arnaucube/ark-curves-cherry-picked
1
0
Fork 0
mirror of https://github.com/arnaucube/ark-curves-cherry-picked.git synced 2026-01-08 23:11:29 +01:00
Code Issues Projects Releases Wiki Activity

Upgrade to work with latest ark-ff (#95)

Browse Source 
Co-authored-by: Sun <huachuang20@gmail.com>
This commit is contained in:
Pratyush Mishra
2022-03-07 13:12:03 -08:00
committed by GitHub
parent d0dc200f22
commit 1551d6d76c
231 changed files with 2830 additions and 4343 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
bls12_377/scripts/base_field.sage Normal file
View File

@@ -0,0 +1,28 @@
modulus = 258664426012969094010652733694893533536393512754914660539884262666720468348340822774968888139573360124440321458177
assert(modulus.is_prime())
Fp = GF(modulus)
generator = Fp(0);
for i in range(0, 20):
i = Fp(i);
neg_i = Fp(-i)
if not(i.is_primitive_root() or neg_i.is_primitive_root()):
continue
elif i.is_primitive_root():
assert(i.is_primitive_root());
print("Generator: %d" % i)
generator = i
break
else:
assert(neg_i.is_primitive_root());
print("Generator: %d" % neg_i)
generator = neg_i
break
two_adicity = valuation(modulus - 1, 2);
trace = (modulus - 1) / 2**two_adicity;
two_adic_root_of_unity = generator^trace
print("2-adic Root of Unity: %d " % two_adic_root_of_unity)

28
bls12_377/scripts/scalar_field.sage Normal file
View File

@@ -0,0 +1,28 @@
modulus = 8444461749428370424248824938781546531375899335154063827935233455917409239041
assert(modulus.is_prime())
Fp = GF(modulus)
generator = Fp(0);
for i in range(0, 30):
i = Fp(i);
neg_i = Fp(-i)
if not(i.is_primitive_root() or neg_i.is_primitive_root()):
continue
elif i.is_primitive_root():
assert(i.is_primitive_root());
print("Generator: %d" % i)
generator = i
break
else:
assert(neg_i.is_primitive_root());
print("Generator: %d" % neg_i)
generator = neg_i
break
two_adicity = valuation(modulus - 1, 2);
trace = (modulus - 1) / 2**two_adicity;
two_adic_root_of_unity = generator^trace
print("2-adic Root of Unity: %d " % two_adic_root_of_unity)

6
bls12_377/src/constraints/curves.rs
View File

@@ -1,11 +1,11 @@
use crate::Parameters;
use ark_ec::bls12::Bls12Parameters;
use ark_ec::ModelParameters;
use ark_ec::{bls12::Bls12Parameters, ModelParameters};
use ark_r1cs_std::{
fields::fp::FpVar,
groups::{bls12, curves::twisted_edwards::AffineVar as TEAffineVar},
};
use crate::Parameters;
/// An element of G1 in the BLS12-377 bilinear group.
pub type G1Var = bls12::G1Var<Parameters>;
/// An element of G2 in the BLS12-377 bilinear group.

10
bls12_377/src/constraints/fields.rs
View File

@@ -1,16 +1,16 @@
use crate::{Fq, Fq12Parameters, Fq2Parameters, Fq6Parameters};
use ark_r1cs_std::fields::{fp::FpVar, fp12::Fp12Var, fp2::Fp2Var, fp6_3over2::Fp6Var};
use crate::{Fq, Fq12Config, Fq2Config, Fq6Config};
/// A variable that is the R1CS equivalent of `crate::Fq`.
pub type FqVar = FpVar<Fq>;
/// A variable that is the R1CS equivalent of `crate::Fq2`.
pub type Fq2Var = Fp2Var<Fq2Parameters>;
pub type Fq2Var = Fp2Var<Fq2Config>;
/// A variable that is the R1CS equivalent of `crate::Fq6`.
pub type Fq6Var = Fp6Var<Fq6Parameters>;
pub type Fq6Var = Fp6Var<Fq6Config>;
/// A variable that is the R1CS equivalent of `crate::Fq12`.
pub type Fq12Var = Fp12Var<Fq12Parameters>;
pub type Fq12Var = Fp12Var<Fq12Config>;
#[test]
fn bls12_377_field_test() {

3
bls12_377/src/constraints/pairing.rs
View File

@@ -1,6 +1,7 @@
use crate::Parameters;
/// Specifies the constraints for computing a pairing in the BLS12-377 bilinear group.
/// Specifies the constraints for computing a pairing in the BLS12-377 bilinear
/// group.
pub type PairingVar = ark_r1cs_std::pairing::bls12::PairingVar<Parameters>;
#[test]

40
bls12_377/src/curves/g1.rs
View File

@@ -4,7 +4,7 @@ use ark_ec::models::{
},
ModelParameters, MontgomeryModelParameters, SWModelParameters, TEModelParameters,
};
use ark_ff::{field_new, Zero};
use ark_ff::{MontFp, Zero};
use core::ops::Neg;
use crate::{
@@ -24,8 +24,10 @@ impl ModelParameters for Parameters {
/// COFACTOR_INV = COFACTOR^{-1} mod r
/// = 5285428838741532253824584287042945485047145357130994810877
#[rustfmt::skip]
const COFACTOR_INV: Fr = field_new!(Fr, "5285428838741532253824584287042945485047145357130994810877");
const COFACTOR_INV: Fr = MontFp!(
Fr,
"5285428838741532253824584287042945485047145357130994810877"
);
}
impl SWModelParameters for Parameters {
@@ -33,7 +35,6 @@ impl SWModelParameters for Parameters {
const COEFF_A: Fq = FQ_ZERO;
/// COEFF_B = 1
#[rustfmt::skip]
const COEFF_B: Fq = FQ_ONE;
/// AFFINE_GENERATOR_COEFFS = (G1_GENERATOR_X, G1_GENERATOR_Y)
@@ -54,7 +55,6 @@ pub type G1TEProjective = TEGroupProjective<Parameters>;
/// 1. SW -> Montgomery -> TE1 transformation: <https://en.wikipedia.org/wiki/Montgomery_curve>
/// 2. TE1 -> TE2 normalization (enforcing `a = -1`)
/// ``` sage
///
/// # modulus
/// p = 0x1ae3a4617c510eac63b05c06ca1493b1a22d9f300f5138f1ef3622fba094800170b5d44300000008508c00000000001
/// Fp = Zmod(p)
@@ -96,15 +96,13 @@ pub type G1TEProjective = TEGroupProjective<Parameters>;
/// TE2a = Fp(-1)
/// # b = -TE1d/TE1a
/// TE2d = Fp(122268283598675559488486339158635529096981886914877139579534153582033676785385790730042363341236035746924960903179)
///
/// ```
impl TEModelParameters for Parameters {
/// COEFF_A = -1
const COEFF_A: Fq = field_new!(Fq, "-1");
const COEFF_A: Fq = MontFp!(Fq, "-1");
/// COEFF_D = 122268283598675559488486339158635529096981886914877139579534153582033676785385790730042363341236035746924960903179 mod q
#[rustfmt::skip]
const COEFF_D: Fq = field_new!(Fq, "122268283598675559488486339158635529096981886914877139579534153582033676785385790730042363341236035746924960903179");
const COEFF_D: Fq = MontFp!(Fq, "122268283598675559488486339158635529096981886914877139579534153582033676785385790730042363341236035746924960903179");
/// AFFINE_GENERATOR_COEFFS = (GENERATOR_X, GENERATOR_Y)
const AFFINE_GENERATOR_COEFFS: (Self::BaseField, Self::BaseField) =
@@ -124,7 +122,6 @@ impl TEModelParameters for Parameters {
// It can be obtained via the following script, implementing
// SW -> Montgomery transformation: <https://en.wikipedia.org/wiki/Montgomery_curve>
// ``` sage
//
// # modulus
// p=0x1ae3a4617c510eac63b05c06ca1493b1a22d9f300f5138f1ef3622fba094800170b5d44300000008508c00000000001
// Fp=Zmod(p)
@@ -151,28 +148,25 @@ impl TEModelParameters for Parameters {
// ```
impl MontgomeryModelParameters for Parameters {
/// COEFF_A = 228097355113300204138531148905234651262148041026195375645000724271212049151994375092458297304264351187709081232384
#[rustfmt::skip]
const COEFF_A: Fq = field_new!(Fq, "228097355113300204138531148905234651262148041026195375645000724271212049151994375092458297304264351187709081232384");
const COEFF_A: Fq = MontFp!(Fq, "228097355113300204138531148905234651262148041026195375645000724271212049151994375092458297304264351187709081232384");
/// COEFF_B = 10189023633222963290707194929886294091415157242906428298294512798502806398782149227503530278436336312243746741931
#[rustfmt::skip]
const COEFF_B: Fq = field_new!(Fq, "10189023633222963290707194929886294091415157242906428298294512798502806398782149227503530278436336312243746741931");
const COEFF_B: Fq = MontFp!(Fq, "10189023633222963290707194929886294091415157242906428298294512798502806398782149227503530278436336312243746741931");
type TEModelParameters = Parameters;
}
/// G1_GENERATOR_X =
/// 81937999373150964239938255573465948239988671502647976594219695644855304257327692006745978603320413799295628339695
#[rustfmt::skip]
pub const G1_GENERATOR_X: Fq = field_new!(Fq, "81937999373150964239938255573465948239988671502647976594219695644855304257327692006745978603320413799295628339695");
pub const G1_GENERATOR_X: Fq = MontFp!(Fq, "81937999373150964239938255573465948239988671502647976594219695644855304257327692006745978603320413799295628339695");
/// G1_GENERATOR_Y =
/// 241266749859715473739788878240585681733927191168601896383759122102112907357779751001206799952863815012735208165030
#[rustfmt::skip]
pub const G1_GENERATOR_Y: Fq = field_new!(Fq, "241266749859715473739788878240585681733927191168601896383759122102112907357779751001206799952863815012735208165030");
pub const G1_GENERATOR_Y: Fq = MontFp!(Fq, "241266749859715473739788878240585681733927191168601896383759122102112907357779751001206799952863815012735208165030");
// The generator for twisted Edward form is the same SW generator converted into the normalized TE form (TE2).
// ``` sage
// The generator for twisted Edward form is the same SW generator converted into
// the normalized TE form (TE2).
//``` sage
// # following scripts in previous section
// #####################################################
// # Weierstrass curve generator
@@ -216,10 +210,8 @@ pub const G1_GENERATOR_Y: Fq = field_new!(Fq, "241266749859715473739788878240585
// ```
/// TE_GENERATOR_X =
/// 71222569531709137229370268896323705690285216175189308202338047559628438110820800641278662592954630774340654489393
#[rustfmt::skip]
pub const TE_GENERATOR_X: Fq = field_new!(Fq, "71222569531709137229370268896323705690285216175189308202338047559628438110820800641278662592954630774340654489393");
pub const TE_GENERATOR_X: Fq = MontFp!(Fq, "71222569531709137229370268896323705690285216175189308202338047559628438110820800641278662592954630774340654489393");
/// TE_GENERATOR_Y =
/// 6177051365529633638563236407038680211609544222665285371549726196884440490905471891908272386851767077598415378235
#[rustfmt::skip]
pub const TE_GENERATOR_Y: Fq = field_new!(Fq, "6177051365529633638563236407038680211609544222665285371549726196884440490905471891908272386851767077598415378235");
pub const TE_GENERATOR_Y: Fq = MontFp!(Fq, "6177051365529633638563236407038680211609544222665285371549726196884440490905471891908272386851767077598415378235");

