relic-toolkit · dfaranha · Aug 14, 2024 · Aug 12, 2024 · Aug 12, 2024 · Aug 12, 2024
diff --git a/bench/bench_pc.c b/bench/bench_pc.c
@@ -684,6 +684,12 @@ static void arith(void) {
 	}
 	BENCH_END;
 
+	BENCH_RUN("gt_frb (1)") {
+		gt_rand(a);
+		BENCH_ADD(gt_frb(c, a, 1));
+	}
+	BENCH_END;
+
 	BENCH_RUN("gt_exp") {
 		gt_rand(a);
 		pc_get_ord(d);

diff --git a/include/relic_bn.h b/include/relic_bn.h
@@ -1547,11 +1547,11 @@ void bn_rec_frb(bn_t *ki, int sub, const bn_t k, const bn_t x, const bn_t n,
  * @param[out] b			- the recoded subscalars.
  * @param[in] len			- the length in bytes of the recoding.
  * @param[in] k				- the subscalars to recode.
- * @param[in] m				- the number of subscallars to recode.
- * @param[in] n				- the elliptic curve group order.
+ * @param[in] m				- the number of subscalars to recode.
+ * @param[in] n				- the bit length of the group order.
  * @throw ERR_NO_BUFFER		- if the buffer capacity is insufficient.
  */
-void bn_rec_sac(int8_t *b, size_t *len, bn_t *k, size_t m, bn_t n);
+void bn_rec_sac(int8_t *b, size_t *len, bn_t *k, size_t m, size_t n);
 
 /**
  * Computes the coefficients of the polynomial representing the Lagrange

diff --git a/src/bn/relic_bn_rec.c b/src/bn/relic_bn_rec.c
@@ -876,10 +876,10 @@ void bn_rec_glv(bn_t k0, bn_t k1, const bn_t k, const bn_t n, const bn_t *v1,
 	}
 }
 
-void bn_rec_sac(int8_t *b, size_t *len, bn_t *k, size_t m, bn_t n) {
+void bn_rec_sac(int8_t *b, size_t *len, bn_t *k, size_t m, size_t n) {
 	/* Assume k0 is the sign-aligner. */
 	bn_t *t = RLC_ALLOCA(bn_t, m);
-	size_t l = RLC_CEIL(bn_bits(n), m) + 1;
+	size_t l = RLC_CEIL(n, m) + 1;
 	int8_t bji;
 
 	if (t == NULL) {

diff --git a/src/ep/relic_ep_mul.c b/src/ep/relic_ep_mul.c
@@ -77,8 +77,6 @@ static void ep_mul_glv_imp(ep_t r, const ep_t p, const bn_t k) {
 		bn_rec_glv(k0, k1, _k, n, (const bn_t *)v1, (const bn_t *)v2);
 		s0 = bn_sign(k0);
 		s1 = bn_sign(k1);
-		bn_abs(k0, k0);
-		bn_abs(k1, k1);
 
 		if (s0 == RLC_POS) {
 			ep_tab(t, p, RLC_WIDTH);

diff --git a/src/epx/relic_ep2_mul.c b/src/epx/relic_ep2_mul.c
@@ -44,51 +44,61 @@ static void ep2_mul_gls_imp(ep2_t r, const ep2_t p, const bn_t k) {
 	size_t l, _l[4];
 	bn_t n, _k[4], u;
 	int8_t naf[4][RLC_FP_BITS + 1];
-	ep2_t q[4];
+	ep2_t q, t[4][1 << (RLC_WIDTH - 2)];
 
 	bn_null(n);
 	bn_null(u);
+	ep2_null(q);
 
 	RLC_TRY {
 		bn_new(n);
 		bn_new(u);
-		for (int i = 0; i < 4; i++) {
+		ep2_new(q);
+		for (size_t i = 0; i < 4; i++) {
 			bn_null(_k[i]);
-			ep2_null(q[i]);
 			bn_new(_k[i]);
-			ep2_new(q[i]);
+			for (size_t j = 0; j < (1 << (RLC_WIDTH - 2)); j++) {
+				ep2_null(t[i][j]);
+				ep2_new(t[i][j]);
+			}	
 		}
 
 		ep2_curve_get_ord(n);
 		fp_prime_get_par(u);
 		bn_mod(_k[0], k, n);
 		bn_rec_frb(_k, 4, _k[0], u, n, ep_curve_is_pairf() == EP_BN);
 
