sm9/bn256: add double & triple, fix gfpNeg issue, use Square as possible

sm9/bn256/bn_pair.go

@@ -12,8 +12,8 @@ func lineFunctionAdd(r, p, rOut *twistPoint, q *curvePoint, r2, a, b, c *gfP2) {
 	H := (&gfP2{}).Sub(B, &r.x) // H = Xp * Zr^2 - Xr
 	I := (&gfP2{}).SquareNC(H)  // I = (Xp * Zr^2 - Xr)^2 = Xp^2*Zr^4 + Xr^2 - 2Xr*Xp*Zr^2
 
-	E := (&gfP2{}).Add(I, I) // E = 2*(Xp * Zr^2 - Xr)^2
-	E.Add(E, E)              // E = 4*(Xp * Zr^2 - Xr)^2
+	E := (&gfP2{}).Double(I) // E = 2*(Xp * Zr^2 - Xr)^2
+	E.Double(E)              // E = 4*(Xp * Zr^2 - Xr)^2
 
 	J := (&gfP2{}).MulNC(H, E) // J =  4*(Xp * Zr^2 - Xr)^3
 
@@ -29,7 +29,7 @@ func lineFunctionAdd(r, p, rOut *twistPoint, q *curvePoint, r2, a, b, c *gfP2) {
 	t := (&gfP2{}).Sub(V, &rOut.x) // t = V - rOut.x
 	t.Mul(t, L1)                   // t = L1*(V-rOut.x)
 	t2 := (&gfP2{}).MulNC(&r.y, J)
-	t2.Add(t2, t2)    // t2 = 2Yr * J
+	t2.Double(t2)     // t2 = 2Yr * J
 	rOut.y.Sub(t, t2) // rOut.y = L1*(V-rOut.x) - 2Yr*J
 
 	rOut.t.SquareNC(&rOut.z)
@@ -38,14 +38,14 @@ func lineFunctionAdd(r, p, rOut *twistPoint, q *curvePoint, r2, a, b, c *gfP2) {
 	t.Add(&p.y, &rOut.z).Square(t).Sub(t, r2).Sub(t, &rOut.t)
 
 	t2.Mul(L1, &p.x)
-	t2.Add(t2, t2) // t2 = 2 L1 * Xp
-	a.Sub(t2, t)   // a =  2 L1 * Xp - 2 Yp * rOut.z = 2 L1 * Xp - (Yp + rOut.Z)^2 + Yp^2 + rOut.Z^2
+	t2.Double(t2) // t2 = 2 L1 * Xp
+	a.Sub(t2, t)  // a =  2 L1 * Xp - 2 Yp * rOut.z = 2 L1 * Xp - (Yp + rOut.Z)^2 + Yp^2 + rOut.Z^2
 
 	c.MulScalar(&rOut.z, &q.y) // c = rOut.z * Yq
-	c.Add(c, c)                // c = 2 * rOut.z * Yq
+	c.Double(c)                // c = 2 * rOut.z * Yq
 
 	b.Neg(L1)                      // b= -L1
-	b.MulScalar(b, &q.x).Add(b, b) // b = -2 * L1 * Xq
+	b.MulScalar(b, &q.x).Double(b) // b = -2 * L1 * Xq
 }
 
 func lineFunctionDouble(r, rOut *twistPoint, q *curvePoint, a, b, c *gfP2) {
@@ -56,9 +56,9 @@ func lineFunctionDouble(r, rOut *twistPoint, q *curvePoint, a, b, c *gfP2) {
 	C := (&gfP2{}).SquareNC(B) // C = Yr ^ 4
 
 	D := (&gfP2{}).Add(&r.x, B)
-	D.Square(D).Sub(D, A).Sub(D, C).Add(D, D)
+	D.Square(D).Sub(D, A).Sub(D, C).Double(D)
 
