Initial commit

mnt4_298/Cargo.toml

@@ -0,0 +1,32 @@
+[package]
+name = "ark-mnt4-298"
+version = "0.1.0"
+authors = [ "arkworks contributors" ]
+description = "The MNT4-298 pairing-friendly elliptic curve"
+homepage = "https://arworks.rs"
+repository = "https://github.com/arkworks/algebra"
+documentation = "https://docs.rs/ark-mnt4-298/"
+keywords = ["cryptography", "finite fields" ]
+categories = ["cryptography"]
+include = ["Cargo.toml", "src", "README.md", "LICENSE-APACHE", "LICENSE-MIT"]
+license = "MIT/Apache-2.0"
+edition = "2018"
+
+[dependencies]
+ark-ff = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
+ark-ec = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
+ark-std = { git = "https://github.com/arkworks-rs/utils", default-features = false }
+
+[dev-dependencies]
+ark-serialize = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
+ark-curve-tests = { path = "../curve-tests", default-features = false }
+rand = { version = "0.7", default-features = false }
+rand_xorshift = "0.2"
+
+[features]
+default = [ "curve" ]
+std = [ "ark-std/std", "ark-ff/std", "ark-ec/std" ]
+
+curve = [ "scalar_field", "base_field" ]
+scalar_field = []
+base_field = []

mnt4_298/LICENSE-APACHE

@@ -0,0 +1 @@
+../LICENSE-APACHE

mnt4_298/LICENSE-MIT

@@ -0,0 +1 @@
+../LICENSE-MIT

mnt4_298/src/curves/g1.rs

@@ -0,0 +1,79 @@
+use crate::{Fq, Fr, FR_ONE};
+use ark_ec::{
+    mnt4,
+    models::{ModelParameters, SWModelParameters},
+};
+use ark_ff::{biginteger::BigInteger320, field_new};
+
+pub type G1Affine = mnt4::G1Affine<crate::Parameters>;
+pub type G1Projective = mnt4::G1Projective<crate::Parameters>;
+pub type G1Prepared = mnt4::G1Prepared<crate::Parameters>;
+
+#[derive(Clone, Default, PartialEq, Eq)]
+pub struct Parameters;
+
+impl ModelParameters for Parameters {
+    type BaseField = Fq;
+    type ScalarField = Fr;
+}
+
+impl SWModelParameters for Parameters {
+    /// COEFF_A = 2
+    /// Reference: https://github.com/scipr-lab/libff/blob/c927821ebe02e0a24b5e0f9170cec5e211a35f08/libff/algebra/curves/mnt/mnt4/mnt4_init.cpp#L116
+    #[rustfmt::skip]
+    const COEFF_A: Fq = field_new!(Fq, BigInteger320([
+            3568597988870129848,
+            15257338106490985450,
+            10069779447956199041,
+            5922375556522222383,
+            3858029504390,
+    ]));
+
+    /// COEFF_B = 423894536526684178289416011533888240029318103673896002803341544124054745019340795360841685
+    /// Reference: https://github.com/scipr-lab/libff/blob/c927821ebe02e0a24b5e0f9170cec5e211a35f08/libff/algebra/curves/mnt/mnt4/mnt4_init.cpp#L117
+    #[rustfmt::skip]
+    const COEFF_B: Fq = field_new!(Fq, BigInteger320([
+            7842808090366692145,
+            288200302308193399,
+            4162060950790347941,
+            5488589108190218591,
+            1553456013645,
+    ]));
+
+    /// COFACTOR = 1
+    const COFACTOR: &'static [u64] = &[1];
+
+    /// COFACTOR^(-1) mod r =
+    /// 1
+    #[rustfmt::skip]
+    const COFACTOR_INV: Fr = FR_ONE;
+
+    /// AFFINE_GENERATOR_COEFFS = (G1_GENERATOR_X, G1_GENERATOR_Y)
+    const AFFINE_GENERATOR_COEFFS: (Self::BaseField, Self::BaseField) =
+        (G1_GENERATOR_X, G1_GENERATOR_Y);
+}
+
+// Generator of G1
+// X = 60760244141852568949126569781626075788424196370144486719385562369396875346601926534016838,
+// Y = 363732850702582978263902770815145784459747722357071843971107674179038674942891694705904306,
+/// G1_GENERATOR_X
+/// Reference: https://github.com/scipr-lab/libff/blob/c927821ebe02e0a24b5e0f9170cec5e211a35f08/libff/algebra/curves/mnt/mnt4/mnt4_init.cpp#L137
+#[rustfmt::skip]
+pub const G1_GENERATOR_X: Fq = field_new!(Fq, BigInteger320([
+    6046301378120906932,
+    15105298306031900263,
+    15757949605695610691,
+    6113949277267426050,
+    3063081829217,
+]));
+
+/// G1_GENERATOR_Y
+/// Reference: https://github.com/scipr-lab/libff/blob/c927821ebe02e0a24b5e0f9170cec5e211a35f08/libff/algebra/curves/mnt/mnt4/mnt4_init.cpp#L138
+#[rustfmt::skip]
+pub const G1_GENERATOR_Y: Fq = field_new!(Fq, BigInteger320([
+    8798367863963590781,
+    9770379341721339603,
+    17697354471293810920,
+    15252694996423733496,
+    3845520398052,
+]));

