Making tests faster

src/main/java/org/cryptimeleon/math/structures/groups/elliptic/AbstractPairing.java

@@ -12,7 +12,7 @@
 import java.util.Objects;
 
 /**
- * Base class for pairings based on BN curves such as Tate Pairing, Ate Pairing and Optimal Ate Pairing.
+ * Base class for pairings such as Tate Pairing, Ate Pairing and Optimal Ate Pairing.
  */
 public abstract class AbstractPairing implements BilinearMapImpl {
     protected PairingSourceGroupImpl g1;
@@ -44,18 +44,7 @@ public PairingTargetGroupElementImpl apply(GroupElementImpl g, GroupElementImpl
      * @return f^e
      */
     public PairingTargetGroupElementImpl exponentiate(FieldElement f) {
-        PairingTargetGroupElementImpl result = gT.getElement((ExtensionFieldElement) f.pow(gT.getCofactor()));
-        return result;
-    }
-
-    public AbstractPairing(Representation r) {
-        ObjectRepresentation or = (ObjectRepresentation) r;
-
-        init(
-                (PairingSourceGroupImpl) ((RepresentableRepresentation) or.get("G1")).recreateRepresentable(),
-                (PairingSourceGroupImpl) ((RepresentableRepresentation) or.get("G2")).recreateRepresentable(),
-                (PairingTargetGroupImpl) ((RepresentableRepresentation) or.get("GT")).recreateRepresentable()
-        );
+        return gT.getElement((ExtensionFieldElement) f.pow(gT.getCofactor()));
     }
 
     /**

src/main/java/org/cryptimeleon/math/structures/groups/elliptic/type1/supersingular/SupersingularTatePairing.java

@@ -19,10 +19,6 @@ public SupersingularTatePairing(SupersingularSourceGroupImpl g1, SupersingularTa
         //	this.distortionMap = new SupersingularTypeADistortionMap(g1,gT.getFieldOfDefinition());
     }
 
-    public SupersingularTatePairing(Representation r) {
-        super(r);
-    }
-
     @Override
     protected ExtensionFieldElement evaluateLine(FieldElement[] line, PairingSourceGroupElement P, PairingSourceGroupElement Q) {
         ExtensionField targetField = (ExtensionField) gT.getFieldOfDefinition();

src/main/java/org/cryptimeleon/math/structures/groups/elliptic/type3/bn/BarretoNaehrigBilinearGroupImpl.java

@@ -45,6 +45,8 @@ public class BarretoNaehrigBilinearGroupImpl implements BilinearGroupImpl {
 
     //Impl
     @Represented
+    private BigInteger u;
+    @Represented
     private BarretoNaehrigGroup1Impl g1impl;
     @Represented
     private BarretoNaehrigGroup2Impl g2impl;
@@ -78,6 +80,9 @@ public BarretoNaehrigBilinearGroupImpl(String spec) {
     }
 
     public BarretoNaehrigBilinearGroupImpl(BarretoNaehrigParameterSpec spec) {
+        /* get parameter u that identifies the BN curve */
+        u = spec.u;
+
         /* get size of groups */
         BigInteger n = spec.size;
 
@@ -140,15 +145,15 @@ public BarretoNaehrigBilinearGroupImpl(BarretoNaehrigParameterSpec spec) {
 
         /* construct new bilinearMap based on its name */
         if ("Tate".equals(spec.pairing)) {
-            bilinearMapImpl = new BarretoNaehrigTatePairing(g1impl, g2impl, gtimpl);
+            bilinearMapImpl = new BarretoNaehrigTatePairing(g1impl, g2impl, gtimpl, u);
         } else {
             throw new IllegalArgumentException("Pairing of type " + spec.pairing + " not supported.");
         }
     }
 
     public BarretoNaehrigBilinearGroupImpl(Representation representation) {
         new ReprUtil(this).deserialize(representation);
-        bilinearMapImpl = new BarretoNaehrigTatePairing(g1impl, g2impl, gtimpl);
+        bilinearMapImpl = new BarretoNaehrigTatePairing(g1impl, g2impl, gtimpl, u);
     }
 
