MastersThesis/TIIGER_TLS/PQ_TIIGER_TLS/sal/miracl-ubuntu22-11-04-24/includes/fp16.cpp

611 lines
13 KiB
C++
Raw Normal View History

2024-04-15 09:53:30 +00:00
/*
* Copyright (c) 2012-2020 MIRACL UK Ltd.
*
* This file is part of MIRACL Core
* (see https://github.com/miracl/core).
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/* CORE Fp^8 functions */
/* FP16 elements are of the form a+ib, where i is sqrt(sqrt(-1+sqrt(-1))) */
#include "fp16_YYY.h"
using namespace XXX;
/* test x==0 ? */
int YYY::FP16_iszilch(FP16 *x)
{
if (FP8_iszilch(&(x->a)) && FP8_iszilch(&(x->b))) return 1;
return 0;
}
/* test x==1 ? */
int YYY::FP16_isunity(FP16 *x)
{
if (FP8_isunity(&(x->a)) && FP8_iszilch(&(x->b))) return 1;
return 0;
}
/* test is w real? That is in a+ib test b is zero */
int YYY::FP16_isreal(FP16 *w)
{
return FP8_iszilch(&(w->b));
}
/* return 1 if x==y, else 0 */
int YYY::FP16_equals(FP16 *x, FP16 *y)
{
if (FP8_equals(&(x->a), &(y->a)) && FP8_equals(&(x->b), &(y->b)))
return 1;
return 0;
}
void YYY::FP16_toBytes(char *b,FP16 *x)
{
FP8_toBytes(b,&(x->b));
FP8_toBytes(&b[8*MODBYTES_XXX],&(x->a));
}
void YYY::FP16_fromBytes(FP16 *x,char *b)
{
FP8_fromBytes(&(x->b),b);
FP8_fromBytes(&(x->a),&b[8*MODBYTES_XXX]);
}
/* set FP16 from two FP8s */
void YYY::FP16_from_FP8s(FP16 *w, FP8 * x, FP8* y)
{
FP8_copy(&(w->a), x);
FP8_copy(&(w->b), y);
}
/* set FP16 from FP8 */
void YYY::FP16_from_FP8(FP16 *w, FP8 *x)
{
FP8_copy(&(w->a), x);
FP8_zero(&(w->b));
}
/* set high part of FP16 from FP8 */
void YYY::FP16_from_FP8H(FP16 *w, FP8 *x)
{
FP8_copy(&(w->b), x);
FP8_zero(&(w->a));
}
/* FP16 copy w=x */
void YYY::FP16_copy(FP16 *w, FP16 *x)
{
if (w == x) return;
FP8_copy(&(w->a), &(x->a));
FP8_copy(&(w->b), &(x->b));
}
/* FP16 w=0 */
void YYY::FP16_zero(FP16 *w)
{
FP8_zero(&(w->a));
FP8_zero(&(w->b));
}
/* FP16 w=1 */
void YYY::FP16_one(FP16 *w)
{
FP8_one(&(w->a));
FP8_zero(&(w->b));
}
/* Set w=-x */
void YYY::FP16_neg(FP16 *w, FP16 *x)
{
/* Just one field neg */
FP8 m, t;
FP16_norm(x);
FP8_add(&m, &(x->a), &(x->b));
FP8_norm(&m);
FP8_neg(&m, &m);
FP8_add(&t, &m, &(x->b));
FP8_add(&(w->b), &m, &(x->a));
FP8_copy(&(w->a), &t);
FP16_norm(w);
}
/* Set w=conj(x) */
void YYY::FP16_conj(FP16 *w, FP16 *x)
{
FP8_copy(&(w->a), &(x->a));
FP8_neg(&(w->b), &(x->b));
FP16_norm(w);
}
/* Set w=-conj(x) */
void YYY::FP16_nconj(FP16 *w, FP16 *x)
{
FP8_copy(&(w->b), &(x->b));
FP8_neg(&(w->a), &(x->a));
FP16_norm(w);
}
/* Set w=x+y */
void YYY::FP16_add(FP16 *w, FP16 *x, FP16 *y)
{
FP8_add(&(w->a), &(x->a), &(y->a));
FP8_add(&(w->b), &(x->b), &(y->b));
}
/* Set w=x-y */
