Simplify code.

relic-toolkit · Aug 12, 2024 · 8b7786f · 8b7786f
1 parent 0cef413
commit 8b7786f
Show file tree

Hide file tree

Showing 2 changed files with 98 additions and 100 deletions.
diff --git a/src/epx/relic_ep2_mul.c b/src/epx/relic_ep2_mul.c
@@ -44,19 +44,19 @@ static void ep2_mul_gls_imp(ep2_t r, const ep2_t p, const bn_t k) {
 	size_t l, _l[4];
 	bn_t n, _k[4], u;
 	int8_t naf[4][RLC_FP_BITS + 1];
-	ep2_t q[4], t[4][1 << (RLC_WIDTH - 2)];
+	ep2_t q, t[4][1 << (RLC_WIDTH - 2)];
 
 	bn_null(n);
 	bn_null(u);
+	ep2_null(q);
 
 	RLC_TRY {
 		bn_new(n);
 		bn_new(u);
+		ep2_new(q);
 		for (size_t i = 0; i < 4; i++) {
 			bn_null(_k[i]);
-			ep2_null(q[i]);
 			bn_new(_k[i]);
-			ep2_new(q[i]);
 			for (size_t j = 0; j < (1 << (RLC_WIDTH - 2)); j++) {
 				ep2_null(t[i][j]);
 				ep2_new(t[i][j]);
@@ -68,21 +68,17 @@ static void ep2_mul_gls_imp(ep2_t r, const ep2_t p, const bn_t k) {
 		bn_mod(_k[0], k, n);
 		bn_rec_frb(_k, 4, _k[0], u, n, ep_curve_is_pairf() == EP_BN);
 
-		ep2_norm(q[0], p);
-		ep2_frb(q[1], q[0], 1);
-		ep2_frb(q[2], q[1], 1);
-		ep2_frb(q[3], q[2], 1);
-
 		l = 0;
 		for (size_t i = 0; i < 4; i++) {
 			_l[i] = RLC_FP_BITS + 1;
 			bn_rec_naf(naf[i], &_l[i], _k[i], RLC_WIDTH);
 			l = RLC_MAX(l, _l[i]);
 			if (i == 0) {
+				ep2_norm(q, p);
 				if (bn_sign(_k[0]) == RLC_NEG) {
-					ep2_neg(q[0], q[0]);
+					ep2_neg(q, q);
 				}
-				ep2_tab(t[0], q[0], RLC_WIDTH);
+				ep2_tab(t[0], q, RLC_WIDTH);
 			} else {
 				for (size_t j = 0; j < (1 << (RLC_WIDTH - 2)); j++) {
 					ep2_frb(t[i][j], t[i - 1][j], 1);
@@ -116,9 +112,9 @@ static void ep2_mul_gls_imp(ep2_t r, const ep2_t p, const bn_t k) {
 	RLC_FINALLY {
 		bn_free(n);
 		bn_free(u);
+		ep2_free(q);
 		for (size_t i = 0; i < 4; i++) {
 			bn_free(_k[i]);
-			ep2_free(q[i]);
 			for (size_t j = 0; j < (1 << (RLC_WIDTH - 2)); j++) {
 				ep2_free(t[i][j]);
 			}	

diff --git a/src/pc/relic_pc_exp.c b/src/pc/relic_pc_exp.c
@@ -114,21 +114,20 @@ static void gt_psi(gt_t c, const gt_t a) {
  * @param[in] b				- the exponent.
  * @param[in] f				- the maximum Frobenius power.
  */
-void gt_exp_imp(gt_t c, const gt_t a, const bn_t b, size_t f) {
-	int8_t c0, n0, *reg  = RLC_ALLOCA(int8_t, f * (RLC_FP_BITS + 1));
-	int8_t *e = RLC_ALLOCA(int8_t, f), *s = RLC_ALLOCA(int8_t, f);
-	gt_t q, w, *t = RLC_ALLOCA(gt_t, f * RLC_GT_TABLE);
+void gt_exp_gls_imp(gt_t c, const gt_t a, const bn_t b, size_t f) {
+	int8_t *naf  = RLC_ALLOCA(int8_t, f * (RLC_FP_BITS + 1));
+	int8_t n0, *s = RLC_ALLOCA(int8_t, f);
+	gt_t q, *t = RLC_ALLOCA(gt_t, f * RLC_GT_TABLE);
 	bn_t n, u, *_b = RLC_ALLOCA(bn_t, f);
-	size_t l, len, *_l = RLC_ALLOCA(size_t, f);
+	size_t l, *_l = RLC_ALLOCA(size_t, f);
 