37
bls12_377/src/curves/g2.rs
View File

@@ -1,5 +1,5 @@
use ark_ec::models::{ModelParameters, SWModelParameters};
use ark_ff::{field_new, Zero};
use ark_ff::{MontFp, QuadExt, Zero};
use crate::{fields::FQ_ZERO, g1, Fq, Fq2, Fr};
@@ -26,17 +26,15 @@ impl ModelParameters for Parameters {
/// COFACTOR_INV = COFACTOR^{-1} mod r
/// = 6764900296503390671038341982857278410319949526107311149686707033187604810669
#[rustfmt::skip]
const COFACTOR_INV: Fr = field_new!(Fr, "6764900296503390671038341982857278410319949526107311149686707033187604810669");
const COFACTOR_INV: Fr = MontFp!(
Fr,
"6764900296503390671038341982857278410319949526107311149686707033187604810669"
);
}
impl SWModelParameters for Parameters {
/// COEFF_A = [0, 0]
#[rustfmt::skip]
const COEFF_A: Fq2 = field_new!(Fq2,
g1::Parameters::COEFF_A,
g1::Parameters::COEFF_A,
);
const COEFF_A: Fq2 = QuadExt!(g1::Parameters::COEFF_A, g1::Parameters::COEFF_A,);
// As per https://eprint.iacr.org/2012/072.pdf,
// this curve has b' = b/i, where b is the COEFF_B of G1, and x^6 -i is
@@ -44,10 +42,9 @@ impl SWModelParameters for Parameters {
// In our case, i = u (App A.3, T_6).
/// COEFF_B = [0,
/// 155198655607781456406391640216936120121836107652948796323930557600032281009004493664981332883744016074664192874906]
#[rustfmt::skip]
const COEFF_B: Fq2 = field_new!(Fq2,
const COEFF_B: Fq2 = QuadExt!(
FQ_ZERO,
field_new!(Fq, "155198655607781456406391640216936120121836107652948796323930557600032281009004493664981332883744016074664192874906"),
MontFp!(Fq, "155198655607781456406391640216936120121836107652948796323930557600032281009004493664981332883744016074664192874906"),
);
/// AFFINE_GENERATOR_COEFFS = (G2_GENERATOR_X, G2_GENERATOR_Y)
@@ -60,27 +57,21 @@ impl SWModelParameters for Parameters {
}
}
#[rustfmt::skip]
pub const G2_GENERATOR_X: Fq2 = field_new!(Fq2, G2_GENERATOR_X_C0, G2_GENERATOR_X_C1);
#[rustfmt::skip]
pub const G2_GENERATOR_Y: Fq2 = field_new!(Fq2, G2_GENERATOR_Y_C0, G2_GENERATOR_Y_C1);
pub const G2_GENERATOR_X: Fq2 = QuadExt!(G2_GENERATOR_X_C0, G2_GENERATOR_X_C1);
pub const G2_GENERATOR_Y: Fq2 = QuadExt!(G2_GENERATOR_Y_C0, G2_GENERATOR_Y_C1);
/// G2_GENERATOR_X_C0 =
/// 233578398248691099356572568220835526895379068987715365179118596935057653620464273615301663571204657964920925606294
#[rustfmt::skip]
pub const G2_GENERATOR_X_C0: Fq = field_new!(Fq, "233578398248691099356572568220835526895379068987715365179118596935057653620464273615301663571204657964920925606294");
pub const G2_GENERATOR_X_C0: Fq = MontFp!(Fq, "233578398248691099356572568220835526895379068987715365179118596935057653620464273615301663571204657964920925606294");
/// G2_GENERATOR_X_C1 =
/// 140913150380207355837477652521042157274541796891053068589147167627541651775299824604154852141315666357241556069118
#[rustfmt::skip]
pub const G2_GENERATOR_X_C1: Fq = field_new!(Fq, "140913150380207355837477652521042157274541796891053068589147167627541651775299824604154852141315666357241556069118");
pub const G2_GENERATOR_X_C1: Fq = MontFp!(Fq, "140913150380207355837477652521042157274541796891053068589147167627541651775299824604154852141315666357241556069118");
/// G2_GENERATOR_Y_C0 =
/// 63160294768292073209381361943935198908131692476676907196754037919244929611450776219210369229519898517858833747423
#[rustfmt::skip]
pub const G2_GENERATOR_Y_C0: Fq = field_new!(Fq, "63160294768292073209381361943935198908131692476676907196754037919244929611450776219210369229519898517858833747423");
pub const G2_GENERATOR_Y_C0: Fq = MontFp!(Fq, "63160294768292073209381361943935198908131692476676907196754037919244929611450776219210369229519898517858833747423");
/// G2_GENERATOR_Y_C1 =
/// 149157405641012693445398062341192467754805999074082136895788947234480009303640899064710353187729182149407503257491
#[rustfmt::skip]
pub const G2_GENERATOR_Y_C1: Fq = field_new!(Fq, "149157405641012693445398062341192467754805999074082136895788947234480009303640899064710353187729182149407503257491");
pub const G2_GENERATOR_Y_C1: Fq = MontFp!(Fq, "149157405641012693445398062341192467754805999074082136895788947234480009303640899064710353187729182149407503257491");

9
bls12_377/src/curves/mod.rs
View File

@@ -1,9 +1,10 @@
use crate::*;
use ark_ec::{
bls12,
bls12::{Bls12, Bls12Parameters, TwistType},
};
use crate::*;
pub mod g1;
pub mod g2;
@@ -18,9 +19,9 @@ impl Bls12Parameters for Parameters {
const X_IS_NEGATIVE: bool = false;
const TWIST_TYPE: TwistType = TwistType::D;
type Fp = Fq;
type Fp2Params = Fq2Parameters;
type Fp6Params = Fq6Parameters;
type Fp12Params = Fq12Parameters;
type Fp2Config = Fq2Config;
type Fp6Config = Fq6Config;
type Fp12Config = Fq12Config;
type G1Parameters = g1::Parameters;
type G2Parameters = g2::Parameters;
}

