 ### formulas cost miller, still some todos...

parent 4c3ee547
 ... ... @@ -37,6 +37,9 @@ def densexsparse_m6(k): assert k%6==0 return 13*cost_m(k//6) # aurore thesis #SIMON SIMON = True def densexsparse_m8(k): assert k%8==0 return 8*cost_m(k//4) # ??????????????????????BarDuq18??? ... ... @@ -336,8 +339,11 @@ def millerLoopCost(C): cost_update1 = cost_s(k)+densexsparse_m8(k) cost_update2 = densexsparse_m8(k) if name == 'KSS16' : # extra partial add and partial double + 3 frob and 2 multiplications miller_fixup = 5*cost_m(k//4) + cost_s(k//4) + k * cost_m(1) miller_fixup += 3*cost_f(k) + 2*sparse_m16 if SIMON: miller_fixup = (2*cost_m(k//4)) + (4*cost_m(k//4) + 8*cost_m(1)) + (cost_m(k//4) + cost_s(k//4) + 8*cost_m(1)) + cost_f(16) + (2*2*cost_m(k//4)) else : miller_fixup = 5*cost_m(k//4) + cost_s(k//4) + k * cost_m(1) miller_fixup += 3*cost_f(k) + 2*sparse_m16 elif k == 12 and D == 3: cost_doubleline = 3*cost_m(k//6) + 6*cost_s(k//6) + (k//3)*cost_m(1) cost_addline = 11*cost_m(k//6) + 2*cost_s(k//6) + (k//3)*cost_m(1) ... ... @@ -352,7 +358,7 @@ def millerLoopCost(C): miller_fixup = 4*cost_f(k) + \ + cost_addline + \ + 4*cost_m(k//6) + 4*cost_m(1) + \ + 2*sparse_m12 + 2*sparse_m12 elif k == 1: cost_addline=None cost_doubleline=None ... ... @@ -406,7 +412,14 @@ def finalExpoCost(C): #BN_expo_z = 4*(114 - 1)*cost_m(2) + (6*3 - 3)*cost_m(2) + 3*cost_m(12) + 3*3*cost_s(2) + cost_i(2) BN_expo_z = 4*(logT - 1)*cost_m(2) + (6*(HwT-1) - 3)*cost_m(2) + (HwT-1)*cost_m(12) + 3*(HwT-1)*cost_s(2) + cost_i(2) #BarDuq says 114*compr_s12 + 3* cost_m(12) + (i + (24*4 - 5)*cost_m(1)) tot_expo = cost_i(12) + 12*cost_m(12) + 3*cyclo_s12 + 4* cost_f(12) + 3*BN_expo_z if SIMON : # first part tot_expo = (cost_i(12) + cost_m(12)) + (5*cost_m(2) + cost_m(12)) # second part tot_expo += 3*BN_expo_z + 3*cyclo_s12 + 10 * cost_m(12) + 4*cost_f(12) # difference of 5m2 which is neglected in the papers. else : tot_expo = cost_i(12) + 12*cost_m(12) + 3*cyclo_s12 + 4* cost_f(12) + 3*BN_expo_z return tot_expo(m=1,s=1,inv=25) elif name == 'BLS12': T = C.u() ... ... @@ -416,11 +429,26 @@ def finalExpoCost(C): BLS_expo_z = 4*(logT - 1)*cost_m(2)+ (6*(HwT-1) - 3)*cost_m(2) + (HwT-1)*cost_m(12) + 3*(HwT-1)*cost_s(2) + cost_i(2) #4*(log(u)-1)*m_i + (6*hw(u) - 3) *m_i + hw(u) * m_{6i} + 3*hw(u) * s_i + 1*I_i #BarDuq says 77*compr_s12 + 2*cost_m(12) + (i + (24*3 - 5)*cost_m(1)) tot_expo = cost_i(12) + 12*cost_m(12) + 2*cyclo_s12 + 4*cost_f(12) + 5*BLS_expo_z if SIMON: # first part tot_expo = (cost_i(12) + cost_m(12)) + (5*cost_m(2) + cost_m(12)) # second part tot_expo += 5*BLS_expo_z + 10*cost_m(12) + 3*cost_f(12) + 2*cyclo_s12 # difference of one frobenius... else : tot_expo = cost_i(12) + 12*cost_m(12) + 2*cyclo_s12 + 4*cost_f(12) + 5*BLS_expo_z return tot_expo(m=1,s=1,inv=25) elif name == 'KSS16': KSS16_expo_z = 34*cyclo_s16 + 4*cost_m(16) tot_expo = 34*cyclo_s16 + 32*cost_m(16)+24*cost_m(4)+8*cost_f(16)+cost_i(16) + 9*KSS16_expo_z #TODO Verify these formulas... if SIMON: KSS16_expo_zp1 = 34*cyclo_s16 + 4*cost_m(16) # first part tot_expo = cost_i(16) + cost_m(16) # second part tot_expo += 7*KSS16_expo_z + 2*KSS16_expo_zp1 + 16*cyclo_s16 + 33 * cost_m(16) + (8*cost_m(16)) + (92 * cost_m(16)) else : tot_expo = 34*cyclo_s16 + 32*cost_m(16)+24*cost_m(4)+8*cost_f(16)+cost_i(16) + 9*KSS16_expo_z return tot_expo(m=1,s=1,inv=25) if not isinstance(C, CocksPinchVariantResult): ... ...
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!