1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
// use gmp::mpz::Mpz;
use gridiron::fp_256::Fp256;
use internal::fp2elem::Fp2Elem;
use internal::homogeneouspoint::HomogeneousPoint;
use num_traits::one;
/// Points that are used in our core algorithm for for `FP`.
///
/// `g1` - the point which is in Fp2 and is used in the pairing.
/// `hash_element` - another point in Fp2 that is used for hashing.
/// `generator` - the generator point over FP.
#[derive(Debug)]
pub struct CurvePoints<FP> {
pub generator: HomogeneousPoint<FP>,
pub g1: HomogeneousPoint<Fp2Elem<FP>>,
pub hash_element: HomogeneousPoint<Fp2Elem<FP>>,
}
lazy_static! {
pub static ref FP_256_CURVE_POINTS: CurvePoints<Fp256> = CurvePoints {
// Fixed point in cyclic group G1 (the trace zero subgroup).
// Start with a point that is on the twisted curve y^2 = x^3 + (3 / (u + 3)).
// Turns out u + 1 is a valid x, with y = sqrt(x^3 + (3 / (u + 3)).
// Take (x,y) and multiply by (p + p - r) to get an r-torsion element of the twisted curve over FP2.
// Compute the anti-trace map of that r-torsion element to get a point in the trace-zero subgroup.
generator: HomogeneousPoint::new(one(), Fp256::from(2),),
g1: HomogeneousPoint {
x: Fp2Elem {
//"25743265030535080187440590897139396943782163562799308681850377411492232521347",
elem1: Fp256::new(
[2507622754460853891,
9877167536544074954,
18078345594810373836,
4101138728628435831]
),
//34056889713323967780338301808336650802977437253339894663986165323395183925712
elem2: Fp256::new(
[12625564794091985360,
17127985201288633451,
7992580825100775803,
5425575552062643458]
)
},
y: Fp2Elem {
//36332093629799712472233840570439767783123758424653318224159027848500552319214
elem1: Fp256::new(
[5911316561449107694,
6915473338119872357,
249023297152745786,
5788036447614081902]
),
//19100300358747584658695151329066047798696640594509146799364306658205997167318
elem2: Fp256::new(
[1871608135806579414,
14384824296619582173,
9235547119254267238,
3042853400172105348]
)
},
z: Fp2Elem {
//11969434517458907073927619028753373626677015846219303340439317866996854601254
elem1: Fp256::new(
[4065963877724239398,
1726885572583136803,
1771402833084487309,
1906840931059335199]
),
//14774454666095297364611775449425506027744765805321334870185419948913527571534
elem2: Fp256::new(
[149061317907661902,
4775518139489161279,
16762419993107771434,
2353706421994953434]
)
}
},
// Used to hash integers to a point in FP2
// Generated by multiplying g1 by the SHA256 hash of the date/time "Mon Feb 19 16:30:21 MST 2018\n",
// encoded in ASCII/UTF-8, converted to a BigInt.
hash_element: HomogeneousPoint {
x: Fp2Elem {
//26115920809144023111516349163868890892335785984202627188956566235163006540541
elem1: Fp256::new(
[586598414603983613,
8834996989510657014,
1532543065110594566,
4160506219282303123]
),
//15905362109061908101726321997764649315090633150407344591241408991746779381256
elem2: Fp256::new(
[11554781997991591432,
9220913352420527851,
6271328435017085486,
2533870371957912702]
)
},
y: Fp2Elem {
//4632230948348518150642153940906247958418069554996068756252789717528925762701
elem1: Fp256::new(
[10688470098331890829,
2791940815560668429,
2687886497225385767,
737956965431143261]
),
//3026141039160762752629025637420408604709576372807872293769066469244216243501
elem2: Fp256::new(
[263513557872899373,
2056753385929261822,
1938347120135073022,
482092081143296464]
),
},
z: Fp2Elem {
//43872202626887887868122322275088633257981831137687656289783477940483447530228
elem1: Fp256::new(
[16041882573888496372,
10727001039534410898,
5136376370210042283,
6989245112845901840]
),
//20191379131685497308054970475671582162258136917730106438050079114233947942452
elem2: Fp256::new(
[15234254999323995700,
1702130819833962589,
18114353364106568584,
3216672276929676369]
)
}
}
};
}
#[cfg(test)]
mod test {
use super::*;
#[test]
fn generator_times_2() {
//37777967648492203239675772600961898148040325589588086812374811831221462604944
let fp256 = Fp256::new([
17189375727870516368,
18224873185075715024,
7861335034745733951,
6018377467983639816,
]);
let result = FP_256_CURVE_POINTS.generator * fp256;
let expected_result = HomogeneousPoint::new(
//56377452267431283559088187378398270325210563762492926393848580098576649271541
Fp256::new([
1788354481340266741,
6941240287463798938,
4130173504620995341,
8981446317750070851,
]),
//46643694276241842996939080253335644316475473619096522181405937227991761798154
Fp256::new([
3047215073141965834,
7252896082344953161,
7531499505638418112,
7430769205681594307,
]),
);
assert_eq!(result, expected_result)
}
}