arnaucube/ark-curves-cherry-picked
1
0
Fork 0
mirror of https://github.com/arnaucube/ark-curves-cherry-picked.git synced 2026-01-08 23:11:29 +01:00
Code Issues Projects Releases Wiki Activity

Upgrade to work with latest ark-ff (#95)

Browse Source 
Co-authored-by: Sun <huachuang20@gmail.com>
This commit is contained in:
Pratyush Mishra
2022-03-07 13:12:03 -08:00
committed by GitHub
parent d0dc200f22
commit 1551d6d76c
231 changed files with 2830 additions and 4343 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
bls12_381/scripts/base_field.sage Normal file
View File

@@ -0,0 +1,28 @@
modulus = 4002409555221667393417789825735904156556882819939007885332058136124031650490837864442687629129015664037894272559787
assert(modulus.is_prime())
Fp = GF(modulus)
generator = Fp(0);
for i in range(0, 20):
i = Fp(i);
neg_i = Fp(-i)
if not(i.is_primitive_root() or neg_i.is_primitive_root()):
continue
elif i.is_primitive_root():
assert(i.is_primitive_root());
print("Generator: %d" % i)
generator = i
break
else:
assert(neg_i.is_primitive_root());
print("Generator: %d" % neg_i)
generator = neg_i
break
two_adicity = valuation(modulus - 1, 2);
trace = (modulus - 1) / 2**two_adicity;
two_adic_root_of_unity = generator^trace
print("2-adic Root of Unity: %d " % two_adic_root_of_unity)

28
bls12_381/scripts/scalar_field.sage Normal file
View File

@@ -0,0 +1,28 @@
modulus = 52435875175126190479447740508185965837690552500527637822603658699938581184513
assert(modulus.is_prime())
Fp = GF(modulus)
generator = Fp(0);
for i in range(0, 20):
i = Fp(i);
neg_i = Fp(-i)
if not(i.is_primitive_root() or neg_i.is_primitive_root()):
continue
elif i.is_primitive_root():
assert(i.is_primitive_root());
print("Generator: %d" % i)
generator = i
break
else:
assert(neg_i.is_primitive_root());
print("Generator: %d" % neg_i)
generator = neg_i
break
two_adicity = valuation(modulus - 1, 2);
trace = (modulus - 1) / 2**two_adicity;
two_adic_root_of_unity = generator^trace
print("2-adic Root of Unity: %d " % two_adic_root_of_unity)

30
bls12_381/src/curves/g1.rs
View File

@@ -1,4 +1,3 @@
use crate::*;
use ark_ec::{
bls12,
bls12::Bls12Parameters,
@@ -6,9 +5,11 @@ use ark_ec::{
short_weierstrass_jacobian::GroupAffine,
AffineCurve, ProjectiveCurve,
};
use ark_ff::{biginteger::BigInteger256, field_new, Zero};
use ark_ff::{biginteger::BigInteger256, MontFp, Zero};
use ark_std::ops::Neg;
use crate::*;
pub type G1Affine = bls12::G1Affine<crate::Parameters>;
pub type G1Projective = bls12::G1Projective<crate::Parameters>;
@@ -24,17 +25,18 @@ impl ModelParameters for Parameters {
/// COFACTOR_INV = COFACTOR^{-1} mod r
/// = 52435875175126190458656871551744051925719901746859129887267498875565241663483
#[rustfmt::skip]
const COFACTOR_INV: Fr = field_new!(Fr, "52435875175126190458656871551744051925719901746859129887267498875565241663483");
const COFACTOR_INV: Fr = MontFp!(
Fr,
"52435875175126190458656871551744051925719901746859129887267498875565241663483"
);
}
impl SWModelParameters for Parameters {
/// COEFF_A = 0
const COEFF_A: Fq = field_new!(Fq, "0");
const COEFF_A: Fq = MontFp!(Fq, "0");
/// COEFF_B = 4
#[rustfmt::skip]
const COEFF_B: Fq = field_new!(Fq, "4");
const COEFF_B: Fq = MontFp!(Fq, "4");
/// AFFINE_GENERATOR_COEFFS = (G1_GENERATOR_X, G1_GENERATOR_Y)
const AFFINE_GENERATOR_COEFFS: (Self::BaseField, Self::BaseField) =
@@ -54,7 +56,8 @@ impl SWModelParameters for Parameters {
let x = BigInteger256::new([crate::Parameters::X[0], 0, 0, 0]);
// An early-out optimization described in Section 6.
// If uP == P but P != point of infinity, then the point is not in the right subgroup.
// If uP == P but P != point of infinity, then the point is not in the right
// subgroup.
let x_times_p = p.mul(x);
if x_times_p.eq(p) && !p.infinity {
return false;
@@ -68,20 +71,19 @@ impl SWModelParameters for Parameters {
/// G1_GENERATOR_X =
/// 3685416753713387016781088315183077757961620795782546409894578378688607592378376318836054947676345821548104185464507
#[rustfmt::skip]
pub const G1_GENERATOR_X: Fq = field_new!(Fq, "3685416753713387016781088315183077757961620795782546409894578378688607592378376318836054947676345821548104185464507");
pub const G1_GENERATOR_X: Fq = MontFp!(Fq, "3685416753713387016781088315183077757961620795782546409894578378688607592378376318836054947676345821548104185464507");
/// G1_GENERATOR_Y =
/// 1339506544944476473020471379941921221584933875938349620426543736416511423956333506472724655353366534992391756441569
#[rustfmt::skip]
pub const G1_GENERATOR_Y: Fq = field_new!(Fq, "1339506544944476473020471379941921221584933875938349620426543736416511423956333506472724655353366534992391756441569");
pub const G1_GENERATOR_Y: Fq = MontFp!(Fq, "1339506544944476473020471379941921221584933875938349620426543736416511423956333506472724655353366534992391756441569");
/// BETA is a non-trivial cubic root of unity in Fq.
pub const BETA: Fq = field_new!(Fq, "793479390729215512621379701633421447060886740281060493010456487427281649075476305620758731620350");
pub const BETA: Fq = MontFp!(Fq, "793479390729215512621379701633421447060886740281060493010456487427281649075476305620758731620350");
pub fn endomorphism(p: &GroupAffine<Parameters>) -> GroupAffine<Parameters> {
// Endomorphism of the points on the curve.
// endomorphism_p(x,y) = (BETA * x, y) where BETA is a non-trivial cubic root of unity in Fq.
// endomorphism_p(x,y) = (BETA * x, y)
// where BETA is a non-trivial cubic root of unity in Fq.
let mut res = (*p).clone();
res.x *= BETA;
res

