arnaucube/ark-curves-cherry-picked
1
0
Fork 0
mirror of https://github.com/arnaucube/ark-curves-cherry-picked.git synced 2026-01-27 14:13:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: arnaucube:initialize
Branches Tags
arnaucube:cherry-pick arnaucube:master arnaucube:use-algebra-ci-no-std arnaucube:releases arnaucube:update-to-latest-arkworks arnaucube:sjoseph/big_integer_documentation arnaucube:reduce-generics arnaucube:fq2_neg_nonresidue arnaucube:initialize
arnaucube:v0.4.0-alpha.2 arnaucube:v0.4.0-alpha.1 arnaucube:v0.3.0 arnaucube:ark-vesta-v0.2.0 arnaucube:ark-ed-on-mnt4-753-v0.2.0
...
compare: arnaucube:cherry-pick
Branches Tags
arnaucube:cherry-pick arnaucube:master arnaucube:use-algebra-ci-no-std arnaucube:releases arnaucube:update-to-latest-arkworks arnaucube:sjoseph/big_integer_documentation arnaucube:reduce-generics arnaucube:fq2_neg_nonresidue arnaucube:initialize
arnaucube:v0.4.0-alpha.2 arnaucube:v0.4.0-alpha.1 arnaucube:v0.3.0 arnaucube:ark-vesta-v0.2.0 arnaucube:ark-ed-on-mnt4-753-v0.2.0

113 Commits
initialize ... cherry-pic

Author SHA1 Message Date
arnaucube
5d56cc2630 cherry-pick BN254::constraints & Grumpkin to be able to use them with compatibility at v0.4.0 2024-03-14 18:43:01 +01:00
mmagician
5a0b8eca0b chore: Release 2022-12-28 12:33:05 +01:00
mmagician
a986e08ce4 explicitly specify a dependency version 2022-12-28 12:23:43 +01:00
mmagician
5831ddbfe7 remove patches from release branch 2022-12-28 12:20:40 +01:00
Pratyush Mishra
cba0c7ef0d Add frobenius_map_in_place (#140) 2022-12-28 12:19:38 +01:00
Weikeng Chen
a82486db1d Add supplementary small group bases for some common fields (#137) 
* update

* use r1cs std

* fix

* rem

* Apply suggestions from code review

Co-authored-by: onewayfunc <onewayfunc@gmail.com>
 2022-12-21 18:06:24 -08:00
Pratyush Mishra
febd7635fb Rename all *Parameters to *Config (#136) 
* Rename all `*Parameters` to `*Config`

* Tweak
 2022-12-16 19:35:32 -08:00
Weikeng Chen
f8a6a4050e Add the secp256k1 and secq256k1 curves (#122) 
Co-authored-by: Pratyush Mishra <pratyushmishra@berkeley.edu>
Co-authored-by: onewayfunc <onewayfunc@gmail.com>
 2022-12-09 10:41:40 -08:00
mmagician
cdf4d182a6 Prepare release 0.4 (#133) 2022-11-29 08:22:09 -08:00
Weikeng Chen
99831650f8 Prepared G2 consistency test (#70) 
* add the g2 check

* fmt

* fix

* fix

* fix

* fix

* changelog

* test macos for curve tests

* use macos only for mnt6-753

* fix

* fix name consistency

* adjust the order

* mnt4 753

* fix

Co-authored-by: Pratyush Mishra <pratyushmishra@berkeley.edu>
Co-authored-by: onewayfunc <onewayfunc@gmail.com>
 2022-10-31 17:12:52 -07:00
Weikeng Chen
db03d405b5 Add the curve25519 curve (#124) 
* add ed25519 curve

* changelog

* curve info

* fix

* edit

* update

* add more explanation

* Update curve25519/src/curves/mod.rs

* Update curve25519/src/curves/mod.rs

* fixed the comment

* Update curve25519/src/curves/mod.rs

Co-authored-by: onewayfunc <onewayfunc@gmail.com>
 2022-10-29 19:55:35 -07:00
Weikeng Chen
a7d266f73d Add the ed25519 curve (#121) 
* add ed25519 curve

* changelog

* curve info

* fix

* cleanup the script

* Update ed25519/src/curves/mod.rs

* Update ed25519/src/curves/mod.rs

Co-authored-by: onewayfunc <onewayfunc@gmail.com>
 2022-10-29 19:33:55 -07:00
Weikeng Chen
5d6d31d213 Fix the location of BitIteratorBE (#132) 
* fix

* fix

Co-authored-by: onewayfunc <onewayfunc@gmail.com>
 2022-10-29 11:29:45 -07:00
mmagician
df39c78a5b Update changelog (#131) 2022-10-19 10:06:42 -07:00
mmagician
138b23f2fa Zcash-style serialization for BLS12-381 (#129) 
Co-authored-by: kevaundray <37423678+kevaundray@users.noreply.github.com>
Co-authored-by: Pratyush Mishra <pratyushmishra@berkeley.edu>
 2022-10-18 22:44:43 -07:00
mmagician
4bcf87de22 Faster cofactor clearing for G1 & G2 of bls12-381 + benchmarking (#103) 2022-10-16 10:13:57 -07:00
Pratyush Mishra
efefa209d6 Fix mul-by-non-residue for bw6::fq3 2022-10-02 09:15:25 -07:00
Pratyush Mishra
1833cbfb29 Tweaks 2022-10-02 09:15:25 -07:00
Pratyush Mishra
f43d59c958 Rename 2022-10-02 09:15:25 -07:00
Pratyush Mishra
68f500da01 Optimizations to field and curve arithmetic 2022-10-02 09:15:25 -07:00
Pratyush Mishra
363426c1d4 Update to new benchmarking framework (#126) 2022-09-09 19:24:33 -07:00
Pratyush Mishra
55a092a6c7 is_identity -> is_zero (#125) 2022-09-09 11:07:42 -07:00
Weikeng Chen
f74378c017 Add serialization for CP6-782 (#120) 
Co-authored-by: onewayfunc <onewayfunc@gmail.com>
 2022-09-03 22:55:16 -07:00
Weikeng Chen
3af6ec17d6 Fix Bandersnatch parameters and the constraint tests (#119) 
Co-authored-by: onewayfunc <onewayfunc@gmail.com>
 2022-09-03 12:32:28 -07:00
Weikeng Chen
dc555882cd Fix the remaining curve and field tests (#118) 
* push

* push

* cargo ready

Co-authored-by: onewayfunc <onewayfunc@gmail.com>
 2022-09-03 00:34:13 -07:00
Weikeng Chen
3c4c67f114 Sync with the recent changes in ark-algebra on pairing and testing (#116) 
* Fix another typo in the Jubjub curve comment

* fix

* progress

* get_point_from_x_unchecked

* fix

* soft link

* Fix Bandersnatch

* Fix Edwards form of Bandersnatch

* Actually fix ed_on_bls12_381_bandersnatch/src/curves/mod.rs

* fix

* fix

* curve-benches

* fix the last mul_by_a; fmt

Co-authored-by: onewayfunc <onewayfunc@gmail.com>
Co-authored-by: Pratyush Mishra <pratyushmishra@berkeley.edu>
 2022-09-02 16:31:58 -07:00
mmagician
42289245a6 Replace ATE_LOOP_COUNT with its 2-NAF for MNT curves (#107) 
* Replace ATE_LOOP_COUNT by its 2-NAF

* Add constant references

* Apply suggestions from code review

Co-authored-by: Weikeng Chen <w.k@berkeley.edu>
 2022-09-02 08:19:51 -07:00
Weikeng Chen
b433045f4d Fix a typo in the Jubjub curve comment (#114) 2022-08-27 14:17:37 -07:00
Weikeng Chen
52577f93ba Last PR to get the curve tests to work (#113) 2022-08-21 21:08:38 -07:00
Weikeng Chen
6d94362894 Let ark-curve-constraint-tests work with latest arkworks-rs algebra (#112) 2022-08-21 19:58:41 -07:00
Weikeng Chen
435de9fc36 Let cargo build work again for the new arkworks-rs algebra (#111) 2022-08-21 18:22:43 -07:00
Pratyush Mishra
e75546313a Fix benchmarks and fix accidental renaming of Pallas/Vesta (#108) 2022-08-01 13:46:52 -07:00
kevaundray
67d5a8582e Document Bandersnatch as an incomplete twisted Edwards curve (#85) 2022-08-01 10:32:08 -07:00
Marcin
93e64df895 Catch up with algebra (#106) 
Co-authored-by: Pratyush Mishra <pratyushmishra@berkeley.edu>
 2022-07-29 12:16:16 -07:00
Marcin
76579d0fbb QUADRATIC_NONRESIDUE is never used, remove (#104) 
* `QUADRATIC_NONRESIDUE` is never used, remove

* Update CHANGELOG.md

* Remove unused imports
 2022-06-30 11:00:01 -07:00
Marcin
9a89ea8adc Pull ark-std from latest master (#100) 2022-04-11 15:17:18 -07:00
Pratyush Mishra
5a1e16e2b7 Fix benchmark imports (#99) 2022-03-07 21:01:29 -08:00
Pratyush Mishra
1551d6d76c Upgrade to work with latest ark-ff (#95) 
Co-authored-by: Sun <huachuang20@gmail.com>
 2022-03-07 13:12:03 -08:00
Marcin
d0dc200f22 Sqrt fq2 bls12 381 regression (#89) 
Co-authored-by: Pratyush Mishra <pratyushmishra@berkeley.edu>
 2022-01-11 09:28:17 -08:00
Marcin
6a5cf1d84a BigInt fixes corresponding to algebra#372 
Co-authored-by: Pratyush Mishra <pratyushmishra@berkeley.edu>
 2022-01-10 11:03:40 -08:00
Pratyush Mishra
d1ced15cc2 Upgrade for algebra/365 (#92) 
* Upgrade for algebra/365

* Merge fix

* Fix
 2021-12-29 17:07:52 +01:00
Yuncong Hu
677b4ae751 Simplify the field and curve tests using macros (#90) 
* Simplify the field and curve tests using macros

* minor

* remove redundant code

Co-authored-by: weikeng <w.k@berkeley.edu>
 2021-12-06 00:03:29 -08:00
Michael Rosenberg
c5547905d0 Fixed curve-bench compile error (#83) 
* Fixed benchmarking compile error

* Updated CHANGELOG

* patch `algebra-test-templates` due to breaking changes since the last release

Co-authored-by: Marcin Górny <marcin.gorny.94@protonmail.com>
 2021-12-05 17:48:33 +01:00
Popog
f1e36c5bed Documentation provides incorrect calculation (#81) 2021-11-15 10:55:32 -08:00
Weikeng Chen
3a0f858adb Revise the version number of Bandersnatch (#80) 2021-11-10 22:20:01 -08:00
zhenfei
461e4190b1 adding SW parameters for Bandersnatch curve (#67) 
Co-authored-by: Pratyush Mishra <pratyushmishra@berkeley.edu>
 2021-10-20 10:12:15 -07:00
zhenfei
5fe1862c9a Twisted Edwards parameters for BLS12-377 (#76) 
Co-authored-by: Pratyush Mishra <pratyushmishra@berkeley.edu>
 2021-10-19 11:30:41 -07:00
Simon Masson
2118e14b6a Use Scott's subgroup membership tests for G1 and G2 of BLS12-381. (#74) 
* implementation of the fast subgroup check for bls12_381

* add a bench

* subgroup check for g1

* subgroup check modifications

* remove useless test

* fmt

* need the last version of arkworks/algebra

* remove Parameters0

* using projective points is more efficient

* use of projective coordinates in G2

* fmt

* documentation on the constants and the psi function

* references for algorithms of eprint 2021/1130

* fmt

* sed ^ **

* minor improvement

* fmt

* fix Cargo toml

* nits

* some cleanup for g1

* add the beta test back

* fmt

* g2

* changelog

* add a  note on the Cargo.toml

* nits

* avoid variable name conflicts

* add the early-out optimization

Co-authored-by: weikeng <w.k@berkeley.edu>
 2021-09-25 10:34:13 -07:00
Weikeng Chen
b5c2d8eba3 Fix a comment on Bandersnatch's TEModelParameters (#65) 
Pratyush noticed a comment regarding COEFF_A has not been updated. This PR fixes so.
 2021-06-30 20:14:37 -07:00
zhenfei
129795aa4c Implement the Bandersnatch curve (#64) 
* impl bandersnatch

* clean up

* update changelog

* Relocate the readme so they show up in the doc

* Delete README.md

* Relocate the changelog entry

* rename & fmt

Co-authored-by: Weikeng Chen <w.k@berkeley.edu>
 2021-06-29 18:04:08 -07:00
George Gkitsas
a9cb9bfcb2 Fix incorrect repository links in Cargo.toml files (#63) 
* fixes repository in cargo files

* lint fixes
 2021-06-23 08:58:50 -07:00
Weikeng Chen
d2c998736e Release v0.3.0 (#62) 
* release

* update CHANGELOG.md
 2021-06-06 13:47:19 -07:00
Alex Ozdemir
ada1fdac07 Fix Bls12-377 scalar group generator (#60) 
* Fix Bls12-377 scalar group generator

Previously we used 11 as a generator, which has order (p-1)/35.

Now we use 22, which has the right order.

