Initial commit

2026-01-08 23:11:29 +01:00 · 2020-10-11 19:50:41 -07:00
commit 43ca2132fd
209 changed files with 18825 additions and 0 deletions
--- a/ed_on_cp6_782/Cargo.toml
+++ b/ed_on_cp6_782/Cargo.toml
@@ -0,0 +1,29 @@
+[package]
+name = "ark-ed-on-cp6-782"
+version = "0.1.0"
+authors = [ "arkworks contributors" ]
+description = "A Twisted Edwards curve defined over the scalar field of the CP6-782 curve"
+homepage = "https://arworks.rs"
+repository = "https://github.com/arkworks/algebra"
+documentation = "https://docs.rs/ark-ed-on-cp6-782/"
+keywords = ["cryptography", "finite fields", "elliptic curves" ]
+categories = ["cryptography"]
+include = ["Cargo.toml", "src", "README.md", "LICENSE-APACHE", "LICENSE-MIT"]
+license = "MIT/Apache-2.0"
+edition = "2018"
+
+[dependencies]
+ark-ff = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
+ark-ec = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
+ark-std = { git = "https://github.com/arkworks-rs/utils", default-features = false }
+ark-bls12-377 = { path = "../bls12_377", default-features = false, features = [ "base_field" ] }
+
+[dev-dependencies]
+ark-serialize = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
+ark-curve-tests = { path = "../curve-tests", default-features = false }
+rand = { version = "0.7", default-features = false }
+rand_xorshift = "0.2"
+
+[features]
+default = []
+std = [ "ark-std/std", "ark-ff/std", "ark-ec/std", "ark-bls12-377/std" ]
--- a/ed_on_cp6_782/src/curves/mod.rs
+++ b/ed_on_cp6_782/src/curves/mod.rs
@@ -0,0 +1,121 @@
+use ark_ec::{
+    models::{ModelParameters, MontgomeryModelParameters, TEModelParameters},
+    twisted_edwards_extended::{GroupAffine, GroupProjective},
+};
+use ark_ff::{biginteger::BigInteger384 as BigInteger, field_new};
+
+use crate::{fq::Fq, fr::Fr};
+
+#[cfg(test)]
+mod tests;
+
+pub type EdwardsAffine = GroupAffine<EdwardsParameters>;
+pub type EdwardsProjective = GroupProjective<EdwardsParameters>;
+
+#[derive(Clone, Default, PartialEq, Eq)]
+pub struct EdwardsParameters;
+
+impl ModelParameters for EdwardsParameters {
+    type BaseField = Fq;
+    type ScalarField = Fr;
+}
+
+impl TEModelParameters for EdwardsParameters {
+    /// COEFF_A = -1 =
+    /// 258664426012969094010652733694893533536393512754914660539884262666720468348340822774968888139573360124440321458176
+    #[rustfmt::skip]
+    const COEFF_A: Fq = field_new!(Fq, BigInteger([
+        9384023879812382873,
+        14252412606051516495,
+        9184438906438551565,
+        11444845376683159689,
+        8738795276227363922,
+        81297770384137296,
+    ]));
+
+    /// COEFF_D = 79743
+    #[rustfmt::skip]
+    const COEFF_D: Fq = field_new!(Fq, BigInteger([
+        0x4669ffffff46a638,
+        0xa56bbe0a7f9fae05,
+        0x403b425466a710b4,
+        0xf6648db6ea4e988b,
+        0x74d51b5923d35a8d,
+        0xf8ed90b17fe903,
+    ]));
+
+    /// COFACTOR = 8
+    const COFACTOR: &'static [u64] = &[8];
+
+    /// COFACTOR^(-1) mod r =
+    /// 12124894969357926281749346891948134384518445910386624712788431705725441736421489799867521238554906438478484045560
+    #[rustfmt::skip]
+    const COFACTOR_INV: Fr = field_new!(Fr, BigInteger([
+        7353538464571651976,
+        2030910049503177537,
+        16726103313845754033,
+        1110650741117127777,
+        5304838729792721053,
+        4975067790294675,
+    ]));
+
+    /// AFFINE_GENERATOR_COEFFS = (GENERATOR_X, GENERATOR_Y)
+    const AFFINE_GENERATOR_COEFFS: (Self::BaseField, Self::BaseField) = (GENERATOR_X, GENERATOR_Y);
+
+    type MontgomeryModelParameters = EdwardsParameters;
+
+    /// Multiplication by `a` is just negation.