     @Override
@@ -391,7 +396,7 @@ protected void init(int groupBitSize) {
                     /* tschakka, we are done */
                     gT = new BarretoNaehrigTargetGroupImpl(v, n);
 
-                    init(P1, P2, gT);
+                    init(P1, P2, gT, u);
                     return;
                 }
             }
@@ -406,12 +411,12 @@ protected void init(int groupBitSize) {
      * @param gT target group
      */
     private void init(BarretoNaehrigGroup1ElementImpl P1, BarretoNaehrigGroup2ElementImpl P2,
-                                                 BarretoNaehrigTargetGroupImpl gT) {
+                                                 BarretoNaehrigTargetGroupImpl gT, BigInteger u) {
         g1impl = (BarretoNaehrigGroup1Impl) P1.getStructure();
         g2impl = (BarretoNaehrigGroup2Impl) P2.getStructure();
         gtimpl = gT;
 
-        bilinearMapImpl = new BarretoNaehrigTatePairing(g1impl, g2impl, gT);
+        bilinearMapImpl = new BarretoNaehrigTatePairing(g1impl, g2impl, gT, u);
         hashIntoG1impl = new BarretoNaehrigPointEncoding(g1impl);
         hashIntoG2impl = new BarretoNaehrigPointEncoding(g2impl);
     }

src/main/java/org/cryptimeleon/math/structures/groups/elliptic/type3/bn/BarretoNaehrigParameterSpec.java

@@ -6,24 +6,26 @@
  * Represents a fixed parametrization of a Barreto-Naehrig bilinear group.
  */
 public class BarretoNaehrigParameterSpec {
-    public BigInteger characteristic;
-    public BigInteger size;
-    public BigInteger alpha;
-    public BigInteger beta0;
-    public BigInteger beta1;
-    public BigInteger b;
-    public BigInteger x1;
-    public BigInteger y1;
-    public BigInteger x20;
-    public BigInteger x21;
-    public BigInteger y20;
-    public BigInteger y21;
-    public String pairing;
-    public String hash;
+    public final BigInteger u;
+    public final BigInteger characteristic;
+    public final BigInteger size;
+    public final BigInteger alpha;
+    public final BigInteger beta0;
+    public final BigInteger beta1;
+    public final BigInteger b;
+    public final BigInteger x1;
+    public final BigInteger y1;
+    public final BigInteger x20;
+    public final BigInteger x21;
+    public final BigInteger y20;
+    public final BigInteger y21;
+    public final String pairing;
+    public final String hash;
 
-    public BarretoNaehrigParameterSpec(BigInteger characteristic, BigInteger size, BigInteger alpha, BigInteger beta0, BigInteger beta1, BigInteger b, BigInteger x1, BigInteger y1, BigInteger x20, BigInteger x21, BigInteger y20, BigInteger y21,
+    public BarretoNaehrigParameterSpec(BigInteger u, BigInteger characteristic, BigInteger size, BigInteger alpha, BigInteger beta0, BigInteger beta1, BigInteger b, BigInteger x1, BigInteger y1, BigInteger x20, BigInteger x21, BigInteger y20, BigInteger y21,
                                        String pairing, String hash) {
         super();
+        this.u = u;
         this.characteristic = characteristic;
         this.size = size;
         this.alpha = alpha;
@@ -46,6 +48,7 @@ public BarretoNaehrigParameterSpec(BigInteger characteristic, BigInteger size, B
      */
     public static BarretoNaehrigParameterSpec sfc256() {
         return new BarretoNaehrigParameterSpec(
+                new BigInteger("36893488147419130051", 10),
                 new BigInteger("2400000000001d76ea000000090b16017d00013bcce1b73032502782f6c062b4d9b", 16),
                 new BigInteger("2400000000001d76ea000000090b16017b80013bcce1b6930dd02782f6b04f13265", 16),
                 BigInteger.ONE,

src/main/java/org/cryptimeleon/math/structures/groups/elliptic/type3/bn/BarretoNaehrigTatePairing.java