28
bls12_377/src/curves/tests.rs Normal file → Executable file
View File

@@ -1,26 +1,20 @@
#![allow(unused_imports)]
use crate::{
g1, g2, Bls12_377, Fq, Fq12, Fq2, Fr, G1Affine, G1Projective, G1TEProjective, G2Affine,
G2Projective,
};
use ark_ec::{
models::SWModelParameters, short_weierstrass_jacobian, AffineCurve, PairingEngine,
ProjectiveCurve,
};
use ark_ff::{
fields::{Field, FpParameters, PrimeField, SquareRootField},
One, Zero,
};
use ark_serialize::CanonicalSerialize;
use ark_std::{rand::Rng, test_rng};
use core::ops::{AddAssign, MulAssign};
use ark_algebra_test_templates::{
curves::{curve_tests, edwards_tests, sw_tests},
generate_bilinearity_test, generate_g1_generator_raw_test, generate_g1_test, generate_g2_test,
groups::group_test,
msm::test_var_base_msm,
};
use ark_ec::{models::SWModelParameters, AffineCurve, PairingEngine};
use ark_ff::{
fields::{Field, PrimeField, SquareRootField},
One, Zero,
};
use ark_std::{rand::Rng, test_rng};
use core::ops::{AddAssign, MulAssign};
use crate::{
g1, g2, Bls12_377, Fq, Fq12, Fr, G1Affine, G1Projective, G1TEProjective, G2Affine, G2Projective,
};
generate_g1_test!(bls12_377; curve_tests; sw_tests; edwards_tests; te_group_tests;);
generate_g2_test!(bls12_377; curve_tests; sw_tests;);

127
bls12_377/src/fields/fq.rs
View File

@@ -1,121 +1,10 @@
use ark_ff::{
biginteger::{BigInt, BigInteger384 as BigInteger},
fields::*,
};
use ark_ff::fields::{Fp384, MontBackend, MontConfig, MontFp};
pub type Fq = Fp384<FqParameters>;
#[derive(MontConfig)]
#[modulus = "258664426012969094010652733694893533536393512754914660539884262666720468348340822774968888139573360124440321458177"]
#[generator = "15"]
pub struct FqConfig;
pub type Fq = Fp384<MontBackend<FqConfig, 6>>;
pub struct FqParameters;
impl Fp384Parameters for FqParameters {}
impl FftParameters for FqParameters {
type BigInt = BigInteger;
const TWO_ADICITY: u32 = 46u32;
#[rustfmt::skip]
const TWO_ADIC_ROOT_OF_UNITY: BigInteger = BigInt::new([
2022196864061697551u64,
17419102863309525423u64,
8564289679875062096u64,
17152078065055548215u64,
17966377291017729567u64,
68610905582439508u64,
]);
}
impl FpParameters for FqParameters {
/// MODULUS = 258664426012969094010652733694893533536393512754914660539884262666720468348340822774968888139573360124440321458177
#[rustfmt::skip]
const MODULUS: BigInteger = BigInt::new([
0x8508c00000000001,
0x170b5d4430000000,
0x1ef3622fba094800,
0x1a22d9f300f5138f,
0xc63b05c06ca1493b,
0x1ae3a4617c510ea,
]);
const MODULUS_BITS: u32 = 377;
const CAPACITY: u32 = Self::MODULUS_BITS - 1;
const REPR_SHAVE_BITS: u32 = 7;
/// R = 85013442423176922659824578519796707547925331718418265885885478904210582549405549618995257669764901891699128663912
#[rustfmt::skip]
const R: BigInteger = BigInt::new([
202099033278250856u64,
5854854902718660529u64,
11492539364873682930u64,
8885205928937022213u64,
5545221690922665192u64,
39800542322357402u64,
]);
#[rustfmt::skip]
const R2: BigInteger = BigInt::new([
0xb786686c9400cd22,
0x329fcaab00431b1,
0x22a5f11162d6b46d,
0xbfdf7d03827dc3ac,
0x837e92f041790bf9,
0x6dfccb1e914b88,
]);
const INV: u64 = 9586122913090633727u64;
/// GENERATOR = -5
/// Encoded in Montgomery form, so the value here is
/// (-5 * R) % q = 92261639910053574722182574790803529333160366917737991650341130812388023949653897454961487930322210790384999596794
#[rustfmt::skip]
const GENERATOR: BigInteger = BigInt::new([
0xfc0b8000000002fa,
0x97d39cf6e000018b,
0x2072420fbfa05044,
0xcbbcbd50d97c3802,
0xbaf1ec35813f9eb,
0x9974a2c0945ad2,
]);
#[rustfmt::skip]
const MODULUS_MINUS_ONE_DIV_TWO: BigInteger = BigInt::new([
0x4284600000000000,
0xb85aea218000000,
0x8f79b117dd04a400,
0x8d116cf9807a89c7,
0x631d82e03650a49d,
0xd71d230be28875,
]);
// T and T_MINUS_ONE_DIV_TWO, where MODULUS - 1 = 2^S * T
// For T coprime to 2
// T = (MODULUS - 1) // 2^S =
// 3675842578061421676390135839012792950148785745837396071634149488243117337281387659330802195819009059
#[rustfmt::skip]
const T: BigInteger = BigInt::new([
0x7510c00000021423,
0x88bee82520005c2d,
0x67cc03d44e3c7bcd,
0x1701b28524ec688b,
0xe9185f1443ab18ec,
0x6b8,
]);
// (T - 1) // 2 =
// 1837921289030710838195067919506396475074392872918698035817074744121558668640693829665401097909504529
#[rustfmt::skip]
const T_MINUS_ONE_DIV_TWO: BigInteger = BigInt::new([
0xba88600000010a11,
0xc45f741290002e16,
0xb3e601ea271e3de6,
0xb80d94292763445,
0x748c2f8a21d58c76,
0x35c,
]);
}
#[allow(dead_code)]
pub const FQ_ONE: Fq = Fq::new(FqParameters::R);
#[allow(dead_code)]
pub const FQ_ZERO: Fq = Fq::new(BigInt::new([0, 0, 0, 0, 0, 0]));
pub const FQ_ONE: Fq = Fq::new(FqConfig::R);
pub const FQ_ZERO: Fq = MontFp!(Fq, "0");

