Initial commit

bn254/src/curves/g1.rs

@@ -0,0 +1,67 @@
+use ark_ec::models::{ModelParameters, SWModelParameters};
+use ark_ff::{biginteger::BigInteger256, field_new, Zero};
+
+use crate::{Fq, Fr};
+
+#[derive(Clone, Default, PartialEq, Eq)]
+pub struct Parameters;
+
+impl ModelParameters for Parameters {
+    type BaseField = Fq;
+    type ScalarField = Fr;
+}
+
+impl SWModelParameters for Parameters {
+    /// COEFF_A = 0
+    const COEFF_A: Fq = field_new!(Fq, BigInteger256([0x0, 0x0, 0x0, 0x0]));
+
+    /// COEFF_B = 3
+    #[rustfmt::skip]
+    const COEFF_B: Fq = field_new!(Fq, BigInteger256([
+        0x7a17caa950ad28d7,
+        0x1f6ac17ae15521b9,
+        0x334bea4e696bd284,
+        0x2a1f6744ce179d8e,
+    ]));
+
+    /// COFACTOR = 1
+    const COFACTOR: &'static [u64] = &[0x1];
+
+    /// COFACTOR_INV = COFACTOR^{-1} mod r = 1
+    #[rustfmt::skip]
+    const COFACTOR_INV: Fr = field_new!(Fr, BigInteger256([
+        0xac96341c4ffffffb,
+        0x36fc76959f60cd29,
+        0x666ea36f7879462e,
+        0xe0a77c19a07df2f,
+    ]));
+
+    /// AFFINE_GENERATOR_COEFFS = (G1_GENERATOR_X, G1_GENERATOR_Y)
+    const AFFINE_GENERATOR_COEFFS: (Self::BaseField, Self::BaseField) =
+        (G1_GENERATOR_X, G1_GENERATOR_Y);
+
+    #[inline(always)]
+    fn mul_by_a(_: &Self::BaseField) -> Self::BaseField {
+        Self::BaseField::zero()
+    }
+}
+
+/// G1_GENERATOR_X =
+/// 1
+#[rustfmt::skip]
+pub const G1_GENERATOR_X: Fq = field_new!(Fq, BigInteger256([
+    0xd35d438dc58f0d9d,
+    0x0a78eb28f5c70b3d,
+    0x666ea36f7879462c,
+    0x0e0a77c19a07df2f,
+]));
+
+/// G1_GENERATOR_Y =
+/// 2
+#[rustfmt::skip]
+pub const G1_GENERATOR_Y: Fq = field_new!(Fq, BigInteger256([
+    0xa6ba871b8b1e1b3a,
+    0x14f1d651eb8e167b,
+    0xccdd46def0f28c58,
+    0x1c14ef83340fbe5e,
+]));