/* Input y MUST be normed */
void YYY::FP16_sub(FP16 *w, FP16 *x, FP16 *y)
{
FP16 my;
FP16_neg(&my, y);
FP16_add(w, x, &my);
}
/* reduce all components of w mod Modulus */
void YYY::FP16_reduce(FP16 *w)
{
FP8_reduce(&(w->a));
FP8_reduce(&(w->b));
}
/* normalise all elements of w */
void YYY::FP16_norm(FP16 *w)
{
FP8_norm(&(w->a));
FP8_norm(&(w->b));
}
/* Set w=s*x, where s is FP8 */
void YYY::FP16_pmul(FP16 *w, FP16 *x, FP8 *s)
{
FP8_mul(&(w->a), &(x->a), s);
FP8_mul(&(w->b), &(x->b), s);
}
/* Set w=s*x, where s is FP2 */
void YYY::FP16_qmul(FP16 *w, FP16 *x, FP2 *s)
{
FP8_qmul(&(w->a), &(x->a), s);
FP8_qmul(&(w->b), &(x->b), s);
}
/* Set w=s*x, where s is FP */
void YYY::FP16_tmul(FP16 *w, FP16 *x, FP *s)
{
FP8_tmul(&(w->a), &(x->a), s);
FP8_tmul(&(w->b), &(x->b), s);
}
/* Set w=s*x, where s is int */
void YYY::FP16_imul(FP16 *w, FP16 *x, int s)
{
FP8_imul(&(w->a), &(x->a), s);
FP8_imul(&(w->b), &(x->b), s);
}
/* Set w=x^2 */
/* Input MUST be normed */
void YYY::FP16_sqr(FP16 *w, FP16 *x)
{
FP8 t1, t2, t3;
FP8_mul(&t3, &(x->a), &(x->b)); /* norms x */
FP8_copy(&t2, &(x->b));
FP8_add(&t1, &(x->a), &(x->b));
FP8_times_i(&t2);
FP8_add(&t2, &(x->a), &t2);
FP8_norm(&t1); // 2
FP8_norm(&t2); // 2
FP8_mul(&(w->a), &t1, &t2);
FP8_copy(&t2, &t3);
FP8_times_i(&t2);
FP8_add(&t2, &t2, &t3);
FP8_norm(&t2); // 2
FP8_neg(&t2, &t2);
FP8_add(&(w->a), &(w->a), &t2); /* a=(a+b)(a+i^2.b)-i^2.ab-ab = a*a+ib*ib */
FP8_add(&(w->b), &t3, &t3); /* b=2ab */
FP16_norm(w);
}
/* Set w=x*y */
/* Inputs MUST be normed */
void YYY::FP16_mul(FP16 *w, FP16 *x, FP16 *y)
{
FP8 t1, t2, t3, t4;
FP8_mul(&t1, &(x->a), &(y->a));
FP8_mul(&t2, &(x->b), &(y->b));
FP8_add(&t3, &(y->b), &(y->a));
FP8_add(&t4, &(x->b), &(x->a));
FP8_norm(&t4); // 2
FP8_norm(&t3); // 2
FP8_mul(&t4, &t4, &t3); /* (xa+xb)(ya+yb) */
FP8_neg(&t3, &t1); // 1
FP8_add(&t4, &t4, &t3); //t4E=3
FP8_norm(&t4);
FP8_neg(&t3, &t2); // 1
FP8_add(&(w->b), &t4, &t3); //wbE=3
FP8_times_i(&t2);
FP8_add(&(w->a), &t2, &t1);
FP16_norm(w);
}
/* output FP16 in format [a,b] */
void YYY::FP16_output(FP16 *w)
{
printf("[");
FP8_output(&(w->a));
printf(",");
FP8_output(&(w->b));
printf("]");
}
void YYY::FP16_rawoutput(FP16 *w)
{
printf("[");
FP8_rawoutput(&(w->a));
printf(",");
FP8_rawoutput(&(w->b));
printf("]");
}
/* Set w=1/x */
void YYY::FP16_inv(FP16 *w, FP16 *x)
{
FP8 t1, t2;
FP8_sqr(&t1, &(x->a));
FP8_sqr(&t2, &(x->b));
FP8_times_i(&t2);
FP8_norm(&t2);
FP8_sub(&t1, &t1, &t2);
FP8_norm(&t1);
FP8_inv(&t1, &t1, NULL);
FP8_mul(&(w->a), &t1, &(x->a));
FP8_neg(&t1, &t1);
FP8_norm(&t1);
FP8_mul(&(w->b), &t1, &(x->b));
