Commit 9f109ba1 authored by GUILLEVIC Aurore's avatar GUILLEVIC Aurore

Merge branch 'master' of gitlab.inria.fr:smasson/cocks-pinch-variant

parents 26df684f 11aa843e
......@@ -405,11 +405,11 @@ def chain_alternate_iterators(gp, gm, with_zero=False):
# promises.
class CocksPinchVariantResult(object):
"""
sage: C=CocksPinchVariantResult(6,3,34359607296,5,ht=0x101,hy=2,max_B1=1000)
sage: C=CocksPinchVariantResult(6,3,34359607296,5,ht=0x101,hy=-2,max_B1=1000)
sage: C.E2(factor=True)["text_factorization"]
'2^2 * 3 * 19 * 73 * 163 * 33637 * p48 * r'
sage: C=CocksPinchVariantResult(6,3,0x600100002,5,ht=0x428,hy=0x639,allowed_cofactor=420,max_B1=600)
sage: C=CocksPinchVariantResult(6,3,0x600100002,5,ht=0x428,hy=-0x639,allowed_cofactor=420,max_B1=600)
sage: C.is_small_subgroup_secure()
True
sage: C.is_twist_small_subgroup_secure()
......@@ -458,17 +458,17 @@ class CocksPinchVariantResult(object):
sage: (C.is_small_subgroup_secure(), C.is_twist_small_subgroup_secure(), C.is_G2_small_subgroup_secure(), C.is_twist_G2_small_subgroup_secure())
(True, True, True, True)
sage: C=CocksPinchVariantResult(6,3,0x600081000,1,ht=-0x191,hy=-0x7e2)
sage: C=CocksPinchVariantResult(6,3,0x600081000,1,ht=-0x191,hy=0x7e2)
sage: C.set_test_info(allowed_size_cofactor=10)
sage: (C.is_small_subgroup_secure(), C.is_twist_small_subgroup_secure(), C.is_G2_small_subgroup_secure(), C.is_twist_G2_small_subgroup_secure())
(True, True, True, True)
sage: C=CocksPinchVariantResult(5,10000000147,0xe000000000008000,1,ht=3,hy=-0x11e36418c7c8b454,max_B1=600)
sage: C=CocksPinchVariantResult(5,10000000147,0xe000000000008000,1,ht=3,hy=0x11e36418c7c8b454,max_B1=600)
sage: C.set_test_info(allowed_size_cofactor=10)
sage: (C.is_small_subgroup_secure(), C.is_twist_small_subgroup_secure(), C.is_G2_small_subgroup_secure(), C.is_twist_G2_small_subgroup_secure())
(True, True, True, True)
sage: C=CocksPinchVariantResult(6,3,0xfffffffffffffff00000000000000000,1,ht=0x43fff,hy=-0xffffffffff800007fffe,allowed_size_cofactor=10,max_B1=600)
sage: C=CocksPinchVariantResult(6,3,0xfffffffffffffff00000000000000000,1,ht=0x43fff,hy=0xffffffffff800007fffe,allowed_size_cofactor=10,max_B1=600)
sage: (C.is_small_subgroup_secure(), C.is_twist_small_subgroup_secure(), C.is_G2_small_subgroup_secure(), C.is_twist_G2_small_subgroup_secure())
(True, True, True, True)
......@@ -488,11 +488,11 @@ class CocksPinchVariantResult(object):
sage: (C.is_small_subgroup_secure(), C.is_twist_small_subgroup_secure(), C.is_G2_small_subgroup_secure(), C.is_twist_G2_small_subgroup_secure())
(True, True, True, True)
sage: C=CocksPinchVariantResult(7,20,0x5ec7fc01ff8,4,ht=-3,hy=-1,allowed_size_cofactor=10,max_B1=600)
sage: C=CocksPinchVariantResult(7,20,0x5ec7fc01ff8,4,ht=-3,hy=1,allowed_size_cofactor=10,max_B1=600)
sage: (C.is_small_subgroup_secure(), C.is_twist_small_subgroup_secure(), C.is_G2_small_subgroup_secure(), C.is_twist_G2_small_subgroup_secure())
(True, True, False, False)
sage: C=CocksPinchVariantResult(8,4,0xffffffffffffffc0,1,ht=-0x1821f,hy=0x1fdc,allowed_cofactor=1232,allowed_size_cofactor=10,max_B1=600)
sage: C=CocksPinchVariantResult(8,4,0xffffffffffffffc0,1,ht=-0x1821f,hy=-0x1fdc,allowed_cofactor=1232,allowed_size_cofactor=10,max_B1=600)
sage: (C.is_small_subgroup_secure(), C.is_twist_small_subgroup_secure(), C.is_G2_small_subgroup_secure(), C.is_twist_G2_small_subgroup_secure())
(True, True, True, True)
......@@ -506,7 +506,10 @@ class CocksPinchVariantResult(object):
"""
def __init__(self,k,D,T,i,ht=Integer(0),hy=Integer(0),max_poly_coeff=None,pre=False,l=1, allowed_cofactor = 1, allowed_size_cofactor = 5, max_trialdiv=10**6, max_B1=10**4, new_semantics=False):
=======
def __init__(self,k,D,T,i,ht=Integer(0),hy=Integer(0),max_poly_coeff=0,pre=False,l=1, allowed_cofactor = 1, allowed_size_cofactor = 5, max_trialdiv=10**6, max_B1=10**4, new_semantics=False):
>>>>>>> 107d412592d84ec5619ec671ff8231cbcde4d52c
kl = k * l
fD = -fundamental_discriminant(-D)
......@@ -536,6 +539,7 @@ class CocksPinchVariantResult(object):
self.t0 -= r
if abs(r-self.y0) < abs(self.y0):
self.y0 -= r
self.y0 = abs(self.y0)
# Determination of the lifted (t,y) from the solution mod r
......@@ -978,7 +982,10 @@ class CocksPinchVariantResult(object):
saved_max_B1 = self.max_B1
self.max_B1 = 600
dt0 = t0 - ((T**i+1) % r)
dy0 = y0 - ZZ((t0-2)/sqrt(Integers(r)(-fD)))
y0base = ZZ((t0-2)/sqrt(Integers(r)(-fD)))
if r - y0base < y0base:
y0base = r - y0base
dy0 = y0 - y0base
assert dt0 in [0,-r]
assert dy0 in [0,-r]
......@@ -1341,12 +1348,22 @@ class CocksPinchVariantSearch(object):
y0 = K(t0-2)/sqrt(K(-fD))
