Upgrade to work with latest ark-ff (#95)

Co-authored-by: Sun <huachuang20@gmail.com>
2026-01-09 07:21:30 +01:00 · 2022-03-07 13:12:03 -08:00
parent d0dc200f22
commit 1551d6d76c
231 changed files with 2830 additions and 4343 deletions
--- a/ed_on_bn254/scripts/base_field.sage
+++ b/ed_on_bn254/scripts/base_field.sage
@@ -0,0 +1,28 @@
+modulus = 21888242871839275222246405745257275088548364400416034343698204186575808495617
+
+assert(modulus.is_prime())
+
+Fp = GF(modulus)
+
+generator = Fp(0);
+for i in range(0, 20):
+    i = Fp(i);
+    neg_i = Fp(-i)
+    if not(i.is_primitive_root() or neg_i.is_primitive_root()):
+        continue
+    elif i.is_primitive_root():
+        assert(i.is_primitive_root());
+        print("Generator: %d" % i)
+        generator = i
+        break
+    else:
+        assert(neg_i.is_primitive_root());
+        print("Generator: %d" % neg_i)
+        generator = neg_i
+        break
+
+
+two_adicity = valuation(modulus - 1, 2);
+trace = (modulus - 1) / 2**two_adicity;
+two_adic_root_of_unity = generator^trace
+print("2-adic Root of Unity: %d " % two_adic_root_of_unity)
--- a/ed_on_bn254/scripts/scalar_field.sage
+++ b/ed_on_bn254/scripts/scalar_field.sage
@@ -0,0 +1,28 @@
+modulus = 2736030358979909402780800718157159386076813972158567259200215660948447373041
+
+assert(modulus.is_prime())
+
+Fp = GF(modulus)
+
+generator = Fp(0);
+for i in range(0, 40):
+    i = Fp(i);
+    neg_i = Fp(-i)
+    if not(i.is_primitive_root() or neg_i.is_primitive_root()):
+        continue
+    elif i.is_primitive_root():
+        assert(i.is_primitive_root());
+        print("Generator: %d" % i)
+        generator = i
+        break
+    else:
+        assert(neg_i.is_primitive_root());
+        print("Generator: %d" % neg_i)
+        generator = neg_i
+        break
+
+
+two_adicity = valuation(modulus - 1, 2);
+trace = (modulus - 1) / 2**two_adicity;
+two_adic_root_of_unity = generator^trace
+print("2-adic Root of Unity: %d " % two_adic_root_of_unity)
--- a/ed_on_bn254/src/constraints/curves.rs
+++ b/ed_on_bn254/src/constraints/curves.rs
@@ -1,7 +1,6 @@
-use crate::*;
 use ark_r1cs_std::groups::curves::twisted_edwards::AffineVar;

-use crate::constraints::FqVar;
+use crate::{constraints::FqVar, *};

 /// A variable that is the R1CS equivalent of `crate::EdwardsAffine`.
 pub type EdwardsVar = AffineVar<EdwardsParameters, FqVar>;
--- a/ed_on_bn254/src/curves/mod.rs
+++ b/ed_on_bn254/src/curves/mod.rs
@@ -1,9 +1,10 @@
-use crate::{Fq, Fr};
 use ark_ec::{
    models::{ModelParameters, MontgomeryModelParameters, TEModelParameters},
    twisted_edwards_extended::{GroupAffine, GroupProjective},
 };
-use ark_ff::field_new;
+use ark_ff::MontFp;
+
+use crate::{Fq, Fr};

 #[cfg(test)]
 mod tests;
@@ -18,7 +19,6 @@ pub type EdwardsProjective = GroupProjective<EdwardsParameters>;
 /// Baby-JubJub's curve equation: x² + y² = 1 + (168696/168700)x²y²
 ///
 /// q = 21888242871839275222246405745257275088548364400416034343698204186575808495617
-///
 #[derive(Clone, Default, PartialEq, Eq)]
 pub struct EdwardsParameters;