-	E := (&gfP2{}).Add(A, A) //
+	E := (&gfP2{}).Double(A) //
 	E.Add(E, A)              // E = 3 * Xr ^ 2
 
 	G := (&gfP2{}).SquareNC(E) // G = 9 * Xr^4
@@ -68,23 +68,23 @@ func lineFunctionDouble(r, rOut *twistPoint, q *curvePoint, a, b, c *gfP2) {
 	rOut.z.Add(&r.y, &r.z).Square(&rOut.z).Sub(&rOut.z, B).Sub(&rOut.z, &r.t) // Z3 = (Yr + Zr)^2 - Yr^2 - Zr^2 = 2Yr*Zr
 
 	rOut.y.Sub(D, &rOut.x).Mul(&rOut.y, E)
-	t := (&gfP2{}).Add(C, C) // t = 2 * r.y ^ 4
-	t.Add(t, t).Add(t, t)    // t = 8 * Yr ^ 4
+	t := (&gfP2{}).Double(C) // t = 2 * r.y ^ 4
+	t.Double(t).Double(t)    // t = 8 * Yr ^ 4
 	rOut.y.Sub(&rOut.y, t)
 
 	rOut.t.SquareNC(&rOut.z)
 
-	t.Mul(E, &r.t).Add(t, t) // t = 2(E * Tr)
+	t.Mul(E, &r.t).Double(t) // t = 2(E * Tr)
 	b.Neg(t)                 // b = -2(E * Tr)
 	b.MulScalar(b, &q.x)     // b = -2(E * Tr * Xq)
 
 	a.Add(&r.x, E)                  // a = Xr + E
 	a.Square(a).Sub(a, A).Sub(a, G) // a = (Xr + E) ^ 2 - A - G
-	t.Add(B, B).Add(t, t)           // t = 4B
+	t.Double(B).Double(t)           // t = 4B
 	a.Sub(a, t)                     // a = (Xr + E) ^ 2 - A - G - 4B
 
 	c.Mul(&rOut.z, &r.t)           // c = rOut.z * Tr
-	c.Add(c, c).MulScalar(c, &q.y) // c = 2 rOut.z * Tr * Yq
+	c.Double(c).MulScalar(c, &q.y) // c = 2 rOut.z * Tr * Yq
 }
 
 // (ret.z + ret.y*w + ret.x*w^2)* ((cv+a) + b*w^2)

sm9/bn256/curve.go

@@ -38,7 +38,7 @@ func (c *curvePoint) Set(a *curvePoint) {
 
 func (c *curvePoint) polynomial(x *gfP) *gfP {
 	x3 := &gfP{}
-	gfpMul(x3, x, x)
+	gfpSqr(x3, x, 1)
 	gfpMul(x3, x3, x)
 	gfpAdd(x3, x3, curveB)
 	return x3
@@ -52,7 +52,7 @@ func (c *curvePoint) IsOnCurve() bool {
 	}
 
 	y2 := &gfP{}
-	gfpMul(y2, &c.y, &c.y)
+	gfpSqr(y2, &c.y, 1)
 
 	x3 := c.polynomial(&c.x)
 
@@ -98,8 +98,8 @@ func (c *curvePoint) Add(a, b *curvePoint) {
 	// by [u1:s1:z1·z2] and [u2:s2:z1·z2]
 	// where u1 = x1·z2², s1 = y1·z2³ and u1 = x2·z1², s2 = y2·z1³
 	z12, z22 := &gfP{}, &gfP{}
-	gfpMul(z12, &a.z, &a.z)
-	gfpMul(z22, &b.z, &b.z)
+	gfpSqr(z12, &a.z, 1)
+	gfpSqr(z22, &b.z, 1)
 
 	u1, u2 := &gfP{}, &gfP{}
 	gfpMul(u1, &a.x, z22)
@@ -123,10 +123,10 @@ func (c *curvePoint) Add(a, b *curvePoint) {
 	h := &gfP{}
 	gfpSub(h, u2, u1)
 
