RubyGems - bls12-381 - Versions diffs - 0.2.2 → 0.3.0 - Mend

bls12-381 0.2.2 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (13) hide show

data/lib/bls/field.rb CHANGED Viewed

@@ -13,10 +13,6 @@ module BLS
       self.class.new(-value)
     end
-    def ==(other)
-      value == other.value
-    end
     def invert
       x0 = 1
       x1 = 0
@@ -75,23 +71,31 @@ module BLS
   end
   # Finite field over q.
-  class Fq
+  class Fp
     include Field
     ORDER = BLS::Curve::P
     MAX_BITS = Curve::P.bit_length
+    BYTES_LEN = (MAX_BITS / 8.0).ceil
     attr_reader :value
     def initialize(value)
-      raise ArgumentError, 'Invalid value.' unless value.is_a?(Integer)
+      raise ArgumentError, 'value must be Integer.' unless value.is_a?(Integer)
       @value = BLS.mod(value, ORDER)
     end
-    ZERO = Fq.new(0)
-    ONE = Fq.new(1)
+    ZERO = Fp.new(0)
+    ONE = Fp.new(1)
+    def to_bytes
+      [to_hex].pack('H*')
+    end
+    def to_hex
+      value.to_s(16).rjust(2 * BYTES_LEN, '0')
+    end
   end
   # Finite field over r.
@@ -103,7 +107,7 @@ module BLS
     attr_reader :value
     def initialize(value)
-      raise ArgumentError, 'Invalid value.' unless value.is_a?(Integer)
+      raise ArgumentError, 'value must be Integer.' unless value.is_a?(Integer)
       @value = BLS.mod(value, ORDER)
     end
@@ -111,10 +115,6 @@ module BLS
     ZERO = Fr.new(0)
     ONE = Fr.new(1)
-    def legendre
-      pow((order - 1) / 2)
-    end
   end
   # Module for a field over polynomial.
@@ -140,7 +140,7 @@ module BLS
     alias - subtract
     def div(other)
-      inv = other.is_a?(Integer) ? Fq.new(other).invert.value : other.invert
+      inv = other.is_a?(Integer) ? Fp.new(other).invert.value : other.invert
       multiply(inv)
     end
     alias / div
@@ -168,14 +168,26 @@ module BLS
     def conjugate
       self.class.new([coeffs[0], coeffs[1].negate])
     end
+    # Convert to byte string.
+    # @return [String]
+    def to_bytes
+      [to_hex].pack('H*')
+    end
+    # Convert to hex string.
+    # @return [String]
+    def to_hex
+      coeffs.map(&:to_hex).join
+    end
   end
   # Finite extension field over irreducible polynomial.
-  # Fq(u) / (u^2 - β) where β = -1
-  class Fq2
+  # Fp(u) / (u^2 - β) where β = -1
+  class Fp2
     include FQP
-    # For Fq2 roots of unity.
+    # For Fp2 roots of unity.
     RV1 = 0x6af0e0437ff400b6831e36d6bd17ffe48395dabc2d3435e77f76e17009241c5ee67992f72ec05f4c81084fbede3cc09
     EV1 = 0x699be3b8c6870965e5bf892ad5d2cc7b0e85a117402dfd83b7f4a947e02d978498255a2aaec0ac627b5afbdf1bf1c90
     EV2 = 0x8157cd83046453f5dd0972b6e3949e4288020b5b8a9cc99ca07e27089a2ce2436d965026adad3ef7baba37f2183e9b5
@@ -191,36 +203,36 @@ module BLS
     def initialize(coeffs)
       raise ArgumentError, 'Expected array with 2 elements' unless coeffs.size == 2
-      @coeffs = coeffs.map { |c| c.is_a?(Integer) ? Fq.new(c) : c }
+      @coeffs = coeffs.map { |c| c.is_a?(Integer) ? Fp.new(c) : c }
     end
-    ROOT = Fq.new(-1)
-    ZERO = Fq2.new([0, 0])
-    ONE = Fq2.new([1, 0])
+    ROOT = Fp.new(-1)
+    ZERO = Fp2.new([0, 0])
+    ONE = Fp2.new([1, 0])
-    # Eighth roots of unity, used for computing square roots in Fq2.