@@ -31,14 +31,15 @@ impl ModelParameters for EdwardsParameters {

    /// COFACTOR^(-1) mod r =
    /// 2394026564107420727433200628387514462817212225638746351800188703329891451411
-    #[rustfmt::skip]
-    const COFACTOR_INV: Fr = field_new!(Fr, "2394026564107420727433200628387514462817212225638746351800188703329891451411");
+    const COFACTOR_INV: Fr = MontFp!(
+        Fr,
+        "2394026564107420727433200628387514462817212225638746351800188703329891451411"
+    );
 }

 impl TEModelParameters for EdwardsParameters {
    /// COEFF_A = 1
-    #[rustfmt::skip]
-    const COEFF_A: Fq = field_new!(Fq, "1");
+    const COEFF_A: Fq = MontFp!(Fq, "1");

    #[inline(always)]
    fn mul_by_a(elem: &Self::BaseField) -> Self::BaseField {
@@ -47,8 +48,10 @@ impl TEModelParameters for EdwardsParameters {

    /// COEFF_D = 168696/168700 mod q
    ///         = 9706598848417545097372247223557719406784115219466060233080913168975159366771
-    #[rustfmt::skip]
-    const COEFF_D: Fq = field_new!(Fq, "9706598848417545097372247223557719406784115219466060233080913168975159366771");
+    const COEFF_D: Fq = MontFp!(
+        Fq,
+        "9706598848417545097372247223557719406784115219466060233080913168975159366771"
+    );

    /// AFFINE_GENERATOR_COEFFS = (GENERATOR_X, GENERATOR_Y)
    const AFFINE_GENERATOR_COEFFS: (Self::BaseField, Self::BaseField) = (GENERATOR_X, GENERATOR_Y);
@@ -58,16 +61,19 @@ impl TEModelParameters for EdwardsParameters {

 impl MontgomeryModelParameters for EdwardsParameters {
    /// COEFF_A = 168698
-    #[rustfmt::skip]
-    const COEFF_A: Fq = field_new!(Fq, "168698");
+    const COEFF_A: Fq = MontFp!(Fq, "168698");
    /// COEFF_B = 168700
-    #[rustfmt::skip]
-    const COEFF_B: Fq = field_new!(Fq, "168700");
+    const COEFF_B: Fq = MontFp!(Fq, "168700");

    type TEModelParameters = EdwardsParameters;
 }

-#[rustfmt::skip]
-const GENERATOR_X: Fq = field_new!(Fq, "19698561148652590122159747500897617769866003486955115824547446575314762165298");
-#[rustfmt::skip]
-const GENERATOR_Y: Fq = field_new!(Fq, "19298250018296453272277890825869354524455968081175474282777126169995084727839");
+const GENERATOR_X: Fq = MontFp!(
+    Fq,
+    "19698561148652590122159747500897617769866003486955115824547446575314762165298"
+);
+
+const GENERATOR_Y: Fq = MontFp!(
+    Fq,
+    "19298250018296453272277890825869354524455968081175474282777126169995084727839"
+);
--- a/ed_on_bn254/src/curves/tests.rs
+++ b/ed_on_bn254/src/curves/tests.rs
@@ -1,13 +1,10 @@
+use ark_algebra_test_templates::{curves::*, groups::*};
 use ark_ec::{AffineCurve, ProjectiveCurve};
 use ark_ff::{bytes::FromBytes, Zero};
-use ark_std::rand::Rng;
-use ark_std::str::FromStr;
-use ark_std::test_rng;
+use ark_std::{rand::Rng, str::FromStr, test_rng};

 use crate::*;

-use ark_algebra_test_templates::{curves::*, groups::*};
-
 #[test]
 fn test_projective_curve() {
    curve_tests::<EdwardsProjective>();
--- a/ed_on_bn254/src/fields/fq.rs
+++ b/ed_on_bn254/src/fields/fq.rs
@@ -1 +1 @@
-pub use ark_bn254::{Fr as Fq, FrParameters as FqParameters};
+pub use ark_bn254::{Fr as Fq, FrConfig as FqConfig};
--- a/ed_on_bn254/src/fields/fr.rs
+++ b/ed_on_bn254/src/fields/fr.rs
@@ -1,87 +1,7 @@
-use ark_ff::{
-    biginteger::{BigInt, BigInteger256 as BigInteger},
-    fields::{FftParameters, Fp256, Fp256Parameters, FpParameters},
-};
+use ark_ff::fields::{Fp256, MontBackend, MontConfig};

