arnaucube/ark-curves-cherry-picked
1
0
Fork 0
mirror of https://github.com/arnaucube/ark-curves-cherry-picked.git synced 2026-01-09 07:21:30 +01:00
Code Issues Projects Releases Wiki Activity

Upgrade to work with latest ark-ff (#95)

Browse Source 
Co-authored-by: Sun <huachuang20@gmail.com>
This commit is contained in:
Pratyush Mishra
2022-03-07 13:12:03 -08:00
committed by GitHub
parent d0dc200f22
commit 1551d6d76c
231 changed files with 2830 additions and 4343 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
bn254/scripts/base_field.sage Normal file
View File

@@ -0,0 +1,28 @@
modulus = 21888242871839275222246405745257275088696311157297823662689037894645226208583
assert(modulus.is_prime())
Fp = GF(modulus)
generator = Fp(0);
for i in range(0, 20):
i = Fp(i);
neg_i = Fp(-i)
if not(i.is_primitive_root() or neg_i.is_primitive_root()):
continue
elif i.is_primitive_root():
assert(i.is_primitive_root());
print("Generator: %d" % i)
generator = i
break
else:
assert(neg_i.is_primitive_root());
print("Generator: %d" % neg_i)
generator = neg_i
break
two_adicity = valuation(modulus - 1, 2);
trace = (modulus - 1) / 2**two_adicity;
two_adic_root_of_unity = generator^trace
print("2-adic Root of Unity: %d " % two_adic_root_of_unity)

28
bn254/scripts/scalar_field.sage Normal file
View File

@@ -0,0 +1,28 @@
modulus = 21888242871839275222246405745257275088548364400416034343698204186575808495617
assert(modulus.is_prime())
Fp = GF(modulus)
generator = Fp(0);
for i in range(0, 20):
i = Fp(i);
neg_i = Fp(-i)
if not(i.is_primitive_root() or neg_i.is_primitive_root()):
continue
elif i.is_primitive_root():
assert(i.is_primitive_root());
print("Generator: %d" % i)
generator = i
break
else:
assert(neg_i.is_primitive_root());
print("Generator: %d" % neg_i)
generator = neg_i
break
two_adicity = valuation(modulus - 1, 2);
trace = (modulus - 1) / 2**two_adicity;
two_adic_root_of_unity = generator^trace
print("2-adic Root of Unity: %d " % two_adic_root_of_unity)

12
bn254/src/curves/g1.rs
View File

@@ -1,5 +1,5 @@
use ark_ec::models::{ModelParameters, SWModelParameters};
use ark_ff::{field_new, Zero};
use ark_ff::{MontFp, Zero};
use crate::{Fq, Fr};
@@ -14,15 +14,15 @@ impl ModelParameters for Parameters {
const COFACTOR: &'static [u64] = &[0x1];
/// COFACTOR_INV = COFACTOR^{-1} mod r = 1
const COFACTOR_INV: Fr = field_new!(Fr, "1");
const COFACTOR_INV: Fr = MontFp!(Fr, "1");
}
impl SWModelParameters for Parameters {
/// COEFF_A = 0
const COEFF_A: Fq = field_new!(Fq, "0");
const COEFF_A: Fq = MontFp!(Fq, "0");
/// COEFF_B = 3
const COEFF_B: Fq = field_new!(Fq, "3");
const COEFF_B: Fq = MontFp!(Fq, "3");
/// AFFINE_GENERATOR_COEFFS = (G1_GENERATOR_X, G1_GENERATOR_Y)
const AFFINE_GENERATOR_COEFFS: (Self::BaseField, Self::BaseField) =
@@ -35,7 +35,7 @@ impl SWModelParameters for Parameters {
}
/// G1_GENERATOR_X = 1
pub const G1_GENERATOR_X: Fq = field_new!(Fq, "1");
pub const G1_GENERATOR_X: Fq = MontFp!(Fq, "1");
/// G1_GENERATOR_Y = 2
pub const G1_GENERATOR_Y: Fq = field_new!(Fq, "2");
pub const G1_GENERATOR_Y: Fq = MontFp!(Fq, "2");

