|
| | element () noexcept=default |
| |
| constexpr | element (const Fq &a, const Fq &b, const Fq &c) noexcept |
| |
| constexpr | element (const element &other) noexcept |
| |
| constexpr | element (element &&other) noexcept |
| |
| constexpr | element (const affine_element< Fq, Fr, Params > &other) noexcept |
| |
| | ~element () noexcept=default |
| |
| constexpr element & | operator= (const element &other) noexcept |
| |
| constexpr element & | operator= (element &&other) noexcept |
| |
| constexpr | operator affine_element< Fq, Fr, Params > () const noexcept |
| |
| constexpr element | dbl () const noexcept |
| |
| constexpr void | self_dbl () noexcept |
| |
| constexpr element | operator+ (const element &other) const noexcept |
| |
| constexpr element | operator+ (const affine_element< Fq, Fr, Params > &other) const noexcept |
| |
| constexpr element | operator+= (const element &other) noexcept |
| |
| constexpr element | operator+= (const affine_element< Fq, Fr, Params > &other) noexcept |
| |
| constexpr element | operator- (const element &other) const noexcept |
| |
| constexpr element | operator- (const affine_element< Fq, Fr, Params > &other) const noexcept |
| |
| constexpr element | operator- () const noexcept |
| |
| constexpr element | operator-= (const element &other) noexcept |
| |
| constexpr element | operator-= (const affine_element< Fq, Fr, Params > &other) noexcept |
| |
| element | operator* (const Fr &exponent) const noexcept |
| |
| element | operator*= (const Fr &exponent) noexcept |
| |
| constexpr element | normalize () const noexcept |
| |
| BB_INLINE constexpr element | set_infinity () const noexcept |
| |
| BB_INLINE constexpr void | self_set_infinity () noexcept |
| |
| BB_INLINE constexpr bool | is_point_at_infinity () const noexcept |
| |
| BB_INLINE constexpr bool | on_curve () const noexcept |
| |
| BB_INLINE constexpr bool | operator== (const element &other) const noexcept |
| |
| template<typename > |
| element< Fq, Fr, T > | random_coordinates_on_curve (numeric::RNG *engine) noexcept |
| |
|
| static constexpr element | one () noexcept |
| |
| static constexpr element | zero () noexcept |
| |
| static element | random_element (numeric::RNG *engine=nullptr) noexcept |
| |
| static element | infinity () |
| |
| static void | batch_normalize (element *elements, size_t num_elements) noexcept |
| |
| static void | batch_affine_add (const std::span< affine_element< Fq, Fr, Params > > &first_group, const std::span< affine_element< Fq, Fr, Params > > &second_group, const std::span< affine_element< Fq, Fr, Params > > &results) noexcept |
| | Pairwise affine add points in first and second group.
|
| |
| static std::vector< affine_element< Fq, Fr, Params > > | batch_mul_with_endomorphism (const std::span< const affine_element< Fq, Fr, Params > > &points, const Fr &scalar) noexcept |
| | Multiply each point by the same scalar.
|
| |
| static affine_element< Fq, Fr, Params > | batch_mul (std::span< const affine_element< Fq, Fr, Params > > points, std::span< const Fr > scalars, size_t max_num_bits=0, bool with_edgecases=true, const Fr &masking_scalar=Fr(1)) noexcept |
| | Multi-scalar multiplication: compute sum_i(scalars[i] * points[i])
|
| |
template<class
Fq, class
Fr, class
Params>
class bb::group_elements::element< Fq, Fr, Params >
element class. Implements ecc group arithmetic using Jacobian coordinates See https://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html#doubling-dbl-2009-l
Note: Currently subgroup checks are NOT IMPLEMENTED Our current implementation uses G1 points that have a cofactor of 1. All G2 points are precomputed (generator [1]_2 and trusted setup point [x]_2). Explicitly assume precomputed points are valid members of the prime-order subgroup for G2.
- Template Parameters
-
| Fq | prime field the curve is defined over |
| Fr | prime field whose characteristic equals the size of the prime-order elliptic curve subgroup |
| Params | curve parameters |
Definition at line 33 of file element.hpp.
template<typename
Fq , typename
Fr , typename T >
We now proceed to iterate back down the array of points. At each iteration we update the accumulator to contain the z-coordinate of the currently worked-upon z-coordinate. We can then multiply this accumulator with temporaries, to get a scalar that is equal to the inverse of the z-coordinate of the point at the next iteration cycle e.g. Imagine we have 4 points, such that:
accumulator = 1 / z.data[0]*z.data[1]*z.data[2]*z.data[3] temporaries[3] = z.data[0]*z.data[1]*z.data[2] temporaries[2] = z.data[0]*z.data[1] temporaries[1] = z.data[0] temporaries[0] = 1
At the first iteration, accumulator * temporaries[3] = z.data[0]*z.data[1]*z.data[2] / z.data[0]*z.data[1]*z.data[2]*z.data[3] = (1 / z.data[3]) We then update accumulator, such that:
accumulator = accumulator * z.data[3] = 1 / z.data[0]*z.data[1]*z.data[2]
At the second iteration, accumulator * temporaries[2] = z.data[0]*z.data[1] / z.data[0]*z.data[1]*z.data[2] = (1 z.data[2]) And so on, until we have computed every z-inverse!
We can then convert out of Jacobian form (x = X / Z^2, y = Y / Z^3) with 4 muls and 1 square.
Definition at line 968 of file element_impl.hpp.
1.9.8