}
/* w*=i where i = sqrt(sqrt(-1+sqrt(-1))) */
void YYY::FP16_times_i(FP16 *w)
{
FP8 s, t;
FP8_copy(&s, &(w->b));
FP8_copy(&t, &(w->a));
FP8_times_i(&s);
FP8_copy(&(w->a), &s);
FP8_copy(&(w->b), &t);
FP16_norm(w);
//FP16_neg(w,w); // ***
//FP16_norm(w);
}
void YYY::FP16_times_i2(FP16 *w)
{
FP8_times_i(&(w->a));
FP8_times_i(&(w->b));
}
void YYY::FP16_times_i4(FP16 *w)
{
FP8_times_i2(&(w->a));
FP8_times_i2(&(w->b));
}
/* Set w=w^p using Frobenius */
void YYY::FP16_frob(FP16 *w, FP2 *f)
{ // f=(i+1)^(p-3)/8
FP2 ff;
FP2_sqr(&ff, f); // (i+1)^(p-3)/4
FP2_norm(&ff);
FP8_frob(&(w->a), &ff);
FP8_frob(&(w->b), &ff);
FP8_qmul(&(w->b), &(w->b), f); // times (1+i)^(p-3)/8
FP8_times_i(&(w->b)); // (i+1)^(p-1)/8
}
/* Set r=a^b mod m */
void YYY::FP16_pow(FP16 *r, FP16* a, BIG b)
{
FP16 w;
BIG z, zilch;
int bt;
BIG_zero(zilch);
BIG_copy(z, b);
FP16_copy(&w, a);
FP16_one(r);
BIG_norm(z);
while (1)
{
bt = BIG_parity(z);
BIG_shr(z, 1);
if (bt) FP16_mul(r, r, &w);
if (BIG_comp(z, zilch) == 0) break;
FP16_sqr(&w, &w);
}
FP16_reduce(r);
}
/* Move b to a if d=1 */
void YYY::FP16_cmove(FP16 *f, FP16 *g, int d)
{
FP8_cmove(&(f->a), &(g->a), d);
FP8_cmove(&(f->b), &(g->b), d);
}
//#if CURVE_SECURITY_ZZZ == 256
/* XTR xtr_a function */
/*
void YYY::FP16_xtr_A(FP16 *r, FP16 *w, FP16 *x, FP16 *y, FP16 *z)
{
FP16 t1, t2;
FP16_copy(r, x);
FP16_sub(&t1, w, y);
FP16_norm(&t1);
FP16_pmul(&t1, &t1, &(r->a));
FP16_add(&t2, w, y);
FP16_norm(&t2);
FP16_pmul(&t2, &t2, &(r->b));
FP16_times_i(&t2);
FP16_add(r, &t1, &t2);
FP16_add(r, r, z);
FP16_reduce(r);
}
*/
/* XTR xtr_d function */
/*
void YYY::FP16_xtr_D(FP16 *r, FP16 *x)
{
FP16 w;
FP16_copy(r, x);
FP16_conj(&w, r);
FP16_add(&w, &w, &w);
FP16_sqr(r, r);
FP16_norm(&w);
FP16_sub(r, r, &w);
FP16_reduce(r); // reduce here as multiple calls trigger automatic reductions
}
*/
/* r=x^n using XTR method on traces of FP48s */
/*
void YYY::FP16_xtr_pow(FP16 *r, FP16 *x, BIG n)
{
int i, par, nb;
BIG v;
FP2 w2;
FP4 w4;
FP8 w8;
FP16 t, a, b, c, sf;
FP16_copy(&sf, x);
FP16_norm(&sf);
BIG_zero(v);
BIG_inc(v, 3);
BIG_norm(v);
FP2_from_BIG(&w2, v);
FP4_from_FP2(&w4, &w2);
FP8_from_FP4(&w8, &w4);
FP16_from_FP8(&a, &w8);
FP16_copy(&b, &sf);
FP16_xtr_D(&c, &sf);
par = BIG_parity(n);
BIG_copy(v, n);
BIG_norm(v);
BIG_shr(v, 1);
if (par == 0)
{
BIG_dec(v, 1);
BIG_norm(v);
}
nb = BIG_nbits(v);
for (i = nb - 1; i >= 0; i--)
{
if (!BIG_bit(v, i))
{
FP16_copy(&t, &b);
FP16_conj(&sf, &sf);
FP16_conj(&c, &c);
FP16_xtr_A(&b, &a, &b, &sf, &c);
FP16_conj(&sf, &sf);
FP16_xtr_D(&c, &t);
FP16_xtr_D(&a, &a);
}
else
{
FP16_conj(&t, &a);