-	if (reg == NULL || e == NULL || t == NULL || _b == NULL || _l == NULL) {
+	if (naf == NULL || t == NULL || _b == NULL || _l == NULL) {
 		RLC_THROW(ERR_NO_MEMORY);
 		return;
 	}
 
 	if (bn_is_zero(b)) {
-		RLC_FREE(reg);
-		RLC_FREE(e);
+		RLC_FREE(naf);
 		RLC_FREE(s);
 		RLC_FREE(t);
 		RLC_FREE(_b);
@@ -139,13 +138,11 @@ void gt_exp_imp(gt_t c, const gt_t a, const bn_t b, size_t f) {
 	bn_null(n);
 	bn_null(u);
 	gt_null(q);
-	gt_null(w);
 
 	RLC_TRY {
 		bn_new(n);
 		bn_new(u);
 		gt_new(q);
-		gt_new(w);
 		for (size_t i = 0; i < f; i++) {
 			bn_null(_b[i]);
 			bn_new(_b[i]);
@@ -171,65 +168,55 @@ void gt_exp_imp(gt_t c, const gt_t a, const bn_t b, size_t f) {
 		bn_rec_frb(_b, f, _b[0], u, n, ep_curve_is_pairf() == EP_BN);
 
 		l = 0;
-		len = bn_bits(u) + (ep_curve_is_pairf() == EP_BN);
 		gt_copy(t[0], a);
 		for (size_t i = 0; i < f; i++) {
 			s[i] = bn_sign(_b[i]);
-			bn_abs(_b[i], _b[i]);
-			e[i] = bn_is_even(_b[i]);
-			_b[i]->dp[0] |= e[i];
-
 			_l[i] = RLC_FP_BITS + 1;
-			bn_rec_reg(reg + i * (RLC_FP_BITS + 1), &_l[i], _b[i], len, RLC_WIDTH);
+			bn_rec_naf(naf + i * (RLC_FP_BITS + 1), &_l[i], _b[i], RLC_WIDTH);
 			l = RLC_MAX(l, _l[i]);
 			/* Apply Frobenius before flipping sign to build table. */
 			if (i > 0) {
 				gt_psi(t[i * RLC_GT_TABLE], t[(i - 1) * RLC_GT_TABLE]);
 			}
 		}
 
-		for (size_t i = 0; i < f; i++) {
-			gt_inv(q, t[i * RLC_GT_TABLE]);
-			gt_copy_sec(q, t[i * RLC_GT_TABLE], s[i] == RLC_POS);
-			if (RLC_WIDTH > 2) {
-				gt_sqr(t[i * RLC_GT_TABLE], q);
-				gt_mul(t[i * RLC_GT_TABLE + 1], t[i * RLC_GT_TABLE], q);
-				for (size_t j = 2; j < RLC_GT_TABLE; j++) {
-					gt_mul(t[i * RLC_GT_TABLE + j], t[i * RLC_GT_TABLE + j - 1],
-							t[i * (RLC_GT_TABLE)]);
+		gt_copy(q, a);
+		if (s[0] == RLC_NEG) {
+			gt_inv(q, q);
+		}
+		if (RLC_WIDTH > 2) {
+			gt_sqr(t[0], q);
+			gt_mul(t[1], t[0], q);
+			for (size_t j = 2; j < RLC_GT_TABLE; j++) {
+				gt_mul(t[j], t[j - 1], t[0]);
+			}
+		}
+		gt_copy(t[0], q);
+		for (size_t i = 1; i < f; i++) {
+			for (size_t j = 0; j < RLC_GT_TABLE; j++) {
+				gt_frb(t[i * RLC_GT_TABLE + j],
+						t[(i - 1) * RLC_GT_TABLE + j], 1);
+				if (s[i] != s[i - 1]) {
+					gt_inv(t[i * RLC_GT_TABLE + j], t[i * RLC_GT_TABLE + j]);
 				}
 			}
-			gt_copy(t[i * RLC_GT_TABLE], q);
 		}
 
 		gt_set_unity(c);
 		for (int j = l - 1; j >= 0; j--) {
-			for (size_t i = 0; i < RLC_WIDTH - 1; i++) {
-				gt_sqr(c, c);
-			}
+			gt_sqr(c, c);
 
 			for (size_t i = 0; i < f; i++) {
-				n0 = reg[i * (RLC_FP_BITS + 1) + j];
-				c0 = (n0 >> 7);
-				n0 = ((n0 ^ c0) - c0) >> 1;
-
-				for (size_t m = 0; m < RLC_GT_TABLE; m++) {
-					gt_copy_sec(w, t[i * RLC_GT_TABLE + m], m == n0);
+				n0 = naf[i * (RLC_FP_BITS + 1) + j];
+				if (n0 > 0) {
+					gt_mul(c, c, t[i * RLC_GT_TABLE + n0 / 2]);
+				}
+				if (n0 < 0) {
+					gt_inv(q, t[i * RLC_GT_TABLE - n0 / 2]);
+					gt_mul(c, c, q);
 				}
-
-				gt_inv(q, w);
-				gt_copy_sec(q, w, c0 == 0);
-				gt_mul(c, c, q);
-
 			}
 		}
-
-		for (size_t i = 0; i < f; i++) {
-			/* Tables are built with points already negated, so no need here. */
-			gt_inv(q, t[i * RLC_GT_TABLE]);
-			gt_mul(q, c, q);
-			gt_copy_sec(c, q, e[i]);
-		}
 	}
 	RLC_CATCH_ANY {
 		RLC_THROW(ERR_CAUGHT);
@@ -238,27 +225,20 @@ void gt_exp_imp(gt_t c, const gt_t a, const bn_t b, size_t f) {
 		bn_free(n);
 		bn_free(u);
 		gt_free(q);
-		gt_free(w);
 		for (size_t i = 0; i < f; i++) {
 			bn_free(_b[i]);
 			for (size_t j = 0; j < RLC_GT_TABLE; j++) {
 				gt_free(t[i * RLC_GT_TABLE + j]);
 			}
 		}
-		RLC_FREE(reg);
-		RLC_FREE(e);
+		RLC_FREE(naf);
 		RLC_FREE(s);
 		RLC_FREE(t);
 		RLC_FREE(_b);
 		RLC_FREE(_l);
 	}
 }
 
-/**
- * Size of a precomputation table using the double-table comb method.
- */
-#define RLC_GT_TABLE		(1 << (RLC_WIDTH - 2))
-
 /**
  * Exponentiates an element from G_T in constant time.
  *
@@ -267,20 +247,21 @@ void gt_exp_imp(gt_t c, const gt_t a, const bn_t b, size_t f) {
  * @param[in] b				- the exponent.
  * @param[in] f				- the maximum Frobenius power.
  */
-void gt_exp_gls_imp(gt_t c, const gt_t a, const bn_t b, size_t f) {
-	int8_t *naf  = RLC_ALLOCA(int8_t, f * (RLC_FP_BITS + 1));
-	int8_t n0, *s = RLC_ALLOCA(int8_t, f);
-	gt_t q, *t = RLC_ALLOCA(gt_t, f * RLC_GT_TABLE);
+void gt_exp_reg_gls(gt_t c, const gt_t a, const bn_t b, size_t f) {
+	int8_t c0, n0, *reg  = RLC_ALLOCA(int8_t, f * (RLC_FP_BITS + 1));
+	int8_t *e = RLC_ALLOCA(int8_t, f), *s = RLC_ALLOCA(int8_t, f);
+	gt_t q, w, *t = RLC_ALLOCA(gt_t, f * RLC_GT_TABLE);
 	bn_t n, u, *_b = RLC_ALLOCA(bn_t, f);
-	size_t l, *_l = RLC_ALLOCA(size_t, f);
+	size_t l, len, *_l = RLC_ALLOCA(size_t, f);
 
-	if (naf == NULL || t == NULL || _b == NULL || _l == NULL) {
+	if (reg == NULL || e == NULL || t == NULL || _b == NULL || _l == NULL) {
 		RLC_THROW(ERR_NO_MEMORY);
 		return;
 	}
 
 	if (bn_is_zero(b)) {
-		RLC_FREE(naf);
+		RLC_FREE(reg);
+		RLC_FREE(e);
 		RLC_FREE(s);
 		RLC_FREE(t);
 		RLC_FREE(_b);
@@ -291,11 +272,13 @@ void gt_exp_gls_imp(gt_t c, const gt_t a, const bn_t b, size_t f) {
 	bn_null(n);
 	bn_null(u);
 	gt_null(q);
+	gt_null(w);
 
 	RLC_TRY {
 		bn_new(n);
 		bn_new(u);
 		gt_new(q);
+		gt_new(w);
 		for (size_t i = 0; i < f; i++) {
 			bn_null(_b[i]);
 			bn_new(_b[i]);
@@ -321,49 +304,66 @@ void gt_exp_gls_imp(gt_t c, const gt_t a, const bn_t b, size_t f) {
 		bn_rec_frb(_b, f, _b[0], u, n, ep_curve_is_pairf() == EP_BN);
 
 		l = 0;
-		gt_copy(t[0], a);
+		len = bn_bits(u) + (ep_curve_is_pairf() == EP_BN);
 		for (size_t i = 0; i < f; i++) {
 			s[i] = bn_sign(_b[i]);
-			bn_abs(_b[i], _b[i]);
+			e[i] = bn_is_even(_b[i]);
+			_b[i]->dp[0] |= e[i];
 