bn254/src/curves/g2.rs

@@ -0,0 +1,112 @@
+use ark_ec::models::{ModelParameters, SWModelParameters};
+use ark_ff::{biginteger::BigInteger256, field_new, Zero};
+
+use crate::{g1, Fq, Fq2, Fr};
+
+#[derive(Clone, Default, PartialEq, Eq)]
+pub struct Parameters;
+
+impl ModelParameters for Parameters {
+    type BaseField = Fq2;
+    type ScalarField = Fr;
+}
+
+impl SWModelParameters for Parameters {
+    /// COEFF_A = [0, 0]
+    #[rustfmt::skip]
+    const COEFF_A: Fq2 = field_new!(Fq2,
+        g1::Parameters::COEFF_A,
+        g1::Parameters::COEFF_A,
+    );
+
+    /// COEFF_B = 3/(u+9)
+    ///         = (19485874751759354771024239261021720505790618469301721065564631296452457478373, 266929791119991161246907387137283842545076965332900288569378510910307636690)
+    #[rustfmt::skip]
+    const COEFF_B: Fq2 = field_new!(Fq2,
+        field_new!(Fq, BigInteger256([
+            0x3bf938e377b802a8,
+            0x020b1b273633535d,
+            0x26b7edf049755260,
+            0x2514c6324384a86d,
+        ])),
+        field_new!(Fq, BigInteger256([
+            0x38e7ecccd1dcff67,
+            0x65f0b37d93ce0d3e,
+            0xd749d0dd22ac00aa,
+            0x0141b9ce4a688d4d,
+        ])),
+    );
+
+    /// COFACTOR = (36 * X^4) + (36 * X^3) + (30 * X^2) + 6*X + 1
+    ///          = 21888242871839275222246405745257275088844257914179612981679871602714643921549
+    #[rustfmt::skip]
+    const COFACTOR: &'static [u64] = &[
+        0x345f2299c0f9fa8d,
+        0x06ceecda572a2489,
+        0xb85045b68181585e,
+        0x30644e72e131a029,
+    ];
+
+    /// COFACTOR_INV = COFACTOR^{-1} mod r
+    #[rustfmt::skip]
+    const COFACTOR_INV: Fr = field_new!(Fr, BigInteger256([
+        0x7fff17d53ff2895e,
+        0xd0617390cf7919e5,
+        0xb9af426b22d0eb61,
+        0x270485e31bd72a4d,
+    ]));
+
+    /// AFFINE_GENERATOR_COEFFS = (G2_GENERATOR_X, G2_GENERATOR_Y)
+    const AFFINE_GENERATOR_COEFFS: (Self::BaseField, Self::BaseField) =
+        (G2_GENERATOR_X, G2_GENERATOR_Y);
+
+    #[inline(always)]
+    fn mul_by_a(_: &Self::BaseField) -> Self::BaseField {
+        Self::BaseField::zero()
+    }
+}
+
+#[rustfmt::skip]
+pub const G2_GENERATOR_X: Fq2 = field_new!(Fq2, G2_GENERATOR_X_C0, G2_GENERATOR_X_C1);
+#[rustfmt::skip]
+pub const G2_GENERATOR_Y: Fq2 = field_new!(Fq2, G2_GENERATOR_Y_C0, G2_GENERATOR_Y_C1);
+
+/// G2_GENERATOR_X_C0 =
+/// 10857046999023057135944570762232829481370756359578518086990519993285655852781
+#[rustfmt::skip]
+pub const G2_GENERATOR_X_C0: Fq = field_new!(Fq, BigInteger256([
+    0x8e83b5d102bc2026,
+    0xdceb1935497b0172,
+    0xfbb8264797811adf,
+    0x19573841af96503b,
+]));
+
+/// G2_GENERATOR_X_C1 =
+/// 11559732032986387107991004021392285783925812861821192530917403151452391805634
+#[rustfmt::skip]
+pub const G2_GENERATOR_X_C1: Fq = field_new!(Fq, BigInteger256([
+    0xafb4737da84c6140,
+    0x6043dd5a5802d8c4,
+    0x09e950fc52a02f86,
+    0x14fef0833aea7b6b,
+]));
+
+/// G2_GENERATOR_Y_C0 =
+/// 8495653923123431417604973247489272438418190587263600148770280649306958101930
+#[rustfmt::skip]
+pub const G2_GENERATOR_Y_C0: Fq = field_new!(Fq, BigInteger256([
+    0x619dfa9d886be9f6,
+    0xfe7fd297f59e9b78,
+    0xff9e1a62231b7dfe,
+    0x28fd7eebae9e4206,
+]));
+
+/// G2_GENERATOR_Y_C1 =
+/// 4082367875863433681332203403145435568316851327593401208105741076214120093531
+#[rustfmt::skip]
+pub const G2_GENERATOR_Y_C1: Fq = field_new!(Fq, BigInteger256([
+    0x64095b56c71856ee,
+    0xdc57f922327d3cbb,
+    0x55f935be33351076,
+    0x0da4a0e693fd6482,
+]));

