Initial commit

2026-01-12 08:51:36 +01:00 · 2020-10-11 19:50:41 -07:00
commit 43ca2132fd
209 changed files with 18825 additions and 0 deletions
--- a/mnt4_753/src/curves/g1.rs
+++ b/mnt4_753/src/curves/g1.rs
@@ -0,0 +1,104 @@
+use ark_ec::{
+    mnt4,
+    models::{ModelParameters, SWModelParameters},
+};
+use ark_ff::{biginteger::BigInteger768, field_new};
+
+use crate::{Fq, Fr, FR_ONE};
+
+pub type G1Affine = mnt4::G1Affine<crate::Parameters>;
+pub type G1Projective = mnt4::G1Projective<crate::Parameters>;
+pub type G1Prepared = mnt4::G1Prepared<crate::Parameters>;
+
+#[derive(Clone, Default, PartialEq, Eq)]
+pub struct Parameters;
+
+impl ModelParameters for Parameters {
+    type BaseField = Fq;
+    type ScalarField = Fr;
+}
+
+impl SWModelParameters for Parameters {
+    /// COEFF_A = 2
+    #[rustfmt::skip]
+    const COEFF_A: Fq = field_new!(Fq, BigInteger768([
+            3553860551672651396,
+            2565472393707818253,
+            3424927325234966109,
+            17487811826058095619,
+            15730291918544907998,
+            4332070408724822737,
+            7212646118208244402,
+            12904649141092619460,
+            9289117987390442562,
+            2254330573517213976,
+            3065472942259520298,
+            271095073719429,
+    ]));
+
+    /// COEFF_B = 0x01373684A8C9DCAE7A016AC5D7748D3313CD8E39051C596560835DF0C9E50A5B59B882A92C78DC537E51A16703EC9855C77FC3D8BB21C8D68BB8CFB9DB4B8C8FBA773111C36C8B1B4E8F1ECE940EF9EAAD265458E06372009C9A0491678EF4
+    #[rustfmt::skip]
+    const COEFF_B: Fq = field_new!(Fq, BigInteger768([
+            2672638521926201442,
+            17587766986973859626,
+            1309143029066506763,
+            1756412671449422902,
+            5395165286423163724,
+            589638022240022974,
+            7360845090332416697,
+            9829497896347590557,
+            9341553552113883496,
+            5888515763059971584,
+            10173739464651404689,
+            456607542322059,
+    ]));
+
+    /// COFACTOR = 1
+    const COFACTOR: &'static [u64] = &[1];
+
+    /// COFACTOR^(-1) mod r =
+    /// 1
+    #[rustfmt::skip]
+    const COFACTOR_INV: Fr = FR_ONE;
+
+    /// AFFINE_GENERATOR_COEFFS = (G1_GENERATOR_X, G1_GENERATOR_Y)
+    const AFFINE_GENERATOR_COEFFS: (Self::BaseField, Self::BaseField) =
+        (G1_GENERATOR_X, G1_GENERATOR_Y);
+}
+
+// Generator of G1
+// X = 7790163481385331313124631546957228376128961350185262705123068027727518350362064426002432450801002268747950550964579198552865939244360469674540925037890082678099826733417900510086646711680891516503232107232083181010099241949569,
+// Y = 6913648190367314284606685101150155872986263667483624713540251048208073654617802840433842931301128643140890502238233930290161632176167186761333725658542781350626799660920481723757654531036893265359076440986158843531053720994648,
+/// G1_GENERATOR_X =
+#[rustfmt::skip]
+pub const G1_GENERATOR_X: Fq = field_new!(Fq, BigInteger768([
+    9433494781491502420,
+    373642694095780604,
+    7974079134466535382,
+    15325904219470166885,
+    16825705122208020751,
+    898733863352481713,
+    3802318585082797759,
+    14417069684372068941,
+    4332882897981414838,
+    15138727514183191816,
+    16850594895992448907,
+    30598511593902
+]));
+
+/// G1_GENERATOR_Y =
+#[rustfmt::skip]
+pub const G1_GENERATOR_Y: Fq = field_new!(Fq, BigInteger768([
+    15710199097794077134,
+    3645667958306606136,
+    8298269426007169475,
+    5277073422205725562,
+    10451808582969862130,
+    14392820246664025579,
+    4365987620174557815,
+    14007263953321073101,
+    1355600847400958219,
+    3872959105252355444,
+    18016882244107198324,
+    424779036457857
+]));
--- a/mnt4_753/src/curves/g2.rs
+++ b/mnt4_753/src/curves/g2.rs
@@ -0,0 +1,177 @@
+use ark_ec::{
+    mnt4,
+    mnt4::MNT4Parameters,
+    models::{ModelParameters, SWModelParameters},
+};
+use ark_ff::{biginteger::BigInteger768, field_new};
+
+use crate::{Fq, Fq2, Fr, FQ_ZERO, G1_COEFF_A_NON_RESIDUE};
+
+pub type G2Affine = mnt4::G2Affine<crate::Parameters>;
+pub type G2Projective = mnt4::G2Projective<crate::Parameters>;
+pub type G2Prepared = mnt4::G2Prepared<crate::Parameters>;
+
+#[derive(Clone, Default, PartialEq, Eq)]
+pub struct Parameters;
+
+impl ModelParameters for Parameters {
+    type BaseField = Fq2;
+    type ScalarField = Fr;
+}
+
+/// MUL_BY_A_C0 = NONRESIDUE * COEFF_A
+#[rustfmt::skip]
+pub const MUL_BY_A_C0: Fq = G1_COEFF_A_NON_RESIDUE;
+
+/// MUL_BY_A_C1 = NONRESIDUE * COEFF_A
+#[rustfmt::skip]
+pub const MUL_BY_A_C1: Fq = G1_COEFF_A_NON_RESIDUE;
+
+impl SWModelParameters for Parameters {
+    const COEFF_A: Fq2 = crate::Parameters::TWIST_COEFF_A;
+    // B coefficient of MNT4-753 G2 =
+    // ```
+    // mnt4753_twist_coeff_b = mnt4753_Fq2(mnt4753_Fq::zero(),
+    //                                  mnt4753_G1::coeff_b * mnt4753_Fq2::non_residue);
+    // non_residue = mnt4753_Fq2::non_residue = mnt4753_Fq("13");
+    //  = (ZERO, G1_B_COEFF * NON_RESIDUE);
+    //  =
+    //  (0, 39196523001581428369576759982967177918859161321667605855515469914917622337081756705006832951954384669101573360625169461998308377011601613979275218690841934572954991361632773738259652003389826903175898479855893660378722437317212)
+    // ```
+    #[rustfmt::skip]
+    const COEFF_B: Fq2 = field_new!(Fq2,
+        FQ_ZERO,
+        field_new!(Fq, BigInteger768([
+            15129916544657421551,
+            11332543254671606602,
+            11913830318987286849,
+            13905314883394440110,
+            16479690325073358448,
+            14869098639251228898,
+            10663986895980443550,
+            10768989312009479656,
+            9469728929095040349,
+            4512954369775881939,
+            8788997129423430122,
+            459763387588954,
+        ])),
+    );
+
+    /// COFACTOR =
+    /// 41898490967918953402344214791240637128170709919953949071783502921025352812571106773058893763790338921418070971888049094905534395567574915333486969589229856772141392370549616644545554517640527237829320384324374366385444967219201
+    #[rustfmt::skip]
+    const COFACTOR: &'static [u64] = &[
+        16436257212445032449,
+        8690275530472745198,
+        17315389657026393162,
+        1645397558963170979,
+        3544984605440726586,
+        12665092767997125024,
+        11083680675069097885,
+        575819899841080717,
+        6825179918269667443,
+        13256793349531086829,
+        1162650133526138285,
+        497830423872529,
+    ];
+
+    /// COFACTOR^(-1) mod r =
+    /// 102345604409665481004734934052318066391634848395005988700111949231215905051467807945653833683883449458834877235200
+    #[rustfmt::skip]
+    const COFACTOR_INV: Fr = field_new!(Fr, BigInteger768([
+        1879390364380281898,
+        7926794171490610432,
+        6437239504245874253,
+        16688141022047191858,
+        17059416847145768464,
+        15065047661241262516,
+        16537575340937777321,
+        3324411942044534547,
+        3878293904770657570,
+        18116939243856833744,
+        7557533897589069385,
+        78370361203778,
+    ]));
+
+    /// AFFINE_GENERATOR_COEFFS = (G2_GENERATOR_X, G2_GENERATOR_Y)
+    const AFFINE_GENERATOR_COEFFS: (Self::BaseField, Self::BaseField) =
+        (G2_GENERATOR_X, G2_GENERATOR_Y);
+
+    #[inline(always)]
+    fn mul_by_a(elt: &Fq2) -> Fq2 {
+        field_new!(Fq2, MUL_BY_A_C0 * &elt.c0, MUL_BY_A_C1 * &elt.c1,)
+    }
+}
+
+const G2_GENERATOR_X: Fq2 = field_new!(Fq2, G2_GENERATOR_X_C0, G2_GENERATOR_X_C1);
+const G2_GENERATOR_Y: Fq2 = field_new!(Fq2, G2_GENERATOR_Y_C0, G2_GENERATOR_Y_C1);
+
+// Generator of G2
+// These are two Fq elements each because X and Y (and Z) are elements of Fq^2
+// X = 29483965110843144675703364744708836524643960105538608078862508397502447349913068434941060515343254862580437318493682762113105361632548148204806052114008731372757389645383891982211245013965175213456066452587869519098351487925167,
+// 19706011319630172391076079624799753948158506771222147486237995321925443331396169656568431378974558350664383559981183980668976846806019030432389169137953988990802000581078994008283967768348275973921598166274857631001635633631000,
+// Y = 39940152670760519653940320314827327941993141403708338666925204282084477074754642625849927569427860786384998614863651207257467076192649385174108085803168743803491780568503369317093191101779534035377266300185099318717465441820654,
+// 17608637424964395737041291373756657139607306440193731804102457011726690702169238966996114255971643893157857311132388792357391583164125870757541009035041469463366528798593952884745987697403056488744603829437448927398468360797245,
+#[rustfmt::skip]
+pub const G2_GENERATOR_X_C0: Fq = field_new!(Fq, BigInteger768([
+    7263636080534048301,
+    7643227961769035653,
+    15787777614640869937,
+    17661317895964274771,
+    4142647779394287783,
+    15064949873659932676,
+    4579259080596351332,
+    2207443675339702626,
+    5738725620118622838,
+    4338467638707299712,
+    6558861849926282439,
+    341078935870328
+]));
+
+#[rustfmt::skip]
+pub const G2_GENERATOR_X_C1: Fq = field_new!(Fq, BigInteger768([
+    13073882729051113867,
+    195909455108318710,
+    10527070038778509320,
+    16605710222187477118,
+    10442518358308209073,
+    7776589986153052354,
+    16034091384000651523,
+    17429232381273855185,
+    512853344493546034,
+    7982076214836075255,
+    3601416800138513610,