+    # Eighth roots of unity, used for computing square roots in Fp2.
     ROOTS_OF_UNITY = [
-      Fq2.new([1, 0]),
-      Fq2.new([RV1, -RV1]),
-      Fq2.new([0, 1]),
-      Fq2.new([RV1, RV1]),
-      Fq2.new([-1, 0]),
-      Fq2.new([-RV1, RV1]),
-      Fq2.new([0, -1]),
-      Fq2.new([-RV1, -RV1])
+      Fp2.new([1, 0]),
+      Fp2.new([RV1, -RV1]),
+      Fp2.new([0, 1]),
+      Fp2.new([RV1, RV1]),
+      Fp2.new([-1, 0]),
+      Fp2.new([-RV1, RV1]),
+      Fp2.new([0, -1]),
+      Fp2.new([-RV1, -RV1])
     ].freeze
     # eta values, used for computing sqrt(g(X1(t)))
     ETAS = [
-      Fq2.new([EV1, EV2]),
-      Fq2.new([-EV2, EV1]),
-      Fq2.new([EV3, EV4]),
-      Fq2.new([-EV4, EV3])
+      Fp2.new([EV1, EV2]),
+      Fp2.new([-EV2, EV1]),
+      Fp2.new([EV3, EV4]),
+      Fp2.new([-EV4, EV3])
     ].freeze
     FROBENIUS_COEFFICIENTS = [
-      Fq.new(0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001),
-      Fq.new(0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaaaa)
+      Fp.new(0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001),
+      Fp.new(0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaaaa)
     ].freeze
     def values
@@ -233,47 +245,62 @@ module BLS
       a = c0 + c1
       b = c0 - c1
       c = c0 + c0
-      Fq2.new([a * b, c * c1])
+      Fp2.new([a * b, c * c1])
+    end
+    def sqrt
+      candidate = pow((Fp2::ORDER + 8) / 16)
+      check = candidate.square / self
+      r = ROOTS_OF_UNITY
+      divisor = [r[0], r[2], r[4], r[6]].find { |x| x == check }
+      return nil unless divisor
+      root = r[r.index(divisor) / 2]
+      raise Error, 'Invalid root' unless root
+      x1 = candidate / root
+      x2 = x1.negate
+      re1, im1 = x1.coeffs
+      re2, im2 = x2.coeffs
+      im1.value > im2.value || (im1 == im2 && re1.value > re2.value) ? x1 : x2
     end
     def multiply(other)
-      return Fq2.new(coeffs.map { |c| c * other }) if other.is_a?(Integer)
+      return Fp2.new(coeffs.map { |c| c * other }) if other.is_a?(Integer)
       c0, c1 = coeffs
       r0, r1 = other.coeffs
       t1 = c0 * r0
       t2 = c1 * r1
-      Fq2.new([t1 - t2, ((c0 + c1) * (r0 + r1)) - (t1 + t2)])
+      Fp2.new([t1 - t2, ((c0 + c1) * (r0 + r1)) - (t1 + t2)])
     end
     alias * multiply
     def invert
       a, b = values
-      factor = Fq.new(a * a + b * b).invert
-      Fq2.new([factor * a, factor * -b])
+      factor = Fp.new(a * a + b * b).invert
+      Fp2.new([factor * a, factor * -b])
     end
     # Raises to q**i -th power
     def frobenius_map(power)
-      Fq2.new([coeffs[0], coeffs[1] * Fq2::FROBENIUS_COEFFICIENTS[power % 2]])
+      Fp2.new([coeffs[0], coeffs[1] * Fp2::FROBENIUS_COEFFICIENTS[power % 2]])
     end
     def mul_by_non_residue
       c0, c1 = coeffs
-      Fq2.new([c0 - c1, c0 + c1])
+      Fp2.new([c0 - c1, c0 + c1])
     end
     def multiply_by_b
       c0, c1 = coeffs
       t0 = c0 * 4
       t1 = c1 * 4
-      Fq2.new([t0 - t1, t0 + t1])
+      Fp2.new([t0 - t1, t0 + t1])
