Initial commit

2026-01-11 08:21:33 +01:00 · 2020-10-11 19:50:41 -07:00
commit 43ca2132fd
209 changed files with 18825 additions and 0 deletions
--- a/mnt4_298/src/curves/g1.rs
+++ b/mnt4_298/src/curves/g1.rs
@@ -0,0 +1,79 @@
+use crate::{Fq, Fr, FR_ONE};
+use ark_ec::{
+    mnt4,
+    models::{ModelParameters, SWModelParameters},
+};
+use ark_ff::{biginteger::BigInteger320, field_new};
+
+pub type G1Affine = mnt4::G1Affine<crate::Parameters>;
+pub type G1Projective = mnt4::G1Projective<crate::Parameters>;
+pub type G1Prepared = mnt4::G1Prepared<crate::Parameters>;
+
+#[derive(Clone, Default, PartialEq, Eq)]
+pub struct Parameters;
+
+impl ModelParameters for Parameters {
+    type BaseField = Fq;
+    type ScalarField = Fr;
+}
+
+impl SWModelParameters for Parameters {
+    /// COEFF_A = 2
+    /// Reference: https://github.com/scipr-lab/libff/blob/c927821ebe02e0a24b5e0f9170cec5e211a35f08/libff/algebra/curves/mnt/mnt4/mnt4_init.cpp#L116
+    #[rustfmt::skip]
+    const COEFF_A: Fq = field_new!(Fq, BigInteger320([
+            3568597988870129848,
+            15257338106490985450,
+            10069779447956199041,
+            5922375556522222383,
+            3858029504390,
+    ]));
+
+    /// COEFF_B = 423894536526684178289416011533888240029318103673896002803341544124054745019340795360841685
+    /// Reference: https://github.com/scipr-lab/libff/blob/c927821ebe02e0a24b5e0f9170cec5e211a35f08/libff/algebra/curves/mnt/mnt4/mnt4_init.cpp#L117
+    #[rustfmt::skip]
+    const COEFF_B: Fq = field_new!(Fq, BigInteger320([
+            7842808090366692145,
+            288200302308193399,
+            4162060950790347941,
+            5488589108190218591,
+            1553456013645,
+    ]));
+
+    /// COFACTOR = 1
+    const COFACTOR: &'static [u64] = &[1];
+
+    /// COFACTOR^(-1) mod r =
+    /// 1
+    #[rustfmt::skip]
+    const COFACTOR_INV: Fr = FR_ONE;
+
+    /// AFFINE_GENERATOR_COEFFS = (G1_GENERATOR_X, G1_GENERATOR_Y)
+    const AFFINE_GENERATOR_COEFFS: (Self::BaseField, Self::BaseField) =
+        (G1_GENERATOR_X, G1_GENERATOR_Y);
+}
+
+// Generator of G1
+// X = 60760244141852568949126569781626075788424196370144486719385562369396875346601926534016838,
+// Y = 363732850702582978263902770815145784459747722357071843971107674179038674942891694705904306,
+/// G1_GENERATOR_X
+/// Reference: https://github.com/scipr-lab/libff/blob/c927821ebe02e0a24b5e0f9170cec5e211a35f08/libff/algebra/curves/mnt/mnt4/mnt4_init.cpp#L137
+#[rustfmt::skip]
+pub const G1_GENERATOR_X: Fq = field_new!(Fq, BigInteger320([
+    6046301378120906932,
+    15105298306031900263,
+    15757949605695610691,
+    6113949277267426050,
+    3063081829217,
+]));
+
+/// G1_GENERATOR_Y
+/// Reference: https://github.com/scipr-lab/libff/blob/c927821ebe02e0a24b5e0f9170cec5e211a35f08/libff/algebra/curves/mnt/mnt4/mnt4_init.cpp#L138
+#[rustfmt::skip]
+pub const G1_GENERATOR_Y: Fq = field_new!(Fq, BigInteger320([
+    8798367863963590781,
+    9770379341721339603,
+    17697354471293810920,
