From 3af6ec17d6de844d5be66b8d081c0c109227ad26 Mon Sep 17 00:00:00 2001
From: Weikeng Chen <w.k@berkeley.edu>
Date: Sat, 3 Sep 2022 12:32:28 -0700
Subject: [PATCH] Fix Bandersnatch parameters and the constraint tests (#119)

Co-authored-by: onewayfunc <onewayfunc@gmail.com>
---
 bls12_377/src/constraints/mod.rs               | 4 ++--
 ed_on_bls12_381_bandersnatch/src/curves/mod.rs | 6 +++---
 mnt4_298/src/constraints/mod.rs                | 4 ++--
 mnt4_753/src/constraints/mod.rs                | 4 ++--
 mnt6_298/src/constraints/mod.rs                | 4 ++--
 mnt6_753/src/constraints/mod.rs                | 4 ++--
 6 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/bls12_377/src/constraints/mod.rs b/bls12_377/src/constraints/mod.rs
index a67838f..db99c86 100644
--- a/bls12_377/src/constraints/mod.rs
+++ b/bls12_377/src/constraints/mod.rs
@@ -106,7 +106,7 @@
 //! ```
 //! # fn main() -> Result<(), ark_relations::r1cs::SynthesisError> {
 //! # use ark_std::UniformRand;
-//! # use ark_ec::PairingEngine;
+//! # use ark_ec::pairing::Pairing;
 //! # use ark_relations::r1cs::*;
 //! # use ark_r1cs_std::prelude::*;
 //! # use ark_bls12_377::{*, constraints::*};
@@ -135,7 +135,7 @@
 //! let pairing_result = constraints::PairingVar::pairing(a_prep, b_prep)?;
 //!
 //! // Check that the value of &a + &b is correct.
-//! assert_eq!(pairing_result.value()?, pairing_result_native);
+//! assert_eq!(pairing_result.value()?, pairing_result_native.0);
 //!
 //! // Check that operations on variables and constants are equivalent.
 //! let a_prep_const = constraints::PairingVar::prepare_g1(&a_const)?;
diff --git a/ed_on_bls12_381_bandersnatch/src/curves/mod.rs b/ed_on_bls12_381_bandersnatch/src/curves/mod.rs
index e21c665..14d3af8 100644
--- a/ed_on_bls12_381_bandersnatch/src/curves/mod.rs
+++ b/ed_on_bls12_381_bandersnatch/src/curves/mod.rs
@@ -17,10 +17,10 @@ pub type SWAffine = short_weierstrass::Affine<BandersnatchParameters>;
 pub type SWProjective = short_weierstrass::Projective<BandersnatchParameters>;
 
 /// `bandersnatch` is an incomplete twisted Edwards curve. These curves have equations of
-/// the form: ax² + y² = 1 - dx²y².
+/// the form: ax² + y² = 1 + dx²y².
 /// over some base finite field Fq.
 ///
-/// bandersnatch's curve equation: -5x² + y² = 1 - dx²y²
+/// bandersnatch's curve equation: -5x² + y² = 1 + dx²y²
 ///
 /// q = 52435875175126190479447740508185965837690552500527637822603658699938581184513.
 ///
@@ -84,7 +84,7 @@ impl TECurveConfig for BandersnatchParameters {
     /// Multiplication by `a` is multiply by `-5`.
     #[inline(always)]
     fn mul_by_a(elem: Self::BaseField) -> Self::BaseField {
-        elem.double().double() * elem
+        -(elem.double().double() + elem)
     }
 }
 
