Initial commit

ed_on_bls12_377/Cargo.toml

@@ -0,0 +1,29 @@
+[package]
+name = "ark-ed-on-bls12-377"
+version = "0.1.0"
+authors = [ "arkworks contributors" ]
+description = "A Twisted Edwards curve defined over the scalar field of the BLS12-377 curve"
+homepage = "https://arworks.rs"
+repository = "https://github.com/arkworks/algebra"
+documentation = "https://docs.rs/ark-ed-on-bls12-377/"
+keywords = ["cryptography", "finite fields", "elliptic curves" ]
+categories = ["cryptography"]
+include = ["Cargo.toml", "src", "README.md", "LICENSE-APACHE", "LICENSE-MIT"]
+license = "MIT/Apache-2.0"
+edition = "2018"
+
+[dependencies]
+ark-ff = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
+ark-ec = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
+ark-std = { git = "https://github.com/arkworks-rs/utils", default-features = false }
+ark-bls12-377 = { path = "../bls12_377", default-features = false, features = [ "scalar_field" ] }
+
+[dev-dependencies]
+ark-serialize = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
+ark-curve-tests = { path = "../curve-tests", default-features = false }
+rand = { version = "0.7", default-features = false }
+rand_xorshift = "0.2"
+
+[features]
+default = []
+std = [ "ark-std/std", "ark-ff/std", "ark-ec/std", "ark-bls12-377/std" ]

ed_on_bls12_377/src/curves/mod.rs

@@ -0,0 +1,106 @@
+use crate::{fq::Fq, fr::Fr};
+use ark_ec::{
+    models::{ModelParameters, MontgomeryModelParameters, TEModelParameters},
+    twisted_edwards_extended::{GroupAffine, GroupProjective},
+};
+use ark_ff::{biginteger::BigInteger256, field_new};
+
+#[cfg(test)]
+mod tests;
+
+pub type EdwardsAffine = GroupAffine<EdwardsParameters>;
+pub type EdwardsProjective = GroupProjective<EdwardsParameters>;
+
+#[derive(Clone, Default, PartialEq, Eq)]
+pub struct EdwardsParameters;
+
+impl ModelParameters for EdwardsParameters {
+    type BaseField = Fq;
+    type ScalarField = Fr;
+}
+
+impl TEModelParameters for EdwardsParameters {
+    /// COEFF_A = -1
+    #[rustfmt::skip]
+    const COEFF_A: Fq = field_new!(Fq, BigInteger256([
+        0x8cf500000000000e,
+        0xe75281ef6000000e,
+        0x49dc37a90b0ba012,
+        0x55f8b2c6e710ab9,
+    ]));
+
+    /// COEFF_D = 3021
+    #[rustfmt::skip]
+    const COEFF_D: Fq = field_new!(Fq, BigInteger256([
+        0xd047ffffffff5e30,
+        0xf0a91026ffff57d2,
+        0x9013f560d102582,
+        0x9fd242ca7be5700,
+    ]));
+
+    /// COFACTOR = 4
+    const COFACTOR: &'static [u64] = &[4];
+
+    /// COFACTOR_INV =
+    /// 527778859339273151515551558673846658209717731602102048798421311598680340096
+    #[rustfmt::skip]
+    const COFACTOR_INV: Fr = field_new!(Fr, BigInteger256([
+        10836190823041854989,
+        14880086764632731920,
+        5023208332782666747,
+        239524813690824359,
+    ]));
+
+    /// Generated randomly
+    const AFFINE_GENERATOR_COEFFS: (Self::BaseField, Self::BaseField) = (GENERATOR_X, GENERATOR_Y);
+
+    type MontgomeryModelParameters = EdwardsParameters;
+
+    /// Multiplication by `a` is just negation.
+    /// Is `a` 1 or -1?
+    #[inline(always)]
+    fn mul_by_a(elem: &Self::BaseField) -> Self::BaseField {
+        -*elem
+    }
+}
+
+impl MontgomeryModelParameters for EdwardsParameters {
+    /// COEFF_A = 0x8D26E3FADA9010A26949031ECE3971B93952AD84D4753DDEDB748DA37E8F552
+    #[rustfmt::skip]
+    const COEFF_A: Fq = field_new!(Fq, BigInteger256([
+        13800168384327121454u64,
+        6841573379969807446u64,
+        12529593083398462246u64,
+        853978956621483129u64,
+    ]));
+    /// COEFF_B = 0x9D8F71EEC83A44C3A1FBCEC6F5418E5C6154C2682B8AC231C5A3725C8170AAD
+    #[rustfmt::skip]
+    const COEFF_B: Fq = field_new!(Fq, BigInteger256([
+        7239382437352637935u64,
+        14509846070439283655u64,
+        5083066350480839936u64,
+        1265663645916442191u64,
+    ]));
+
+    type TEModelParameters = EdwardsParameters;
+}
+
+/// GENERATOR_X =
+/// 7810607721416582242904415504650443951498042435501746664987470571546413371306
+#[rustfmt::skip]
+const GENERATOR_X: Fq = field_new!(Fq, BigInteger256([
+    0x5bbc9878d817221d,
+    0xd2b03489424e720,
+    0x6b66f128c16bb3c9,
+    0xdd3bff78733576d,
+]));
+
+/// GENERATOR_Y =
+/// 1867362672570137759132108893390349941423731440336755218616442213142473202417
+#[rustfmt::skip]
+const GENERATOR_Y: Fq = field_new!(Fq, BigInteger256([
+    0x471517ae5e5e979e,
+    0xd9c97f6a73a7ff83,
+    0x85a95b45a5494402,
+    0xfad27c9b545b1f0,
+]));

