Consensys · gbotrel · Jan 6, 2021 · Dec 23, 2020 · Dec 24, 2020 · Dec 24, 2020
diff --git a/bw761/internal/fptower/e2_test.go b/bw761/internal/fptower/e2_test.go
@@ -146,7 +146,7 @@ func TestE2Ops(t *testing.T) {
 	genB := GenE2()
 	genfp := GenFp()
 
-	properties.Property("[BN256] sub & add should leave an element invariant", prop.ForAll(
+	properties.Property("[BW761] sub & add should leave an element invariant", prop.ForAll(
 		func(a, b *E2) bool {
 			var c E2
 			c.Set(a)
@@ -157,7 +157,7 @@ func TestE2Ops(t *testing.T) {
 		genB,
 	))
 
-	properties.Property("[BN256] mul & inverse should leave an element invariant", prop.ForAll(
+	properties.Property("[BW761] mul & inverse should leave an element invariant", prop.ForAll(
 		func(a, b *E2) bool {
 			var c, d E2
 			d.Inverse(b)
@@ -169,7 +169,7 @@ func TestE2Ops(t *testing.T) {
 		genB,
 	))
 
-	properties.Property("[BN256] inverse twice should leave an element invariant", prop.ForAll(
+	properties.Property("[BW761] inverse twice should leave an element invariant", prop.ForAll(
 		func(a *E2) bool {
 			var b E2
 			b.Inverse(a).Inverse(&b)
@@ -178,7 +178,7 @@ func TestE2Ops(t *testing.T) {
 		genA,
 	))
 
-	properties.Property("[BN256] neg twice should leave an element invariant", prop.ForAll(
+	properties.Property("[BW761] neg twice should leave an element invariant", prop.ForAll(
 		func(a *E2) bool {
 			var b E2
 			b.Neg(a).Neg(&b)
@@ -187,7 +187,7 @@ func TestE2Ops(t *testing.T) {
 		genA,
 	))
 
-	properties.Property("[BN256] square and mul should output the same result", prop.ForAll(
+	properties.Property("[BW761] square and mul should output the same result", prop.ForAll(
 		func(a *E2) bool {
 			var b, c E2
 			b.Mul(a, a)
@@ -197,7 +197,7 @@ func TestE2Ops(t *testing.T) {
 		genA,
 	))
 
-	properties.Property("[BN256] MulByElement MulByElement inverse should leave an element invariant", prop.ForAll(
+	properties.Property("[BW761] MulByElement MulByElement inverse should leave an element invariant", prop.ForAll(
 		func(a *E2, b fp.Element) bool {
 			var c E2
 			var d fp.Element
@@ -209,7 +209,7 @@ func TestE2Ops(t *testing.T) {
 		genfp,
 	))
 
-	properties.Property("[BN256] Double and mul by 2 should output the same result", prop.ForAll(
+	properties.Property("[BW761] Double and mul by 2 should output the same result", prop.ForAll(
 		func(a *E2) bool {
 			var b E2
 			var c fp.Element
@@ -221,7 +221,7 @@ func TestE2Ops(t *testing.T) {
 		genA,
 	))
 
-	properties.Property("[BN256] Mulbynonres should be the same as multiplying by (0,1)", prop.ForAll(
+	properties.Property("[BW761] Mulbynonres should be the same as multiplying by (0,1)", prop.ForAll(
 		func(a *E2) bool {
 			var b, c, d E2
 			b.A1.SetOne()
@@ -232,7 +232,7 @@ func TestE2Ops(t *testing.T) {
 		genA,
 	))
 
-	properties.Property("[BN256] a + pi(a), a-pi(a) should be real", prop.ForAll(
+	properties.Property("[BW761] a + pi(a), a-pi(a) should be real", prop.ForAll(
 		func(a *E2) bool {
 			var b, c, d E2
 			var e, f fp.Element

diff --git a/bw761/internal/fptower/e6_pairing.go b/bw761/internal/fptower/e6_pairing.go
@@ -12,33 +12,33 @@ func (z *E6) Expt(x *E6) *E6 {
 	var result, x33 E6
 
