|
|
|
@ -85,6 +85,33 @@ macro_rules! curve_impl { |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
impl $affine { |
|
|
|
impl $affine { |
|
|
|
|
|
|
|
/// Constructs an affine point with the lexicographically smallest
|
|
|
|
|
|
|
|
/// y-coordinate, given an x-coordinate, so long as the x-coordinate
|
|
|
|
|
|
|
|
/// exists on the curve. The point is not guaranteed to be in the
|
|
|
|
|
|
|
|
/// prime order subgroup.
|
|
|
|
|
|
|
|
fn get_point_from_x(x: $basefield) -> Option<$affine> { |
|
|
|
|
|
|
|
// Compute x^3 + b
|
|
|
|
|
|
|
|
let mut x3b = x; |
|
|
|
|
|
|
|
x3b.square(); |
|
|
|
|
|
|
|
x3b.mul_assign(&x); |
|
|
|
|
|
|
|
x3b.add_assign(&$affine::get_coeff_b()); |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
x3b.sqrt().map(|y| { |
|
|
|
|
|
|
|
let mut negy = y; |
|
|
|
|
|
|
|
negy.negate(); |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
$affine { |
|
|
|
|
|
|
|
x: x, |
|
|
|
|
|
|
|
y: if y < negy { |
|
|
|
|
|
|
|
y |
|
|
|
|
|
|
|
} else { |
|
|
|
|
|
|
|
negy |
|
|
|
|
|
|
|
}, |
|
|
|
|
|
|
|
infinity: false |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
}) |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
fn is_on_curve(&self) -> bool { |
|
|
|
fn is_on_curve(&self) -> bool { |
|
|
|
if self.is_zero() { |
|
|
|
if self.is_zero() { |
|
|
|
true |
|
|
|
true |
|
|
|
@ -781,26 +808,13 @@ pub mod g1 { |
|
|
|
// Interpret as Fq element.
|
|
|
|
// Interpret as Fq element.
|
|
|
|
let x = Fq::from_repr(x).map_err(|e| GroupDecodingError::CoordinateDecodingError("x coordinate", e))?; |
|
|
|
let x = Fq::from_repr(x).map_err(|e| GroupDecodingError::CoordinateDecodingError("x coordinate", e))?; |
|
|
|
|
|
|
|
|
|
|
|
// Compute x^3 + b
|
|
|
|
match G1Affine::get_point_from_x(x) { |
|
|
|
let mut x3b = x; |
|
|
|
Some(mut p) => { |
|
|
|
x3b.square(); |
|
|
|
if greatest { |
|
|
|
x3b.mul_assign(&x); |
|
|
|
p.negate(); |
|
|
|
x3b.add_assign(&G1Affine::get_coeff_b()); |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
// Attempt to compute y
|
|
|
|
Ok(p) |
|
|
|
match x3b.sqrt() { |
|
|
|
|
|
|
|
Some(y) => { |
|
|
|
|
|
|
|
let mut negy = y; |
|
|
|
|
|
|
|
negy.negate(); |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// Get the parity of the sqrt we found.
|
|
|
|
|
|
|
|
let parity = y > negy; |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Ok(G1Affine { |
|
|
|
|
|
|
|
x: x, |
|
|
|
|
|
|
|
y: if parity == greatest { y } else { negy }, |
|
|
|
|
|
|
|
infinity: false |
|
|
|
|
|
|
|
}) |
|
|
|
|
|
|
|
}, |
|
|
|
}, |
|
|
|
None => { |
|
|
|
None => { |
|
|
|
// Point must not be on the curve.
|
|
|
|
// Point must not be on the curve.
|
|
|
|
@ -1307,26 +1321,13 @@ pub mod g2 { |
|
|
|
c1: Fq::from_repr(x_c1).map_err(|e| GroupDecodingError::CoordinateDecodingError("x coordinate (c1)", e))? |
|
|
|
c1: Fq::from_repr(x_c1).map_err(|e| GroupDecodingError::CoordinateDecodingError("x coordinate (c1)", e))? |
|
|
|
}; |
|
|
|
}; |
|
|
|
|
|
|
|
|
|
|
|
// Compute x^3 + b
|
|
|
|
match G2Affine::get_point_from_x(x) { |
|
|
|
let mut x3b = x; |
|
|
|
Some(mut p) => { |
|
|
|
x3b.square(); |
|
|
|
if greatest { |
|
|
|
x3b.mul_assign(&x); |
|
|
|
p.negate(); |
|
|
|
x3b.add_assign(&G2Affine::get_coeff_b()); |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
// Attempt to compute y
|
|
|
|
Ok(p) |
|
|
|
match x3b.sqrt() { |
|
|
|
|
|
|
|
Some(y) => { |
|
|
|
|
|
|
|
let mut negy = y; |
|
|
|
|
|
|
|
negy.negate(); |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// Get the parity of the sqrt we found.
|
|
|
|
|
|
|
|
let parity = y > negy; |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Ok(G2Affine { |
|
|
|
|
|
|
|
x: x, |
|
|
|
|
|
|
|
y: if parity == greatest { y } else { negy }, |
|
|
|
|
|
|
|
infinity: false |
|
|
|
|
|
|
|
}) |
|
|
|
|
|
|
|
}, |
|
|
|
}, |
|
|
|
None => { |
|
|
|
None => { |
|
|
|
// Point must not be on the curve.
|
|
|
|
// Point must not be on the curve.
|
|
|
|
|
Sean Bowe
7 years ago