Fixed the two-adic root of unity in accordance with the new generator.

fixes #47

* add the CHANGE LOG

Co-authored-by: weikeng <w.k@berkeley.edu>
 2021-05-06 16:46:22 -07:00
Weikeng Chen
8c795ec0cf Update the documentation of BN254's field parameters (#59) 2021-05-06 08:22:07 -07:00
Daira Hopwood
9d232a7dcd Fix a comment describing BN254. (#55) 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-04-16 14:54:33 -07:00
Daira Hopwood
4d6c49640c Add benchmarks for Pallas and Vesta curves. (#53) 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-04-16 10:18:06 -07:00
Pratyush Mishra
880a010f5e Reduce CI time by parallelizing per-curve tests (#52) 2021-04-11 14:53:06 -07:00
Dev Ojha
269fe97519 Release v0.2 (#51) 2021-03-24 20:18:59 -05:00
Dev Ojha
de78b0da1d Update CHANGELOG.md (#50) 
Co-authored-by: Pratyush Mishra <pratyushmishra@berkeley.edu>
 2021-03-24 12:00:47 -05:00
Pratyush Mishra
5c0dcd5ca1 Fix links in curve documentation (#49) 2021-03-24 09:25:56 -07:00
Weikeng Chen
507cfa355a Remove the two remaining direct references to rand (#47) 2021-03-23 16:31:55 -07:00
Dev Ojha
fea21d919a Linkify changelog (#46) 2021-03-23 13:59:51 -05:00
Weikeng Chen
666da1e3b2 Fix ed-on-mnt4-753 (#45) 
* fix ed-mnt4-753

* update CHANGELOG
 2021-02-09 09:33:28 -08:00
Weikeng Chen
74f6efb821 Replace rand with ark_std::rand (#42) 
* replace rand

* update CHANGELOG

* fmt

* fix

* fix
 2021-02-04 20:12:47 -08:00
Dev Ojha
684969909b Add benchmark for sub_assign (#41) 2021-02-04 13:50:08 -08:00
Pratyush Mishra
487f0043d8 Upgrade to test-templates from algebra (#40) 
* Upgrade to test-templates from algebra

* Fix Cargo.toml

* Fix search and replace

* Update

* Fix cargo tomls
 2021-01-31 11:47:41 -08:00
Dev Ojha
cd88721883 Switch to panic='abort' for safety across FFI boundaries (#38) 2021-01-21 14:51:10 -06:00
Pratyush Mishra
6ed2450b55 More comprehensive scalar multiplication tests (#37) 2021-01-15 13:55:17 -08:00
Pratyush Mishra
04b5ef1265 Make constraint tests check all allocation modes (#35) 2021-01-08 23:03:52 -08:00
Daira Hopwood
39c58df3a6 Add Pallas and Vesta curves (#21) 
Co-authored-by: Ying Tong Lai <yingtong@electriccoin.co>
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
Co-authored-by: Pratyush Mishra <pratyushmishra@berkeley.edu>
Co-authored-by: therealyingtong <yingtong@z.cash>
 2020-12-30 16:56:00 -08:00
Pratyush Mishra
e7d7d01a02 Add MSM benchmark (#24) 2020-12-16 13:39:29 -06:00
Pratyush Mishra
621355df14 Fix links in Cargo.tomls (#29) 
Co-authored-by: Dev Ojha <ValarDragon@users.noreply.github.com>
 2020-12-16 11:12:01 -08:00
Dev Ojha
505b72e71e Add Changelog and contributing file (#31) 
* Add issue/PR templates

Co-authored-by: Pratyush Mishra <pratyushmishra@berkeley.edu>
 2020-12-16 00:57:59 -06:00
Pratyush Mishra
ae06af2448 Handle Fp64 related issue (#32) 2020-12-16 00:36:01 -06:00
Pratyush Mishra
72b04dbacb Better inversion in tests (#30) 2020-12-15 21:17:28 -08:00
Pratyush Mishra
9654fb6513 Fix rng in constraint tests 2020-12-15 20:49:55 -08:00
ValarDragon
145a573b41 Add missed import 2020-12-15 20:49:55 -08:00
ValarDragon
b7d6d11ff6 Fix doctests 2020-12-15 20:49:55 -08:00
ValarDragon
9c8d0fbe4c undo patch.crates.io 2020-12-15 20:49:55 -08:00
ValarDragon
febd2048ee fix lint 2020-12-15 20:49:55 -08:00
ValarDragon
2d081cd315 UniformRand updates 2020-12-15 20:49:55 -08:00
ValarDragon
530d618cca Change test_rng import to ark-std 2020-12-15 20:49:55 -08:00
Antoine Rondelet
b17b17efcc Fixed broken links (#28) 2020-12-14 07:55:09 -08:00
Pratyush Mishra
7f1fcd6696 Format 2020-12-10 19:06:20 -08:00
Pratyush Mishra
3198749ccb Improvements 2020-12-10 19:06:20 -08:00
Pratyush Mishra
ac0dcc7ae9 Work 2020-12-10 19:06:20 -08:00
Pratyush Mishra
76cc7aa044 Change benchmark order 2020-12-10 19:06:20 -08:00
Pratyush Mishra
c6a51adb77 Move to bencher 2020-12-10 19:06:20 -08:00
Pratyush Mishra
4ab7431059 Reduce number of samples 2020-12-10 19:06:20 -08:00
Pratyush Mishra
651f772755 Move to criterion 2020-12-10 19:06:20 -08:00
Pratyush Mishra
98717da099 Fix MNT4-753 Fq4 Frobenius coefficient 2020-12-10 12:47:25 -08:00
Pratyush Mishra
0486c30b3b Format 2020-12-10 12:47:25 -08:00
Pratyush Mishra
4e45f92ca9 Fixes 2020-12-10 12:47:25 -08:00
Pratyush Mishra
a1ce3291dd Update ed_on_cp6 2020-12-10 12:47:25 -08:00
Pratyush Mishra
1534bbbfdf Update MNT6-298 2020-12-10 12:47:25 -08:00
Pratyush Mishra
6f7235d939 Update MNT4-298 2020-12-10 12:47:25 -08:00
Pratyush Mishra
4b050b1aae Update MNT4-753 2020-12-10 12:47:25 -08:00
Pratyush Mishra
5f62fab169 Update MNT6-753 2020-12-10 12:47:25 -08:00
Pratyush Mishra
9a97d75149 Update edwards curves constants 2020-12-10 12:47:25 -08:00
Pratyush Mishra
7f6ff28e6c Update ed_on_bn254 2020-12-10 12:47:25 -08:00
Pratyush Mishra
128f0f5b65 Update ed_on_bls12_381 2020-12-10 12:47:25 -08:00
Pratyush Mishra
23a25faccf Update ed_on_bls12_377 2020-12-10 12:47:25 -08:00
Pratyush Mishra
abdaafdd54 Update CP6-782 2020-12-10 12:47:25 -08:00
Pratyush Mishra
6a6b3711c6 Update BW6-761 2020-12-10 12:47:25 -08:00
Pratyush Mishra
31664a0e2e Update BN254 2020-12-10 12:47:25 -08:00
Pratyush Mishra
b0565ad0c5 Update BLS12-381 2020-12-10 12:47:25 -08:00
Pratyush Mishra
0445d45c07 Update BLS12-377 2020-12-10 12:47:25 -08:00
therealyingtong
23e87bf224 Correct Base field <-> Scalar field in mnt6298 documentation 2020-11-17 16:55:59 -08:00
Pratyush Mishra
c4e4e18dee Fix benchmark compilation and add benchmarks for Edwards curves 2020-11-11 23:51:00 -08:00
Dev Ojha
e523a7e3fc Add reference to the curve API definitions in the README (#6) 
Co-authored-by: Pratyush Mishra <pratyushmishra@berkeley.edu>
 2020-11-09 14:16:21 -08:00
Pratyush Mishra
66a1fc9cf7 Add constraints for relevant curves (#3) 2020-10-19 12:45:23 -07:00
Pratyush Mishra
f6132a4c0e default-features = false for curve-benches (#2) 2020-10-11 20:40:00 -07:00
Pratyush Mishra
33261b4c41 Update documentation for BLS12 fields (#1) 2020-10-11 20:26:26 -07:00
424 changed files with 10899 additions and 12843 deletions
Expand all files Collapse all files

25
.github/ISSUE_TEMPLATE/bug_report.md vendored Normal file
View File

@@ -0,0 +1,25 @@
---
name: Bug Report
about: Create a report to help us squash bugs!
---
<!-- < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < ☺
v ✰ Thanks for opening an issue! ✰
v Before smashing the submit button please review the template.
v Please also ensure that this is not a duplicate issue :)
☺ > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -->∂
## Summary of Bug
<!-- Concisely describe the issue -->
## Version
<!-- git commit hash or tagged version -->
## Steps to Reproduce
<!-- Also please note what feature flags the library was compiled with? -->
<!-- If this is a build issue, also indicate your OS and compiler versions (clang --version) -->

35
.github/ISSUE_TEMPLATE/feature_request.md vendored Normal file
View File

@@ -0,0 +1,35 @@
---
name: Feature Request
about: Create a proposal to request a feature
---
<!-- < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < ☺
v ✰ Thanks for opening an issue! ✰
v Before smashing the submit button please review the template.
v Word of caution: poorly thought-out proposals may be rejected
v without deliberation
☺ > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -->
## Summary
<!-- Short, concise description of the proposed feature -->
## Problem Definition
<!-- Why do we need this feature?
What problems may be addressed by introducing this feature?
Are there any disadvantages of including this feature? -->
## Proposal
<!-- Detailed description of requirements of implementation -->
____
#### For Admin Use
- [ ] Not duplicate issue
- [ ] Appropriate labels applied
- [ ] Appropriate contributors tagged
- [ ] Contributor assigned/self-assigned

26
.github/PULL_REQUEST_TEMPLATE.md vendored Normal file
View File

@@ -0,0 +1,26 @@
<!-- < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < ☺
v ✰ Thanks for creating a PR! ✰
v Before hitting that submit button please review the checkboxes.
v If a checkbox is n/a - please still include it but + a little note why
☺ > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -->
## Description
<!-- Add a description of the changes that this PR introduces and the files that
are the most critical to review.
-->
closes: #XXXX
---
Before we can merge this PR, please make sure that all the following items have been
checked off. If any of the checklist items are not applicable, please leave them but
write a little note why.
- [ ] Targeted PR against correct branch (master)
- [ ] Linked to Github issue with discussion and accepted design OR have an explanation in the PR that describes this work.
- [ ] Wrote unit tests
- [ ] Updated relevant documentation in the code
- [ ] Added a relevant changelog entry to the `Pending` section in `CHANGELOG.md`
- [ ] Re-reviewed `Files changed` in the Github PR explorer

106
.github/workflows/ci.yml vendored
View File

@@ -14,7 +14,7 @@ jobs:
steps:
- name: Checkout
uses: actions/checkout@v1
uses: actions/checkout@v3
- name: Install Rust
uses: actions-rs/toolchain@v1
with:
@@ -29,8 +29,8 @@ jobs:
command: fmt
args: --all -- --check
test:
name: Test
check:
name: Check
runs-on: ubuntu-latest
env:
RUSTFLAGS: -Dwarnings
@@ -41,7 +41,7 @@ jobs:
- nightly
steps:
- name: Checkout
uses: actions/checkout@v2
uses: actions/checkout@v3
- name: Install Rust (${{ matrix.rust }})
uses: actions-rs/toolchain@v1
@@ -78,29 +78,93 @@ jobs:
args: --all-features --examples --workspace --benches
if: matrix.rust == 'nightly'
- name: Test
uses: actions-rs/cargo@v1
with:
command: test
args: "--workspace \
--all-features \
--exclude curve-benches"
directories: # Job that list subdirectories
name: List directories for parallelizing tests
runs-on: ubuntu-latest
outputs:
dir: ${{ steps.set-dirs.outputs.dir }} # generate output name dir by using inner step output
steps:
- uses: actions/checkout@v3
- id: set-dirs # Give it an id to handle to get step outputs in the outputs key above
run: echo "::set-output name=dir::$(ls -d */ | jq -R -s -c 'split("\n")[:-1]')"
# Define step output named dir base on ls command transformed to JSON thanks to jq
test:
name: Test
runs-on: ubuntu-latest
needs: [directories] # Depends on previous job
strategy:
matrix:
dir: ${{fromJson(needs.directories.outputs.dir)}} # List matrix strategy from directories dynamically
# rust:
# - stable
# - nightly
exclude:
- dir: scripts/
- dir: curve-constraint-tests/
- dir: mnt4_753/
- dir: mnt6_753/
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Run tests
run: |
cd ${{matrix.dir}}
cargo test --all-features
test-mnt4-753:
name: Test (mnt4_753/)
runs-on: macos-latest
needs: [directories] # Waits for the directory listing job
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Run tests
run: |
cd mnt4_753/
cargo test --all-features
test-mnt6-753:
name: Test (mnt6_753/)
runs-on: macos-latest
needs: [directories] # Waits for the directory listing job
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Run tests
run: |
cd mnt6_753/
cargo test --all-features
docs:
name: Check Documentation
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Install Rust
uses: actions-rs/toolchain@v1
with:
profile: minimal
toolchain: stable
override: true
components: rustfmt
- name: cargo doc --all --no-deps --document-private-items --all-features
uses: actions-rs/cargo@v1
with:
command: doc
args: --all --no-deps --document-private-items --all-features
check_no_std:
name: Check no_std
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
uses: actions/checkout@v3
- name: Install Rust (${{ matrix.rust }})
uses: actions-rs/toolchain@v1
with:
toolchain: stable
target: thumbv6m-none-eabi
override: true
- name: Install Rust ARM64 (${{ matrix.rust }})
uses: actions-rs/toolchain@v1
with:
toolchain: stable
@@ -119,10 +183,10 @@ jobs:
uses: actions-rs/cargo@v1
with:
command: check
args: --examples --workspace --exclude ark-curve-tests --exclude ark-curve-benches --target thumbv6m-none-eabi
args: --examples --workspace --exclude ark-curve-constraint-tests --target aarch64-unknown-none
- name: build
uses: actions-rs/cargo@v1
with:
command: build
args: --workspace --exclude ark-curve-tests --exclude ark-curve-benches --target thumbv6m-none-eabi
args: --workspace --exclude ark-curve-constraint-tests --target aarch64-unknown-none

20
.github/workflows/linkify_changelog.yml vendored Normal file
View File

@@ -0,0 +1,20 @@
name: Linkify Changelog
on:
workflow_dispatch
jobs:
linkify:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Add links
run: python3 scripts/linkify_changelog.py CHANGELOG.md
- name: Commit
run: |
git config user.name github-actions
git config user.email github-actions@github.com
git add .
git commit -m "Linkify Changelog"
git push

81
CHANGELOG.md Normal file
View File

@@ -0,0 +1,81 @@
# CHANGELOG
## Pending
- [\#76](https://github.com/arkworks-rs/curves/pull/76) twisted Edwards parameters for bls12-377
- Fixed curve benches
### Breaking changes
- [\#104](https://github.com/arkworks-rs/curves/pull/104) Remove `QUADRATIC_NONRESIDUE` parameter from implementors of `Fp2Config`.
- [\#129](https://github.com/arkworks-rs/curves/pull/129) Implement custom serialization for BLS12-381 for compatibility with the [Zcash lib](https://github.com/zkcrypto/bls12_381).
### Features
- [\#121](https://github.com/arkworks-rs/curves/pull/121) Add the ed25519 curve.
- [\#122](https://github.com/arkworks-rs/curves/pull/122) Add the secp256k1 and secq256k1 curves.
- [\#124](https://github.com/arkworks-rs/curves/pull/124) Add the curve25519 curve.
### Improvements
- [\#70](https://github.com/arkworks-rs/curves/pull/70) Add prepared G2 pairing consistency test.
- [\#74](https://github.com/arkworks-rs/curves/pull/74) Use Scott's subgroup membership tests for `G1` and `G2` of BLS12-381.
- [\#103](https://github.com/arkworks-rs/curves/pull/103) Faster cofactor clearing for BLS12-381.
- [\#107](https://github.com/arkworks-rs/curves/pull/107/) Use 2-NAF of `ATE_LOOP_COUNT` to speed up the Miller loop in MNT curves.
### Bug fixes
## v0.3.0
### Breaking changes
- [\#60](https://github.com/arkworks-rs/curves/pull/60) Change the scalar group generator of `Fr` of `bls12_377` Fr from `11` to `22`.
- [\#61](https://github.com/arkworks-rs/curves/pull/61) Remove `ATE_LOOP_COUNT_IS_NEGATIVE` from BN254 curve parameter.
### Features
- [\#64](https://github.com/arkworks-rs/curves/pull/64) Implement the Bandersnatch curve, another twisted Edwards curve for BLS12-381.
### Improvements
### Bug fixes
## v0.2.0
### Breaking changes
- Requires all crates from `arkworks-rs/algebra` to have version `v0.2.0` or greater.
### Features
- [\#3](https://github.com/arkworks-rs/curves/pull/3) Add constraints for
`ark-bls12-377`,
`ark-ed-on-bls12-377`,
`ark-ed-on-bls12-381`,
`ark-ed-on-bn254`,
`ark-ed-on-cp6-782`,
`ark-ed-on-bw6-761`,
`ark-ed-on-mnt4-298`,
`ark-ed-on-mnt4-753`,
`ark-mnt4-298`,
`ark-mnt6-298`,
`ark-mnt4-753`,
`ark-mnt6-753`.
- [\#7](https://github.com/arkworks-rs/curves/pull/7) Add benchmarks for Edwards curves.
- [\#19](https://github.com/arkworks-rs/curves/pull/19) Change field constants to be provided as normal strings, instead of in Montgomery form.
- [\#53](https://github.com/arkworks-rs/curves/pull/53) Add benchmarks for Pallas and Vesta curves.
### Improvements
- [\#42](https://github.com/arkworks-rs/curves/pull/42) Remove the dependency of `rand_xorshift`.
### Bug fixes
- [\#28](https://github.com/arkworks-rs/curves/pull/28), [\#49](https://github.com/arkworks-rs/curves/pull/49) Fix broken documentation links.
- [\#38](https://github.com/arkworks-rs/curves/pull/38) Compile with `panic='abort'` in release mode, for safety of the library across FFI boundaries.
- [\#45](https://github.com/arkworks-rs/curves/pull/45) Fix `ark-ed-on-mnt4-753`.
## v0.1.0
Initial Release

65
CONTRIBUTING.md Normal file
View File

@@ -0,0 +1,65 @@
# Contributing
Thank you for considering making contributions to `curves`!
Contributing to this repo can be done in several forms, such as participating in discussion or proposing code changes.
To ensure a smooth workflow for all contributors, the following general procedure for contributing has been established:
1) Either open or find an issue you'd like to help with
2) Participate in thoughtful discussion on that issue
3) If you would like to contribute:
* If the issue is a feature proposal, ensure that the proposal has been accepted
* Ensure that nobody else has already begun working on this issue.
If they have, please try to contact them to collaborate
* If nobody has been assigned for the issue and you would like to work on it, make a comment on the issue to inform the community of your intentions to begin work. (So we can avoid duplication of efforts)
* We suggest using standard Github best practices for contributing: fork the repo, branch from the HEAD of `master`, make some commits on your branch, and submit a PR from the branch to `master`.
More detail on this is below
* Be sure to include a relevant change log entry in the Pending section of CHANGELOG.md (see file for log format)
* If the change is breaking, we may add migration instructions.
Note that for very small or clear problems (such as typos), or well isolated improvements, it is not required to an open issue to submit a PR.
But be aware that for more complex problems/features touching multiple parts of the codebase, if a PR is opened before an adequate design discussion has taken place in a github issue, that PR runs a larger likelihood of being rejected.
Looking for a good place to start contributing? How about checking out some good first issues
## Branch Structure
`curves` has its default branch as `master`, which is where PRs are merged into. Releases will be periodically made, on no set schedule.
All other branches should be assumed to be miscellaneous feature development branches.
All downstream users of the library should be using tagged versions of the library pulled from cargo.
## How to work on a fork
Please skip this section if you're familiar with contributing to opensource github projects.
First fork the repo from the github UI, and clone it locally.
Then in the repo, you want to add the repo you forked from as a new remote. You do this as:
```bash
git remote add upstream git@github.com:arkworks-rs/curves.git
```
Then the way you make code contributions is to first think of a branch name that describes your change.
Then do the following:
```bash
git checkout master
git pull upstream master
git checkout -b $NEW_BRANCH_NAME
```
and then work as normal on that branch, and pull request to upstream master when you're done =)
## Updating documentation
All PRs should aim to leave the code more documented than it started with.
Please don't assume that its easy to infer what the code is doing,
as that is usually not the case for these complex protocols.
(Even when you already understand the paper!)
Its often very useful to describe what is the high level view of what a code block is doing,
and either refer to the relevant section of a paper or include a short proof/argument for why it makes sense before the actual logic.
## Performance improvements
All performance improvements should be accompanied with benchmarks improving, or otherwise have it be clear that things have improved.
For some areas of the codebase, performance roughly follows the number of field multiplications, but there are also many areas where
hard to predict low level system effects such as cache locality and superscalar operations become important for performance.
Thus performance can often become very non-intuitive / diverge from minimizing the number of arithmetic operations.

458
Cargo.lock generated
View File

@@ -1,458 +0,0 @@
# This file is automatically @generated by Cargo.
# It is not intended for manual editing.
[[package]]
name = "ark-bls12-377"
version = "0.1.0"
dependencies = [
"ark-curve-tests",
"ark-ec",
"ark-ff",
"ark-serialize",
"ark-std",
"rand",
"rand_xorshift",
]
[[package]]
name = "ark-bls12-381"
version = "0.1.0"
dependencies = [
"ark-curve-tests",
"ark-ec",
"ark-ff",
"ark-serialize",
"ark-std",
"rand",
"rand_xorshift",
]
[[package]]
name = "ark-bn254"
version = "0.1.0"
dependencies = [
"ark-curve-tests",
"ark-ec",
"ark-ff",
"ark-serialize",
"ark-std",
"rand",
"rand_xorshift",
]
[[package]]
name = "ark-bw6-761"
version = "0.1.0"
dependencies = [
"ark-bls12-377",
"ark-curve-tests",
"ark-ec",
"ark-ff",
"ark-serialize",
"ark-std",
"rand",
"rand_xorshift",
]
[[package]]
name = "ark-cp6-782"
version = "0.1.0"
dependencies = [
"ark-bls12-377",
"ark-curve-tests",
"ark-ec",
"ark-ff",
"ark-serialize",
"ark-std",
"rand",
"rand_xorshift",
]
[[package]]
name = "ark-curve-benches"
version = "0.1.1-alpha.0"
dependencies = [
"ark-bls12-377",
"ark-bls12-381",
"ark-bn254",
"ark-bw6-761",
"ark-cp6-782",
"ark-ec",
"ark-ff",
"ark-mnt4-298",
"ark-mnt4-753",
"ark-mnt6-298",
"ark-mnt6-753",
"ark-serialize",
"paste",
"rand",
"rand_xorshift",
"rustc_version",
]
[[package]]
name = "ark-curve-tests"
version = "0.1.0"
dependencies = [
"ark-ec",
"ark-ff",
"ark-serialize",
"ark-std",
"rand",
"rand_xorshift",
]
[[package]]
name = "ark-ec"
version = "0.1.0"
source = "git+https://github.com/arkworks-rs/algebra#d5202f896ca9700c5c22d7a1266ada600f913dc4"
dependencies = [
"ark-ff",
"ark-serialize",
"ark-std",
"derivative",
"num-traits",
"rand",
]
[[package]]
name = "ark-ed-on-bls12-377"
version = "0.1.0"
dependencies = [
"ark-bls12-377",
"ark-curve-tests",
"ark-ec",
"ark-ff",
"ark-serialize",
"ark-std",
"rand",
"rand_xorshift",
]
[[package]]
name = "ark-ed-on-bls12-381"
version = "0.1.0"
dependencies = [
"ark-bls12-381",
"ark-curve-tests",
"ark-ec",
"ark-ff",
"ark-serialize",
"ark-std",
"rand",
"rand_xorshift",
]
[[package]]
name = "ark-ed-on-bn254"
version = "0.1.0"
dependencies = [
"ark-bn254",
"ark-curve-tests",
"ark-ec",
"ark-ff",
"ark-serialize",
"ark-std",
"rand",
"rand_xorshift",
]
[[package]]
name = "ark-ed-on-bw6-761"
version = "0.1.0"
dependencies = [
"ark-ed-on-cp6-782",
]
[[package]]
name = "ark-ed-on-cp6-782"
version = "0.1.0"
dependencies = [
"ark-bls12-377",
"ark-curve-tests",
"ark-ec",
"ark-ff",
"ark-serialize",
"ark-std",
"rand",
"rand_xorshift",
]
[[package]]
name = "ark-ed-on-mnt4-298"
version = "0.1.0"
dependencies = [
"ark-curve-tests",
"ark-ec",
"ark-ff",
"ark-mnt4-298",
"ark-serialize",
"ark-std",
"rand",
"rand_xorshift",
]
[[package]]
name = "ark-ff"
version = "0.1.0"
source = "git+https://github.com/arkworks-rs/algebra#d5202f896ca9700c5c22d7a1266ada600f913dc4"
dependencies = [
"ark-ff-asm",
"ark-serialize",
"ark-std",
"derivative",
"num-traits",
"rand",
"rustc_version",
]
[[package]]
name = "ark-ff-asm"
version = "0.1.0"
source = "git+https://github.com/arkworks-rs/algebra#d5202f896ca9700c5c22d7a1266ada600f913dc4"
dependencies = [
"quote",
"syn",
]
[[package]]
name = "ark-mnt4-298"
version = "0.1.0"
dependencies = [
"ark-curve-tests",
"ark-ec",
"ark-ff",
"ark-serialize",
"ark-std",
"rand",
"rand_xorshift",
]
[[package]]
name = "ark-mnt4-753"
version = "0.1.0"
dependencies = [
"ark-curve-tests",
"ark-ec",
"ark-ff",
"ark-serialize",
"ark-std",
"rand",
"rand_xorshift",
]
[[package]]
name = "ark-mnt6-298"
version = "0.1.0"
dependencies = [
"ark-curve-tests",
"ark-ec",
"ark-ff",
"ark-mnt4-298",
"ark-serialize",
"ark-std",
"rand",
"rand_xorshift",
]
[[package]]
name = "ark-mnt6-753"
version = "0.1.0"
dependencies = [
"ark-curve-tests",
"ark-ec",
"ark-ff",
"ark-mnt4-753",
"ark-serialize",
"ark-std",
"rand",
"rand_xorshift",
]
[[package]]
name = "ark-serialize"
version = "0.1.0"
source = "git+https://github.com/arkworks-rs/algebra#d5202f896ca9700c5c22d7a1266ada600f913dc4"
dependencies = [
"ark-std",
]
[[package]]
name = "ark-std"
version = "0.1.0"
source = "git+https://github.com/arkworks-rs/utils#7bde3ab01799da8429b8fa9c3f152201415cdfe7"
[[package]]
name = "autocfg"
version = "1.0.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "cdb031dd78e28731d87d56cc8ffef4a8f36ca26c38fe2de700543e627f8a464a"
[[package]]
name = "cfg-if"
version = "0.1.10"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4785bdd1c96b2a846b2bd7cc02e86b6b3dbf14e7e53446c4f54c92a361040822"
[[package]]
name = "derivative"
version = "2.1.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "cb582b60359da160a9477ee80f15c8d784c477e69c217ef2cdd4169c24ea380f"
dependencies = [
"proc-macro2",
"quote",
"syn",
]
[[package]]
name = "getrandom"
version = "0.1.15"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "fc587bc0ec293155d5bfa6b9891ec18a1e330c234f896ea47fbada4cadbe47e6"
dependencies = [
"cfg-if",
"libc",
"wasi",
]
[[package]]
name = "libc"
version = "0.2.79"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "2448f6066e80e3bfc792e9c98bf705b4b0fc6e8ef5b43e5889aff0eaa9c58743"
[[package]]
name = "num-traits"
version = "0.2.12"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ac267bcc07f48ee5f8935ab0d24f316fb722d7a1292e2913f0cc196b29ffd611"
dependencies = [
"autocfg",
]
[[package]]
name = "paste"
version = "1.0.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0520af26d4cf99643dbbe093a61507922b57232d9978d8491fdc8f7b44573c8c"
[[package]]
name = "ppv-lite86"
version = "0.2.9"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c36fa947111f5c62a733b652544dd0016a43ce89619538a8ef92724a6f501a20"
[[package]]
name = "proc-macro2"
version = "1.0.24"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1e0704ee1a7e00d7bb417d0770ea303c1bccbabf0ef1667dae92b5967f5f8a71"
dependencies = [
"unicode-xid",
]
[[package]]
name = "quote"
version = "1.0.7"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "aa563d17ecb180e500da1cfd2b028310ac758de548efdd203e18f283af693f37"
dependencies = [
"proc-macro2",
]
[[package]]
name = "rand"
version = "0.7.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6a6b1679d49b24bbfe0c803429aa1874472f50d9b363131f0e89fc356b544d03"
dependencies = [
"getrandom",
"libc",
"rand_chacha",
"rand_core",
"rand_hc",
]
[[package]]
name = "rand_chacha"
version = "0.2.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f4c8ed856279c9737206bf725bf36935d8666ead7aa69b52be55af369d193402"
dependencies = [
"ppv-lite86",
"rand_core",
]
[[package]]
name = "rand_core"
version = "0.5.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "90bde5296fc891b0cef12a6d03ddccc162ce7b2aff54160af9338f8d40df6d19"
dependencies = [
"getrandom",
]
[[package]]
name = "rand_hc"
version = "0.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ca3129af7b92a17112d59ad498c6f81eaf463253766b90396d39ea7a39d6613c"
dependencies = [
"rand_core",
]
[[package]]
name = "rand_xorshift"
version = "0.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "77d416b86801d23dde1aa643023b775c3a462efc0ed96443add11546cdf1dca8"
dependencies = [
"rand_core",
]
[[package]]
name = "rustc_version"
version = "0.2.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "138e3e0acb6c9fb258b19b67cb8abd63c00679d2851805ea151465464fe9030a"
dependencies = [
"semver",
]
[[package]]
name = "semver"
version = "0.9.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1d7eb9ef2c18661902cc47e535f9bc51b78acd254da71d375c2f6720d9a40403"
dependencies = [
"semver-parser",
]
[[package]]
name = "semver-parser"
version = "0.7.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "388a1df253eca08550bef6c72392cfe7c30914bf41df5269b68cbd6ff8f570a3"
[[package]]
name = "syn"
version = "1.0.44"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e03e57e4fcbfe7749842d53e24ccb9aa12b7252dbe5e91d2acad31834c8b8fdd"
dependencies = [
"proc-macro2",
"quote",
"unicode-xid",
]
[[package]]
name = "unicode-xid"
version = "0.2.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f7fe0bb3479651439c9112f72b6c505038574c9fbb575ed1bf3b797fa39dd564"
[[package]]
name = "wasi"
version = "0.9.0+wasi-snapshot-preview1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "cccddf32554fecc6acb585f82a32a72e28b48f8c4c1883ddfeeeaa96f7d8e519"