62
bls12_377/src/fields/fq12.rs
View File

@@ -1,73 +1,73 @@
use super::*;
use ark_ff::{field_new, fields::*};
use ark_ff::{fields::*, CubicExt, MontFp, QuadExt};
pub type Fq12 = Fp12<Fq12Parameters>;
use crate::*;
pub type Fq12 = Fp12<Fq12Config>;
#[derive(Clone, Copy)]
pub struct Fq12Parameters;
pub struct Fq12Config;
impl Fp12Parameters for Fq12Parameters {
type Fp6Params = Fq6Parameters;
impl Fp12Config for Fq12Config {
type Fp6Config = Fq6Config;
const NONRESIDUE: Fq6 = field_new!(Fq6, FQ2_ZERO, FQ2_ONE, FQ2_ZERO);
const NONRESIDUE: Fq6 = CubicExt!(FQ2_ZERO, FQ2_ONE, FQ2_ZERO);
#[rustfmt::skip]
const FROBENIUS_COEFF_FP12_C1: &'static [Fq2] = &[
// Fp2::NONRESIDUE^(((q^0) - 1) / 6)
field_new!(Fq2, FQ_ONE, FQ_ZERO),
QuadExt!(FQ_ONE, FQ_ZERO),
// Fp2::NONRESIDUE^(((q^1) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, "92949345220277864758624960506473182677953048909283248980960104381795901929519566951595905490535835115111760994353"),
QuadExt!(
MontFp!(Fq, "92949345220277864758624960506473182677953048909283248980960104381795901929519566951595905490535835115111760994353"),
FQ_ZERO,
),
// Fp2::NONRESIDUE^(((q^2) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, "80949648264912719408558363140637477264845294720710499478137287262712535938301461879813459410946"),
QuadExt!(
MontFp!(Fq, "80949648264912719408558363140637477264845294720710499478137287262712535938301461879813459410946"),
FQ_ZERO,
),
// Fp2::NONRESIDUE^(((q^3) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, "216465761340224619389371505802605247630151569547285782856803747159100223055385581585702401816380679166954762214499"),
QuadExt!(
MontFp!(Fq, "216465761340224619389371505802605247630151569547285782856803747159100223055385581585702401816380679166954762214499"),
FQ_ZERO,
),
// Fp2::NONRESIDUE^(((q^4) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, "80949648264912719408558363140637477264845294720710499478137287262712535938301461879813459410945"),
QuadExt!(
MontFp!(Fq, "80949648264912719408558363140637477264845294720710499478137287262712535938301461879813459410945"),
FQ_ZERO,
),
// Fp2::NONRESIDUE^(((q^5) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, "123516416119946754630746545296132064952198520638002533875843642777304321125866014634106496325844844051843001220146"),
QuadExt!(
MontFp!(Fq, "123516416119946754630746545296132064952198520638002533875843642777304321125866014634106496325844844051843001220146"),
FQ_ZERO,
),
// Fp2::NONRESIDUE^(((q^6) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, "-1"),
QuadExt!(
MontFp!(Fq, "-1"),
FQ_ZERO,
),
// Fp2::NONRESIDUE^(((q^7) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, "165715080792691229252027773188420350858440463845631411558924158284924566418821255823372982649037525009328560463824"),
QuadExt!(
MontFp!(Fq, "165715080792691229252027773188420350858440463845631411558924158284924566418821255823372982649037525009328560463824"),
FQ_ZERO,
),
// Fp2::NONRESIDUE^(((q^8) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, "258664426012969093929703085429980814127835149614277183275038967946009968870203535512256352201271898244626862047231"),
QuadExt!(
MontFp!(Fq, "258664426012969093929703085429980814127835149614277183275038967946009968870203535512256352201271898244626862047231"),
FQ_ZERO,
),
// Fp2::NONRESIDUE^(((q^9) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, "42198664672744474621281227892288285906241943207628877683080515507620245292955241189266486323192680957485559243678"),
QuadExt!(
MontFp!(Fq, "42198664672744474621281227892288285906241943207628877683080515507620245292955241189266486323192680957485559243678"),
FQ_ZERO,
),
// Fp2::NONRESIDUE^(((q^10) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, "258664426012969093929703085429980814127835149614277183275038967946009968870203535512256352201271898244626862047232"),
QuadExt!(
MontFp!(Fq, "258664426012969093929703085429980814127835149614277183275038967946009968870203535512256352201271898244626862047232"),
FQ_ZERO,
),
// Fp2::NONRESIDUE^(((q^11) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, "135148009893022339379906188398761468584194992116912126664040619889416147222474808140862391813728516072597320238031"),
QuadExt!(
MontFp!(Fq, "135148009893022339379906188398761468584194992116912126664040619889416147222474808140862391813728516072597320238031"),
FQ_ZERO,
),
];

24
bls12_377/src/fields/fq2.rs
View File

@@ -1,28 +1,26 @@
use super::*;
use ark_ff::{field_new, fields::*};
use ark_ff::{fields::*, MontFp, QuadExt};
pub type Fq2 = Fp2<Fq2Parameters>;
use crate::*;
pub struct Fq2Parameters;
pub type Fq2 = Fp2<Fq2Config>;
impl Fp2Parameters for Fq2Parameters {
pub struct Fq2Config;
impl Fp2Config for Fq2Config {
type Fp = Fq;
/// NONRESIDUE = -5
#[rustfmt::skip]
const NONRESIDUE: Fq = field_new!(Fq, "-5");
const NONRESIDUE: Fq = MontFp!(Fq, "-5");
/// QUADRATIC_NONRESIDUE = U
#[rustfmt::skip]
const QUADRATIC_NONRESIDUE: (Fq, Fq) = (FQ_ZERO, FQ_ONE);
const QUADRATIC_NONRESIDUE: Fq2 = QuadExt!(FQ_ZERO, FQ_ONE);
/// Coefficients for the Frobenius automorphism.
#[rustfmt::skip]
const FROBENIUS_COEFF_FP2_C1: &'static [Fq] = &[
// NONRESIDUE**(((q^0) - 1) / 2)
FQ_ONE,
// NONRESIDUE**(((q^1) - 1) / 2)
field_new!(Fq, "-1"),
MontFp!(Fq, "-1"),
];
#[inline(always)]
@@ -34,5 +32,5 @@ impl Fp2Parameters for Fq2Parameters {
}
}
pub const FQ2_ZERO: Fq2 = field_new!(Fq2, FQ_ZERO, FQ_ZERO);
pub const FQ2_ONE: Fq2 = field_new!(Fq2, FQ_ONE, FQ_ZERO);
pub const FQ2_ZERO: Fq2 = QuadExt!(FQ_ZERO, FQ_ZERO);
pub const FQ2_ONE: Fq2 = QuadExt!(FQ_ONE, FQ_ZERO);

