Skip to content
This repository has been archived by the owner on Dec 27, 2023. It is now read-only.

update InCorrectSubgroup #34

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

update InCorrectSubgroup #34

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
74c111f
update InCorrectSubgroup
oznurkalkar Dec 14, 2021
12422fa
update isValid
oznurkalkar Dec 16, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 9 additions & 14 deletions g2.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -757,22 +757,17 @@ func (g *G2) MultiExp(r *PointG2, points []*PointG2, scalars []*Fr) (*PointG2, e
// InCorrectSubgroup checks whether given point is in correct subgroup.
func (g *G2) InCorrectSubgroup(p *PointG2) bool {

// Faster Subgroup Checks for BLS12-381
// S. Bowe
// https://eprint.iacr.org/2019/814.pdf
// A note on group membership tests for G1, G2
// and GT on BLS pairing-friendly curves
// M. Scott
// https://eprint.iacr.org/2021/1130.pdf

// [z]ψ^3(P) − ψ^2(P) + P = O
t0, t1 := g.New().Set(p), g.New()
// ψ^3(P) − [u]P = O
t0, t1 := g.New().Set(p), g.New().Set(p)

g.psi(t0)
g.psi(t0)
g.Neg(t1, t0) // - ψ^2(P)
g.psi(t0) // ψ^3(P)
g.mulX(t0) // - x ψ^3(P)
g.Neg(t0, t0)

g.Add(t0, t0, t1)
g.Add(t0, t0, p)
g.psi(t0) //ψ(P)
g.mulX(t1) //-[u]P
g.Add(t0, t0, t1) //ψ(P)-[u]P
Comment on lines +760 to +770
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks good to me, this method works as better proven also in https://hal.inria.fr/hal-03608264/document
Note that u == x but it's just a question of notation.


return g.IsZero(t0)
}
Expand Down
19 changes: 16 additions & 3 deletions gt.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,9 +65,22 @@ func (g *GT) ToBytes(e *E) []byte {

// IsValid checks whether given target group element is in correct subgroup.
func (g *GT) IsValid(e *E) bool {
r := g.New()
g.fp12.exp(r, e, qBig)
return r.isOne()
r0, r1, r2 := g.New().Set(e), g.New(), g.New()

g.fp12.frobeniusMap1(r0)
r1.set(r0)
g.fp12.frobeniusMap1(r0)
r2.set(r0)
g.fp12.frobeniusMap2(r0)
g.Mul(r0, r0, e)
Comment on lines +70 to +75
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
g.fp12.frobeniusMap1(r0)
r1.set(r0)
g.fp12.frobeniusMap1(r0)
r2.set(r0)
g.fp12.frobeniusMap2(r0)
g.Mul(r0, r0, e)
g.fp12.frobeniusMap1(r0) // r0 = e^p
r1.set(r0) // r1 = e^p
g.fp12.frobeniusMap1(r0) // r0 = e^(p^2)
r2.set(r0) // r2 = e^(p^2)
g.fp12.frobeniusMap2(r0) // r0 = e^(p^4)
g.Mul(r0, r0, e) // r0 = e·e^(p^4)

if !r0.Equal(r2) {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
if !r0.Equal(r2) {
// cyclotomic test
if !r0.Equal(r2) {

return false
}
g.Exp(r0, e, bigFromHex("0xd201000000010000"))
g.Mul(r0, r0, r1)
Comment on lines +79 to +80
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
g.Exp(r0, e, bigFromHex("0xd201000000010000"))
g.Mul(r0, r0, r1)
g.Exp(r0, e, bigFromHex("0xd201000000010000")) // r0 = e^-u
g.Mul(r0, r0, r1) // r0 = e^-u · e^p = e^(p-u)


return r0.IsOne()
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So, you are doing the cyclotomic test e·e^(p^4) == e^(p^2) and then you test if e^p = e^u as in Scott paper.

Suggested change
return r0.IsOne()
// e^(p-u) = e^(p+1-t) == 1
return r0.IsOne()


}

// New initializes a new target group element which is equal to one
Expand Down
15 changes: 14 additions & 1 deletion pairing_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -247,6 +247,19 @@ func BenchmarkFinalExp(t *testing.B) {
f := gt.New().one()
t.ResetTimer()
for i := 0; i < t.N; i++ {
bls.finalExp(f)
bls.millerLoop(f)
}
}

func BenchmarkGT_IsValid(b *testing.B) {
bls := NewEngine()
g1, g2, gt := bls.G1, bls.G2, bls.GT()
bls.AddPair(g1.One(), g2.One())
e := gt.New()
e = bls.calculate()
b.ResetTimer()
for i := 0; i < b.N; i++ {
gt.IsValid(e)
}

}