27
Cargo.toml
View File

@@ -1,8 +1,7 @@
[workspace]
members = [
"curve-benches",
"curve-tests",
"curve-constraint-tests",
"bls12_377",
"ed_on_bls12_377",
@@ -15,9 +14,11 @@ members = [
"bls12_381",
"ed_on_bls12_381",
"ed_on_bls12_381_bandersnatch",
"bn254",
"ed_on_bn254",
"grumpkin",
"mnt4_298",
"mnt6_298",
@@ -25,13 +26,24 @@ members = [
"mnt4_753",
"mnt6_753",
"ed_on_mnt4_298",
"ed_on_mnt4_753",
"pallas",
"vesta",
"secp256k1",
"secq256k1",
"curve25519",
"ed25519",
]
resolver = "2"
[profile.release]
opt-level = 3
lto = "thin"
incremental = true
panic = 'abort'
[profile.bench]
opt-level = 3
@@ -43,6 +55,7 @@ debug-assertions = false
[profile.dev]
opt-level = 0
panic = 'abort'
[profile.test]
opt-level = 3
@@ -50,3 +63,11 @@ lto = "thin"
incremental = true
debug-assertions = true
debug = true
# The following patch is to use a version of ark-r1cs-std compatible with
# v0.4.0 but that includes a cherry-picked commit from after v0.4.0 which fixes
# the in-circuit scalar multiplication of the zero point. The commit is from
# https://github.com/arkworks-rs/r1cs-std/pull/124, without including other
# changes done between v0.4.0 and this fix which would break compatibility.
[patch.crates-io]
ark-r1cs-std = { git = "https://github.com/arnaucube/ark-r1cs-std-cherry-picked/" }

37
README.md
View File

@@ -1,31 +1,36 @@
# Curve implementations
This directory contains implementations of some popular elliptic curves.
This repository contains implementations of some popular elliptic curves. The curve API implemented here matches the curve traits defined [here](https://github.com/arkworks-rs/algebra/blob/master/ec/src/lib.rs) in the [arkworks-rs/algebra](https://github.com/arkworks-rs/algebra) repository.
### BLS12-381 and embedded curves
* [`ark-bls12-381`](bls12-381): Implements the BLS12-381 pairing-friendly curve
* [`ark-ed-on-bls12-381`](ed-on-bls12-381): Implements a Twisted Edwards curve atop the scalar field of BLS12-381
* [`ark-bls12-381`](bls12_381): Implements the BLS12-381 pairing-friendly curve
* [`ark-ed-on-bls12-381`](ed_on_bls12_381): Implements a Twisted Edwards curve atop the scalar field of BLS12-381
* [`ark-ed-on-bls12-381-bandersnatch`](ed_on_bls12_381_bandersnatch): Implements Bandersnatch, another Twisted Edwards curve atop the scalar field of BLS12-381
### BLS12-377 and related curves
* [`ark-bls12-377`](bls12-377): Implements the BLS12-377 pairing-friendly curve
* [`ark-ed-on-bls12-377`](ed-on-bls12-377): Implements a Twisted Edwards curve atop the scalar field of BLS12-377
* [`ark-bls12-377`](bls12_377): Implements the BLS12-377 pairing-friendly curve
* [`ark-ed-on-bls12-377`](ed_on_bls12_377): Implements a Twisted Edwards curve atop the scalar field of BLS12-377
* [`ark-bw6-761`](bw6-761): Implements the BW6-761 pairing-friendly curve, which is a curve whose scalar field equals the base field of BLS12-377
* [`ark-ed-on-bw6-761`](ed-on-bw6-761): Implements a Twisted Edwards curve atop the scalar field of BW6-761
* [`ark-bw6-761`](bw6_761): Implements the BW6-761 pairing-friendly curve, which is a curve whose scalar field equals the base field of BLS12-377
* [`ark-ed-on-bw6-761`](ed_on_bw6_761): Implements a Twisted Edwards curve atop the scalar field of BW6-761
* [`ark-cp6-782`](cp6-782): Implements the CP6-782 pairing-friendly curve, which is a curve whose scalar field equals the base field of BLS12-377
* [`ark-ed-on-cp6-782`](ed-on-cp6-782): Implements a Twisted Edwards curve atop the scalar field of CP6-782. This is the same curve as in `ark-ed-on-bw6-761`
* [`ark-cp6-782`](cp6_782): Implements the CP6-782 pairing-friendly curve, which is a curve whose scalar field equals the base field of BLS12-377
* [`ark-ed-on-cp6-782`](ed_on_cp6_782): Implements a Twisted Edwards curve atop the scalar field of CP6-782. This is the same curve as in `ark-ed-on-bw6-761`
### BN254 and related curves
* [`ark-bn254`](bn254): Implements the BN254 pairing-friendly curve
* [`ark-ed-on-bn254`](ed-on-bn254): Implements a Twisted Edwards curve atop the scalar field of BN254
* [`ark-ed-on-bn254`](ed_on_bn254): Implements a Twisted Edwards curve atop the scalar field of BN254
### MNT-298 cycle of curves and related curves
* [`ark-mnt4-298`](mnt4-298): Implements the MNT4-298 pairing-friendly curve. This curve forms a pairing-friendly cycle with MNT6-298
* [`ark-mnt6-298`](mnt6-298): Implements the MNT6-298 pairing-friendly curve. This curve forms a pairing-friendly cycle with MNT4-298
* [`ark-ed-on-mnt4-298`](ed-on-mnt4-298): Implements a Twisted Edwards curve atop the scalar field of MNT4-298
* [`ark-mnt4-298`](mnt4_298): Implements the MNT4-298 pairing-friendly curve. This curve forms a pairing-friendly cycle with MNT6-298
* [`ark-mnt6-298`](mnt6_298): Implements the MNT6-298 pairing-friendly curve. This curve forms a pairing-friendly cycle with MNT4-298
* [`ark-ed-on-mnt4-298`](ed_on_mnt4_298): Implements a Twisted Edwards curve atop the scalar field of MNT4-298
### MNT-753 cycle of curves and related curves
* [`ark-mnt4-753`](mnt4-753): Implements the MNT4-753 pairing-friendly curve. This curve forms a pairing-friendly cycle with MNT6-753
* [`ark-mnt6-753`](mnt6-753): Implements the MNT6-753 pairing-friendly curve. This curve forms a pairing-friendly cycle with MNT4-753
* [`ark-ed-on-mnt4-753`](ed-on-mnt4-753): Implements a Twisted Edwards curve atop the scalar field of MNT4-753
* [`ark-mnt4-753`](mnt4_753): Implements the MNT4-753 pairing-friendly curve. This curve forms a pairing-friendly cycle with MNT6-753
* [`ark-mnt6-753`](mnt6_753): Implements the MNT6-753 pairing-friendly curve. This curve forms a pairing-friendly cycle with MNT4-753
* [`ark-ed-on-mnt4-753`](ed_on_mnt4_753): Implements a Twisted Edwards curve atop the scalar field of MNT4-753
### [Pasta](https://electriccoin.co/blog/the-pasta-curves-for-halo-2-and-beyond/) cycle of curves
* [`ark-pallas`](pallas): Implements Pallas, a prime-order curve that forms an amicable pair with Vesta
* [`ark-vesta`](vesta): Implements Vesta, a prime-order curve that forms an amicable pair with Pallas