     end
   end
   # Finite extension field over irreducible polynomial.
-  # Fq2(v) / (v^3 - ξ) where ξ = u + 1
-  class Fq6
+  # Fp2(v) / (v^3 - ξ) where ξ = u + 1
+  class Fp6
     include FQP
     attr_reader :coeffs
@@ -285,61 +312,61 @@ module BLS
     end
     def self.from_tuple(t)
-      Fq6.new([Fq2.new(t[0...2]), Fq2.new(t[2...4]), Fq2.new(t[4...6])])
+      Fp6.new([Fp2.new(t[0...2]), Fp2.new(t[2...4]), Fp2.new(t[4...6])])
     end
-    ZERO = Fq6.new([Fq2::ZERO, Fq2::ZERO, Fq2::ZERO])
-    ONE = Fq6.new([Fq2::ONE, Fq2::ZERO, Fq2::ZERO])
+    ZERO = Fp6.new([Fp2::ZERO, Fp2::ZERO, Fp2::ZERO])
+    ONE = Fp6.new([Fp2::ONE, Fp2::ZERO, Fp2::ZERO])
     FROBENIUS_COEFFICIENTS_1 = [
-      Fq2.new([
+      Fp2.new([
                 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001,
                 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
               ]),
-      Fq2.new([
+      Fp2.new([
                 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000,
                 0x1a0111ea397fe699ec02408663d4de85aa0d857d89759ad4897d29650fb85f9b409427eb4f49fffd8bfd00000000aaac
               ]),
-      Fq2.new([
+      Fp2.new([
                 0x00000000000000005f19672fdf76ce51ba69c6076a0f77eaddb3a93be6f89688de17d813620a00022e01fffffffefffe,
                 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000,
               ]),
-      Fq2.new([
+      Fp2.new([
                 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000,
                 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001
               ]),
-      Fq2.new([
+      Fp2.new([
                 0x1a0111ea397fe699ec02408663d4de85aa0d857d89759ad4897d29650fb85f9b409427eb4f49fffd8bfd00000000aaac,
                 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
               ]),
-      Fq2.new([
+      Fp2.new([
                 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000,
                 0x00000000000000005f19672fdf76ce51ba69c6076a0f77eaddb3a93be6f89688de17d813620a00022e01fffffffefffe
               ])
     ].freeze
     FROBENIUS_COEFFICIENTS_2 = [
-      Fq2.new([
+      Fp2.new([
                 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001,
                 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
               ]),
-      Fq2.new([
+      Fp2.new([
                 0x1a0111ea397fe699ec02408663d4de85aa0d857d89759ad4897d29650fb85f9b409427eb4f49fffd8bfd00000000aaad,
                 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
               ]),
-      Fq2.new([
+      Fp2.new([
                 0x1a0111ea397fe699ec02408663d4de85aa0d857d89759ad4897d29650fb85f9b409427eb4f49fffd8bfd00000000aaac,
                 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
               ]),
-      Fq2.new([
+      Fp2.new([
                 0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaaaa,
                 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
               ]),
-      Fq2.new([
+      Fp2.new([
                 0x00000000000000005f19672fdf76ce51ba69c6076a0f77eaddb3a93be6f89688de17d813620a00022e01fffffffefffe,
                 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
               ]),
-      Fq2.new([
+      Fp2.new([
                 0x00000000000000005f19672fdf76ce51ba69c6076a0f77eaddb3a93be6f89688de17d813620a00022e01fffffffeffff,
                 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
               ])