-pub type Fr = Fp256<FrParameters>;
-
-pub struct FrParameters;
-
-impl Fp256Parameters for FrParameters {}
-impl FftParameters for FrParameters {
-    type BigInt = BigInteger;
-
-    const TWO_ADICITY: u32 = 4;
-
-    #[rustfmt::skip]
-    const TWO_ADIC_ROOT_OF_UNITY: BigInteger = BigInt::new([
-        0x1721ada8d4d27255,
-        0xcda0f5264e0e35bb,
-        0x961a936922086fe6,
-        0x1ab00857387dd52,
-    ]);
-}
-impl FpParameters for FrParameters {
-    /// MODULUS = 2736030358979909402780800718157159386076813972158567259200215660948447373041
-    #[rustfmt::skip]
-    const MODULUS: BigInteger = BigInt::new([
-        0x677297dc392126f1,
-        0xab3eedb83920ee0a,
-        0x370a08b6d0302b0b,
-        0x60c89ce5c263405,
-    ]);
-
-    const MODULUS_BITS: u32 = 251;
-
-    const CAPACITY: u32 = Self::MODULUS_BITS - 1;
-
-    const REPR_SHAVE_BITS: u32 = 5;
-
-    #[rustfmt::skip]
-    const R: BigInteger = BigInt::new([
-        0x073315dea08f9c76,
-        0xe7acffc6a098f24b,
-        0xf85a9201d818f015,
-        0x1f16424e1bb7724,
-    ]);
-
-    #[rustfmt::skip]
-    const R2: BigInteger = BigInt::new([
-        0x35e44abee7ecb21e,
-        0x74646cacf5f84ec4,
-        0xe472df203faa158f,
-        0x445b524f1ba50a8,
-    ]);
-
-    const INV: u64 = 0x532ce5aebc48f5ef;
-
-    #[rustfmt::skip]
-    /// GENERATOR = 31
-    const GENERATOR: BigInteger = BigInt::new([
-        0x3c284f376f3993d1,
-        0x08bc9d93705cf8b8,
-        0x239d5fcbd9538f3e,
-        0x5ca4836185b994b,
-    ]);
-
-    const MODULUS_MINUS_ONE_DIV_TWO: BigInteger = BigInt::new([
-        0x33b94bee1c909378,
-        0xd59f76dc1c907705,
-        0x9b85045b68181585,
-        0x30644e72e131a02,
-    ]);
-
-    const T: BigInteger = BigInt::new([
-        0xa677297dc392126f,
-        0xbab3eedb83920ee0,
-        0x5370a08b6d0302b0,
-        0x60c89ce5c26340,
-    ]);
-
-    const T_MINUS_ONE_DIV_TWO: BigInteger = BigInt::new([
-        0x533b94bee1c90937,
-        0x5d59f76dc1c90770,
-        0x29b85045b6818158,
-        0x30644e72e131a0,
-    ]);
-}
+#[derive(MontConfig)]
+#[modulus = "2736030358979909402780800718157159386076813972158567259200215660948447373041"]
+#[generator = "31"]
+pub struct FrConfig;
+pub type Fr = Fp256<MontBackend<FrConfig, 4>>;
--- a/ed_on_bn254/src/fields/mod.rs
+++ b/ed_on_bn254/src/fields/mod.rs
@@ -4,5 +4,5 @@ pub mod fr;
 pub use fq::*;
 pub use fr::*;

-#[cfg(all(feature = "ed_on_bn254", test))]
+#[cfg(test)]
 mod tests;
--- a/ed_on_bn254/src/fields/tests.rs
+++ b/ed_on_bn254/src/fields/tests.rs
@@ -1,34 +1,20 @@
-use crate::{Fq, Fr};
+use ark_algebra_test_templates::{
+    fields::*, generate_field_serialization_test, generate_field_test,
+};
 use ark_ff::{
    biginteger::BigInteger256 as BigInteger,
    bytes::{FromBytes, ToBytes},
-    fields::{Field, LegendreSymbol::*, SquareRootField},
-    One, Zero,
+    fields::{Field, LegendreSymbol::*, PrimeField, SquareRootField},
+    One, UniformRand, Zero,
 };
-use ark_std::test_rng;
+use ark_serialize::{buffer_bit_byte_size, CanonicalSerialize};
+use ark_std::{rand::Rng, str::FromStr, test_rng};
+use core::ops::{AddAssign, MulAssign, SubAssign};

-use ark_algebra_test_templates::fields::*;
+use crate::{Fq, FqConfig, Fr, FrConfig};

-use ark_std::rand::Rng;
-use ark_std::str::FromStr;
-
-#[test]
-fn test_fr() {
-    let mut rng = test_rng();
-    let a: Fr = rng.gen();
-    let b: Fr = rng.gen();
-    field_test(a, b);
-    primefield_test::<Fr>();
-}
-
-#[test]
-fn test_fq() {
-    let mut rng = test_rng();
-    let a: Fq = rng.gen();
-    let b: Fq = rng.gen();
-    field_test(a, b);
-    primefield_test::<Fq>();
-}
+generate_field_test!(ed_on_bn254; mont(4, 4); );
+generate_field_serialization_test!(ed_on_bn254;);

 #[test]
 fn test_fq_add() {
@@ -149,22 +135,6 @@ fn test_fq_sub() {
    assert_eq!(f1 - &f2, f3);
 }

-#[test]
-fn test_fq_double_in_place() {
-    let mut f1 = Fq::from_str(
-        "29729289787452206300641229002276778748586801323231253291984198106063944136114",
-    )
-    .unwrap();
-    let f3 = Fq::from_str(
-        "15682093831225862156789646514039007320076873845630437896571987838976271280994",
-    )
-    .unwrap();
-    assert!(!f1.is_zero());
-    assert!(!f3.is_zero());
-    f1.double_in_place();
-    assert_eq!(f1, f3);
-}
-
 #[test]
 fn test_fq_double_in_place_thrice() {
    let mut f1 = Fq::from_str(
@@ -276,22 +246,9 @@ fn test_fq_square_in_place() {
    assert_eq!(f1, f3);
 }

-#[test]
-fn test_fq_sqrt() {
-    let f1 = Fq::from_str(
-        "5830207146824777307592559303161432403393380070279905260050870500920682305217",
-    )
-    .unwrap();
-    let f3 = Fq::from_str(
-        "2108183130040740552565127577293974960058698876185401671087892009247563211475",
-    )
-    .unwrap();
-    assert_eq!(f1.sqrt().unwrap(), f3);
-}
-
 #[test]
 fn test_fq_from_str() {
-    let f1_from_repr = Fq::from(BigInteger([
+    let f1_from_repr = Fq::from(BigInteger::new([
        0xab8a2535947d1a77,
        0x9ba74cbfda0bbcda,
        0xe928b59724d60baf,
@@ -301,7 +258,7 @@ fn test_fq_from_str() {
        "13026376210409056429264774981357153555336288129100724591327877625017068755575",
    )
    .unwrap();
-    let f2_from_repr = Fq::from(BigInteger([
+    let f2_from_repr = Fq::from(BigInteger::new([
        0x97e9103775d2f35c,
        0xbe6756b6c587544b,
        0x6ee38c3afd88ef4b,
@@ -320,14 +277,14 @@ fn test_fq_legendre() {
    assert_eq!(QuadraticResidue, Fq::one().legendre());
    assert_eq!(Zero, Fq::zero().legendre());

-    let e = BigInteger([
+    let e = BigInteger::new([
        0x2e8de1a676c03be8,
        0x73350d34fe25a560,
        0x7ea085919029688e,
        0x1d0868cb993cf28,
    ]);
    assert_eq!(QuadraticResidue, Fq::from(e).legendre());
-    let e = BigInteger([
+    let e = BigInteger::new([
        0x891d8cc23c8d0706,
        0xe91800e007db2698,
        0xfff380321e9ac7a7,
@@ -338,7 +295,7 @@ fn test_fq_legendre() {

 #[test]
 fn test_fq_bytes() {
-    let f1_from_repr = Fq::from(BigInteger([
+    let f1_from_repr = Fq::from(BigInteger::new([
        0xab8a2535947d1a77,
        0x9ba74cbfda0bbcda,
        0xe928b59724d60baf,
@@ -354,19 +311,19 @@ fn test_fq_bytes() {

 #[test]
 fn test_fr_add() {
-    let f1 = Fr::from(BigInteger([
+    let f1 = Fr::from(BigInteger::new([
        0xccfc9a195e0f5c46,
        0xaed4874d13fb1285,
        0x27368f86ca2848eb,
        0x4f8adcfeb44fccc,
    ]));
-    let f2 = Fr::from(BigInteger([
+    let f2 = Fr::from(BigInteger::new([
        0x661ff05bf8570851,
        0x1b171f4c59be97ef,
        0x5d2ce7f9b4d701f3,
        0x1e0e794623e0f68,
    ]));
-    let f3 = Fr::from(BigInteger([
+    let f3 = Fr::from(BigInteger::new([
        0xcba9f2991d453da6,
        0x1eacb8e13498bc6a,
        0x4d596ec9aecf1fd3,
@@ -377,19 +334,19 @@ fn test_fr_add() {

 #[test]
 fn test_fr_mul() {
-    let f1 = Fr::from(BigInteger([
+    let f1 = Fr::from(BigInteger::new([
        0xc2964d2dd5fb980f,
        0xbab64d599c57e496,
        0x39cae13e7d1d4f78,
        0x1aa995aa4de205c,
    ]));
-    let f2 = Fr::from(BigInteger([
+    let f2 = Fr::from(BigInteger::new([
        0xc256e720cd43533b,
        0x3bfbadf6247e13bb,
        0x94c3d63a53714f63,
        0x10f8a7bf74efd57,
    ]));
-    let f3 = Fr::from(BigInteger([
+    let f3 = Fr::from(BigInteger::new([
        0x5eac88be41e0e1fd,
        0x57aab36675b11e24,
        0x835582d896b4d13f,
@@ -399,7 +356,7 @@ fn test_fr_mul() {
 }
 #[test]
 fn test_fr_bytes() {
-    let f1_from_repr = Fr::from(BigInteger([
+    let f1_from_repr = Fr::from(BigInteger::new([
        0xc81265fb4130fe0c,
        0xb308836c14e22279,
        0x699e887f96bff372,
@@ -415,7 +372,7 @@ fn test_fr_bytes() {

 #[test]
 fn test_fr_from_str() {
-    let f100_from_repr = Fr::from(BigInteger([0x64, 0, 0, 0]));
+    let f100_from_repr = Fr::from(BigInteger::new([0x64, 0, 0, 0]));
    let f100 = Fr::from_str("100").unwrap();
    assert_eq!(f100_from_repr, f100);
 }
--- a/ed_on_bn254/src/lib.rs
+++ b/ed_on_bn254/src/lib.rs
@@ -8,19 +8,21 @@
 )]
 #![forbid(unsafe_code)]

-//! This library implements a twisted Edwards curve whose base field is the scalar field of the
-//! curve BN254. This allows defining cryptographic primitives that use elliptic curves over
-//! the scalar field of the latter curve. This curve is also known as [Baby-Jubjub](https://github.com/barryWhiteHat/baby_jubjub).
+//! This library implements a twisted Edwards curve whose base field is the
+//! scalar field of the curve BN254. This allows defining cryptographic
+//! primitives that use elliptic curves over the scalar field of the latter curve. This curve is also known as [Baby-Jubjub](https://github.com/barryWhiteHat/baby_jubjub).
 //!
 //! Curve information:
-//! * Base field: q = 21888242871839275222246405745257275088548364400416034343698204186575808495617
-//! * Scalar field: r = 2736030358979909402780800718157159386076813972158567259200215660948447373041
+//! * Base field: q =
+//!   21888242871839275222246405745257275088548364400416034343698204186575808495617
+//! * Scalar field: r =
+//!   2736030358979909402780800718157159386076813972158567259200215660948447373041
 //! * Valuation(q - 1, 2) = 28
 //! * Valuation(r - 1, 2) = 4
 //! * Curve equation: ax^2 + y^2 =1 + dx^2y^2, where
 //!    * a = 1
-//!    * d = 168696/168700 mod q
-//!        = 9706598848417545097372247223557719406784115219466060233080913168975159366771
+//!    * d = 168696/168700 mod q =
+//!      9706598848417545097372247223557719406784115219466060233080913168975159366771

 #[cfg(feature = "r1cs")]
 pub mod constraints;