diff --git a/include/relic_ep.h b/include/relic_ep.h index 870eedca8..1548afb06 100644 --- a/include/relic_ep.h +++ b/include/relic_ep.h @@ -141,6 +141,8 @@ enum { B24_P317, /** Kachisa-Schaefer-Scott with embedding degree 16. */ K16_P330, + /** Kachisa-Schaefer-Scott curve with embedding degree 18. */ + K18_P354, /** Barreto-Lynn-Scott curve with embedding degree 12 (SNARK curve). */ B12_P377, /** Barreto-Lynn-Scott curve with embedding degree 12 (ZCash curve). */ diff --git a/include/relic_fp.h b/include/relic_fp.h index 53c85cede..0ecbbac00 100644 --- a/include/relic_fp.h +++ b/include/relic_fp.h @@ -126,6 +126,8 @@ enum { K16_330, /** 381-bit prime for BLS curve of embedding degree 12 (SNARKs). */ B12_377, + /** 354-bit prime for KSS curve of embedding degree 18. */ + K18_354, /** 381-bit prime for BLS curve of embedding degree 12 (Zcash). */ B12_381, /** 382-bit prime provided by Barreto for BN curve. */ diff --git a/include/relic_pc.h b/include/relic_pc.h index 2fe17788e..797b98c9f 100644 --- a/include/relic_pc.h +++ b/include/relic_pc.h @@ -62,7 +62,7 @@ #elif FP_PRIME == 315 || FP_PRIME == 317 || FP_PRIME == 330 || FP_PRIME == 509 || FP_PRIME == 765 || FP_PRIME == 766 #define RLC_G2_LOWER ep4_ #define RLC_G2_BASEF(A) A[0][0] -#elif FP_PRIME == 508 || FP_PRIME == 768 || FP_PRIME == 638 && !defined(FP_QNRES) +#elif FP_PRIME == 354 || FP_PRIME == 508 || FP_PRIME == 768 || FP_PRIME == 638 && !defined(FP_QNRES) #define RLC_G2_LOWER ep3_ #define RLC_G2_BASEF(A) A[0] #else @@ -78,7 +78,7 @@ #elif FP_PRIME == 315 || FP_PRIME == 317 || FP_PRIME == 509 #define RLC_GT_LOWER fp24_ #define RLC_GT_EMBED 24 -#elif FP_PRIME == 508 || FP_PRIME == 768 || FP_PRIME == 638 && !defined(FP_QNRES) +#elif FP_PRIME == 354 || FP_PRIME == 508 || FP_PRIME == 768 || FP_PRIME == 638 && !defined(FP_QNRES) #define RLC_GT_LOWER fp18_ #define RLC_GT_EMBED 18 #elif FP_PRIME == 330 || FP_PRIME == 765 || FP_PRIME == 766 diff --git a/preset/x64-pbc-kss18-354.sh b/preset/x64-pbc-kss18-354.sh new file mode 100755 index 000000000..cabb237d2 --- /dev/null +++ b/preset/x64-pbc-kss18-354.sh @@ -0,0 +1,2 @@ +#!/bin/sh +cmake -DWSIZE=64 -DRAND=UDEV -DSHLIB=OFF -DSTBIN=ON -DTIMER=CYCLE -DCHECK=off -DVERBS=off -DARITH=x64-asm-6l -DFP_PRIME=354 -DFP_METHD="INTEG;INTEG;INTEG;MONTY;JMPDS;JMPDS;SLIDE" -DCFLAGS="-O3 -funroll-loops -fomit-frame-pointer -march=native -mtune=native" -DFP_PMERS=off -DFP_QNRES=off -DFPX_METHD="INTEG;INTEG;LAZYR" -DEP_PLAIN=off -DEP_SUPER=off -DPP_METHD="LAZYR;OATEP" -DWITH="ALL" $1 diff --git a/src/ep/relic_ep_param.c b/src/ep/relic_ep_param.c index c2b9a25ed..5de45b5ad 100644 --- a/src/ep/relic_ep_param.c +++ b/src/ep/relic_ep_param.c @@ -419,7 +419,7 @@ #if defined(EP_ENDOM) && FP_PRIME == 330 /** - * Parameters for a 766-bit pairing-friendly prime curve. + * Parameters for a 330-bit pairing-friendly prime curve. */ /** @{ */ #define K16_P330_A "1" @@ -431,6 +431,20 @@ /** @} */ #endif +#if defined(EP_ENDOM) && FP_PRIME == 354 +/** + * Parameters for a 354-bit pairing-friendly prime curve. + */ +/** @{ */ +#define K18_P354_A "0" +#define K18_P354_B "2" +#define K18_P354_X "2FF2367676645FED0C3D8ACD28BE62A86B5D4FA670073CF2ECC52B9C0605E22F3A160D93F4FFAD78C16662" +#define K18_P354_Y "34210146B78362C463D0AE93AC24EEA5DB23E938A2411E34BCD35DAC55BE7D05CE9C0321D8783772527649" +#define K18_P354_R "22D4230DB8342C5981301C8070000000BCA4DE1983DCC0000000000000000001" +#define