X,12); // f^(e12)^p^12
+ FP48_YYY_mul(r,&t3);
+
+ FP48_YYY_pow(&t1,&t1,x); // f^(u.e12)
+#if SIGN_OF_X_ZZZ==NEGATIVEX
+ FP48_YYY_conj(&t1,&t1);
+#endif
+ FP48_YYY_copy(&t3,&t1);
+ FP48_YYY_frob(&t3,&X,11); // f^(e11)^p^11
+ FP48_YYY_mul(r,&t3);
+
+ FP48_YYY_pow(&t1,&t1,x); // f^(u.e11)
+#if SIGN_OF_X_ZZZ==NEGATIVEX
+ FP48_YYY_conj(&t1,&t1);
+#endif
+ FP48_YYY_copy(&t3,&t1);
+ FP48_YYY_frob(&t3,&X,10); // f^(e10)^p^10
+ FP48_YYY_mul(r,&t3);
+
+ FP48_YYY_pow(&t1,&t1,x); // f^(u.e10)
+#if SIGN_OF_X_ZZZ==NEGATIVEX
+ FP48_YYY_conj(&t1,&t1);
+#endif
+ FP48_YYY_copy(&t3,&t1);
+ FP48_YYY_frob(&t3,&X,9); // f^(e9)^p^9
+ FP48_YYY_mul(r,&t3);
+
+ FP48_YYY_pow(&t1,&t1,x); // f^(u.e9)
+#if SIGN_OF_X_ZZZ==NEGATIVEX
+ FP48_YYY_conj(&t1,&t1);
+#endif
+ FP48_YYY_copy(&t3,&t1);
+ FP48_YYY_frob(&t3,&X,8); // f^(e8)^p^8
+ FP48_YYY_mul(r,&t3);
+
+ FP48_YYY_pow(&t1,&t1,x); // f^(u.e8)
+#if SIGN_OF_X_ZZZ==NEGATIVEX
+ FP48_YYY_conj(&t1,&t1);
+#endif
+ FP48_YYY_conj(&t3,&t2);
+ FP48_YYY_mul(&t1,&t3); // f^(u.e8).f^-e15
+ FP48_YYY_copy(&t3,&t1);
+ FP48_YYY_frob(&t3,&X,7); // f^(e7)^p^7
+ FP48_YYY_mul(r,&t3);
+
+ FP48_YYY_pow(&t1,&t1,x); // f^(u.e7)
+#if SIGN_OF_X_ZZZ==NEGATIVEX
+ FP48_YYY_conj(&t1,&t1);
+#endif
+ FP48_YYY_copy(&t3,&t1);
+ FP48_YYY_frob(&t3,&X,6); // f^(e6)^p^6
+ FP48_YYY_mul(r,&t3);
+
+ FP48_YYY_pow(&t1,&t1,x); // f^(u.e6)
+#if SIGN_OF_X_ZZZ==NEGATIVEX
+ FP48_YYY_conj(&t1,&t1);
+#endif
+ FP48_YYY_copy(&t3,&t1);
+ FP48_YYY_frob(&t3,&X,5); // f^(e5)^p^5
+ FP48_YYY_mul(r,&t3);
+
+ FP48_YYY_pow(&t1,&t1,x); // f^(u.e5)
+#if SIGN_OF_X_ZZZ==NEGATIVEX
+ FP48_YYY_conj(&t1,&t1);
+#endif
+ FP48_YYY_copy(&t3,&t1);
+ FP48_YYY_frob(&t3,&X,4); // f^(e4)^p^4
+ FP48_YYY_mul(r,&t3);
+
+ FP48_YYY_pow(&t1,&t1,x); // f^(u.e4)
+#if SIGN_OF_X_ZZZ==NEGATIVEX
+ FP48_YYY_conj(&t1,&t1);
+#endif
+ FP48_YYY_copy(&t3,&t1);
+ FP48_YYY_frob(&t3,&X,3); // f^(e3)^p^3
+ FP48_YYY_mul(r,&t3);
+
+ FP48_YYY_pow(&t1,&t1,x); // f^(u.e3)
+#if SIGN_OF_X_ZZZ==NEGATIVEX
+ FP48_YYY_conj(&t1,&t1);
+#endif
+ FP48_YYY_copy(&t3,&t1);
+ FP48_YYY_frob(&t3,&X,2); // f^(e2)^p^2
+ FP48_YYY_mul(r,&t3);
+
+ FP48_YYY_pow(&t1,&t1,x); // f^(u.e2)
+#if SIGN_OF_X_ZZZ==NEGATIVEX
+ FP48_YYY_conj(&t1,&t1);
+#endif
+ FP48_YYY_copy(&t3,&t1);
+ FP48_YYY_frob(&t3,&X,1); // f^(e1)^p^1
+ FP48_YYY_mul(r,&t3);
+
+ FP48_YYY_pow(&t1,&t1,x); // f^(u.e1)
+#if SIGN_OF_X_ZZZ==NEGATIVEX
+ FP48_YYY_conj(&t1,&t1);
+#endif
+ FP48_YYY_mul(r,&t1); // r.f^e0
+
+ FP48_YYY_frob(&t2,&X,15); // f^(e15.p^15)
+ FP48_YYY_mul(r,&t2);
+
+
+ FP48_YYY_reduce(r);
+
+}
+
+#ifdef USE_GLV_ZZZ
+/* GLV method */
+static void glv(BIG_XXX u[2],BIG_XXX e)
+{
+ // -(x^8).P = (Beta.x,y)
+
+ BIG_XXX x,x2,q;
+ BIG_XXX_rcopy(x,CURVE_Bnx_ZZZ);
+
+ BIG_XXX_smul(x2,x,x);
+ BIG_XXX_smul(x,x2,x2);
+ BIG_XXX_smul(x2,x,x);
+
+ BIG_XXX_copy(u[0],e);
+ BIG_XXX_mod(u[0],x2);
+ BIG_XXX_copy(u[1],e);
+ BIG_XXX_sdiv(u[1],x2);
+
+ BIG_XXX_rcopy(q,CURVE_Order_ZZZ);
+ BIG_XXX_sub(u[1],q,u[1]);
+
+ return;
+}
+#endif // USE_GLV
+
+/* Galbraith & Scott Method */
+static void gs(BIG_XXX u[16],BIG_XXX e)
+{
+ int i;
+
+ BIG_XXX x,w,q;
+ BIG_XXX_rcopy(q,CURVE_Order_ZZZ);
+ BIG_XXX_rcopy(x,CURVE_Bnx_ZZZ);
+ BIG_XXX_copy(w,e);
+
+ for (i=0; i<15; i++)
+ {
+ BIG_XXX_copy(u[i],w);
+ BIG_XXX_mod(u[i],x);
+ BIG_XXX_sdiv(w,x);
+ }
+ BIG_XXX_copy(u[15],w);
+
+ /* */
+#if SIGN_OF_X_ZZZ==NEGATIVEX
+ BIG_XXX_modneg(u[1],u[1],q);
+ BIG_XXX_modneg(u[3],u[3],q);
+ BIG_XXX_modneg(u[5],u[5],q);
+ BIG_XXX_modneg(u[7],u[7],q);
+ BIG_XXX_modneg(u[9],u[9],q);
+ BIG_XXX_modneg(u[11],u[11],q);
+ BIG_XXX_modneg(u[13],u[13],q);
+ BIG_XXX_modneg(u[15],u[15],q);
+#endif
+
+
+ return;
+}
+
+/* Multiply P by e in group G1 */
+void PAIR_ZZZ_G1mul(ECP_ZZZ *P,BIG_XXX e)
+{
+#ifdef USE_GLV_ZZZ /* Note this method is patented */
+ int np,nn;
+ ECP_ZZZ Q;
+ FP_YYY cru;
+ BIG_XXX t,q;
+ BIG_XXX u[2];
+
+ BIG_XXX_rcopy(q,CURVE_Order_ZZZ);
+ glv(u,e);
+
+ ECP_ZZZ_affine(P);
+ ECP_ZZZ_copy(&Q,P);
+ FP_YYY_rcopy(&cru,CURVE_Cru_ZZZ);
+ FP_YYY_mul(&(Q.x),&(Q.x),&cru);
+
+ /* note that -a.B = a.(-B). Use a or -a depending on which is smaller */
+
+ np=BIG_XXX_nbits(u[0]);
+ BIG_XXX_modneg(t,u[0],q);
+ nn=BIG_XXX_nbits(t);
+ if (nn<np)
+ {
+ BIG_XXX_copy(u[0],t);
+ ECP_ZZZ_neg(P);
+ }
+
+ np=BIG_XXX_nbits(u[1]);
+ BIG_XXX_modneg(t,u[1],q);
+ nn=BIG_XXX_nbits(t);
+ if (nn<np)
+ {
+ BIG_XXX_copy(u[1],t);
+ ECP_ZZZ_neg(&Q);
+ }
+ BIG_XXX_norm(u[0]);
+ BIG_XXX_norm(u[1]);
+ ECP_ZZZ_mul2(P,&Q,u[0],u[1]);
+
+#else
+ ECP_ZZZ_mul(P,e);
+#endif
+}
+
+/* Multiply P by e in group G2 */
+void PAIR_ZZZ_G2mul(ECP8_ZZZ *P,BIG_XXX e)
+{
+#ifdef USE_GS_G2_ZZZ /* Well I didn't patent it :) */
+ int i,np,nn;
+ ECP8_ZZZ Q[16];
+ FP2_YYY X[3];
+ BIG_XXX x,y,u[16];
+
+ ECP8_ZZZ_frob_constants(X);
+
+ BIG_XXX_rcopy(y,CURVE_Order_ZZZ);
+ gs(u,e);
+
+ ECP8_ZZZ_affine(P);
+
+ ECP8_ZZZ_copy(&Q[0],P);
+ for (i=1; i<16; i++)
+ {
+ ECP8_ZZZ_copy(&Q[i],&Q[i-1]);
+ ECP8_ZZZ_frob(&Q[i],X,1);
+ }
+
+ for (i=0; i<16; i++)
+ {
+ np=BIG_XXX_nbits(u[i]);
+ BIG_XXX_modneg(x,u[i],y);
+ nn=BIG_XXX_nbits(x);
+ if (nn<np)
+ {
+ BIG_XXX_copy(u[i],x);
