diff --git a/api.md b/api.md index 2bbb58e4..78bf3fe0 100644 --- a/api.md +++ b/api.md @@ -364,6 +364,8 @@ mclSize T::deserialize(const void *buf, mclSize bufSize); - deserialize `x` from `buf[0..bufSize-1]` - return read size if success else 0 + - mclBnG1_deserialize and mclBnG2_deserialize check whether the point has the correct order of G1/G2. + - mclBnGT_deserialize does not check it. Call mclBnGT_isValid if necessary. ## String conversion ### Get string @@ -417,6 +419,8 @@ void T::setStr(const char *str, int iMode = 0) - You can disable this check by `mclBn_verifyOrderG1/G2`(0). - return 0 if success else -1 - *pb = result of setStr or throw exception if error (C++) + - mclBnG1_setStr and mclBnG2_setStr check whether the point has the correct order of G1/G2. + - mclBnGT_setStr does not check it. Call mclBnGT_isValid if necessary. If you want to use the same BLS12-381 generator as [zkcrypto](https://www.ietf.org/archive/id/draft-irtf-cfrg-pairing-friendly-curves-11.html#section-4.2.1) then, diff --git a/include/mcl/bn.h b/include/mcl/bn.h index 011c977b..41ac9b06 100644 --- a/include/mcl/bn.h +++ b/include/mcl/bn.h @@ -455,6 +455,7 @@ MCLBN_DLL_API void mclBnGT_setInt32(mclBnGT *y, int x); MCLBN_DLL_API int mclBnGT_isEqual(const mclBnGT *x, const mclBnGT *y); MCLBN_DLL_API int mclBnGT_isZero(const mclBnGT *x); MCLBN_DLL_API int mclBnGT_isOne(const mclBnGT *x); +MCLBN_DLL_API int mclBnGT_isValid(const mclBnGT *x); MCLBN_DLL_API void mclBnGT_neg(mclBnGT *y, const mclBnGT *x); MCLBN_DLL_API void mclBnGT_sqr(mclBnGT *y, const mclBnGT *x); diff --git a/include/mcl/bn.hpp b/include/mcl/bn.hpp index 80f09c00..b3715dd9 100644 --- a/include/mcl/bn.hpp +++ b/include/mcl/bn.hpp @@ -2253,6 +2253,17 @@ inline const G1& getG1basePoint() return BN::param.basePoint; } +/* + check x in Fp12 is in GT. + return true if x^r = 1 +*/ +inline bool isValidGT(const GT& x) +{ + GT y; + GT::powGeneric(y, x, Fr::getOp().mp); + return y.isOne(); +} + } } // mcl::bn namespace mcl { namespace local { diff --git a/include/mcl/impl/bn_c_impl.hpp b/include/mcl/impl/bn_c_impl.hpp index ccb31473..00f49c5f 100644 --- a/include/mcl/impl/bn_c_impl.hpp +++ b/include/mcl/impl/bn_c_impl.hpp @@ -570,6 +570,10 @@ int mclBnGT_isOne(const mclBnGT *x) { return cast(x)->isOne(); } +int mclBnGT_isValid(const mclBnGT *x) +{ + return mcl::bn::isValidGT(*cast(x)); +} mclSize mclBnGT_getStr(char *buf, mclSize maxBufSize, const mclBnGT *x, int ioMode) { diff --git a/include/mcl/op.hpp b/include/mcl/op.hpp index db7d866c..d651c049 100644 --- a/include/mcl/op.hpp +++ b/include/mcl/op.hpp @@ -27,7 +27,7 @@ namespace mcl { -static const int version = 0x183; /* 0xABC = A.BC */ +static const int version = 0x184; /* 0xABC = A.BC */ /* specifies available string format mode for X::setIoMode() diff --git a/readme.md b/readme.md index a60c4028..e3d76c83 100644 --- a/readme.md +++ b/readme.md @@ -10,6 +10,7 @@ mcl is a library for pairing-based cryptography, which supports the optimal Ate pairing over BN curves and BLS12-381 curves. # News +- add mcl::bn::isValidGT(x) and mclBnGT_isValid(x) to check x in GT for x in Fp12. - support BN\_P256 (hash-to-curve is not yet standard way.) - the performance of `{G1,G2}::mulVec(z, xVec, yVec, n)` has improved for n >= 256. (about 2x speed up for n = 512). - But it changes the type of xVec from `const G*` to `G*` because xVec may be normalized when computing. diff --git a/test/bn_c_test.hpp b/test/bn_c_test.hpp index e35947d2..febe27fc 100644 --- a/test/bn_c_test.hpp +++ b/test/bn_c_test.hpp @@ -408,6 +408,10 @@ CYBOZU_TEST_AUTO(pairing) mclBnGT_mul(&e2, &e, &e); mclBnGT_mul(&e2, &e2, &e); CYBOZU_TEST_ASSERT(mclBnGT_isEqual(&e1, &e2)); + + CYBOZU_TEST_ASSERT(mclBnGT_isValid(&e1)); + e1.d[0].d[0]++; + CYBOZU_TEST_ASSERT(!mclBnGT_isValid(&e1)); } CYBOZU_TEST_AUTO(precomputed) diff --git a/test/common_test.hpp b/test/common_test.hpp index bafaf3d1..99d04fb2 100644 --- a/test/common_test.hpp +++ b/test/common_test.hpp @@ -248,4 +248,8 @@ void testCommon(const G1& P, const G2& Q) mcl::bn::pairing(e, P, Q); puts("GT"); testPowVec(e); + CYBOZU_TEST_ASSERT(mcl::bn::isValidGT(e)); + GT e2 = e; + e2 += 1; + CYBOZU_TEST_ASSERT(!mcl::bn::isValidGT(e2)); }