67
bls12_381/src/curves/g2.rs
View File

@@ -1,12 +1,13 @@
use crate::*;
use ark_ec::bls12::Bls12Parameters;
use ark_ec::{
bls12,
bls12::Bls12Parameters,
models::{ModelParameters, SWModelParameters},
short_weierstrass_jacobian::GroupAffine,
AffineCurve,
};
use ark_ff::{field_new, BigInt, Field, Zero};
use ark_ff::{BigInt, Field, MontFp, QuadExt, Zero};
use crate::*;
pub type G2Affine = bls12::G2Affine<crate::Parameters>;
pub type G2Projective = bls12::G2Projective<crate::Parameters>;
@@ -35,16 +36,18 @@ impl ModelParameters for Parameters {
/// COFACTOR_INV = COFACTOR^{-1} mod r
/// 26652489039290660355457965112010883481355318854675681319708643586776743290055
#[rustfmt::skip]
const COFACTOR_INV: Fr = field_new!(Fr, "26652489039290660355457965112010883481355318854675681319708643586776743290055");
const COFACTOR_INV: Fr = MontFp!(
Fr,
"26652489039290660355457965112010883481355318854675681319708643586776743290055"
);
}
impl SWModelParameters for Parameters {
/// COEFF_A = [0, 0]
const COEFF_A: Fq2 = field_new!(Fq2, g1::Parameters::COEFF_A, g1::Parameters::COEFF_A,);
const COEFF_A: Fq2 = QuadExt!(g1::Parameters::COEFF_A, g1::Parameters::COEFF_A,);
/// COEFF_B = [4, 4]
const COEFF_B: Fq2 = field_new!(Fq2, g1::Parameters::COEFF_B, g1::Parameters::COEFF_B,);
const COEFF_B: Fq2 = QuadExt!(g1::Parameters::COEFF_B, g1::Parameters::COEFF_B,);
/// AFFINE_GENERATOR_COEFFS = (G2_GENERATOR_X, G2_GENERATOR_Y)
const AFFINE_GENERATOR_COEFFS: (Self::BaseField, Self::BaseField) =
@@ -71,59 +74,55 @@ impl SWModelParameters for Parameters {
}
}
pub const G2_GENERATOR_X: Fq2 = field_new!(Fq2, G2_GENERATOR_X_C0, G2_GENERATOR_X_C1);
pub const G2_GENERATOR_Y: Fq2 = field_new!(Fq2, G2_GENERATOR_Y_C0, G2_GENERATOR_Y_C1);
pub const G2_GENERATOR_X: Fq2 = QuadExt!(G2_GENERATOR_X_C0, G2_GENERATOR_X_C1);
pub const G2_GENERATOR_Y: Fq2 = QuadExt!(G2_GENERATOR_Y_C0, G2_GENERATOR_Y_C1);
/// G2_GENERATOR_X_C0 =
/// 352701069587466618187139116011060144890029952792775240219908644239793785735715026873347600343865175952761926303160
#[rustfmt::skip]
pub const G2_GENERATOR_X_C0: Fq = field_new!(Fq, "352701069587466618187139116011060144890029952792775240219908644239793785735715026873347600343865175952761926303160");
pub const G2_GENERATOR_X_C0: Fq = MontFp!(Fq, "352701069587466618187139116011060144890029952792775240219908644239793785735715026873347600343865175952761926303160");
/// G2_GENERATOR_X_C1 =
/// 3059144344244213709971259814753781636986470325476647558659373206291635324768958432433509563104347017837885763365758
#[rustfmt::skip]
pub const G2_GENERATOR_X_C1: Fq = field_new!(Fq, "3059144344244213709971259814753781636986470325476647558659373206291635324768958432433509563104347017837885763365758");
pub const G2_GENERATOR_X_C1: Fq = MontFp!(Fq, "3059144344244213709971259814753781636986470325476647558659373206291635324768958432433509563104347017837885763365758");
/// G2_GENERATOR_Y_C0 =
/// 1985150602287291935568054521177171638300868978215655730859378665066344726373823718423869104263333984641494340347905
#[rustfmt::skip]
pub const G2_GENERATOR_Y_C0: Fq = field_new!(Fq, "1985150602287291935568054521177171638300868978215655730859378665066344726373823718423869104263333984641494340347905");
pub const G2_GENERATOR_Y_C0: Fq = MontFp!(Fq, "1985150602287291935568054521177171638300868978215655730859378665066344726373823718423869104263333984641494340347905");
/// G2_GENERATOR_Y_C1 =
/// 927553665492332455747201965776037880757740193453592970025027978793976877002675564980949289727957565575433344219582
#[rustfmt::skip]
pub const G2_GENERATOR_Y_C1: Fq = field_new!(Fq, "927553665492332455747201965776037880757740193453592970025027978793976877002675564980949289727957565575433344219582");
pub const G2_GENERATOR_Y_C1: Fq = MontFp!(Fq, "927553665492332455747201965776037880757740193453592970025027978793976877002675564980949289727957565575433344219582");
// psi(x,y) = (x**p * PSI_X, y**p * PSI_Y) is the Frobenius composed
// with the quadratic twist and its inverse
// PSI_X = 1/(u+1)^((p-1)/3)
pub const P_POWER_ENDOMORPHISM_COEFF_0 : Fq2 = field_new!(
Fq2,
pub const P_POWER_ENDOMORPHISM_COEFF_0 : Fq2 = QuadExt!(
FQ_ZERO,
field_new!(
Fq,
"4002409555221667392624310435006688643935503118305586438271171395842971157480381377015405980053539358417135540939437"
MontFp!(
Fq,
"4002409555221667392624310435006688643935503118305586438271171395842971157480381377015405980053539358417135540939437"
)
);
// PSI_Y = 1/(u+1)^((p-1)/2)
pub const P_POWER_ENDOMORPHISM_COEFF_1: Fq2 = field_new!(
Fq2,
field_new!(
Fq,
"2973677408986561043442465346520108879172042883009249989176415018091420807192182638567116318576472649347015917690530"),
field_new!(
Fq,
"1028732146235106349975324479215795277384839936929757896155643118032610843298655225875571310552543014690878354869257")
pub const P_POWER_ENDOMORPHISM_COEFF_1: Fq2 = QuadExt!(
MontFp!(
Fq,
"2973677408986561043442465346520108879172042883009249989176415018091420807192182638567116318576472649347015917690530"),
MontFp!(
Fq,
"1028732146235106349975324479215795277384839936929757896155643118032610843298655225875571310552543014690878354869257")
);
pub fn p_power_endomorphism(p: &GroupAffine<Parameters>) -> GroupAffine<Parameters> {
// The p-power endomorphism for G2 is defined as follows:
// 1. Note that G2 is defined on curve E': y^2 = x^3 + 4(u+1). To map a point (x, y) in E' to (s, t) in E,
// one set s = x / ((u+1) ^ (1/3)), t = y / ((u+1) ^ (1/2)), because E: y^2 = x^3 + 4.
// 2. Apply the Frobenius endomorphism (s, t) => (s', t'), another point on curve E,
// where s' = s^p, t' = t^p.
// 1. Note that G2 is defined on curve E': y^2 = x^3 + 4(u+1).
// To map a point (x, y) in E' to (s, t) in E,
// one set s = x / ((u+1) ^ (1/3)), t = y / ((u+1) ^ (1/2)),
// because E: y^2 = x^3 + 4.
// 2. Apply the Frobenius endomorphism (s, t) => (s', t'),
// another point on curve E, where s' = s^p, t' = t^p.
// 3. Map the point from E back to E'; that is,
// one set x' = s' * ((u+1) ^ (1/3)), y' = t' * ((u+1) ^ (1/2)).
//

8
bls12_381/src/curves/mod.rs
View File

@@ -1,6 +1,6 @@
use ark_ec::bls12::{Bls12, Bls12Parameters, TwistType};
use crate::{Fq, Fq12Parameters, Fq2Parameters, Fq6Parameters};
use crate::{Fq, Fq12Config, Fq2Config, Fq6Config};
pub mod g1;
pub mod g2;
@@ -22,9 +22,9 @@ impl Bls12Parameters for Parameters {
const X_IS_NEGATIVE: bool = true;
const TWIST_TYPE: TwistType = TwistType::M;
type Fp = Fq;
type Fp2Params = Fq2Parameters;
type Fp6Params = Fq6Parameters;
type Fp12Params = Fq12Parameters;
type Fp2Config = Fq2Config;
type Fp6Config = Fq6Config;
type Fp12Config = Fq12Config;
type G1Parameters = self::g1::Parameters;
type G2Parameters = self::g2::Parameters;
}