+ ECP8_ZZZ_neg(&Q[i]);
+ }
+ BIG_XXX_norm(u[i]);
+ }
+
+ ECP8_ZZZ_mul16(P,Q,u);
+
+#else
+ ECP8_ZZZ_mul(P,e);
+#endif
+}
+
+/* f=f^e */
+void PAIR_ZZZ_GTpow(FP48_YYY *f,BIG_XXX e)
+{
+#ifdef USE_GS_GT_ZZZ /* Note that this option requires a lot of RAM! Maybe better to use compressed XTR method, see FP16.cpp */
+ int i,np,nn;
+ FP48_YYY g[16];
+ FP2_YYY X;
+ BIG_XXX t,q;
+ FP_YYY fx,fy;
+ BIG_XXX u[16];
+
+ FP_YYY_rcopy(&fx,Fra_YYY);
+ FP_YYY_rcopy(&fy,Frb_YYY);
+ FP2_YYY_from_FPs(&X,&fx,&fy);
+
+ BIG_XXX_rcopy(q,CURVE_Order_ZZZ);
+ gs(u,e);
+
+ FP48_YYY_copy(&g[0],f);
+ for (i=1; i<16; i++)
+ {
+ FP48_YYY_copy(&g[i],&g[i-1]);
+ FP48_YYY_frob(&g[i],&X,1);
+ }
+
+ for (i=0; i<16; i++)
+ {
+ np=BIG_XXX_nbits(u[i]);
+ BIG_XXX_modneg(t,u[i],q);
+ nn=BIG_XXX_nbits(t);
+ if (nn<np)
+ {
+ BIG_XXX_copy(u[i],t);
+ FP48_YYY_conj(&g[i],&g[i]);
+ }
+ BIG_XXX_norm(u[i]);
+ }
+ FP48_YYY_pow16(f,g,u);
+
+#else
+ FP48_YYY_pow(f,f,e);
+#endif
+}
+
+#ifdef HAS_MAIN
+
+// g++ -O2 pair256_BLS48.cpp ecp8_BLS48.cpp fp48_BLS48.cpp fp16_BLS48.cpp fp8_BLS48.cpp fp4_BLS48.cpp fp2_BLS48.cpp ecp_BLS48.cpp fp_BLS48.cpp big_B560_29.cpp rom_curve_BLS48.cpp rom_field_BLS48.cpp rand.cpp hash.cpp oct.cpp -o pair256_BLS48.exe
+
+int main()
+{
+ int i;
+ char byt[32];
+ csprng rng;
+ BIG_XXX xa,xb,ya,yb,w,a,b,t1,q,u[2],v[4],m,r,xx,x2,x4,p;
+ ECP8_ZZZ P,G;
+ ECP_ZZZ Q,R;
+ FP48_YYY g,gp;
+ FP16_YYY t,c,cp,cpm1,cpm2;
+ FP8_YYY X,Y;
+ FP2_YYY x,y,f,Aa,Bb;
+ FP_YYY cru;
+
+ for (i=0; i<32; i++)
+ byt[i]=i+9;
+ RAND_seed(&rng,32,byt);
+
+ BIG_XXX_rcopy(r,CURVE_Order);
+ BIG_XXX_rcopy(p,Modulus);
+
+
+ BIG_XXX_rcopy(xa,CURVE_Gx_ZZZ);
+ BIG_XXX_rcopy(ya,CURVE_Gy_ZZZ);
+
+ ECP_ZZZ_set(&Q,xa,ya);
+ if (Q.inf) printf("Failed to set - point not on curve\n");
+ else printf("G1 set success\n");
+
+ printf("Q= ");
+ ECP_ZZZ_output(&Q);
+ printf("\n");
+
+ ECP8_ZZZ_generator(&P);
+
+ if (P.inf) printf("Failed to set - point not on curve\n");
+ else printf("G2 set success\n");
+
+ BIG_XXX_rcopy(a,Fra);
+ BIG_XXX_rcopy(b,Frb);
+ FP2_YYY_from_BIGs(&f,a,b);
+
+ PAIR_ZZZ_ate(&g,&P,&Q);
+
+ printf("gb= ");
+ FP48_YYY_output(&g);
+ printf("\n");
+ PAIR_ZZZ_fexp(&g);
+
+ printf("g= ");
+ FP48_YYY_output(&g);
+ printf("\n");
+
+ ECP_ZZZ_copy(&R,&Q);
+ ECP8_copy(&G,&P);
+
+ ECP8_ZZZ_dbl(&G);
+ ECP_ZZZ_dbl(&R);
+ ECP_ZZZ_affine(&R);
+
+ PAIR_ZZZ_ate(&g,&G,&Q);
+ PAIR_ZZZ_fexp(&g);
+
+ printf("g1= ");
+ FP48_YYY_output(&g);
+ printf("\n");
+
+ PAIR_ZZZ_ate(&g,&P,&R);
+ PAIR_ZZZ_fexp(&g);
+
+ printf("g2= ");
+ FP48_YYY_output(&g);
+ printf("\n");
+
+
+ PAIR_ZZZ_G1mul(&Q,r);
+ printf("rQ= ");
+ ECP_ZZZ_output(&Q);
+ printf("\n");
+
+ PAIR_ZZZ_G2mul(&P,r);
+ printf("rP= ");
+ ECP8_ZZZ_output(&P);
+ printf("\n");
+
+ PAIR_ZZZ_GTpow(&g,r);
+ printf("g^r= ");
+ FP48_YYY_output(&g);
+ printf("\n");
+
+
+ BIG_XXX_randomnum(w,r,&rng);
+
+ FP48_YYY_copy(&gp,&g);
+
+ PAIR_ZZZ_GTpow(&g,w);
+
+ FP48_YYY_trace(&t,&g);
+
+ printf("g^r= ");
+ FP16_YYY_output(&t);
+ printf("\n");
+
+ FP48_compow(&t,&gp,w,r);
+
+ printf("t(g)= ");
+ FP16_YYY_output(&t);
+ printf("\n");
+}
+#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/src/pbc_support.c
----------------------------------------------------------------------
diff --git a/src/pbc_support.c b/src/pbc_support.c
new file mode 100644
index 0000000..64896bc
--- /dev/null
+++ b/src/pbc_support.c
@@ -0,0 +1,177 @@
+/*
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+*/
+
+/* Symmetric crypto support functions Functions */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <time.h>
+
+#include "pbc_support.h"
+
+/* general purpose hash function w=hash(p|n|x|y) */
+void mhashit(int sha,int n,octet *x,octet *w)
+{
+ int i,c[4],hlen;
+ hash256 sha256;
+ hash512 sha512;
+ char hh[64];
+
+ switch (sha)
+ {
+ case SHA256:
+ HASH256_init(&sha256);
+ break;
+ case SHA384:
+ HASH384_init(&sha512);
+ break;
+ case SHA512:
+ HASH512_init(&sha512);
+ break;
+ }
+
+ hlen=sha;
+
+ if (n>0)
+ {
+ c[0]=(n>>24)&0xff;
+ c[1]=(n>>16)&0xff;
+ c[2]=(n>>8)&0xff;
+ c[3]=(n)&0xff;
+ for (i=0; i<4; i++)
+ {
+ switch(sha)
+ {
+ case SHA256:
+ HASH256_process(&sha256,c[i]);
+ break;
+ case SHA384:
+ HASH384_process(&sha512,c[i]);
+ break;
+ case SHA512:
+ HASH512_process(&sha512,c[i]);
+ break;
+ }
+ }
+ }
+
+ if (x!=NULL) for (i=0; i<x->len; i++)
+ {
+ switch(sha)
+ {
+ case SHA256:
+ HASH256_process(&sha256,x->val[i]);
+
+ break;
+ case SHA384:
+ HASH384_process(&sha512,x->val[i]);
+ break;
+ case SHA512:
+ HASH512_process(&sha512,x->val[i]);
+ break;
+ }
+ }
+
+ for (i=0; i<hlen; i++) hh[i]=0;
+ switch (sha)
+ {
+ case SHA256:
+ HASH256_hash(&sha256,hh);
+ break;
+ case SHA384:
+ HASH384_hash(&sha512,hh);
+ break;
+ case SHA512:
+ HASH512_hash(&sha512,hh);
+ break;
+ }
+
+ OCT_empty(w);
+
+ if (hlen>=w->max)
+ OCT_jbytes(w,hh,w->max);
+ else
+ {
+ OCT_jbyte(w,0,w->max-hlen);
+ OCT_jbytes(w,hh,hlen);
+ }
+}
+
+unsign32 today(void)
+{
+ /* return time in slots since epoch */
+ unsign32 ti=(unsign32)time(NULL);
+ return (uint32_t)(ti/(60*TIME_SLOT_MINUTES));
+}
+