-	gfpAdd(t, h, h)
+	gfpDouble(t, h)
 	// i = 4h²
 	i := &gfP{}
-	gfpMul(i, t, t)
+	gfpSqr(i, t, 1)
 	// j = 4h³
 	j := &gfP{}
 	gfpMul(j, h, i)
@@ -138,15 +138,15 @@ func (c *curvePoint) Add(a, b *curvePoint) {
 		return
 	}
 	r := &gfP{}
-	gfpAdd(r, t, t)
+	gfpDouble(r, t)
 
 	v := &gfP{}
 	gfpMul(v, u1, i)
 
 	// t4 = 4(s2-s1)²
 	t4, t6 := &gfP{}, &gfP{}
-	gfpMul(t4, r, r)
-	gfpAdd(t, v, v)
+	gfpSqr(t4, r, 1)
+	gfpDouble(t, v)
 	gfpSub(t6, t4, j)
 
 	gfpSub(&c.x, t6, t)
@@ -156,13 +156,13 @@ func (c *curvePoint) Add(a, b *curvePoint) {
 	// y = - 2·s1·j - (s2-s1)(2x - 2i·u1) = r(v-x) - 2·s1·j
 	gfpSub(t, v, &c.x) // t7
 	gfpMul(t4, s1, j)  // t8
-	gfpAdd(t6, t4, t4) // t9
+	gfpDouble(t6, t4) // t9
 	gfpMul(t4, r, t)   // t10
 	gfpSub(&c.y, t4, t6)
 
 	// Set z = 2(u2-u1)·z1·z2 = 2h·z1·z2
 	gfpAdd(t, &a.z, &b.z) // t11
-	gfpMul(t4, t, t)      // t12
+	gfpSqr(t4, t, 1)      // t12
 	gfpSub(t, t4, z12)    // t13
 	gfpSub(t4, t, z22)    // t14
 	gfpMul(&c.z, t4, h)
@@ -171,31 +171,31 @@ func (c *curvePoint) Add(a, b *curvePoint) {
 func (c *curvePoint) Double(a *curvePoint) {
 	// See http://hyperelliptic.org/EFD/g1p/auto-code/shortw/jacobian-0/doubling/dbl-2009-l.op3
 	A, B, C := &gfP{}, &gfP{}, &gfP{}
-	gfpMul(A, &a.x, &a.x)
-	gfpMul(B, &a.y, &a.y)
-	gfpMul(C, B, B)
+	gfpSqr(A, &a.x, 1)
+	gfpSqr(B, &a.y, 1)
+	gfpSqr(C, B, 1)
 
 	t, t2 := &gfP{}, &gfP{}
 	gfpAdd(t, &a.x, B)
-	gfpMul(t2, t, t)
+	gfpSqr(t2, t, 1)
 	gfpSub(t, t2, A)
 	gfpSub(t2, t, C)
 
 	d, e, f := &gfP{}, &gfP{}, &gfP{}
 	gfpAdd(d, t2, t2)
-	gfpAdd(t, A, A)
+	gfpDouble(t, A)
 	gfpAdd(e, t, A)
-	gfpMul(f, e, e)
+	gfpSqr(f, e, 1)
 
-	gfpAdd(t, d, d)
+	gfpDouble(t, d)
 	gfpSub(&c.x, f, t)
 
 	gfpMul(&c.z, &a.y, &a.z)
-	gfpAdd(&c.z, &c.z, &c.z)
+	gfpDouble(&c.z, &c.z)
 
