Initial commit

2026-01-12 08:51:36 +01:00 · 2020-10-11 19:50:41 -07:00
commit 43ca2132fd
209 changed files with 18825 additions and 0 deletions
--- a/ed_on_bls12_381/src/curves/mod.rs
+++ b/ed_on_bls12_381/src/curves/mod.rs
@@ -0,0 +1,121 @@
+use crate::{Fq, Fr};
+use ark_ec::{
+    models::{ModelParameters, MontgomeryModelParameters, TEModelParameters},
+    twisted_edwards_extended::{GroupAffine, GroupProjective},
+};
+use ark_ff::{biginteger::BigInteger256, field_new};
+
+#[cfg(test)]
+mod tests;
+
+pub type EdwardsAffine = GroupAffine<EdwardsParameters>;
+pub type EdwardsProjective = GroupProjective<EdwardsParameters>;
+
+#[rustfmt::skip]
+const GENERATOR_X: Fq = field_new!(Fq, BigInteger256([
+    14080349899812819339,
+    4104857150246327429,
+    8293216003873356624,
+    7400363483732984990,
+]));
+#[rustfmt::skip]
+const GENERATOR_Y: Fq = field_new!(Fq, BigInteger256([
+    13388310974700241893,
+    7654361511478576605,
+    8037907163910805792,
+    5188938133920569885,
+]));
+
+/// `JubJub` is a twisted Edwards curve. These curves have equations of the
+/// form: ax² + y² = 1 - dx²y².
+/// over some base finite field Fq.
+///
+/// JubJub's curve equation: -x² + y² = 1 - (10240/10241)x²y²
+///
+/// q = 52435875175126190479447740508185965837690552500527637822603658699938581184513.
+///
+/// a = -1.
+/// d = (10240/10241) mod q
+///   = 19257038036680949359750312669786877991949435402254120286184196891950884077233.
+///
+/// Sage script to calculate these:
+///
+/// ```text
+/// q = 52435875175126190479447740508185965837690552500527637822603658699938581184513
+/// Fq = GF(q)
+/// d = -(Fq(10240)/Fq(10241))
+/// ```
+/// These parameters and the sage script obtained from:
+/// <https://github.com/zcash/zcash/issues/2230#issuecomment-317182190>
+#[derive(Clone, Default, PartialEq, Eq)]
+pub struct EdwardsParameters;
+
+impl ModelParameters for EdwardsParameters {
+    type BaseField = Fq;
+    type ScalarField = Fr;
+}
+
+impl TEModelParameters for EdwardsParameters {
+    /// COEFF_A = -1
+    #[rustfmt::skip]
+    const COEFF_A: Fq = field_new!(Fq, BigInteger256([
+        18446744060824649731,
+        18102478225614246908,
+        11073656695919314959,
+        6613806504683796440,
+    ]));
+
+    /// COEFF_D = (10240/10241) mod q
+    #[rustfmt::skip]
+    const COEFF_D: Fq = field_new!(Fq, BigInteger256([
+        3049539848285517488,
+        18189135023605205683,
+        8793554888777148625,
+        6339087681201251886,
+    ]));
+
+    /// COFACTOR = 8
+    const COFACTOR: &'static [u64] = &[8];
+
+    /// COFACTOR^(-1) mod r =
+    /// 819310549611346726241370945440405716213240158234039660170669895299022906775
+    #[rustfmt::skip]
+    const COFACTOR_INV: Fr = field_new!(Fr, BigInteger256([
+        6832491983681988242,
+        12911748493335322362,
+        17523939349049608702,
+        217463794347581613,
+    ]));
+
+    /// AFFINE_GENERATOR_COEFFS = (GENERATOR_X, GENERATOR_Y)
+    const AFFINE_GENERATOR_COEFFS: (Self::BaseField, Self::BaseField) = (GENERATOR_X, GENERATOR_Y);
+
+    type MontgomeryModelParameters = EdwardsParameters;
+
+    /// Multiplication by `a` is simply negation here.