25
bls12_381/src/curves/tests.rs Normal file → Executable file
View File

@@ -1,23 +1,16 @@
#![allow(unused_imports)]
use ark_ec::{
models::SWModelParameters,
short_weierstrass_jacobian::{GroupAffine, GroupProjective},
AffineCurve, PairingEngine, ProjectiveCurve,
};
use ark_ff::{
fields::{Field, FpParameters, PrimeField, SquareRootField},
BitIteratorBE, One, UniformRand, Zero,
};
use ark_serialize::CanonicalSerialize;
use ark_std::{rand::Rng, test_rng};
use core::ops::{AddAssign, MulAssign};
use crate::{g1, g2, Bls12_381, Fq, Fq12, Fq2, Fr, G1Affine, G1Projective, G2Affine, G2Projective};
use ark_algebra_test_templates::{
curves::*, generate_bilinearity_test, generate_g1_generator_raw_test, generate_g1_test,
generate_g2_test, groups::*, msm::*,
};
use ark_ec::group::Group;
use ark_ec::{models::SWModelParameters, AffineCurve, PairingEngine, ProjectiveCurve};
use ark_ff::{
fields::{Field, PrimeField, SquareRootField},
One, UniformRand, Zero,
};
use ark_std::{rand::Rng, test_rng};
use core::ops::{AddAssign, MulAssign};
use crate::{g1, g2, Bls12_381, Fq, Fq12, Fq2, Fr, G1Affine, G1Projective, G2Affine, G2Projective};
generate_g1_test!(bls12_381; curve_tests; sw_tests;);
generate_g2_test!(bls12_381; curve_tests; sw_tests;);

121
bls12_381/src/fields/fq.rs
View File

@@ -1,115 +1,10 @@
use ark_ff::{
biginteger::{BigInt, BigInteger384 as BigInteger},
field_new,
fields::{FftParameters, Fp384, Fp384Parameters, FpParameters},
};
use ark_ff::fields::{Fp384, MontBackend, MontConfig, MontFp};
pub type Fq = Fp384<FqParameters>;
#[derive(MontConfig)]
#[modulus = "4002409555221667393417789825735904156556882819939007885332058136124031650490837864442687629129015664037894272559787"]
#[generator = "2"]
pub struct FqConfig;
pub type Fq = Fp384<MontBackend<FqConfig, 6>>;
pub struct FqParameters;
impl Fp384Parameters for FqParameters {}
impl FftParameters for FqParameters {
type BigInt = BigInteger;
const TWO_ADICITY: u32 = 1;
#[rustfmt::skip]
const TWO_ADIC_ROOT_OF_UNITY: BigInteger = BigInt::new([
0x43f5fffffffcaaae,
0x32b7fff2ed47fffd,
0x7e83a49a2e99d69,
0xeca8f3318332bb7a,
0xef148d1ea0f4c069,
0x40ab3263eff0206,
]);
}
impl FpParameters for FqParameters {
/// MODULUS = 4002409555221667393417789825735904156556882819939007885332058136124031650490837864442687629129015664037894272559787
#[rustfmt::skip]
const MODULUS: BigInteger = BigInt::new([
0xb9feffffffffaaab,
0x1eabfffeb153ffff,
0x6730d2a0f6b0f624,
0x64774b84f38512bf,
0x4b1ba7b6434bacd7,
0x1a0111ea397fe69a,
]);
const MODULUS_BITS: u32 = 381;
const CAPACITY: u32 = Self::MODULUS_BITS - 1;
const REPR_SHAVE_BITS: u32 = 3;
/// R = 3380320199399472671518931668520476396067793891014375699959770179129436917079669831430077592723774664465579537268733
#[rustfmt::skip]
const R: BigInteger = BigInt::new([
0x760900000002fffd,
0xebf4000bc40c0002,
0x5f48985753c758ba,
0x77ce585370525745,
0x5c071a97a256ec6d,
0x15f65ec3fa80e493,
]);
#[rustfmt::skip]
const R2: BigInteger = BigInt::new([
0xf4df1f341c341746,
0xa76e6a609d104f1,
0x8de5476c4c95b6d5,
0x67eb88a9939d83c0,
0x9a793e85b519952d,
0x11988fe592cae3aa,
]);
const INV: u64 = 0x89f3fffcfffcfffd;
/// GENERATOR = 2
/// Encoded in Montgomery form, so the value is
/// 2 * R % q = 2758230843577277949620073511305048635578704962089743514587482222134842183668501798417467556318533664893264801977679
#[rustfmt::skip]
const GENERATOR: BigInteger = BigInt::new([
0x321300000006554f,
0xb93c0018d6c40005,
0x57605e0db0ddbb51,
0x8b256521ed1f9bcb,
0x6cf28d7901622c03,
0x11ebab9dbb81e28c,
]);
#[rustfmt::skip]
const MODULUS_MINUS_ONE_DIV_TWO: BigInteger = BigInt::new([
0xdcff7fffffffd555,
0xf55ffff58a9ffff,
0xb39869507b587b12,
0xb23ba5c279c2895f,
0x258dd3db21a5d66b,
0xd0088f51cbff34d,
]);
/// T and T_MINUS_ONE_DIV_TWO, where MODULUS - 1 = 2^S * T
/// For T coprime to 2
#[rustfmt::skip]
const T: BigInteger = BigInt::new([
0xdcff7fffffffd555,
0xf55ffff58a9ffff,
0xb39869507b587b12,
0xb23ba5c279c2895f,
0x258dd3db21a5d66b,
0xd0088f51cbff34d,
]);
#[rustfmt::skip]
const T_MINUS_ONE_DIV_TWO: BigInteger = BigInt::new([
0xee7fbfffffffeaaa,
0x7aaffffac54ffff,
0xd9cc34a83dac3d89,
0xd91dd2e13ce144af,
0x92c6e9ed90d2eb35,
0x680447a8e5ff9a6,
]);
}
pub const FQ_ONE: Fq = field_new!(Fq, "1");
pub const FQ_ZERO: Fq = field_new!(Fq, "0");
pub const FQ_ONE: Fq = MontFp!(Fq, "1");
pub const FQ_ZERO: Fq = MontFp!(Fq, "0");