+    399028695285184
+]));
+
+#[rustfmt::skip]
+pub const G2_GENERATOR_Y_C0: Fq = field_new!(Fq, BigInteger768([
+    4867672648970469422,
+    2453112364260322863,
+    11918672197974895143,
+    3923647310180624143,
+    12707123323825700670,
+    15781895092544451511,
+    17747112377690960911,
+    16511994611001933567,
+    15360620366665804029,
+    10252080383738480571,
+    5722654046339742760,
+    316853130349807
+]));
+
+#[rustfmt::skip]
+pub const G2_GENERATOR_Y_C1: Fq = field_new!(Fq, BigInteger768([
+    17322957246732430708,
+    11825815087694023697,
+    7654216682602683900,
+    13544637981229618042,
+    17057060382219081849,
+    4038731408172002692,
+    6631723222530012253,
+    10585926166286435412,
+    16050667328028620117,
+    16598483946296156500,
+    11771818132648686020,
+    1230430296095
+]));
--- a/mnt4_753/src/curves/mod.rs
+++ b/mnt4_753/src/curves/mod.rs
@@ -0,0 +1,90 @@
+use ark_ec::models::mnt4::{MNT4Parameters, MNT4};
+use ark_ff::{biginteger::BigInteger768, field_new, fields::FpParameters, Fp2};
+
+use crate::{Fq, Fq2, Fq2Parameters, Fq4Parameters, FqParameters, Fr, FrParameters};
+
+pub mod g1;
+pub mod g2;
+
+#[cfg(test)]
+mod tests;
+
+pub use self::{
+    g1::{G1Affine, G1Prepared, G1Projective},
+    g2::{G2Affine, G2Prepared, G2Projective},
+};
+
+pub type MNT4_753 = MNT4<Parameters>;
+
+pub struct Parameters;
+
+impl MNT4Parameters for Parameters {
+    const TWIST: Fp2<Self::Fp2Params> = field_new!(Fq2, FQ_ZERO, FQ_ONE);
+    // A coefficient of MNT4-753 G2 =
+    // ```
+    // mnt4753_twist_coeff_a = mnt4753_Fq2(mnt4753_G1::coeff_a * non_residue, mnt6753_Fq::zero());
+    //  = (A_COEFF * NONRESIDUE, ZERO)
+    //  = (26, ZERO)
+    // ```
+    #[rustfmt::skip]
+    const TWIST_COEFF_A: Fp2<Self::Fp2Params> = field_new!(Fq2,
+        G1_COEFF_A_NON_RESIDUE,
+        FQ_ZERO,
+    );
+    // https://github.com/o1-labs/snarky/blob/9c21ab2bb23874604640740d646a932e813432c3/snarkette/mnt4753.ml
+    const ATE_LOOP_COUNT: &'static [u64] = &[
+        8824542903220142080,
+        7711082599397206192,
+        8303354903384568230,
+        5874150271971943936,
+        9717849827920685054,
+        95829799234282493,
+    ];
+    const ATE_IS_LOOP_COUNT_NEG: bool = true;
+    const FINAL_EXPONENT_LAST_CHUNK_1: BigInteger768 =
+        BigInteger768([0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]);
+    const FINAL_EXPONENT_LAST_CHUNK_W0_IS_NEG: bool = true;
+    const FINAL_EXPONENT_LAST_CHUNK_ABS_OF_W0: BigInteger768 = BigInteger768([
+        8824542903220142079,
+        7711082599397206192,
+        8303354903384568230,
+        5874150271971943936,
+        9717849827920685054,
+        95829799234282493,
+        0,
+        0,
+        0,
+        0,
+        0,
+        0,
+    ]);
+    type Fp = Fq;
+    type Fr = Fr;
+    type Fp2Params = Fq2Parameters;
+    type Fp4Params = Fq4Parameters;
+    type G1Parameters = self::g1::Parameters;
+    type G2Parameters = self::g2::Parameters;
+}
+
+// 26
+pub const G1_COEFF_A_NON_RESIDUE: Fq = field_new!(
+    Fq,
+    BigInteger768([
+        16948538951764659373,
+        10775354577659735631,