32
bls12_377/Cargo.toml
View File

@@ -1,27 +1,29 @@
[package]
name = "ark-bls12-377"
version = "0.1.0"
version = "0.4.0-alpha.2"
authors = [ "arkworks contributors" ]
description = "The BLS12-377 pairing-friendly elliptic curve"
homepage = "https://arworks.rs"
repository = "https://github.com/arkworks/algebra"
homepage = "https://arkworks.rs"
repository = "https://github.com/arkworks-rs/curves"
documentation = "https://docs.rs/ark-bls12-377/"
keywords = ["cryptography", "finite fields", "elliptic curves" ]
keywords = ["cryptography", "finite-fields", "elliptic-curves" ]
categories = ["cryptography"]
include = ["Cargo.toml", "src", "README.md", "LICENSE-APACHE", "LICENSE-MIT"]
license = "MIT/Apache-2.0"
edition = "2018"
edition = "2021"
[dependencies]
ark-ff = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-ec = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-std = { git = "https://github.com/arkworks-rs/utils", default-features = false }
ark-ff = { version="0.4.0-alpha", default-features = false }
ark-ec = { version="0.4.0-alpha", default-features = false }
ark-r1cs-std = { version="0.4.0-alpha", default-features = false, optional = true }
ark-std = { version = "0.4.0-alpha", default-features = false }
[dev-dependencies]
ark-serialize = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-curve-tests = { path = "../curve-tests", default-features = false }
rand = { version = "0.7", default-features = false }
rand_xorshift = "0.2"
ark-relations = { version="0.4.0-alpha", default-features = false }
ark-serialize = { version = "0.4.0-alpha", default-features = false }
ark-algebra-test-templates = { version = "0.4.0-alpha", default-features = false }
ark-algebra-bench-templates = { version = "0.4.0-alpha", default-features = false }
ark-curve-constraint-tests = { path = "../curve-constraint-tests", default-features = false }
[features]
default = [ "curve" ]
@@ -30,3 +32,9 @@ std = [ "ark-std/std", "ark-ff/std", "ark-ec/std" ]
curve = [ "scalar_field", "base_field" ]
scalar_field = []
base_field = []
r1cs = [ "base_field", "ark-r1cs-std" ]
[[bench]]
name = "bls12_377"
path = "benches/bls12_377.rs"
harness = false

16
bls12_377/benches/bls12_377.rs Normal file
View File

@@ -0,0 +1,16 @@
use ark_algebra_bench_templates::*;
use ark_bls12_377::{
fq::Fq, fq2::Fq2, fr::Fr, Bls12_377, Fq12, G1Projective as G1, G2Projective as G2,
};
bench!(
Name = "Bls12_377",
Pairing = Bls12_377,
G1 = G1,
G2 = G2,
ScalarField = Fr,
G1BaseField = Fq,
G2BaseField = Fq2,
TargetField = Fq12,
);

28
bls12_377/scripts/base_field.sage Normal file
View File

@@ -0,0 +1,28 @@
modulus = 258664426012969094010652733694893533536393512754914660539884262666720468348340822774968888139573360124440321458177
assert(modulus.is_prime())
Fp = GF(modulus)
generator = Fp(0);
for i in range(0, 20):
i = Fp(i);
neg_i = Fp(-i)
if not(i.is_primitive_root() or neg_i.is_primitive_root()):
continue
elif i.is_primitive_root():
assert(i.is_primitive_root());
print("Generator: %d" % i)
generator = i
break
else:
assert(neg_i.is_primitive_root());
print("Generator: %d" % neg_i)
generator = neg_i
break
two_adicity = valuation(modulus - 1, 2);
trace = (modulus - 1) / 2**two_adicity;
two_adic_root_of_unity = generator^trace
print("2-adic Root of Unity: %d " % two_adic_root_of_unity)

28
bls12_377/scripts/scalar_field.sage Normal file
View File

@@ -0,0 +1,28 @@
modulus = 8444461749428370424248824938781546531375899335154063827935233455917409239041
assert(modulus.is_prime())
Fp = GF(modulus)
generator = Fp(0);
for i in range(0, 30):
i = Fp(i);
neg_i = Fp(-i)
if not(i.is_primitive_root() or neg_i.is_primitive_root()):
continue
elif i.is_primitive_root():
assert(i.is_primitive_root());
print("Generator: %d" % i)
generator = i
break
else:
assert(neg_i.is_primitive_root());
print("Generator: %d" % neg_i)
generator = neg_i
break
two_adicity = valuation(modulus - 1, 2);
trace = (modulus - 1) / 2**two_adicity;
two_adic_root_of_unity = generator^trace
print("2-adic Root of Unity: %d " % two_adic_root_of_unity)

39
bls12_377/src/constraints/curves.rs Normal file
View File

@@ -0,0 +1,39 @@
use ark_ec::{bls12::Bls12Config, CurveConfig};
use ark_r1cs_std::{
fields::fp::FpVar,
groups::{bls12, curves::twisted_edwards::AffineVar as TEAffineVar},
};
use crate::Config;
/// An element of G1 in the BLS12-377 bilinear group.
pub type G1Var = bls12::G1Var<Config>;
/// An element of G2 in the BLS12-377 bilinear group.
pub type G2Var = bls12::G2Var<Config>;
/// An element of G1 (in TE Affine form) in the BLS12-377 bilinear group.
pub type G1TEAffineVar = TEAffineVar<
<Config as Bls12Config>::G1Config,
FpVar<<<Config as Bls12Config>::G1Config as CurveConfig>::BaseField>,
>;
/// Represents the cached precomputation that can be performed on a G1 element
/// which enables speeding up pairing computation.
pub type G1PreparedVar = bls12::G1PreparedVar<Config>;
/// Represents the cached precomputation that can be performed on a G2 element
/// which enables speeding up pairing computation.
pub type G2PreparedVar = bls12::G2PreparedVar<Config>;
#[test]
fn test() {
use ark_ec::models::bls12::Bls12Config;
ark_curve_constraint_tests::curves::sw_test::<<Config as Bls12Config>::G1Config, G1Var>()
.unwrap();
ark_curve_constraint_tests::curves::te_test::<
<Config as Bls12Config>::G1Config,
G1TEAffineVar,
>()
.unwrap();
ark_curve_constraint_tests::curves::sw_test::<<Config as Bls12Config>::G2Config, G2Var>()
.unwrap();
}

32
bls12_377/src/constraints/fields.rs Normal file
View File

@@ -0,0 +1,32 @@
use ark_r1cs_std::fields::{fp::FpVar, fp12::Fp12Var, fp2::Fp2Var, fp6_3over2::Fp6Var};
use crate::{Fq, Fq12Config, Fq2Config, Fq6Config};
/// A variable that is the R1CS equivalent of `crate::Fq`.
pub type FqVar = FpVar<Fq>;
/// A variable that is the R1CS equivalent of `crate::Fq2`.
pub type Fq2Var = Fp2Var<Fq2Config>;
/// A variable that is the R1CS equivalent of `crate::Fq6`.
pub type Fq6Var = Fp6Var<Fq6Config>;
/// A variable that is the R1CS equivalent of `crate::Fq12`.
pub type Fq12Var = Fp12Var<Fq12Config>;
#[test]
fn bls12_377_field_test() {
use super::*;
use crate::{Fq, Fq12, Fq2, Fq6};
use ark_curve_constraint_tests::fields::*;
field_test::<_, _, FqVar>().unwrap();
frobenius_tests::<Fq, _, FqVar>(13).unwrap();
field_test::<_, _, Fq2Var>().unwrap();
frobenius_tests::<Fq2, _, Fq2Var>(13).unwrap();
field_test::<_, _, Fq6Var>().unwrap();
frobenius_tests::<Fq6, _, Fq6Var>(13).unwrap();
field_test::<_, _, Fq12Var>().unwrap();
frobenius_tests::<Fq12, _, Fq12Var>(13).unwrap();
}

163
bls12_377/src/constraints/mod.rs Normal file
View File

@@ -0,0 +1,163 @@
//! This module implements the R1CS equivalent of `crate`.
//!
//! It implements field variables for `crate::{Fq, Fq2, Fq6, Fq12}`,
//! group variables for `crate::{G1, G2}`, and implements constraint
//! generation for computing `Bls12_377::pairing`.
//!
//! The field underlying these constraints is `crate::Fq`.
//!
//! # Examples
//!
//! One can perform standard algebraic operations on `FqVar`:
//!
//! ```
//! # fn main() -> Result<(), ark_relations::r1cs::SynthesisError> {
//! use ark_std::UniformRand;
//! use ark_relations::r1cs::*;
//! use ark_r1cs_std::prelude::*;
//! use ark_bls12_377::{*, constraints::*};
//!
//! let cs = ConstraintSystem::<Fq>::new_ref();
//! // This rng is just for test purposes; do not use it
//! // in real applications.
//! let mut rng = ark_std::test_rng();
//!
//! // Generate some random `Fq` elements.
//! let a_native = Fq::rand(&mut rng);
//! let b_native = Fq::rand(&mut rng);
//!
//! // Allocate `a_native` and `b_native` as witness variables in `cs`.
//! let a = FqVar::new_witness(ark_relations::ns!(cs, "generate_a"), || Ok(a_native))?;
//! let b = FqVar::new_witness(ark_relations::ns!(cs, "generate_b"), || Ok(b_native))?;
//!
//! // Allocate `a_native` and `b_native` as constants in `cs`. This does not add any
//! // constraints or variables.
//! let a_const = FqVar::new_constant(ark_relations::ns!(cs, "a_as_constant"), a_native)?;
//! let b_const = FqVar::new_constant(ark_relations::ns!(cs, "b_as_constant"), b_native)?;
//!
//! let one = FqVar::one();
//! let zero = FqVar::zero();
//!
//! // Sanity check one + one = two
//! let two = &one + &one + &zero;
//! two.enforce_equal(&one.double()?)?;
//!
//! assert!(cs.is_satisfied()?);
//!
//! // Check that the value of &a + &b is correct.
//! assert_eq!((&a + &b).value()?, a_native + &b_native);
//!
//! // Check that the value of &a * &b is correct.
//! assert_eq!((&a * &b).value()?, a_native * &b_native);
//!
//! // Check that operations on variables and constants are equivalent.
//! (&a + &b).enforce_equal(&(&a_const + &b_const))?;
//! assert!(cs.is_satisfied()?);
//! # Ok(())
//! # }
//! ```
//!
//! One can also perform standard algebraic operations on `G1Var` and `G2Var`:
//!
//! ```
//! # fn main() -> Result<(), ark_relations::r1cs::SynthesisError> {
//! # use ark_std::UniformRand;
//! # use ark_relations::r1cs::*;
//! # use ark_r1cs_std::prelude::*;
//! # use ark_bls12_377::{*, constraints::*};
//!
//! # let cs = ConstraintSystem::<Fq>::new_ref();
//! # let mut rng = ark_std::test_rng();
//!
//! // Generate some random `G1` elements.
//! let a_native = G1Projective::rand(&mut rng);
//! let b_native = G1Projective::rand(&mut rng);
//!
//! // Allocate `a_native` and `b_native` as witness variables in `cs`.
//! let a = G1Var::new_witness(ark_relations::ns!(cs, "a"), || Ok(a_native))?;
//! let b = G1Var::new_witness(ark_relations::ns!(cs, "b"), || Ok(b_native))?;
//!
//! // Allocate `a_native` and `b_native` as constants in `cs`. This does not add any
//! // constraints or variables.
//! let a_const = G1Var::new_constant(ark_relations::ns!(cs, "a_as_constant"), a_native)?;
//! let b_const = G1Var::new_constant(ark_relations::ns!(cs, "b_as_constant"), b_native)?;
//!
//! // This returns the identity of `G1`.
//! let zero = G1Var::zero();
//!
//! // Sanity check one + one = two
//! let two_a = &a + &a + &zero;
//! two_a.enforce_equal(&a.double()?)?;
//!
//! assert!(cs.is_satisfied()?);
//!
//! // Check that the value of &a + &b is correct.
//! assert_eq!((&a + &b).value()?, a_native + &b_native);
//!
//! // Check that operations on variables and constants are equivalent.
//! (&a + &b).enforce_equal(&(&a_const + &b_const))?;
//! assert!(cs.is_satisfied()?);
//! # Ok(())
//! # }
//! ```
//!
//! Finally, one can check pairing computations as well:
//!
//! ```
//! # fn main() -> Result<(), ark_relations::r1cs::SynthesisError> {
//! # use ark_std::UniformRand;
//! # use ark_ec::pairing::Pairing;
//! # use ark_relations::r1cs::*;
//! # use ark_r1cs_std::prelude::*;
//! # use ark_bls12_377::{*, constraints::*};
//!
//! # let cs = ConstraintSystem::<Fq>::new_ref();
//! # let mut rng = ark_std::test_rng();
//!
//! // Generate random `G1` and `G2` elements.
//! let a_native = G1Projective::rand(&mut rng);
//! let b_native = G2Projective::rand(&mut rng);
//!
//! // Allocate `a_native` and `b_native` as witness variables in `cs`.
//! let a = G1Var::new_witness(ark_relations::ns!(cs, "a"), || Ok(a_native))?;
//! let b = G2Var::new_witness(ark_relations::ns!(cs, "b"), || Ok(b_native))?;
//!
//! // Allocate `a_native` and `b_native` as constants in `cs`. This does not add any
//! // constraints or variables.
//! let a_const = G1Var::new_constant(ark_relations::ns!(cs, "a_as_constant"), a_native)?;
//! let b_const = G2Var::new_constant(ark_relations::ns!(cs, "b_as_constant"), b_native)?;
//!
//! let pairing_result_native = Bls12_377::pairing(a_native, b_native);
//!
//! // Prepare `a` and `b` for pairing.
//! let a_prep = constraints::PairingVar::prepare_g1(&a)?;
//! let b_prep = constraints::PairingVar::prepare_g2(&b)?;
//! let pairing_result = constraints::PairingVar::pairing(a_prep, b_prep)?;
//!
//! // Check that the value of &a + &b is correct.
//! assert_eq!(pairing_result.value()?, pairing_result_native.0);
//!
//! // Check that operations on variables and constants are equivalent.
//! let a_prep_const = constraints::PairingVar::prepare_g1(&a_const)?;
//! let b_prep_const = constraints::PairingVar::prepare_g2(&b_const)?;
//! let pairing_result_const = constraints::PairingVar::pairing(a_prep_const, b_prep_const)?;
//! println!("Done here 3");
//!
//! pairing_result.enforce_equal(&pairing_result_const)?;
//! assert!(cs.is_satisfied()?);
//! # Ok(())
//! # }
//! ```
mod fields;
pub use fields::*;
#[cfg(feature = "curve")]
mod curves;
#[cfg(feature = "curve")]
mod pairing;
#[cfg(feature = "curve")]
pub use curves::*;
#[cfg(feature = "curve")]
pub use pairing::*;