87
bls12_381/src/fields/fq12.rs
View File

@@ -1,76 +1,77 @@
use crate::*;
use ark_ff::{field_new, fields::*};
use ark_ff::{fields::*, CubicExt, MontFp, QuadExt};
pub type Fq12 = Fp12<Fq12Parameters>;
use crate::*;
pub type Fq12 = Fp12<Fq12Config>;
#[derive(Clone, Copy)]
pub struct Fq12Parameters;
pub struct Fq12Config;
impl Fp12Parameters for Fq12Parameters {
type Fp6Params = Fq6Parameters;
impl Fp12Config for Fq12Config {
type Fp6Config = Fq6Config;
const NONRESIDUE: Fq6 = field_new!(Fq6, FQ2_ZERO, FQ2_ONE, FQ2_ZERO);
const NONRESIDUE: Fq6 = CubicExt!(FQ2_ZERO, FQ2_ONE, FQ2_ZERO);
const FROBENIUS_COEFF_FP12_C1: &'static [Fq2] = &[
// Fp2::NONRESIDUE^(((q^0) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, "1"),
field_new!(Fq, "0"),
QuadExt!(
MontFp!(Fq, "1"),
MontFp!(Fq, "0"),
),
// Fp2::NONRESIDUE^(((q^1) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, "3850754370037169011952147076051364057158807420970682438676050522613628423219637725072182697113062777891589506424760"),
field_new!(Fq, "151655185184498381465642749684540099398075398968325446656007613510403227271200139370504932015952886146304766135027"),
QuadExt!(
MontFp!(Fq, "3850754370037169011952147076051364057158807420970682438676050522613628423219637725072182697113062777891589506424760"),
MontFp!(Fq, "151655185184498381465642749684540099398075398968325446656007613510403227271200139370504932015952886146304766135027"),
),
// Fp2::NONRESIDUE^(((q^2) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, "793479390729215512621379701633421447060886740281060493010456487427281649075476305620758731620351"),
field_new!(Fq, "0"),
QuadExt!(
MontFp!(Fq, "793479390729215512621379701633421447060886740281060493010456487427281649075476305620758731620351"),
MontFp!(Fq, "0"),
),
// Fp2::NONRESIDUE^(((q^3) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, "2973677408986561043442465346520108879172042883009249989176415018091420807192182638567116318576472649347015917690530"),
field_new!(Fq, "1028732146235106349975324479215795277384839936929757896155643118032610843298655225875571310552543014690878354869257"),
QuadExt!(
MontFp!(Fq, "2973677408986561043442465346520108879172042883009249989176415018091420807192182638567116318576472649347015917690530"),
MontFp!(Fq, "1028732146235106349975324479215795277384839936929757896155643118032610843298655225875571310552543014690878354869257"),
),
// Fp2::NONRESIDUE^(((q^4) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, "793479390729215512621379701633421447060886740281060493010456487427281649075476305620758731620350"),
field_new!(Fq, "0"),
QuadExt!(
MontFp!(Fq, "793479390729215512621379701633421447060886740281060493010456487427281649075476305620758731620350"),
MontFp!(Fq, "0"),
),
// Fp2::NONRESIDUE^(((q^5) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, "3125332594171059424908108096204648978570118281977575435832422631601824034463382777937621250592425535493320683825557"),
field_new!(Fq, "877076961050607968509681729531255177986764537961432449499635504522207616027455086505066378536590128544573588734230"),
QuadExt!(
MontFp!(Fq, "3125332594171059424908108096204648978570118281977575435832422631601824034463382777937621250592425535493320683825557"),
MontFp!(Fq, "877076961050607968509681729531255177986764537961432449499635504522207616027455086505066378536590128544573588734230"),
),
// Fp2::NONRESIDUE^(((q^6) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, "-1"),
field_new!(Fq, "0"),
QuadExt!(
MontFp!(Fq, "-1"),
MontFp!(Fq, "0"),
),
// Fp2::NONRESIDUE^(((q^7) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, "151655185184498381465642749684540099398075398968325446656007613510403227271200139370504932015952886146304766135027"),
field_new!(Fq, "3850754370037169011952147076051364057158807420970682438676050522613628423219637725072182697113062777891589506424760"),
QuadExt!(
MontFp!(Fq, "151655185184498381465642749684540099398075398968325446656007613510403227271200139370504932015952886146304766135027"),
MontFp!(Fq, "3850754370037169011952147076051364057158807420970682438676050522613628423219637725072182697113062777891589506424760"),
),
// Fp2::NONRESIDUE^(((q^8) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, "4002409555221667392624310435006688643935503118305586438271171395842971157480381377015405980053539358417135540939436"),
field_new!(Fq, "0"),
QuadExt!(
MontFp!(Fq, "4002409555221667392624310435006688643935503118305586438271171395842971157480381377015405980053539358417135540939436"),
MontFp!(Fq, "0"),
),
// Fp2::NONRESIDUE^(((q^9) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, "1028732146235106349975324479215795277384839936929757896155643118032610843298655225875571310552543014690878354869257"),
field_new!(Fq, "2973677408986561043442465346520108879172042883009249989176415018091420807192182638567116318576472649347015917690530"),
QuadExt!(
MontFp!(Fq, "1028732146235106349975324479215795277384839936929757896155643118032610843298655225875571310552543014690878354869257"),
MontFp!(Fq, "2973677408986561043442465346520108879172042883009249989176415018091420807192182638567116318576472649347015917690530"),
),
// Fp2::NONRESIDUE^(((q^10) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, "4002409555221667392624310435006688643935503118305586438271171395842971157480381377015405980053539358417135540939437"),
field_new!(Fq, "0"),
QuadExt!(
MontFp!(Fq, "4002409555221667392624310435006688643935503118305586438271171395842971157480381377015405980053539358417135540939437"),
MontFp!(Fq, "0"),
),
// Fp2::NONRESIDUE^(((q^11) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, "877076961050607968509681729531255177986764537961432449499635504522207616027455086505066378536590128544573588734230"),
field_new!(Fq, "3125332594171059424908108096204648978570118281977575435832422631601824034463382777937621250592425535493320683825557"),
QuadExt!(
MontFp!(Fq, "877076961050607968509681729531255177986764537961432449499635504522207616027455086505066378536590128544573588734230"),
MontFp!(Fq, "3125332594171059424908108096204648978570118281977575435832422631601824034463382777937621250592425535493320683825557"),
),
];
}

24
bls12_381/src/fields/fq2.rs
View File

@@ -1,28 +1,26 @@
use ark_ff::{fields::*, MontFp, QuadExt};
use crate::*;
use ark_ff::{field_new, fields::*};
pub type Fq2 = Fp2<Fq2Parameters>;
pub type Fq2 = Fp2<Fq2Config>;
pub struct Fq2Parameters;
pub struct Fq2Config;
impl Fp2Parameters for Fq2Parameters {
impl Fp2Config for Fq2Config {
type Fp = Fq;
/// NONRESIDUE = -1
#[rustfmt::skip]
const NONRESIDUE: Fq = field_new!(Fq, "-1");
const NONRESIDUE: Fq = MontFp!(Fq, "-1");
/// QUADRATIC_NONRESIDUE = (U + 1)
#[rustfmt::skip]
const QUADRATIC_NONRESIDUE: (Fq, Fq) = (FQ_ONE, FQ_ONE);
const QUADRATIC_NONRESIDUE: Fq2 = QuadExt!(FQ_ONE, FQ_ONE);
/// Coefficients for the Frobenius automorphism.
#[rustfmt::skip]
const FROBENIUS_COEFF_FP2_C1: &'static [Fq] = &[
// Fq(-1)**(((q^0) - 1) / 2)
field_new!(Fq, "1"),
MontFp!(Fq, "1"),
// Fq(-1)**(((q^1) - 1) / 2)
field_new!(Fq, "-1"),
MontFp!(Fq, "-1"),
];
#[inline(always)]
@@ -31,5 +29,5 @@ impl Fp2Parameters for Fq2Parameters {
}
}
pub const FQ2_ZERO: Fq2 = field_new!(Fq2, FQ_ZERO, FQ_ZERO);
pub const FQ2_ONE: Fq2 = field_new!(Fq2, FQ_ONE, FQ_ZERO);
pub const FQ2_ZERO: Fq2 = QuadExt!(FQ_ZERO, FQ_ZERO);
pub const FQ2_ONE: Fq2 = QuadExt!(FQ_ONE, FQ_ZERO);