 	// a shortest addition chain for 136227
-	result.Set(x)             // 0                1
-	result.Square(&result)    // 1( 0)            2
-	result.Square(&result)    // 2( 1)            4
-	result.Square(&result)    // 3( 2)            8
-	result.Square(&result)    // 4( 3)           16
-	result.Square(&result)    // 5( 4)           32
-	result.Mul(&result, x)    // 6( 5, 0)        33
-	x33.Set(&result)          // save x33 for step 14
-	result.Square(&result)    // 7( 6)           66
-	result.Square(&result)    // 8( 7)          132
-	result.Square(&result)    // 9( 8)          264
-	result.Square(&result)    // 10( 9)          528
-	result.Square(&result)    // 11(10)         1056
-	result.Square(&result)    // 12(11)         2112
-	result.Square(&result)    // 13(12)         4224
-	result.Mul(&result, &x33) // 14(13, 6)      4257
-	result.Square(&result)    // 15(14)         8514
-	result.Square(&result)    // 16(15)        17028
-	result.Square(&result)    // 17(16)        34056
-	result.Square(&result)    // 18(17)        68112
-	result.Mul(&result, x)    // 19(18, 0)     68113
-	result.Square(&result)    // 20(19)       136226
-	result.Mul(&result, x)    // 21(20, 0)    136227
+	result.Set(x)                    // 0                1
+	result.CyclotomicSquare(&result) // 1( 0)            2
+	result.CyclotomicSquare(&result) // 2( 1)            4
+	result.CyclotomicSquare(&result) // 3( 2)            8
+	result.CyclotomicSquare(&result) // 4( 3)           16
+	result.CyclotomicSquare(&result) // 5( 4)           32
+	result.Mul(&result, x)           // 6( 5, 0)        33
+	x33.Set(&result)                 // save x33 for step 14
+	result.CyclotomicSquare(&result) // 7( 6)           66
+	result.CyclotomicSquare(&result) // 8( 7)          132
+	result.CyclotomicSquare(&result) // 9( 8)          264
+	result.CyclotomicSquare(&result) // 10( 9)          528
+	result.CyclotomicSquare(&result) // 11(10)         1056
+	result.CyclotomicSquare(&result) // 12(11)         2112
+	result.CyclotomicSquare(&result) // 13(12)         4224
+	result.Mul(&result, &x33)        // 14(13, 6)      4257
+	result.CyclotomicSquare(&result) // 15(14)         8514
+	result.CyclotomicSquare(&result) // 16(15)        17028
+	result.CyclotomicSquare(&result) // 17(16)        34056
+	result.CyclotomicSquare(&result) // 18(17)        68112
+	result.Mul(&result, x)           // 19(18, 0)     68113
+	result.CyclotomicSquare(&result) // 20(19)       136226
+	result.Mul(&result, x)           // 21(20, 0)    136227
 
 	// the remaining 46 bits
 	for i := 0; i < 46; i++ {
-		result.Square(&result)
+		result.CyclotomicSquare(&result)
 	}
 	result.Mul(&result, x)
 

diff --git a/bw761/internal/fptower/e6_test.go b/bw761/internal/fptower/e6_test.go
@@ -1,8 +1,10 @@
 package fptower
 
 import (
+	"math/big"
 	"testing"
 
+	"github.com/consensys/gurvy/bw761/fp"
 	"github.com/leanovate/gopter"
 	"github.com/leanovate/gopter/prop"
 )
@@ -181,14 +183,14 @@ func TestE6ReceiverIsOperand(t *testing.T) {
 func TestE6Ops(t *testing.T) {
 
 	parameters := gopter.DefaultTestParameters()
-	parameters.MinSuccessfulTests = 1
+	parameters.MinSuccessfulTests = 100
 
 	properties := gopter.NewProperties(parameters)
 
 	genA := GenE6()
 	genB := GenE6()
 