58
bn254/src/curves/g2.rs
View File

@@ -1,5 +1,5 @@
use ark_ec::models::{ModelParameters, SWModelParameters};
use ark_ff::{field_new, Zero};
use ark_ff::{MontFp, QuadExt, Zero};
use crate::{Fq, Fq2, Fr};
@@ -11,7 +11,7 @@ impl ModelParameters for Parameters {
type ScalarField = Fr;
/// COFACTOR = (36 * X^4) + (36 * X^3) + (30 * X^2) + 6*X + 1
/// = 21888242871839275222246405745257275088844257914179612981679871602714643921549
/// 21888242871839275222246405745257275088844257914179612981679871602714643921549
#[rustfmt::skip]
const COFACTOR: &'static [u64] = &[
0x345f2299c0f9fa8d,
@@ -21,21 +21,27 @@ impl ModelParameters for Parameters {
];
/// COFACTOR_INV = COFACTOR^{-1} mod r
#[rustfmt::skip]
const COFACTOR_INV: Fr = field_new!(Fr, "10944121435919637613327163357776759465618812564592884533313067514031822496649");
const COFACTOR_INV: Fr = MontFp!(
Fr,
"10944121435919637613327163357776759465618812564592884533313067514031822496649"
);
}
impl SWModelParameters for Parameters {
/// COEFF_A = [0, 0]
#[rustfmt::skip]
const COEFF_A: Fq2 = field_new!(Fq2, field_new!(Fq, "0"), field_new!(Fq, "0"));
const COEFF_A: Fq2 = QuadExt!(MontFp!(Fq, "0"), MontFp!(Fq, "0"));
/// COEFF_B = 3/(u+9)
/// = (19485874751759354771024239261021720505790618469301721065564631296452457478373, 266929791119991161246907387137283842545076965332900288569378510910307636690)
#[rustfmt::skip]
const COEFF_B: Fq2 = field_new!(Fq2,
field_new!(Fq, "19485874751759354771024239261021720505790618469301721065564631296452457478373"),
field_new!(Fq, "266929791119991161246907387137283842545076965332900288569378510910307636690"),
/// (19485874751759354771024239261021720505790618469301721065564631296452457478373, 266929791119991161246907387137283842545076965332900288569378510910307636690)
const COEFF_B: Fq2 = QuadExt!(
MontFp!(
Fq,
"19485874751759354771024239261021720505790618469301721065564631296452457478373"
),
MontFp!(
Fq,
"266929791119991161246907387137283842545076965332900288569378510910307636690"
),
);
/// AFFINE_GENERATOR_COEFFS = (G2_GENERATOR_X, G2_GENERATOR_Y)
@@ -48,27 +54,33 @@ impl SWModelParameters for Parameters {
}
}
#[rustfmt::skip]
pub const G2_GENERATOR_X: Fq2 = field_new!(Fq2, G2_GENERATOR_X_C0, G2_GENERATOR_X_C1);
#[rustfmt::skip]
pub const G2_GENERATOR_Y: Fq2 = field_new!(Fq2, G2_GENERATOR_Y_C0, G2_GENERATOR_Y_C1);
pub const G2_GENERATOR_X: Fq2 = QuadExt!(G2_GENERATOR_X_C0, G2_GENERATOR_X_C1);
pub const G2_GENERATOR_Y: Fq2 = QuadExt!(G2_GENERATOR_Y_C0, G2_GENERATOR_Y_C1);
/// G2_GENERATOR_X_C0 =
/// 10857046999023057135944570762232829481370756359578518086990519993285655852781
#[rustfmt::skip]
pub const G2_GENERATOR_X_C0: Fq = field_new!(Fq, "10857046999023057135944570762232829481370756359578518086990519993285655852781");
pub const G2_GENERATOR_X_C0: Fq = MontFp!(
Fq,
"10857046999023057135944570762232829481370756359578518086990519993285655852781"
);
/// G2_GENERATOR_X_C1 =
/// 11559732032986387107991004021392285783925812861821192530917403151452391805634
#[rustfmt::skip]
pub const G2_GENERATOR_X_C1: Fq = field_new!(Fq, "11559732032986387107991004021392285783925812861821192530917403151452391805634");
pub const G2_GENERATOR_X_C1: Fq = MontFp!(
Fq,
"11559732032986387107991004021392285783925812861821192530917403151452391805634"
);
/// G2_GENERATOR_Y_C0 =
/// 8495653923123431417604973247489272438418190587263600148770280649306958101930
#[rustfmt::skip]
pub const G2_GENERATOR_Y_C0: Fq = field_new!(Fq, "8495653923123431417604973247489272438418190587263600148770280649306958101930");
pub const G2_GENERATOR_Y_C0: Fq = MontFp!(
Fq,
"8495653923123431417604973247489272438418190587263600148770280649306958101930"
);
/// G2_GENERATOR_Y_C1 =
/// 4082367875863433681332203403145435568316851327593401208105741076214120093531
#[rustfmt::skip]
pub const G2_GENERATOR_Y_C1: Fq = field_new!(Fq, "4082367875863433681332203403145435568316851327593401208105741076214120093531");
pub const G2_GENERATOR_Y_C1: Fq = MontFp!(
Fq,
"4082367875863433681332203403145435568316851327593401208105741076214120093531"
);

26
bn254/src/curves/mod.rs
View File

@@ -1,9 +1,11 @@
use crate::*;
use ark_ec::{
bn,
bn::{Bn, BnParameters, TwistType},
};
use ark_ff::field_new;
use ark_ff::{MontFp, QuadExt};
use crate::*;
pub mod g1;
pub mod g2;
@@ -22,33 +24,31 @@ impl BnParameters for Parameters {
-1, 0, 0, 1, 0, 1, 1,
];
const TWIST_MUL_BY_Q_X: Fq2 = field_new!(
Fq2,
field_new!(
const TWIST_MUL_BY_Q_X: Fq2 = QuadExt!(
MontFp!(
Fq,
"21575463638280843010398324269430826099269044274347216827212613867836435027261"
),
field_new!(
MontFp!(
Fq,
"10307601595873709700152284273816112264069230130616436755625194854815875713954"
),
);
const TWIST_MUL_BY_Q_Y: Fq2 = field_new!(
Fq2,
field_new!(
const TWIST_MUL_BY_Q_Y: Fq2 = QuadExt!(
MontFp!(
Fq,
"2821565182194536844548159561693502659359617185244120367078079554186484126554"
),
field_new!(
MontFp!(
Fq,
"3505843767911556378687030309984248845540243509899259641013678093033130930403"
),
);
const TWIST_TYPE: TwistType = TwistType::D;
type Fp = Fq;
type Fp2Params = Fq2Parameters;
type Fp6Params = Fq6Parameters;
type Fp12Params = Fq12Parameters;
type Fp2Config = Fq2Config;
type Fp6Config = Fq6Config;
type Fp12Config = Fq12Config;
type G1Parameters = g1::Parameters;
type G2Parameters = g2::Parameters;
}