FP16_xtr_D(&a, &b);
FP16_xtr_A(&b, &c, &b, &sf, &t);
FP16_xtr_D(&c, &c);
}
}
if (par == 0) FP16_copy(r, &c);
else FP16_copy(r, &b);
FP16_reduce(r);
}
*/
/* r=ck^a.cl^n using XTR double exponentiation method on traces of FP48s. See Stam thesis. */
/*
void YYY::FP16_xtr_pow2(FP16 *r, FP16 *ck, FP16 *cl, FP16 *ckml, FP16 *ckm2l, BIG a, BIG b)
{
int i, f2;
BIG d, e, w;
FP16 t, cu, cv, cumv, cum2v;
BIG_copy(e, a);
BIG_copy(d, b);
BIG_norm(d);
BIG_norm(e);
FP16_copy(&cu, ck);
FP16_copy(&cv, cl);
FP16_copy(&cumv, ckml);
FP16_copy(&cum2v, ckm2l);
f2 = 0;
while (BIG_parity(d) == 0 && BIG_parity(e) == 0)
{
BIG_shr(d, 1);
BIG_shr(e, 1);
f2++;
}
while (BIG_comp(d, e) != 0)
{
if (BIG_comp(d, e) > 0)
{
BIG_imul(w, e, 4);
BIG_norm(w);
if (BIG_comp(d, w) <= 0)
{
BIG_copy(w, d);
BIG_copy(d, e);
BIG_sub(e, w, e);
BIG_norm(e);
FP16_xtr_A(&t, &cu, &cv, &cumv, &cum2v);
FP16_conj(&cum2v, &cumv);
FP16_copy(&cumv, &cv);
FP16_copy(&cv, &cu);
FP16_copy(&cu, &t);
}
else if (BIG_parity(d) == 0)
{
BIG_shr(d, 1);
FP16_conj(r, &cum2v);
FP16_xtr_A(&t, &cu, &cumv, &cv, r);
FP16_xtr_D(&cum2v, &cumv);
FP16_copy(&cumv, &t);
FP16_xtr_D(&cu, &cu);
}
else if (BIG_parity(e) == 1)
{
BIG_sub(d, d, e);
BIG_norm(d);
BIG_shr(d, 1);
FP16_xtr_A(&t, &cu, &cv, &cumv, &cum2v);
FP16_xtr_D(&cu, &cu);
FP16_xtr_D(&cum2v, &cv);
FP16_conj(&cum2v, &cum2v);
FP16_copy(&cv, &t);
}
else
{
BIG_copy(w, d);
BIG_copy(d, e);
BIG_shr(d, 1);
BIG_copy(e, w);
FP16_xtr_D(&t, &cumv);
FP16_conj(&cumv, &cum2v);
FP16_conj(&cum2v, &t);
FP16_xtr_D(&t, &cv);
FP16_copy(&cv, &cu);
FP16_copy(&cu, &t);
}
}
if (BIG_comp(d, e) < 0)
{
BIG_imul(w, d, 4);
BIG_norm(w);
if (BIG_comp(e, w) <= 0)
{
BIG_sub(e, e, d);
BIG_norm(e);
FP16_xtr_A(&t, &cu, &cv, &cumv, &cum2v);
FP16_copy(&cum2v, &cumv);
FP16_copy(&cumv, &cu);
FP16_copy(&cu, &t);
}
else if (BIG_parity(e) == 0)
{
BIG_copy(w, d);
BIG_copy(d, e);
BIG_shr(d, 1);
BIG_copy(e, w);
FP16_xtr_D(&t, &cumv);
FP16_conj(&cumv, &cum2v);
FP16_conj(&cum2v, &t);
FP16_xtr_D(&t, &cv);
FP16_copy(&cv, &cu);
FP16_copy(&cu, &t);
}
else if (BIG_parity(d) == 1)
{
BIG_copy(w, e);
BIG_copy(e, d);
BIG_sub(w, w, d);
BIG_norm(w);
BIG_copy(d, w);
BIG_shr(d, 1);
FP16_xtr_A(&t, &cu, &cv, &cumv, &cum2v);
FP16_conj(&cumv, &cumv);
FP16_xtr_D(&cum2v, &cu);
FP16_conj(&cum2v, &cum2v);
FP16_xtr_D(&cu, &cv);
FP16_copy(&cv, &t);
}
else
{
BIG_shr(d, 1);
FP16_conj(r, &cum2v);
FP16_xtr_A(&t, &cu, &cumv, &cv, r);
FP16_xtr_D(&cum2v, &cumv);
FP16_copy(&cumv, &t);
FP16_xtr_D(&cu, &cu);
}
}
}
FP16_xtr_A(r, &cu, &cv, &cumv, &cum2v);
for (i = 0; i < f2; i++) FP16_xtr_D(r, r);
FP16_xtr_pow(r, r, d);
}
#endif
*/