92
bls12_381/src/fields/fq6.rs
View File

@@ -1,86 +1,82 @@
use crate::*;
use ark_ff::{field_new, fields::*};
use ark_ff::{fields::*, MontFp, QuadExt};
pub type Fq6 = Fp6<Fq6Parameters>;
use crate::*;
pub type Fq6 = Fp6<Fq6Config>;
#[derive(Clone, Copy)]
pub struct Fq6Parameters;
pub struct Fq6Config;
impl Fp6Parameters for Fq6Parameters {
type Fp2Params = Fq2Parameters;
impl Fp6Config for Fq6Config {
type Fp2Config = Fq2Config;
/// NONRESIDUE = (U + 1)
#[rustfmt::skip]
const NONRESIDUE: Fq2 = field_new!(Fq2,
field_new!(Fq, "1"),
field_new!(Fq, "1"),
);
const NONRESIDUE: Fq2 = QuadExt!(FQ_ONE, FQ_ONE);
#[rustfmt::skip]
const FROBENIUS_COEFF_FP6_C1: &'static [Fq2] = &[
// Fp2::NONRESIDUE^(((q^0) - 1) / 3)
field_new!(Fq2,
field_new!(Fq, "1"),
field_new!(Fq, "0"),
QuadExt!(
MontFp!(Fq, "1"),
MontFp!(Fq, "0"),
),
// Fp2::NONRESIDUE^(((q^1) - 1) / 3)
field_new!(Fq2,
field_new!(Fq, "0"),
field_new!(Fq, "4002409555221667392624310435006688643935503118305586438271171395842971157480381377015405980053539358417135540939436"),
QuadExt!(
MontFp!(Fq, "0"),
MontFp!(Fq, "4002409555221667392624310435006688643935503118305586438271171395842971157480381377015405980053539358417135540939436"),
),
// Fp2::NONRESIDUE^(((q^2) - 1) / 3)
field_new!(Fq2,
field_new!(Fq, "793479390729215512621379701633421447060886740281060493010456487427281649075476305620758731620350"),
field_new!(Fq, "0"),
QuadExt!(
MontFp!(Fq, "793479390729215512621379701633421447060886740281060493010456487427281649075476305620758731620350"),
MontFp!(Fq, "0"),
),
// Fp2::NONRESIDUE^(((q^3) - 1) / 3)
field_new!(Fq2,
field_new!(Fq, "0"),
field_new!(Fq, "1"),
QuadExt!(
MontFp!(Fq, "0"),
MontFp!(Fq, "1"),
),
// Fp2::NONRESIDUE^(((q^4) - 1) / 3)
field_new!(Fq2,
field_new!(Fq, "4002409555221667392624310435006688643935503118305586438271171395842971157480381377015405980053539358417135540939436"),
field_new!(Fq, "0"),
QuadExt!(
MontFp!(Fq, "4002409555221667392624310435006688643935503118305586438271171395842971157480381377015405980053539358417135540939436"),
MontFp!(Fq, "0"),
),
// Fp2::NONRESIDUE^(((q^5) - 1) / 3)
field_new!(Fq2,
field_new!(Fq, "0"),
field_new!(Fq, "793479390729215512621379701633421447060886740281060493010456487427281649075476305620758731620350"),
QuadExt!(
MontFp!(Fq, "0"),
MontFp!(Fq, "793479390729215512621379701633421447060886740281060493010456487427281649075476305620758731620350"),
),
];
#[rustfmt::skip]
const FROBENIUS_COEFF_FP6_C2: &'static [Fq2] = &[
// Fq2(u + 1)**(((2q^0) - 2) / 3)
field_new!(Fq2,
field_new!(Fq, "1"),
field_new!(Fq, "0"),
QuadExt!(
MontFp!(Fq, "1"),
MontFp!(Fq, "0"),
),
// Fq2(u + 1)**(((2q^1) - 2) / 3)
field_new!(Fq2,
field_new!(Fq, "4002409555221667392624310435006688643935503118305586438271171395842971157480381377015405980053539358417135540939437"),
field_new!(Fq, "0"),
QuadExt!(
MontFp!(Fq, "4002409555221667392624310435006688643935503118305586438271171395842971157480381377015405980053539358417135540939437"),
MontFp!(Fq, "0"),
),
// Fq2(u + 1)**(((2q^2) - 2) / 3)
field_new!(Fq2,
field_new!(Fq, "4002409555221667392624310435006688643935503118305586438271171395842971157480381377015405980053539358417135540939436"),
field_new!(Fq, "0"),
QuadExt!(
MontFp!(Fq, "4002409555221667392624310435006688643935503118305586438271171395842971157480381377015405980053539358417135540939436"),
MontFp!(Fq, "0"),
),
// Fq2(u + 1)**(((2q^3) - 2) / 3)
field_new!(Fq2,
field_new!(Fq, "-1"),
field_new!(Fq, "0"),
QuadExt!(
MontFp!(Fq, "-1"),
MontFp!(Fq, "0"),
),
// Fq2(u + 1)**(((2q^4) - 2) / 3)
field_new!(Fq2,
field_new!(Fq, "793479390729215512621379701633421447060886740281060493010456487427281649075476305620758731620350"),
field_new!(Fq, "0"),
QuadExt!(
MontFp!(Fq, "793479390729215512621379701633421447060886740281060493010456487427281649075476305620758731620350"),
MontFp!(Fq, "0"),
),
// Fq2(u + 1)**(((2q^5) - 2) / 3)
field_new!(Fq2,
field_new!(Fq, "793479390729215512621379701633421447060886740281060493010456487427281649075476305620758731620351"),
field_new!(Fq, "0"),
QuadExt!(
MontFp!(Fq, "793479390729215512621379701633421447060886740281060493010456487427281649075476305620758731620351"),
MontFp!(Fq, "0"),
),
];

105
bls12_381/src/fields/fr.rs
View File

@@ -1,100 +1,7 @@
use ark_ff::{
biginteger::{BigInt, BigInteger256 as BigInteger},
fields::{FftParameters, Fp256, Fp256Parameters, FpParameters},
};
use ark_ff::fields::{Fp256, MontBackend, MontConfig};
pub type Fr = Fp256<FrParameters>;
pub struct FrParameters;
impl Fp256Parameters for FrParameters {}
impl FftParameters for FrParameters {
type BigInt = BigInteger;
const TWO_ADICITY: u32 = 32;
#[rustfmt::skip]
const TWO_ADIC_ROOT_OF_UNITY: BigInteger = BigInt::new([
0xb9b58d8c5f0e466a,
0x5b1b4c801819d7ec,
0xaf53ae352a31e64,
0x5bf3adda19e9b27b,
]);
}
impl FpParameters for FrParameters {
/// MODULUS = 52435875175126190479447740508185965837690552500527637822603658699938581184513
#[rustfmt::skip]
const MODULUS: BigInteger = BigInt::new([
0xffffffff00000001,
0x53bda402fffe5bfe,
0x3339d80809a1d805,
0x73eda753299d7d48,
]);
const MODULUS_BITS: u32 = 255;
const CAPACITY: u32 = Self::MODULUS_BITS - 1;
const REPR_SHAVE_BITS: u32 = 1;
/// R = 10920338887063814464675503992315976177888879664585288394250266608035967270910
#[rustfmt::skip]
const R: BigInteger = BigInt::new([
0x1fffffffe,
0x5884b7fa00034802,
0x998c4fefecbc4ff5,
0x1824b159acc5056f,
]);
#[rustfmt::skip]
const R2: BigInteger = BigInt::new([
0xc999e990f3f29c6d,
0x2b6cedcb87925c23,
0x5d314967254398f,
0x748d9d99f59ff11,
]);
const INV: u64 = 0xfffffffeffffffff;
/// GENERATOR = 7
/// Encoded in Montgomery form, so the value here is
/// 7 * R % q = 24006497034320510773280787438025867407531605151569380937148207556313189711857
#[rustfmt::skip]
const GENERATOR: BigInteger = BigInt::new([
0xefffffff1,
0x17e363d300189c0f,
0xff9c57876f8457b0,
0x351332208fc5a8c4,
]);
#[rustfmt::skip]
const MODULUS_MINUS_ONE_DIV_TWO: BigInteger = BigInt::new([
0x7fffffff80000000,
0xa9ded2017fff2dff,
0x199cec0404d0ec02,
0x39f6d3a994cebea4,
]);
// T and T_MINUS_ONE_DIV_TWO, where MODULUS - 1 = 2^S * T
// For T coprime to 2
// T = (MODULUS - 1) / 2^S =
// 12208678567578594777604504606729831043093128246378069236549469339647
#[rustfmt::skip]
const T: BigInteger = BigInt::new([
0xfffe5bfeffffffff,
0x9a1d80553bda402,
0x299d7d483339d808,
0x73eda753,
]);
// (T - 1) / 2 =
// 6104339283789297388802252303364915521546564123189034618274734669823
#[rustfmt::skip]
const T_MINUS_ONE_DIV_TWO: BigInteger = BigInt::new([
0x7fff2dff7fffffff,
0x4d0ec02a9ded201,
0x94cebea4199cec04,
0x39f6d3a9,
]);
}
#[derive(MontConfig)]
#[modulus = "52435875175126190479447740508185965837690552500527637822603658699938581184513"]
#[generator = "7"]
pub struct FrConfig;
pub type Fr = Fp256<MontBackend<FrConfig, 4>>;