+    #[inline(always)]
+    fn mul_by_a(elem: &Self::BaseField) -> Self::BaseField {
+        -(*elem)
+    }
+}
+
+impl MontgomeryModelParameters for EdwardsParameters {
+    /// COEFF_A = 0xA002
+    #[rustfmt::skip]
+    const COEFF_A: Fq = field_new!(Fq, BigInteger256([
+        388496971701930u64,
+        6855257088226130262u64,
+        553476580979119549u64,
+        6516741293351590684u64,
+    ]));
+    /// COEFF_B = 0x73EDA753299D7D483339D80809A1D80553BDA402FFFE5BFEFFFFFFFEFFFF5FFD
+    #[rustfmt::skip]
+    const COEFF_B: Fq = field_new!(Fq, BigInteger256([
+        18446355550968045916u64,
+        10902955289292811939u64,
+        3147092737149958754u64,
+        6710871716016002197u64,
+    ]));
+
+    type TEModelParameters = EdwardsParameters;
+}
--- a/ed_on_bls12_381/src/curves/tests.rs
+++ b/ed_on_bls12_381/src/curves/tests.rs
@@ -0,0 +1,106 @@
+use ark_ec::{AffineCurve, ProjectiveCurve};
+use ark_ff::{bytes::FromBytes, test_rng, Zero};
+use core::str::FromStr;
+use rand::Rng;
+
+use crate::*;
+
+use ark_curve_tests::{curves::*, groups::*};
+
+#[test]
+fn test_projective_curve() {
+    curve_tests::<EdwardsProjective>();
+
+    edwards_tests::<EdwardsParameters>();
+}
+
+#[test]
+fn test_projective_group() {
+    let mut rng = test_rng();
+    let a = rng.gen();
+    let b = rng.gen();
+    for _i in 0..100 {
+        group_test::<EdwardsProjective>(a, b);
+    }
+}
+
+#[test]
+fn test_affine_group() {
+    let mut rng = test_rng();
+    let a: EdwardsAffine = rng.gen();
+    let b: EdwardsAffine = rng.gen();
+    for _i in 0..100 {
+        group_test::<EdwardsAffine>(a, b);
+    }
+}
+
+#[test]
+fn test_generator() {
+    let generator = EdwardsAffine::prime_subgroup_generator();
+    assert!(generator.is_on_curve());
+    assert!(generator.is_in_correct_subgroup_assuming_on_curve());
+}
+
+#[test]
+fn test_conversion() {
+    let mut rng = test_rng();
+    let a: EdwardsAffine = rng.gen();
+    let b: EdwardsAffine = rng.gen();
+    let a_b = {
+        use ark_ec::group::Group;
+        (a + &b).double().double()
+    };
+    let a_b2 = (a.into_projective() + &b.into_projective())
+        .double()
+        .double();
+    assert_eq!(a_b, a_b2.into_affine());
+    assert_eq!(a_b.into_projective(), a_b2);
+}
+
+#[test]
+fn test_scalar_multiplication() {
+    let f1 = Fr::from_str(
+        "4691331900926794624732159288782398864809513177368446695323460897088210774597",
+    )
+    .unwrap();
+    let f2 = Fr::from_str(
+        "1305028103380024953477151132159456965337646722479526711736847301646466538045",
+    )
+    .unwrap();
+
+    let g = EdwardsAffine::from_str(
+        "(1158870117176967269192899343636553522971009777237254192973081388797299308391, \
+         36933624999642413792569726058244472742169727126562409632889593958355839948294)",
+    )
+    .unwrap();
+    let f1f2g = EdwardsAffine::from_str(
+        "(12638652891150111215300246576936483137884466359309882317048163368620501191944, \
+         38385045634663742820428406709832518145724237919360177362175527604556651918148)",
+    )
+    .unwrap();
+
+    assert!(!g.is_zero());
+    assert!(!f1f2g.is_zero());
+
+    let f1g = g.mul(f1).into_affine();
+    assert_eq!(g.mul(f1 * &f2).into_affine(), f1f2g);
+    assert_eq!(f1g.mul(f2).into_affine(), f1f2g);
+}
+
+#[test]
+fn test_bytes() {
+    let g_from_repr = EdwardsAffine::from_str(
+        "(1158870117176967269192899343636553522971009777237254192973081388797299308391, \
+         36933624999642413792569726058244472742169727126562409632889593958355839948294)",
+    )
+    .unwrap();
+
+    let g_bytes = ark_ff::to_bytes![g_from_repr].unwrap();
+    let g = EdwardsAffine::read(g_bytes.as_slice()).unwrap();
+    assert_eq!(g_from_repr, g);
+}
+
+#[test]
+fn test_montgomery_conversion() {
+    montgomery_conversion_test::<EdwardsParameters>();
+}