+/* Hash the M-Pin transcript - new */
+
+void HASH_ALL(int sha,octet *HID,octet *xID,octet *xCID,octet *SEC,octet *Y,octet *R,octet *W,octet *H)
+{
+ char t[1284]; // assumes max modulus of 1024-bits
+ octet T= {0,sizeof(t),t};
+
+ OCT_joctet(&T,HID);
+ if (xCID!=NULL) OCT_joctet(&T,xCID);
+ else OCT_joctet(&T,xID);
+ OCT_joctet(&T,SEC);
+ OCT_joctet(&T,Y);
+ OCT_joctet(&T,R);
+ OCT_joctet(&T,W);
+
+ mhashit(sha,0,&T,H);
+}
+
+void HASH_ID(int sha,octet *ID,octet *HID)
+{
+ mhashit(sha,0,ID,HID);
+}
+
+unsign32 GET_TIME(void)
+{
+ return (unsign32)time(NULL);
+}
+
+/* AES-GCM Encryption of octets, K is key, H is header,
+ P is plaintext, C is ciphertext, T is authentication tag */
+void AES_GCM_ENCRYPT(octet *K,octet *IV,octet *H,octet *P,octet *C,octet *T)
+{
+ gcm g;
+ GCM_init(&g,K->len,K->val,IV->len,IV->val);
+ GCM_add_header(&g,H->val,H->len);
+ GCM_add_plain(&g,C->val,P->val,P->len);
+ C->len=P->len;
+ GCM_finish(&g,T->val);
+ T->len=16;
+}
+
+/* AES-GCM Decryption of octets, K is key, H is header,
+ P is plaintext, C is ciphertext, T is authentication tag */
+void AES_GCM_DECRYPT(octet *K,octet *IV,octet *H,octet *C,octet *P,octet *T)
+{
+ gcm g;
+ GCM_init(&g,K->len,K->val,IV->len,IV->val);
+ GCM_add_header(&g,H->val,H->len);
+ GCM_add_cipher(&g,P->val,C->val,C->len);
+ P->len=C->len;
+ GCM_finish(&g,T->val);
+ T->len=16;
+}
+
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/src/rand.c
----------------------------------------------------------------------
diff --git a/src/rand.c b/src/rand.c
new file mode 100644
index 0000000..e04adc0
--- /dev/null
+++ b/src/rand.c
@@ -0,0 +1,171 @@
+/*
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+*/
+
+/*
+ * Cryptographic strong random number generator
+ *
+ * Unguessable seed -> SHA -> PRNG internal state -> SHA -> random numbers
+ * Slow - but secure
+ *
+ * See ftp://ftp.rsasecurity.com/pub/pdfs/bull-1.pdf for a justification
+ */
+/* SU=m, m is Stack Usage */
+
+#include "amcl.h"
+
+/* SU= 20 */
+static unsign32 sbrand(csprng *rng)
+{
+ /* Marsaglia & Zaman random number generator */
+ int i,k;
+ unsign32 pdiff,t;
+ rng->rndptr++;
+ if (rng->rndptr<NK) return rng->ira[rng->rndptr];
+ rng->rndptr=0;
+ for (i=0,k=NK-NJ; i<NK; i++,k++)
+ {
+ /* calculate next NK values */
+ if (k==NK) k=0;
+ t=rng->ira[k];
+ pdiff=t - rng->ira[i] - rng->borrow;
+
+ if (pdiff<t) rng->borrow=0;
+ if (pdiff>t) rng->borrow=1;
+ rng->ira[i]=pdiff;
+ }
+ return rng->ira[0];
+}
+
+/* SU= 20 */
+static void sirand(csprng* rng,unsign32 seed)
+{
+ /* initialise random number system */
+ /* modified so that a subsequent call "stirs" in another seed value */
+ /* in this way as many seed bits as desired may be used */
+ int i,in;
+ unsign32 t,m=1;
+ rng->borrow=0L;
+ rng->rndptr=0;
+ rng->ira[0]^=seed;
+ for (i=1; i<NK; i++)
+ {
+ /* fill initialization vector */
+ in=(NV*i)%NK;
+ rng->ira[in]^=m; /* note XOR */
+ t=m;
+ m=seed-m;
+ seed=t;
+ }
+ for (i=0; i<10000; i++) sbrand(rng ); /* "warm-up" & stir the generator */
+}
+
+/* SU= 312 */
+static void fill_pool(csprng *rng)
+{
+ /* hash down output of RNG to re-fill the pool */
+ int i;
+ hash256 sh;
+ HASH256_init(&sh);
+ for (i=0; i<128; i++) HASH256_process(&sh,sbrand(rng));
+ HASH256_hash(&sh,rng->pool);
+ rng->pool_ptr=0;
+}
+
+static unsign32 pack(const uchar *b)
+{
+ /* pack bytes into a 32-bit Word */
+ return ((unsign32)b[3]<<24)|((unsign32)b[2]<<16)|((unsign32)b[1]<<8)|(unsign32)b[0];
+}
+
+/* SU= 360 */
+/* Initialize RNG with some real entropy from some external source */
+void RAND_seed(csprng *rng,int rawlen,char *raw)
+{
+ /* initialise from at least 128 byte string of raw *
+ * random (keyboard?) input, and 32-bit time-of-day */
+ int i;
+ char digest[32];
+ uchar b[4];
+ hash256 sh;
+ rng->pool_ptr=0;
+ for (i=0; i<NK; i++) rng->ira[i]=0;
+ if (rawlen>0)
+ {
+ HASH256_init(&sh);
+ for (i=0; i<rawlen; i++)
+ HASH256_process(&sh,raw[i]);
+ HASH256_hash(&sh,digest);
+
+ /* initialise PRNG from distilled randomness */
+
+ for (i=0; i<8; i++)
+ {
+ b[0]=digest[4*i];
+ b[1]=digest[4*i+1];
+ b[2]=digest[4*i+2];
+ b[3]=digest[4*i+3];
+ sirand(rng,pack(b));
+ }
+ }
+ fill_pool(rng);
+}
+
+/* Terminate and clean up */
+void RAND_clean(csprng *rng)
+{
+ /* kill internal state */
+ int i;
+ rng->pool_ptr=rng->rndptr=0;
+ for (i=0; i<32; i++) rng->pool[i]=0;
+ for (i=0; i<NK; i++) rng->ira[i]=0;
+ rng->borrow=0;
+}
+
+/* get random byte */
+/* SU= 8 */
+int RAND_byte(csprng *rng)
+{
+ int r;
+ r=rng->pool[rng->pool_ptr++];
+ if (rng->pool_ptr>=32) fill_pool(rng);
+ return (r&0xff);
+}
+
+/* test main program */
+/*
+#include <stdio.h>
+#include <string.h>
+
+void main()
+{
+ int i;
+ char raw[256];
+ csprng rng;
+
+ RAND_clean(&rng);
+
+
+ for (i=0;i<256;i++) raw[i]=(char)i;
+ RAND_seed(&rng,256,raw);
+
+ for (i=0;i<1000;i++)
+ printf("%02x ",(unsigned char)RAND_byte(&rng));
+}
+
+*/
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/src/randapi.c
----------------------------------------------------------------------