21
bn254/src/curves/tests.rs Normal file → Executable file
View File

@@ -1,18 +1,15 @@
#![allow(unused_imports)]
use ark_ec::{models::SWModelParameters, AffineCurve, PairingEngine, ProjectiveCurve};
use ark_ff::{
fields::{Field, FpParameters, PrimeField, SquareRootField},
One, Zero,
};
use ark_serialize::CanonicalSerialize;
use ark_std::{rand::Rng, test_rng};
use core::ops::{AddAssign, MulAssign};
use crate::{g1, g2, Bn254, Fq, Fq12, Fq2, Fr, G1Affine, G1Projective, G2Affine, G2Projective};
use ark_algebra_test_templates::{
curves::*, generate_bilinearity_test, generate_g1_test, generate_g2_test, groups::*, msm::*,
};
use ark_ec::{AffineCurve, PairingEngine};
use ark_ff::{
fields::{Field, PrimeField},
One,
};
use ark_std::{rand::Rng, test_rng};
use core::ops::MulAssign;
use crate::{g1, g2, Bn254, Fq12, Fr, G1Affine, G1Projective, G2Affine, G2Projective};
generate_g1_test!(bn254; curve_tests; sw_tests;);
generate_g2_test!(bn254; curve_tests; sw_tests;);

106
bn254/src/fields/fq.rs
View File

@@ -1,100 +1,10 @@
use ark_ff::{
biginteger::{BigInt, BigInteger256 as BigInteger},
field_new,
fields::*,
};
use ark_ff::fields::{Fp256, MontBackend, MontConfig, MontFp};
pub type Fq = Fp256<FqParameters>;
#[derive(MontConfig)]
#[modulus = "21888242871839275222246405745257275088696311157297823662689037894645226208583"]
#[generator = "3"]
pub struct FqConfig;
pub type Fq = Fp256<MontBackend<FqConfig, 4>>;
pub struct FqParameters;
impl Fp256Parameters for FqParameters {}
impl FftParameters for FqParameters {
type BigInt = BigInteger;
const TWO_ADICITY: u32 = 1;
#[rustfmt::skip]
const TWO_ADIC_ROOT_OF_UNITY: BigInteger = BigInt::new([
0x68c3488912edefaa,
0x8d087f6872aabf4f,
0x51e1a24709081231,
0x2259d6b14729c0fa,
]);
}
impl FpParameters for FqParameters {
/// MODULUS = 21888242871839275222246405745257275088696311157297823662689037894645226208583
#[rustfmt::skip]
const MODULUS: BigInteger = BigInt::new([
0x3c208c16d87cfd47,
0x97816a916871ca8d,
0xb85045b68181585d,
0x30644e72e131a029,
]);
const MODULUS_BITS: u32 = 254;
const CAPACITY: u32 = Self::MODULUS_BITS - 1;
const REPR_SHAVE_BITS: u32 = 2;
#[rustfmt::skip]
const R: BigInteger = BigInt::new([
0xd35d438dc58f0d9d,
0x0a78eb28f5c70b3d,
0x666ea36f7879462c,
0xe0a77c19a07df2f,
]);
#[rustfmt::skip]
const R2: BigInteger = BigInt::new([
0xf32cfc5b538afa89,
0xb5e71911d44501fb,
0x47ab1eff0a417ff6,
0x6d89f71cab8351f,
]);
const INV: u64 = 9786893198990664585u64;
// GENERATOR = 3
#[rustfmt::skip]
const GENERATOR: BigInteger = BigInt::new([
0x7a17caa950ad28d7,
0x1f6ac17ae15521b9,
0x334bea4e696bd284,
0x2a1f6744ce179d8e,
]);
#[rustfmt::skip]
const MODULUS_MINUS_ONE_DIV_TWO: BigInteger = BigInt::new([
0x9e10460b6c3e7ea3,
0xcbc0b548b438e546,
0xdc2822db40c0ac2e,
0x183227397098d014,
]);
// T and T_MINUS_ONE_DIV_TWO, where MODULUS - 1 = 2^S * T
// T = (MODULUS - 1) // 2^S =
// 10944121435919637611123202872628637544348155578648911831344518947322613104291
#[rustfmt::skip]
const T: BigInteger = BigInt::new([
0x9e10460b6c3e7ea3,
0xcbc0b548b438e546,
0xdc2822db40c0ac2e,
0x183227397098d014,
]);
// (T - 1) // 2 =
// 5472060717959818805561601436314318772174077789324455915672259473661306552145
#[rustfmt::skip]
const T_MINUS_ONE_DIV_TWO: BigInteger = BigInt::new([
0x4f082305b61f3f51,
0x65e05aa45a1c72a3,
0x6e14116da0605617,
0xc19139cb84c680a,
]);
}
pub const FQ_ONE: Fq = field_new!(Fq, "1");
pub const FQ_ZERO: Fq = field_new!(Fq, "0");
pub const FQ_ONE: Fq = MontFp!(Fq, "1");
pub const FQ_ZERO: Fq = MontFp!(Fq, "0");

134
bn254/src/fields/fq12.rs
View File

@@ -1,77 +1,119 @@
use super::*;
use ark_ff::{field_new, fields::*};
use ark_ff::{fields::*, CubicExt, MontFp, QuadExt};
pub type Fq12 = Fp12<Fq12Parameters>;
use crate::*;
pub type Fq12 = Fp12<Fq12Config>;
#[derive(Clone, Copy)]
pub struct Fq12Parameters;
pub struct Fq12Config;
impl Fp12Parameters for Fq12Parameters {
type Fp6Params = Fq6Parameters;
impl Fp12Config for Fq12Config {
type Fp6Config = Fq6Config;
const NONRESIDUE: Fq6 = field_new!(Fq6, FQ2_ZERO, FQ2_ONE, FQ2_ZERO);
const NONRESIDUE: Fq6 = CubicExt!(FQ2_ZERO, FQ2_ONE, FQ2_ZERO);
#[rustfmt::skip]
const FROBENIUS_COEFF_FP12_C1: &'static [Fq2] = &[
// Fp2::NONRESIDUE^(((q^0) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, "1"),
field_new!(Fq, "0"),
),
QuadExt!(MontFp!(Fq, "1"), MontFp!(Fq, "0"),),
// Fp2::NONRESIDUE^(((q^1) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, "8376118865763821496583973867626364092589906065868298776909617916018768340080"),
field_new!(Fq, "16469823323077808223889137241176536799009286646108169935659301613961712198316"),
QuadExt!(
MontFp!(
Fq,
"8376118865763821496583973867626364092589906065868298776909617916018768340080"
),
MontFp!(
Fq,
"16469823323077808223889137241176536799009286646108169935659301613961712198316"
),
),
// Fp2::NONRESIDUE^(((q^2) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, "21888242871839275220042445260109153167277707414472061641714758635765020556617"),
field_new!(Fq, "0"),
QuadExt!(
MontFp!(
Fq,
"21888242871839275220042445260109153167277707414472061641714758635765020556617"
),
MontFp!(Fq, "0"),
),
// Fp2::NONRESIDUE^(((q^3) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, "11697423496358154304825782922584725312912383441159505038794027105778954184319"),
field_new!(Fq, "303847389135065887422783454877609941456349188919719272345083954437860409601"),
QuadExt!(
MontFp!(
Fq,
"11697423496358154304825782922584725312912383441159505038794027105778954184319"
),
MontFp!(
Fq,
"303847389135065887422783454877609941456349188919719272345083954437860409601"
),
),
// Fp2::NONRESIDUE^(((q^4) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, "21888242871839275220042445260109153167277707414472061641714758635765020556616"),
field_new!(Fq, "0"),
QuadExt!(
MontFp!(
Fq,
"21888242871839275220042445260109153167277707414472061641714758635765020556616"
),
MontFp!(Fq, "0"),
),
// Fp2::NONRESIDUE^(((q^5) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, "3321304630594332808241809054958361220322477375291206261884409189760185844239"),
field_new!(Fq, "5722266937896532885780051958958348231143373700109372999374820235121374419868"),
QuadExt!(
MontFp!(
Fq,
"3321304630594332808241809054958361220322477375291206261884409189760185844239"
),
MontFp!(
Fq,
"5722266937896532885780051958958348231143373700109372999374820235121374419868"
),
),
// Fp2::NONRESIDUE^(((q^6) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, "-1"),
field_new!(Fq, "0"),
),
QuadExt!(MontFp!(Fq, "-1"), MontFp!(Fq, "0"),),
// Fp2::NONRESIDUE^(((q^7) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, "13512124006075453725662431877630910996106405091429524885779419978626457868503"),
field_new!(Fq, "5418419548761466998357268504080738289687024511189653727029736280683514010267"),
QuadExt!(
MontFp!(
Fq,
"13512124006075453725662431877630910996106405091429524885779419978626457868503"
),
MontFp!(
Fq,
"5418419548761466998357268504080738289687024511189653727029736280683514010267"
),
),
// Fp2::NONRESIDUE^(((q^8) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, "2203960485148121921418603742825762020974279258880205651966"),
field_new!(Fq, "0"),
QuadExt!(
MontFp!(
Fq,
"2203960485148121921418603742825762020974279258880205651966"
),
MontFp!(Fq, "0"),
),
// Fp2::NONRESIDUE^(((q^9) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, "10190819375481120917420622822672549775783927716138318623895010788866272024264"),
field_new!(Fq, "21584395482704209334823622290379665147239961968378104390343953940207365798982"),
QuadExt!(
MontFp!(
Fq,
"10190819375481120917420622822672549775783927716138318623895010788866272024264"
),
MontFp!(
Fq,
"21584395482704209334823622290379665147239961968378104390343953940207365798982"
),
),
// Fp2::NONRESIDUE^(((q^10) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, "2203960485148121921418603742825762020974279258880205651967"),
field_new!(Fq, "0"),
QuadExt!(
MontFp!(
Fq,
"2203960485148121921418603742825762020974279258880205651967"
),
MontFp!(Fq, "0"),
),
// Fp2::NONRESIDUE^(((q^11) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, "18566938241244942414004596690298913868373833782006617400804628704885040364344"),
field_new!(Fq, "16165975933942742336466353786298926857552937457188450663314217659523851788715"),
QuadExt!(
MontFp!(
Fq,
"18566938241244942414004596690298913868373833782006617400804628704885040364344"
),
MontFp!(
Fq,
"16165975933942742336466353786298926857552937457188450663314217659523851788715"
),
),
];
}

