예제 #1
0
def miller_loop(Q, P):
    if Q is None or P is None:
        return FQ12.one()
    R = Q
    f_num, f_den = FQ12.one(), FQ12.one()
    for b in pseudo_binary_encoding[63::-1]:
        #for i in range(log_ate_loop_count, -1, -1):
        _n, _d = linefunc(R, R, P)
        f_num = f_num * f_num * _n
        f_den = f_den * f_den * _d
        R = double(R)
        #if ate_loop_count & (2**i):
        if b == 1:
            _n, _d = linefunc(R, Q, P)
            f_num = f_num * _n
            f_den = f_den * _d
            R = add(R, Q)
        elif b == -1:
            nQ = neg(Q)
            _n, _d = linefunc(R, nQ, P)
            f_num = f_num * _n
            f_den = f_den * _d
            R = add(R, nQ)
    # assert R == multiply(Q, ate_loop_count)
    Q1 = (Q[0]**field_modulus, Q[1]**field_modulus, Q[2]**field_modulus)
    # assert is_on_curve(Q1, b12)
    nQ2 = (Q1[0]**field_modulus, -Q1[1]**field_modulus, Q1[2]**field_modulus)
    # assert is_on_curve(nQ2, b12)
    _n1, _d1 = linefunc(R, Q1, P)
    R = add(R, Q1)
    _n2, _d2 = linefunc(R, nQ2, P)
    f = f_num * _n1 * _n2 / (f_den * _d1 * _d2)
    # R = add(R, nQ2) This line is in many specifications but it technically does nothing
    return f**((field_modulus**12 - 1) // curve_order)
예제 #2
0
def pairing(Q, P, final_exponentiate=True):
    assert is_on_curve(Q, b2)
    assert is_on_curve(P, b)
    if P[-1] == P[-1].__class__.zero() or Q[-1] == Q[-1].__class__.zero():
        return FQ12.one()
    return miller_loop(twist(Q),
                       cast_point_to_fq12(P),
                       final_exponentiate=final_exponentiate)
예제 #3
0
def miller_loop(Q, P):
    if Q is None or P is None:
        return FQ12.one()
    R = Q
    f = FQ12.one()
    for i in range(log_ate_loop_count, -1, -1):
        f = f * f * linefunc(R, R, P)
        R = double(R)
        if ate_loop_count & (2**i):
            f = f * linefunc(R, Q, P)
            R = add(R, Q)
    # assert R == multiply(Q, ate_loop_count)
    Q1 = (Q[0]**field_modulus, Q[1]**field_modulus)
    # assert is_on_curve(Q1, b12)
    nQ2 = (Q1[0]**field_modulus, -Q1[1]**field_modulus)
    # assert is_on_curve(nQ2, b12)
    f = f * linefunc(R, Q1, P)
    R = add(R, Q1)
    f = f * linefunc(R, nQ2, P)
    # R = add(R, nQ2) This line is in many specifications but it technically does nothing
    return f**((field_modulus**12 - 1) // curve_order)