13
bls12_377/src/constraints/pairing.rs Normal file
View File

@@ -0,0 +1,13 @@
use crate::Config;
/// Specifies the constraints for computing a pairing in the BLS12-377 bilinear
/// group.
pub type PairingVar = ark_r1cs_std::pairing::bls12::PairingVar<Config>;
#[test]
fn test() {
use crate::Bls12_377;
ark_curve_constraint_tests::pairing::bilinearity_test::<Bls12_377, PairingVar>().unwrap();
ark_curve_constraint_tests::pairing::g2_prepare_consistency_test::<Bls12_377, PairingVar>()
.unwrap();
}

234
bls12_377/src/curves/g1.rs
View File

@@ -1,77 +1,211 @@
use ark_ec::models::{ModelParameters, SWModelParameters};
use ark_ff::{
biginteger::{BigInteger256, BigInteger384},
field_new, Zero,
use ark_ec::models::{
short_weierstrass::{Affine as SWAffine, SWCurveConfig},
twisted_edwards::{
Affine as TEAffine, MontCurveConfig, Projective as TEProjective, TECurveConfig,
},
CurveConfig,
};
use ark_ff::{Field, MontFp, Zero};
use core::ops::Neg;
use crate::{Fq, Fr};
#[derive(Clone, Default, PartialEq, Eq)]
pub struct Parameters;
pub struct Config;
impl ModelParameters for Parameters {
impl CurveConfig for Config {
type BaseField = Fq;
type ScalarField = Fr;
}
impl SWModelParameters for Parameters {
/// COEFF_A = 0
const COEFF_A: Fq = field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0]));
/// COEFF_B = 1
#[rustfmt::skip]
const COEFF_B: Fq = field_new!(Fq, BigInteger384([
0x2cdffffffffff68,
0x51409f837fffffb1,
0x9f7db3a98a7d3ff2,
0x7b4e97b76e7c6305,
0x4cf495bf803c84e8,
0x8d6661e2fdf49a,
]));
/// COFACTOR = (x - 1)^2 / 3 = 30631250834960419227450344600217059328
const COFACTOR: &'static [u64] = &[0x0, 0x170b5d4430000000];
/// COFACTOR_INV = COFACTOR^{-1} mod r
/// = 5285428838741532253824584287042945485047145357130994810877
#[rustfmt::skip]
const COFACTOR_INV: Fr = field_new!(Fr, BigInteger256([
2013239619100046060,
4201184776506987597,
2526766393982337036,
1114629510922847535,
]));
const COFACTOR_INV: Fr = MontFp!("5285428838741532253824584287042945485047145357130994810877");
}
impl SWCurveConfig for Config {
/// COEFF_A = 0
const COEFF_A: Fq = Fq::ZERO;
/// COEFF_B = 1
const COEFF_B: Fq = Fq::ONE;
/// AFFINE_GENERATOR_COEFFS = (G1_GENERATOR_X, G1_GENERATOR_Y)
const AFFINE_GENERATOR_COEFFS: (Self::BaseField, Self::BaseField) =
(G1_GENERATOR_X, G1_GENERATOR_Y);
const GENERATOR: G1SWAffine = G1SWAffine::new_unchecked(G1_GENERATOR_X, G1_GENERATOR_Y);
#[inline(always)]
fn mul_by_a(_: &Self::BaseField) -> Self::BaseField {
fn mul_by_a(_: Self::BaseField) -> Self::BaseField {
Self::BaseField::zero()
}
}
pub type G1SWAffine = SWAffine<Config>;
pub type G1TEAffine = TEAffine<Config>;
pub type G1TEProjective = TEProjective<Config>;
/// Bls12_377::G1 also has a twisted Edwards form.
/// It can be obtained via the following script, implementing
/// 1. SW -> Montgomery -> TE1 transformation: <https://en.wikipedia.org/wiki/Montgomery_curve>
/// 2. TE1 -> TE2 normalization (enforcing `a = -1`)
/// ``` sage
/// # modulus
/// p = 0x1ae3a4617c510eac63b05c06ca1493b1a22d9f300f5138f1ef3622fba094800170b5d44300000008508c00000000001
/// Fp = Zmod(p)
///
/// #####################################################
/// # Weierstrass curve: y² = x³ + A * x + B
/// #####################################################
/// # curve y^2 = x^3 + 1
/// WA = Fp(0)
/// WB = Fp(1)
///
/// #####################################################
/// # Montgomery curve: By² = x³ + A * x² + x
/// #####################################################
/// # root for x^3 + 1 = 0
/// alpha = -1
/// # s = 1 / (sqrt(3alpha^2 + a))
/// s = 1/(Fp(3).sqrt())
///
/// # MA = 3 * alpha * s
/// MA = Fp(228097355113300204138531148905234651262148041026195375645000724271212049151994375092458297304264351187709081232384)
/// # MB = s
/// MB = Fp(10189023633222963290707194929886294091415157242906428298294512798502806398782149227503530278436336312243746741931)
///
/// # #####################################################
/// # # Twisted Edwards curve 1: a * x² + y² = 1 + d * x² * y²
/// # #####################################################
/// # We first convert to TE form obtaining a curve with a != -1, and then
/// # apply a transformation to obtain a TE curve with a = -1.
/// # a = (MA+2)/MB
/// TE1a = Fp(61134141799337779744243169579317764548490943457438569789767076791016838392692895365021181670618017873462480451583)
/// # b = (MA-2)/MB
/// TE1d = Fp(197530284213631314266409564115575768987902569297476090750117185875703629955647927409947706468955342250977841006588)
///
/// # #####################################################
/// # # Twisted Edwards curve 2: a * x² + y² = 1 + d * x² * y²
/// # #####################################################
/// # a = -1
/// TE2a = Fp(-1)
/// # b = -TE1d/TE1a
/// TE2d = Fp(122268283598675559488486339158635529096981886914877139579534153582033676785385790730042363341236035746924960903179)
/// ```
impl TECurveConfig for Config {
/// COEFF_A = -1
const COEFF_A: Fq = MontFp!("-1");
/// COEFF_D = 122268283598675559488486339158635529096981886914877139579534153582033676785385790730042363341236035746924960903179 mod q
const COEFF_D: Fq = MontFp!("122268283598675559488486339158635529096981886914877139579534153582033676785385790730042363341236035746924960903179");
/// AFFINE_GENERATOR_COEFFS = (GENERATOR_X, GENERATOR_Y)
const GENERATOR: G1TEAffine = G1TEAffine::new_unchecked(TE_GENERATOR_X, TE_GENERATOR_Y);
type MontCurveConfig = Config;
/// Multiplication by `a` is multiply by `-1`.
#[inline(always)]
fn mul_by_a(elem: Self::BaseField) -> Self::BaseField {
elem.neg()
}
}
// BLS12-377::G1 also has a Montgomery form.
// BLS12-377::G1 also has a twisted Edwards form.
// It can be obtained via the following script, implementing
// SW -> Montgomery transformation: <https://en.wikipedia.org/wiki/Montgomery_curve>
// ``` sage
// # modulus
// p=0x1ae3a4617c510eac63b05c06ca1493b1a22d9f300f5138f1ef3622fba094800170b5d44300000008508c00000000001
// Fp=Zmod(p)
//
// #####################################################
// # Weierstrass curve: y² = x³ + A * x + B
// #####################################################
// # curve y^2 = x^3 + 1
// WA=Fp(0)
// WB=Fp(1)
//
// #####################################################
// # Montgomery curve: By² = x³ + A * x² + x
// #####################################################
// # root for x^3 + 1 = 0
// alpha = -1
// # s = 1 / (sqrt(3alpha^2 + a))
// s = 1/(Fp(3).sqrt())
//
// # MA = 3 * alpha * s
// MA=Fp(228097355113300204138531148905234651262148041026195375645000724271212049151994375092458297304264351187709081232384)
// # MB = s
// MB=Fp(10189023633222963290707194929886294091415157242906428298294512798502806398782149227503530278436336312243746741931)
// ```
impl MontCurveConfig for Config {
/// COEFF_A = 228097355113300204138531148905234651262148041026195375645000724271212049151994375092458297304264351187709081232384
const COEFF_A: Fq = MontFp!("228097355113300204138531148905234651262148041026195375645000724271212049151994375092458297304264351187709081232384");
/// COEFF_B = 10189023633222963290707194929886294091415157242906428298294512798502806398782149227503530278436336312243746741931
const COEFF_B: Fq = MontFp!("10189023633222963290707194929886294091415157242906428298294512798502806398782149227503530278436336312243746741931");
type TECurveConfig = Config;
}
/// G1_GENERATOR_X =
/// 81937999373150964239938255573465948239988671502647976594219695644855304257327692006745978603320413799295628339695
#[rustfmt::skip]
pub const G1_GENERATOR_X: Fq = field_new!(Fq, BigInteger384([
0x260f33b9772451f4,
0xc54dd773169d5658,
0x5c1551c469a510dd,
0x761662e4425e1698,
0xc97d78cc6f065272,
0xa41206b361fd4d,
]));
pub const G1_GENERATOR_X: Fq = MontFp!("81937999373150964239938255573465948239988671502647976594219695644855304257327692006745978603320413799295628339695");
/// G1_GENERATOR_Y =
/// 241266749859715473739788878240585681733927191168601896383759122102112907357779751001206799952863815012735208165030
#[rustfmt::skip]
pub const G1_GENERATOR_Y: Fq = field_new!(Fq, BigInteger384([
0x8193961fb8cb81f3,
0x638d4c5f44adb8,
0xfafaf3dad4daf54a,
0xc27849e2d655cd18,
0x2ec3ddb401d52814,
0x7da93326303c71,
]));
pub const G1_GENERATOR_Y: Fq = MontFp!("241266749859715473739788878240585681733927191168601896383759122102112907357779751001206799952863815012735208165030");
// The generator for twisted Edward form is the same SW generator converted into
// the normalized TE form (TE2).
//``` sage
// # following scripts in previous section
// #####################################################
// # Weierstrass curve generator
// #####################################################
// Wx = Fp(81937999373150964239938255573465948239988671502647976594219695644855304257327692006745978603320413799295628339695)
// Wy = Fp(241266749859715473739788878240585681733927191168601896383759122102112907357779751001206799952863815012735208165030)
//
// assert(Wy^2 - Wx^3 - WA * Wx - WB == 0)
//
// #####################################################
// # Montgomery curve generator
// #####################################################
// # x = s * (x - alpha)
// Mx = Fp(251803586774461569862800610331871502335378228972505599912537082323947581271784390797244487924068052270360793200630)
// # y = s * y
// My = Fp(77739247071951651095607889637653357561348174979132042929587539214321586851215673796661346812932566642719051699820)
//
// assert(MB * My^2 == Mx^3+ MA * Mx^2 + Mx)
//
// # #####################################################
// # # Twisted Edwards curve 1 generator
// # #####################################################
// # x = Mx/My
// TE1x = Fp(82241236807150726090333472814441006963902378430536027612759193445733851062772474760677400112551677454953925168208)
// # y = (Mx - 1)/(Mx+1)
// TE1y = Fp(6177051365529633638563236407038680211609544222665285371549726196884440490905471891908272386851767077598415378235)
//
// assert( TE1a * TE1x^2 + TE1y^2 == 1 + TE1d * TE1x^2 * TE1y^2 )
//
//
// # #####################################################
// # # Twisted Edwards curve 2 generator
// # #####################################################
// beta = (-TE1a).sqrt()
// # x = TE1x * sqrt(-TE1a)
// TE2x = Fp(71222569531709137229370268896323705690285216175189308202338047559628438110820800641278662592954630774340654489393)
// # y = TE1y
// TE2y = Fp(6177051365529633638563236407038680211609544222665285371549726196884440490905471891908272386851767077598415378235)
//
// assert( TE2a * TE2x^2 + TE2y^2 == 1 + TE2d * TE2x^2 * TE2y^2 )
// ```
/// TE_GENERATOR_X =
/// 71222569531709137229370268896323705690285216175189308202338047559628438110820800641278662592954630774340654489393
pub const TE_GENERATOR_X: Fq = MontFp!("71222569531709137229370268896323705690285216175189308202338047559628438110820800641278662592954630774340654489393");
/// TE_GENERATOR_Y =
/// 6177051365529633638563236407038680211609544222665285371549726196884440490905471891908272386851767077598415378235
pub const TE_GENERATOR_Y: Fq = MontFp!("6177051365529633638563236407038680211609544222665285371549726196884440490905471891908272386851767077598415378235");