diff --git a/src/randapi.c b/src/randapi.c
new file mode 100644
index 0000000..9b32efb
--- /dev/null
+++ b/src/randapi.c
@@ -0,0 +1,15 @@
+#include "randapi.h"
+
+/* Initialise a Cryptographically Strong Random Number Generator from
+ an octet of raw random data */
+
+void CREATE_CSPRNG(csprng *RNG,octet *RAW)
+{
+ RAND_seed(RNG,RAW->len,RAW->val);
+}
+
+void KILL_CSPRNG(csprng *RNG)
+{
+ RAND_clean(RNG);
+}
+
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/src/rom_curve_ANSSI.c
----------------------------------------------------------------------
diff --git a/src/rom_curve_ANSSI.c b/src/rom_curve_ANSSI.c
new file mode 100644
index 0000000..6448210
--- /dev/null
+++ b/src/rom_curve_ANSSI.c
@@ -0,0 +1,34 @@
+#include "arch.h"
+#include "ecp_ANSSI.h"
+
+/* ANSSI Curve */
+
+#if CHUNK==16
+
+#error Not supported
+
+#endif
+
+#if CHUNK==32
+
+const int CURVE_Cof_I_ANSSI= 1;
+const BIG_256_28 CURVE_Cof_ANSSI= {0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
+const int CURVE_A_ANSSI= -3;
+const int CURVE_B_I_ANSSI= 0;
+const BIG_256_28 CURVE_B_ANSSI= {0xB7BB73F,0x75ED967,0x1A18030,0xC9AE4B,0xFDFEC,0x754A44C,0xD4ABA,0x5428A93,0xE353FCA,0xE};
+const BIG_256_28 CURVE_Order_ANSSI= {0x6D655E1,0xFDD459C,0x2BF941F,0x67E140D,0x35B53DC,0xE8CE424,0xF10126D,0xB3AD58,0x1FD178C,0xF};
+const BIG_256_28 CURVE_Gx_ANSSI= {0x98F5CFF,0xC97A2DD,0x8B70164,0xD2DCAF9,0x3958C27,0x4749D42,0xB31183D,0x56C139E,0x6B3D4C3,0xB};
+const BIG_256_28 CURVE_Gy_ANSSI= {0x4062CFB,0x115A155,0x4C9E183,0xC307E8E,0xF8C2701,0xF0F3ECE,0x11F9271,0xC8B2049,0x142E0F7,0x6};
+#endif
+
+#if CHUNK==64
+
+const int CURVE_Cof_I_ANSSI= 1;
+const BIG_256_56 CURVE_Cof_ANSSI= {0x1L,0x0L,0x0L,0x0L,0x0L};
+const int CURVE_A_ANSSI= -3;
+const int CURVE_B_I_ANSSI= 0;
+const BIG_256_56 CURVE_B_ANSSI= {0x75ED967B7BB73FL,0xC9AE4B1A18030L,0x754A44C00FDFECL,0x5428A9300D4ABAL,0xEE353FCAL};
+const BIG_256_56 CURVE_Order_ANSSI= {0xFDD459C6D655E1L,0x67E140D2BF941FL,0xE8CE42435B53DCL,0xB3AD58F10126DL,0xF1FD178CL};
+const BIG_256_56 CURVE_Gx_ANSSI= {0xC97A2DD98F5CFFL,0xD2DCAF98B70164L,0x4749D423958C27L,0x56C139EB31183DL,0xB6B3D4C3L};
+const BIG_256_56 CURVE_Gy_ANSSI= {0x115A1554062CFBL,0xC307E8E4C9E183L,0xF0F3ECEF8C2701L,0xC8B204911F9271L,0x6142E0F7L};
+#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/src/rom_curve_BLS24.c
----------------------------------------------------------------------
diff --git a/src/rom_curve_BLS24.c b/src/rom_curve_BLS24.c
new file mode 100644
index 0000000..b11332c
--- /dev/null
+++ b/src/rom_curve_BLS24.c
@@ -0,0 +1,64 @@
+#include "arch.h"
+#include "ecp_BLS24.h"
+
+/* Curve BLS24 - Pairing friendly BLS24 curve */
+
+#if CHUNK==16
+
+#error Not supported
+
+#endif
+
+#if CHUNK==32
+// Base Bits= 29
+const int CURVE_Cof_I_BLS24= 0;
+const int CURVE_A_BLS24= 0;
+const int CURVE_B_I_BLS24= 19;
+const BIG_480_29 CURVE_B_BLS24= {0x13,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
+const BIG_480_29 CURVE_Order_BLS24= {0x10000001,0xD047FF,0x1FD54464,0x1E3CE067,0xE322DDA,0x1D356F3F,0x7433B44,0x49091F9,0x1729CC2,0x250286C,0x16E62ED,0xB403E1E,0x1001000,0x80,0x0,0x0,0x0};
+const BIG_480_29 CURVE_Gx_BLS24= {0xBE3CCD4,0x33B07AF,0x1B67D159,0x3DFC5B5,0xEBA1FCC,0x1A3C1F84,0x56BE204,0xEF8DF1B,0x11AE2D84,0x5FEE546,0x161B3BF9,0x183B20EE,0x1EA5D99B,0x14F0C5BF,0xBE521B7,0x17C682F9,0x1AB2};
+const BIG_480_29 CURVE_Gy_BLS24= {0x121E5245,0x65D2E56,0x11577DB1,0x16DACC11,0x14F39746,0x459F694,0x12483FCF,0xC828B04,0xFD63E5A,0x7B1D52,0xAFDE738,0xF349254,0x1A4529FF,0x10E53353,0xF91DEE1,0x16E18D8A,0x47FC};
+
+const BIG_480_29 CURVE_Bnx_BLS24= {0x11FF80,0x80010,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
+const BIG_480_29 CURVE_Cof_BLS24= {0x19F415AB,0x1E0FFDFF,0x15AAADFF,0xAA,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
+const BIG_480_29 CURVE_Cru_BLS24= {0xDD794A9,0x1DE138A3,0x2BCCE90,0xC746127,0x15223DDC,0x1DD8890B,0xED08DB7,0xE24B9F,0xE379CE6,0x37011AC,0x11BAC820,0x1EEFAD01,0x200860F,0x147218A6,0xF16A209,0xF0079,0x555C};
+const BIG_480_29 CURVE_Pxaa_BLS24= {0x14E24678,0x1F149A9B,0x9609022,0x1C186868,0xCDEFC69,0x1C87BB2E,0x14A2235F,0x7586755,0x5896747,0x159BFE92,0x3B5572E,0x1710A521,0x71EB14A,0xC643C33,0x12581DE5,0x1BCA747D,0x959};
+const BIG_480_29 CURVE_Pxab_BLS24= {0x1FB099B8,0x3FCF5D7,0x4A91C0E,0xC6EEB40,0x11FC2385,0x11B5AE8D,0x1A9CC3E7,0x194FE144,0x185DB2A5,0x930E1C7,0x14F85F9A,0x1F2ED4E,0x1D1BE5AD,0xF26169C,0xCF7F194,0x1DA1062E,0x3B0D};
+const BIG_480_29 CURVE_Pxba_BLS24= {0x11AD15D3,0xD0E6F38,0x17DB85BB,0x30A62F1,0x1EA3E09A,0x17B25FA1,0x1B7959AC,0x1165B19A,0x6C74FDB,0x18F790E1,0x12278FDA,0x1E008F79,0x103F329,0x14619FF1,0x1EBCAA8,0xFF5A9CA,0x3EC2};
+const BIG_480_29 CURVE_Pxbb_BLS24= {0x1EE0F480,0x3D5943A,0xF5B12E3,0x128AADC8,0x180E1CB9,0x1EFD916F,0x48BC7F,0x1D5EE1FA,0x5698EF5,0x11D6AED9,0x1386BC6E,0x196E900B,0x1CE2E465,0xC2A8ED3,0x1E67DF99,0x71B7940,0xA5B};
+const BIG_480_29 CURVE_Pyaa_BLS24= {0x14781AA0,0xC324C98,0xEDC2AC,0x16C13B46,0x145FC44B,0x12529530,0x1310A8C4,0x1768C5C0,0xE19AE68,0x56E1C1D,0x13DAF93F,0x17E94366,0xF901AD0,0x76800CC,0x10250D8B,0x1E6BAE6D,0x5057};