 			_l[i] = RLC_FP_BITS + 1;
-			bn_rec_naf(naf + i * (RLC_FP_BITS + 1), &_l[i], _b[i], RLC_WIDTH);
+			bn_rec_reg(reg + i * (RLC_FP_BITS + 1), &_l[i], _b[i], len, RLC_WIDTH);
 			l = RLC_MAX(l, _l[i]);
-			/* Apply Frobenius before flipping sign to build table. */
-			if (i > 0) {
-				gt_psi(t[i * RLC_GT_TABLE], t[(i - 1) * RLC_GT_TABLE]);
-			}
 		}
 
-		for (size_t i = 0; i < f; i++) {
-			gt_inv(q, t[i * RLC_GT_TABLE]);
-			gt_copy_sec(q, t[i * RLC_GT_TABLE], s[i] == RLC_POS);
-			if (RLC_WIDTH > 2) {
-				gt_sqr(t[i * RLC_GT_TABLE], q);
-				gt_mul(t[i * RLC_GT_TABLE + 1], t[i * RLC_GT_TABLE], q);
-				for (size_t j = 2; j < RLC_GT_TABLE; j++) {
-					gt_mul(t[i * RLC_GT_TABLE + j], t[i * RLC_GT_TABLE + j - 1],
-							t[i * (RLC_GT_TABLE)]);
+		gt_copy(t[0], a);
+		gt_inv(q, t[0]);
+		gt_copy_sec(q, t[0], s[0] == RLC_POS);
+		if (RLC_WIDTH > 2) {
+			gt_sqr(t[0], q);
+			gt_mul(t[1], t[0], q);
+			for (size_t j = 2; j < RLC_GT_TABLE; j++) {
+				gt_mul(t[j], t[j - 1], t[0]);
+			}
+		}
+		gt_copy(t[0], q);
+		for (size_t i = 1; i < f; i++) {
+			for (size_t j = 0; j < RLC_GT_TABLE; j++) {
+				gt_frb(t[i * RLC_GT_TABLE + j],
+						t[(i - 1) * RLC_GT_TABLE + j], 1);
+				if (s[i] != s[i - 1]) {
+					gt_inv(t[i * RLC_GT_TABLE + j], t[i * RLC_GT_TABLE + j]);
 				}
 			}
-			gt_copy(t[i * RLC_GT_TABLE], q);
 		}
 
 		gt_set_unity(c);
 		for (int j = l - 1; j >= 0; j--) {
-			gt_sqr(c, c);
+			for (size_t i = 0; i < RLC_WIDTH - 1; i++) {
+				gt_sqr(c, c);
+			}
 
 			for (size_t i = 0; i < f; i++) {
-				n0 = naf[i * (RLC_FP_BITS + 1) + j];
-				if (n0 > 0) {
-					gt_mul(c, c, t[i * RLC_GT_TABLE + n0 / 2]);
-				}
-				if (n0 < 0) {
-					gt_inv(q, t[i * RLC_GT_TABLE - n0 / 2]);
-					gt_mul(c, c, q);
+				n0 = reg[i * (RLC_FP_BITS + 1) + j];
+				c0 = (n0 >> 7);
+				n0 = ((n0 ^ c0) - c0) >> 1;
+
+				for (size_t m = 0; m < RLC_GT_TABLE; m++) {
+					gt_copy_sec(w, t[i * RLC_GT_TABLE + m], m == n0);
 				}
+
+				gt_inv(q, w);
+				gt_copy_sec(q, w, c0 == 0);
+				gt_mul(c, c, q);
+
 			}
 		}
+
+		for (size_t i = 0; i < f; i++) {
+			/* Tables are built with points already negated, so no need here. */
+			gt_inv(q, t[i * RLC_GT_TABLE]);
+			gt_mul(q, c, q);
+			gt_copy_sec(c, q, e[i]);
+		}
 	}
 	RLC_CATCH_ANY {
 		RLC_THROW(ERR_CAUGHT);
@@ -372,13 +372,15 @@ void gt_exp_gls_imp(gt_t c, const gt_t a, const bn_t b, size_t f) {
 		bn_free(n);
 		bn_free(u);
 		gt_free(q);
+		gt_free(w);
 		for (size_t i = 0; i < f; i++) {
 			bn_free(_b[i]);
 			for (size_t j = 0; j < RLC_GT_TABLE; j++) {
 				gt_free(t[i * RLC_GT_TABLE + j]);
 			}
 		}
-		RLC_FREE(naf);
+		RLC_FREE(reg);
+		RLC_FREE(e);
 		RLC_FREE(s);
 		RLC_FREE(t);
 		RLC_FREE(_b);
@@ -522,7 +524,7 @@ void gt_exp_sec(gt_t c, const gt_t a, const bn_t b) {
 	}
 
 #if FP_PRIME <= 1536
-	gt_exp_imp(c, a, b, ep_curve_frdim());
+	gt_exp_reg_gls(c, a, b, ep_curve_frdim());
 #else
 	RLC_CAT(RLC_GT_LOWER, exp_monty)(c, a, b);
 #endif