@@ -347,11 +374,11 @@ module BLS
     # Multiply by quadratic non-residue v.
     def mul_by_non_residue
-      Fq6.new([coeffs[2].mul_by_non_residue, coeffs[0], coeffs[1]])
+      Fp6.new([coeffs[2].mul_by_non_residue, coeffs[0], coeffs[1]])
     end
     def multiply(other)
-      return Fq6.new([coeffs[0] * other, coeffs[1] * other, coeffs[2] * other]) if other.is_a?(Integer)
+      return Fp6.new([coeffs[0] * other, coeffs[1] * other, coeffs[2] * other]) if other.is_a?(Integer)
       c0, c1, c2 = coeffs
       r0, r1, r2 = other.coeffs
@@ -359,7 +386,7 @@ module BLS
       t1 = c1 * r1
       t2 = c2 * r2
-      Fq6.new([
+      Fp6.new([
                 t0 + ((c1 + c2) * (r1 + r2) - (t1 + t2)).mul_by_non_residue,
                 (c0 + c1) * (r0 + r1) - (t0 + t1) + t2.mul_by_non_residue,
                 t1 + ((c0 + c2) * (r0 + r2) - (t0 + t2))
@@ -369,7 +396,7 @@ module BLS
     # Sparse multiplication.
     def multiply_by_1(b1)
-      Fq6.new([coeffs[2].multiply(b1).mul_by_non_residue, coeffs[0] * b1, coeffs[1] * b1])
+      Fp6.new([coeffs[2].multiply(b1).mul_by_non_residue, coeffs[0] * b1, coeffs[1] * b1])
     end
     # Sparse multiplication.
@@ -377,11 +404,11 @@ module BLS
       c0, c1, c2 = coeffs
       t0 = c0 * b0
       t1 = c1 * b1
-      Fq6.new([((c1 + c2) * b1 - t1).mul_by_non_residue + t0, (b0 + b1) * (c0 + c1) - t0 - t1, (c0 + c2) * b0 - t0 + t1])
+      Fp6.new([((c1 + c2) * b1 - t1).mul_by_non_residue + t0, (b0 + b1) * (c0 + c1) - t0 - t1, (c0 + c2) * b0 - t0 + t1])
     end
-    def multiply_by_fq2(other)
-      Fq6.new(coeffs.map { |c| c * other })
+    def multiply_by_fp2(other)
+      Fp6.new(coeffs.map { |c| c * other })
     end
     def square
@@ -390,7 +417,7 @@ module BLS
       t1 = c0 * c1 * 2
       t3 = c1 * c2 * 2
       t4 = c2.square
-      Fq6.new([t3.mul_by_non_residue + t0, t4.mul_by_non_residue + t1, t1 + (c0 - c1 + c2).square + t3 - t0 - t4])
+      Fp6.new([t3.mul_by_non_residue + t0, t4.mul_by_non_residue + t1, t1 + (c0 - c1 + c2).square + t3 - t0 - t4])
     end
     def invert
@@ -399,21 +426,21 @@ module BLS
       t1 = c2.square.mul_by_non_residue - (c0 * c1)
       t2 = c1.square - c0 * c2
       t4 = ((c2 * t1 + c1 * t2).mul_by_non_residue + c0 * t0).invert
-      Fq6.new([t4 * t0, t4 * t1, t4 * t2])
+      Fp6.new([t4 * t0, t4 * t1, t4 * t2])
     end
     def frobenius_map(power)
-      Fq6.new([
+      Fp6.new([
                 coeffs[0].frobenius_map(power),
-                coeffs[1].frobenius_map(power) * Fq6::FROBENIUS_COEFFICIENTS_1[power % 6],
-                coeffs[2].frobenius_map(power) * Fq6::FROBENIUS_COEFFICIENTS_2[power % 6]
+                coeffs[1].frobenius_map(power) * Fp6::FROBENIUS_COEFFICIENTS_1[power % 6],
+                coeffs[2].frobenius_map(power) * Fp6::FROBENIUS_COEFFICIENTS_2[power % 6]
               ])