mnt4_298/src/curves/g2.rs

@@ -0,0 +1,127 @@
+use crate::{Fq, Fq2, Fr, FQ_ZERO, G1_COEFF_A_NON_RESIDUE};
+use ark_ec::{
+    mnt4,
+    mnt4::MNT4Parameters,
+    models::{ModelParameters, SWModelParameters},
+};
+use ark_ff::{biginteger::BigInteger320, field_new};
+
+pub type G2Affine = mnt4::G2Affine<crate::Parameters>;
+pub type G2Projective = mnt4::G2Projective<crate::Parameters>;
+pub type G2Prepared = mnt4::G2Prepared<crate::Parameters>;
+
+#[derive(Clone, Default, PartialEq, Eq)]
+pub struct Parameters;
+
+impl ModelParameters for Parameters {
+    type BaseField = Fq2;
+    type ScalarField = Fr;
+}
+
+/// MUL_BY_A_C0 = NONRESIDUE * COEFF_A
+#[rustfmt::skip]
+pub const MUL_BY_A_C0: Fq = G1_COEFF_A_NON_RESIDUE;
+
+/// MUL_BY_A_C1 = NONRESIDUE * COEFF_A
+#[rustfmt::skip]
+pub const MUL_BY_A_C1: Fq = G1_COEFF_A_NON_RESIDUE;
+
+impl SWModelParameters for Parameters {
+    const COEFF_A: Fq2 = crate::Parameters::TWIST_COEFF_A;
+    // B coefficient of MNT4-298 G2 =
+    // ```
+    // mnt4298_twist_coeff_b = mnt4298_Fq2(mnt4298_Fq::zero(),
+    //                                  mnt4298_G1::coeff_b * mnt4298_Fq2::non_residue);
+    // non_residue = mnt4298_Fq2::non_residue = mnt4298_Fq("13");
+    //  = (ZERO, G1_B_COEFF * NON_RESIDUE);
+    //  =
+    //  (0, 67372828414711144619833451280373307321534573815811166723479321465776723059456513877937430)
+    // ```
+    #[rustfmt::skip]
+    const COEFF_B: Fq2 = field_new!(Fq2,
+        FQ_ZERO,
+        field_new!(Fq, BigInteger320([
+            9511110677122940475,
+            13403516020116973437,
+            1464701424831086967,
+            4646785117660390394,
+            1747881737068,
+        ])),
+    );
+
+    /// COFACTOR =
+    /// 475922286169261325753349249653048451545124879932565935237842521413255878328503110407553025
+    #[rustfmt::skip]
+    const COFACTOR: &'static [u64] = &[
+        15480692783052488705,
+        9802782456999489873,
+        14622846468721090623,
+        11702080941310629006,
+        4110145082483,
+    ];
+
+    /// COFACTOR^(-1) mod r =
+    /// 475922286169261325753349249653048451545124878207887910632124039320641839552134835598065665
+    #[rustfmt::skip]
+    const COFACTOR_INV: Fr = field_new!(Fr, BigInteger320([
+        8065818351154103109,
+        7537800592537321232,
+        747075088561892445,
+        6335802185495034136,
+        1874289794052,
+    ]));
+
+    /// AFFINE_GENERATOR_COEFFS = (G2_GENERATOR_X, G2_GENERATOR_Y)
+    const AFFINE_GENERATOR_COEFFS: (Self::BaseField, Self::BaseField) =
+        (G2_GENERATOR_X, G2_GENERATOR_Y);
+
+    #[inline(always)]
+    fn mul_by_a(elt: &Fq2) -> Fq2 {
+        field_new!(Fq2, MUL_BY_A_C0 * &elt.c0, MUL_BY_A_C1 * &elt.c1,)
+    }
+}
+
+const G2_GENERATOR_X: Fq2 = field_new!(Fq2, G2_GENERATOR_X_C0, G2_GENERATOR_X_C1);
+const G2_GENERATOR_Y: Fq2 = field_new!(Fq2, G2_GENERATOR_Y_C0, G2_GENERATOR_Y_C1);
+
+// Generator of G2
+// These are two Fq elements each because X and Y (and Z) are elements of Fq^2
+// X = 438374926219350099854919100077809681842783509163790991847867546339851681564223481322252708,
+// 37620953615500480110935514360923278605464476459712393277679280819942849043649216370485641,
+// Y = 37437409008528968268352521034936931842973546441370663118543015118291998305624025037512482,
+// 424621479598893882672393190337420680597584695892317197646113820787463109735345923009077489,
+#[rustfmt::skip]
+pub const G2_GENERATOR_X_C0: Fq = field_new!(Fq, BigInteger320([
+    5356671649366391794,
+    2684151262065976452,
+    4683110650642896126,
+    10421299515941681582,
+    1618695480960
+]));
+
+#[rustfmt::skip]
+pub const G2_GENERATOR_X_C1: Fq = field_new!(Fq, BigInteger320([
+    133394645290266480,
+    15395232932057272770,
+    18271324022738539173,
+    9095178119640120034,
+    2303787573609
+]));
+
+#[rustfmt::skip]
+pub const G2_GENERATOR_Y_C0: Fq = field_new!(Fq, BigInteger320([
+    16920448081812496532,
+    15580160192086626100,
+    3974467672100342742,
+    8216505962266760277,
+    2643162835232
+]));
+
+#[rustfmt::skip]
+pub const G2_GENERATOR_Y_C1: Fq = field_new!(Fq, BigInteger320([
+    73816197493558356,
+    8663991890578965996,
+    11575903875707445958,
+    17953546933481201011,
+    2167465829200
+]));

mnt4_298/src/curves/mod.rs

@@ -0,0 +1,63 @@
+use ark_ec::models::mnt4::{MNT4Parameters, MNT4};
+use ark_ff::{biginteger::BigInteger320, field_new, fields::FpParameters, Fp2};
+
+use crate::{Fq, Fq2, Fq2Parameters, Fq4Parameters, FqParameters, Fr, FrParameters};
+
+pub mod g1;
+pub mod g2;
+
+#[cfg(test)]
+mod tests;
+
+pub use self::{
+    g1::{G1Affine, G1Prepared, G1Projective},
+    g2::{G2Affine, G2Prepared, G2Projective},
+};
+
+pub type MNT4_298 = MNT4<Parameters>;
+
+pub struct Parameters;
+
+impl MNT4Parameters for Parameters {
+    const TWIST: Fp2<Self::Fp2Params> = field_new!(Fq2, FQ_ZERO, FQ_ONE);
+    // A coefficient of MNT4-298 G2 =
+    // ```
+    // mnt4298_twist_coeff_a = mnt4298_Fq2(mnt4298_G1::coeff_a * non_residue, mnt6298_Fq::zero());
+    //  = (A_COEFF * NONRESIDUE, ZERO)
+    //  = (34, ZERO)
+    // ```
+    #[rustfmt::skip]
+    const TWIST_COEFF_A: Fp2<Self::Fp2Params> = field_new!(Fq2,
+        G1_COEFF_A_NON_RESIDUE,
+        FQ_ZERO,
+    );
+
+    const ATE_LOOP_COUNT: &'static [u64] = &[993502997770534912, 5071219579242586943, 2027349];
+    const ATE_IS_LOOP_COUNT_NEG: bool = false;
+    const FINAL_EXPONENT_LAST_CHUNK_1: BigInteger320 = BigInteger320([0x1, 0x0, 0x0, 0x0, 0x0]);
+    const FINAL_EXPONENT_LAST_CHUNK_W0_IS_NEG: bool = false;
+    const FINAL_EXPONENT_LAST_CHUNK_ABS_OF_W0: BigInteger320 =
+        BigInteger320([993502997770534913, 5071219579242586943, 2027349, 0, 0]);
+    type Fp = Fq;
+    type Fr = Fr;
+    type Fp2Params = Fq2Parameters;
+    type Fp4Params = Fq4Parameters;
+    type G1Parameters = self::g1::Parameters;
+    type G2Parameters = self::g2::Parameters;
+}
+
+// 34
+pub const G1_COEFF_A_NON_RESIDUE: Fq = field_new!(
+    Fq,
+    BigInteger320([
+        9379015694948865065,
+        3933863906897692531,
+        7183785805598089445,
+        17382890709766103498,
+        3934325337380,
+    ])
+);
+pub const FQ_ZERO: Fq = field_new!(Fq, BigInteger320([0, 0, 0, 0, 0]));
+pub const FQ_ONE: Fq = field_new!(Fq, FqParameters::R);
+pub const FR_ZERO: Fr = field_new!(Fr, BigInteger320([0, 0, 0, 0, 0]));
+pub const FR_ONE: Fr = field_new!(Fr, FrParameters::R);

mnt4_298/src/curves/tests.rs

@@ -0,0 +1,90 @@
+use ark_ec::{AffineCurve, PairingEngine, ProjectiveCurve};
+use ark_ff::{test_rng, Field, One, PrimeField, UniformRand};
