Merge branch 'main' into amore

CMakeLists.txt

@@ -1,4 +1,4 @@
-cmake_minimum_required(VERSION 3.5)
+cmake_minimum_required(VERSION 3.10)
 if(NOT ${CMAKE_VERSION} VERSION_LESS "3.1")
 	cmake_policy(SET CMP0054 NEW)
 endif()

bench/bench_bn.c

@@ -1001,11 +1001,9 @@ static void arith(void) {
 #if defined(WITH_EP) && defined(EP_ENDOM) && (EP_MUL == LWNAF || EP_FIX == COMBS || EP_FIX == LWNAF || EP_SIM == INTER || !defined(STRIP))
 	if (ep_param_set_any_endom() == RLC_OK) {
 		BENCH_RUN("bn_rec_glv") {
-			ep_curve_get_v1(d);
-			ep_curve_get_v2(e);
 			ep_curve_get_ord(c);
 			bn_rand_mod(a, c);
-			BENCH_ADD(bn_rec_glv(a, b, a, c, (const bn_t *)d, (const bn_t *)e));
+			BENCH_ADD(bn_rec_glv(a, b, a, c, ep_curve_get_v1(), ep_curve_get_v2()));
 		}
 		BENCH_END;
 	}

bench/bench_ep.c

@@ -580,6 +580,12 @@ static void arith(void) {
 		BENCH_ADD(ep_map(p, msg, 5));
 	} BENCH_END;
 
+	BENCH_RUN("ep_map_rnd") {
+		uint8_t msg[5];
+		rand_bytes(msg, 5);
+		BENCH_ADD(ep_map_rnd(p, msg, 5));
+	} BENCH_END;
+
 #if EP_MAP == BASIC || !defined(STRIP)
 	BENCH_RUN("ep_map_basic") {
 		uint8_t msg[5];

bench/bench_fp.c

@@ -430,6 +430,12 @@ static void arith(void) {
 	BENCH_END;
 #endif
 
+	BENCH_RUN("fp_trs") {
+		fp_rand(a);
+		BENCH_ADD(fp_trs(c, a));
+	}
+	BENCH_END;
+
 	BENCH_RUN("fp_lsh") {
 		fp_rand(a);
 		a[RLC_FP_DIGS - 1] = 0;

bench/bench_fpx.c

@@ -404,6 +404,7 @@ static void arith2(void) {
 
 	BENCH_RUN("fp2_srt") {
 		fp2_rand(a);
+		fp2_sqr(a, a);
 		BENCH_ADD(fp2_srt(c, a));
 	}
 	BENCH_END;

demo/ers-etrs/test-bench.c

@@ -1,6 +1,6 @@
 /*
  * RELIC is an Efficient LIbrary for Cryptography
- * Copyright (c) 2009 RELIC Authors
+ * Copyright (c) 2021 RELIC Authors
  *
  * This file is part of RELIC. RELIC is legal property of its developers,
  * whose names are not listed here. Please refer to the COPYRIGHT file

include/relic_bn.h

@@ -1536,8 +1536,8 @@ void bn_rec_jsf(int8_t *jsf, size_t *len, const bn_t k, const bn_t l);
  * @param[in] v1			- the set of parameters v1 for the GLV method.
  * @param[in] v2			- the set of parameters v2 for the GLV method.
  */
-void bn_rec_glv(bn_t k0, bn_t k1, const bn_t k, const bn_t n, const bn_t v1[],
-		const bn_t v2[]);
+void bn_rec_glv(bn_t k0, bn_t k1, const bn_t k, const bn_t n, const bn_st *v1,
+		const bn_st *v2);
 
 /**
  * Recodes a scalar in subscalars according to Frobenius endomorphism.
@@ -1556,14 +1556,15 @@ void bn_rec_frb(bn_t *ki, int sub, const bn_t k, const bn_t x, const bn_t n,
  * Recodes subscalars in the signed aligned column representation..
  *
  * @param[out] b			- the recoded subscalars.
- * @param[in] len			- the length in bytes of the recoding.
+ * @param[in,out] len		- the length in bytes of the recoding.
  * @param[in] k				- the subscalars to recode.
  * @param[in] c				- the splitting factor.
  * @param[in] m				- the number of subscalars to recode.
  * @param[in] n				- the bit length of the group order.
  * @throw ERR_NO_BUFFER		- if the buffer capacity is insufficient.
  */
-void bn_rec_sac(int8_t *b, size_t *len, bn_t *k, size_t c, size_t m, size_t n);
+void bn_rec_sac(int8_t *b, size_t *len, const bn_t *k, size_t c, size_t m,
+		size_t n);
 