2
bls12_381/src/fields/mod.rs
View File

@@ -23,5 +23,5 @@ pub mod fq12;
#[cfg(feature = "curve")]
pub use self::fq12::*;
#[cfg(all(feature = "curve", feature = "std", test))]
#[cfg(all(feature = "curve", test))]
mod tests;

167
bls12_381/src/fields/tests.rs
View File

@@ -1,22 +1,23 @@
use ark_algebra_test_templates::{
fields::*, generate_field_serialization_test, generate_field_test,
};
use ark_ff::{
biginteger::{BigInt, BigInteger, BigInteger384},
fields::{
FftField, FftParameters, Field, Fp12Parameters, Fp2Parameters, Fp6Parameters, FpParameters,
SquareRootField,
},
fields::{FftField, Field, Fp12Config, Fp2Config, Fp6Config, PrimeField, SquareRootField},
One, UniformRand, Zero,
};
use ark_serialize::{buffer_bit_byte_size, CanonicalSerialize};
use ark_std::{
cmp::Ordering,
ops::{AddAssign, MulAssign, SubAssign},
rand::Rng,
test_rng,
test_rng, vec,
};
use crate::{Fq, Fq12, Fq12Parameters, Fq2, Fq2Parameters, Fq6, Fq6Parameters, FqParameters, Fr};
use ark_algebra_test_templates::{fields::*, generate_field_test};
use crate::{Fq, Fq12, Fq12Config, Fq2, Fq2Config, Fq6, Fq6Config, FqConfig, Fr, FrConfig};
generate_field_test!(bls12_381; fq2; fq6; fq12;);
generate_field_test!(bls12_381; fq2; fq6; fq12; mont(6, 4); );
generate_field_serialization_test!(bls12_381; fq2; fq6; fq12;);
#[test]
fn test_negative_one() {
@@ -35,9 +36,9 @@ fn test_negative_one() {
fn test_frob_coeffs() {
let nqr = -Fq::one();
assert_eq!(Fq2Parameters::FROBENIUS_COEFF_FP2_C1[0], Fq::one());
assert_eq!(Fq2Config::FROBENIUS_COEFF_FP2_C1[0], Fq::one());
assert_eq!(
Fq2Parameters::FROBENIUS_COEFF_FP2_C1[1],
Fq2Config::FROBENIUS_COEFF_FP2_C1[1],
nqr.pow([
0xdcff7fffffffd555,
0xf55ffff58a9ffff,
@@ -50,9 +51,9 @@ fn test_frob_coeffs() {
let nqr = Fq2::new(Fq::one(), Fq::one());
assert_eq!(Fq6Parameters::FROBENIUS_COEFF_FP6_C1[0], Fq2::one());
assert_eq!(Fq6Config::FROBENIUS_COEFF_FP6_C1[0], Fq2::one());
assert_eq!(
Fq6Parameters::FROBENIUS_COEFF_FP6_C1[1],
Fq6Config::FROBENIUS_COEFF_FP6_C1[1],
nqr.pow([
0x9354ffffffffe38e,
0xa395554e5c6aaaa,
@@ -63,7 +64,7 @@ fn test_frob_coeffs() {
])
);
assert_eq!(
Fq6Parameters::FROBENIUS_COEFF_FP6_C1[2],
Fq6Config::FROBENIUS_COEFF_FP6_C1[2],
nqr.pow([
0xb78e0000097b2f68,
0xd44f23b47cbd64e3,
@@ -80,7 +81,7 @@ fn test_frob_coeffs() {
])
);
assert_eq!(
Fq6Parameters::FROBENIUS_COEFF_FP6_C1[3],
Fq6Config::FROBENIUS_COEFF_FP6_C1[3],
nqr.pow([
0xdbc6fcd6f35b9e06,
0x997dead10becd6aa,
@@ -103,7 +104,7 @@ fn test_frob_coeffs() {
])
);
assert_eq!(
Fq6Parameters::FROBENIUS_COEFF_FP6_C1[4],
Fq6Config::FROBENIUS_COEFF_FP6_C1[4],
nqr.pow([
0x4649add3c71c6d90,
0x43caa6528972a865,
@@ -132,7 +133,7 @@ fn test_frob_coeffs() {
])
);
assert_eq!(
Fq6Parameters::FROBENIUS_COEFF_FP6_C1[5],
Fq6Config::FROBENIUS_COEFF_FP6_C1[5],
nqr.pow([
0xf896f792732eb2be,
0x49c86a6d1dc593a1,
@@ -167,9 +168,9 @@ fn test_frob_coeffs() {
])
);
assert_eq!(Fq6Parameters::FROBENIUS_COEFF_FP6_C2[0], Fq2::one());
assert_eq!(Fq6Config::FROBENIUS_COEFF_FP6_C2[0], Fq2::one());
assert_eq!(
Fq6Parameters::FROBENIUS_COEFF_FP6_C2[1],
Fq6Config::FROBENIUS_COEFF_FP6_C2[1],
nqr.pow([
0x26a9ffffffffc71c,
0x1472aaa9cb8d5555,
@@ -180,7 +181,7 @@ fn test_frob_coeffs() {
])
);
assert_eq!(
Fq6Parameters::FROBENIUS_COEFF_FP6_C2[2],
Fq6Config::FROBENIUS_COEFF_FP6_C2[2],
nqr.pow([
0x6f1c000012f65ed0,
0xa89e4768f97ac9c7,
@@ -197,7 +198,7 @@ fn test_frob_coeffs() {
])
);
assert_eq!(
Fq6Parameters::FROBENIUS_COEFF_FP6_C2[3],
Fq6Config::FROBENIUS_COEFF_FP6_C2[3],
nqr.pow([
0xb78df9ade6b73c0c,
0x32fbd5a217d9ad55,
@@ -220,7 +221,7 @@ fn test_frob_coeffs() {
])
);
assert_eq!(
Fq6Parameters::FROBENIUS_COEFF_FP6_C2[4],
Fq6Config::FROBENIUS_COEFF_FP6_C2[4],
nqr.pow([
0x8c935ba78e38db20,
0x87954ca512e550ca,
@@ -249,7 +250,7 @@ fn test_frob_coeffs() {
])
);
assert_eq!(
Fq6Parameters::FROBENIUS_COEFF_FP6_C2[5],
Fq6Config::FROBENIUS_COEFF_FP6_C2[5],
nqr.pow([
0xf12def24e65d657c,
0x9390d4da3b8b2743,
@@ -284,9 +285,9 @@ fn test_frob_coeffs() {
])
);
assert_eq!(Fq12Parameters::FROBENIUS_COEFF_FP12_C1[0], Fq2::one());
assert_eq!(Fq12Config::FROBENIUS_COEFF_FP12_C1[0], Fq2::one());
assert_eq!(
Fq12Parameters::FROBENIUS_COEFF_FP12_C1[1],
Fq12Config::FROBENIUS_COEFF_FP12_C1[1],
nqr.pow([
0x49aa7ffffffff1c7,
0x51caaaa72e35555,
@@ -297,7 +298,7 @@ fn test_frob_coeffs() {
])
);
assert_eq!(
Fq12Parameters::FROBENIUS_COEFF_FP12_C1[2],
Fq12Config::FROBENIUS_COEFF_FP12_C1[2],
nqr.pow([
0xdbc7000004bd97b4,
0xea2791da3e5eb271,
@@ -314,7 +315,7 @@ fn test_frob_coeffs() {
])
);
assert_eq!(
Fq12Parameters::FROBENIUS_COEFF_FP12_C1[3],
Fq12Config::FROBENIUS_COEFF_FP12_C1[3],
nqr.pow(vec![
0x6de37e6b79adcf03,
0x4cbef56885f66b55,