29
bn254/src/fields/fq2.rs
View File

@@ -1,31 +1,26 @@
use super::*;
use ark_ff::{field_new, fields::*};
use ark_ff::{fields::*, MontFp, QuadExt};
pub type Fq2 = Fp2<Fq2Parameters>;
use crate::*;
pub struct Fq2Parameters;
pub type Fq2 = Fp2<Fq2Config>;
impl Fp2Parameters for Fq2Parameters {
pub struct Fq2Config;
impl Fp2Config for Fq2Config {
type Fp = Fq;
/// NONRESIDUE = -1
#[rustfmt::skip]
const NONRESIDUE: Fq = field_new!(Fq, "-1");
const NONRESIDUE: Fq = MontFp!(Fq, "-1");
/// QUADRATIC_NONRESIDUE = U+2
#[rustfmt::skip]
const QUADRATIC_NONRESIDUE: (Fq, Fq) = (
field_new!(Fq, "2"),
field_new!(Fq, "1"),
);
const QUADRATIC_NONRESIDUE: Fq2 = QuadExt!(MontFp!(Fq, "2"), MontFp!(Fq, "1"));
/// Coefficients for the Frobenius automorphism.
#[rustfmt::skip]
const FROBENIUS_COEFF_FP2_C1: &'static [Fq] = &[
// NONRESIDUE**(((q^0) - 1) / 2)
field_new!(Fq, "1"),
MontFp!(Fq, "1"),
// NONRESIDUE**(((q^1) - 1) / 2)
field_new!(Fq, "-1"),
MontFp!(Fq, "-1"),
];
#[inline(always)]
@@ -34,5 +29,5 @@ impl Fp2Parameters for Fq2Parameters {
}
}
pub const FQ2_ZERO: Fq2 = field_new!(Fq2, FQ_ZERO, FQ_ZERO);
pub const FQ2_ONE: Fq2 = field_new!(Fq2, FQ_ONE, FQ_ZERO);
pub const FQ2_ZERO: Fq2 = QuadExt!(FQ_ZERO, FQ_ZERO);
pub const FQ2_ONE: Fq2 = QuadExt!(FQ_ONE, FQ_ZERO);