+        12766795894854242596,
+        8684022258823474090,
+        973489465296612807,
+        3883945490221946200,
+        16178634811223492029,
+        16155746945640075033,
+        17642042187059426365,
+        10295720303844380352,
+        13265853240981244259,
+        39422991244875,
+    ])
+);
+pub const FQ_ZERO: Fq = field_new!(Fq, BigInteger768([0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]));
+pub const FQ_ONE: Fq = field_new!(Fq, FqParameters::R);
+pub const FR_ZERO: Fr = field_new!(Fr, BigInteger768([0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]));
+pub const FR_ONE: Fr = field_new!(Fr, FrParameters::R);
--- a/mnt4_753/src/curves/tests.rs
+++ b/mnt4_753/src/curves/tests.rs
@@ -0,0 +1,90 @@
+use ark_ec::{AffineCurve, PairingEngine, ProjectiveCurve};
+use ark_ff::{test_rng, Field, One, PrimeField, UniformRand};
+use rand::Rng;
+
+use crate::*;
+
+use ark_curve_tests::{curves::*, groups::*};
+
+#[test]
+fn test_g1_projective_curve() {
+    curve_tests::<G1Projective>();
+
+    sw_tests::<g1::Parameters>();
+}
+
+#[test]
+fn test_g1_projective_group() {
+    let mut rng = test_rng();
+    let a: G1Projective = rng.gen();
+    let b: G1Projective = rng.gen();
+    group_test(a, b);
+}
+
+#[test]
+fn test_g1_generator() {
+    let generator = G1Affine::prime_subgroup_generator();
+    assert!(generator.is_on_curve());
+    assert!(generator.is_in_correct_subgroup_assuming_on_curve());
+}
+
+#[test]
+fn test_g2_projective_curve() {
+    curve_tests::<G2Projective>();
+
+    sw_tests::<g2::Parameters>();
+}
+
+#[test]
+fn test_g2_projective_group() {
+    let mut rng = test_rng();
+    let a: G2Projective = rng.gen();
+    let b: G2Projective = rng.gen();
+    group_test(a, b);
+}
+
+#[test]
+fn test_g2_generator() {
+    let generator = G2Affine::prime_subgroup_generator();
+    assert!(generator.is_on_curve());
+    assert!(generator.is_in_correct_subgroup_assuming_on_curve());
+}
+
+#[test]
+fn test_bilinearity() {
+    let mut rng = test_rng();
+    let a: G1Projective = rng.gen();
+    let b: G2Projective = rng.gen();
+    let s: Fr = rng.gen();
+
+    let sa = a.mul(s);
+    let sb = b.mul(s);
+
+    let ans1 = MNT4_753::pairing(sa, b);
+    let ans2 = MNT4_753::pairing(a, sb);
+    let ans3 = MNT4_753::pairing(a, b).pow(s.into_repr());
+
+    assert_eq!(ans1, ans2);
+    assert_eq!(ans2, ans3);
+
+    assert_ne!(ans1, Fq4::one());
+    assert_ne!(ans2, Fq4::one());
+    assert_ne!(ans3, Fq4::one());
+
+    assert_eq!(ans1.pow(Fr::characteristic()), Fq4::one());
+    assert_eq!(ans2.pow(Fr::characteristic()), Fq4::one());
+    assert_eq!(ans3.pow(Fr::characteristic()), Fq4::one());
+}
+
+#[test]
+fn test_product_of_pairings() {
+    let rng = &mut test_rng();
+
+    let a = G1Projective::rand(rng).into_affine();
+    let b = G2Projective::rand(rng).into_affine();
+    let c = G1Projective::rand(rng).into_affine();
+    let d = G2Projective::rand(rng).into_affine();
+    let ans1 = MNT4_753::pairing(a, b) * &MNT4_753::pairing(c, d);
+    let ans2 = MNT4_753::product_of_pairings(&[(a.into(), b.into()), (c.into(), d.into())]);
+    assert_eq!(ans1, ans2);
+}