@@ -337,7 +338,7 @@ fn test_frob_coeffs() {
])
);
assert_eq!(
Fq12Parameters::FROBENIUS_COEFF_FP12_C1[4],
Fq12Config::FROBENIUS_COEFF_FP12_C1[4],
nqr.pow(vec![
0xa324d6e9e38e36c8,
0xa1e5532944b95432,
@@ -366,7 +367,7 @@ fn test_frob_coeffs() {
])
);
assert_eq!(
Fq12Parameters::FROBENIUS_COEFF_FP12_C1[5],
Fq12Config::FROBENIUS_COEFF_FP12_C1[5],
nqr.pow(vec![
0xfc4b7bc93997595f,
0xa4e435368ee2c9d0,
@@ -401,7 +402,7 @@ fn test_frob_coeffs() {
])
);
assert_eq!(
Fq12Parameters::FROBENIUS_COEFF_FP12_C1[6],
Fq12Config::FROBENIUS_COEFF_FP12_C1[6],
nqr.pow(vec![
0x21219610a012ba3c,
0xa5c19ad35375325,
@@ -442,7 +443,7 @@ fn test_frob_coeffs() {
])
);
assert_eq!(
Fq12Parameters::FROBENIUS_COEFF_FP12_C1[7],
Fq12Config::FROBENIUS_COEFF_FP12_C1[7],
nqr.pow(vec![
0x742754a1f22fdb,
0x2a1955c2dec3a702,
@@ -489,7 +490,7 @@ fn test_frob_coeffs() {
])
);
assert_eq!(
Fq12Parameters::FROBENIUS_COEFF_FP12_C1[8],
Fq12Config::FROBENIUS_COEFF_FP12_C1[8],
nqr.pow(vec![
0x802f5720d0b25710,
0x6714f0a258b85c7c,
@@ -542,7 +543,7 @@ fn test_frob_coeffs() {
])
);
assert_eq!(
Fq12Parameters::FROBENIUS_COEFF_FP12_C1[9],
Fq12Config::FROBENIUS_COEFF_FP12_C1[9],
nqr.pow(vec![
0x4af4accf7de0b977,
0x742485e21805b4ee,
@@ -601,7 +602,7 @@ fn test_frob_coeffs() {
])
);
assert_eq!(
Fq12Parameters::FROBENIUS_COEFF_FP12_C1[10],
Fq12Config::FROBENIUS_COEFF_FP12_C1[10],
nqr.pow(vec![
0xe5953a4f96cdda44,
0x336b2d734cbc32bb,
@@ -666,7 +667,7 @@ fn test_frob_coeffs() {
])
);
assert_eq!(
Fq12Parameters::FROBENIUS_COEFF_FP12_C1[11],
Fq12Config::FROBENIUS_COEFF_FP12_C1[11],
nqr.pow(vec![
0x107db680942de533,
0x6262b24d2052393b,
@@ -750,7 +751,6 @@ fn test_neg_one() {
0xef148d1ea0f4c069,
0x40ab3263eff0206,
];
println!("{:?}", thing);
let negative_one = Fq::new(BigInt::new(thing));
assert_eq!(negative_one, o);
@@ -763,14 +763,14 @@ fn test_fq_repr_from() {
#[test]
fn test_fq_repr_is_odd() {
assert!(!BigInteger384::from(0).is_odd());
assert!(BigInteger384::from(0).is_even());
assert!(BigInteger384::from(1).is_odd());
assert!(!BigInteger384::from(1).is_even());
assert!(!BigInteger384::from(324834872).is_odd());
assert!(BigInteger384::from(324834872).is_even());
assert!(BigInteger384::from(324834873).is_odd());
assert!(!BigInteger384::from(324834873).is_even());
assert!(!BigInteger384::from(0u64).is_odd());
assert!(BigInteger384::from(0u64).is_even());
assert!(BigInteger384::from(1u64).is_odd());
assert!(!BigInteger384::from(1u64).is_even());
assert!(!BigInteger384::from(324834872u64).is_odd());
assert!(BigInteger384::from(324834872u64).is_even());
assert!(BigInteger384::from(324834873u64).is_odd());
assert!(!BigInteger384::from(324834873u64).is_even());
}
#[test]
@@ -902,7 +902,7 @@ fn test_fq_repr_divn() {
#[test]
fn test_fq_repr_mul2() {
let mut a = BigInteger384::from(23712937547);
let mut a = BigInteger384::from(23712937547u64);
a.mul2();
assert_eq!(a, BigInt::new([0xb0acd6c96, 0x0, 0x0, 0x0, 0x0, 0x0]));
for _ in 0..60 {
@@ -934,9 +934,9 @@ fn test_fq_repr_mul2() {
#[test]
fn test_fq_repr_num_bits() {
let mut a = BigInteger384::from(0);
let mut a = BigInteger384::from(0u64);
assert_eq!(0, a.num_bits());
a = BigInteger384::from(1);
a = BigInteger384::from(1u64);
for i in 1..385 {
assert_eq!(i, a.num_bits());
a.mul2();
@@ -956,7 +956,7 @@ fn test_fq_repr_sub_noborrow() {
0xad0eb3948a5c34fd,
0xd56f7b5ab8b5ce8,
]);
t.sub_noborrow(&BigInt::new([
t.sub_with_borrow(&BigInt::new([
0xc7867917187ca02b,
0x5d75679d4911ffef,
0x8c5b3e48b1a71c15,
@@ -991,12 +991,12 @@ fn test_fq_repr_sub_noborrow() {
assert!(b < c);
let mut csub_ba = c;
csub_ba.sub_noborrow(&b);
csub_ba.sub_noborrow(&a);
csub_ba.sub_with_borrow(&b);
csub_ba.sub_with_borrow(&a);
let mut csub_ab = c;
csub_ab.sub_noborrow(&a);
csub_ab.sub_noborrow(&b);
csub_ab.sub_with_borrow(&a);
csub_ab.sub_with_borrow(&b);
assert_eq!(csub_ab, csub_ba);
}
@@ -1010,7 +1010,7 @@ fn test_fq_repr_sub_noborrow() {
0x4b1ba7b6434bacd7,
0x1a0111ea397fe69a,
]);
qplusone.sub_noborrow(&BigInt::new([
qplusone.sub_with_borrow(&BigInt::new([
0xb9feffffffffaaac,
0x1eabfffeb153ffff,
0x6730d2a0f6b0f624,
@@ -1043,7 +1043,7 @@ fn test_fq_repr_add_nocarry() {
0xad0eb3948a5c34fd,
0xd56f7b5ab8b5ce8,
]);
t.add_nocarry(&BigInt::new([
t.add_with_carry(&BigInt::new([
0xc7867917187ca02b,
0x5d75679d4911ffef,
0x8c5b3e48b1a71c15,
@@ -1074,28 +1074,28 @@ fn test_fq_repr_add_nocarry() {
c.0[5] >>= 3;
let mut abc = a;
abc.add_nocarry(&b);
abc.add_nocarry(&c);
abc.add_with_carry(&b);
abc.add_with_carry(&c);
let mut acb = a;
acb.add_nocarry(&c);
acb.add_nocarry(&b);
acb.add_with_carry(&c);
acb.add_with_carry(&b);
let mut bac = b;
bac.add_nocarry(&a);
bac.add_nocarry(&c);
bac.add_with_carry(&a);