+use rand::Rng;
+
+use crate::*;
+
+use ark_curve_tests::{curves::*, groups::*};
+
+#[test]
+fn test_g1_projective_curve() {
+    curve_tests::<G1Projective>();
+
+    sw_tests::<g1::Parameters>();
+}
+
+#[test]
+fn test_g1_projective_group() {
+    let mut rng = test_rng();
+    let a: G1Projective = rng.gen();
+    let b: G1Projective = rng.gen();
+    group_test(a, b);
+}
+
+#[test]
+fn test_g1_generator() {
+    let generator = G1Affine::prime_subgroup_generator();
+    assert!(generator.is_on_curve());
+    assert!(generator.is_in_correct_subgroup_assuming_on_curve());
+}
+
+#[test]
+fn test_g2_projective_curve() {
+    curve_tests::<G2Projective>();
+
+    sw_tests::<g2::Parameters>();
+}
+
+#[test]
+fn test_g2_projective_group() {
+    let mut rng = test_rng();
+    let a: G2Projective = rng.gen();
+    let b: G2Projective = rng.gen();
+    group_test(a, b);
+}
+
+#[test]
+fn test_g2_generator() {
+    let generator = G2Affine::prime_subgroup_generator();
+    assert!(generator.is_on_curve());
+    assert!(generator.is_in_correct_subgroup_assuming_on_curve());
+}
+
+#[test]
+fn test_bilinearity() {
+    let mut rng = test_rng();
+    let a: G1Projective = rng.gen();
+    let b: G2Projective = rng.gen();
+    let s: Fr = rng.gen();
+
+    let sa = a.mul(s);
+    let sb = b.mul(s);
+
+    let ans1 = MNT4_298::pairing(sa, b);
+    let ans2 = MNT4_298::pairing(a, sb);
+    let ans3 = MNT4_298::pairing(a, b).pow(s.into_repr());
+
+    assert_eq!(ans1, ans2);
+    assert_eq!(ans2, ans3);
+
+    assert_ne!(ans1, Fq4::one());
+    assert_ne!(ans2, Fq4::one());
+    assert_ne!(ans3, Fq4::one());
+
+    assert_eq!(ans1.pow(Fr::characteristic()), Fq4::one());
+    assert_eq!(ans2.pow(Fr::characteristic()), Fq4::one());
+    assert_eq!(ans3.pow(Fr::characteristic()), Fq4::one());
+}
+
+#[test]
+fn test_product_of_pairings() {
+    let rng = &mut test_rng();
+
+    let a = G1Projective::rand(rng).into_affine();
+    let b = G2Projective::rand(rng).into_affine();
+    let c = G1Projective::rand(rng).into_affine();
+    let d = G2Projective::rand(rng).into_affine();
+    let ans1 = MNT4_298::pairing(a, b) * &MNT4_298::pairing(c, d);
+    let ans2 = MNT4_298::product_of_pairings(&[(a.into(), b.into()), (c.into(), d.into())]);
+    assert_eq!(ans1, ans2);
+}