bn254/src/curves/mod.rs

@@ -0,0 +1,82 @@
+use crate::*;
+use ark_ec::{
+    bn,
+    bn::{Bn, BnParameters, TwistType},
+};
+use ark_ff::{biginteger::BigInteger256, field_new};
+pub mod g1;
+pub mod g2;
+
+#[cfg(test)]
+mod tests;
+
+pub struct Parameters;
+
+impl BnParameters for Parameters {
+    const X: &'static [u64] = &[4965661367192848881];
+    /// `x` is positive.
+    const X_IS_NEGATIVE: bool = false;
+    const ATE_LOOP_COUNT: &'static [i8] = &[
+        0, 0, 0, 1, 0, 1, 0, -1, 0, 0, 1, -1, 0, 0, 1, 0, 0, 1, 1, 0, -1, 0, 0, 1, 0, -1, 0, 0, 0,
+        0, 1, 1, 1, 0, 0, -1, 0, 0, 1, 0, 0, 0, 0, 0, -1, 0, 0, 1, 1, 0, 0, -1, 0, 0, 0, 1, 1, 0,
+        -1, 0, 0, 1, 0, 1, 1,
+    ];
+    /// `ate_loop_count` is positive.
+    const ATE_LOOP_COUNT_IS_NEGATIVE: bool = false;
+    const TWIST_MUL_BY_Q_X: Fq2 = field_new!(
+        Fq2,
+        field_new!(
+            Fq,
+            BigInteger256([
+                0xb5773b104563ab30,
+                0x347f91c8a9aa6454,
+                0x7a007127242e0991,
+                0x1956bcd8118214ec,
+            ])
+        ),
+        field_new!(
+            Fq,
+            BigInteger256([
+                0x6e849f1ea0aa4757,
+                0xaa1c7b6d89f89141,
+                0xb6e713cdfae0ca3a,
+                0x26694fbb4e82ebc3,
+            ])
+        ),
+    );
+    const TWIST_MUL_BY_Q_Y: Fq2 = field_new!(
+        Fq2,
+        field_new!(
+            Fq,
+            BigInteger256([
+                0xe4bbdd0c2936b629,
+                0xbb30f162e133bacb,
+                0x31a9d1b6f9645366,
+                0x253570bea500f8dd,
+            ])
+        ),
+        field_new!(
+            Fq,
+            BigInteger256([
+                0xa1d77ce45ffe77c7,
+                0x07affd117826d1db,
+                0x6d16bd27bb7edc6b,
+                0x2c87200285defecc,
+            ])
+        ),
+    );
+    const TWIST_TYPE: TwistType = TwistType::D;
+    type Fp = Fq;
+    type Fp2Params = Fq2Parameters;
+    type Fp6Params = Fq6Parameters;
+    type Fp12Params = Fq12Parameters;
+    type G1Parameters = g1::Parameters;
+    type G2Parameters = g2::Parameters;
+}
+
+pub type Bn254 = Bn<Parameters>;
+
+pub type G1Affine = bn::G1Affine<Parameters>;
+pub type G1Projective = bn::G1Projective<Parameters>;
+pub type G2Affine = bn::G2Affine<Parameters>;
+pub type G2Projective = bn::G2Projective<Parameters>;

bn254/src/curves/tests.rs

@@ -0,0 +1,85 @@
+#![allow(unused_imports)]
+use ark_ec::{models::SWModelParameters, AffineCurve, PairingEngine, ProjectiveCurve};
+use ark_ff::{
+    fields::{Field, FpParameters, PrimeField, SquareRootField},
+    test_rng, One, Zero,
+};
+use ark_serialize::CanonicalSerialize;
+use core::ops::{AddAssign, MulAssign};
+use rand::Rng;
+
+use crate::{g1, g2, Bn254, Fq, Fq12, Fq2, Fr, G1Affine, G1Projective, G2Affine, G2Projective};
+
+use ark_curve_tests::{curves::*, groups::*};
+
+#[test]
+fn test_g1_projective_curve() {
+    curve_tests::<G1Projective>();
+
+    sw_tests::<g1::Parameters>();
+}
+
+#[test]
+fn test_g1_projective_group() {
+    let mut rng = test_rng();
+    let a: G1Projective = rng.gen();
+    let b: G1Projective = rng.gen();
+    group_test(a, b);
+}
+
+#[test]
+fn test_g1_generator() {
+    let generator = G1Affine::prime_subgroup_generator();
+    assert!(generator.is_on_curve());
+    assert!(generator.is_in_correct_subgroup_assuming_on_curve());
+}
+
+#[test]
+fn test_g2_projective_curve() {
+    curve_tests::<G2Projective>();
+
+    sw_tests::<g2::Parameters>();
+}
+
+#[test]
+fn test_g2_projective_group() {
+    let mut rng = test_rng();
+    let a: G2Projective = rng.gen();
+    let b: G2Projective = rng.gen();
+    group_test(a, b);
+}
+
+#[test]
+fn test_g2_generator() {
+    let generator = G2Affine::prime_subgroup_generator();
+    assert!(generator.is_on_curve());
+    assert!(generator.is_in_correct_subgroup_assuming_on_curve());
+}
+
+#[test]
+fn test_bilinearity() {
+    let mut rng = test_rng();
+    let a: G1Projective = rng.gen();
+    let b: G2Projective = rng.gen();
+    let s: Fr = rng.gen();
+
+    let mut sa = a;
+    sa.mul_assign(s);
+    let mut sb = b;
+    sb.mul_assign(s);
+
+    let ans1 = Bn254::pairing(sa, b);
+    let ans2 = Bn254::pairing(a, sb);
+    let ans3 = Bn254::pairing(a, b).pow(s.into_repr());
+
+    assert_eq!(ans1, ans2);
+    assert_eq!(ans2, ans3);
+
+    assert_ne!(ans1, Fq12::one());
+    assert_ne!(ans2, Fq12::one());
+    assert_ne!(ans3, Fq12::one());
+
+    assert_eq!(ans1.pow(Fr::characteristic()), Fq12::one());
+    assert_eq!(ans2.pow(Fr::characteristic()), Fq12::one());
+    assert_eq!(ans3.pow(Fr::characteristic()), Fq12::one());
+}