mnt6_753.sage

import hashlib

from utils import *

# Fr
r = 0x01C4C62D92C41110229022EEE2CDADB7F997505B8FAFED5EB7E8F96C97D87307FDB925E8A0ED8D99D124D9A15AF79DB117E776F218059DB80F0DA5CB537E38685ACCE9767254A4638810719AC425F0E39D54522CDD119F5E9063DE245E8001
fr = constants(r, 17, True, 'Fr')
Fr = FiniteField(r)
# Fq
q = 0x01C4C62D92C41110229022EEE2CDADB7F997505B8FAFED5EB7E8F96C97D87307FDB925E8A0ED8D99D124D9A15AF79DB26C5C28C859A99B3EEBCA9429212636B9DFF97634993AA4D6C381BC3F0057974EA099170FA13A4FD90776E240000001
fq = constants(q, 17, True, 'Fq')
Fq = FiniteField(q)
# Non-residue
non_residue = 11

# Fq3
Fq3.<A3> = GF(q**3, name='A3', modulus=x^3 - non_residue)
A3s = A3*A3

a = 11
b = 0x7DA285E70863C79D56446237CE2E1468D14AE9BB64B2BB01B10E60A5D5DFE0A25714B7985993F62F03B22A9A3C737A1A1E0FCF2C43D7BF847957C34CCA1E3585F9A80A95F401867C4E80F4747FDE5ABA7505BA6FCF2485540B13DFC8468A


g1_coeff_a = Fq(a)
print('G1 coeff a:', g1_coeff_a)
print(to_montgomery_vec(g1_coeff_a, fq))

g1_coeff_b = Fq(b)
print('G1 coeff b:', g1_coeff_b)
print(to_montgomery_vec(g1_coeff_b, fq))

g2_coeff_a = Fq3(g1_coeff_a * A3s)
print('G2 coeff a', vector(g2_coeff_a))
print(tuple(to_montgomery_vec(i, fq) for i in vector(g2_coeff_a)))

g2_coeff_b = Fq3(non_residue * g1_coeff_b)
print('G2 coeff b', vector(g2_coeff_b))
print(tuple(to_montgomery_vec(i, fq) for i in vector(g2_coeff_b)))

G1 = EllipticCurve(Fq, [g1_coeff_a, g1_coeff_b])
G2 = EllipticCurve(Fq3, [g2_coeff_a, g2_coeff_b])

G1_cofactor = 1
print('G1 cofactor', G1_cofactor)
G1_cofactor_inv = Fr(G1_cofactor).inverse_of_unit()
print('G1 cofactor inv', G1_cofactor_inv)

# Computed via G2.order() and put here for speed
G2_order = 73552111470802397192299133782080682301728710523587802164414953272757803714910813694725910843025422137965798141905885753593004512240463847384721096903595933283458847264288566388732113787639043399649361805852639267190950507912358376074097539843068006508773746266871144243740553087382752422866473030888088548173965683919212921358833994558678853355172509356520991433316263176882890942286357544906938949829579371370459287502330781592320903149388678948211503762056389148978998668559030669244035030070029532088840675255439951794614401514977987414319720539166454247426672790008063108319880391951786373973900019019538024651026784431794445884182058882094901834289642271616024218938900480000
G2_cofactor = int(G2_order / r)
print('G2 cofactor', G2_cofactor)
print(biguint_to_u64_vec(G2_cofactor))
G2_cofactor_inv = Fr(G2_cofactor).inverse_of_unit()
print('G2 cofactor inv', G2_cofactor_inv)
print(to_montgomery_vec(G2_cofactor_inv, fr))

# Small subgroup root of unity
full_root_of_unity = 12249458902762217747626832919710926618510011455364963726393752854649914979954138109976331601455448780251166045203053508523342111624583986869301658366625356826888785691823710598470775453742133593634524619429629803955083254436531
print('Fr full root of unity', to_montgomery_vec(full_root_of_unity, fr))