Make residues in Fp3 more flexible.

src/epx/relic_ep3_curve.c

@@ -99,17 +99,17 @@
 #define FM18_P768_A0		"0"
 #define FM18_P768_A1		"0"
 #define FM18_P768_A2		"0"
-#define FM18_P768_B0		"0"
+#define FM18_P768_B0		"-14"
 #define FM18_P768_B1		"5"
 #define FM18_P768_B2		"0"
-#define FM18_P768_X0		"FE31E13463CB8897FE1708543815C50C0FFBC6AAE7360ACF2B36B64FC0D806FDF4B80FCFCD28CA748F6964B9C7848882AA1DEC9640D8CF09344B95F78E4E85F790959CE583A201FCAD217D3E39CADBE3B7B3F9BC0AE6E7753FA806880660B538"
-#define FM18_P768_X1		"E69ECCB9020052A03987AFA34E9F30D7298AA8E02B157866C37A84B444775BF7A439E5A3BD611738444BF7DF8237B478D6A284A7D46736BC29528A88C6CE23E997AABA613211A42D027D83AFEC558BD69FDCCBEEE7273F335E449FAD8E4B1F92"
-#define FM18_P768_X2		"F21BA095672FE95B02E5C5CD933F403D9C48FC980D378FC5184893E8D3E34834B32BA9D1B7A540A102EF345CA0C7E4B134F925948FA4BB3EB00184FD829FA8553EE43938E783687A553F3E75851E6B2C039698C77899D849AB8016BF9041AFC2"
-#define FM18_P768_Y0		"D16A99C5ED5D491EA7B51110063533ABCC26EC4C77232489F82F04A862F9C7FCF9672EFE6960F5A2D11FABFCBBE1499F79373324699E557280FE3A588B8DEC2FB6A5376172179DA428BBECAC45F245747DD2D47D0A014119FA441326A50765F4"
-#define FM18_P768_Y1		"D009FDA9F7B1666F00A9DDBAA872AA0FFD60F9436E9DFED25AE3FEF0D346C232E8B25624106D30CA7A22986423D922A1C1291D370369826DC1E189A489581191C66F1E983521C3318A66FFCA874EB12A07CAF39048C9E985C6068C7571FF6790"
-#define FM18_P768_Y2		"6FAD5BE9CBC44355D5745ABB148D5132DDBBF1BEAB092D03954FD7DB16D0EC25C1EDA664057E758481AF124666DD668478B452C43B9C1B78602193262DD9AE8DD749F40F58FC458D6CF1CD3442C2822A5C976D4195276A5FC19E16759DAD1FE3"
-#define FM18_P768_R		"FFFFFFF27FA00045F4380E5F9EE3795E88D88C72E7B408B61E4CA1FB2558E7C336F40FAAEC98807AF3600C06C0300001"
-#define FM18_P768_H		"FFFFFFBC7E20087CAA5905F0B82ABB93AF7E81A53882226042648999C855F369B72CECF33CAFCEE57D8E28C84A08805B59DE451E30AC535A4DD982BCD28F9915B40B200C183FEEB08DC7E199BD1C0BC98FB2653657500B21B5876AA05AA4870EF344801BFE0329F91259BB407D680660A83C30FD7B152124C532AE9C1834BB5967AA84FD428CC94EDE0BBF89981839AC28D48E78F22A4695C2C0CC996FFAF415B9B684B1B2427CAA3EE14D0B8463A431ACC81B81F156C21F6B157D8BE3DCB1E0459DE473AC6EFAF4BD9EBBC861C799A4F9EF7D445FB243587315E11A04E4BF85CBE901BA1273F2C229293D5102400004"
+#define FM18_P768_X0		"1D930B0B04D7465AB78CA64B2B5DC31F76CA89CABAF298299A7A9F372BD3FF506AC99CB9BE1915BA02C7ED843B32E5B7117F4FF177B9F8EA8E917EA292C020ABF01B8EC7702797F46657A4AC50E0B1BC0E3EFAB4668822FC41DAA3E3E4B54361"
+#define FM18_P768_X1		"EC814ED9C93EB3787C1D58406920E3941BF9B39200431A5DD3114F3E9A8202CCCA742B4D0A96D083D11883E4CD4A5AA2FF3D10CAFF789D754C4AF11C09BD453FF379F07C778CFDE0156B87B8A731DD5998715486EBFA0A0F40A7591AC19AF918"
+#define FM18_P768_X2		"FCDA64C5662F0E0F0A1FCDCC80BBDCC4B99BAEB06917E0BE604828C636927F9A08A40C184490CE3E5982EDECD2E9D0F93A97BCE43E3C05EC502E781C47866BE70B51F542027C96A2090E96B6428177465C4645F5808ECCDA5A0CB34F689F0E7E"
+#define FM18_P768_Y0		"51CC2E24BFC22B4D46B33FF63B91D0B6EF6CDAF5AEFA9B54588F08787362B29489CD18D3EDEEF975B3E07090149EFEEC95455CBD7FADAC43284D4836A2581F81214FF8D7273AA46DF440628B1B4AEBE2BD30809C675EC62B365DE91484BAA6D8"
+#define FM18_P768_Y1		"87A1EEC340AB26B14EBE6F2056CE339553090C95A0653432428B62FE34BCCA238F0D067B8E8F2345BC2F46DE68493C75C2ED07C5F2D9B29A6BF9FA730D1C78582819735D7FED671B03C359DECC81765A8A8E1DD16C87801FC3FC40176FB55C5C"
+#define FM18_P768_Y2		"DFE9CABA0A20C5FB26091329C60716EC027B828A173120F1AC7BAA5336E97348B26071A022DC0352074F0EA581F63632B6BBBBE9F06CE2762F66087D50D7DB9C96B0192E30F4406104F5D53DCC922A40AEA7600FD79AFB7E2A83350A4D0AD74A"
+#define FM18_P768_R			"FFFFFFF27FA00045F4380E5F9EE3795E88D88C72E7B408B61E4CA1FB2558E7C336F40FAAEC98807AF3600C06C0300001"
+#define FM18_P768_H			"FFFFFFBC7E20087CAA5905F0B82ABB93AF7E81A53882226042648999C855F369B72CECF33CAFCEE57D8E28C84A08805B59DE451E30AC535A4DD982BCD28F9915B40B200C183FEEB08DC7E199BD1C0BC98FB2653657500B21B5876AA05AA4870EF344801BFE0329F91259BB407D680660A83C30FD7B152124C532AE9C1834BB5967AA84FD428CC94EDE0BBF89981839AC28D48E78F22A4695C2C0CC996FFAF415B9B684B1B2427CAA3EE14D0B8463A431ACC81B81F156C21F6B157D8BE3DCB1E0459DE473AC6EFAF4BD9EBBC861C799A4F9EF7D445FB243587315E11A04E4BF85CBE901BA1273F2C229293D5102400004"
 /** @} */
 #endif
 