-	gfpAdd(t, C, C)
-	gfpAdd(t2, t, t)
-	gfpAdd(t, t2, t2)
+	gfpDouble(t, C)
+	gfpDouble(t2, t)
+	gfpDouble(t, t2)
 	gfpSub(&c.y, d, &c.x)
 	gfpMul(t2, e, &c.y)
 	gfpSub(&c.y, t2, t)
@@ -232,7 +232,7 @@ func (c *curvePoint) MakeAffine() {
 
 	t, zInv2 := &gfP{}, &gfP{}
 	gfpMul(t, &c.y, zInv)
-	gfpMul(zInv2, zInv, zInv)
+	gfpSqr(zInv2, zInv, 1)
 
 	gfpMul(&c.x, &c.x, zInv2)
 	gfpMul(&c.y, t, zInv2)

sm9/bn256/gfp12.go

@@ -258,11 +258,11 @@ func (e *gfP12) SpecialSquares(a *gfP12, n int) *gfP12 {
 	ty.Triple(v1)
 	tz.Triple(v2)
 
-	v0.Add(&a.x, &a.x) // (f12, f01)
+	v0.Double(&a.x) // (f12, f01)
 	v0.y.Neg(&v0.y)
-	v1.Add(&a.y, &a.y) // (f02, f10)
+	v1.Double(&a.y) // (f02, f10)
 	v1.x.Neg(&v1.x)
-	v2.Add(&a.z, &a.z) // (f11, f00)
+	v2.Double(&a.z) // (f11, f00)
 	v2.y.Neg(&v2.y)
 
 	v0.Add(ty, v0)
@@ -285,11 +285,11 @@ func (e *gfP12) SpecialSquares(a *gfP12, n int) *gfP12 {
 		ty.Triple(v1)
 		tz.Triple(v2)
 
-		v0.Add(&in.x, &in.x) // (f12, f01)
+		v0.Double(&in.x) // (f12, f01)
 		v0.y.Neg(&v0.y)
-		v1.Add(&in.y, &in.y) // (f02, f10)
+		v1.Double(&in.y) // (f02, f10)
 		v1.x.Neg(&v1.x)
-		v2.Add(&in.z, &in.z) // (f11, f00)
+		v2.Double(&in.z) // (f11, f00)
 		v2.y.Neg(&v2.y)
 
 		v0.Add(ty, v0)
@@ -321,11 +321,11 @@ func (e *gfP12) SpecialSquareNC(a *gfP12) *gfP12 {
 	ty.Triple(v1)
 	tz.Triple(v2)
 
-	v0.Add(&a.x, &a.x) // (f12, f01)
+	v0.Double(&a.x) // (f12, f01)
 	v0.y.Neg(&v0.y)
-	v1.Add(&a.y, &a.y) // (f02, f10)
+	v1.Double(&a.y) // (f02, f10)
 	v1.x.Neg(&v1.x)
-	v2.Add(&a.z, &a.z) // (f11, f00)
+	v2.Double(&a.z) // (f11, f00)
 	v2.y.Neg(&v2.y)
 
 	v0.Add(ty, v0)

sm9/bn256/gfp2.go

@@ -75,13 +75,13 @@ func (e *gfP2) IsOne() bool {
 
 func (e *gfP2) Conjugate(a *gfP2) *gfP2 {
 	e.y.Set(&a.y)
-	gfpSub(&e.x, zero, &a.x)
+	gfpNeg(&e.x, &a.x)
 	return e
 }
 
 func (e *gfP2) Neg(a *gfP2) *gfP2 {
-	gfpSub(&e.x, zero, &a.x)
-	gfpSub(&e.y, zero, &a.y)
+	gfpNeg(&e.x, &a.x)
+	gfpNeg(&e.y, &a.y)
 	return e
 }
 