 /**
  * Computes the coefficients of the polynomial representing the Lagrange

include/relic_conf.h.in

@@ -32,6 +32,8 @@
 #ifndef RLC_CONF_H
 #define RLC_CONF_H
 
+/** Project name */
+#define RLC_STRING	"@CMAKE_PROJECT_NAME@"
 /** Project version. */
 #define RLC_VERSION "@VERSION@"
 

include/relic_core.h

@@ -220,6 +220,8 @@ typedef struct _ctx_t {
 	int fp_id;
 	/** Prime modulus. */
 	bn_st prime;
+	/** Prime modulus divided by 3. */
+	bn_st over3;
 	/** Parameter for generating prime. */
 	bn_st par;
 	/** Parameter in sparse form. */

include/relic_dv.h

@@ -55,13 +55,13 @@
 #ifdef WITH_FB
 #define RLC_DV_MAX		(RLC_MAX(FP_PRIME, FB_POLYN))
 #else /* !WITH_FB */
-#define RLC_DV_MAX		(FP_PRIME)
+#define RLC_DV_MAX		((size_t)(2 * FP_PRIME))
 #endif
 
 #else /* !WITH_FP */
 
 #ifdef WITH_FB
-#define RLC_DV_MAX		(FB_POLYN)
+#define RLC_DV_MAX		((size_t)(2 * FP_PRIME))
 #else /* !WITH_FB */
 #define RLC_DV_MAX		(0)
 #endif

include/relic_ep.h

@@ -64,7 +64,7 @@ enum {
     /* Barreto-Lynn-Scott family with embedding degree 12. */
     EP_B12,
     /* New family from Fotiadis-Martindale family with embedding degree 16. */
-    EP_N16,
+    EP_AFG16,
 	/* Fotiadis-Martindale family with embedding degree 16. */
 	EP_FM16,
     /* Kachisa-Schaefer-Scott family with embedding degree 16. */
@@ -161,6 +161,8 @@ enum {
 	K18_P508,
 	/** Barreto-Lynn-Scott curve with embedding degree 24. */
 	B24_P509,
+	/** New family with embeeding degree 16. */
+	AFG16_P510,
 	/** Optimal TNFS-secure curve with embedding degree 8. */
 	OT8_P511,
 	/** Cocks-pinch curve with embedding degree 8. */
@@ -184,7 +186,7 @@ enum {
 	/** Kachisa-Schaefer-Scott with embedding degree 16. */
 	K16_P766,
 	/** New family with embeeding degree 16. */
-	N16_P766,
+	AFG16_P766,
 	/* Fotiadis-Moartindale with embedding degree 18. */
 	FM18_P768,
 	/** Barreto-Lynn-Scott curve with embedding degree 12. */
@@ -540,12 +542,12 @@ dig_t *ep_curve_get_beta(void);
 /**
  * Returns the parameter V1 of the prime curve.
  */
-void ep_curve_get_v1(bn_t v[]);
+const bn_st *ep_curve_get_v1(void);
 
 /**
  * Returns the parameter V2 of the prime curve.
  */
-void ep_curve_get_v2(bn_t v[]);
+const bn_st *ep_curve_get_v2(void);
 
 /**
  * Returns a optimization identifier based on the a-coefficient of the curve.
@@ -1286,6 +1288,15 @@ void ep_map_sswum(ep_t p, const uint8_t *msg, size_t len);
  */
 void ep_map_swift(ep_t p, const uint8_t *msg, size_t len);
 
+/**
+ * Maps a random byte array to a point in a prime elliptic curve.
+ *
+ * @param[out] p			- the result.
+ * @param[in] uniform_bytes	- the random byte array to map.
+ * @param[in] len			- the array length in bytes.
+ */
+void ep_map_rnd(ep_t p, const uint8_t *uniform_bytes, size_t len);
+
 /**
  * Compresses a point.
  *

include/relic_fp.h

@@ -84,6 +84,8 @@ enum {
 	PRIME_22605,
 	/* Curve1174 251-bit prime modulus. */
 	PRIME_25109,
+	/* SQIsign lvl1 251-bit prime modulus. */
+	SQI_251,
 	/** Prime with high 2-adicity for curve Tweedledum. */
 	PRIME_H2ADC,
 	/** Curve25519 255-bit prime modulus. */
@@ -140,10 +142,12 @@ enum {
 	B12_446,
 	/** 455-bit prime for BLS curve of embedding degree 12. */
 	B12_455,
-	/** 477-bit prime for BLS curve of embedding degree 24. */
-	B24_509,
 	/** 508-bit prime for KSS16 curve. */
 	K18_508,
+	/** 477-bit prime for BLS curve of embedding degree 24. */
+	B24_509,
+	/** 510-bit prime for new family with embedding degree 16. */
+	AFG16_510,
 	/** Random 544-bit prime for Cocks-Pinch curve with embedding degree 8. */
 	GMT8_544,
 	/** 569-bit prime for SG curve with embedding degree 54. */
@@ -163,7 +167,7 @@ enum {
 	/** 766-bit prime for KSS curve with embedding degree 16. */
 	K16_766,
 	/** 766-bit prime for new family with embedding degree 16. */
-	N16_766,
+	AFG16_766,
 	/** 768-bit prime for FM curve with embedding degree 18. */
 	FM18_768,
 	/** 1024-bit prime for CTIDH. */
@@ -943,6 +947,14 @@ void fp_hlv_basic(fp_t c, const fp_t a);
  */
 void fp_hlv_integ(fp_t c, const fp_t a);
 