+const BIG_480_29 CURVE_Pyab_BLS24= {0xEAE08FA,0xDDF62BF,0xA97E5AB,0xF0EE97,0x99A42CA,0x1C326578,0xF33DC11,0x8B913F7,0xFEF8552,0x19F35B90,0x58DDBDE,0xFC32FF2,0x1587B5DF,0xB5EB07A,0x1A258DE0,0x1692CC3D,0x2CE2};
+const BIG_480_29 CURVE_Pyba_BLS24= {0x5F0CC41,0xB9813B5,0x14C2A87D,0xFF1264A,0x19AF8A14,0x6CE6C3,0x2A7F8A2,0x121DCA7D,0x7D37153,0x19D21078,0x15466DC7,0x1362982B,0x1DD3CB5B,0x1CFC0D1C,0x18C69AF8,0x8CC7DC,0x1807};
+const BIG_480_29 CURVE_Pybb_BLS24= {0x115C1CAE,0x78D9732,0x16C26237,0x5A81A6A,0x1C38A777,0x56121FE,0x4DAD9D7,0x1BEBA670,0xA1D72FC,0xD60B274,0x19734258,0x1D621775,0x4691771,0x14206B68,0x17B22DE4,0x29D5B37,0x499D};
+const BIG_480_29 CURVE_W_BLS24[2]= {{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}};
+const BIG_480_29 CURVE_SB_BLS24[2][2]= {{{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}}};
+const BIG_480_29 CURVE_WB_BLS24[4]= {{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}};
+const BIG_480_29 CURVE_BB_BLS24[4][4]= {{{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0
,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}}};
+#endif
+
+#if CHUNK==64
+// Base Bits= 56
+const int CURVE_Cof_I_BLS24= 0;
+const int CURVE_A_BLS24= 0;
+const int CURVE_B_I_BLS24= 19;
+const BIG_480_56 CURVE_B_BLS24= {0x13L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L};
+const BIG_480_56 CURVE_Order_BLS24= {0x1A08FFF0000001L,0x1E7033FF551190L,0x6ADE7EE322DDAFL,0x848FC9D0CED13AL,0x50D81729CC224L,0x1F0F05B98BB44AL,0x10010010005A0L,0x0L,0x0L};
+const BIG_480_56 CURVE_Gx_BLS24= {0x6760F5EBE3CCD4L,0xEFE2DAED9F4564L,0x783F08EBA1FCC1L,0xC6F8D95AF88134L,0xDCA8D1AE2D8477L,0x9077586CEFE4BFL,0x8B7FEA5D99BC1DL,0x17CAF9486DE9E1L,0x1AB2BE34L};
+const BIG_480_56 CURVE_Gy_BLS24= {0xCBA5CAD21E5245L,0x6D6608C55DF6C4L,0xB3ED294F39746BL,0x145824920FF3C8L,0x63AA4FD63E5A64L,0x492A2BF79CE00FL,0x66A7A4529FF79AL,0x6C53E477B861CAL,0x47FCB70CL};
+
+const BIG_480_56 CURVE_Bnx_BLS24= {0x100020011FF80L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L};
+const BIG_480_56 CURVE_Cof_BLS24= {0xC1FFBFF9F415ABL,0x5556AAB7FFL,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L};
+const BIG_480_56 CURVE_Cru_BLS24= {0xBC27146DD794A9L,0x3A30938AF33A43L,0xB112175223DDC6L,0x125CFBB4236DFBL,0x2358E379CE607L,0xD680C6EB20806EL,0x314C200860FF77L,0x3CBC5A88268E4L,0x555C0078L};
+const BIG_480_56 CURVE_Pxaa_BLS24= {0xE2935374E24678L,0xC34342582408BL,0xF765CCDEFC69EL,0xC33AAD2888D7F9L,0x7FD2458967473AL,0x52908ED55CBAB3L,0x786671EB14AB88L,0xA3EC96077958C8L,0x959DE53L};
+const BIG_480_56 CURVE_Pxab_BLS24= {0x7F9EBAFFB099B8L,0x3775A012A47038L,0x6B5D1B1FC23856L,0x7F0A26A730F9E3L,0x1C38F85DB2A5CAL,0x76A753E17E6926L,0x2D39D1BE5AD0F9L,0x31733DFC651E4CL,0x3B0DED08L};
+const BIG_480_56 CURVE_Pxba_BLS24= {0xA1CDE711AD15D3L,0x853178DF6E16EDL,0x64BF43EA3E09A1L,0x2D8CD6DE566B2FL,0xF21C26C74FDB8BL,0x47BCC89E3F6B1EL,0x3FE2103F329F00L,0x4E507AF2AA28C3L,0x3EC27FADL};
+const BIG_480_56 CURVE_Pxbb_BLS24= {0x7AB2875EE0F480L,0x4556E43D6C4B8CL,0xFB22DF80E1CB99L,0xF70FD0122F1FFDL,0xD5DB25698EF5EAL,0x4805CE1AF1BA3AL,0x1DA7CE2E465CB7L,0xCA0799F7E65855L,0xA5B38DBL};
+const BIG_480_56 CURVE_Pyaa_BLS24= {0x86499314781AA0L,0x609DA303B70AB1L,0xA52A6145FC44BBL,0x462E04C42A3124L,0xC383AE19AE68BBL,0xA1B34F6BE4FCADL,0x198F901AD0BF4L,0x736C094362CED0L,0x5057F35DL};
+const BIG_480_56 CURVE_Pyab_BLS24= {0xBBEC57EEAE08FAL,0x78774BAA5F96ADL,0x64CAF099A42CA0L,0xC89FBBCCF70478L,0x6B720FEF855245L,0x97F916376F7B3EL,0x60F5587B5DF7E1L,0x61EE89637816BDL,0x2CE2B496L};
+const BIG_480_56 CURVE_Pyba_BLS24= {0x730276A5F0CC41L,0xF89325530AA1F5L,0xD9CD879AF8A147L,0xEE53E8A9FE2880L,0x420F07D3715390L,0x4C15D519B71F3AL,0x1A39DD3CB5B9B1L,0x3EE631A6BE39F8L,0x18070466L};
+const BIG_480_56 CURVE_Pybb_BLS24= {0xF1B2E6515C1CAEL,0xD40D355B0988DCL,0xC243FDC38A7772L,0x5D338136B675CAL,0x164E8A1D72FCDFL,0xBBAE5CD0961ACL,0xD6D04691771EB1L,0xD9BDEC8B792840L,0x499D14EAL};
+const BIG_480_56 CURVE_W_BLS24[2]= {{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}};
+const BIG_480_56 CURVE_SB_BLS24[2][2]= {{{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}},{{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}}};
+const BIG_480_56 CURVE_WB_BLS24[4]= {{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}};
+const BIG_480_56 CURVE_BB_BLS24[4][4]= {{{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}},{{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}},{{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}},{{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}}};
+#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/src/rom_curve_BLS381.c
----------------------------------------------------------------------
diff --git a/src/rom_curve_BLS381.c b/src/rom_curve_BLS381.c
new file mode 100644
index 0000000..23a7f44
--- /dev/null
+++ b/src/rom_curve_BLS381.c
@@ -0,0 +1,56 @@
+#include "arch.h"
+#include "ecp_BLS381.h"
+
+/* Curve BLS381 - Pairing friendly BLS curve */
+
+#if CHUNK==16
+
+#error Not supported
+
+#endif
+
+#if CHUNK==32
+
+const int CURVE_Cof_I_BLS381= 0;