@@ -3,29 +3,33 @@
 import org.cryptimeleon.math.serialization.Representation;
 import org.cryptimeleon.math.structures.groups.elliptic.AbstractPairing;
 import org.cryptimeleon.math.structures.groups.elliptic.PairingSourceGroupElement;
+import org.cryptimeleon.math.structures.groups.elliptic.PairingTargetGroupElementImpl;
 import org.cryptimeleon.math.structures.rings.FieldElement;
 import org.cryptimeleon.math.structures.rings.extfield.ExtensionField;
 import org.cryptimeleon.math.structures.rings.extfield.ExtensionFieldElement;
 
+import java.math.BigInteger;
+
 /**
  * Tate-pairing specific implementation of BN based pairings.
  */
 public class BarretoNaehrigTatePairing extends AbstractPairing {
+    BigInteger lambda2, lambda1, lambda0;
+
     /**
      * Construct Tate pairing \(\mathbb{G}_1 \times \mathbb{G}_2 \rightarrow \mathbb{G}_T\).
      */
-    public BarretoNaehrigTatePairing(BarretoNaehrigGroup1Impl g1, BarretoNaehrigGroup2Impl g2, BarretoNaehrigTargetGroupImpl gT) {
+    public BarretoNaehrigTatePairing(BarretoNaehrigGroup1Impl g1, BarretoNaehrigGroup2Impl g2, BarretoNaehrigTargetGroupImpl gT, BigInteger u) {
         super(g1, g2, gT);
-
-    }
-
-    public BarretoNaehrigTatePairing(BarretoNaehrigSourceGroupImpl g1, BarretoNaehrigSourceGroupImpl g2,
-                                     BarretoNaehrigTargetGroupImpl gT) {
-        super(g1, g2, gT);
-    }
-
-    public BarretoNaehrigTatePairing(Representation r) {
-        super(r);
+        lambda2 = u.pow(2).multiply(BigInteger.valueOf(6)).add(BigInteger.ONE);
+        lambda1 = u.pow(3).multiply(BigInteger.valueOf(-36))
+                .add(u.pow(2).multiply(BigInteger.valueOf(-18)))
+                .add(u.multiply(BigInteger.valueOf(-12)))
+                .add(BigInteger.ONE);
+        lambda0 = u.pow(3).multiply(BigInteger.valueOf(-36))
+                .add(u.pow(2).multiply(BigInteger.valueOf(-30)))
+                .add(u.multiply(BigInteger.valueOf(-18)))
+                .add(BigInteger.valueOf(-2));
     }
 
     /**
@@ -77,6 +81,27 @@ protected ExtensionFieldElement pair(PairingSourceGroupElement P, PairingSourceG
 
     }
 
+    @Override
+    public PairingTargetGroupElementImpl exponentiate(FieldElement f) {
+        FieldElement result;
+
+        if (lambda2 != null) {
+            //https://eprint.iacr.org/2008/490.pdf section 3
+            result = f.applyFrobenius(6).div(f);
+            result = result.applyFrobenius(2).mul(result);
+
+            ////https://eprint.iacr.org/2008/490.pdf section 5 (the "hard part" mentioned in section 3)
+            FieldElement resultFrob1 = result.applyFrobenius();
+            FieldElement resultFrob2 = resultFrob1.applyFrobenius();
+            FieldElement resultFrob3 = resultFrob2.applyFrobenius();
+            result = resultFrob3.mul(resultFrob2.pow(lambda2)).mul(resultFrob1.pow(lambda1)).mul(result.pow(lambda0));
+        } else {
+            result = f.pow(gT.getCofactor());
+        }
+
+        return gT.getElement((ExtensionFieldElement) result);
+    }
+
     @Override
     public String toString() {
         return "Tate Pairing G1xG2->Gt of Type 3";
@@ -86,4 +111,6 @@ public String toString() {
     public boolean isSymmetric() {
         return false;
     }
+
+
 }

src/main/java/org/cryptimeleon/math/structures/rings/FieldElement.java

@@ -75,4 +75,20 @@ default BigInteger getRank() throws UnsupportedOperationException {
         return BigInteger.ZERO;
     }
 
+    /**
+     * Computes this^characteristic.
+     */
+    default FieldElement applyFrobenius() {
+        return this.pow(getStructure().getCharacteristic());
+    }
+
+    /**
+     * Computes this^(characteristic^numberOfApplications)
+     */
+    default FieldElement applyFrobenius(int numberOfApplications) {
+       FieldElement result = this;
+        for (int i=0;i<numberOfApplications;i++)
+            result = result.applyFrobenius();
+        return result;
+    }
 }

src/main/java/org/cryptimeleon/math/structures/rings/extfield/ExtensionField.java