117
bls12_377/src/curves/g2.rs
View File

@@ -1,45 +1,18 @@
use ark_ec::models::{ModelParameters, SWModelParameters};
use ark_ff::{
biginteger::{BigInteger256, BigInteger384},
field_new, Zero,
use ark_ec::{
models::{short_weierstrass::SWCurveConfig, CurveConfig},
short_weierstrass::Affine,
};
use ark_ff::{Field, MontFp, Zero};
use crate::{g1, Fq, Fq2, Fr};
pub type G2Affine = Affine<Config>;
#[derive(Clone, Default, PartialEq, Eq)]
pub struct Parameters;
pub struct Config;
impl ModelParameters for Parameters {
impl CurveConfig for Config {
type BaseField = Fq2;
type ScalarField = Fr;
}
impl SWModelParameters for Parameters {
/// COEFF_A = [0, 0]
#[rustfmt::skip]
const COEFF_A: Fq2 = field_new!(Fq2,
g1::Parameters::COEFF_A,
g1::Parameters::COEFF_A,
);
// As per https://eprint.iacr.org/2012/072.pdf,
// this curve has b' = b/i, where b is the COEFF_B of G1, and x^6 -i is
// the irreducible poly used to extend from Fp2 to Fp12.
// In our case, i = u (App A.3, T_6).
/// COEFF_B = [0,
/// 155198655607781456406391640216936120121836107652948796323930557600032281009004493664981332883744016074664192874906]
#[rustfmt::skip]
const COEFF_B: Fq2 = field_new!(Fq2,
field_new!(Fq, BigInteger384([0, 0, 0, 0, 0, 0])),
field_new!(Fq, BigInteger384([
9255502405446297221,
10229180150694123945,
9215585410771530959,
13357015519562362907,
5437107869987383107,
16259554076827459,
])),
);
/// COFACTOR =
/// 7923214915284317143930293550643874566881017850177945424769256759165301436616933228209277966774092486467289478618404761412630691835764674559376407658497
@@ -57,73 +30,49 @@ impl SWModelParameters for Parameters {
/// COFACTOR_INV = COFACTOR^{-1} mod r
/// = 6764900296503390671038341982857278410319949526107311149686707033187604810669
#[rustfmt::skip]
const COFACTOR_INV: Fr = field_new!(Fr, BigInteger256([
15499857013495546999,
4613531467548868169,
14546778081091178013,
549402535258503313,
]));
const COFACTOR_INV: Fr =
MontFp!("6764900296503390671038341982857278410319949526107311149686707033187604810669");
}
impl SWCurveConfig for Config {
/// COEFF_A = [0, 0]
const COEFF_A: Fq2 = Fq2::new(g1::Config::COEFF_A, g1::Config::COEFF_A);
// As per https://eprint.iacr.org/2012/072.pdf,
// this curve has b' = b/i, where b is the COEFF_B of G1, and x^6 -i is
// the irreducible poly used to extend from Fp2 to Fp12.
// In our case, i = u (App A.3, T_6).
/// COEFF_B = [0,
/// 155198655607781456406391640216936120121836107652948796323930557600032281009004493664981332883744016074664192874906]
const COEFF_B: Fq2 = Fq2::new(
Fq::ZERO,
MontFp!("155198655607781456406391640216936120121836107652948796323930557600032281009004493664981332883744016074664192874906"),
);
/// AFFINE_GENERATOR_COEFFS = (G2_GENERATOR_X, G2_GENERATOR_Y)
const AFFINE_GENERATOR_COEFFS: (Self::BaseField, Self::BaseField) =
(G2_GENERATOR_X, G2_GENERATOR_Y);
const GENERATOR: G2Affine = G2Affine::new_unchecked(G2_GENERATOR_X, G2_GENERATOR_Y);
#[inline(always)]
fn mul_by_a(_: &Self::BaseField) -> Self::BaseField {
fn mul_by_a(_: Self::BaseField) -> Self::BaseField {
Self::BaseField::zero()
}
}
#[rustfmt::skip]
pub const G2_GENERATOR_X: Fq2 = field_new!(Fq2, G2_GENERATOR_X_C0, G2_GENERATOR_X_C1);
#[rustfmt::skip]
pub const G2_GENERATOR_Y: Fq2 = field_new!(Fq2, G2_GENERATOR_Y_C0, G2_GENERATOR_Y_C1);
pub const G2_GENERATOR_X: Fq2 = Fq2::new(G2_GENERATOR_X_C0, G2_GENERATOR_X_C1);
pub const G2_GENERATOR_Y: Fq2 = Fq2::new(G2_GENERATOR_Y_C0, G2_GENERATOR_Y_C1);
/// G2_GENERATOR_X_C0 =
/// 233578398248691099356572568220835526895379068987715365179118596935057653620464273615301663571204657964920925606294
#[rustfmt::skip]
pub const G2_GENERATOR_X_C0: Fq = field_new!(Fq, BigInteger384([
0x68904082f268725b,
0x668f2ea74f45328b,
0xebca7a65802be84f,
0x1e1850f4c1ada3e6,
0x830dc22d588ef1e9,
0x1862a81767c0982,
]));
pub const G2_GENERATOR_X_C0: Fq = MontFp!("233578398248691099356572568220835526895379068987715365179118596935057653620464273615301663571204657964920925606294");
/// G2_GENERATOR_X_C1 =
/// 140913150380207355837477652521042157274541796891053068589147167627541651775299824604154852141315666357241556069118
#[rustfmt::skip]
pub const G2_GENERATOR_X_C1: Fq = field_new!(Fq, BigInteger384([
0x5f02a915c91c7f39,
0xf8c553ba388da2a7,
0xd51a416dbd198850,
0xe943c6f38ae3073a,
0xffe24aa8259a4981,
0x11853391e73dfdd,
]));
pub const G2_GENERATOR_X_C1: Fq = MontFp!("140913150380207355837477652521042157274541796891053068589147167627541651775299824604154852141315666357241556069118");
/// G2_GENERATOR_Y_C0 =
/// 63160294768292073209381361943935198908131692476676907196754037919244929611450776219210369229519898517858833747423
#[rustfmt::skip]
pub const G2_GENERATOR_Y_C0: Fq = field_new!(Fq, BigInteger384([
0xd5b19b897881430f,
0x5be9118a5b371ed,
0x6063f91f86c131ee,
0x3244a61be8f4ec19,
0xa02e425b9f9a3a12,
0x18af8c04f3360d2,
]));
pub const G2_GENERATOR_Y_C0: Fq = MontFp!("63160294768292073209381361943935198908131692476676907196754037919244929611450776219210369229519898517858833747423");
/// G2_GENERATOR_Y_C1 =
/// 149157405641012693445398062341192467754805999074082136895788947234480009303640899064710353187729182149407503257491
#[rustfmt::skip]
pub const G2_GENERATOR_Y_C1: Fq = field_new!(Fq, BigInteger384([
0x57601ac71a5b96f5,
0xe99acc1714f2440e,
0x2339612f10118ea9,
0x8321e68a3b1cd722,
0x2b543b050cc74917,
0x590182b396c112,
]));
pub const G2_GENERATOR_Y_C1: Fq = MontFp!("149157405641012693445398062341192467754805999074082136895788947234480009303640899064710353187729182149407503257491");

31
bls12_377/src/curves/mod.rs
View File

@@ -1,33 +1,36 @@
use crate::*;
use ark_ec::{
bls12,
bls12::{Bls12, Bls12Parameters, TwistType},
bls12::{Bls12, Bls12Config, TwistType},
};
use crate::*;
pub mod g1;
pub mod g2;
#[cfg(test)]
mod tests;
pub struct Parameters;
pub struct Config;
impl Bls12Parameters for Parameters {
impl Bls12Config for Config {
const X: &'static [u64] = &[0x8508c00000000001];
/// `x` is positive.
const X_IS_NEGATIVE: bool = false;
const TWIST_TYPE: TwistType = TwistType::D;
type Fp = Fq;
type Fp2Params = Fq2Parameters;
type Fp6Params = Fq6Parameters;
type Fp12Params = Fq12Parameters;
type G1Parameters = g1::Parameters;
type G2Parameters = g2::Parameters;
type Fp2Config = Fq2Config;
type Fp6Config = Fq6Config;
type Fp12Config = Fq12Config;
type G1Config = g1::Config;
type G2Config = g2::Config;
}
pub type Bls12_377 = Bls12<Parameters>;
pub type Bls12_377 = Bls12<Config>;
pub type G1Affine = bls12::G1Affine<Parameters>;
pub type G1Projective = bls12::G1Projective<Parameters>;
pub type G2Affine = bls12::G2Affine<Parameters>;
pub type G2Projective = bls12::G2Projective<Parameters>;
pub type G1Affine = bls12::G1Affine<Config>;
pub type G1Projective = bls12::G1Projective<Config>;
pub type G2Affine = bls12::G2Affine<Config>;
pub type G2Projective = bls12::G2Projective<Config>;
pub use g1::{G1TEAffine, G1TEProjective};

126
bls12_377/src/curves/tests.rs Normal file → Executable file
View File

@@ -1,121 +1,7 @@
#![allow(unused_imports)]
use ark_ff::{
fields::{Field, FpParameters, PrimeField, SquareRootField},
test_rng, One, Zero,
};
use ark_serialize::CanonicalSerialize;
use crate::{Bls12_377, G1Projective, G2Projective};
use ark_algebra_test_templates::*;
use ark_ec::{models::SWModelParameters, AffineCurve, PairingEngine, ProjectiveCurve};
use core::ops::{AddAssign, MulAssign};
use rand::Rng;
use crate::{g1, g2, Bls12_377, Fq, Fq12, Fq2, Fr, G1Affine, G1Projective, G2Affine, G2Projective};
use ark_curve_tests::{
curves::{curve_tests, sw_tests},
groups::group_test,
};
#[test]
fn test_g1_projective_curve() {
curve_tests::<G1Projective>();
sw_tests::<g1::Parameters>();
}
#[test]
fn test_g1_projective_group() {
let mut rng = test_rng();
let a: G1Projective = rng.gen();
let b: G1Projective = rng.gen();
group_test(a, b);
}
#[test]
fn test_g1_generator() {
let generator = G1Affine::prime_subgroup_generator();
assert!(generator.is_on_curve());
assert!(generator.is_in_correct_subgroup_assuming_on_curve());
}
#[test]
fn test_g2_projective_curve() {
curve_tests::<G2Projective>();
sw_tests::<g2::Parameters>();
}
#[test]
fn test_g2_projective_group() {
let mut rng = test_rng();
let a: G2Projective = rng.gen();
let b: G2Projective = rng.gen();
group_test(a, b);
}
#[test]
fn test_g2_generator() {
let generator = G2Affine::prime_subgroup_generator();
assert!(generator.is_on_curve());
assert!(generator.is_in_correct_subgroup_assuming_on_curve());
}
#[test]
fn test_bilinearity() {
let mut rng = test_rng();
let a: G1Projective = rng.gen();
let b: G2Projective = rng.gen();
let s: Fr = rng.gen();
let mut sa = a;
sa.mul_assign(s);
let mut sb = b;
sb.mul_assign(s);
let ans1 = Bls12_377::pairing(sa, b);
let ans2 = Bls12_377::pairing(a, sb);
let ans3 = Bls12_377::pairing(a, b).pow(s.into_repr());
assert_eq!(ans1, ans2);
assert_eq!(ans2, ans3);
assert_ne!(ans1, Fq12::one());
assert_ne!(ans2, Fq12::one());
assert_ne!(ans3, Fq12::one());
assert_eq!(ans1.pow(Fr::characteristic()), Fq12::one());
assert_eq!(ans2.pow(Fr::characteristic()), Fq12::one());
assert_eq!(ans3.pow(Fr::characteristic()), Fq12::one());
}
#[test]
fn test_g1_generator_raw() {
let mut x = Fq::zero();
let mut i = 0;
loop {
// y^2 = x^3 + b
let mut rhs = x;
rhs.square_in_place();
rhs.mul_assign(&x);
rhs.add_assign(&g1::Parameters::COEFF_B);
if let Some(y) = rhs.sqrt() {
let p = G1Affine::new(x, if y < -y { y } else { -y }, false);
assert!(!p.is_in_correct_subgroup_assuming_on_curve());
let g1 = p.scale_by_cofactor();
if !g1.is_zero() {
assert_eq!(i, 1);
let g1 = G1Affine::from(g1);
assert!(g1.is_in_correct_subgroup_assuming_on_curve());
assert_eq!(g1, G1Affine::prime_subgroup_generator());
break;
}
}
i += 1;
x.add_assign(&Fq::one());
}
}
test_group!(g1; G1Projective; sw);
test_group!(g2; G2Projective; sw);
test_group!(pairing_output; ark_ec::pairing::PairingOutput<Bls12_377>; msm);
test_pairing!(pairing; crate::Bls12_377);