+    15252694996423733496,
+    3845520398052,
+]));
--- a/mnt4_298/src/curves/g2.rs
+++ b/mnt4_298/src/curves/g2.rs
@@ -0,0 +1,127 @@
+use crate::{Fq, Fq2, Fr, FQ_ZERO, G1_COEFF_A_NON_RESIDUE};
+use ark_ec::{
+    mnt4,
+    mnt4::MNT4Parameters,
+    models::{ModelParameters, SWModelParameters},
+};
+use ark_ff::{biginteger::BigInteger320, field_new};
+
+pub type G2Affine = mnt4::G2Affine<crate::Parameters>;
+pub type G2Projective = mnt4::G2Projective<crate::Parameters>;
+pub type G2Prepared = mnt4::G2Prepared<crate::Parameters>;
+
+#[derive(Clone, Default, PartialEq, Eq)]
+pub struct Parameters;
+
+impl ModelParameters for Parameters {
+    type BaseField = Fq2;
+    type ScalarField = Fr;
+}
+
+/// MUL_BY_A_C0 = NONRESIDUE * COEFF_A
+#[rustfmt::skip]
+pub const MUL_BY_A_C0: Fq = G1_COEFF_A_NON_RESIDUE;
+
+/// MUL_BY_A_C1 = NONRESIDUE * COEFF_A
+#[rustfmt::skip]
+pub const MUL_BY_A_C1: Fq = G1_COEFF_A_NON_RESIDUE;
+
+impl SWModelParameters for Parameters {
+    const COEFF_A: Fq2 = crate::Parameters::TWIST_COEFF_A;
+    // B coefficient of MNT4-298 G2 =
+    // ```
+    // mnt4298_twist_coeff_b = mnt4298_Fq2(mnt4298_Fq::zero(),
+    //                                  mnt4298_G1::coeff_b * mnt4298_Fq2::non_residue);
+    // non_residue = mnt4298_Fq2::non_residue = mnt4298_Fq("13");
+    //  = (ZERO, G1_B_COEFF * NON_RESIDUE);
+    //  =
+    //  (0, 67372828414711144619833451280373307321534573815811166723479321465776723059456513877937430)
+    // ```
+    #[rustfmt::skip]
+    const COEFF_B: Fq2 = field_new!(Fq2,
+        FQ_ZERO,
+        field_new!(Fq, BigInteger320([
+            9511110677122940475,
+            13403516020116973437,
+            1464701424831086967,
+            4646785117660390394,
+            1747881737068,
+        ])),
+    );
+
+    /// COFACTOR =
+    /// 475922286169261325753349249653048451545124879932565935237842521413255878328503110407553025
+    #[rustfmt::skip]
+    const COFACTOR: &'static [u64] = &[
+        15480692783052488705,
+        9802782456999489873,
+        14622846468721090623,
+        11702080941310629006,
+        4110145082483,
+    ];
+
+    /// COFACTOR^(-1) mod r =
+    /// 475922286169261325753349249653048451545124878207887910632124039320641839552134835598065665
+    #[rustfmt::skip]
+    const COFACTOR_INV: Fr = field_new!(Fr, BigInteger320([
+        8065818351154103109,
+        7537800592537321232,
+        747075088561892445,
+        6335802185495034136,
+        1874289794052,
+    ]));
+
+    /// AFFINE_GENERATOR_COEFFS = (G2_GENERATOR_X, G2_GENERATOR_Y)
+    const AFFINE_GENERATOR_COEFFS: (Self::BaseField, Self::BaseField) =
+        (G2_GENERATOR_X, G2_GENERATOR_Y);
+
+    #[inline(always)]
+    fn mul_by_a(elt: &Fq2) -> Fq2 {
+        field_new!(Fq2, MUL_BY_A_C0 * &elt.c0, MUL_BY_A_C1 * &elt.c1,)
+    }
+}
+
+const G2_GENERATOR_X: Fq2 = field_new!(Fq2, G2_GENERATOR_X_C0, G2_GENERATOR_X_C1);
+const G2_GENERATOR_Y: Fq2 = field_new!(Fq2, G2_GENERATOR_Y_C0, G2_GENERATOR_Y_C1);
+
+// Generator of G2
