From 8e4c5cc850fe46f737a961bfd6baa9d815097665 Mon Sep 17 00:00:00 2001 From: WitherOrNot Date: Tue, 9 Jun 2026 16:08:57 -0400 Subject: [PATCH] Update PKEY2005.md --- PKEY2005.md | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/PKEY2005.md b/PKEY2005.md index 3bf0a37..d90b979 100644 --- a/PKEY2005.md +++ b/PKEY2005.md @@ -91,9 +91,10 @@ struct field_data { u8 h1_coeffs[num_elements]; // H1 radices bignum modulus; // Prime modulus of base field u8 order[size_order]; // Order of elliptic curve over base field (also a bignum) - // Polynomials are stored as bytes in order of lowest to highest degree coefficients - u8 ext_split_poly1[ext_deg1 + 1]; // Minimal polynomial of first field extension - u8 ext_split_poly2[ext_deg2 + 1]; // Minimal polynomial of second field extension + // Polynomials are stored as signed bytes in order of lowest to highest degree coefficients + // Negative coefficients will be reduced in the field K, so c[i] = -u == p - u + s8 ext_split_poly1[ext_deg1 + 1]; // Minimal polynomial of first field extension + s8 ext_split_poly2[ext_deg2 + 1]; // Minimal polynomial of second field extension // Unused capability: y^2 = x^3 + ec_a_base * x + ec_b_base // This curve would be over the base field bignum ec_a_base; @@ -149,7 +150,7 @@ Given an extension field $K \supseteq L$, with $u$ being the primitive element o $$ w = z_0 + z_1 u + z_2 u^2 + \ldots + z_{n-1} u^{n-1} $$ where $n$ is the degree of the extension and $z_i \in L$. -This encoding method is used to represent elements of an extension field as arrays of elements in the base field, and is used to encode the coordinates of elliptic curve points as well. +This encoding method is used to represent elements of an extension field as arrays of elements in the base field (in the same order as the equation above), which is used to encode the coordinates of elliptic curve points and the pairing value. The patent also describes that points in $E/K_6$ can be represented as points in $E/K_3$ to reduce storage space. This compression method is used on the points in $\vec{Q}'$, and must be undone before pairing computation to retrieve $\vec{Q}$.