Merge branch 'dev'

api.md

@@ -364,6 +364,8 @@ mclSize T::deserialize(const void *buf, mclSize bufSize);
 
 - deserialize `x` from `buf[0..bufSize-1]`
 - return read size if success else 0
+  - mclBnG1_deserialize and mclBnG2_deserialize check whether the point has the correct order of G1/G2.
+  - mclBnGT_deserialize does not check it. Call mclBnGT_isValid if necessary.
 
 ## String conversion
 ### Get string
@@ -417,6 +419,8 @@ void T::setStr(const char *str, int iMode = 0)
   - You can disable this check by `mclBn_verifyOrderG1/G2`(0).
 - return 0 if success else -1
   - *pb = result of setStr or throw exception if error (C++)
+  - mclBnG1_setStr and mclBnG2_setStr check whether the point has the correct order of G1/G2.
+  - mclBnGT_setStr does not check it. Call mclBnGT_isValid if necessary.
 
 If you want to use the same BLS12-381 generator as [zkcrypto](https://www.ietf.org/archive/id/draft-irtf-cfrg-pairing-friendly-curves-11.html#section-4.2.1) then,
 

include/mcl/bn.h

@@ -455,6 +455,7 @@ MCLBN_DLL_API void mclBnGT_setInt32(mclBnGT *y, int x);
 MCLBN_DLL_API int mclBnGT_isEqual(const mclBnGT *x, const mclBnGT *y);
 MCLBN_DLL_API int mclBnGT_isZero(const mclBnGT *x);
 MCLBN_DLL_API int mclBnGT_isOne(const mclBnGT *x);
+MCLBN_DLL_API int mclBnGT_isValid(const mclBnGT *x);
 
 MCLBN_DLL_API void mclBnGT_neg(mclBnGT *y, const mclBnGT *x);
 MCLBN_DLL_API void mclBnGT_sqr(mclBnGT *y, const mclBnGT *x);

include/mcl/bn.hpp

@@ -2253,6 +2253,17 @@ inline const G1& getG1basePoint()
 	return BN::param.basePoint;
 }
 
+/*
+	check x in Fp12 is in GT.
+	return true if x^r = 1
+*/
+inline bool isValidGT(const GT& x)
+{
+	GT y;
+	GT::powGeneric(y, x, Fr::getOp().mp);
+	return y.isOne();
+}
+
 } } // mcl::bn
 
 namespace mcl { namespace local {

include/mcl/impl/bn_c_impl.hpp

@@ -570,6 +570,10 @@ int mclBnGT_isOne(const mclBnGT *x)
 {
 	return cast(x)->isOne();
 }
+int mclBnGT_isValid(const mclBnGT *x)
+{
+	return mcl::bn::isValidGT(*cast(x));
+}
 
 mclSize mclBnGT_getStr(char *buf, mclSize maxBufSize, const mclBnGT *x, int ioMode)
 {

include/mcl/op.hpp

@@ -27,7 +27,7 @@
 
 namespace mcl {
 
-static const int version = 0x183; /* 0xABC = A.BC */
+static const int version = 0x184; /* 0xABC = A.BC */
 
 /*
 	specifies available string format mode for X::setIoMode()

readme.md

@@ -10,6 +10,7 @@ mcl is a library for pairing-based cryptography,
 which supports the optimal Ate pairing over BN curves and BLS12-381 curves.
 
 # News
+- add mcl::bn::isValidGT(x) and mclBnGT_isValid(x) to check x in GT for x in Fp12.
 - support BN\_P256 (hash-to-curve is not yet standard way.)
 - the performance of `{G1,G2}::mulVec(z, xVec, yVec, n)` has improved for n >= 256. (about 2x speed up for n = 512).
   - But it changes the type of xVec from `const G*` to `G*` because xVec may be normalized when computing.

test/bn_c_test.hpp

@@ -408,6 +408,10 @@ CYBOZU_TEST_AUTO(pairing)
 	mclBnGT_mul(&e2, &e, &e);
 	mclBnGT_mul(&e2, &e2, &e);
 	CYBOZU_TEST_ASSERT(mclBnGT_isEqual(&e1, &e2));
+
+	CYBOZU_TEST_ASSERT(mclBnGT_isValid(&e1));
+	e1.d[0].d[0]++;
+	CYBOZU_TEST_ASSERT(!mclBnGT_isValid(&e1));
 }
 
 CYBOZU_TEST_AUTO(precomputed)

test/common_test.hpp

@@ -248,4 +248,8 @@ void testCommon(const G1& P, const G2& Q)
 	mcl::bn::pairing(e, P, Q);
 	puts("GT");
 	testPowVec(e);
+	CYBOZU_TEST_ASSERT(mcl::bn::isValidGT(e));
+	GT e2 = e;
+	e2 += 1;
+	CYBOZU_TEST_ASSERT(!mcl::bn::isValidGT(e2));
 }