141
bn254/src/fields/fq6.rs
View File

@@ -1,82 +1,123 @@
use super::*;
use ark_ff::{field_new, fields::*};
use ark_ff::{fields::*, MontFp, QuadExt};
pub type Fq6 = Fp6<Fq6Parameters>;
use crate::*;
pub type Fq6 = Fp6<Fq6Config>;
#[derive(Clone, Copy)]
pub struct Fq6Parameters;
pub struct Fq6Config;
impl Fp6Parameters for Fq6Parameters {
type Fp2Params = Fq2Parameters;
impl Fp6Config for Fq6Config {
type Fp2Config = Fq2Config;
/// NONRESIDUE = U+9
#[rustfmt::skip]
const NONRESIDUE: Fq2 = field_new!(Fq2, field_new!(Fq, "9"), field_new!(Fq, "1"));
const NONRESIDUE: Fq2 = QuadExt!(MontFp!(Fq, "9"), MontFp!(Fq, "1"));
#[rustfmt::skip]
const FROBENIUS_COEFF_FP6_C1: &'static [Fq2] = &[
// Fp2::NONRESIDUE^(((q^0) - 1) / 3)
field_new!(Fq2,
field_new!(Fq, "1"),
field_new!(Fq, "0"),
),
QuadExt!(MontFp!(Fq, "1"), MontFp!(Fq, "0"),),
// Fp2::NONRESIDUE^(((q^1) - 1) / 3)
field_new!(Fq2,
field_new!(Fq, "21575463638280843010398324269430826099269044274347216827212613867836435027261"),
field_new!(Fq, "10307601595873709700152284273816112264069230130616436755625194854815875713954"),
QuadExt!(
MontFp!(
Fq,
"21575463638280843010398324269430826099269044274347216827212613867836435027261"
),
MontFp!(
Fq,
"10307601595873709700152284273816112264069230130616436755625194854815875713954"
),
),
// Fp2::NONRESIDUE^(((q^2) - 1) / 3)
field_new!(Fq2,
field_new!(Fq, "21888242871839275220042445260109153167277707414472061641714758635765020556616"),
field_new!(Fq, "0"),
QuadExt!(
MontFp!(
Fq,
"21888242871839275220042445260109153167277707414472061641714758635765020556616"
),
MontFp!(Fq, "0"),
),
// Fp2::NONRESIDUE^(((q^3) - 1) / 3)
field_new!(Fq2,
field_new!(Fq, "3772000881919853776433695186713858239009073593817195771773381919316419345261"),
field_new!(Fq, "2236595495967245188281701248203181795121068902605861227855261137820944008926"),
QuadExt!(
MontFp!(
Fq,
"3772000881919853776433695186713858239009073593817195771773381919316419345261"
),
MontFp!(
Fq,
"2236595495967245188281701248203181795121068902605861227855261137820944008926"
),
),
// Fp2::NONRESIDUE^(((q^4) - 1) / 3)
field_new!(Fq2,
field_new!(Fq, "2203960485148121921418603742825762020974279258880205651966"),
field_new!(Fq, "0"),
QuadExt!(
MontFp!(
Fq,
"2203960485148121921418603742825762020974279258880205651966"
),
MontFp!(Fq, "0"),
),
// Fp2::NONRESIDUE^(((q^5) - 1) / 3)
field_new!(Fq2,
field_new!(Fq, "18429021223477853657660792034369865839114504446431234726392080002137598044644"),
field_new!(Fq, "9344045779998320333812420223237981029506012124075525679208581902008406485703"),
QuadExt!(
MontFp!(
Fq,
"18429021223477853657660792034369865839114504446431234726392080002137598044644"
),
MontFp!(
Fq,
"9344045779998320333812420223237981029506012124075525679208581902008406485703"
),
),
];
#[rustfmt::skip]
const FROBENIUS_COEFF_FP6_C2: &'static [Fq2] = &[
// Fp2::NONRESIDUE^((2*(q^0) - 2) / 3)
field_new!(Fq2,
field_new!(Fq, "1"),
field_new!(Fq, "0"),
),
QuadExt!(MontFp!(Fq, "1"), MontFp!(Fq, "0"),),
// Fp2::NONRESIDUE^((2*(q^1) - 2) / 3)
field_new!(Fq2,
field_new!(Fq, "2581911344467009335267311115468803099551665605076196740867805258568234346338"),
field_new!(Fq, "19937756971775647987995932169929341994314640652964949448313374472400716661030"),
QuadExt!(
MontFp!(
Fq,
"2581911344467009335267311115468803099551665605076196740867805258568234346338"
),
MontFp!(
Fq,
"19937756971775647987995932169929341994314640652964949448313374472400716661030"
),
),
// Fp2::NONRESIDUE^((2*(q^2) - 2) / 3)
field_new!(Fq2,
field_new!(Fq, "2203960485148121921418603742825762020974279258880205651966"),
field_new!(Fq, "0"),
QuadExt!(
MontFp!(
Fq,
"2203960485148121921418603742825762020974279258880205651966"
),
MontFp!(Fq, "0"),
),
// Fp2::NONRESIDUE^((2*(q^3) - 2) / 3)
field_new!(Fq2,
field_new!(Fq, "5324479202449903542726783395506214481928257762400643279780343368557297135718"),
field_new!(Fq, "16208900380737693084919495127334387981393726419856888799917914180988844123039"),
QuadExt!(
MontFp!(
Fq,
"5324479202449903542726783395506214481928257762400643279780343368557297135718"
),
MontFp!(
Fq,
"16208900380737693084919495127334387981393726419856888799917914180988844123039"
),
),
// Fp2::NONRESIDUE^((2*(q^4) - 2) / 3)
field_new!(Fq2,
field_new!(Fq, "21888242871839275220042445260109153167277707414472061641714758635765020556616"),
field_new!(Fq, "0"),
QuadExt!(
MontFp!(
Fq,
"21888242871839275220042445260109153167277707414472061641714758635765020556616"
),
MontFp!(Fq, "0"),
),
// Fp2::NONRESIDUE^((2*(q^5) - 2) / 3)
field_new!(Fq2,
field_new!(Fq, "13981852324922362344252311234282257507216387789820983642040889267519694726527"),
field_new!(Fq, "7629828391165209371577384193250820201684255241773809077146787135900891633097"),
QuadExt!(
MontFp!(
Fq,
"13981852324922362344252311234282257507216387789820983642040889267519694726527"
),
MontFp!(
Fq,
"7629828391165209371577384193250820201684255241773809077146787135900891633097"
),
),
];
@@ -85,8 +126,8 @@ impl Fp6Parameters for Fq6Parameters {
// (c0+u*c1)*(9+u) = (9*c0-c1)+u*(9*c1+c0)
let mut f = *fe;
f.double_in_place().double_in_place().double_in_place();
let c0 = f.c0 + fe.c0 + Fq2Parameters::mul_fp_by_nonresidue(&fe.c1);
let c0 = f.c0 + fe.c0 + Fq2Config::mul_fp_by_nonresidue(&fe.c1);
let c1 = f.c1 + fe.c1 + fe.c0;
field_new!(Fq2, c0, c1)
QuadExt!(c0, c1)
}
}