63
bls12_377/src/fields/fq6.rs
View File

@@ -1,69 +1,68 @@
use super::*;
use ark_ff::{field_new, fields::*};
use ark_ff::{fields::*, MontFp, QuadExt};
pub type Fq6 = Fp6<Fq6Parameters>;
use crate::*;
pub type Fq6 = Fp6<Fq6Config>;
#[derive(Clone, Copy)]
pub struct Fq6Parameters;
pub struct Fq6Config;
impl Fp6Parameters for Fq6Parameters {
type Fp2Params = Fq2Parameters;
impl Fp6Config for Fq6Config {
type Fp2Config = Fq2Config;
/// NONRESIDUE = U
#[rustfmt::skip]
const NONRESIDUE: Fq2 = field_new!(Fq2, FQ_ZERO, FQ_ONE);
const NONRESIDUE: Fq2 = QuadExt!(FQ_ZERO, FQ_ONE);
#[rustfmt::skip]
const FROBENIUS_COEFF_FP6_C1: &'static [Fq2] = &[
// Fp2::NONRESIDUE^(((q^0) - 1) / 3)
field_new!(Fq2, FQ_ONE, FQ_ZERO),
QuadExt!(FQ_ONE, FQ_ZERO),
// Fp2::NONRESIDUE^(((q^1) - 1) / 3)
field_new!(Fq2,
field_new!(Fq, "80949648264912719408558363140637477264845294720710499478137287262712535938301461879813459410946"),
QuadExt!(
MontFp!(Fq, "80949648264912719408558363140637477264845294720710499478137287262712535938301461879813459410946"),
FQ_ZERO,
),
// Fp2::NONRESIDUE^(((q^2) - 1) / 3)
field_new!(Fq2,
field_new!(Fq, "80949648264912719408558363140637477264845294720710499478137287262712535938301461879813459410945"),
QuadExt!(
MontFp!(Fq, "80949648264912719408558363140637477264845294720710499478137287262712535938301461879813459410945"),
FQ_ZERO,
),
// Fp2::NONRESIDUE^(((q^3) - 1) / 3)
field_new!(Fq2, field_new!(Fq, "-1"), FQ_ZERO),
QuadExt!(MontFp!(Fq, "-1"), FQ_ZERO),
// Fp2::NONRESIDUE^(((q^4) - 1) / 3)
field_new!(Fq2,
field_new!(Fq, "258664426012969093929703085429980814127835149614277183275038967946009968870203535512256352201271898244626862047231"),
QuadExt!(
MontFp!(Fq, "258664426012969093929703085429980814127835149614277183275038967946009968870203535512256352201271898244626862047231"),
FQ_ZERO,
),
// Fp2::NONRESIDUE^(((q^5) - 1) / 3)
field_new!(Fq2,
field_new!(Fq, "258664426012969093929703085429980814127835149614277183275038967946009968870203535512256352201271898244626862047232"),
QuadExt!(
MontFp!(Fq, "258664426012969093929703085429980814127835149614277183275038967946009968870203535512256352201271898244626862047232"),
FQ_ZERO,
),
];
#[rustfmt::skip]
const FROBENIUS_COEFF_FP6_C2: &'static [Fq2] = &[
// Fp2::NONRESIDUE^((2*(q^0) - 2) / 3)
field_new!(Fq2, FQ_ONE, FQ_ZERO),
QuadExt!(FQ_ONE, FQ_ZERO),
// Fp2::NONRESIDUE^((2*(q^1) - 2) / 3)
field_new!(Fq2,
field_new!(Fq, "80949648264912719408558363140637477264845294720710499478137287262712535938301461879813459410945"),
QuadExt!(
MontFp!(Fq, "80949648264912719408558363140637477264845294720710499478137287262712535938301461879813459410945"),
FQ_ZERO
),
// Fp2::NONRESIDUE^((2*(q^2) - 2) / 3)
field_new!(Fq2,
field_new!(Fq, "258664426012969093929703085429980814127835149614277183275038967946009968870203535512256352201271898244626862047231"),
QuadExt!(
MontFp!(Fq, "258664426012969093929703085429980814127835149614277183275038967946009968870203535512256352201271898244626862047231"),
FQ_ZERO,
),
// Fp2::NONRESIDUE^((2*(q^3) - 2) / 3)
field_new!(Fq2, FQ_ONE, FQ_ZERO),
QuadExt!(FQ_ONE, FQ_ZERO),
// Fp2::NONRESIDUE^((2*(q^4) - 2) / 3)
field_new!(Fq2,
field_new!(Fq, "80949648264912719408558363140637477264845294720710499478137287262712535938301461879813459410945"),
QuadExt!(
MontFp!(Fq, "80949648264912719408558363140637477264845294720710499478137287262712535938301461879813459410945"),
FQ_ZERO,
),
// Fp2::NONRESIDUE^((2*(q^5) - 2) / 3)
field_new!(Fq2,
field_new!(Fq, "258664426012969093929703085429980814127835149614277183275038967946009968870203535512256352201271898244626862047231"),
QuadExt!(
MontFp!(Fq, "258664426012969093929703085429980814127835149614277183275038967946009968870203535512256352201271898244626862047231"),
FQ_ZERO,
),
];
@@ -71,8 +70,8 @@ impl Fp6Parameters for Fq6Parameters {
#[inline(always)]
fn mul_fp2_by_nonresidue(fe: &Fq2) -> Fq2 {
// Karatsuba multiplication with constant other = u.
let c0 = Fq2Parameters::mul_fp_by_nonresidue(&fe.c1);
let c0 = Fq2Config::mul_fp_by_nonresidue(&fe.c1);
let c1 = fe.c0;
field_new!(Fq2, c0, c1)
QuadExt!(c0, c1)
}
}