mnt4_298/src/fields/fq.rs

@@ -0,0 +1,115 @@
+use ark_ff::{
+    biginteger::BigInteger320 as BigInteger,
+    fields::{FftParameters, Fp320, Fp320Parameters, FpParameters},
+};
+
+pub type Fq = Fp320<FqParameters>;
+
+pub struct FqParameters;
+
+impl Fp320Parameters for FqParameters {}
+impl FftParameters for FqParameters {
+    type BigInt = BigInteger;
+
+    const TWO_ADICITY: u32 = 17;
+
+    #[rustfmt::skip]
+    const TWO_ADIC_ROOT_OF_UNITY: BigInteger = BigInteger([
+        9821480371597472441u64,
+        9468346035609379175u64,
+        9963748368231707135u64,
+        14865337659602750405u64,
+        3984815592673u64,
+    ]);
+
+    const SMALL_SUBGROUP_BASE: Option<u32> = Some(7);
+    const SMALL_SUBGROUP_BASE_ADICITY: Option<u32> = Some(2);
+
+    /// LARGE_SUBGROUP_ROOT_OF_UNITY = x * g
+    /// where x = (n - 1) / 2^17 / 7^2
+    /// and represent this value in the Montgomery residue form.
+    /// I.e., write
+    /// 381811485921190977554243339163030148371175054922689353173385941180422489253833691237722982
+    /// * R
+    /// = 260534023778902228073198316993669317435810479439368306496187170459125001342456918103569322
+    const LARGE_SUBGROUP_ROOT_OF_UNITY: Option<BigInteger> = Some(BigInteger([
+        7711798843682337706u64,
+        16456007754393011187u64,
+        7470854640069402569u64,
+        10767969225751706229u64,
+        2250015743691u64,
+    ]));
+}
+impl FpParameters for FqParameters {
+    /// MODULUS = 475922286169261325753349249653048451545124879242694725395555128576210262817955800483758081
+    #[rustfmt::skip]
+    const MODULUS: BigInteger = BigInteger([
+        14487189785281953793u64,
+        4731562877756902930u64,
+        14622846468719063274u64,
+        11702080941310629006u64,
+        4110145082483u64,
+    ]);
+
+    const MODULUS_BITS: u32 = 298;
+
+    const CAPACITY: u32 = Self::MODULUS_BITS - 1;
+
+    const REPR_SHAVE_BITS: u32 = 22;
+
+    #[rustfmt::skip]
+    const R: BigInteger = BigInteger([
+        1784298994435064924u64,
+        16852041090100268533u64,
+        14258261760832875328u64,
+        2961187778261111191u64,
+        1929014752195u64,
+    ]);
+
+    #[rustfmt::skip]
+    const R2: BigInteger = BigInteger([
+        28619103704175136u64,
+        11702218449377544339u64,
+        7403203599591297249u64,
+        2248105543421449339u64,
+        2357678148148u64,
+    ]);
+
+    const INV: u64 = 12714121028002250751u64;
+
+    #[rustfmt::skip]
+    const GENERATOR: BigInteger = BigInteger([
+        2709730703260633621u64,
+        13556085429182073539u64,
+        10903316137158576359u64,
+        5319113788683590444u64,
+        4022235209932u64,
+    ]);
+
+    #[rustfmt::skip]
+    const T: BigInteger = BigInteger([
+        0x70964866b2d38b3,
+        0x987520d4f1af2890,
+        0x2a47657764b1ae89,
+        0x6a39d133124ed3d8,
+        0x1de7bde,
+    ]);
+
+    #[rustfmt::skip]
+    const T_MINUS_ONE_DIV_TWO: BigInteger = BigInteger([
+        0x384b24335969c59,
+        0xcc3a906a78d79448,
+        0x1523b2bbb258d744,
+        0x351ce899892769ec,
+        0xef3def,
+    ]);
+
+    #[rustfmt::skip]
+    const MODULUS_MINUS_ONE_DIV_TWO: BigInteger = BigInteger([
+        0x64866b2d38b30000,
+        0x20d4f1af28900709,
+        0x657764b1ae899875,
+        0xd133124ed3d82a47,
+        0x1de7bde6a39,
+    ]);
+}