+    #[inline(always)]
+    fn mul_by_a(elem: &Self::BaseField) -> Self::BaseField {
+        -*elem
+    }
+}
+
+impl MontgomeryModelParameters for EdwardsParameters {
+    /// COEFF_A = 0x95D53EB3F6AC3F7A53C26020144439DC6073BCAE513E03FD06B6B3BAA390F25E51534B26719E33F4CD906D4DA9B535
+    #[rustfmt::skip]
+    const COEFF_A: Fq = field_new!(Fq, BigInteger([
+        7594254284108454966u64,
+        14287343397973578077u64,
+        6490358977072726023u64,
+        8023375322051995268u64,
+        8242802613686040715u64,
+        100541941146122331u64,
+    ]));
+    /// COEFF_B = 0x118650763CE64AB4BE743604C8D05013DC2663652A3D58B21ECAB7BFF65B70DB8BA09F9098E61CC903B2F92B2564ACA
+    #[rustfmt::skip]
+    const COEFF_B: Fq = field_new!(Fq, BigInteger([
+        11173793475516310780u64,
+        14217481814129454913u64,
+        11878518835804377107u64,
+        14866315431314324110u64,
+        9234787938768687129u64,
+        62053599622152261u64,
+    ]));
+
+    type TEModelParameters = EdwardsParameters;
+}
+
+/// GENERATOR_X =
+/// 174701772324485506941690903512423551998294352968833659960042362742684869862495746426366187462669992073196420267127
+#[rustfmt::skip]
+const GENERATOR_X: Fq = field_new!(Fq, BigInteger([
+    3737364149926089590,
+    13002967008679663837,
+    9954144214462864555,
+    3365719140389487049,
+    8643066672427471196,
+    120355578793479865,
+]));
+
+/// GENERATOR_Y =
+/// 208487200052258845495340374451540775445408439654930191324011635560142523886549663106522691296420655144190624954833
+#[rustfmt::skip]
+const GENERATOR_Y: Fq = field_new!(Fq, BigInteger([
+    6027299446526298157,
+    12854429557810467099,
+    11207279014226687864,
+    17040621363687352702,
+    6112671509202865855,
+    44040319652922447,
+]));
--- a/ed_on_cp6_782/src/curves/tests.rs
+++ b/ed_on_cp6_782/src/curves/tests.rs
@@ -0,0 +1,62 @@
+use ark_ec::{AffineCurve, ProjectiveCurve};
+use ark_ff::test_rng;
+use rand::Rng;
+
+use crate::*;
+
+use ark_curve_tests::{curves::*, groups::*};
+
+#[test]
+fn test_projective_curve() {
+    curve_tests::<EdwardsProjective>();
+
+    edwards_tests::<EdwardsParameters>();
+}
+
+#[test]
+fn test_projective_group() {
+    let mut rng = test_rng();
+    let a = rng.gen();
+    let b = rng.gen();
+    for _i in 0..100 {
+        group_test::<EdwardsProjective>(a, b);
+    }
+}
+
+#[test]
+fn test_affine_group() {
+    let mut rng = test_rng();
+    let a: EdwardsAffine = rng.gen();
+    let b: EdwardsAffine = rng.gen();
+    for _i in 0..100 {
+        group_test::<EdwardsAffine>(a, b);
+    }
+}
+
+#[test]
+fn test_generator() {
+    let generator = EdwardsAffine::prime_subgroup_generator();
+    assert!(generator.is_on_curve());
+    assert!(generator.is_in_correct_subgroup_assuming_on_curve());
+}
+
+#[test]
+fn test_conversion() {
+    let mut rng = test_rng();
+    let a: EdwardsAffine = rng.gen();
+    let b: EdwardsAffine = rng.gen();
+    let a_b = {
+        use ark_ec::group::Group;
+        (a + &b).double().double()
+    };
+    let a_b2 = (a.into_projective() + &b.into_projective())
+        .double()
+        .double();
+    assert_eq!(a_b, a_b2.into_affine());
+    assert_eq!(a_b.into_projective(), a_b2);
+}
+
+#[test]
+fn test_montgomery_conversion() {
+    montgomery_conversion_test::<EdwardsParameters>();
+}
--- a/ed_on_cp6_782/src/fields/fq.rs
+++ b/ed_on_cp6_782/src/fields/fq.rs
@@ -0,0 +1 @@
+pub use ark_bls12_377::{Fq, FqParameters};
--- a/ed_on_cp6_782/src/fields/fr.rs
+++ b/ed_on_cp6_782/src/fields/fr.rs
@@ -0,0 +1,90 @@
+use ark_ff::{
+    biginteger::BigInteger384 as BigInteger,
+    fields::{FftParameters, Fp384, Fp384Parameters, FpParameters},
+};
+
+pub type Fr = Fp384<FrParameters>;
+
+pub struct FrParameters;
+
+impl Fp384Parameters for FrParameters {}
+impl FftParameters for FrParameters {
+    type BigInt = BigInteger;
+
+    const TWO_ADICITY: u32 = 2u32;
+
+    #[rustfmt::skip]
+    const TWO_ADIC_ROOT_OF_UNITY: BigInteger = BigInteger([