108
bls12_377/src/fields/fr.rs
View File

@@ -1,5 +1,4 @@
//! Bls12-377 scalar field.
///
/// Roots of unity computed from modulus and R using this sage code:
///
/// ```ignore
@@ -19,105 +18,10 @@
/// print("Gen: ", into_chunks(g * R % q, 64, 4))
/// print("2-adic gen: ", into_chunks(g2 * R % q, 64, 4))
/// ```
use ark_ff::{
biginteger::{BigInt, BigInteger256 as BigInteger},
fields::*,
};
pub type Fr = Fp256<FrParameters>;
use ark_ff::fields::{Fp256, MontBackend, MontConfig};
pub struct FrParameters;
impl Fp256Parameters for FrParameters {}
impl FftParameters for FrParameters {
type BigInt = BigInteger;
const TWO_ADICITY: u32 = 47;
#[rustfmt::skip]
const TWO_ADIC_ROOT_OF_UNITY: BigInteger = BigInt::new([
12646347781564978760u64,
6783048705277173164u64,
268534165941069093u64,
1121515446318641358u64,
]);
}
impl FpParameters for FrParameters {
/// MODULUS = 8444461749428370424248824938781546531375899335154063827935233455917409239041
#[rustfmt::skip]
const MODULUS: BigInteger = BigInt::new([
725501752471715841u64,
6461107452199829505u64,
6968279316240510977u64,
1345280370688173398u64,
]);
const MODULUS_BITS: u32 = 253;
const CAPACITY: u32 = Self::MODULUS_BITS - 1;
const REPR_SHAVE_BITS: u32 = 3;
/// R = 6014086494747379908336260804527802945383293308637734276299549080986809532403
#[rustfmt::skip]
const R: BigInteger = BigInt::new([
9015221291577245683u64,
8239323489949974514u64,
1646089257421115374u64,
958099254763297437u64,
]);
#[rustfmt::skip]
const R2: BigInteger = BigInt::new([
2726216793283724667u64,
14712177743343147295u64,
12091039717619697043u64,
81024008013859129u64,
]);
const INV: u64 = 725501752471715839u64;
/// GENERATOR = 22
/// Encoded in Montgomery form, so the value is
/// (22 * R) % q =
/// 5642976643016801619665363617888466827793962762719196659561577942948671127251
#[rustfmt::skip]
const GENERATOR: BigInteger = BigInt::new([
2984901390528151251u64,
10561528701063790279u64,
5476750214495080041u64,
898978044469942640u64,
]);
/// (r - 1)/2 =
/// 4222230874714185212124412469390773265687949667577031913967616727958704619520
#[rustfmt::skip]
const MODULUS_MINUS_ONE_DIV_TWO: BigInteger = BigInt::new([
0x8508c00000000000,
0xacd53b7f68000000,
0x305a268f2e1bd800,
0x955b2af4d1652ab,
]);
// T and T_MINUS_ONE_DIV_TWO, where r - 1 = 2^s * t
// For T coprime to 2
/// t = (r - 1) / 2^s =
/// 60001509534603559531609739528203892656505753216962260608619555
#[rustfmt::skip]
const T: BigInteger = BigInt::new([
0xedfda00000021423,
0x9a3cb86f6002b354,
0xcabd34594aacc168,
0x2556,
]);
/// (t - 1) / 2 =
/// 30000754767301779765804869764101946328252876608481130304309777
#[rustfmt::skip]
const T_MINUS_ONE_DIV_TWO: BigInteger = BigInt::new([
0x76fed00000010a11,
0x4d1e5c37b00159aa,
0x655e9a2ca55660b4,
0x12ab,
]);
}
#[derive(MontConfig)]
#[modulus = "8444461749428370424248824938781546531375899335154063827935233455917409239041"]
#[generator = "22"]
pub struct FrConfig;
pub type Fr = Fp256<MontBackend<FrConfig, 4>>;