+const int CURVE_A_BLS381= 0;
+const int CURVE_B_I_BLS381= 4;
+const BIG_384_29 CURVE_B_BLS381= {0x4,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
+const BIG_384_29 CURVE_Order_BLS381= {0x1,0x1FFFFFF8,0x1F96FFBF,0x1B4805FF,0x1D80553B,0xC0404D0,0x1520CCE7,0xA6533AF,0x73EDA7,0x0,0x0,0x0,0x0,0x0};
+const BIG_384_29 CURVE_Gx_BLS381= {0x1B22C6BB,0x19D78056,0x1E86BBFE,0xBD07FF2,0x1AC586C5,0x1D1F8B8D,0x4168538,0x9F2EE97,0xFC3688C,0x27D4D60,0x9A558E3,0x32FAF28,0x1F1D3A73,0xB};
+const BIG_384_29 CURVE_Gy_BLS381= {0x6C5E7E1,0x551194A,0x222B903,0x198E8945,0xB3EDD03,0xC659602,0xBD8036C,0x12BABA01,0x4FCF5E0,0xBA0EC57,0x8278C3B,0x75541E3,0xB3F481E,0x4};
+
+const BIG_384_29 CURVE_Bnx_BLS381= {0x10000,0x10080000,0x34,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
+const BIG_384_29 CURVE_Cof_BLS381= {0xAAAB,0x55558,0x157855A3,0x191800AA,0x396,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
+const BIG_384_29 CURVE_Cru_BLS381= {0x1FFEFFFE,0x100FFFFF,0x280008B,0xFB026C4,0x9688DE1,0x149DF37C,0x1FAB76CE,0xED41EE,0x11BA69C6,0x1EFBB672,0x17C659CB,0x0,0x0,0x0};
+const BIG_384_29 CURVE_Pxa_BLS381= {0x121BDB8,0x402B646,0x16EFBF5,0x18064D50,0x1D1770BA,0x5B23D71,0xC0AD144,0x1A9F4807,0x11C6E47A,0x196E2882,0x9820149,0x11E1522,0x4AA2B2F,0x1};
+const BIG_384_29 CURVE_Pxb_BLS381= {0x1D042B7E,0xD63E82A,0x51755F9,0x19E22427,0x15049334,0x10DDEE3F,0x186AD769,0x1A132416,0x5596BD0,0x4413A7B,0x1F6B34E8,0x4E33EC0,0x1E02B605,0x9};
+const BIG_384_29 CURVE_Pya_BLS381= {0x8B82801,0xC9AA430,0xB28A278,0x15939877,0xD12C923,0xD34A8B0,0xE9DB50A,0x155197BA,0x1AADFD9B,0x16D171A8,0x3327371,0x4FADC23,0xE5D5277,0x6};
+const BIG_384_29 CURVE_Pyb_BLS381= {0x105F79BE,0x15483AFF,0x1B07686A,0xE1A4EB9,0x99AB3F3,0x955AB97,0xEBC99D2,0xFD0B4EC,0x19CB3E28,0x15E145C,0xCAB34AC,0x1D4E6998,0x6C4A02,0x3};
+const BIG_384_29 CURVE_W_BLS381[2]= {{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}};
+const BIG_384_29 CURVE_SB_BLS381[2][2]= {{{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}}};
+const BIG_384_29 CURVE_WB_BLS381[4]= {{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}};
+const BIG_384_29 CURVE_BB_BLS381[4][4]= {{{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}}};
+#endif
+
+#if CHUNK==64
+
+const int CURVE_Cof_I_BLS381= 0;
+const int CURVE_A_BLS381= 0;
+const int CURVE_B_I_BLS381= 4;
+const BIG_384_58 CURVE_B_BLS381= {0x4L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L};
+const BIG_384_58 CURVE_Order_BLS381= {0x3FFFFFF00000001L,0x36900BFFF96FFBFL,0x180809A1D80553BL,0x14CA675F520CCE7L,0x73EDA7L,0x0L,0x0L};
+const BIG_384_58 CURVE_Gx_BLS381= {0x33AF00ADB22C6BBL,0x17A0FFE5E86BBFEL,0x3A3F171BAC586C5L,0x13E5DD2E4168538L,0x4FA9AC0FC3688CL,0x65F5E509A558E3L,0x17F1D3A73L};
+const BIG_384_58 CURVE_Gy_BLS381= {0xAA232946C5E7E1L,0x331D128A222B903L,0x18CB2C04B3EDD03L,0x25757402BD8036CL,0x1741D8AE4FCF5E0L,0xEAA83C68278C3BL,0x8B3F481EL};
+
+const BIG_384_58 CURVE_Bnx_BLS381= {0x201000000010000L,0x34L,0x0L,0x0L,0x0L,0x0L,0x0L};
+const BIG_384_58 CURVE_Cof_BLS381= {0xAAAB0000AAABL,0x3230015557855A3L,0x396L,0x0L,0x0L,0x0L,0x0L};
+const BIG_384_58 CURVE_Cru_BLS381= {0x201FFFFFFFEFFFEL,0x1F604D88280008BL,0x293BE6F89688DE1L,0x1DA83DDFAB76CEL,0x3DF76CE51BA69C6L,0x17C659CBL,0x0L};
+const BIG_384_58 CURVE_Pxa_BLS381= {0x8056C8C121BDB8L,0x300C9AA016EFBF5L,0xB647AE3D1770BAL,0x353E900EC0AD144L,0x32DC51051C6E47AL,0x23C2A449820149L,0x24AA2B2FL};
+const BIG_384_58 CURVE_Pxb_BLS381= {0x1AC7D055D042B7EL,0x33C4484E51755F9L,0x21BBDC7F5049334L,0x3426482D86AD769L,0x88274F65596BD0L,0x9C67D81F6B34E8L,0x13E02B605L};
+const BIG_384_58 CURVE_Pya_BLS381= {0x193548608B82801L,0x2B2730EEB28A278L,0x1A695160D12C923L,0x2AA32F74E9DB50AL,0x2DA2E351AADFD9BL,0x9F5B8463327371L,0xCE5D5277L};
+const BIG_384_58 CURVE_Pyb_BLS381= {0x2A9075FF05F79BEL,0x1C349D73B07686AL,0x12AB572E99AB3F3L,0x1FA169D8EBC99D2L,0x2BC28B99CB3E28L,0x3A9CD330CAB34ACL,0x606C4A02L};
+const BIG_384_58 CURVE_W_BLS381[2]= {{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}};
+const BIG_384_58 CURVE_SB_BLS381[2][2]= {{{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}},{{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}}};
+const BIG_384_58 CURVE_WB_BLS381[4]= {{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}};
+const BIG_384_58 CURVE_BB_BLS381[4][4]= {{{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}},{{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}},{{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}},{{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}}};
+#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/src/rom_curve_BLS383.c
----------------------------------------------------------------------
diff --git a/src/rom_curve_BLS383.c b/src/rom_curve_BLS383.c
new file mode 100644
index 0000000..4178f0d
--- /dev/null
+++ b/src/rom_curve_BLS383.c
@@ -0,0 +1,56 @@
+#include "arch.h"
+#include "ecp_BLS383.h"
+
+/* Curve BLS383 - Pairing friendly BLS curve */
+
+#if CHUNK==16
+
+#error Not supported
+
+#endif
+
+#if CHUNK==32
+// Base Bits= 29
+const int CURVE_A_BLS383= 0;