mnt4_298/src/fields/fq2.rs

@@ -0,0 +1,58 @@
+use crate::{Fq, FQ_ONE};
+use ark_ff::{
+    biginteger::BigInteger320 as BigInteger,
+    field_new,
+    fields::fp2::{Fp2, Fp2Parameters},
+};
+
+pub type Fq2 = Fp2<Fq2Parameters>;
+
+pub struct Fq2Parameters;
+
+impl Fp2Parameters for Fq2Parameters {
+    type Fp = Fq;
+
+    /// The quadratic non-residue (17) used to construct the extension is
+    /// the same as that used in [`libff`](https://github.com/scipr-lab/libff/blob/c927821ebe02e0a24b5e0f9170cec5e211a35f08/libff/algebra/curves/mnt/mnt4/mnt4_init.cpp#L102).
+    #[rustfmt::skip]
+    const NONRESIDUE: Fq = field_new!(Fq, BigInteger([
+        2709730703260633621,
+        13556085429182073539,
+        10903316137158576359,
+        5319113788683590444,
+        4022235209932,
+    ]));
+
+    /// The quadratic non-residue in F<sub>p</sub><sup>2</sup> that is used
+    /// in the computation of square roots is (8, 1), the same as that in
+    /// [`libff`](https://github.com/scipr-lab/libff/blob/c927821ebe02e0a24b5e0f9170cec5e211a35f08/libff/algebra/curves/mnt/mnt4/mnt4_init.cpp#L103)
+    const QUADRATIC_NONRESIDUE: (Self::Fp, Self::Fp) = (
+        field_new!(
+            Fq,
+            BigInteger([
+                7706310747053761245,
+                9941175645274129776,
+                14857322459377157960,
+                7030003475866554129,
+                3101682770110
+            ])
+        ),
+        FQ_ONE,
+    );
+
+    /// Precomputed coefficients:
+    /// `[1, 475922286169261325753349249653048451545124879242694725395555128576210262817955800483758080]`
+    const FROBENIUS_COEFF_FP2_C1: &'static [Self::Fp] = &[
+        FQ_ONE,
+        field_new!(
+            Fq,
+            BigInteger([
+                12702890790846888869,
+                6326265861366186013,
+                364584707886187945,
+                8740893163049517815,
+                2181130330288
+            ])
+        ),
+    ];
+}

mnt4_298/src/fields/fq4.rs

@@ -0,0 +1,56 @@
+use crate::{Fq, Fq2, Fq2Parameters, FQ_ONE, FQ_ZERO};
+use ark_ff::{
+    biginteger::BigInteger320 as BigInteger,
+    field_new,
+    fields::fp4::{Fp4, Fp4Parameters},
+};
+
+pub type Fq4 = Fp4<Fq4Parameters>;
+
+pub struct Fq4Parameters;
+
+impl Fp4Parameters for Fq4Parameters {
+    type Fp2Params = Fq2Parameters;
+
+    const NONRESIDUE: Fq2 = field_new!(Fq2, FQ_ZERO, FQ_ONE);
+
+    // Coefficients for the Frobenius automorphism.
+    // c1[0] = 1,
+    // c1[1] = 7684163245453501615621351552473337069301082060976805004625011694147890954040864167002308
+    // c1[2] = 475922286169261325753349249653048451545124879242694725395555128576210262817955800483758080
+    // c1[3] = 468238122923807824137727898100575114475823797181717920390930116882062371863914936316755773
+    #[rustfmt::skip]
+    const FROBENIUS_COEFF_FP4_C1: &'static [Fq] = &[
+        FQ_ONE,
+        field_new!(
+            Fq,
+            BigInteger([
+                16439849825752526567,
+                14772594681319164557,
+                16175669228740845684,
+                4590896976404796446,
+                3810243174413
+            ])
+        ),
+        field_new!(
+            Fq,
+            BigInteger([
+                12702890790846888869,
+                6326265861366186013,
+                364584707886187945,
+                8740893163049517815,
+                2181130330288
+            ])
+        ),
+        field_new!(
+            Fq,
+            BigInteger([
+                16494084033238978842,
+                8405712270147289988,
+                16893921313687769205,
+                7111183964905832559,
+                299901908070
+            ])
+        ),
+    ];
+}

