Skip to content

Commit

Permalink
fix: use max(size(s1), size(s2)) for ExpGLV
Browse files Browse the repository at this point in the history
  • Loading branch information
@ThomasPiellard
ThomasPiellard committed Sep 29, 2023
1 parent 4096ad9 commit ced3076
Show file tree
Hide file tree
Showing 6 changed files with 40 additions and 49 deletions.
15 changes: 8 additions & 7 deletions ecc/bls12-377/internal/fptower/e12.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

15 changes: 8 additions & 7 deletions ecc/bls12-378/internal/fptower/e12.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

15 changes: 8 additions & 7 deletions ecc/bls12-381/internal/fptower/e12.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

15 changes: 8 additions & 7 deletions ecc/bn254/internal/fptower/e12.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

14 changes: 0 additions & 14 deletions ecc/utils.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -138,20 +138,6 @@ func PrecomputeLattice(r, lambda *big.Int, res *Lattice) {
// ker((a,b) → a+b.λ[r]): then (u,v)=w-(s,0), and
// u+v.λ=s[r].
// cf https://www.iacr.org/archive/crypto2001/21390189.pdf
func SplitScalarBig(s *big.Int, l *Lattice) [2]big.Int {

var k1, k2 big.Int
k1.Mul(&l.V2[1], s)
k2.Mul(&l.V1[1], s).Neg(&k2)
rounding(&k1, &l.Det, &k1)
rounding(&k2, &l.Det, &k2)

v := getVector(l, &k1, &k2)
v[0].Sub(s, &v[0])
v[1].Neg(&v[1])
return v
}

func SplitScalar(s *big.Int, l *Lattice) [2]big.Int {

var k1, k2 big.Int
Expand Down
15 changes: 8 additions & 7 deletions internal/generator/tower/template/fq12over6over2/fq12.go.tmpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -556,12 +556,7 @@ func (z *E12) ExpGLV(x E12, k *big.Int) *E12 {
table[3].Frobenius(&x)

// split the scalar, modifies ±x, Frob(x) accordingly
var s [2]big.Int
if e.Cmp(fr.Modulus()) != -1 {
s = ecc.SplitScalarBig(e, &glvBasis)
} else {
s = ecc.SplitScalar(e, &glvBasis)
}
s := ecc.SplitScalar(e, &glvBasis)

if s[0].Sign() == -1 {
s[0].Neg(&s[0])
Expand Down Expand Up @@ -592,8 +587,14 @@ func (z *E12) ExpGLV(x E12, k *big.Int) *E12 {
s1 = s1.SetBigInt(&s[0]).Bits()
s2 = s2.SetBigInt(&s[1]).Bits()

maxBit := s1.BitLen()
if s2.BitLen() > maxBit {
maxBit = s2.BitLen()
}
hiWordIndex := (maxBit - 1) / 64

// loop starts from len(s1)/2 due to the bounds
for i := len(s1) / 2; i >= 0; i-- {
for i := hiWordIndex ; i >= 0; i-- {
mask := uint64(3) << 62
for j := 0; j < 32; j++ {
res.CyclotomicSquare(&res).CyclotomicSquare(&res)
Expand Down

0 comments on commit ced3076

Please sign in to comment.