+// These are two Fq elements each because X and Y (and Z) are elements of Fq^2
+// X = 438374926219350099854919100077809681842783509163790991847867546339851681564223481322252708,
+// 37620953615500480110935514360923278605464476459712393277679280819942849043649216370485641,
+// Y = 37437409008528968268352521034936931842973546441370663118543015118291998305624025037512482,
+// 424621479598893882672393190337420680597584695892317197646113820787463109735345923009077489,
+#[rustfmt::skip]
+pub const G2_GENERATOR_X_C0: Fq = field_new!(Fq, BigInteger320([
+    5356671649366391794,
+    2684151262065976452,
+    4683110650642896126,
+    10421299515941681582,
+    1618695480960
+]));
+
+#[rustfmt::skip]
+pub const G2_GENERATOR_X_C1: Fq = field_new!(Fq, BigInteger320([
+    133394645290266480,
+    15395232932057272770,
+    18271324022738539173,
+    9095178119640120034,
+    2303787573609
+]));
+
+#[rustfmt::skip]
+pub const G2_GENERATOR_Y_C0: Fq = field_new!(Fq, BigInteger320([
+    16920448081812496532,
+    15580160192086626100,
+    3974467672100342742,
+    8216505962266760277,
+    2643162835232
+]));
+
+#[rustfmt::skip]
+pub const G2_GENERATOR_Y_C1: Fq = field_new!(Fq, BigInteger320([
+    73816197493558356,
+    8663991890578965996,
+    11575903875707445958,
+    17953546933481201011,
+    2167465829200
+]));
--- a/mnt4_298/src/curves/mod.rs
+++ b/mnt4_298/src/curves/mod.rs
@@ -0,0 +1,63 @@
+use ark_ec::models::mnt4::{MNT4Parameters, MNT4};
+use ark_ff::{biginteger::BigInteger320, field_new, fields::FpParameters, Fp2};
+
+use crate::{Fq, Fq2, Fq2Parameters, Fq4Parameters, FqParameters, Fr, FrParameters};
+
+pub mod g1;
+pub mod g2;
+
+#[cfg(test)]
+mod tests;
+
+pub use self::{
+    g1::{G1Affine, G1Prepared, G1Projective},
+    g2::{G2Affine, G2Prepared, G2Projective},
+};
+
+pub type MNT4_298 = MNT4<Parameters>;
+
+pub struct Parameters;
+
+impl MNT4Parameters for Parameters {
+    const TWIST: Fp2<Self::Fp2Params> = field_new!(Fq2, FQ_ZERO, FQ_ONE);
+    // A coefficient of MNT4-298 G2 =
+    // ```
+    // mnt4298_twist_coeff_a = mnt4298_Fq2(mnt4298_G1::coeff_a * non_residue, mnt6298_Fq::zero());
+    //  = (A_COEFF * NONRESIDUE, ZERO)
+    //  = (34, ZERO)
+    // ```
+    #[rustfmt::skip]
+    const TWIST_COEFF_A: Fp2<Self::Fp2Params> = field_new!(Fq2,
+        G1_COEFF_A_NON_RESIDUE,
+        FQ_ZERO,
+    );
+
+    const ATE_LOOP_COUNT: &'static [u64] = &[993502997770534912, 5071219579242586943, 2027349];
+    const ATE_IS_LOOP_COUNT_NEG: bool = false;
+    const FINAL_EXPONENT_LAST_CHUNK_1: BigInteger320 = BigInteger320([0x1, 0x0, 0x0, 0x0, 0x0]);
+    const FINAL_EXPONENT_LAST_CHUNK_W0_IS_NEG: bool = false;
+    const FINAL_EXPONENT_LAST_CHUNK_ABS_OF_W0: BigInteger320 =
+        BigInteger320([993502997770534913, 5071219579242586943, 2027349, 0, 0]);
+    type Fp = Fq;
+    type Fr = Fr;
+    type Fp2Params = Fq2Parameters;
+    type Fp4Params = Fq4Parameters;
+    type G1Parameters = self::g1::Parameters;
+    type G2Parameters = self::g2::Parameters;