src/epx/relic_ep3_mul.c

@@ -70,9 +70,9 @@ static void ep3_psi(ep3_t r, const ep3_t p) {
 				ep3_frb(r, r, 1);
 				break;
 			case EP_FM18:
-				/* For FM18, we have that -u = (p-p^4) mod r. */
+				/* For FM18, we have that u = (p^4-p) mod r. */
 				ep3_frb(q, p, 3);
-				ep3_sub(r, p, q);
+				ep3_sub(r, q, p);
 				ep3_frb(r, r, 1);
 				break;
 		}

src/fpx/relic_fp3_mul.c

@@ -190,6 +190,7 @@ void fp3_mul_nor(fp3_t c, const fp3_t a) {
 		fp3_mul_art(t, a);
 
 		int cnr = fp3_field_get_cnr();
+		cnr = (cnr < 0 ? -cnr : cnr);
 		switch (fp_prime_get_mod18()) {
 			case 1:
 			case 7:
@@ -202,7 +203,11 @@ void fp3_mul_nor(fp3_t c, const fp3_t a) {
 						}
 						cnr = cnr >> 1;
 					}
-					fp3_add(t, t, u);
+					if (fp3_field_get_cnr() > 0) {
+						fp3_add(t, t, u);
+					} else {
+						fp3_sub(t, t, u);
+					}
 				}
 				break;
 		}

src/fpx/relic_fpx_cyc.c

@@ -1557,21 +1557,32 @@ static void fp18_gls(fp18_t c, const fp18_t a) {
 	RLC_TRY {
 		fp18_new(b);
 