+const int CURVE_Cof_I_BLS383= 0;
+const BIG_384_29 CURVE_Cof_BLS383= {0x15169EAB,0xA82AB0A,0xAAEFFED,0x15558001,0x555,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
+const int CURVE_B_I_BLS383= 15;
+const BIG_384_29 CURVE_B_BLS383= {0xF,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
+const BIG_384_29 CURVE_Order_BLS383= {0x1EBC0001,0x1904CF5F,0x834E5CE,0xBE12B42,0xB381DE0,0xE40B4C,0x270110,0x10018017,0x1002001,0x0,0x0,0x0,0x0,0x0};
+const BIG_384_29 CURVE_Gx_BLS383= {0x8734573,0x623B9C8,0x1D1DC11E,0xBB7E107,0x1E3445C5,0x1D6C2578,0x10B0BE1E,0xED6103E,0x10F31D9F,0x296ED82,0x18E0D7D0,0x12F3D9C9,0x1FCBA55B,0x20};
+const BIG_384_29 CURVE_Gy_BLS383= {0x3F224,0x968B2F4,0x1FE63F48,0xFA93D90,0x14D2DDE5,0x54A56F5,0x12441D4C,0x18CD76C8,0x199D0DAD,0xE18E236,0x92BA73,0x99F6600,0x8F16727,0x3};
+
+const BIG_384_29 CURVE_Bnx_BLS383= {0x1001200,0x400000,0x40,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
+const BIG_384_29 CURVE_Cru_BLS383= {0xEAAC2A9,0x61B3A81,0x17D974B7,0xBED0345,0xA341BC2,0x17A51A6F,0x5738948,0x69B7BAE,0x14605445,0x374A43,0x8116AD1,0x956DD69,0x16556956,0x2A};
+const BIG_384_29 CURVE_Pxa_BLS383= {0xD7F2D86,0x1E59DB1,0x17474F85,0x1FB56CF2,0x572EE81,0xE487AB1,0x96F51FC,0x190A5AAE,0x6432501,0x13E58F3A,0x101E6425,0xFD807D1,0x34D2240,0x3};
+const BIG_384_29 CURVE_Pxb_BLS383= {0x452DE15,0x1ECF20F6,0x1FF9837B,0x95651AA,0xD5D75B5,0x5D44749,0x12277F66,0x1DB3A0B9,0x1D24F498,0x19441B0E,0x1CDE9DC5,0x2C975,0xD78006,0x18};
+const BIG_384_29 CURVE_Pya_BLS383= {0x1408CB41,0x34785DC,0x3586597,0x13DBC9E4,0x1A2E75B4,0x1D65489,0xCF9A25E,0x1ACE7933,0x1B6E990E,0x19FF31A3,0x12527615,0x1A44A68F,0x1792CF93,0x19};
+const BIG_384_29 CURVE_Pyb_BLS383= {0x1F479093,0x16C2321B,0x1889218E,0x87961BC,0x1BC98B01,0x197A24FB,0xA3DEBC2,0x88D67DF,0x1CE0D,0x1E8AD3D7,0x93B9EE9,0x59B18D6,0xE5247DD,0x10};
+const BIG_384_29 CURVE_W_BLS383[2]= {{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}};
+const BIG_384_29 CURVE_SB_BLS383[2][2]= {{{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}}};
+const BIG_384_29 CURVE_WB_BLS383[4]= {{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}};
+const BIG_384_29 CURVE_BB_BLS383[4][4]= {{{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}}};
+#endif
+
+#if CHUNK==64
+// Base Bits= 58
+const int CURVE_A_BLS383= 0;
+const int CURVE_Cof_I_BLS383= 0;
+const BIG_384_58 CURVE_Cof_BLS383= {0x150556155169EABL,0x2AAB0002AAEFFEDL,0x555L,0x0L,0x0L,0x0L,0x0L};
+const int CURVE_B_I_BLS383= 15;
+const BIG_384_58 CURVE_B_BLS383= {0xFL,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L};
+const BIG_384_58 CURVE_Order_BLS383= {0x32099EBFEBC0001L,0x17C25684834E5CEL,0x1C81698B381DE0L,0x2003002E0270110L,0x1002001L,0x0L,0x0L};
+const BIG_384_58 CURVE_Gx_BLS383= {0xC4773908734573L,0x176FC20FD1DC11EL,0x3AD84AF1E3445C5L,0x1DAC207D0B0BE1EL,0x52DDB050F31D9FL,0x25E7B3938E0D7D0L,0x41FCBA55BL};
+const BIG_384_58 CURVE_Gy_BLS383= {0x12D165E8003F224L,0x1F527B21FE63F48L,0xA94ADEB4D2DDE5L,0x319AED912441D4CL,0x1C31C46D99D0DADL,0x133ECC00092BA73L,0x68F16727L};
+
+const BIG_384_58 CURVE_Bnx_BLS383= {0x8000001001200L,0x40L,0x0L,0x0L,0x0L,0x0L,0x0L};
+const BIG_384_58 CURVE_Cru_BLS383= {0xC367502EAAC2A9L,0x17DA068B7D974B7L,0x2F4A34DEA341BC2L,0xD36F75C5738948L,0x6E94874605445L,0x12ADBAD28116AD1L,0x556556956L};
+const BIG_384_58 CURVE_Pxa_BLS383= {0x3CB3B62D7F2D86L,0x3F6AD9E57474F85L,0x1C90F562572EE81L,0x3214B55C96F51FCL,0x27CB1E746432501L,0x1FB00FA301E6425L,0x634D2240L};
+const BIG_384_58 CURVE_Pxb_BLS383= {0x3D9E41EC452DE15L,0x12ACA355FF9837BL,0xBA88E92D5D75B5L,0x3B6741732277F66L,0x3288361DD24F498L,0x592EBCDE9DC5L,0x300D78006L};
+const BIG_384_58 CURVE_Pya_BLS383= {0x68F0BB9408CB41L,0x27B793C83586597L,0x3ACA913A2E75B4L,0x359CF266CF9A25EL,0x33FE6347B6E990EL,0x34894D1F2527615L,0x33792CF93L};
+const BIG_384_58 CURVE_Pyb_BLS383= {0x2D846437F479093L,0x10F2C379889218EL,0x32F449F7BC98B01L,0x111ACFBEA3DEBC2L,0x3D15A7AE001CE0DL,0xB3631AC93B9EE9L,0x20E5247DDL};
+const BIG_384_58 CURVE_W_BLS383[2]= {{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}};
+const BIG_384_58 CURVE_SB_BLS383[2][2]= {{{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}},{{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}}};
+const BIG_384_58 CURVE_WB_BLS383[4]= {{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}};
+const BIG_384_58 CURVE_BB_BLS383[4][4]= {{{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}},{{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}},{{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}},{{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}}};
+#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/src/rom_curve_BLS461.c
----------------------------------------------------------------------
diff --git a/src/rom_curve_BLS461.c b/src/rom_curve_BLS461.c
new file mode 100644
index 0000000..0dedf32
--- /dev/null
+++ b/src/rom_curve_BLS461.c
@@ -0,0 +1,56 @@
+#include "arch.h"
+#include "ecp_BLS461.h"
+
+/* Curve BLS383 - Pairing friendly BLS curve */
+
+#if CHUNK==16
+
+#error Not supported
+