@@ -98,17 +98,14 @@ func (e *gfP2) Sub(a, b *gfP2) *gfP2 {
 }
 
 func (e *gfP2) Double(a *gfP2) *gfP2 {
-	gfpAdd(&e.x, &a.x, &a.x)
-	gfpAdd(&e.y, &a.y, &a.y)
+	gfpDouble(&e.x, &a.x)
+	gfpDouble(&e.y, &a.y)
 	return e
 }
 
 func (e *gfP2) Triple(a *gfP2) *gfP2 {
-	gfpAdd(&e.x, &a.x, &a.x)
-	gfpAdd(&e.y, &a.y, &a.y)
-
-	gfpAdd(&e.x, &e.x, &a.x)
-	gfpAdd(&e.y, &e.y, &a.y)
+	gfpTriple(&e.x, &a.x)
+	gfpTriple(&e.y, &a.y)
 	return e
 }
 
@@ -172,8 +169,8 @@ func (e *gfP2) MulUNC(a, b *gfP2) *gfP2 {
 	gfpMul(ty, tx, ty)
 	gfpSub(ty, ty, v0)
 	gfpSub(ty, ty, v1)
-	gfpAdd(ty, ty, ty)
-	gfpSub(ty, zero, ty)
+	gfpDouble(ty, ty)
+	gfpNeg(ty, ty)
 
 	gfpSub(tx, v0, v1)
 	gfpSub(tx, tx, v1)
@@ -187,8 +184,8 @@ func (e *gfP2) MulUNC(a, b *gfP2) *gfP2 {
 // c0 = -2a1
 func (e *gfP2) MulU1(a *gfP2) *gfP2 {
 	t := &gfP{}
-	gfpAdd(t, &a.x, &a.x)
-	gfpSub(t, zero, t)
+	gfpDouble(t, &a.x)
+	gfpNeg(t, t)
 
 	gfpCopy(&e.x, &a.y)
 	gfpCopy(&e.y, t)
@@ -212,12 +209,12 @@ func (e *gfP2) SquareNC(a *gfP2) *gfP2 {
 	ty := &e.y
 
 	gfpAdd(ty, &a.x, &a.y)
-	gfpAdd(tx, &a.x, &a.x)
+	gfpDouble(tx, &a.x)
 	gfpSub(tx, &a.y, tx)
 	gfpMul(ty, tx, ty)
 	gfpMul(tx, &a.x, &a.y)
 	gfpAdd(ty, tx, ty)
-	gfpAdd(tx, tx, tx)
+	gfpDouble(tx, tx)
 
 	return e
 }
@@ -240,14 +237,14 @@ func (e *gfP2) SquareUNC(a *gfP2) *gfP2 {
 	ty := &e.y
 
 	gfpAdd(tx, &a.x, &a.y)
-	gfpAdd(ty, &a.x, &a.x)
+	gfpDouble(ty, &a.x)
 	gfpSub(ty, &a.y, ty)
 	gfpMul(tx, tx, ty)
 	gfpMul(ty, &a.x, &a.y)
 	gfpAdd(tx, tx, ty)
-	gfpAdd(ty, ty, ty)
-	gfpAdd(ty, ty, ty)
-	gfpSub(ty, zero, ty)
+	gfpDouble(ty, ty)
+	gfpDouble(ty, ty)
+	gfpNeg(ty, ty)
 
 	return e
 }
@@ -263,14 +260,14 @@ func (e *gfP2) Invert(a *gfP2) *gfP2 {
 	// ftp://136.206.11.249/pub/crypto/pairings.pdf
 	t1, t2, t3 := &gfP{}, &gfP{}, &gfP{}
 	gfpSqr(t1, &a.x, 1)
-	gfpAdd(t3, t1, t1)
+	gfpDouble(t3, t1)
 	gfpSqr(t2, &a.y, 1)
 	gfpAdd(t3, t3, t2)
 
 	inv := &gfP{}
 	inv.Invert(t3) // inv = (2 * a.x ^ 2 + a.y ^ 2) ^ (-1)
 
-	gfpSub(t1, zero, &a.x)
+	gfpNeg(t1, &a.x)
 
 	gfpMul(&e.x, t1, inv)   // x = - a.x * inv
 	gfpMul(&e.y, &a.y, inv) // y = a.y * inv