-	properties.Property("[BN256] sub & add should leave an element invariant", prop.ForAll(
+	properties.Property("[BW761] sub & add should leave an element invariant", prop.ForAll(
 		func(a, b *E6) bool {
 			var c E6
 			c.Set(a)
@@ -199,7 +201,7 @@ func TestE6Ops(t *testing.T) {
 		genB,
 	))
 
-	properties.Property("[BN256] mul & inverse should leave an element invariant", prop.ForAll(
+	properties.Property("[BW761] mul & inverse should leave an element invariant", prop.ForAll(
 		func(a, b *E6) bool {
 			var c, d E6
 			d.Inverse(b)
@@ -211,7 +213,7 @@ func TestE6Ops(t *testing.T) {
 		genB,
 	))
 
-	properties.Property("[BN256] inverse twice should leave an element invariant", prop.ForAll(
+	properties.Property("[BW761] inverse twice should leave an element invariant", prop.ForAll(
 		func(a *E6) bool {
 			var b E6
 			b.Inverse(a).Inverse(&b)
@@ -220,7 +222,7 @@ func TestE6Ops(t *testing.T) {
 		genA,
 	))
 
-	properties.Property("[BN256] square and mul should output the same result", prop.ForAll(
+	properties.Property("[BW761] square and mul should output the same result", prop.ForAll(
 		func(a *E6) bool {
 			var b, c E6
 			b.Mul(a, a)
@@ -230,7 +232,46 @@ func TestE6Ops(t *testing.T) {
 		genA,
 	))
 
-	properties.Property("[BN256] pi**6=id", prop.ForAll(
+	properties.Property("[BW761] Frobenius(a) = a^q", prop.ForAll(
+		func(a *E6) bool {
+			var res1, res2 E6
+			res1.Frobenius(a)
+			res2.Exp(a, *fp.Modulus())
+
+			return res2.Equal(&res2)
+		},
+		genA,
+	))
+
+	properties.Property("[BW761] FrobeniusSquare(a) = a^(q^2)", prop.ForAll(
+		func(a *E6) bool {
+			var res1, res2 E6
+			var q, q2 big.Int
+			q = *fp.Modulus()
+			q2.Mul(&q, &q)
+			res1.FrobeniusSquare(a)
+			res2.Exp(a, q2)
+
+			return res2.Equal(&res2)
+		},
+		genA,
+	))
+
+	properties.Property("[BW761] FrobeniusCube(a) = a^(q^3)", prop.ForAll(
+		func(a *E6) bool {
+			var res1, res2 E6
+			var q, q3 big.Int
+			q = *fp.Modulus()
+			q3.Mul(&q, &q).Mul(&q3, &q)
+			res1.FrobeniusCube(a)
+			res2.Exp(a, q3)
+
+			return res2.Equal(&res2)
+		},
+		genA,
+	))
+
+	properties.Property("[BW761] pi**6=id", prop.ForAll(
 		func(a *E6) bool {
 			var b E6
 			b.Frobenius(a).
@@ -244,7 +285,7 @@ func TestE6Ops(t *testing.T) {
 		genA,
 	))
 
-	properties.Property("[BN256] (pi**2)**3=id", prop.ForAll(
+	properties.Property("[BW761] (pi**2)**3=id", prop.ForAll(
 		func(a *E6) bool {
 			var b E6
 			b.FrobeniusSquare(a).
@@ -255,7 +296,7 @@ func TestE6Ops(t *testing.T) {
 		genA,
 	))
 
-	properties.Property("[BN256] (pi**3)**2=id", prop.ForAll(
+	properties.Property("[BW761] (pi**3)**2=id", prop.ForAll(
 		func(a *E6) bool {
 			var b E6
 			b.FrobeniusCube(a).
@@ -265,7 +306,7 @@ func TestE6Ops(t *testing.T) {
 		genA,
 	))
 
-	properties.Property("[BN256] cyclotomic square and square should be the same in the cyclotomic subgroup", prop.ForAll(
+	properties.Property("[BW761] cyclotomic square and square should be the same in the cyclotomic subgroup", prop.ForAll(
 		func(a *E6) bool {
 			var b, c, d E6
 			b.Frobenius(a)