Use Scott's subgroup membership tests for G1 and G2 of BLS12-381. (#74)

* implementation of the fast subgroup check for bls12_381 * add a bench * subgroup check for g1 * subgroup check modifications * remove useless test * fmt * need the last version of arkworks/algebra * remove Parameters0 * using projective points is more efficient * use of projective coordinates in G2 * fmt * documentation on the constants and the psi function * references for algorithms of eprint 2021/1130 * fmt * sed ^ ** * minor improvement * fmt * fix Cargo toml * nits * some cleanup for g1 * add the beta test back * fmt * g2 * changelog * add a note on the Cargo.toml * nits * avoid variable name conflicts * add the early-out optimization Co-authored-by: weikeng <w.k@berkeley.edu>
2026-01-27 14:13:46 +01:00 · 2021-09-25 19:34:13 +02:00
parent b5c2d8eba3
commit 2118e14b6a
6 changed files with 196 additions and 4 deletions
--- a/bls12_381/src/curves/tests.rs
+++ b/bls12_381/src/curves/tests.rs
@@ -1,8 +1,12 @@
 #![allow(unused_imports)]
-use ark_ec::{models::SWModelParameters, AffineCurve, PairingEngine, ProjectiveCurve};
+use ark_ec::{
+    models::SWModelParameters,
+    short_weierstrass_jacobian::{GroupAffine, GroupProjective},
+    AffineCurve, PairingEngine, ProjectiveCurve,
+};
 use ark_ff::{
    fields::{Field, FpParameters, PrimeField, SquareRootField},
-    One, Zero,
+    BitIteratorBE, One, UniformRand, Zero,
 };
 use ark_serialize::CanonicalSerialize;
 use ark_std::rand::Rng;
@@ -11,6 +15,7 @@ use core::ops::{AddAssign, MulAssign};

 use crate::{g1, g2, Bls12_381, Fq, Fq12, Fq2, Fr, G1Affine, G1Projective, G2Affine, G2Projective};
 use ark_algebra_test_templates::{curves::*, groups::*};
+use ark_ec::group::Group;

 #[test]
 fn test_g1_projective_curve() {
@@ -115,3 +120,54 @@ fn test_g1_generator_raw() {
        x.add_assign(&Fq::one());
    }
 }
+
+#[test]
+fn test_g1_endomorphism_beta() {
+    assert!(g1::BETA.pow(&[3u64]).is_one());
+}
+
+#[test]
+fn test_g1_subgroup_membership_via_endomorphism() {
+    let mut rng = test_rng();
+    let generator = G1Projective::rand(&mut rng).into_affine();
+    assert!(generator.is_in_correct_subgroup_assuming_on_curve());
+}
+
+#[test]
+fn test_g1_subgroup_non_membership_via_endomorphism() {
+    let mut rng = test_rng();
+    loop {
+        let x = Fq::rand(&mut rng);
+        let greatest = rng.gen();
+
+        if let Some(p) = G1Affine::get_point_from_x(x, greatest) {
+            if !p.into_projective().mul(Fr::characteristic()).is_zero() {
+                assert!(!p.is_in_correct_subgroup_assuming_on_curve());
+                return;
+            }
+        }
+    }
+}
+
+#[test]
+fn test_g2_subgroup_membership_via_endomorphism() {
+    let mut rng = test_rng();
+    let generator = G2Projective::rand(&mut rng).into_affine();
+    assert!(generator.is_in_correct_subgroup_assuming_on_curve());
+}
+
+#[test]
+fn test_g2_subgroup_non_membership_via_endomorphism() {
+    let mut rng = test_rng();
+    loop {
+        let x = Fq2::rand(&mut rng);
+        let greatest = rng.gen();
+
+        if let Some(p) = G2Affine::get_point_from_x(x, greatest) {
+            if !p.into_projective().mul(Fr::characteristic()).is_zero() {
+                assert!(!p.is_in_correct_subgroup_assuming_on_curve());
+                return;
+            }
+        }
+    }
+}