ark_r1cs_std/fields/
fp6_3over2.rs

1use crate::fields::{cubic_extension::*, fp2::*};
2use ark_ff::{
3    fields::{fp6_3over2::*, Fp2},
4    CubicExtConfig,
5};
6use ark_relations::r1cs::SynthesisError;
7use ark_std::ops::MulAssign;
8
9/// A sextic extension field constructed as the tower of a
10/// cubic extension over a quadratic extension field.
11/// This is the R1CS equivalent of `ark_ff::fp6_3over3::Fp6<P>`.
12pub type Fp6Var<P> = CubicExtVar<Fp2Var<<P as Fp6Config>::Fp2Config>, Fp6ConfigWrapper<P>>;
13
14impl<P: Fp6Config> CubicExtVarConfig<Fp2Var<P::Fp2Config>> for Fp6ConfigWrapper<P> {
15    fn mul_base_field_vars_by_frob_coeff(
16        c1: &mut Fp2Var<P::Fp2Config>,
17        c2: &mut Fp2Var<P::Fp2Config>,
18        power: usize,
19    ) {
20        *c1 *= Self::FROBENIUS_COEFF_C1[power % Self::DEGREE_OVER_BASE_PRIME_FIELD];
21        *c2 *= Self::FROBENIUS_COEFF_C2[power % Self::DEGREE_OVER_BASE_PRIME_FIELD];
22    }
23}
24
25impl<P: Fp6Config> Fp6Var<P> {
26    /// Multiplies `self` by a sparse element which has `c0 == c2 == zero`.
27    pub fn mul_by_0_c1_0(&self, c1: &Fp2Var<P::Fp2Config>) -> Result<Self, SynthesisError> {
28        // Karatsuba multiplication
29        // v0 = a0 * b0 = 0
30
31        // v1 = a1 * b1
32        let v1 = &self.c1 * c1;
33
34        // v2 = a2 * b2 = 0
35
36        let a1_plus_a2 = &self.c1 + &self.c2;
37        let b1_plus_b2 = c1.clone();
38
39        let a0_plus_a1 = &self.c0 + &self.c1;
40
41        // c0 = (NONRESIDUE * ((a1 + a2)*(b1 + b2) - v1 - v2)) + v0
42        //    = NONRESIDUE * ((a1 + a2) * b1 - v1)
43        let c0 = &(a1_plus_a2 * &b1_plus_b2 - &v1) * P::NONRESIDUE;
44
45        // c1 = (a0 + a1) * (b0 + b1) - v0 - v1 + NONRESIDUE * v2
46        //    = (a0 + a1) * b1 - v1
47        let c1 = a0_plus_a1 * c1 - &v1;
48        // c2 = (a0 + a2) * (b0 + b2) - v0 - v2 + v1
49        //    = v1
50        let c2 = v1;
51        Ok(Self::new(c0, c1, c2))
52    }
53
54    /// Multiplies `self` by a sparse element which has `c2 == zero`.
55    pub fn mul_by_c0_c1_0(
56        &self,
57        c0: &Fp2Var<P::Fp2Config>,
58        c1: &Fp2Var<P::Fp2Config>,
59    ) -> Result<Self, SynthesisError> {
60        let v0 = &self.c0 * c0;
61        let v1 = &self.c1 * c1;
62        // v2 = 0.
63
64        let a1_plus_a2 = &self.c1 + &self.c2;
65        let a0_plus_a1 = &self.c0 + &self.c1;
66        let a0_plus_a2 = &self.c0 + &self.c2;
67
68        let b1_plus_b2 = c1.clone();
69        let b0_plus_b1 = c0 + c1;
70        let b0_plus_b2 = c0.clone();
71
72        let c0 = (&a1_plus_a2 * &b1_plus_b2 - &v1) * P::NONRESIDUE + &v0;
73
74        let c1 = a0_plus_a1 * &b0_plus_b1 - &v0 - &v1;
75
76        let c2 = a0_plus_a2 * &b0_plus_b2 - &v0 + &v1;
77
78        Ok(Self::new(c0, c1, c2))
79    }
80}
81
82impl<P: Fp6Config> MulAssign<Fp2<P::Fp2Config>> for Fp6Var<P> {
83    fn mul_assign(&mut self, other: Fp2<P::Fp2Config>) {
84        self.c0 *= other;
85        self.c1 *= other;
86        self.c2 *= other;
87    }
88}
ark_r1cs_std/fields/fp6_3over2.rs

ark_r1cs_std/fields/
fp6_3over2.rs
