Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sm9/bn256: Implement complete addition formula #144

Closed
emmansun opened this issue Jul 20, 2023 · 2 comments
Closed

sm9/bn256: Implement complete addition formula #144

emmansun opened this issue Jul 20, 2023 · 2 comments
Assignees
@emmansun
Labels
enhancement New feature or request

Comments

@emmansun
Copy link
Owner

References:

Code:

var threeCurveB = newGFp(3 * 5)

func (c *curvePoint) Add(p1, p2 *curvePoint) {
	// Complete addition formula for a = 0 from "Complete addition formulas for
	// prime order elliptic curves" (https://eprint.iacr.org/2015/1060), §3.2.

	t0, t1, t2, t3, t4 := new(gfP), new(gfP), new(gfP), new(gfP), new(gfP)
	x3, y3, z3 := new(gfP), new(gfP), new(gfP)
	gfpMul(t0, &p1.x, &p2.x)    // t0 := X1 * X2
	gfpMul(t1, &p1.y, &p2.y)    // t1 := Y1 * Y2
	gfpMul(t2, &p1.z, &p2.z)    // t2 := Z1 * Z2
	gfpAdd(t3, &p1.x, &p1.y)    // t3 := X1 + Y1
	gfpAdd(t4, &p2.x, &p2.y)    // t4 := X2 + Y2
	gfpMul(t3, t3, t4)          // t3 := t3 * t4 = (X1 + Y1) * (X2 + Y2)
	gfpAdd(t4, t0, t1)          // t4 := t0 + t1
	gfpSub(t3, t3, t4)          // t3 := t3 - t4 = X1 * Y2 + X2 * Y1
	gfpAdd(t4, &p1.y, &p1.z)    // t4 := Y1 + Z1
	gfpAdd(x3, &p2.y, &p2.z)    // X3 := Y2 + Z2
	gfpMul(t4, t4, x3)          // t4 := t4 * X3 = (Y1 + Z1)(Y2 + Z2)
	gfpAdd(x3, t1, t2)          // X3 := t1 + t2
	gfpSub(t4, t4, x3)          // t4 := t4 - X3 = Y1 * Z2 + Y2 * Z1
	gfpAdd(x3, &p1.x, &p1.z)    // X3 := X1 + Z1
	gfpAdd(y3, &p2.x, &p2.z)    // Y3 := X2 + Z2
	gfpMul(x3, x3, y3)          // X3 := X3 * Y3
	gfpAdd(y3, t0, t2)          // Y3 := t0 + t2
	gfpSub(y3, x3, y3)          // Y3 := X3 - Y3 = X1 * Z2 + X2 * Z1
	gfpDouble(x3, t0)           // X3 := t0 + t0
	gfpAdd(t0, x3, t0)          // t0 := X3 + t0 = 3 X1 * X2
	gfpMul(t2, threeCurveB, t2) // t2 := 3b * t2 = 3b * Z1 * Z2
	gfpAdd(z3, t1, t2)          // Z3 := t1 + t2 = Y1 * Y2 + 3b * Z1 * Z2
	gfpSub(t1, t1, t2)          // t1 := t1 - t2 = Y1 * Y2 - 3b * Z1 * Z2
	gfpMul(y3, threeCurveB, y3) // Y3 = 3b * Y3 = 3b(X1 * Z2 + X2 * Z1)
	gfpMul(x3, t4, y3)          // X3 := t4 * Y3 = 3b(X1 * Z2 + X2 * Z1)(Y1 * Z2 + Y2 * Z1)
	gfpMul(t2, t3, t1)          // t2 := t3 * t1 = (X1 * Y2 + X2 * Y1)(Y1 * Y2 - 3b * Z1 * Z2)
	gfpSub(x3, t2, x3)          // X3 := t2 - X3 = (X1 * Y2 + X2 * Y1)(Y1 * Y2 - 3b * Z1 * Z2) - 3b(X1 * Z2 + X2 * Z1)(Y1 * Z2 + Y2 * Z1)
	gfpMul(y3, y3, t0)          // Y3 := Y3 * t0 = 9b(X1 * Z2 + X2 * Z1)(X1 * X2)
	gfpMul(t1, t1, z3)          // t1 := t1 * Z3 = (Y1 * Y2 - 3b * Z1 * Z2)(Y1 * Y2 + 3b * Z1 * Z2)
	gfpAdd(y3, t1, y3)          // Y3 := t1 + Y3 = (Y1 * Y2 - 3b * Z1 * Z2)(Y1 * Y2 + 3b * Z1 * Z2) + 9b(X1 * Z2 + X2 * Z1)(X1 * X2)
	gfpMul(t0, t0, t3)          // t0 := t0 * t3 = 3 X1 * X2 (X1 * Y2 + X2 * Y1)
	gfpMul(z3, z3, t4)          // Z3 := Z3 * t4 = (Y1 * Y2 + 3b * Z1 * Z2)(Y1 * Z2 + Y2 * Z1)
	gfpAdd(z3, z3, t0)          // Z3 := Z3 + t0 = (Y1 * Y2 + 3b * Z1 * Z2)(Y1 * Z2 + Y2 * Z1) + 3 X1 * X2 (X1 * Y2 + X2 * Y1)

	c.x.Set(x3)
	c.y.Set(y3)
	c.z.Set(z3)
}

image

对照了好多遍,哪里有错?
@emmansun emmansun added the enhancement New feature or request label Jul 20, 2023
@emmansun emmansun self-assigned this Jul 20, 2023
@emmansun
Copy link
Owner Author

啊,原来是投影不同!

emmansun added a commit that referenced this issue Jul 21, 2023
@emmansun
sm9/bn256: complete addition fomulas and gfp2 amd64 asm #144
16b2a43
emmansun added a commit that referenced this issue Jul 21, 2023
@emmansun
sm9/bn256: fix twist Frobenius bug due to #144, will further review t…
5b5b26c 
…hose functions usage
@emmansun
Copy link
Owner Author 

goos: windows
goarch: amd64
pkg: github.com/emmansun/gmsm/sm9/bn256
cpu: Intel(R) Core(TM) i5-9500 CPU @ 3.00GHz
BenchmarkAddPoint
BenchmarkAddPoint/Add_complete
BenchmarkAddPoint/Add_complete-6
 4503493	       259.7 ns/op	       0 B/op	       0 allocs/op
BenchmarkAddPoint/Add_traditional
BenchmarkAddPoint/Add_traditional-6
 3892330	       302.5 ns/op	       0 B/op	       0 allocs/op

BenchmarkDoublePoint
BenchmarkDoublePoint/Double_complete
BenchmarkDoublePoint/Double_complete-6
 7551348	       162.7 ns/op	       0 B/op	       0 allocs/op
BenchmarkDoublePoint/Double_traditional
BenchmarkDoublePoint/Double_traditional-6
 7771260	       158.6 ns/op	       0 B/op	       0 allocs/op
PASS

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@emmansun emmansun

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@emmansun