Commit 3d9689b8 authored by MASSON Simon's avatar MASSON Simon
Browse files

update 3 for k=5,7 curves

parent f4b39123
......@@ -40,7 +40,7 @@ def densexsparse_m6(k):
return 13*cost_m(k//6)
#SIMON
SIMON = True
SIMON = False
def densexsparse_m8(k):
# when half of the coefficients of one element is zero in Fpk defined over Fpk/4
......@@ -338,18 +338,21 @@ def millerLoopCost(C):
cost_verticalline = k*cost_m(1)
cost_update1 = 4*cost_m(k) + 2*cost_s(k)
cost_update2 = 4*cost_m(k)
cost_update3 = 2*cost_m(k)
elif k == 6 and D == 3 :
cost_addline = 10*cost_m(k//6) + 2*cost_s(k//6) + (k//3)*cost_m(1)
cost_doubleline = 2*cost_m(k//6) + 7*cost_s(k//6) + (k//3)*cost_m(1)
cost_verticalline = 0
cost_update1 = cost_s(k)+densexsparse_m6(k)
cost_update2 = densexsparse_m6(k)
cost_update3 = 0
elif k%4 == 0 and D == 4 :
cost_addline = 9*cost_m(k//4) + 5*cost_s(k//4) + (k//2)*cost_m(1)
cost_doubleline = 2*cost_m(k//4) + 8*cost_s(k//4) + (k//2)*cost_m(1)
cost_verticalline = 0
cost_update1 = cost_s(k)+densexsparse_m8(k)
cost_update2 = densexsparse_m8(k)
cost_update3 = 0
if name == 'KSS16' : # extra partial add and partial double + 3 frob and 2 multiplications
if SIMON:
miller_fixup = (2*cost_m(k//4)) + (4*cost_m(k//4) + 8*cost_m(1)) + (cost_m(k//4) + cost_s(k//4) + 8*cost_m(1)) + cost_f(16) + (2*2*cost_m(k//4))
......@@ -362,6 +365,7 @@ def millerLoopCost(C):
cost_verticalline = 0
cost_update1 = cost_s(k)+densexsparse_m6(k)
cost_update2 = densexsparse_m6(k)
cost_update3 = 0
if name == 'BN':
# Simon: could not find the exact cost of a light addition...
# not written in https://eprint.iacr.org/2009/243.pdf
......@@ -375,18 +379,24 @@ def millerLoopCost(C):
cost_verticalline=None
cost_update1=None
cost_update2=None
cost_update3=0
tot_miller = 4626 * m + cost_i(k)
if k!= 1 :
T = polymorphic_get_miller_loop_length(C)
logT = T.nbits()
HwT = Hw(T)
if k == 5 or k == 7:
NbMinus1 = 1
else :
NbMinus1 = 0
tot_miller = (logT-1) * (cost_doubleline + cost_verticalline) \
+ (logT-2) * cost_update1 \
+ (HwT-1) * (cost_addline + cost_verticalline + cost_update2) \
+ (cost_i(k) if k%2==1 else 0) \
+ miller_fixup
+ miller_fixup \
+ NbMinus1 * cost_update3
return [cost_addline, cost_doubleline, cost_verticalline, cost_update1, cost_update2, ZZ(tot_miller(m=1,s=1,inv=25))]
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment