|
| | element () noexcept=default |
| |
| constexpr | element (const Fq &a, const Fq &b, const Fq &c) noexcept |
| |
| constexpr | element (const element &other) noexcept |
| |
| constexpr | element (element &&other) noexcept |
| |
| constexpr | element (const affine_element< Fq, Fr, Params > &other) noexcept |
| |
| | ~element () noexcept=default |
| |
| constexpr element & | operator= (const element &other) noexcept |
| |
| constexpr element & | operator= (element &&other) noexcept |
| |
| constexpr | operator affine_element< Fq, Fr, Params > () const noexcept |
| |
| constexpr element | dbl () const noexcept |
| |
| constexpr void | self_dbl () noexcept |
| |
| constexpr void | self_mixed_add_or_sub (const affine_element< Fq, Fr, Params > &other, uint64_t predicate) noexcept |
| |
| constexpr element | operator+ (const element &other) const noexcept |
| |
| constexpr element | operator+ (const affine_element< Fq, Fr, Params > &other) const noexcept |
| |
| constexpr element | operator+= (const element &other) noexcept |
| |
| constexpr element | operator+= (const affine_element< Fq, Fr, Params > &other) noexcept |
| |
| constexpr element | operator- (const element &other) const noexcept |
| |
| constexpr element | operator- (const affine_element< Fq, Fr, Params > &other) const noexcept |
| |
| constexpr element | operator- () const noexcept |
| |
| constexpr element | operator-= (const element &other) noexcept |
| |
| constexpr element | operator-= (const affine_element< Fq, Fr, Params > &other) noexcept |
| |
| element | operator* (const Fr &exponent) const noexcept |
| |
| element | operator*= (const Fr &exponent) noexcept |
| |
| constexpr element | normalize () const noexcept |
| |
| BB_INLINE constexpr element | set_infinity () const noexcept |
| |
| BB_INLINE constexpr void | self_set_infinity () noexcept |
| |
| BB_INLINE constexpr bool | is_point_at_infinity () const noexcept |
| |
| BB_INLINE constexpr bool | on_curve () const noexcept |
| |
| BB_INLINE constexpr bool | operator== (const element &other) const noexcept |
| |
| template<typename > |
| element< Fq, Fr, T > | random_coordinates_on_curve (numeric::RNG *engine) noexcept |
| |
|
| static constexpr element | one () noexcept |
| |
| static constexpr element | zero () noexcept |
| |
| static element | random_element (numeric::RNG *engine=nullptr) noexcept |
| |
| static element | infinity () |
| |
| static void | batch_normalize (element *elements, size_t num_elements) noexcept |
| |
| static void | batch_affine_add (const std::span< affine_element< Fq, Fr, Params > > &first_group, const std::span< affine_element< Fq, Fr, Params > > &second_group, const std::span< affine_element< Fq, Fr, Params > > &results) noexcept |
| | Pairwise affine add points in first and second group.
|
| |
| static std::vector< affine_element< Fq, Fr, Params > > | batch_mul_with_endomorphism (const std::span< const affine_element< Fq, Fr, Params > > &points, const Fr &scalar) noexcept |
| | Multiply each point by the same scalar.
|
| |
template<class
Fq, class
Fr, class
Params>
class bb::group_elements::element< Fq, Fr, Params >
element class. Implements ecc group arithmetic using Jacobian coordinates See https://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html#doubling-dbl-2009-l
Note: Currently subgroup checks are NOT IMPLEMENTED Our current implementation uses G1 points that have a cofactor of 1. All G2 points are precomputed (generator [1]_2 and trusted setup point [x]_2). Explicitly assume precomputed points are valid members of the prime-order subgroup for G2.
- Template Parameters
-
| Fq | prime field the curve is defined over |
| Fr | prime field whose characteristic equals the size of the prime-order elliptic curve subgroup |
| Params | curve parameters |
Definition at line 33 of file element.hpp.
Multiply each point by the same scalar.
We use the fact that all points are being multiplied by the same scalar to batch the operations (perform batch affine additions and doublings with batch inversion trick)
- Parameters
-
| points | The span of individual points that need to be scaled |
| scalar | The scalar we multiply all the points by |
- Returns
- std::vector<affine_element<Fq, Fr, T>> Vector of new points where each point is exponentâ‹…points[i]
Perform point addition rhs[i]=rhs[i]+lhs[i] with batch inversion
Perform batch affine addition in parallel
Perform point doubling lhs[i]=lhs[i]+lhs[i] with batch inversion
Perform point doubling in parallel
Definition at line 794 of file element_impl.hpp.
template<typename
Fq , typename
Fr , typename T >
We now proceed to iterate back down the array of points. At each iteration we update the accumulator to contain the z-coordinate of the currently worked-upon z-coordinate. We can then multiply this accumulator with temporaries, to get a scalar that is equal to the inverse of the z-coordinate of the point at the next iteration cycle e.g. Imagine we have 4 points, such that:
accumulator = 1 / z.data[0]*z.data[1]*z.data[2]*z.data[3] temporaries[3] = z.data[0]*z.data[1]*z.data[2] temporaries[2] = z.data[0]*z.data[1] temporaries[1] = z.data[0] temporaries[0] = 1
At the first iteration, accumulator * temporaries[3] = z.data[0]*z.data[1]*z.data[2] / z.data[0]*z.data[1]*z.data[2]*z.data[3] = (1 / z.data[3]) We then update accumulator, such that:
accumulator = accumulator * z.data[3] = 1 / z.data[0]*z.data[1]*z.data[2]
At the second iteration, accumulator * temporaries[2] = z.data[0]*z.data[1] / z.data[0]*z.data[1]*z.data[2] = (1 z.data[2]) And so on, until we have computed every z-inverse!
We can then convert out of Jacobian form (x = X / Z^2, y = Y / Z^3) with 4 muls and 1 square.
Definition at line 1044 of file element_impl.hpp.
1.9.8