108
bn254/src/fields/fr.rs
View File

@@ -1,103 +1,7 @@
use ark_ff::{
biginteger::{BigInt, BigInteger256 as BigInteger},
fields::*,
};
use ark_ff::fields::{Fp256, MontBackend, MontConfig};
pub type Fr = Fp256<FrParameters>;
pub struct FrParameters;
impl Fp256Parameters for FrParameters {}
impl FftParameters for FrParameters {
type BigInt = BigInteger;
const TWO_ADICITY: u32 = 28;
#[rustfmt::skip]
const TWO_ADIC_ROOT_OF_UNITY: BigInteger = BigInt::new([
7164790868263648668u64,
11685701338293206998u64,
6216421865291908056u64,
1756667274303109607u64,
]);
}
impl FpParameters for FrParameters {
/// MODULUS = 21888242871839275222246405745257275088548364400416034343698204186575808495617
#[rustfmt::skip]
const MODULUS: BigInteger = BigInt::new([
4891460686036598785u64,
2896914383306846353u64,
13281191951274694749u64,
3486998266802970665u64,
]);
const MODULUS_BITS: u32 = 254;
const CAPACITY: u32 = Self::MODULUS_BITS - 1;
const REPR_SHAVE_BITS: u32 = 2;
/// R = pow(2, 256) % MODULUS
/// = 6350874878119819312338956282401532410528162663560392320966563075034087161851
#[rustfmt::skip]
const R: BigInteger = BigInt::new([
12436184717236109307u64,
3962172157175319849u64,
7381016538464732718u64,
1011752739694698287u64,
]);
/// R2 = R * R % MODULUS
/// = 944936681149208446651664254269745548490766851729442924617792859073125903783
#[rustfmt::skip]
const R2: BigInteger = BigInt::new([
1997599621687373223u64,
6052339484930628067u64,
10108755138030829701u64,
150537098327114917u64,
]);
/// INV = (-MODULUS) ^ {-1} % pow(2, 64) = 14042775128853446655
const INV: u64 = 14042775128853446655u64;
/// GENERATOR = 5
#[rustfmt::skip]
const GENERATOR: BigInteger = BigInt::new([
1949230679015292902u64,
16913946402569752895u64,
5177146667339417225u64,
1571765431670520771u64,
]);
/// (MODULUS - 1)/2 =
/// 10944121435919637611123202872628637544274182200208017171849102093287904247808
#[rustfmt::skip]
const MODULUS_MINUS_ONE_DIV_TWO: BigInteger = BigInt::new([
0xa1f0fac9f8000000,
0x9419f4243cdcb848,
0xdc2822db40c0ac2e,
0x183227397098d014,
]);
// T and T_MINUS_ONE_DIV_TWO, where r - 1 = 2^s * t
/// T = (MODULUS - 1) / 2^s =
/// 81540058820840996586704275553141814055101440848469862132140264610111
#[rustfmt::skip]
const T: BigInteger = BigInt::new([
0x9b9709143e1f593f,
0x181585d2833e8487,
0x131a029b85045b68,
0x30644e72e,
]);
/// (T - 1) / 2 =
/// 40770029410420498293352137776570907027550720424234931066070132305055
#[rustfmt::skip]
const T_MINUS_ONE_DIV_TWO: BigInteger = BigInt::new([
0xcdcb848a1f0fac9f,
0x0c0ac2e9419f4243,
0x098d014dc2822db4,
0x183227397,
]);
}
#[derive(MontConfig)]
#[modulus = "21888242871839275222246405745257275088548364400416034343698204186575808495617"]
#[generator = "5"]
pub struct FrConfig;
pub type Fr = Fp256<MontBackend<FrConfig, 4>>;