diff --git a/mnt4_298/src/constraints/mod.rs b/mnt4_298/src/constraints/mod.rs
index 4891908..8bdff48 100644
--- a/mnt4_298/src/constraints/mod.rs
+++ b/mnt4_298/src/constraints/mod.rs
@@ -106,7 +106,7 @@
 //! ```
 //! # fn main() -> Result<(), ark_relations::r1cs::SynthesisError> {
 //! # use ark_std::UniformRand;
-//! # use ark_ec::PairingEngine;
+//! # use ark_ec::pairing::Pairing;
 //! # use ark_relations::r1cs::*;
 //! # use ark_r1cs_std::prelude::*;
 //! # use ark_mnt4_298::{*, constraints::*};
@@ -135,7 +135,7 @@
 //! let pairing_result = constraints::PairingVar::pairing(a_prep, b_prep)?;
 //!
 //! // Check that the value of &a + &b is correct.
-//! assert_eq!(pairing_result.value()?, pairing_result_native);
+//! assert_eq!(pairing_result.value()?, pairing_result_native.0);
 //!
 //! // Check that operations on variables and constants are equivalent.
 //! let a_prep_const = constraints::PairingVar::prepare_g1(&a_const)?;
diff --git a/mnt4_753/src/constraints/mod.rs b/mnt4_753/src/constraints/mod.rs
index 4744e4c..707173b 100644
--- a/mnt4_753/src/constraints/mod.rs
+++ b/mnt4_753/src/constraints/mod.rs
@@ -106,7 +106,7 @@
 //! ```
 //! # fn main() -> Result<(), ark_relations::r1cs::SynthesisError> {
 //! # use ark_std::UniformRand;
-//! # use ark_ec::PairingEngine;
+//! # use ark_ec::pairing::Pairing;
 //! # use ark_relations::r1cs::*;
 //! # use ark_r1cs_std::prelude::*;
 //! # use ark_mnt4_753::{*, constraints::*};
@@ -135,7 +135,7 @@
 //! let pairing_result = constraints::PairingVar::pairing(a_prep, b_prep)?;
 //!
 //! // Check that the value of &a + &b is correct.
-//! assert_eq!(pairing_result.value()?, pairing_result_native);
+//! assert_eq!(pairing_result.value()?, pairing_result_native.0);
 //!
 //! // Check that operations on variables and constants are equivalent.
 //! let a_prep_const = constraints::PairingVar::prepare_g1(&a_const)?;
diff --git a/mnt6_298/src/constraints/mod.rs b/mnt6_298/src/constraints/mod.rs
index 0092567..0ae8ee0 100644
--- a/mnt6_298/src/constraints/mod.rs
+++ b/mnt6_298/src/constraints/mod.rs
@@ -106,7 +106,7 @@
 //! ```
 //! # fn main() -> Result<(), ark_relations::r1cs::SynthesisError> {
 //! # use ark_std::UniformRand;
-//! # use ark_ec::PairingEngine;
+//! # use ark_ec::pairing::Pairing;
 //! # use ark_relations::r1cs::*;
 //! # use ark_r1cs_std::prelude::*;
 //! # use ark_mnt6_298::{*, constraints::*};
@@ -135,7 +135,7 @@
 //! let pairing_result = constraints::PairingVar::pairing(a_prep, b_prep)?;
 //!
 //! // Check that the value of &a + &b is correct.
-//! assert_eq!(pairing_result.value()?, pairing_result_native);
+//! assert_eq!(pairing_result.value()?, pairing_result_native.0);
 //!
 //! // Check that operations on variables and constants are equivalent.
 //! let a_prep_const = constraints::PairingVar::prepare_g1(&a_const)?;
diff --git a/mnt6_753/src/constraints/mod.rs b/mnt6_753/src/constraints/mod.rs
index c540ac7..501724a 100644
--- a/mnt6_753/src/constraints/mod.rs
+++ b/mnt6_753/src/constraints/mod.rs
@@ -106,7 +106,7 @@
 //! ```
 //! # fn main() -> Result<(), ark_relations::r1cs::SynthesisError> {
 //! # use ark_std::UniformRand;
-//! # use ark_ec::PairingEngine;
+//! # use ark_ec::pairing::Pairing;
 //! # use ark_relations::r1cs::*;
 //! # use ark_r1cs_std::prelude::*;
 //! # use ark_mnt6_753::{*, constraints::*};
@@ -135,7 +135,7 @@
 //! let pairing_result = constraints::PairingVar::pairing(a_prep, b_prep)?;
 //!
 //! // Check that the value of &a + &b is correct.
-//! assert_eq!(pairing_result.value()?, pairing_result_native);
+//! assert_eq!(pairing_result.value()?, pairing_result_native.0);
 //!
 //! // Check that operations on variables and constants are equivalent.
 //! let a_prep_const = constraints::PairingVar::prepare_g1(&a_const)?;