     end
   end
   # Finite extension field over irreducible polynomial.
-  # Fq6(w) / (w2 - γ) where γ = v
-  class Fq12
+  # Fp6(w) / (w2 - γ) where γ = v
+  class Fp12
     include FQP
     attr_reader :coeffs
@@ -425,71 +452,71 @@ module BLS
     end
     def self.from_tuple(t)
-      Fq12.new([Fq6.from_tuple(t[0...6]), Fq6.from_tuple(t[6...12])])
+      Fp12.new([Fp6.from_tuple(t[0...6]), Fp6.from_tuple(t[6...12])])
     end
-    ZERO = Fq12.new([Fq6::ZERO, Fq6::ZERO])
-    ONE = Fq12.new([Fq6::ONE, Fq6::ZERO])
+    ZERO = Fp12.new([Fp6::ZERO, Fp6::ZERO])
+    ONE = Fp12.new([Fp6::ONE, Fp6::ZERO])
     FROBENIUS_COEFFICIENTS = [
-      Fq2.new([
+      Fp2.new([
                 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001,
                 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
               ]),
-      Fq2.new([
+      Fp2.new([
                 0x1904d3bf02bb0667c231beb4202c0d1f0fd603fd3cbd5f4f7b2443d784bab9c4f67ea53d63e7813d8d0775ed92235fb8,
                 0x00fc3e2b36c4e03288e9e902231f9fb854a14787b6c7b36fec0c8ec971f63c5f282d5ac14d6c7ec22cf78a126ddc4af3
               ]),
-      Fq2.new([
+      Fp2.new([
                 0x00000000000000005f19672fdf76ce51ba69c6076a0f77eaddb3a93be6f89688de17d813620a00022e01fffffffeffff,
                 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
               ]),
-      Fq2.new([
+      Fp2.new([
                 0x135203e60180a68ee2e9c448d77a2cd91c3dedd930b1cf60ef396489f61eb45e304466cf3e67fa0af1ee7b04121bdea2,
                 0x06af0e0437ff400b6831e36d6bd17ffe48395dabc2d3435e77f76e17009241c5ee67992f72ec05f4c81084fbede3cc09
               ]),
-      Fq2.new([
+      Fp2.new([
                 0x00000000000000005f19672fdf76ce51ba69c6076a0f77eaddb3a93be6f89688de17d813620a00022e01fffffffefffe,
                 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
               ]),
-      Fq2.new([
+      Fp2.new([
                 0x144e4211384586c16bd3ad4afa99cc9170df3560e77982d0db45f3536814f0bd5871c1908bd478cd1ee605167ff82995,
                 0x05b2cfd9013a5fd8df47fa6b48b1e045f39816240c0b8fee8beadf4d8e9c0566c63a3e6e257f87329b18fae980078116
               ]),
-      Fq2.new([
+      Fp2.new([
                 0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaaaa,
                 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
               ]),
-      Fq2.new([
+      Fp2.new([
                 0x00fc3e2b36c4e03288e9e902231f9fb854a14787b6c7b36fec0c8ec971f63c5f282d5ac14d6c7ec22cf78a126ddc4af3,
                 0x1904d3bf02bb0667c231beb4202c0d1f0fd603fd3cbd5f4f7b2443d784bab9c4f67ea53d63e7813d8d0775ed92235fb8
               ]),
-      Fq2.new([
+      Fp2.new([
                 0x1a0111ea397fe699ec02408663d4de85aa0d857d89759ad4897d29650fb85f9b409427eb4f49fffd8bfd00000000aaac,
                 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
               ]),
-      Fq2.new([