ed_on_bls12_377/src/curves/tests.rs

@@ -0,0 +1,62 @@
+use ark_ec::{AffineCurve, ProjectiveCurve};
+use ark_ff::test_rng;
+use rand::Rng;
+
+use crate::*;
+
+use ark_curve_tests::{curves::*, groups::*};
+
+#[test]
+fn test_projective_curve() {
+    curve_tests::<EdwardsProjective>();
+
+    edwards_tests::<EdwardsParameters>();
+}
+
+#[test]
+fn test_projective_group() {
+    let mut rng = test_rng();
+    let a = rng.gen();
+    let b = rng.gen();
+    for _i in 0..100 {
+        group_test::<EdwardsProjective>(a, b);
+    }
+}
+
+#[test]
+fn test_affine_group() {
+    let mut rng = test_rng();
+    let a: EdwardsAffine = rng.gen();
+    let b: EdwardsAffine = rng.gen();
+    for _i in 0..100 {
+        group_test::<EdwardsAffine>(a, b);
+    }
+}
+
+#[test]
+fn test_generator() {
+    let generator = EdwardsAffine::prime_subgroup_generator();
+    assert!(generator.is_on_curve());
+    assert!(generator.is_in_correct_subgroup_assuming_on_curve());
+}
+
+#[test]
+fn test_conversion() {
+    let mut rng = test_rng();
+    let a: EdwardsAffine = rng.gen();
+    let b: EdwardsAffine = rng.gen();
+    let a_b = {
+        use ark_ec::group::Group;
+        (a + &b).double().double()
+    };
+    let a_b2 = (a.into_projective() + &b.into_projective())
+        .double()
+        .double();
+    assert_eq!(a_b, a_b2.into_affine());
+    assert_eq!(a_b.into_projective(), a_b2);
+}
+
+#[test]
+fn test_montgomery_conversion() {
+    montgomery_conversion_test::<EdwardsParameters>();
+}

ed_on_bls12_377/src/fields/fq.rs

@@ -0,0 +1 @@
+pub use ark_bls12_377::{Fr as Fq, FrParameters as FqParameters};