+#endif
+
+#if CHUNK==32
+
+const int CURVE_Cof_I_BLS461= 0;
+const int CURVE_A_BLS461= 0;
+const int CURVE_B_I_BLS461= 9;
+const BIG_464_28 CURVE_B_BLS461= {0x9,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
+const BIG_464_28 CURVE_Order_BLS461= {0x1,0x0,0xFFFFC00,0x7FEFFFE,0x110000,0x7FFC800,0x801FC01,0x5FD000E,0x17FE0,0xFFFC018,0xFFFFFF7,0x0,0x0,0x0,0x0,0x0,0x0};
+const BIG_464_28 CURVE_Gx_BLS461= {0xADEE93D,0x4D026A8,0x74B7411,0xD9C00EE,0x31AC7F2,0xC3981B5,0x9218229,0xD3564DC,0xA096650,0x6F7C292,0x9743616,0xBE922B1,0x12CF668,0xC81327,0x463B73A,0xE74E99B,0xAD0};
+const BIG_464_28 CURVE_Gy_BLS461= {0xAD1D465,0xF763157,0xC4FF470,0x17884C8,0xB8D215D,0xA819E66,0xF4959D0,0xE5C3245,0xB84910A,0xB8BFA40,0xBE96EEC,0x8BF9F8C,0xF277ACC,0x5F1C3F2,0x5F68C9,0xCDB14B3,0x77B};
+
+const BIG_464_28 CURVE_Bnx_BLS461= {0x0,0xFBFFFE0,0x1FFFFF,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
+const BIG_464_28 CURVE_Cof_BLS461= {0xAAAAAAB,0xA7FFFEA,0x1556AA,0xD55AAAB,0x554FFFF,0x1555,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
+const BIG_464_28 CURVE_Cru_BLS461= {0xFFFFFFE,0x40001F,0xFE00000,0xFFE7FFF,0xF0FFF6F,0x7200C47,0x7BCC604,0x15796DB,0xCF47771,0x9875433,0x613F0E8,0x5000502,0xEBFFF60,0x1FFFFF,0x0,0x0,0x0};
+const BIG_464_28 CURVE_Pxa_BLS461= {0x6D0A37C,0x5B50318,0x75DCC46,0xC2E492E,0xD6878A9,0xE01F919,0xF92F564,0x86DB74F,0x66803F0,0x46D581A,0x7ED78D,0x2F97C29,0xC270C89,0xF679453,0x6A50A9A,0x54138A0,0x10CC};
+const BIG_464_28 CURVE_Pxb_BLS461= {0x2C1C0AD,0xF85CA8C,0x25CADE9,0x6CD66C4,0xA289609,0xC612951,0xEE2401A,0x529ABEB,0xF65B17D,0xBA09D33,0xD4C5AF5,0x4D4371E,0x46A672E,0xA279D22,0xACEA37C,0x1FB4FE5,0x95C};
+const BIG_464_28 CURVE_Pya_BLS461= {0x2FB006,0xCCD0C1B,0xA12A337,0x3D194A4,0xC92C895,0x4960CFC,0x39FC68B,0x3A9B00F,0xED1BA0F,0xA7DBBC5,0xA9CDFD8,0x27CC2F7,0x4E73ED2,0x6070F4F,0xEBA7E67,0xAC848E7,0x226};
+const BIG_464_28 CURVE_Pyb_BLS461= {0xDF1457C,0xA506ADF,0x4C20A8,0xD6A31DC,0x36E3FB4,0xEA9A8F1,0x92F5668,0x3C3BE44,0x67A1297,0x74BEABA,0x56A20BE,0x4C42E38,0x45157F0,0x2AB1D00,0xBB402EA,0x101B4FA,0xE38};
+const BIG_464_28 CURVE_W_BLS461[2]= {{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}};
+const BIG_464_28 CURVE_SB_BLS461[2][2]= {{{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}}};
+const BIG_464_28 CURVE_WB_BLS461[4]= {{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}};
+const BIG_464_28 CURVE_BB_BLS461[4][4]= {{{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x
0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}}};
+#endif
+
+#if CHUNK==64
+
+const int CURVE_Cof_I_BLS461= 0;
+const int CURVE_A_BLS461= 0;
+const int CURVE_B_I_BLS461= 9;
+const BIG_464_60 CURVE_B_BLS461= {0x9L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L};
+const BIG_464_60 CURVE_Order_BLS461= {0x1L,0x7FEFFFEFFFFC0L,0xC017FFC80001100L,0x7FE05FD000E801FL,0xFFFF7FFFC018001L,0xFFL,0x0L,0x0L};
+const BIG_464_60 CURVE_Gx_BLS461= {0x14D026A8ADEE93DL,0xF2D9C00EE74B741L,0x229C3981B531AC7L,0x6650D3564DC9218L,0x436166F7C292A09L,0x2CF668BE922B197L,0x463B73A0C813271L,0xAD0E74E99BL};
+const BIG_464_60 CURVE_Gy_BLS461= {0xF763157AD1D465L,0x5D17884C8C4FF47L,0x9D0A819E66B8D21L,0x910AE5C3245F495L,0x96EECB8BFA40B84L,0x277ACC8BF9F8CBEL,0x5F68C95F1C3F2FL,0x77BCDB14B3L};
+
+const BIG_464_60 CURVE_Bnx_BLS461= {0xFFBFFFE00000000L,0x1FFFFL,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L};
+const BIG_464_60 CURVE_Cof_BLS461= {0xAA7FFFEAAAAAAABL,0xFFD55AAAB01556AL,0x1555554FFL,0x0L,0x0L,0x0L,0x0L,0x0L};
+const BIG_464_60 CURVE_Cru_BLS461= {0x40001FFFFFFFEL,0x6FFFE7FFFFE0000L,0x6047200C47F0FFFL,0x777115796DB7BCCL,0x3F0E89875433CF4L,0xBFFF60500050261L,0x1FFFFFEL,0x0L};
+const BIG_464_60 CURVE_Pxa_BLS461= {0x65B503186D0A37CL,0xA9C2E492E75DCC4L,0x564E01F919D6878L,0x3F086DB74FF92FL,0xED78D46D581A668L,0x270C892F97C2907L,0x6A50A9AF679453CL,0x10CC54138A0L};
+const BIG_464_60 CURVE_Pxb_BLS461= {0x9F85CA8C2C1C0ADL,0x96CD66C425CADEL,0x1AC612951A2896L,0xB17D529ABEBEE24L,0xC5AF5BA09D33F65L,0x6A672E4D4371ED4L,0xACEA37CA279D224L,0x95C1FB4FE5L};
+const BIG_464_60 CURVE_Pya_BLS461= {0x7CCD0C1B02FB006L,0x953D194A4A12A33L,0x68B4960CFCC92C8L,0xBA0F3A9B00F39FCL,0xCDFD8A7DBBC5ED1L,0xE73ED227CC2F7A9L,0xEBA7E676070F4F4L,0x226AC848E7L};
+const BIG_464_60 CURVE_Pyb_BLS461= {0x8A506ADFDF1457CL,0xB4D6A31DC04C20AL,0x668EA9A8F136E3FL,0x12973C3BE4492F5L,0xA20BE74BEABA67AL,0x5157F04C42E3856L,0xBB402EA2AB1D004L,0xE38101B4FAL};
+const BIG_464_60 CURVE_W_BLS461[2]= {{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}};
+const BIG_464_60 CURVE_SB_BLS461[2][2]= {{{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}},{{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}}};
+const BIG_464_60 CURVE_WB_BLS461[4]= {{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}};
+const BIG_464_60 CURVE_BB_BLS461[4][4]= {{{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}},{{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}},{{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}},{{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}}};
+#endif