# Lift arbitrarily. Anyway we'll iterate over multiple
# possible representatives.
# The normalisation choice that we do in final_expo_k68
# (at least) is that we use the least positive integer
# representative of y0=\pm(t0-2)*inv_sqrt_D
#
# (as for t0, we have no sign indetermination, so we
# simply choose the representative of smallest absolute
# value, and that may mean a negative integer)
t0 = ZZ(t0)
y0 = ZZ(y0)
if abs(r-t0) < abs(t0):
t0 -= r
if abs(r-y0) < abs(y0):
y0 -= r
y0 = abs(y0)
# We want to constrain the bit length of t^2+fD*y^2{{{
# with t = t0 + ht * r and y = y0 + hy * r
......@@ -1821,7 +1838,7 @@ class CocksPinchVariantSearch(object):
# (sqrt((PP/2 - t^2)/D) + y1) / ry <= -pre_hy < (sqrt(PP - t^2)/D) + y1) / ry
if PP < t**2:
continue
pre_hymax = 1+floor(((sqrt((PP - t**2)/fD) - y1)/ry))
pre_hymax = 1+floor(((sqrt((PP - t**2)/fD) - y1)/ry))
mpre_hymax = 1+floor(((sqrt((PP - t**2)/fD) + y1)/ry))
if PP/2 < t**2:
......
This diff is collapsed.
......@@ -167,11 +167,11 @@ def Hw(x) :
return len(bit_positions_2naf(x))
proof.arithmetic(False)
C5=CocksPinchVariantResult(5,10000000147,0xe000000000008000,1,ht=3,hy=-0x11e36418c7c8b454,max_B1=600)
C5=CocksPinchVariantResult(5,10000000147,0xe000000000008000,1,ht=3,hy=0x11e36418c7c8b454,max_B1=600)
C6=CocksPinchVariantResult(6,3,0xefffffffffffffe00000000000000000,1,ht=-1,hy=0xffbbffffffffffffc020,allowed_cofactor=420,allowed_size_cofactor=10,max_B1=600)
C7=CocksPinchVariantResult(7,20,0x5fffb820248,6,ht=-2,allowed_cofactor=1232,allowed_size_cofactor=10,max_B1=600)
#C8=CocksPinchVariantResult(8,4,0xffffffffeff7c200,5,ht=5,hy=-0xd700,allowed_cofactor=420,allowed_size_cofactor=10,max_B1=600)
C8=CocksPinchVariantResult(8,4,0xffc00020fffffffc,1,ht=1,hy=-0xdc04,allowed_cofactor=420,allowed_size_cofactor=10,max_B1=600)
C8=CocksPinchVariantResult(8,4,0xffc00020fffffffc,1,ht=1,hy=0xdc04,allowed_cofactor=420,allowed_size_cofactor=10,max_B1=600)
CMNT6=MNT6(u=873723667900031396506414143162332159382674816702805606206979732381600254701804231398281169537138620,a=209307816050232262803672282154940341360062431838092388077917610639183322072827259682607127795420474686833003315766797546568469776750651773087882545447646552119008299040167030969895802846139484415144,b=2319663192174958547181026340141410918530227127674793888869119262391240421488942353013995765010333162065568990954578077256489549792305772041454141172011940607053889955897003759289947924385489341215143,D=8317003,c=1)
......@@ -186,21 +186,21 @@ def finite_field_cost(logp):
#time_m
words = ceil(RR(logp)/64)
if words == 5 :
time_m = 35 #relic benchmark
time_m = 35 # relic benchmark
if words == 6 :
time_m = 69 #relic benchmark
time_m = 65 # relic benchmark
if words == 7 :
time_m = 94 #relic benchmark commit 307bc1f17410c36f6bd93d2a1f5c419270cf9ebd
time_m = 85 # relic benchmark
if words == 8 :
time_m = 120 #relic benchmark, more close to 123
time_m = 106 # relic benchmark
elif words == 9 :
time_m = 1.9*9**2
time_m = 129 # relic benchmark
elif words == 10 :
time_m = 188 #relic benchmark
time_m = 154 # relic benchmark
elif words == 11 :
time_m = 1.9*11**2
time_m = 1.5*11**2
elif words == 48 :
time_m = 4882 #gmp benchmark
time_m = 4882 # gmp benchmark
return time_m
def is_one_of_our_known_pairing_friendly_curves(C):
......
This diff is collapsed.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment