Initial commit

bls12_381/src/curves/g1.rs

@@ -0,0 +1,82 @@
+use crate::*;
+use ark_ec::{
+    bls12,
+    models::{ModelParameters, SWModelParameters},
+};
+use ark_ff::{
+    biginteger::{BigInteger256, BigInteger384},
+    field_new, Zero,
+};
+
+pub type G1Affine = bls12::G1Affine<crate::Parameters>;
+pub type G1Projective = bls12::G1Projective<crate::Parameters>;
+
+#[derive(Clone, Default, PartialEq, Eq)]
+pub struct Parameters;
+
+impl ModelParameters for Parameters {
+    type BaseField = Fq;
+    type ScalarField = Fr;
+}
+
+impl SWModelParameters for Parameters {
+    /// COEFF_A = 0
+    const COEFF_A: Fq = field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0]));
+
+    /// COEFF_B = 4
+    #[rustfmt::skip]
+    const COEFF_B: Fq = field_new!(Fq, BigInteger384([
+        0xaa270000000cfff3,
+        0x53cc0032fc34000a,
+        0x478fe97a6b0a807f,
+        0xb1d37ebee6ba24d7,
+        0x8ec9733bbf78ab2f,
+        0x9d645513d83de7e,
+    ]));
+
+    /// COFACTOR = (x - 1)^2 / 3  = 76329603384216526031706109802092473003
+    const COFACTOR: &'static [u64] = &[0x8c00aaab0000aaab, 0x396c8c005555e156];
+
+    /// COFACTOR_INV = COFACTOR^{-1} mod r
+    /// = 52435875175126190458656871551744051925719901746859129887267498875565241663483
+    #[rustfmt::skip]
+    const COFACTOR_INV: Fr = field_new!(Fr, BigInteger256([
+        288839107172787499,
+        1152722415086798946,
+        2612889808468387987,
+        5124657601728438008,
+    ]));
+
+    /// AFFINE_GENERATOR_COEFFS = (G1_GENERATOR_X, G1_GENERATOR_Y)
+    const AFFINE_GENERATOR_COEFFS: (Self::BaseField, Self::BaseField) =
+        (G1_GENERATOR_X, G1_GENERATOR_Y);
+
+    #[inline(always)]
+    fn mul_by_a(_: &Self::BaseField) -> Self::BaseField {
+        Self::BaseField::zero()
+    }
+}
+
+/// G1_GENERATOR_X =
+/// 3685416753713387016781088315183077757961620795782546409894578378688607592378376318836054947676345821548104185464507
+#[rustfmt::skip]
+pub const G1_GENERATOR_X: Fq = field_new!(Fq, BigInteger384([
+    0x5cb38790fd530c16,
+    0x7817fc679976fff5,
+    0x154f95c7143ba1c1,
+    0xf0ae6acdf3d0e747,
+    0xedce6ecc21dbf440,
+    0x120177419e0bfb75,
+]));
+
+/// G1_GENERATOR_Y =
+/// 1339506544944476473020471379941921221584933875938349620426543736416511423956333506472724655353366534992391756441569
+#[rustfmt::skip]
+pub const G1_GENERATOR_Y: Fq = field_new!(Fq, BigInteger384([
+    0xbaac93d50ce72271,
+    0x8c22631a7918fd8e,
+    0xdd595f13570725ce,
+    0x51ac582950405194,
+    0xe1c8c3fad0059c0,
+    0xbbc3efc5008a26a,
+]));

bls12_381/src/curves/g2.rs

@@ -0,0 +1,113 @@
+use crate::*;
+use ark_ec::{
+    bls12,
+    models::{ModelParameters, SWModelParameters},
+};
+use ark_ff::{
+    biginteger::{BigInteger256, BigInteger384},
+    field_new, Zero,
+};
+
+pub type G2Affine = bls12::G2Affine<crate::Parameters>;
+pub type G2Projective = bls12::G2Projective<crate::Parameters>;
+
+#[derive(Clone, Default, PartialEq, Eq)]
+pub struct Parameters;
+
+impl ModelParameters for Parameters {
+    type BaseField = Fq2;
+    type ScalarField = Fr;
+}
+
+impl SWModelParameters for Parameters {
+    /// COEFF_A = [0, 0]
+    const COEFF_A: Fq2 = field_new!(Fq2, g1::Parameters::COEFF_A, g1::Parameters::COEFF_A,);
+
+    /// COEFF_B = [4, 4]
+    const COEFF_B: Fq2 = field_new!(Fq2, g1::Parameters::COEFF_B, g1::Parameters::COEFF_B,);
+
+    /// COFACTOR = (x^8 - 4 x^7 + 5 x^6) - (4 x^4 + 6 x^3 - 4 x^2 - 4 x + 13) //
+    /// 9
+    /// = 305502333931268344200999753193121504214466019254188142667664032982267604182971884026507427359259977847832272839041616661285803823378372096355777062779109
+    #[rustfmt::skip]
+    const COFACTOR: &'static [u64] = &[
+        0xcf1c38e31c7238e5,
+        0x1616ec6e786f0c70,
+        0x21537e293a6691ae,
+        0xa628f1cb4d9e82ef,
+        0xa68a205b2e5a7ddf,
+        0xcd91de4547085aba,
+        0x91d50792876a202,
+        0x5d543a95414e7f1,
+    ];
+
+    /// COFACTOR_INV = COFACTOR^{-1} mod r
+    /// 26652489039290660355457965112010883481355318854675681319708643586776743290055
+    #[rustfmt::skip]
+    const COFACTOR_INV: Fr = field_new!(Fr, BigInteger256([
+        6746407649509787816,
+        1304054119431494378,
+        2461312685643913071,
+        5956596749362435284,
+    ]));
+
+    /// AFFINE_GENERATOR_COEFFS = (G2_GENERATOR_X, G2_GENERATOR_Y)
+    const AFFINE_GENERATOR_COEFFS: (Self::BaseField, Self::BaseField) =
+        (G2_GENERATOR_X, G2_GENERATOR_Y);
+
+    #[inline(always)]
+    fn mul_by_a(_: &Self::BaseField) -> Self::BaseField {
+        Self::BaseField::zero()
+    }
+}
+
+pub const G2_GENERATOR_X: Fq2 = field_new!(Fq2, G2_GENERATOR_X_C0, G2_GENERATOR_X_C1);
+pub const G2_GENERATOR_Y: Fq2 = field_new!(Fq2, G2_GENERATOR_Y_C0, G2_GENERATOR_Y_C1);
+
+/// G2_GENERATOR_X_C0 =
+/// 352701069587466618187139116011060144890029952792775240219908644239793785735715026873347600343865175952761926303160
+#[rustfmt::skip]
+pub const G2_GENERATOR_X_C0: Fq = field_new!(Fq, BigInteger384([
+    0xf5f28fa202940a10,
+    0xb3f5fb2687b4961a,
+    0xa1a893b53e2ae580,
+    0x9894999d1a3caee9,
+    0x6f67b7631863366b,
+    0x58191924350bcd7,
+]));
+
+/// G2_GENERATOR_X_C1 =
+/// 3059144344244213709971259814753781636986470325476647558659373206291635324768958432433509563104347017837885763365758
+#[rustfmt::skip]
+pub const G2_GENERATOR_X_C1: Fq = field_new!(Fq, BigInteger384([
+    0xa5a9c0759e23f606,
+    0xaaa0c59dbccd60c3,
+    0x3bb17e18e2867806,
+    0x1b1ab6cc8541b367,
+    0xc2b6ed0ef2158547,
+    0x11922a097360edf3,
+]));
+
+/// G2_GENERATOR_Y_C0 =
+/// 1985150602287291935568054521177171638300868978215655730859378665066344726373823718423869104263333984641494340347905
+#[rustfmt::skip]
+pub const G2_GENERATOR_Y_C0: Fq = field_new!(Fq, BigInteger384([
+    0x4c730af860494c4a,
+    0x597cfa1f5e369c5a,
+    0xe7e6856caa0a635a,
+    0xbbefb5e96e0d495f,
+    0x7d3a975f0ef25a2,
+    0x83fd8e7e80dae5,
+]));
+
+/// G2_GENERATOR_Y_C1 =
+/// 927553665492332455747201965776037880757740193453592970025027978793976877002675564980949289727957565575433344219582
+#[rustfmt::skip]
+pub const G2_GENERATOR_Y_C1: Fq = field_new!(Fq, BigInteger384([
+    0xadc0fc92df64b05d,
+    0x18aa270a2b1461dc,
+    0x86adac6a3be4eba0,
+    0x79495c4ec93da33a,
+    0xe7175850a43ccaed,
+    0xb2bc2a163de1bf2,
+]));