bac.add_with_carry(&c);
let mut bca = b;
bca.add_nocarry(&c);
bca.add_nocarry(&a);
bca.add_with_carry(&c);
bca.add_with_carry(&a);
let mut cab = c;
cab.add_nocarry(&a);
cab.add_nocarry(&b);
cab.add_with_carry(&a);
cab.add_with_carry(&b);
let mut cba = c;
cba.add_nocarry(&b);
cba.add_nocarry(&a);
cba.add_with_carry(&b);
cba.add_with_carry(&a);
assert_eq!(abc, acb);
assert_eq!(abc, bac);
@@ -1113,7 +1113,7 @@ fn test_fq_repr_add_nocarry() {
0xffffffffffffffff,
0xffffffffffffffff,
]);
x.add_nocarry(&BigInteger384::from(1));
x.add_with_carry(&BigInteger384::from(1u64));
assert!(x.is_zero());
}
@@ -1132,19 +1132,15 @@ fn test_fq2_sqrt() {
#[test]
fn test_fq_num_bits() {
assert_eq!(FqParameters::MODULUS_BITS, 381);
assert_eq!(FqParameters::CAPACITY, 380);
assert_eq!(Fq::MODULUS_BIT_SIZE, 381);
}
#[test]
fn test_fq_root_of_unity() {
assert_eq!(FqParameters::TWO_ADICITY, 1);
assert_eq!(Fq::TWO_ADICITY, 1);
assert_eq!(Fq::GENERATOR, Fq::from(BigInteger384::from(2u64)));
assert_eq!(
Fq::multiplicative_generator(),
Fq::from(BigInteger384::from(2))
);
assert_eq!(
Fq::multiplicative_generator().pow([
Fq::GENERATOR.pow([
0xdcff7fffffffd555,
0xf55ffff58a9ffff,
0xb39869507b587b12,
@@ -1152,13 +1148,13 @@ fn test_fq_root_of_unity() {
0x258dd3db21a5d66b,
0xd0088f51cbff34d,
]),
Fq::two_adic_root_of_unity()
Fq::TWO_ADIC_ROOT_OF_UNITY
);
assert_eq!(
Fq::two_adic_root_of_unity().pow([1 << FqParameters::TWO_ADICITY]),
Fq::TWO_ADIC_ROOT_OF_UNITY.pow([1 << Fq::TWO_ADICITY]),
Fq::one()
);
assert!(Fq::multiplicative_generator().sqrt().is_none());
assert!(Fq::GENERATOR.sqrt().is_none());
}
// #[test]
@@ -1173,7 +1169,7 @@ fn test_fq_root_of_unity() {
fn test_fq_ordering() {
// BigInteger384's ordering is well-tested, but we still need to make sure the
// Fq elements aren't being compared in Montgomery form.
for i in 0..100 {
for i in 0..100u64 {
assert!(Fq::from(BigInteger384::from(i + 1)) > Fq::from(BigInteger384::from(i)));
}
}
@@ -1192,11 +1188,11 @@ fn test_fq_legendre() {
assert_eq!(
QuadraticNonResidue,
Fq::from(BigInteger384::from(2)).legendre()
Fq::from(BigInteger384::from(2u64)).legendre()
);
assert_eq!(
QuadraticResidue,
Fq::from(BigInteger384::from(4)).legendre()
Fq::from(BigInteger384::from(4u64)).legendre()
);
let e = BigInt::new([
@@ -1252,7 +1248,10 @@ fn test_fq2_basics() {
#[test]
fn test_fq2_squaring() {
let a = Fq2::new(Fq::one(), Fq::one()).square(); // u + 1
assert_eq!(a, Fq2::new(Fq::zero(), Fq::from(BigInteger384::from(2)),)); // 2u
assert_eq!(
a,
Fq2::new(Fq::zero(), Fq::from(BigInteger384::from(2u64)),)
); // 2u
let a = Fq2::new(Fq::zero(), Fq::one()).square(); // u
assert_eq!(a, {
@@ -1737,7 +1736,7 @@ fn test_fq2_legendre() {
// i^2 = -1
let mut m1 = -Fq2::one();
assert_eq!(QuadraticResidue, m1.legendre());
m1 = Fq6Parameters::mul_fp2_by_nonresidue(&m1);
m1 = Fq6Config::mul_fp2_by_nonresidue(&m1);
assert_eq!(QuadraticNonResidue, m1.legendre());
}
@@ -1750,7 +1749,7 @@ fn test_fq2_mul_nonresidue() {
for _ in 0..1000 {
let mut a = Fq2::rand(&mut rng);
let mut b = a;
a = Fq6Parameters::mul_fp2_by_nonresidue(&a);
a = Fq6Config::mul_fp2_by_nonresidue(&a);
b.mul_assign(&nqr);
assert_eq!(a, b);
@@ -1766,7 +1765,7 @@ fn test_fq6_mul_nonresidue() {
for _ in 0..1000 {
let mut a = Fq6::rand(&mut rng);
let mut b = a;
a = Fq12Parameters::mul_fp6_by_nonresidue(&a);
a = Fq12Config::mul_fp6_by_nonresidue(&a);
b.mul_assign(&nqr);
assert_eq!(a, b);

11
bls12_381/src/lib.rs Normal file → Executable file
View File

@@ -9,15 +9,16 @@
#![forbid(unsafe_code)]
//! This library implements the BLS12_381 curve generated by [Sean Bowe](https://electriccoin.co/blog/new-snark-curve/).
//! The name denotes that it is a Barreto--Lynn--Scott curve of embedding degree 12,
//! defined over a 381-bit (prime) field.
//! This curve was intended to replace the BN254 curve to provide a higher security
//! level without incurring a large performance overhead.
//! The name denotes that it is a Barreto--Lynn--Scott curve of embedding degree
//! 12, defined over a 381-bit (prime) field.
//! This curve was intended to replace the BN254 curve to provide a higher
//! security level without incurring a large performance overhead.
//!
//!
//! Curve information:
//! * Base field: q = 4002409555221667393417789825735904156556882819939007885332058136124031650490837864442687629129015664037894272559787
//! * Scalar field: r = 52435875175126190479447740508185965837690552500527637822603658699938581184513
//! * Scalar field: r =
//! 52435875175126190479447740508185965837690552500527637822603658699938581184513
//! * valuation(q - 1, 2) = 1
//! * valuation(r - 1, 2) = 32
//! * G1 curve equation: y^2 = x^3 + 4