K18_P354_H "942D1B947092D3F06AAAB1D" +/** @} */ +#endif + #if defined(EP_ENDOM) && FP_PRIME == 377 /** * Parameters for a 377-bit pairing-friendly prime curve. @@ -1039,6 +1053,13 @@ void ep_param_set(int param) { pairf = EP_K16; break; #endif +#if defined(EP_ENDOM) & FP_PRIME == 354 + case K18_P354: + ASSIGN(K18_P354, K18_354); + endom = 1; + pairf = EP_K18; + break; +#endif #if defined(EP_ENDOM) & FP_PRIME == 377 case B12_P377: ASSIGN(B12_P377, B12_377); @@ -1456,6 +1477,8 @@ int ep_param_set_any_endom(void) { ep_param_set(B24_P317); #elif FP_PRIME == 330 ep_param_set(K16_P330); +#elif FP_PRIME == 354 + ep_param_set(K18_P354); #elif FP_PRIME == 377 ep_param_set(B12_P377); #elif FP_PRIME == 381 @@ -1543,6 +1566,10 @@ int ep_param_set_any_pairf(void) { ep_param_set(K16_P330); type = RLC_EP_MTYPE; extension = 4; +#elif FP_PRIME == 354 + ep_param_set(K18_P354); + type = RLC_EP_DTYPE; + extension = 3; #elif FP_PRIME == 377 ep_param_set(B12_P377); type = RLC_EP_DTYPE; @@ -1725,6 +1752,9 @@ void ep_param_print(void) { case K16_P330: util_banner("Curve K16-P330:", 0); break; + case K18_P354: + util_banner("Curve K18-P354:", 0); + break; case B12_P377: util_banner("Curve B12-P377:", 0); break; @@ -1834,6 +1864,7 @@ int ep_param_level(void) { return 128; case B24_P315: case B24_P317: + case K18_P354: case B12_P377: case K16_P330: case B12_P381: @@ -1841,7 +1872,7 @@ int ep_param_level(void) { case B12_P383: case BN_P446: case B12_P446: - case GMT8_544: + case GMT8_P544: case SS_P1536: return 128; case B12_P455: diff --git a/src/epx/relic_ep3_curve.c b/src/epx/relic_ep3_curve.c index f80a56406..13c8dc153 100644 --- a/src/epx/relic_ep3_curve.c +++ b/src/epx/relic_ep3_curve.c @@ -36,11 +36,33 @@ /* Private definitions */ /*============================================================================*/ -#if defined(EP_ENDOM) && FP_PRIME == 508 +#if defined(EP_ENDOM) && FP_PRIME == 354 /** * Parameters for a pairing-friendly prime curve over a quadratic extension. */ /** @{ */ +#define K18_P354_A0 "0" +#define K18_P354_A1 "0" +#define K18_P354_A2 "0" +#define K18_P354_B0 "0" +#define K18_P354_B1 "0" +#define K18_P354_B2 "1" +#define K18_P354_X0 "0610B9E63ACF3075E9FD16A5DAD4122E5B75B025295B7E8F49AB263FCA33640C66DA49DDC2E602CC8A65707" +#define K18_P354_X1 "12BE42281E4312CE6D00FA52B1EE0B533F26195FBBF7A629A0154E37BAA6DF23907DD58CCAD1F86AD589B6F" +#define K18_P354_X2 "07F6A46EC13CD2CAC91A5F603234270AD7C568D6200C74F5440AFD2F9F7EC86EB8AEF7EEBA205D093F389F8" +#define K18_P354_Y0 "1109E1AEBA3644FCEA4BB3628A41AB34991705F9DEFF5C6D71DC8F1BD3F6AC9763939B285322652D920F85F" +#define K18_P354_Y1 "0CFD794CFDFF35D3C72F8EC1E7FF3C1F3F9827BC4568DAB9A7B924D6FDA4436D08A46174F6E7A6A1DDA9267" +#define K18_P354_Y2 "0FFC2B0D999E6593B18B2A623B3D1175A082D896385107A18121938C730CC7A23BF21CC21E278F17A38F268" +#define K18_P354_R "22D4230DB8342C5981301C8070000000BCA4DE1983DCC0000000000000000001" +#define K18_P354_H "EB3A5DFCC91261F375C5967288E92C811BB4A588A6B8E3EF6FB8F0D7E82DC1643EAC9D700CF4C79FD0C1106A41A118CD0DCFEBFE5E4A6E75ABD641D569347216AA11E7F972AEA3F8108366A1220A3F4A15F1C1B638F897EC0A5976F6EC47B0D4B6B" +/** @} */ +#endif + +#if defined(EP_ENDOM) && FP_PRIME == 508 +/** + * Parameters for a pairing-friendly prime curve over a cubic extension. + */ +/** @{ */ #define K18_P508_A0 "0" #define K18_P508_A1 "0" #define K18_P508_A2 "0" @@ -200,6 +222,9 @@ void ep3_curve_init(void) { ep3_new(ctx->ep3_g); fp3_new(ctx->ep3_a); fp3_new(ctx->ep3_b); + fp3_new(ctx->ep3_frb[0]); + fp3_new(ctx->ep3_frb[1]); + fp3_new(ctx->ep3_frb[2]); #endif #ifdef EP_PRECO @@ -230,6 +255,9 @@ void ep3_curve_clean(void) { ep3_free(ctx->ep3_g); fp3_free(ctx->ep3_a); fp3_free(ctx->ep3_b); + fp3_free(ctx->ep3_frb[0]); + fp3_free(ctx->ep3_frb[1]); + fp3_free(ctx->ep3_frb[2]); } } @@ -356,7 +384,11 @@ void ep3_curve_set_twist(int type) { bn_new(h); switch (ep_param_get()) { -#if FP_PRIME == 508 +#if FP_PRIME == 354 + case K18_P354: + ASSIGN(K18_P354); + break; +#elif FP_PRIME == 508 case K18_P508: ASSIGN(K18_P508); break; diff --git a/src/fp/relic_fp_param.c b/src/fp/relic_fp_param.c index 4470d88ea..136899c52 100644 --- a/src/fp/relic_fp_param.c +++ b/src/fp/relic_fp_param.c @@ -335,6 +335,17 @@ void fp_param_set(int param) { bn_sub_dig(t0, t0, 31); fp_prime_set_pairf(t0, EP_K16); break; +#elif FP_PRIME == 354 + case K18_354: + /* x = 2^43 + 2^42 + 2^35 + 2^34 + 2^30 + 2^26. */ + bn_set_2b(t0, 43); + bn_set_bit(t0, 42, 1); + bn_set_bit(t0, 35, 1); + bn_set_bit(t0, 34, 1); + bn_set_bit(t0, 30, 1); + bn_set_bit(t0, 26, 1); + fp_prime_set_pairf(t0, EP_K18); + break; #elif FP_PRIME == 377 case B12_377: /* x = 2^63 + 2^58 + 2^56 + 2^51 + 2^47 + 2^46 + 1. */ @@ -790,6 +801,8 @@ int fp_param_set_any_tower(void) { fp_param_set(B24_317); #elif FP_PRIME == 330 fp_param_set(K16_330); +#elif FP_PRIME == 354 + fp_param_set(K18_354); #elif FP_PRIME == 377 fp_param_set(B12_377); #elif FP_PRIME == 381 diff --git a/src/fpx/relic_fpx_srt.c b/src/fpx/relic_fpx_srt.c index 3b4ec0f6e..503acf998 100644 --- a/src/fpx/relic_fpx_srt.c +++ b/src/fpx/relic_fpx_srt.c @@ -170,8 +170,8 @@ int fp3_is_sqr(const fp3_t a) { } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { - fp2_free(t); - fp2_free(u); + fp3_free(t); + fp3_free(u); } return r; diff --git a/src/low/x64-asm-6l/macro.s b/src/low/x64-asm-6l/macro.s index 615677d31..36e7c3b7e 100644 --- a/src/low/x64-asm-6l/macro.s +++ b/src/low/x64-asm-6l/macro.s @@ -48,6 +48,14 @@ #define P4 0xC63B05C06CA1493B #define P5 0X01AE3A4617C510EA #define U0 0x8508BFFFFFFFFFFF +#elif FP_PRIME == 354 +#define P0 0x470948C8C6AAAB1D +#define P1 0x2E5DA80FED8491B9 +#define P2 0x8E6E049BE3926C48 +#define P3 0xA1928ADE1A404A33 +#define P4 0xEA98F0A5315F4B6B +#define P5 0x1428C74 +#define U0 0xE03977E479F290CB #elif FP_PRIME == 381 #define P0 0xB9FEFFFFFFFFAAAB #define P1 0x1EABFFFEB153FFFF diff --git a/src/pc/relic_pc_util.c b/src/pc/relic_pc_util.c index cbee2cf96..414c34a62 100644 --- a/src/pc/relic_pc_util.c +++ b/src/pc/relic_pc_util.c @@ -56,7 +56,7 @@ void gt_rand(gt_t a) { pp_exp_k24(a, a); #elif FP_PRIME == 330 || FP_PRIME == 765 || FP_PRIME == 766 pp_exp_k16(a, a); -#elif FP_PRIME == 508 || FP_PRIME == 768 || FP_PRIME == 638 && !defined(FP_QNRES) +#elif FP_PRIME == 354 || FP_PRIME == 508 || FP_PRIME == 768 || FP_PRIME == 638 && !defined(FP_QNRES) pp_exp_k18(a, a); #elif FP_PRIME == 544 pp_exp_k8(a, a); diff --git a/src/pp/relic_pp_map_k18.c b/src/pp/relic_pp_map_k18.c index 083775443..cbb32609d 100644 --- a/src/pp/relic_pp_map_k18.c +++ b/src/pp/relic_pp_map_k18.c @@ -213,7 +213,7 @@ static void pp_fin_k18_oatep(fp18_t r, ep3_t t, const ep3_t q, const ep_t p, fp18_new(u); fp18_new(v); ep3_new(_q); - ep3_null(_p); + ep_new(_p); /* Compute additional line function. */ fp18_zero(u);