-		if (ep_curve_is_pairf() == EP_SG18) {
-			/* -3*u = (2*p^2 - p^5) mod r */
-			fp18_frb(b, a, 5);
-			fp18_inv_cyc(b, b);
-			fp18_frb(c, a, 2);
-			fp18_sqr_cyc(c, c);
-			fp18_mul(c, c, b);
-		} else {
-			/* For KSS18, we have that x = p^4 - 3*p = (p^3 - 3)p mod n. */
-			fp18_sqr_cyc(b, a);
-			fp18_mul(b, b, a);
-			fp18_frb(c, a, 3);
-			fp18_inv_cyc(b, b);
-			fp18_mul(c, c, b);
-			fp18_frb(c, c, 1);
+		switch (ep_curve_is_pairf()) {
+			case EP_SG18:
+				/* -3*u = (2*p^2 - p^5) mod r */
+				fp18_frb(b, a, 5);
+				fp18_inv_cyc(b, b);
+				fp18_frb(c, a, 2);
+				fp18_sqr_cyc(c, c);
+				fp18_mul(c, c, b);
+				break;
+			case EP_K18:
+				/* For KSS18, we have that x = p^4 - 3*p = (p^3 - 3)p mod n. */
+				fp18_sqr_cyc(b, a);
+				fp18_mul(b, b, a);
+				fp18_frb(c, a, 3);
+				fp18_inv_cyc(b, b);
+				fp18_mul(c, c, b);
+				fp18_frb(c, c, 1);
+				break;
+			case EP_FM18:
+				/* For FM18, we have that u = (p^4-p) mod r. */
+				fp18_frb(b, a, 3);
+				fp18_inv_cyc(b, b);
+				fp18_mul(c, a, b);
+				fp18_frb(c, c, 1);
+				fp18_inv_cyc(c, c);
+				break;
 		}
 	}
 	RLC_CATCH_ANY {

src/fpx/relic_fpx_field.c

@@ -54,8 +54,9 @@ int fp3_field_get_cnr() {
 	} else {
 		return 3;
 	}
+#elif FP_PRIME == 768
+	return -4;
 #endif
-
 	return core_get()->cnr3;
 }
 
@@ -188,7 +189,7 @@ void fp3_field_init(void) {
 		fp_zero(t0[2]);
 		/* If it does not work, attempt (u + 1), otherwise double. */
 		/* This code will fail if p \neq 1 mod 8 because square root in Fp^3
-		 * relic on Frobenius. Must implement explicit test for those cases. */
+		 * relies on Frobenius. Must implement explicit test for those cases. */
 		if (fp3_srt(t1, t0)) {
 			ctx->cnr3 = 1;
 			fp_set_dig(t0[0], ctx->cnr3);

src/low/easy/relic_fpx_add_low.c

@@ -306,6 +306,7 @@ void fp3_nord_low(dv3_t c, dv3_t a) {
 		dv_copy(t[1], a[0], 2 * RLC_FP_DIGS);
 
 		int cnr = fp3_field_get_cnr();
+		cnr = (cnr < 0 ? -cnr : cnr);
 		switch (fp_prime_get_mod18()) {
 			case 1:
 			case 7:
@@ -320,7 +321,11 @@ void fp3_nord_low(dv3_t c, dv3_t a) {
 						}
 						cnr = cnr >> 1;
 					}
-					fp3_addc_low(t, t, u);
+					if (fp3_field_get_cnr() > 0) {
+						fp3_addc_low(t, t, u);
+					} else {
+						fp3_subc_low(t, t, u);
+					}
 				}
 				break;
 		}

test/test_fpx.c

@@ -1333,8 +1333,13 @@ static int multiplication3(void) {
 			fp3_rand(a);
 			fp3_mul_nor(b, a);
 			switch (fp_prime_get_mod18()) {
+				case 1:
 				case 7:
 					fp_set_dig(c[0], fp3_field_get_cnr());
+					if (fp3_field_get_cnr() < 0) {
+						fp_set_dig(c[0], -fp3_field_get_cnr());
+						fp_neg(c[0], c[0]);
+					}
 					fp_set_dig(c[1], 1);
 					fp_zero(c[2]);
 					fp3_mul(c, a, c);