Prime field Fq.

Quadratic extension field of Fq defined as Fq2 = Fq[u]/+ 1.

Cubic extension field of Fq2 defined as Fq6 = Fq2[v]/- (9 + u).

Quadratic extension field of Fq6 defined as Fq12 = Fq6[w]/- v.

Prime field Fr.

G1 is E(Fq) defined by y^2 = x^3 + b.

G2 is E'(Fq2) defined by y^2 = x^3 + b / xi.

G2' is G2 in Jacobian coordinates.

GT is subgroup of r-th roots of unity of the multiplicative group of Fq12.

Generator of G1.

Generator of G2.

Generator of GT.

Order of G1.

Order of G2.

Order of GT.

Elliptic curve E(Fq) coefficient A, with y = x^3 + Ax + B.

Elliptic curve E(Fq2) coefficient A', with y = x^3 + A'x + B'.

Elliptic curve E(Fq) coefficient B, with y = x^3 + Ax + B.

Elliptic curve E(Fq2) coefficient B', with y = x^3 + A'x + B'.

Embedding degree.

Quadratic nonresidue in Fq.

Characteristic of finite fields.

Order of G1 and characteristic of prime field of exponents.

BN parameter that determines the prime _q.

Parameter of twisted curve over Fq.

Conjugation.

Get Y coordinate from X coordinate given a curve and a choice function.

Scalar multiplication.

Multiply by _xi (cubic nonresidue in Fq2) and reorder coefficients.

Iterated Frobenius automorphism in Fq12.

Check if an element is a root of unity.

Check if an element is a primitive root of unity.

Compute primitive roots of unity for 2^0, 2^1, ..., 2^28. (2^28 is the largest power of two that divides _r - 1, therefore there are no primitive roots of unity for higher powers of 2 in Fr.)

Precompute roots of unity.