GLV implementation for BLS12_377, BLS12_381 and BN254 (#158)

bn254/src/curves/g1.rs

@@ -1,8 +1,10 @@
 use ark_ec::{
+    bn,
     models::{short_weierstrass::SWCurveConfig, CurveConfig},
-    short_weierstrass::Affine,
+    scalar_mul::glv::GLVConfig,
+    short_weierstrass::{Affine, Projective},
 };
-use ark_ff::{AdditiveGroup, Field, MontFp, Zero};
+use ark_ff::{AdditiveGroup, BigInt, Field, MontFp, PrimeField, Zero};
 
 use crate::{Fq, Fr};
 
@@ -36,6 +38,42 @@ impl SWCurveConfig for Config {
     fn mul_by_a(_: Self::BaseField) -> Self::BaseField {
         Self::BaseField::zero()
     }
+
+    #[inline]
+    fn mul_projective(
+        p: &bn::G1Projective<crate::Config>,
+        scalar: &[u64],
+    ) -> bn::G1Projective<crate::Config> {
+        let s = Self::ScalarField::from_sign_and_limbs(true, scalar);
+        GLVConfig::glv_mul_projective(*p, s)
+    }
+}
+
+impl GLVConfig for Config {
+    const ENDO_COEFFS: &'static [Self::BaseField] = &[MontFp!(
+        "21888242871839275220042445260109153167277707414472061641714758635765020556616"
+    )];
+
+    const LAMBDA: Self::ScalarField =
+        MontFp!("21888242871839275217838484774961031246154997185409878258781734729429964517155");
+
+    const SCALAR_DECOMP_COEFFS: [(bool, <Self::ScalarField as PrimeField>::BigInt); 4] = [
+        (false, BigInt!("147946756881789319000765030803803410728")),
+        (true, BigInt!("9931322734385697763")),
+        (false, BigInt!("9931322734385697763")),
+        (false, BigInt!("147946756881789319010696353538189108491")),
+    ];
+
+    fn endomorphism(p: &Projective<Self>) -> Projective<Self> {
+        let mut res = (*p).clone();
+        res.x *= Self::ENDO_COEFFS[0];
+        res
+    }
+    fn endomorphism_affine(p: &Affine<Self>) -> Affine<Self> {
+        let mut res = (*p).clone();
+        res.x *= Self::ENDO_COEFFS[0];
+        res
+    }
 }
 
 /// G1_GENERATOR_X = 1

bn254/src/curves/g2.rs

@@ -1,8 +1,9 @@
 use ark_ec::{
     models::{short_weierstrass::SWCurveConfig, CurveConfig},
-    short_weierstrass::Affine,
+    scalar_mul::glv::GLVConfig,
+    short_weierstrass::{Affine, Projective},
 };
-use ark_ff::{AdditiveGroup, MontFp, Zero};
+use ark_ff::{AdditiveGroup, BigInt, MontFp, PrimeField, Zero};
 
 use crate::{Fq, Fq2, Fr};
 
@@ -50,6 +51,35 @@ impl SWCurveConfig for Config {
     }
 }
 
+impl GLVConfig for Config {
+    const ENDO_COEFFS: &'static [Self::BaseField] = &[Fq2::new(
+        MontFp!("21888242871839275220042445260109153167277707414472061641714758635765020556616"),
+        Fq::ZERO,
+    )];
+
+    const LAMBDA: Self::ScalarField =
+        MontFp!("4407920970296243842393367215006156084916469457145843978461");
+
+    const SCALAR_DECOMP_COEFFS: [(bool, <Self::ScalarField as PrimeField>::BigInt); 4] = [
+        (false, BigInt!("147946756881789319010696353538189108491")),
+        (false, BigInt!("9931322734385697763")),
+        (true, BigInt!("9931322734385697763")),
+        (false, BigInt!("147946756881789319000765030803803410728")),
+    ];
+
+    fn endomorphism(p: &Projective<Self>) -> Projective<Self> {
+        let mut res = (*p).clone();
+        res.x *= Self::ENDO_COEFFS[0];
+        res
+    }
+
+    fn endomorphism_affine(p: &Affine<Self>) -> Affine<Self> {
+        let mut res = (*p).clone();
+        res.x *= Self::ENDO_COEFFS[0];
+        res
+    }
+}
+
 pub const G2_GENERATOR_X: Fq2 = Fq2::new(G2_GENERATOR_X_C0, G2_GENERATOR_X_C1);
 pub const G2_GENERATOR_Y: Fq2 = Fq2::new(G2_GENERATOR_Y_C0, G2_GENERATOR_Y_C1);
 

bn254/src/curves/tests.rs

@@ -7,3 +7,5 @@ test_group!(g1; G1Projective; sw);
 test_group!(g2; G2Projective; sw);
 test_group!(pairing_output; ark_ec::pairing::PairingOutput<Bn254>; msm);
 test_pairing!(pairing; crate::Bn254);
+test_group!(g1_glv; G1Projective; glv);
+test_group!(g2_glv; G2Projective; glv);