From 42289245a6d59606f7f34bb6506b064d8ca028f5 Mon Sep 17 00:00:00 2001
From: mmagician <marcin.gorny.94@protonmail.com>
Date: Fri, 2 Sep 2022 17:19:51 +0200
Subject: [PATCH] Replace `ATE_LOOP_COUNT` with its 2-NAF for MNT curves (#107)

* Replace ATE_LOOP_COUNT by its 2-NAF

* Add constant references

* Apply suggestions from code review

Co-authored-by: Weikeng Chen <w.k@berkeley.edu>
---
 mnt4_298/src/curves/mod.rs | 10 +++++++++-
 mnt4_753/src/curves/mod.rs | 22 +++++++++++++++-------
 mnt6_298/src/curves/mod.rs | 11 ++++++++++-
 mnt6_753/src/curves/mod.rs | 22 +++++++++++++++-------
 4 files changed, 49 insertions(+), 16 deletions(-)

diff --git a/mnt4_298/src/curves/mod.rs b/mnt4_298/src/curves/mod.rs
index 4092474..fbaafe6 100644
--- a/mnt4_298/src/curves/mod.rs
+++ b/mnt4_298/src/curves/mod.rs
@@ -28,7 +28,15 @@ impl MNT4Parameters for Parameters {
     // ```
     const TWIST_COEFF_A: Fq2 = Fq2::new(G1_COEFF_A_NON_RESIDUE, Fq::ZERO);
 
-    const ATE_LOOP_COUNT: &'static [u64] = &[993502997770534912, 5071219579242586943, 2027349];
+    // https://github.com/o1-labs/snarky/blob/9c21ab2bb23874604640740d646a932e813432c3/snarkette/mnt4_80.ml#L88
+    const ATE_LOOP_COUNT: &'static [i8] = &[
+        1, 0, 0, 0, 0, -1, 0, 0, 0, -1, 0, 0, 0, -1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 0, 1, 0, -1,
+        0, 1, 0, -1, 0, 0, 0, 0, 0, 1, 0, 1, 0, -1, 0, 0, 0, -1, 0, -1, 0, -1, 0, 0, -1, 0, -1, 0,
+        0, 0, 0, 0, -1, 0, -1, 0, 0, 0, 0, 1, 0, 1, 0, 1, 0, 0, 1, 0, -1, 0, 1, 0, 0, 0, 0, 0, -1,
+        0, 0, 0, 1, 0, 0, -1, 0, 0, -1, 0, 0, 1, 0, 1, 0, -1, 0, 1, 0, 0, 0, 1, 0, 0, -1, 0, 0, -1,
+        0, -1, 0, 1, 0, 0, -1, 0, 0, 1, 0, -1, 0, -1, 0, 1, 0, -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+        0, 0, 0, 0, 0, 0,
+    ];
     const ATE_IS_LOOP_COUNT_NEG: bool = false;
     const FINAL_EXPONENT_LAST_CHUNK_1: BigInteger320 = BigInt::new([0x1, 0x0, 0x0, 0x0, 0x0]);
     const FINAL_EXPONENT_LAST_CHUNK_W0_IS_NEG: bool = false;
diff --git a/mnt4_753/src/curves/mod.rs b/mnt4_753/src/curves/mod.rs
index d5b4e21..aca6f31 100644
--- a/mnt4_753/src/curves/mod.rs
+++ b/mnt4_753/src/curves/mod.rs
@@ -31,13 +31,21 @@ impl MNT4Parameters for Parameters {
     // ```
     const TWIST_COEFF_A: Fp2<Self::Fp2Config> = Fp2::new(G1_COEFF_A_NON_RESIDUE, Fq::ZERO);
     // https://github.com/o1-labs/snarky/blob/9c21ab2bb23874604640740d646a932e813432c3/snarkette/mnt4753.ml
-    const ATE_LOOP_COUNT: &'static [u64] = &[
-        8824542903220142080,
-        7711082599397206192,
-        8303354903384568230,
-        5874150271971943936,
-        9717849827920685054,
-        95829799234282493,
+    const ATE_LOOP_COUNT: &'static [i8] = &[
+        1, 0, 1, 0, 1, 0, 1, 0, 0, 1, 0, 0, -1, 0, 1, 0, 1, 0, -1, 0, -1, 0, 0, 1, 0, 0, 0, -1, 0,
+        -1, 0, -1, 0, 0, 1, 0, 0, 0, 0, 1, 0, -1, 0, 1, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, -1, 0, -1,
+        0, 0, 0, 1, 0, 0, -1, 0, 0, -1, 0, 0, -1, 0, 1, 0, -1, 0, 0, 0, -1, 0, 1, 0, 0, 0, -1, 0,
+        0, -1, 0, 1, 0, -1, 0, 0, 0, -1, 0, 0, -1, 0, 1, 0, 0, -1, 0, -1, 0, 1, 0, 1, 0, 0, 0, 0,
+        0, 0, 0, 0, 0, -1, 0, 0, 1, 0, 1, 0, 0, 1, 0, -1, 0, 0, 0, 0, 1, 0, 1, 0, 1, 0, -1, 0, -1,
+        0, 0, 1, 0, 0, 1, 0, -1, 0, 1, 0, -1, 0, 0, 0, 0, -1, 0, 0, 0, 1, 0, 1, 0, 0, -1, 0, 0, -1,
+        0, 1, 0, -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, -1, 0, 1, 0, -1, 0, 1, 0, 0, 0, -1, 0, 0,
+        -1, 0, 0, -1, 0, 0, 0, 1, 0, 1, 0, 0, 1, 0, 1, 0, 1, 0, 1, 0, 0, 1, 0, 0, 0, 1, 0, 0, 0,
+        -1, 0, 0, 0, 1, 0, -1, 0, 0, 1, 0, -1, 0, 1, 0, 1, 0, -1, 0, 1, 0, 0, -1, 0, -1, 0, -1, 0,
+        0, 0, 0, 0, 1, 0, -1, 0, 1, 0, 0, 0, 1, 0, 1, 0, -1, 0, 0, 0, 1, 0, 1, 0, 0, -1, 0, 0, 1,
+        0, -1, 0, -1, 0, 0, 0, 1, 0, 0, 0, 0, 1, 0, 1, 0, 0, 1, 0, -1, 0, -1, 0, 0, 0, 0, 1, 0, 0,
+        0, -1, 0, 1, 0, 1, 0, 0, 0, -1, 0, 0, -1, 0, 0, 0, 1, 0, 1, 0, -1, 0, 0, 0, 0, 0, 1, 0, 0,
+        0, 0, 1, 0, 0, -1, 0, 0, -1, 0, 1, 0, 0, 0, 1, 0, -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+        0, 0, 0,
     ];
     const ATE_IS_LOOP_COUNT_NEG: bool = true;
     const FINAL_EXPONENT_LAST_CHUNK_1: BigInteger768 =
diff --git a/mnt6_298/src/curves/mod.rs b/mnt6_298/src/curves/mod.rs
index 51115cc..767d146 100644
--- a/mnt6_298/src/curves/mod.rs
+++ b/mnt6_298/src/curves/mod.rs
@@ -25,7 +25,16 @@ impl MNT6Parameters for Parameters {
     const TWIST: Fp3<Self::Fp3Config> = Fp3::<Self::Fp3Config>::new(Fq::ZERO, Fq::ONE, Fq::ZERO);
     const TWIST_COEFF_A: Fp3<Self::Fp3Config> =
         Fp3::<Self::Fp3Config>::new(Fq::ZERO, Fq::ZERO, g1::Parameters::COEFF_A);
-    const ATE_LOOP_COUNT: &'static [u64] = &[0xdc9a1b671660000, 0x46609756bec2a33f, 0x1eef55];
+
+    // https://github.com/o1-labs/snarky/blob/9c21ab2bb23874604640740d646a932e813432c3/snarkette/mnt4_80.ml#L88
+    const ATE_LOOP_COUNT: &'static [i8] = &[
+        1, 0, 0, 0, 0, -1, 0, 0, 0, -1, 0, 0, 0, -1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 0, 1, 0, -1,
+        0, 1, 0, -1, 0, 0, 0, 0, 0, 1, 0, 1, 0, -1, 0, 0, 0, -1, 0, -1, 0, -1, 0, 0, -1, 0, -1, 0,
+        0, 0, 0, 0, -1, 0, -1, 0, 0, 0, 0, 1, 0, 1, 0, 1, 0, 0, 1, 0, -1, 0, 1, 0, 0, 0, 0, 0, -1,
+        0, 0, 0, 1, 0, 0, -1, 0, 0, -1, 0, 0, 1, 0, 1, 0, -1, 0, 1, 0, 0, 0, 1, 0, 0, -1, 0, 0, -1,
+        0, -1, 0, 1, 0, 0, -1, 0, 0, 1, 0, -1, 0, -1, 0, 1, 0, -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+        0, 0, 0, 0, 0, 0,
+    ];
     const ATE_IS_LOOP_COUNT_NEG: bool = true;
     const FINAL_EXPONENT_LAST_CHUNK_1: BigInteger320 = BigInt::new([0x1, 0x0, 0x0, 0x0, 0x0]);
     const FINAL_EXPONENT_LAST_CHUNK_W0_IS_NEG: bool = true;
diff --git a/mnt6_753/src/curves/mod.rs b/mnt6_753/src/curves/mod.rs
index 962711f..488279a 100644
--- a/mnt6_753/src/curves/mod.rs
+++ b/mnt6_753/src/curves/mod.rs
@@ -33,13 +33,21 @@ impl MNT6Parameters for Parameters {
         Fp3::new(Fq::ZERO, Fq::ZERO, g1::Parameters::COEFF_A);
 
     // https://github.com/o1-labs/snarky/blob/9c21ab2bb23874604640740d646a932e813432c3/snarkette/mnt6753.ml
-    const ATE_LOOP_COUNT: &'static [u64] = &[
-        8824542903220142080,
-        7711082599397206192,
-        8303354903384568230,
-        5874150271971943936,
-        9717849827920685054,
-        95829799234282493,
+    const ATE_LOOP_COUNT: &'static [i8] = &[
+        1, 0, 1, 0, 1, 0, 1, 0, 0, 1, 0, 0, -1, 0, 1, 0, 1, 0, -1, 0, -1, 0, 0, 1, 0, 0, 0, -1, 0,
+        -1, 0, -1, 0, 0, 1, 0, 0, 0, 0, 1, 0, -1, 0, 1, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, -1, 0, -1,
+        0, 0, 0, 1, 0, 0, -1, 0, 0, -1, 0, 0, -1, 0, 1, 0, -1, 0, 0, 0, -1, 0, 1, 0, 0, 0, -1, 0,
+        0, -1, 0, 1, 0, -1, 0, 0, 0, -1, 0, 0, -1, 0, 1, 0, 0, -1, 0, -1, 0, 1, 0, 1, 0, 0, 0, 0,
+        0, 0, 0, 0, 0, -1, 0, 0, 1, 0, 1, 0, 0, 1, 0, -1, 0, 0, 0, 0, 1, 0, 1, 0, 1, 0, -1, 0, -1,
+        0, 0, 1, 0, 0, 1, 0, -1, 0, 1, 0, -1, 0, 0, 0, 0, -1, 0, 0, 0, 1, 0, 1, 0, 0, -1, 0, 0, -1,
+        0, 1, 0, -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, -1, 0, 1, 0, -1, 0, 1, 0, 0, 0, -1, 0, 0,
+        -1, 0, 0, -1, 0, 0, 0, 1, 0, 1, 0, 0, 1, 0, 1, 0, 1, 0, 1, 0, 0, 1, 0, 0, 0, 1, 0, 0, 0,
+        -1, 0, 0, 0, 1, 0, -1, 0, 0, 1, 0, -1, 0, 1, 0, 1, 0, -1, 0, 1, 0, 0, -1, 0, -1, 0, -1, 0,
+        0, 0, 0, 0, 1, 0, -1, 0, 1, 0, 0, 0, 1, 0, 1, 0, -1, 0, 0, 0, 1, 0, 1, 0, 0, -1, 0, 0, 1,
+        0, -1, 0, -1, 0, 0, 0, 1, 0, 0, 0, 0, 1, 0, 1, 0, 0, 1, 0, -1, 0, -1, 0, 0, 0, 0, 1, 0, 0,
+        0, -1, 0, 1, 0, 1, 0, 0, 0, -1, 0, 0, -1, 0, 0, 0, 1, 0, 1, 0, -1, 0, 0, 0, 0, 0, 1, 0, 0,
+        0, 0, 1, 0, 0, -1, 0, 0, -1, 0, 1, 0, 0, 0, 1, 0, -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+        0, 0, 0,
     ];
     const ATE_IS_LOOP_COUNT_NEG: bool = false;
     const FINAL_EXPONENT_LAST_CHUNK_1: BigInteger768 =