Commit 3d9689b8 by MASSON Simon

### update 3 for k=5,7 curves

parent f4b39123
 ... ... @@ -40,7 +40,7 @@ def densexsparse_m6(k): return 13*cost_m(k//6) #SIMON SIMON = True SIMON = False def densexsparse_m8(k): # when half of the coefficients of one element is zero in Fpk defined over Fpk/4 ... ... @@ -338,18 +338,21 @@ def millerLoopCost(C): cost_verticalline = k*cost_m(1) cost_update1 = 4*cost_m(k) + 2*cost_s(k) cost_update2 = 4*cost_m(k) cost_update3 = 2*cost_m(k) elif k == 6 and D == 3 : cost_addline = 10*cost_m(k//6) + 2*cost_s(k//6) + (k//3)*cost_m(1) cost_doubleline = 2*cost_m(k//6) + 7*cost_s(k//6) + (k//3)*cost_m(1) cost_verticalline = 0 cost_update1 = cost_s(k)+densexsparse_m6(k) cost_update2 = densexsparse_m6(k) cost_update3 = 0 elif k%4 == 0 and D == 4 : cost_addline = 9*cost_m(k//4) + 5*cost_s(k//4) + (k//2)*cost_m(1) cost_doubleline = 2*cost_m(k//4) + 8*cost_s(k//4) + (k//2)*cost_m(1) cost_verticalline = 0 cost_update1 = cost_s(k)+densexsparse_m8(k) cost_update2 = densexsparse_m8(k) cost_update3 = 0 if name == 'KSS16' : # extra partial add and partial double + 3 frob and 2 multiplications if SIMON: miller_fixup = (2*cost_m(k//4)) + (4*cost_m(k//4) + 8*cost_m(1)) + (cost_m(k//4) + cost_s(k//4) + 8*cost_m(1)) + cost_f(16) + (2*2*cost_m(k//4)) ... ... @@ -362,6 +365,7 @@ def millerLoopCost(C): cost_verticalline = 0 cost_update1 = cost_s(k)+densexsparse_m6(k) cost_update2 = densexsparse_m6(k) cost_update3 = 0 if name == 'BN': # Simon: could not find the exact cost of a light addition... # not written in https://eprint.iacr.org/2009/243.pdf ... ... @@ -375,18 +379,24 @@ def millerLoopCost(C): cost_verticalline=None cost_update1=None cost_update2=None cost_update3=0 tot_miller = 4626 * m + cost_i(k) if k!= 1 : T = polymorphic_get_miller_loop_length(C) logT = T.nbits() HwT = Hw(T) if k == 5 or k == 7: NbMinus1 = 1 else : NbMinus1 = 0 tot_miller = (logT-1) * (cost_doubleline + cost_verticalline) \ + (logT-2) * cost_update1 \ + (HwT-1) * (cost_addline + cost_verticalline + cost_update2) \ + (cost_i(k) if k%2==1 else 0) \ + miller_fixup + miller_fixup \ + NbMinus1 * cost_update3 return [cost_addline, cost_doubleline, cost_verticalline, cost_update1, cost_update2, ZZ(tot_miller(m=1,s=1,inv=25))] ... ...
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!