+/**
+ * Divides a prime field element by 3 (trisecting). Computes C = A/3.
+ *
+ * @param[out] C			- the result.
+ * @param[in] A				- the first prime field element.
+ */
+void fp_trs(fp_t c, const fp_t a);
+
 /**
  * Multiples two prime field elements using Schoolbook multiplication.
  *

include/relic_fpx.h

@@ -1766,7 +1766,8 @@ int fp2_is_sqr(const fp2_t a);
 
 /**
  * Extracts the square root of a quadratic extension field element. Computes
- * c = sqrt(a). The other square root is the negation of c.
+ * c = sqrt(a). The other square root is the negation of c. The output value
+ * shall not be used in case 0 is returned.
  *
  * @param[out] c			- the result.
  * @param[in] a				- the extension field element.
@@ -2108,7 +2109,8 @@ int fp3_is_sqr(const fp3_t a);
 
 /**
  * Extracts the square root of a cubic extension field element. Computes
- * c = sqrt(a). The other square root is the negation of c.
+ * c = sqrt(a). The other square root is the negation of c.  The output value
+ * shall not be used in case 0 is returned.
  *
  * @param[out] c			- the result.
  * @param[in] a				- the extension field element.
@@ -2428,7 +2430,8 @@ int fp4_is_sqr(const fp4_t a);
 
 /**
  * Extracts the square root of a quartic extension field element. Computes
- * c = sqrt(a). The other square root is the negation of c.
+ * c = sqrt(a). The other square root is the negation of c. The output value
+ * shall not be used in case 0 is returned. 
  *
  * @param[out] c			- the result.
  * @param[in] a				- the extension field element.
@@ -3026,7 +3029,8 @@ int fp8_is_sqr(const fp8_t a);
 
 /**
  * Extracts the square root of an octic extension field element. Computes
- * c = sqrt(a). The other square root is the negation of c.
+ * c = sqrt(a). The other square root is the negation of c. The output value
+ * shall not be used in case 0 is returned.
  *
  * @param[out] c			- the result.
  * @param[in] a				- the extension field element.
@@ -4055,7 +4059,8 @@ int fp16_is_sqr(const fp16_t a);
 
 /**
  * Extracts the square root of an sextadecic extension field element. Computes
- * c = sqrt(a). The other square root is the negation of c.
+ * c = sqrt(a). The other square root is the negation of c. The output value
+ * shall not be used in case 0 is returned.
  *
  * @param[out] c			- the result.
  * @param[in] a				- the extension field element.

include/relic_label.h

@@ -1,6 +1,6 @@
 /*
  * RELIC is an Efficient LIbrary for Cryptography
- * Copyright (c) 2021 RELIC Authors
+ * Copyright (c) 2013 RELIC Authors
  *
  * This file is part of RELIC. RELIC is legal property of its developers,
  * whose names are not listed here. Please refer to the COPYRIGHT file
@@ -71,12 +71,14 @@
 #undef arch_clean
 #undef arch_cycles
 #undef arch_lzcnt
+#undef arch_tzcnt
 #undef arch_copy_rom
 
 #define arch_init 	RLC_PREFIX(arch_init)
 #define arch_clean 	RLC_PREFIX(arch_clean)
 #define arch_cycles 	RLC_PREFIX(arch_cycles)
 #define arch_lzcnt 	RLC_PREFIX(arch_lzcnt)
+#define arch_tzcnt 	RLC_PREFIX(arch_tzcnt)
 #define arch_copy_rom 	RLC_PREFIX(arch_copy_rom)
 
 #undef bench_init
@@ -295,6 +297,7 @@
 #undef bn_rec_jsf
 #undef bn_rec_glv
 #undef bn_rec_frb
+#undef bn_rec_sac
 #undef bn_lag
 #undef bn_evl
 