56
bn254/src/fields/tests.rs
View File

@@ -1,9 +1,9 @@
use ark_algebra_test_templates::{
fields::*, generate_field_serialization_test, generate_field_test,
};
use ark_ff::{
biginteger::{BigInt, BigInteger, BigInteger256},
fields::{
fp6_3over2::Fp6Parameters, FftField, FftParameters, Field, FpParameters, PrimeField,
SquareRootField,
},
fields::{FftField, Field, Fp6Config, PrimeField, SquareRootField},
One, UniformRand, Zero,
};
use ark_serialize::{buffer_bit_byte_size, CanonicalSerialize};
@@ -13,12 +13,9 @@ use core::{
ops::{AddAssign, MulAssign, SubAssign},
};
use crate::{Fq, Fq12, Fq2, Fq6, Fq6Parameters, FqParameters, Fr};
use ark_algebra_test_templates::{
fields::*, generate_field_serialization_test, generate_field_test,
};
use crate::{Fq, Fq12, Fq2, Fq6, Fq6Config, FqConfig, Fr, FrConfig};
generate_field_test!(bn254; fq2; fq6; fq12;);
generate_field_test!(bn254; fq2; fq6; fq12; mont(4, 4); );
generate_field_serialization_test!(bn254; fq2; fq6; fq12;);
#[test]
@@ -28,14 +25,14 @@ fn test_fq_repr_from() {
#[test]
fn test_fq_repr_is_odd() {
assert!(!BigInteger256::from(0).is_odd());
assert!(BigInteger256::from(0).is_even());
assert!(BigInteger256::from(1).is_odd());
assert!(!BigInteger256::from(1).is_even());
assert!(!BigInteger256::from(324834872).is_odd());
assert!(BigInteger256::from(324834872).is_even());
assert!(BigInteger256::from(324834873).is_odd());
assert!(!BigInteger256::from(324834873).is_even());
assert!(!BigInteger256::from(0u64).is_odd());
assert!(BigInteger256::from(0u64).is_even());
assert!(BigInteger256::from(1u64).is_odd());
assert!(!BigInteger256::from(1u64).is_even());
assert!(!BigInteger256::from(324834872u64).is_odd());
assert!(BigInteger256::from(324834872u64).is_even());
assert!(BigInteger256::from(324834873u64).is_odd());
assert!(!BigInteger256::from(324834873u64).is_even());
}
#[test]
@@ -47,9 +44,9 @@ fn test_fq_repr_is_zero() {
#[test]
fn test_fq_repr_num_bits() {
let mut a = BigInteger256::from(0);
let mut a = BigInteger256::from(0u64);
assert_eq!(0, a.num_bits());
a = BigInteger256::from(1);
a = BigInteger256::from(1u64);
for i in 1..257 {
assert_eq!(i, a.num_bits());
a.mul2();
@@ -59,34 +56,33 @@ fn test_fq_repr_num_bits() {
#[test]
fn test_fq_num_bits() {
assert_eq!(FqParameters::MODULUS_BITS, 254);
assert_eq!(FqParameters::CAPACITY, 253);
assert_eq!(Fq::MODULUS_BIT_SIZE, 254);
}
#[test]
fn test_fq_root_of_unity() {
assert_eq!(FqParameters::TWO_ADICITY, 1);
assert_eq!(Fq::TWO_ADICITY, 1);
assert_eq!(
Fq::multiplicative_generator().pow([
Fq::GENERATOR.pow([
0x9e10460b6c3e7ea3,
0xcbc0b548b438e546,
0xdc2822db40c0ac2e,
0x183227397098d014,
]),
Fq::two_adic_root_of_unity()
Fq::TWO_ADIC_ROOT_OF_UNITY
);
assert_eq!(
Fq::two_adic_root_of_unity().pow([1 << FqParameters::TWO_ADICITY]),
Fq::TWO_ADIC_ROOT_OF_UNITY.pow([1 << Fq::TWO_ADICITY]),
Fq::one()
);
assert!(Fq::multiplicative_generator().sqrt().is_none());
assert!(Fq::GENERATOR.sqrt().is_none());
}
#[test]
fn test_fq_ordering() {
// BigInteger256's ordering is well-tested, but we still need to make sure the
// Fq elements aren't being compared in Montgomery form.
for i in 0..100 {
for i in 0..100u64 {
assert!(Fq::from(BigInteger256::from(i + 1)) > Fq::from(BigInteger256::from(i)));
}
}
@@ -99,11 +95,11 @@ fn test_fq_legendre() {
assert_eq!(Zero, Fq::zero().legendre());
assert_eq!(
QuadraticResidue,
Fq::from(BigInteger256::from(4)).legendre()
Fq::from(BigInteger256::from(4u64)).legendre()
);
assert_eq!(
QuadraticNonResidue,
Fq::from(BigInteger256::from(5)).legendre()
Fq::from(BigInteger256::from(5u64)).legendre()
);
}
@@ -144,7 +140,7 @@ fn test_fq2_legendre() {
// i^2 = -1
let mut m1 = -Fq2::one();
assert_eq!(QuadraticResidue, m1.legendre());
m1 = Fq6Parameters::mul_fp2_by_nonresidue(&m1);
m1 = Fq6Config::mul_fp2_by_nonresidue(&m1);
assert_eq!(QuadraticNonResidue, m1.legendre());
}

11
bn254/src/lib.rs Normal file → Executable file
View File

@@ -20,14 +20,17 @@
//!
//!
//! Curve information:
//! * Base field: q = 21888242871839275222246405745257275088696311157297823662689037894645226208583
//! * Scalar field: r = 21888242871839275222246405745257275088548364400416034343698204186575808495617
//! * Base field: q =
//! 21888242871839275222246405745257275088696311157297823662689037894645226208583
//! * Scalar field: r =
//! 21888242871839275222246405745257275088548364400416034343698204186575808495617
//! * valuation(q - 1, 2) = 1
//! * valuation(r - 1, 2) = 28
//! * G1 curve equation: y^2 = x^3 + 3
//! * G2 curve equation: y^2 = x^3 + B, where
//! * B = 3/(u+9) where Fq2 is represented as Fq\[u\]/(u^2+1)
//! = Fq2(19485874751759354771024239261021720505790618469301721065564631296452457478373, 266929791119991161246907387137283842545076965332900288569378510910307636690)
//! * B = 3/(u+9) where Fq2 is represented as Fq\[u\]/(u^2+1) =
//! Fq2(19485874751759354771024239261021720505790618469301721065564631296452457478373,
//! 266929791119991161246907387137283842545076965332900288569378510910307636690)
#[cfg(feature = "curve")]
mod curves;