-		ep2_norm(q[0], p);
-		ep2_frb(q[1], q[0], 1);
-		ep2_frb(q[2], q[1], 1);
-		ep2_frb(q[3], q[2], 1);
-
 		l = 0;
-		for (int i = 0; i < 4; i++) {
-			if (bn_sign(_k[i]) == RLC_NEG) {
-				ep2_neg(q[i], q[i]);
-			}
+		for (size_t i = 0; i < 4; i++) {
 			_l[i] = RLC_FP_BITS + 1;
-			bn_rec_naf(naf[i], &_l[i], _k[i], 2);
+			bn_rec_naf(naf[i], &_l[i], _k[i], RLC_WIDTH);
 			l = RLC_MAX(l, _l[i]);
+			if (i == 0) {
+				ep2_norm(q, p);
+				if (bn_sign(_k[0]) == RLC_NEG) {
+					ep2_neg(q, q);
+				}
+				ep2_tab(t[0], q, RLC_WIDTH);
+			} else {
+				for (size_t j = 0; j < (1 << (RLC_WIDTH - 2)); j++) {
+					ep2_frb(t[i][j], t[i - 1][j], 1);
+					if (bn_sign(_k[i]) != bn_sign(_k[i - 1])) {
+						ep2_neg(t[i][j], t[i][j]);
+					}
+				}
+			}
 		}
 
 		ep2_set_infty(r);
 		for (int j = l - 1; j >= 0; j--) {
 			ep2_dbl(r, r);
 
-			for (int i = 0; i < 4; i++) {
+			for (size_t i = 0; i < 4; i++) {
 				if (naf[i][j] > 0) {
-					ep2_add(r, r, q[i]);
+					ep2_add(r, r, t[i][naf[i][j] / 2]);
 				}
 				if (naf[i][j] < 0) {
-					ep2_sub(r, r, q[i]);
+					ep2_sub(r, r, t[i][-naf[i][j] / 2]);
 				}
 			}
 		}
@@ -102,11 +112,13 @@ static void ep2_mul_gls_imp(ep2_t r, const ep2_t p, const bn_t k) {
 	RLC_FINALLY {
 		bn_free(n);
 		bn_free(u);
-		for (int i = 0; i < 4; i++) {
+		ep2_free(q);
+		for (size_t i = 0; i < 4; i++) {
 			bn_free(_k[i]);
-			ep2_free(q[i]);
+			for (size_t j = 0; j < (1 << (RLC_WIDTH - 2)); j++) {
+				ep2_free(t[i][j]);
+			}	
 		}
-
 	}
 }
 
@@ -117,7 +129,7 @@ static void ep2_mul_gls_imp(ep2_t r, const ep2_t p, const bn_t k) {
 static void ep2_mul_reg_gls(ep2_t r, const ep2_t p, const bn_t k) {
 	size_t l;
 	bn_t n, _k[4], u;
-	int8_t even, col, sac[4 * (RLC_FP_BITS + 1)];
+	int8_t even, col, sac[4 * RLC_FP_BITS];
 	ep2_t q[4], t[1 << 3];
 
 	bn_null(n);
@@ -159,8 +171,8 @@ static void ep2_mul_reg_gls(ep2_t r, const ep2_t p, const bn_t k) {
 			ep2_add(t[i], t[i ^ (1 << (l - 1))], q[l]);
 		}
 
-		l = RLC_FP_BITS + 1;
-		bn_rec_sac(sac, &l, _k, 4, n);
+		l = RLC_FP_BITS;
+		bn_rec_sac(sac, &l, _k, 4, bn_bits(n));
 