@@ -407,6 +410,7 @@
 #define bn_rec_jsf 	RLC_PREFIX(bn_rec_jsf)
 #define bn_rec_glv 	RLC_PREFIX(bn_rec_glv)
 #define bn_rec_frb 	RLC_PREFIX(bn_rec_frb)
+#define bn_rec_sac 	RLC_PREFIX(bn_rec_sac)
 #define bn_lag 	RLC_PREFIX(bn_lag)
 #define bn_evl 	RLC_PREFIX(bn_evl)
 
@@ -523,6 +527,7 @@
 #undef fp_dbl_integ
 #undef fp_hlv_basic
 #undef fp_hlv_integ
+#undef fp_trs
 #undef fp_mul_basic
 #undef fp_mul_comba
 #undef fp_mul_integ
@@ -622,6 +627,7 @@
 #define fp_dbl_integ 	RLC_PREFIX(fp_dbl_integ)
 #define fp_hlv_basic 	RLC_PREFIX(fp_hlv_basic)
 #define fp_hlv_integ 	RLC_PREFIX(fp_hlv_integ)
+#define fp_trs 	RLC_PREFIX(fp_trs)
 #define fp_mul_basic 	RLC_PREFIX(fp_mul_basic)
 #define fp_mul_comba 	RLC_PREFIX(fp_mul_comba)
 #define fp_mul_integ 	RLC_PREFIX(fp_mul_integ)
@@ -1008,6 +1014,7 @@
 #undef ep_map_basic
 #undef ep_map_sswum
 #undef ep_map_swift
+#undef ep_map_rnd
 #undef ep_pck
 #undef ep_upk
 
@@ -1102,6 +1109,7 @@
 #define ep_map_basic 	RLC_PREFIX(ep_map_basic)
 #define ep_map_sswum 	RLC_PREFIX(ep_map_sswum)
 #define ep_map_swift 	RLC_PREFIX(ep_map_swift)
+#define ep_map_rnd 	RLC_PREFIX(ep_map_rnd)
 #define ep_pck 	RLC_PREFIX(ep_pck)
 #define ep_upk 	RLC_PREFIX(ep_upk)
 

include/relic_pc.h

@@ -59,7 +59,7 @@
 #if FP_PRIME == 575
 #define RLC_G2_LOWER			ep8_
 #define RLC_G2_BASEF(A)			A[0][0][0]
-#elif FP_PRIME == 315 || FP_PRIME == 317 || FP_PRIME == 330 || FP_PRIME == 509 || FP_PRIME == 765 || FP_PRIME == 766
+#elif FP_PRIME == 315 || FP_PRIME == 317 || FP_PRIME == 330 || FP_PRIME == 509 || FP_PRIME == 510 || FP_PRIME == 765 || FP_PRIME == 766
 #define RLC_G2_LOWER			ep4_
 #define RLC_G2_BASEF(A)			A[0][0]
 #elif FP_PRIME == 354 || FP_PRIME == 508 || FP_PRIME == 768 || FP_PRIME == 638 && !defined(FP_QNRES)
@@ -81,7 +81,7 @@
 #elif FP_PRIME == 354 || FP_PRIME == 508 || FP_PRIME == 768 || FP_PRIME == 638 && !defined(FP_QNRES)
 #define RLC_GT_LOWER			fp18_
 #define RLC_GT_EMBED      		18
-#elif FP_PRIME == 330 || FP_PRIME == 765 || FP_PRIME == 766
+#elif FP_PRIME == 330 || FP_PRIME == 510 || FP_PRIME == 765 || FP_PRIME == 766
 #define RLC_GT_LOWER			fp16_
 #define RLC_GT_EMBED      		16
 #elif FP_PRIME == 544

include/relic_util.h

@@ -101,6 +101,11 @@
  */
 #define RLC_DMASK				(RLC_HMASK | RLC_LMASK)
 
+/**
+ * Bit mask used to divide by 3.
+ */
+#define RLC_3MASK				((RLC_DMASK - 1)/3 + 1)
+
 /**
  * Returns the lowest half of a digit.
  *

preset/x64-pbc-afg16-510.sh

@@ -0,0 +1,2 @@
+#!/bin/sh
+cmake -DWSIZE=64 -DRAND=UDEV -DSHLIB=OFF -DSTBIN=ON -DTIMER=CYCLE -DCHECK=off -DVERBS=off -DARITH=x64-asm-8l -DFP_PRIME=510 -DFP_METHD="INTEG;INTEG;INTEG;MONTY;JMPDS;JMPDS;SLIDE" -DCFLAGS="-O3 -funroll-loops -fomit-frame-pointer -march=native -mtune=native" -DFP_PMERS=off -DFP_QNRES=off -DFPX_METHD="INTEG;INTEG;LAZYR" -DEP_METHD="JACOB;LWNAF;COMBS;INTER;SWIFT" -DEP_PLAIN=off -DEP_SUPER=off -DPP_METHD="LAZYR;OATEP" -DWITH="ALL" $1