+      Fp2.new([
                 0x06af0e0437ff400b6831e36d6bd17ffe48395dabc2d3435e77f76e17009241c5ee67992f72ec05f4c81084fbede3cc09,
                 0x135203e60180a68ee2e9c448d77a2cd91c3dedd930b1cf60ef396489f61eb45e304466cf3e67fa0af1ee7b04121bdea2
               ]),
-      Fq2.new([
+      Fp2.new([
                 0x1a0111ea397fe699ec02408663d4de85aa0d857d89759ad4897d29650fb85f9b409427eb4f49fffd8bfd00000000aaad,
                 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
               ]),
-      Fq2.new([
+      Fp2.new([
                 0x05b2cfd9013a5fd8df47fa6b48b1e045f39816240c0b8fee8beadf4d8e9c0566c63a3e6e257f87329b18fae980078116,
                 0x144e4211384586c16bd3ad4afa99cc9170df3560e77982d0db45f3536814f0bd5871c1908bd478cd1ee605167ff82995
               ])
     ].freeze
     def multiply(other)
-      return Fq12.new([coeffs[0] * other, coeffs[1] * other]) if other.is_a?(Integer)
+      return Fp12.new([coeffs[0] * other, coeffs[1] * other]) if other.is_a?(Integer)
       c0, c1 = coeffs
       r0, r1 = other.coeffs
       t1 = c0 * r0
       t2 = c1 * r1
-      Fq12.new([t1 + t2.mul_by_non_residue, (c0 + c1) * (r0 + r1) - (t1 + t2)])
+      Fp12.new([t1 + t2.mul_by_non_residue, (c0 + c1) * (r0 + r1) - (t1 + t2)])
     end
     alias * multiply
@@ -497,35 +524,35 @@ module BLS
       c0, c1 = coeffs
       t0 = c0.multiply_by_01(o0, o1)
       t1 = c1.multiply_by_1(o4)
-      Fq12.new([t1.mul_by_non_residue + t0, (c1 + c0).multiply_by_01(o0, o1 + o4) - t0 - t1])
+      Fp12.new([t1.mul_by_non_residue + t0, (c1 + c0).multiply_by_01(o0, o1 + o4) - t0 - t1])
     end
-    def multiply_by_fq2(other)
-      Fq12.new(coeffs.map{ |c| c.multiply_by_fq2(other) })
+    def multiply_by_fp2(other)
+      Fp12.new(coeffs.map{ |c| c.multiply_by_fp2(other) })
     end
     def square
       c0, c1 = coeffs
       ab = c0 * c1
-      Fq12.new([(c1.mul_by_non_residue + c0) * (c0 + c1) - ab - ab.mul_by_non_residue, ab + ab])
+      Fp12.new([(c1.mul_by_non_residue + c0) * (c0 + c1) - ab - ab.mul_by_non_residue, ab + ab])
     end
     def invert
       c0, c1 = coeffs
       t = (c0.square - c1.square.mul_by_non_residue).invert
-      Fq12.new([c0 * t, (c1 * t).negate])
+      Fp12.new([c0 * t, (c1 * t).negate])
     end
     def frobenius_map(power)
       c0, c1 = coeffs
       r0 = c0.frobenius_map(power)
       c1_0, c1_1, c1_2 = c1.frobenius_map(power).coeffs
-      Fq12.new([
+      Fp12.new([
                  r0,
-                 Fq6.new([
-                           c1_0 * Fq12::FROBENIUS_COEFFICIENTS[power % 12],
-                           c1_1 * Fq12::FROBENIUS_COEFFICIENTS[power % 12],
-                           c1_2 * Fq12::FROBENIUS_COEFFICIENTS[power % 12]])])
+                 Fp6.new([
+                           c1_0 * Fp12::FROBENIUS_COEFFICIENTS[power % 12],
+                           c1_1 * Fp12::FROBENIUS_COEFFICIENTS[power % 12],