@@ -23,6 +23,11 @@ public class ExtensionField implements Field {
     protected FieldElement constant;
     protected int extensionDegree;
     protected PolynomialRing.Polynomial definingPolynomial;
+    /**
+     * frobeniusOfXPowers[i] = (x^p)^i mod (x^extensionDegree + constant)
+     * for i <= extensionDegree
+     */
+    protected ExtensionFieldElement[] frobeniusOfXPowers;
 
 
     /**
@@ -38,6 +43,15 @@ private void init(FieldElement constant, int extensionDegree) {
             coefficients[i] = constant.getStructure().getZeroElement();
 
         this.definingPolynomial = PolynomialRing.getPoly(coefficients);
+
+        //Precompute frobenius stuff (there's probably an embarrassingly better way to do this but ... here we go for now)
+        frobeniusOfXPowers = new ExtensionFieldElement[extensionDegree+1];
+        frobeniusOfXPowers[0] = getOneElement();
+        if (extensionDegree > 0) {
+            frobeniusOfXPowers[1] = (ExtensionFieldElement) createElement(constant.getStructure().getZeroElement(), constant.getStructure().getOneElement()).pow(getCharacteristic()); //"x^p"
+            for (int i = 2; i < frobeniusOfXPowers.length; i++)
+                frobeniusOfXPowers[i] = frobeniusOfXPowers[i-1].mul(frobeniusOfXPowers[1]);
+        }
     }
 
     /**

src/main/java/org/cryptimeleon/math/structures/rings/extfield/ExtensionFieldElement.java

@@ -22,8 +22,8 @@
 
 public class ExtensionFieldElement implements FieldElement, UniqueByteRepresentable {
 
-    private ExtensionField field;
-    private FieldElement[] coefficients;
+    private final ExtensionField field;
+    private final FieldElement[] coefficients;
 
     public ExtensionFieldElement(ExtensionField f, FieldElement[] coefficients) {
         this.field = f;
@@ -149,6 +149,17 @@ public ExtensionFieldElement conjugate() {
         }
     }
 
+    @Override
+    public ExtensionFieldElement applyFrobenius() {
+        //Yes, this is probably suboptimal.
+        ExtensionFieldElement result = getStructure().getZeroElement();
+        for (int i=0; i<coefficients.length; i++) {
+            result = result.add(field.createElement(coefficients[i].applyFrobenius()).mul(getStructure().frobeniusOfXPowers[i]));
+        }
+        return result;
+        //return (ExtensionFieldElement) this.pow(getStructure().getCharacteristic());
+    }
+
     @Override
     public ExtensionField getStructure() {
         return this.field;
@@ -210,24 +221,6 @@ public String toString() {
         return "["+Arrays.stream(coefficients).map(Object::toString).collect(Collectors.joining(", "))+"]";
     }
 
-    public ArrayList<BigInteger> asBigIntegerList() {
-        ArrayList<BigInteger> list = new ArrayList<BigInteger>();
-
-        for (FieldElement c : coefficients) {
-            if (c instanceof ExtensionFieldElement) {
-                for (BigInteger cc : ((ExtensionFieldElement) c).asBigIntegerList()) {
-                    list.add(cc);
-                }
-            } else if (c instanceof ZnElement) {
-                list.add(((ZnElement) c).getInteger());
-            }
-        }
-
-        return list;
-
-    }
-
-
     @Override
     public ByteAccumulator updateAccumulator(ByteAccumulator accumulator) {
         Consumer<UniqueByteRepresentable> accumulationMethod;

src/main/java/org/cryptimeleon/math/structures/rings/zn/Zp.java

@@ -215,6 +215,11 @@ public ZpElement sqrt() throws ArithmeticException {
                 throw new ArithmeticException("Input has to be quadratic residue.");
             }
         }
+
+        @Override
+        public FieldElement applyFrobenius() {
+            return this;
+        }
     }
 
     @Override