ed_on_bls12_377/src/fields/fr.rs

@@ -0,0 +1,78 @@
+use ark_ff::{
+    biginteger::BigInteger256 as BigInteger,
+    fields::{FftParameters, Fp256, Fp256Parameters, FpParameters},
+};
+
+pub type Fr = Fp256<FrParameters>;
+
+pub struct FrParameters;
+
+impl Fp256Parameters for FrParameters {}
+impl FftParameters for FrParameters {
+    type BigInt = BigInteger;
+
+    const TWO_ADICITY: u32 = 1;
+
+    #[rustfmt::skip]
+    const TWO_ADIC_ROOT_OF_UNITY: BigInteger = BigInteger([
+        15170730761708361161u64,
+        13670723686578117817u64,
+        12803492266614043665u64,
+        50861023252832611u64,
+    ]);
+}
+impl FpParameters for FrParameters {
+    /// MODULUS = 2111115437357092606062206234695386632838870926408408195193685246394721360383
+    #[rustfmt::skip]
+    const MODULUS: BigInteger = BigInteger([
+        13356249993388743167u64,
+        5950279507993463550u64,
+        10965441865914903552u64,
+        336320092672043349u64,
+    ]);
+
+    const MODULUS_BITS: u32 = 251;
+
+    const CAPACITY: u32 = Self::MODULUS_BITS - 1;
+
+    const REPR_SHAVE_BITS: u32 = 5;
+
+    #[rustfmt::skip]
+    const R: BigInteger = BigInteger([
+        16632263305389933622u64,
+        10726299895124897348u64,
+        16608693673010411502u64,
+        285459069419210737u64,
+    ]);
+
+    #[rustfmt::skip]
+    const R2: BigInteger = BigInteger([
+        3987543627614508126u64,
+        17742427666091596403u64,
+        14557327917022607905u64,
+        322810149704226881u64,
+    ]);
+
+    const INV: u64 = 9659935179256617473u64;
+
+    // 70865795004005329077606947863872807680085016823885970091001235374859923341923
+    #[rustfmt::skip]
+    const GENERATOR: BigInteger = BigInteger([
+        11289572479685143826u64,
+        11383637369941080925u64,
+        2288212753973340071u64,
+        82014976407880291u64,
+    ]);
+
+    #[rustfmt::skip]
+    const MODULUS_MINUS_ONE_DIV_TWO: BigInteger = BigInteger([
+        6678124996694371583u64,
+        2975139753996731775u64,
+        14706092969812227584u64,
+        168160046336021674u64,
+    ]);
+
+    const T: BigInteger = BigInteger([0x0, 0x0, 0x0, 0x0]);
+
+    const T_MINUS_ONE_DIV_TWO: BigInteger = BigInteger([0x0, 0x0, 0x0, 0x0]);
+}

ed_on_bls12_377/src/fields/mod.rs

@@ -0,0 +1,8 @@
+pub mod fq;
+pub mod fr;
+
+pub use fq::*;
+pub use fr::*;
+
+#[cfg(all(feature = "ed_on_bls12_377", test))]
+mod tests;

ed_on_bls12_377/src/fields/tests.rs

@@ -0,0 +1,24 @@
+use ark_ff::test_rng;
+use rand::Rng;
+
+use crate::{Fq, Fr};
+
+use ark_curve_tests::fields::*;
+
+#[test]
+fn test_fr() {
+    let mut rng = test_rng();
+    let a: Fr = rng.gen();
+    let b: Fr = rng.gen();
+    field_test(a, b);
+    primefield_test::<Fr>();
+}
+
+#[test]
+fn test_fq() {
+    let mut rng = test_rng();
+    let a: Fq = rng.gen();
+    let b: Fq = rng.gen();
+    field_test(a, b);
+    primefield_test::<Fq>();
+}

ed_on_bls12_377/src/lib.rs

@@ -0,0 +1,29 @@
+#![cfg_attr(not(feature = "std"), no_std)]
+#![deny(
+    warnings,
+    unused,
+    future_incompatible,
+    nonstandard_style,
+    rust_2018_idioms
+)]
+#![forbid(unsafe_code)]
+
+//! This library implements a twisted Edwards curve whose base field is the scalar field of the
+//! curve BLS12-377.  This allows defining cryptographic primitives that use elliptic curves over
+//! the scalar field of the latter curve. This curve was generated as part of the paper
+//! [[BCGMMW20, “Zexe”]](https://eprint.iacr.org/2018/962).
+//!
+//! Curve information:
+//! * Base field: q = 8444461749428370424248824938781546531375899335154063827935233455917409239041
+//! * Scalar field: r = 2111115437357092606062206234695386632838870926408408195193685246394721360383
+//! * Valuation(q - 1, 2) = 47
+//! * Valuation(r - 1, 2) = 1
+//! * Curve equation: ax^2 + y^2 =1 + dx^2y^2, where
+//!    * a = -1
+//!    * d = 3021
+
+mod curves;
+mod fields;
+
+pub use curves::*;
+pub use fields::*;