bls12_381/src/curves/mod.rs

@@ -0,0 +1,30 @@
+use ark_ec::bls12::{Bls12, Bls12Parameters, TwistType};
+
+use crate::{Fq, Fq12Parameters, Fq2Parameters, Fq6Parameters};
+
+pub mod g1;
+pub mod g2;
+
+#[cfg(test)]
+mod tests;
+
+pub use self::{
+    g1::{G1Affine, G1Projective},
+    g2::{G2Affine, G2Projective},
+};
+
+pub type Bls12_381 = Bls12<Parameters>;
+
+pub struct Parameters;
+
+impl Bls12Parameters for Parameters {
+    const X: &'static [u64] = &[0xd201000000010000];
+    const X_IS_NEGATIVE: bool = true;
+    const TWIST_TYPE: TwistType = TwistType::M;
+    type Fp = Fq;
+    type Fp2Params = Fq2Parameters;
+    type Fp6Params = Fq6Parameters;
+    type Fp12Params = Fq12Parameters;
+    type G1Parameters = self::g1::Parameters;
+    type G2Parameters = self::g2::Parameters;
+}

bls12_381/src/curves/tests.rs

@@ -0,0 +1,116 @@
+#![allow(unused_imports)]
+use ark_ec::{models::SWModelParameters, AffineCurve, PairingEngine, ProjectiveCurve};
+use ark_ff::{
+    fields::{Field, FpParameters, PrimeField, SquareRootField},
+    test_rng, One, Zero,
+};
+use ark_serialize::CanonicalSerialize;
+use core::ops::{AddAssign, MulAssign};
+use rand::Rng;
+
+use crate::{g1, g2, Bls12_381, Fq, Fq12, Fq2, Fr, G1Affine, G1Projective, G2Affine, G2Projective};
+use ark_curve_tests::{curves::*, groups::*};
+
+#[test]
+fn test_g1_projective_curve() {
+    curve_tests::<G1Projective>();
+
+    sw_tests::<g1::Parameters>();
+}
+
+#[test]
+fn test_g1_projective_group() {
+    let mut rng = test_rng();
+    let a: G1Projective = rng.gen();
+    let b: G1Projective = rng.gen();
+    group_test(a, b);
+}
+
+#[test]
+fn test_g1_generator() {
+    let generator = G1Affine::prime_subgroup_generator();
+    assert!(generator.is_on_curve());
+    assert!(generator.is_in_correct_subgroup_assuming_on_curve());
+}
+
+#[test]
+fn test_g2_projective_curve() {
+    curve_tests::<G2Projective>();
+
+    sw_tests::<g2::Parameters>();
+}
+
+#[test]
+fn test_g2_projective_group() {
+    let mut rng = test_rng();
+    let a: G2Projective = rng.gen();
+    let b: G2Projective = rng.gen();
+    group_test(a, b);
+}
+
+#[test]
+fn test_g2_generator() {
+    let generator = G2Affine::prime_subgroup_generator();
+    assert!(generator.is_on_curve());
+    assert!(generator.is_in_correct_subgroup_assuming_on_curve());
+}
+
+#[test]
+fn test_bilinearity() {
+    let mut rng = test_rng();
+    let a: G1Projective = rng.gen();
+    let b: G2Projective = rng.gen();
+    let s: Fr = rng.gen();
+
+    let mut sa = a;
+    sa.mul_assign(s);
+    let mut sb = b;
+    sb.mul_assign(s);
+
+    let ans1 = Bls12_381::pairing(sa, b);
+    let ans2 = Bls12_381::pairing(a, sb);
+    let ans3 = Bls12_381::pairing(a, b).pow(s.into_repr());
+
+    assert_eq!(ans1, ans2);
+    assert_eq!(ans2, ans3);
+
+    assert_ne!(ans1, Fq12::one());
+    assert_ne!(ans2, Fq12::one());
+    assert_ne!(ans3, Fq12::one());
+
+    assert_eq!(ans1.pow(Fr::characteristic()), Fq12::one());
+    assert_eq!(ans2.pow(Fr::characteristic()), Fq12::one());
+    assert_eq!(ans3.pow(Fr::characteristic()), Fq12::one());
+}
+
+#[test]
+fn test_g1_generator_raw() {
+    let mut x = Fq::zero();
+    let mut i = 0;
+    loop {
+        // y^2 = x^3 + b
+        let mut rhs = x;
+        rhs.square_in_place();
+        rhs.mul_assign(&x);
+        rhs.add_assign(&g1::Parameters::COEFF_B);
+
+        if let Some(y) = rhs.sqrt() {
+            let p = G1Affine::new(x, if y < -y { y } else { -y }, false);
+            assert!(!p.is_in_correct_subgroup_assuming_on_curve());
+
+            let g1 = p.scale_by_cofactor();
+            if !g1.is_zero() {
+                assert_eq!(i, 4);
+                let g1 = G1Affine::from(g1);
+
+                assert!(g1.is_in_correct_subgroup_assuming_on_curve());
+
+                assert_eq!(g1, G1Affine::prime_subgroup_generator());
+                break;
+            }
+        }
+
+        i += 1;
+        x.add_assign(&Fq::one());
+    }
+}