+}
+
+// 34
+pub const G1_COEFF_A_NON_RESIDUE: Fq = field_new!(
+    Fq,
+    BigInteger320([
+        9379015694948865065,
+        3933863906897692531,
+        7183785805598089445,
+        17382890709766103498,
+        3934325337380,
+    ])
+);
+pub const FQ_ZERO: Fq = field_new!(Fq, BigInteger320([0, 0, 0, 0, 0]));
+pub const FQ_ONE: Fq = field_new!(Fq, FqParameters::R);
+pub const FR_ZERO: Fr = field_new!(Fr, BigInteger320([0, 0, 0, 0, 0]));
+pub const FR_ONE: Fr = field_new!(Fr, FrParameters::R);
--- a/mnt4_298/src/curves/tests.rs
+++ b/mnt4_298/src/curves/tests.rs
@@ -0,0 +1,90 @@
+use ark_ec::{AffineCurve, PairingEngine, ProjectiveCurve};
+use ark_ff::{test_rng, Field, One, PrimeField, UniformRand};
+use rand::Rng;
+
+use crate::*;
+
+use ark_curve_tests::{curves::*, groups::*};
+
+#[test]
+fn test_g1_projective_curve() {
+    curve_tests::<G1Projective>();
+
+    sw_tests::<g1::Parameters>();
+}
+
+#[test]
+fn test_g1_projective_group() {
+    let mut rng = test_rng();
+    let a: G1Projective = rng.gen();
+    let b: G1Projective = rng.gen();
+    group_test(a, b);
+}
+
+#[test]
+fn test_g1_generator() {
+    let generator = G1Affine::prime_subgroup_generator();
+    assert!(generator.is_on_curve());
+    assert!(generator.is_in_correct_subgroup_assuming_on_curve());
+}
+
+#[test]
+fn test_g2_projective_curve() {
+    curve_tests::<G2Projective>();
+
+    sw_tests::<g2::Parameters>();
+}
+
+#[test]
+fn test_g2_projective_group() {
+    let mut rng = test_rng();
+    let a: G2Projective = rng.gen();
+    let b: G2Projective = rng.gen();
+    group_test(a, b);
+}
+
+#[test]
+fn test_g2_generator() {
+    let generator = G2Affine::prime_subgroup_generator();
+    assert!(generator.is_on_curve());
+    assert!(generator.is_in_correct_subgroup_assuming_on_curve());
+}
+
+#[test]
+fn test_bilinearity() {
+    let mut rng = test_rng();
+    let a: G1Projective = rng.gen();
+    let b: G2Projective = rng.gen();
+    let s: Fr = rng.gen();
+
+    let sa = a.mul(s);
+    let sb = b.mul(s);
+
+    let ans1 = MNT4_298::pairing(sa, b);
+    let ans2 = MNT4_298::pairing(a, sb);
+    let ans3 = MNT4_298::pairing(a, b).pow(s.into_repr());
+
+    assert_eq!(ans1, ans2);
+    assert_eq!(ans2, ans3);
+
+    assert_ne!(ans1, Fq4::one());
+    assert_ne!(ans2, Fq4::one());
+    assert_ne!(ans3, Fq4::one());
+
+    assert_eq!(ans1.pow(Fr::characteristic()), Fq4::one());
+    assert_eq!(ans2.pow(Fr::characteristic()), Fq4::one());
+    assert_eq!(ans3.pow(Fr::characteristic()), Fq4::one());
+}
+
+#[test]
+fn test_product_of_pairings() {
+    let rng = &mut test_rng();
+
+    let a = G1Projective::rand(rng).into_affine();
+    let b = G2Projective::rand(rng).into_affine();
+    let c = G1Projective::rand(rng).into_affine();
+    let d = G2Projective::rand(rng).into_affine();
+    let ans1 = MNT4_298::pairing(a, b) * &MNT4_298::pairing(c, d);
+    let ans2 = MNT4_298::product_of_pairings(&[(a.into(), b.into()), (c.into(), d.into())]);
+    assert_eq!(ans1, ans2);
+}