mnt4_298/src/fields/fr.rs

@@ -0,0 +1,99 @@
+use ark_ff::{
+    biginteger::BigInteger320 as BigInteger,
+    fields::{FftParameters, Fp320, Fp320Parameters, FpParameters},
+};
+
+pub type Fr = Fp320<FrParameters>;
+
+pub struct FrParameters;
+
+impl Fp320Parameters for FrParameters {}
+impl FftParameters for FrParameters {
+    type BigInt = BigInteger;
+
+    const TWO_ADICITY: u32 = 34;
+
+    #[rustfmt::skip]
+    const TWO_ADIC_ROOT_OF_UNITY: BigInteger = BigInteger([
+        0x818b361df1af7be4,
+        0x2ae2750d46a53957,
+        0x5784a8fe792c5f8a,
+        0xf9bd39c0cdcf1bb6,
+        0x6a24a0f8a8,
+    ]);
+}
+impl FpParameters for FrParameters {
+    /// MODULUS = 475922286169261325753349249653048451545124878552823515553267735739164647307408490559963137
+    #[rustfmt::skip]
+    const MODULUS: BigInteger = BigInteger([
+        0xbb4334a400000001,
+        0xfb494c07925d6ad3,
+        0xcaeec9635cf44194,
+        0xa266249da7b0548e,
+        0x3bcf7bcd473,
+    ]);
+
+    const MODULUS_BITS: u32 = 298;
+
+    const CAPACITY: u32 = Self::MODULUS_BITS - 1;
+
+    const REPR_SHAVE_BITS: u32 = 22;
+
+    #[rustfmt::skip]
+    const R: BigInteger = BigInteger([
+        0xc3177aefffbb845c,
+        0x9b80c702f9961788,
+        0xc5df8dcdac70a85a,
+        0x29184098647b5197,
+        0x1c1223d33c3,
+    ]);
+
+    #[rustfmt::skip]
+    const R2: BigInteger = BigInteger([
+        0x465a743c68e0596b,
+        0x34f9102adb68371,
+        0x4bbd6dcf1e3a8386,
+        0x2ff00dced8e4b6d,
+        0x149bb44a342,
+    ]);
+
+    const INV: u64 = 0xbb4334a3ffffffff;
+
+    #[rustfmt::skip]
+    const GENERATOR: BigInteger = BigInteger([
+        0xb1ddfacffd532b94,
+        0x25e295ff76674008,
+        0x8f00647b48958d36,
+        0x1159f37d4e0fddb2,
+        0x2977770b3d1,
+    ]);
+
+    #[rustfmt::skip]
+    const MODULUS_MINUS_ONE_DIV_TWO: BigInteger = BigInteger([
+        0xdda19a5200000000,
+        0x7da4a603c92eb569,
+        0x657764b1ae7a20ca,
+        0xd133124ed3d82a47,
+        0x1de7bde6a39,
+    ]);
+
+    // T and T_MINUS_ONE_DIV_TWO, where MODULUS - 1 = 2^S * T
+
+    #[rustfmt::skip]
+    const T: BigInteger = BigInteger([
+        0xe4975ab4eed0cd29,
+        0xd73d10653ed25301,
+        0x69ec1523b2bbb258,
+        0x3def351ce8998927,
+        0xef,
+    ]);
+
+    #[rustfmt::skip]
+    const T_MINUS_ONE_DIV_TWO: BigInteger = BigInteger([
+        0xf24bad5a77686694,
+        0x6b9e88329f692980,
+        0xb4f60a91d95dd92c,
+        0x9ef79a8e744cc493,
+        0x77,
+    ]);
+}