+        12119792640622387781u64,
+        8318439284650634613u64,
+        6931324077796168275u64,
+        12851391603681523141u64,
+        6881015057611215092u64,
+        1893962574900431u64,
+    ]);
+}
+impl FpParameters for FrParameters {
+    /// MODULUS = 32333053251621136751331591711861691692049189094364332567435817881934511297123972799646723302813083835942624121493
+    #[rustfmt::skip]
+    const MODULUS: BigInteger = BigInteger([
+        4684667634276979349u64,
+        3748803659444032385u64,
+        16273581227874629698u64,
+        7152942431629910641u64,
+        6397188139321141543u64,
+        15137289088311837u64,
+    ]);
+
+    const MODULUS_BITS: u32 = 374;
+
+    const CAPACITY: u32 = Self::MODULUS_BITS - 1;
+
+    const REPR_SHAVE_BITS: u32 = 10;
+
+    #[rustfmt::skip]
+    const R: BigInteger = BigInteger([
+        12565484300600153878u64,
+        8749673077137355528u64,
+        9027943686469014788u64,
+        13026065139386752555u64,
+        11197589485989933721u64,
+        9525964145733727u64,
+    ]);
+
+    #[rustfmt::skip]
+    const R2: BigInteger = BigInteger([
+        17257035094703902127u64,
+        16096159112880350050u64,
+        3498553494623421763u64,
+        333405339929360058u64,
+        1125865524035793947u64,
+        1586246138566285u64,
+    ]);
+
+    const INV: u64 = 16242011933465909059u64;
+
+    // 2
+    #[rustfmt::skip]
+    const GENERATOR: BigInteger = BigInteger([
+        1999556893213776791u64,
+        13750542494830678672u64,
+        1782306145063399878u64,
+        452443773434042853u64,
+        15997990832658725900u64,
+        3914639203155617u64,
+    ]);
+
+    #[rustfmt::skip]
+    const MODULUS_MINUS_ONE_DIV_TWO: BigInteger = BigInteger([
+        11565705853993265482u64,
+        1874401829722016192u64,
+        17360162650792090657u64,
+        12799843252669731128u64,
+        12421966106515346579u64,
+        7568644544155918u64,
+    ]);
+
+    const T: BigInteger = BigInteger([0x0, 0x0, 0x0, 0x0, 0x0, 0x0]);
+
+    const T_MINUS_ONE_DIV_TWO: BigInteger = BigInteger([0x0, 0x0, 0x0, 0x0, 0x0, 0x0]);
+}
--- a/ed_on_cp6_782/src/fields/mod.rs
+++ b/ed_on_cp6_782/src/fields/mod.rs
@@ -0,0 +1,8 @@
+pub mod fq;
+pub mod fr;
+
+pub use fq::*;
+pub use fr::*;
+
+#[cfg(all(feature = "ed_on_cp6_782", test))]
+mod tests;
--- a/ed_on_cp6_782/src/fields/tests.rs
+++ b/ed_on_cp6_782/src/fields/tests.rs
@@ -0,0 +1,24 @@
+use ark_ff::test_rng;
+use rand::Rng;
+
+use crate::{Fq, Fr};
+
+use ark_curve_tests::fields::*;
+
+#[test]
+fn test_fr() {
+    let mut rng = test_rng();
+    let a: Fr = rng.gen();
+    let b: Fr = rng.gen();
+    field_test(a, b);
+    primefield_test::<Fr>();
+}
+
+#[test]
+fn test_fq() {
+    let mut rng = test_rng();
+    let a: Fq = rng.gen();
+    let b: Fq = rng.gen();
+    field_test(a, b);
+    primefield_test::<Fq>();
+}
--- a/ed_on_cp6_782/src/lib.rs
+++ b/ed_on_cp6_782/src/lib.rs
@@ -0,0 +1,28 @@
+#![cfg_attr(not(feature = "std"), no_std)]
+#![deny(
+    warnings,
+    unused,
+    future_incompatible,
+    nonstandard_style,
+    rust_2018_idioms
+)]
+#![forbid(unsafe_code)]
+
+//! This library implements a twisted Edwards curve whose base field is the scalar field of the curve CP6.
+//! This allows defining cryptographic primitives that use elliptic curves over the scalar field of the latter curve.
+//! This curve was generated as part of the paper [[BCGMMW20, “Zexe”]](https://eprint.iacr.org/2018/962).
+//!
+//! Curve information:
+//! * Base field: q = 258664426012969094010652733694893533536393512754914660539884262666720468348340822774968888139573360124440321458177
+//! * Scalar field: r = 32333053251621136751331591711861691692049189094364332567435817881934511297123972799646723302813083835942624121493
+//! * Valuation(q - 1, 2) = 46
+//! * Valuation(r - 1, 2) = 2
+//! * Curve equation: ax^2 + y^2 =1 + dx^2y^2, where
+//!    * a = -1
+//!    * d = 79743
+
+mod curves;
+mod fields;
+
+pub use curves::*;
+pub use fields::*;