|
|
@@ -21,13 +21,12 @@ func (fp503Ops) Sub(dest, lhs, rhs *Fp2Element) { |
|
|
|
} |
|
|
|
|
|
|
|
func (fp503Ops) Mul(dest, lhs, rhs *Fp2Element) { |
|
|
|
// Let (a,b,c,d) = (lhs.a,lhs.b,rhs.a,rhs.b). |
|
|
|
a := &lhs.A |
|
|
|
b := &lhs.B |
|
|
|
c := &rhs.A |
|
|
|
d := &rhs.B |
|
|
|
var b_minus_a, c_minus_d FpElement |
|
|
|
var ad_plus_bc FpElementX2 |
|
|
|
var ac, bd FpElementX2 |
|
|
|
var ac_minus_bd FpElementX2 |
|
|
|
|
|
|
|
// We want to compute |
|
|
|
// Let (a,b,c,d) = (lhs.a,lhs.b,rhs.a,rhs.b). We want to compute |
|
|
|
// |
|
|
|
// (a + bi)*(c + di) = (a*c - b*d) + (a*d + b*c)i |
|
|
|
// |
|
|
@@ -37,22 +36,18 @@ func (fp503Ops) Mul(dest, lhs, rhs *Fp2Element) { |
|
|
|
// |
|
|
|
// so (a*d + b*c) = (b-a)*(c-d) + a*c + b*d. |
|
|
|
|
|
|
|
var ac, bd FpElementX2 |
|
|
|
fp503Mul(&ac, a, c) // = a*c*R*R |
|
|
|
fp503Mul(&bd, b, d) // = b*d*R*R |
|
|
|
fp503Mul(&ac, &lhs.A, &rhs.A) // = a*c*R*R |
|
|
|
fp503Mul(&bd, &lhs.B, &rhs.B) // = b*d*R*R |
|
|
|
|
|
|
|
var b_minus_a, c_minus_d FpElement |
|
|
|
fp503SubReduced(&b_minus_a, b, a) // = (b-a)*R |
|
|
|
fp503SubReduced(&c_minus_d, c, d) // = (c-d)*R |
|
|
|
fp503SubReduced(&b_minus_a, &lhs.B, &lhs.A) // = (b-a)*R |
|
|
|
fp503SubReduced(&c_minus_d, &rhs.A, &rhs.B) // = (c-d)*R |
|
|
|
|
|
|
|
var ad_plus_bc FpElementX2 |
|
|
|
fp503Mul(&ad_plus_bc, &b_minus_a, &c_minus_d) // = (b-a)*(c-d)*R*R |
|
|
|
fp503X2AddLazy(&ad_plus_bc, &ad_plus_bc, &ac) // = ((b-a)*(c-d) + a*c)*R*R |
|
|
|
fp503X2AddLazy(&ad_plus_bc, &ad_plus_bc, &bd) // = ((b-a)*(c-d) + a*c + b*d)*R*R |
|
|
|
|
|
|
|
fp503MontgomeryReduce(&dest.B, &ad_plus_bc) // = (a*d + b*c)*R mod p |
|
|
|
|
|
|
|
var ac_minus_bd FpElementX2 |
|
|
|
fp503X2SubLazy(&ac_minus_bd, &ac, &bd) // = (a*c - b*d)*R*R |
|
|
|
fp503MontgomeryReduce(&dest.A, &ac_minus_bd) // = (a*c - b*d)*R mod p |
|
|
|
} |
|
|
|