mnt4_298/src/fields/mod.rs

@@ -0,0 +1,22 @@
+#[cfg(feature = "scalar_field")]
+pub mod fr;
+#[cfg(feature = "scalar_field")]
+pub use self::fr::*;
+
+#[cfg(feature = "base_field")]
+pub mod fq;
+#[cfg(feature = "base_field")]
+pub use self::fq::*;
+
+#[cfg(feature = "curve")]
+pub mod fq2;
+#[cfg(feature = "curve")]
+pub use self::fq2::*;
+
+#[cfg(feature = "curve")]
+pub mod fq4;
+#[cfg(feature = "curve")]
+pub use self::fq4::*;
+
+#[cfg(all(feature = "curve", test))]
+mod tests;

mnt4_298/src/fields/tests.rs

@@ -0,0 +1,45 @@
+use ark_ff::{test_rng, Field};
+use rand::Rng;
+
+use crate::*;
+
+use ark_curve_tests::fields::*;
+
+#[test]
+fn test_fr() {
+    let mut rng = test_rng();
+    let a: Fr = rng.gen();
+    let b: Fr = rng.gen();
+    field_test(a, b);
+    sqrt_field_test(a);
+    primefield_test::<Fr>();
+}
+
+#[test]
+fn test_fq() {
+    let mut rng = test_rng();
+    let a: Fq = rng.gen();
+    let b: Fq = rng.gen();
+    field_test(a, b);
+    sqrt_field_test(a);
+    primefield_test::<Fq>();
+}
+
+#[test]
+fn test_fq2() {
+    let mut rng = test_rng();
+    let a: Fq2 = rng.gen();
+    let b: Fq2 = rng.gen();
+    field_test(a, b);
+    sqrt_field_test(a);
+    frobenius_test::<Fq2, _>(Fq::characteristic(), 13);
+}
+
+#[test]
+fn test_fq4() {
+    let mut rng = test_rng();
+    let a: Fq4 = rng.gen();
+    let b: Fq4 = rng.gen();
+    field_test(a, b);
+    frobenius_test::<Fq4, _>(Fq::characteristic(), 13);
+}

mnt4_298/src/lib.rs

@@ -0,0 +1,39 @@
+#![cfg_attr(not(feature = "std"), no_std)]
+#![deny(
+    warnings,
+    unused,
+    future_incompatible,
+    nonstandard_style,
+    rust_2018_idioms
+)]
+#![forbid(unsafe_code)]
+
+//! This library implements the MNT4_298 curve generated by
+//! [[BCTV14]](https://eprint.iacr.org/2014/595).  The name denotes that it is a
+//! Miyaji--Nakabayashi--Takano curve of embedding degree 4, defined over a 298-bit (prime) field.
+//! The main feature of this curve is that its scalar field and base field respectively equal the
+//! base field and scalar field of MNT6_298.
+//!
+//!
+//! Curve information:
+//! * Base field: q = 475922286169261325753349249653048451545124879242694725395555128576210262817955800483758081
+//! * Scalar field: r = 475922286169261325753349249653048451545124878552823515553267735739164647307408490559963137
+//! * valuation(q - 1, 2) = 17
+//! * valuation(r - 1, 2) = 34
+//! * G1 curve equation: y^2 = x^3 + ax + b, where
+//!    * a = 2
+//!    * b = 423894536526684178289416011533888240029318103673896002803341544124054745019340795360841685
+//! * G2 curve equation: y^2 = x^3 + Ax + B, where
+//!    * A = Fq2 = (a * NON_RESIDUE, 0)
+//!    * B = Fq2(0, b * NON_RESIDUE)
+//!    * NON_RESIDUE = 17 is the quadratic non-residue used for constructing the extension field Fq2
+
+#[cfg(feature = "curve")]
+mod curves;
+#[cfg(any(feature = "scalar_field", feature = "base_field"))]
+mod fields;
+
+#[cfg(feature = "curve")]
+pub use curves::*;
+#[cfg(any(feature = "scalar_field", feature = "base_field"))]
+pub use fields::*;