 #if defined(EP_MIXED)
 		ep2_norm_sim(t + 1, t + 1, (1 << 3) - 1);
@@ -185,7 +197,7 @@ static void ep2_mul_reg_gls(ep2_t r, const ep2_t p, const bn_t k) {
 		}
 
 		ep2_neg(q[1], r);
-		fp2_copy_sec(r->y, q[1]->y, sac[l - 1] != 0);
+		fp2_copy_sec(r->y, q[1]->y, sac[l - 1]);
 		for (int j = l - 2; j >= 0; j--) {
 			ep2_dbl(r, r);
 

diff --git a/src/epx/relic_ep2_mul_sim.c b/src/epx/relic_ep2_mul_sim.c
@@ -280,9 +280,7 @@ void ep2_mul_sim_basic(ep2_t r, const ep2_t p, const bn_t k, const ep2_t q,
 
 void ep2_mul_sim_trick(ep2_t r, const ep2_t p, const bn_t k, const ep2_t q,
 		const bn_t m) {
-	ep2_t t0[1 << (RLC_WIDTH / 2)];
-	ep2_t t1[1 << (RLC_WIDTH / 2)];
-	ep2_t t[1 << RLC_WIDTH];
+	ep2_t t0[1 << (RLC_WIDTH / 2)], t1[1 << (RLC_WIDTH / 2)], t[1 << RLC_WIDTH];
 	bn_t n, _k, _m;
 	size_t l0, l1, w = RLC_WIDTH / 2;
 	uint8_t w0[2 * RLC_FP_BITS], w1[2 * RLC_FP_BITS];
@@ -305,10 +303,6 @@ void ep2_mul_sim_trick(ep2_t r, const ep2_t p, const bn_t k, const ep2_t q,
 		bn_new(_k);
 		bn_new(_m);
 
-		ep2_curve_get_ord(n);
-		bn_mod(_k, k, n);
-		bn_mod(_m, m, n);
-
 		for (int i = 0; i < (1 << w); i++) {
 			ep2_null(t0[i]);
 			ep2_null(t1[i]);
@@ -320,21 +314,19 @@ void ep2_mul_sim_trick(ep2_t r, const ep2_t p, const bn_t k, const ep2_t q,
 			ep2_new(t[i]);
 		}
 
+		ep2_curve_get_ord(n);
+		bn_mod(_k, k, n);
+		bn_mod(_m, m, n);
+
 		ep2_set_infty(t0[0]);
 		ep2_copy(t0[1], p);
-		if (bn_sign(k) == RLC_NEG) {
-			ep2_neg(t0[1], t0[1]);
-		}
 		for (int i = 2; i < (1 << w); i++) {
 			ep2_add(t0[i], t0[i - 1], t0[1]);
 		}
 
 		ep2_set_infty(t1[0]);
 		ep2_copy(t1[1], q);
-		if (bn_sign(m) == RLC_NEG) {
-			ep2_neg(t1[1], t1[1]);
-		}
-		for (int i = 1; i < (1 << w); i++) {
+		for (int i = 2; i < (1 << w); i++) {
 			ep2_add(t1[i], t1[i - 1], t1[1]);
 		}
 
@@ -345,12 +337,12 @@ void ep2_mul_sim_trick(ep2_t r, const ep2_t p, const bn_t k, const ep2_t q,
 		}
 
 #if defined(EP_MIXED)
-		ep2_norm_sim(t + 1, t + 1, (1 << (RLC_WIDTH)) - 1);
+		ep2_norm_sim(t + 2, (const ep2_t *)(t + 2), (1 << (w + w)) - 2);
 #endif
 
 		l0 = l1 = RLC_CEIL(2 * RLC_FP_BITS, w);
-		bn_rec_win(w0, &l0, k, w);
-		bn_rec_win(w1, &l1, m, w);
+		bn_rec_win(w0, &l0, _k, w);
+		bn_rec_win(w1, &l1, _m, w);
 
 		ep2_set_infty(r);
 		for (int i = RLC_MAX(l0, l1) - 1; i >= 0; i--) {