61
bls12_377/src/fields/tests.rs
View File

@@ -1,9 +1,9 @@
use ark_algebra_test_templates::{
fields::*, generate_field_serialization_test, generate_field_test,
};
use ark_ff::{
biginteger::{BigInt, BigInteger, BigInteger384},
fields::{
fp6_3over2::Fp6Parameters, FftField, FftParameters, Field, Fp2Parameters, FpParameters,
PrimeField, SquareRootField,
},
fields::{FftField, Field, Fp2Config, Fp6Config, PrimeField, SquareRootField},
One, UniformRand, Zero,
};
use ark_serialize::{buffer_bit_byte_size, CanonicalSerialize};
@@ -13,13 +13,9 @@ use core::{
ops::{AddAssign, MulAssign, SubAssign},
};
use crate::{Fq, Fq12, Fq2, Fq2Parameters, Fq6, Fq6Parameters, FqParameters, Fr};
use crate::{Fq, Fq12, Fq2, Fq2Config, Fq6, Fq6Config, FqConfig, Fr, FrConfig};
use ark_algebra_test_templates::{
fields::*, generate_field_serialization_test, generate_field_test,
};
generate_field_test!(bls12_377; fq2; fq6; fq12;);
generate_field_test!(bls12_377; fq2; fq6; fq12; mont(6, 4); );
generate_field_serialization_test!(bls12_377; fq2; fq6; fq12;);
#[test]
@@ -29,14 +25,14 @@ fn test_fq_repr_from() {
#[test]
fn test_fq_repr_is_odd() {
assert!(!BigInteger384::from(0).is_odd());
assert!(BigInteger384::from(0).is_even());
assert!(BigInteger384::from(1).is_odd());
assert!(!BigInteger384::from(1).is_even());
assert!(!BigInteger384::from(324834872).is_odd());
assert!(BigInteger384::from(324834872).is_even());
assert!(BigInteger384::from(324834873).is_odd());
assert!(!BigInteger384::from(324834873).is_even());
assert!(!BigInteger384::from(0u64).is_odd());
assert!(BigInteger384::from(0u64).is_even());
assert!(BigInteger384::from(1u64).is_odd());
assert!(!BigInteger384::from(1u64).is_even());
assert!(!BigInteger384::from(324834872u64).is_odd());
assert!(BigInteger384::from(324834872u64).is_even());
assert!(BigInteger384::from(324834873u64).is_odd());
assert!(!BigInteger384::from(324834873u64).is_even());
}
#[test]
@@ -48,9 +44,9 @@ fn test_fq_repr_is_zero() {
#[test]
fn test_fq_repr_num_bits() {
let mut a = BigInteger384::from(0);
let mut a = BigInteger384::from(0u64);
assert_eq!(0, a.num_bits());
a = BigInteger384::from(1);
a = BigInteger384::from(1u64);
for i in 1..385 {
assert_eq!(i, a.num_bits());
a.mul2();
@@ -60,15 +56,14 @@ fn test_fq_repr_num_bits() {
#[test]
fn test_fq_num_bits() {
assert_eq!(FqParameters::MODULUS_BITS, 377);
assert_eq!(FqParameters::CAPACITY, 376);
assert_eq!(Fq::MODULUS_BIT_SIZE, 377);
}
#[test]
fn test_fq_root_of_unity() {
assert_eq!(FqParameters::TWO_ADICITY, 46);
assert_eq!(Fq::TWO_ADICITY, 46);
assert_eq!(
Fq::multiplicative_generator().pow([
Fq::GENERATOR.pow([
0x7510c00000021423,
0x88bee82520005c2d,
0x67cc03d44e3c7bcd,
@@ -76,20 +71,20 @@ fn test_fq_root_of_unity() {
0xe9185f1443ab18ec,
0x6b8
]),
Fq::two_adic_root_of_unity()
Fq::TWO_ADIC_ROOT_OF_UNITY
);
assert_eq!(
Fq::two_adic_root_of_unity().pow([1 << FqParameters::TWO_ADICITY]),
Fq::TWO_ADIC_ROOT_OF_UNITY.pow([1 << Fq::TWO_ADICITY]),
Fq::one()
);
assert!(Fq::multiplicative_generator().sqrt().is_none());
assert!(Fq::GENERATOR.sqrt().is_none());
}
#[test]
fn test_fq_ordering() {
// BigInteger384's ordering is well-tested, but we still need to make sure the
// Fq elements aren't being compared in Montgomery form.
for i in 0..100 {
for i in 0..100u64 {
assert!(Fq::from(BigInteger384::from(i + 1)) > Fq::from(BigInteger384::from(i)));
}
}
@@ -102,11 +97,11 @@ fn test_fq_legendre() {
assert_eq!(Zero, Fq::zero().legendre());
assert_eq!(
QuadraticResidue,
Fq::from(BigInteger384::from(4)).legendre()
Fq::from(BigInteger384::from(4u64)).legendre()
);
assert_eq!(
QuadraticNonResidue,
Fq::from(BigInteger384::from(5)).legendre()
Fq::from(BigInteger384::from(5u64)).legendre()
);
}
@@ -147,7 +142,7 @@ fn test_fq2_legendre() {
// i^2 = -1
let mut m1 = -Fq2::one();
assert_eq!(QuadraticResidue, m1.legendre());
m1 = Fq6Parameters::mul_fp2_by_nonresidue(&m1);
m1 = Fq6Config::mul_fp2_by_nonresidue(&m1);
assert_eq!(QuadraticNonResidue, m1.legendre());
}
@@ -158,8 +153,8 @@ fn test_fq2_mul_nonresidue() {
let nqr = Fq2::new(Fq::zero(), Fq::one());
let quadratic_non_residue = Fq2::new(
Fq2Parameters::QUADRATIC_NONRESIDUE.0,
Fq2Parameters::QUADRATIC_NONRESIDUE.1,
Fq2Config::QUADRATIC_NONRESIDUE.c0,
Fq2Config::QUADRATIC_NONRESIDUE.c1,
);
for _ in 0..1000 {
let mut a = Fq2::rand(&mut rng);

12
bls12_377/src/lib.rs Normal file → Executable file
View File

@@ -9,15 +9,17 @@
#![forbid(unsafe_code)]
//! This library implements the BLS12_377 curve generated in [\[BCGMMW20, “Zexe”\]](https://eprint.iacr.org/2018/962).
//! The name denotes that it is a Barreto--Lynn--Scott curve of embedding degree 12,
//! defined over a 377-bit (prime) field. The main feature of this curve is that
//! both the scalar field and the base field are highly 2-adic.
//! (This is in contrast to the BLS12_381 curve for which only the scalar field is highly 2-adic.)
//! The name denotes that it is a Barreto--Lynn--Scott curve of embedding degree
//! 12, defined over a 377-bit (prime) field. The main feature of this curve is
//! that both the scalar field and the base field are highly 2-adic.
//! (This is in contrast to the BLS12_381 curve for which only the scalar field
//! is highly 2-adic.)
//!
//!
//! Curve information:
//! * Base field: q = 258664426012969094010652733694893533536393512754914660539884262666720468348340822774968888139573360124440321458177
//! * Scalar field: r = 8444461749428370424248824938781546531375899335154063827935233455917409239041
//! * Scalar field: r =
//! 8444461749428370424248824938781546531375899335154063827935233455917409239041
//! * valuation(q - 1, 2) = 46
//! * valuation(r - 1, 2) = 47
//! * G1 curve equation: y^2 = x^3 + 1