+                           c1_2 * Fp12::FROBENIUS_COEFFICIENTS[power % 12]])])
     end
     def final_exponentiate
@@ -544,17 +571,17 @@ module BLS
       c0, c1 = coeffs
       c0c0, c0c1, c0c2 = c0.coeffs
       c1c0, c1c1, c1c2 = c1.coeffs
-      t3, t4 = fq4_square(c0c0, c1c1)
-      t5, t6 = fq4_square(c1c0, c0c2)
-      t7, t8 = fq4_square(c0c1, c1c2)
+      t3, t4 = fp4_square(c0c0, c1c1)
+      t5, t6 = fp4_square(c1c0, c0c2)
+      t7, t8 = fp4_square(c0c1, c1c2)
       t9 = t8.mul_by_non_residue
-      Fq12.new([
-                 Fq6.new([(t3 - c0c0) * 2 + t3, (t5 - c0c1) * 2 + t5, (t7 - c0c2) * 2 + t7]),
-                 Fq6.new([(t9 + c1c0) * 2 + t9, (t4 + c1c1) * 2 + t4, (t6 + c1c2) * 2 + t6])])
+      Fp12.new([
+                 Fp6.new([(t3 - c0c0) * 2 + t3, (t5 - c0c1) * 2 + t5, (t7 - c0c2) * 2 + t7]),
+                 Fp6.new([(t9 + c1c0) * 2 + t9, (t4 + c1c1) * 2 + t4, (t6 + c1c2) * 2 + t6])])
     end
     def cyclotomic_exp(n)
-      z = Fq12::ONE
+      z = Fp12::ONE
       i = BLS_X_LEN - 1
       while i >= 0
         z = z.cyclotomic_square
@@ -566,10 +593,10 @@ module BLS
     private
-    # @param [Fq2] a
-    # @param [Fq2] b
+    # @param [Fp2] a
+    # @param [Fp2] b
     # @return [Array]
-    def fq4_square(a, b)
+    def fp4_square(a, b)
       a2 = a.square
       b2 = b.square
       [b2.mul_by_non_residue + a2, (a + b).square - a2 - b2]
@@ -577,10 +604,10 @@ module BLS
   end
-  UT_ROOT = BLS::Fq6.new([BLS::Fq2::ZERO, BLS::Fq2::ONE, BLS::Fq2::ZERO])
-  WSQ = BLS::Fq12.new([UT_ROOT, BLS::Fq6::ZERO])
+  UT_ROOT = BLS::Fp6.new([BLS::Fp2::ZERO, BLS::Fp2::ONE, BLS::Fp2::ZERO])
+  WSQ = BLS::Fp12.new([UT_ROOT, BLS::Fp6::ZERO])
   WSQ_INV = WSQ.invert
-  WCU = BLS::Fq12.new([BLS::Fq6::ZERO, UT_ROOT])
+  WCU = BLS::Fp12.new([BLS::Fp6::ZERO, UT_ROOT])
   WCU_INV = WCU.invert
   # 1 / F2(2)^((p - 1) / 3) in GF(p^2)
   PSI2_C1 = 0x1a0111ea397fe699ec02408663d4de85aa0d857d89759ad4897d29650fb85f9b409427eb4f49fffd8bfd00000000aaac
@@ -589,54 +616,54 @@ module BLS
   P_MINUS_9_DIV_16 = (Curve::P**2 - 9) / 16
   XNUM = [
-    Fq2.new([
+    Fp2.new([
               0x5c759507e8e333ebb5b7a9a47d7ed8532c52d39fd3a042a88b58423c50ae15d5c2638e343d9c71c6238aaaaaaaa97d6,
               0x5c759507e8e333ebb5b7a9a47d7ed8532c52d39fd3a042a88b58423c50ae15d5c2638e343d9c71c6238aaaaaaaa97d6]),
-    Fq2.new([
+    Fp2.new([
               0x0,
               0x11560bf17baa99bc32126fced787c88f984f87adf7ae0c7f9a208c6b4f20a4181472aaa9cb8d555526a9ffffffffc71a]),
-    Fq2.new([
+    Fp2.new([
               0x11560bf17baa99bc32126fced787c88f984f87adf7ae0c7f9a208c6b4f20a4181472aaa9cb8d555526a9ffffffffc71e,
               0x8ab05f8bdd54cde190937e76bc3e447cc27c3d6fbd7063fcd104635a790520c0a395554e5c6aaaa9354ffffffffe38d]),
-    Fq2.new([
+    Fp2.new([
               0x171d6541fa38ccfaed6dea691f5fb614cb14b4e7f4e810aa22d6108f142b85757098e38d0f671c7188e2aaaaaaaa5ed1,
               0x0])
   ].freeze
   XDEN = [
-    Fq2.new([
+    Fp2.new([
               0x0,
               0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaa63]),
-    Fq2.new([
+    Fp2.new([
               0xc,
               0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaa9f]),
-    Fq2::ONE,
-    Fq2::ZERO
+    Fp2::ONE,
+    Fp2::ZERO
   ].freeze
   YNUM = [
-    Fq2.new([
+    Fp2.new([
               0x1530477c7ab4113b59a4c18b076d11930f7da5d4a07f649bf54439d87d27e500fc8c25ebf8c92f6812cfc71c71c6d706,
               0x1530477c7ab4113b59a4c18b076d11930f7da5d4a07f649bf54439d87d27e500fc8c25ebf8c92f6812cfc71c71c6d706]),
-    Fq2.new([
+    Fp2.new([
               0x0,
               0x5c759507e8e333ebb5b7a9a47d7ed8532c52d39fd3a042a88b58423c50ae15d5c2638e343d9c71c6238aaaaaaaa97be]),
-    Fq2.new([
+    Fp2.new([
               0x11560bf17baa99bc32126fced787c88f984f87adf7ae0c7f9a208c6b4f20a4181472aaa9cb8d555526a9ffffffffc71c,
               0x8ab05f8bdd54cde190937e76bc3e447cc27c3d6fbd7063fcd104635a790520c0a395554e5c6aaaa9354ffffffffe38f]),
-    Fq2.new([
+    Fp2.new([
               0x124c9ad43b6cf79bfbf7043de3811ad0761b0f37a1e26286b0e977c69aa274524e79097a56dc4bd9e1b371c71c718b10,
               0x0])
   ].freeze
   YDEN = [
-    Fq2.new([
+    Fp2.new([
               0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffa8fb,
               0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffa8fb]),
-    Fq2.new([
+    Fp2.new([
               0x0,
               0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffa9d3]),
-    Fq2.new([
+    Fp2.new([
               0x12,
               0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaa99]),
-    Fq2.new([0x1, 0x0])
+    Fp2.new([0x1, 0x0])
   ].freeze
   ISOGENY_COEFFICIENTS = [XNUM, XDEN, YNUM, YDEN]
@@ -644,8 +671,8 @@ module BLS
   module_function
   def psi(x, y)
-    x2 = WSQ_INV.multiply_by_fq2(x).frobenius_map(1).multiply(WSQ).coeffs[0].coeffs[0]
-    y2 = WCU_INV.multiply_by_fq2(y).frobenius_map(1).multiply(WCU).coeffs[0].coeffs[0]
+    x2 = WSQ_INV.multiply_by_fp2(x).frobenius_map(1).multiply(WSQ).coeffs[0].coeffs[0]
+    y2 = WCU_INV.multiply_by_fp2(y).frobenius_map(1).multiply(WCU).coeffs[0].coeffs[0]
     [x2, y2]
   end
@@ -654,7 +681,7 @@ module BLS
   end
   def miller_loop(ell, g1)
-    f12 = Fq12::ONE
+    f12 = Fp12::ONE
     p_x, p_y = g1
     i = BLS_X_LEN - 2
     j = 0
@@ -681,13 +708,13 @@ module BLS
     sign_0 || (zero_0 && sign_1)
   end
-  def sqrt_div_fq2(u, v)
+  def sqrt_div_fp2(u, v)
     uv7 = u * v**7
     uv15 = uv7 * v**8
     gamma = uv15**P_MINUS_9_DIV_16 * uv7
     success = false
     result = gamma
-    positive_roots_of_unity = Fq2::ROOTS_OF_UNITY[0...4]
+    positive_roots_of_unity = Fp2::ROOTS_OF_UNITY[0...4]
     positive_roots_of_unity.each do |root|
       candidate = root * gamma
       if (candidate**2 * v - u).zero? && !success