119
bls12_377/src/fields/fq.rs
View File

@@ -1,114 +1,7 @@
use ark_ff::{biginteger::BigInteger384 as BigInteger, field_new, fields::*};
use ark_ff::fields::{Fp384, MontBackend, MontConfig};
pub type Fq = Fp384<FqParameters>;
pub struct FqParameters;
impl Fp384Parameters for FqParameters {}
impl FftParameters for FqParameters {
type BigInt = BigInteger;
const TWO_ADICITY: u32 = 46u32;
#[rustfmt::skip]
const TWO_ADIC_ROOT_OF_UNITY: BigInteger = BigInteger([
2022196864061697551u64,
17419102863309525423u64,
8564289679875062096u64,
17152078065055548215u64,
17966377291017729567u64,
68610905582439508u64,
]);
}
impl FpParameters for FqParameters {
/// MODULUS = 258664426012969094010652733694893533536393512754914660539884262666720468348340822774968888139573360124440321458177
#[rustfmt::skip]
const MODULUS: BigInteger = BigInteger([
0x8508c00000000001,
0x170b5d4430000000,
0x1ef3622fba094800,
0x1a22d9f300f5138f,
0xc63b05c06ca1493b,
0x1ae3a4617c510ea,
]);
const MODULUS_BITS: u32 = 377;
const CAPACITY: u32 = Self::MODULUS_BITS - 1;
const REPR_SHAVE_BITS: u32 = 7;
#[rustfmt::skip]
const R: BigInteger = BigInteger([
202099033278250856u64,
5854854902718660529u64,
11492539364873682930u64,
8885205928937022213u64,
5545221690922665192u64,
39800542322357402u64,
]);
#[rustfmt::skip]
const R2: BigInteger = BigInteger([
0xb786686c9400cd22,
0x329fcaab00431b1,
0x22a5f11162d6b46d,
0xbfdf7d03827dc3ac,
0x837e92f041790bf9,
0x6dfccb1e914b88,
]);
const INV: u64 = 9586122913090633727u64;
// GENERATOR = -5
#[rustfmt::skip]
const GENERATOR: BigInteger = BigInteger([
0xfc0b8000000002fa,
0x97d39cf6e000018b,
0x2072420fbfa05044,
0xcbbcbd50d97c3802,
0xbaf1ec35813f9eb,
0x9974a2c0945ad2,
]);
#[rustfmt::skip]
const MODULUS_MINUS_ONE_DIV_TWO: BigInteger = BigInteger([
0x4284600000000000,
0xb85aea218000000,
0x8f79b117dd04a400,
0x8d116cf9807a89c7,
0x631d82e03650a49d,
0xd71d230be28875,
]);
// T and T_MINUS_ONE_DIV_TWO, where MODULUS - 1 = 2^S * T
// T = (MODULUS - 1) // 2^S =
// 3675842578061421676390135839012792950148785745837396071634149488243117337281387659330802195819009059
#[rustfmt::skip]
const T: BigInteger = BigInteger([
0x7510c00000021423,
0x88bee82520005c2d,
0x67cc03d44e3c7bcd,
0x1701b28524ec688b,
0xe9185f1443ab18ec,
0x6b8,
]);
// (T - 1) // 2 =
// 1837921289030710838195067919506396475074392872918698035817074744121558668640693829665401097909504529
#[rustfmt::skip]
const T_MINUS_ONE_DIV_TWO: BigInteger = BigInteger([
0xba88600000010a11,
0xc45f741290002e16,
0xb3e601ea271e3de6,
0xb80d94292763445,
0x748c2f8a21d58c76,
0x35c,
]);
}
#[allow(dead_code)]
pub const FQ_ONE: Fq = field_new!(Fq, FqParameters::R);
#[allow(dead_code)]
pub const FQ_ZERO: Fq = field_new!(Fq, BigInteger([0, 0, 0, 0, 0, 0]));
#[derive(MontConfig)]
#[modulus = "258664426012969094010652733694893533536393512754914660539884262666720468348340822774968888139573360124440321458177"]
#[generator = "15"]
pub struct FqConfig;
pub type Fq = Fp384<MontBackend<FqConfig, 6>>;

171
bls12_377/src/fields/fq12.rs
View File

@@ -1,161 +1,74 @@
use super::*;
use ark_ff::{biginteger::BigInteger384, field_new, fields::*};
use ark_ff::{fields::*, MontFp};
pub type Fq12 = Fp12<Fq12Parameters>;
use crate::*;
pub type Fq12 = Fp12<Fq12Config>;
#[derive(Clone, Copy)]
pub struct Fq12Parameters;
pub struct Fq12Config;
impl Fp12Parameters for Fq12Parameters {
type Fp6Params = Fq6Parameters;
impl Fp12Config for Fq12Config {
type Fp6Config = Fq6Config;
const NONRESIDUE: Fq6 = field_new!(Fq6, FQ2_ZERO, FQ2_ONE, FQ2_ZERO);
const NONRESIDUE: Fq6 = Fq6::new(Fq2::ZERO, Fq2::ONE, Fq2::ZERO);
#[rustfmt::skip]
const FROBENIUS_COEFF_FP12_C1: &'static [Fq2] = &[
// Fp2::NONRESIDUE^(((q^0) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, BigInteger384([
0x2cdffffffffff68,
0x51409f837fffffb1,
0x9f7db3a98a7d3ff2,
0x7b4e97b76e7c6305,
0x4cf495bf803c84e8,
0x8d6661e2fdf49a,
])),
FQ_ZERO,
),
Fq2::new(Fq::ONE, Fq::ZERO),
// Fp2::NONRESIDUE^(((q^1) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, BigInteger384([
0x6ec47a04a3f7ca9e,
0xa42e0cb968c1fa44,
0x578d5187fbd2bd23,
0x930eeb0ac79dd4bd,
0xa24883de1e09a9ee,
0xdaa7058067d46f,
])),
FQ_ZERO,
Fq2::new(
MontFp!("92949345220277864758624960506473182677953048909283248980960104381795901929519566951595905490535835115111760994353"),
Fq::ZERO,
),
// Fp2::NONRESIDUE^(((q^2) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, BigInteger384([
0x5892506da58478da,
0x133366940ac2a74b,
0x9b64a150cdf726cf,
0x5cc426090a9c587e,
0x5cf848adfdcd640c,
0x4702bf3ac02380,
])),
FQ_ZERO,
Fq2::new(
MontFp!("80949648264912719408558363140637477264845294720710499478137287262712535938301461879813459410946"),
Fq::ZERO,
),
// Fp2::NONRESIDUE^(((q^3) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, BigInteger384([
0x982c13d9d084771f,
0xfd49de0c6da34a32,
0x61a530d183ab0e53,
0xdf8fe44106dd9879,
0x40f29b58d88472bc,
0x158723199046d5d,
])),
FQ_ZERO,
Fq2::new(
MontFp!("216465761340224619389371505802605247630151569547285782856803747159100223055385581585702401816380679166954762214499"),
Fq::ZERO,
),
// Fp2::NONRESIDUE^(((q^4) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, BigInteger384([
0xdacd106da5847973,
0xd8fe2454bac2a79a,
0x1ada4fd6fd832edc,
0xfb9868449d150908,
0xd63eb8aeea32285e,
0x167d6a36f873fd0,
])),
FQ_ZERO,
Fq2::new(
MontFp!("80949648264912719408558363140637477264845294720710499478137287262712535938301461879813459410945"),
Fq::ZERO,
),
// Fp2::NONRESIDUE^(((q^5) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, BigInteger384([
0x296799d52c8cac81,
0x591bd15304e14fee,
0xa17df4987d85130,
0x4c80f9363f3fc3bc,
0x9eaa177aba7ac8ce,
0x7dcb2c189c98ed,
])),
FQ_ZERO,
Fq2::new(
MontFp!("123516416119946754630746545296132064952198520638002533875843642777304321125866014634106496325844844051843001220146"),
Fq::ZERO,
),
// Fp2::NONRESIDUE^(((q^6) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, BigInteger384([
0x823ac00000000099,
0xc5cabdc0b000004f,
0x7f75ae862f8c080d,
0x9ed4423b9278b089,
0x79467000ec64c452,
0x120d3e434c71c50,
])),
field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])),
Fq2::new(
MontFp!("-1"),
Fq::ZERO,
),
// Fp2::NONRESIDUE^(((q^7) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, BigInteger384([
0x164445fb5c083563,
0x72dd508ac73e05bc,
0xc76610a7be368adc,
0x8713eee839573ed1,
0x23f281e24e979f4c,
0xd39340975d3c7b,
])),
FQ_ZERO,
Fq2::new(
MontFp!("165715080792691229252027773188420350858440463845631411558924158284924566418821255823372982649037525009328560463824"),
Fq::ZERO,
),
// Fp2::NONRESIDUE^(((q^8) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, BigInteger384([
0x2c766f925a7b8727,
0x3d7f6b0253d58b5,
0x838ec0deec122131,
0xbd5eb3e9f658bb10,
0x6942bd126ed3e52e,
0x1673786dd04ed6a,
])),
FQ_ZERO,
Fq2::new(
MontFp!("258664426012969093929703085429980814127835149614277183275038967946009968870203535512256352201271898244626862047231"),
Fq::ZERO,
),
// Fp2::NONRESIDUE^(((q^9) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, BigInteger384([
0xecdcac262f7b88e2,
0x19c17f37c25cb5cd,
0xbd4e315e365e39ac,
0x3a92f5b1fa177b15,
0x85486a67941cd67e,
0x55c8147ec0a38d,
])),
FQ_ZERO,
Fq2::new(
MontFp!("42198664672744474621281227892288285906241943207628877683080515507620245292955241189266486323192680957485559243678"),
Fq::ZERO,
),
// Fp2::NONRESIDUE^(((q^10) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, BigInteger384([
0xaa3baf925a7b868e,
0x3e0d38ef753d5865,
0x4191258bc861923,
0x1e8a71ae63e00a87,
0xeffc4d11826f20dc,
0x4663a2a83dd119,
])),
FQ_ZERO,
Fq2::new(
MontFp!("258664426012969093929703085429980814127835149614277183275038967946009968870203535512256352201271898244626862047232"),
Fq::ZERO,
),
// Fp2::NONRESIDUE^(((q^11) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, BigInteger384([
0x5ba1262ad3735380,
0xbdef8bf12b1eb012,
0x14db82e63230f6cf,
0xcda1e0bcc1b54fd3,
0x2790ee45b226806c,
0x1306f19ff2877fd,
])),
FQ_ZERO,
Fq2::new(
MontFp!("135148009893022339379906188398761468584194992116912126664040619889416147222474808140862391813728516072597320238031"),
Fq::ZERO,
),
];
}

88
bls12_377/src/fields/fq2.rs
View File

@@ -1,69 +1,51 @@
use super::*;
use ark_ff::{biginteger::BigInteger384 as BigInteger, field_new, fields::*};
use ark_ff::{fields::*, MontFp};
pub type Fq2 = Fp2<Fq2Parameters>;
use crate::*;
pub struct Fq2Parameters;
pub type Fq2 = Fp2<Fq2Config>;
impl Fp2Parameters for Fq2Parameters {
pub struct Fq2Config;
impl Fp2Config for Fq2Config {
type Fp = Fq;
/// NONRESIDUE = -5
#[rustfmt::skip]
const NONRESIDUE: Fq = field_new!(Fq, BigInteger([
0xfc0b8000000002fa,
0x97d39cf6e000018b,
0x2072420fbfa05044,
0xcbbcbd50d97c3802,
0xbaf1ec35813f9eb,
0x9974a2c0945ad2,
]));
/// QUADRATIC_NONRESIDUE = U
#[rustfmt::skip]
const QUADRATIC_NONRESIDUE: (Fq, Fq) = (
field_new!(Fq, BigInteger([0, 0, 0, 0, 0, 0])),
field_new!(Fq, BigInteger([
202099033278250856u64,
5854854902718660529u64,
11492539364873682930u64,
8885205928937022213u64,
5545221690922665192u64,
39800542322357402u64,
])),
);
const NONRESIDUE: Fq = MontFp!("-5");
/// Coefficients for the Frobenius automorphism.
#[rustfmt::skip]
const FROBENIUS_COEFF_FP2_C1: &'static [Fq] = &[
// NONRESIDUE**(((q^0) - 1) / 2)
field_new!(Fq, BigInteger([
0x2cdffffffffff68,
0x51409f837fffffb1,
0x9f7db3a98a7d3ff2,
0x7b4e97b76e7c6305,
0x4cf495bf803c84e8,
0x8d6661e2fdf49a,
])),
Fq::ONE,
// NONRESIDUE**(((q^1) - 1) / 2)
field_new!(Fq, BigInteger([
0x823ac00000000099,
0xc5cabdc0b000004f,
0x7f75ae862f8c080d,
0x9ed4423b9278b089,
0x79467000ec64c452,
0x120d3e434c71c50,
])),
MontFp!("-1"),
];
#[inline(always)]
fn mul_fp_by_nonresidue(fe: &Self::Fp) -> Self::Fp {
let original = fe;
let mut fe = -fe.double();
fe.double_in_place();
fe - original
fn mul_fp_by_nonresidue_in_place(fe: &mut Self::Fp) -> &mut Self::Fp {
fe.neg_in_place();
*fe = *fe + fe.double_in_place().double_in_place();
fe
}
#[inline(always)]
fn sub_and_mul_fp_by_nonresidue(y: &mut Self::Fp, x: &Self::Fp) {
let mut original = *y;
original += x;
y.double_in_place().double_in_place();
*y += original;
}
#[inline(always)]
fn mul_fp_by_nonresidue_plus_one_and_add(y: &mut Self::Fp, x: &Self::Fp) {
y.double_in_place().double_in_place().neg_in_place();
*y += x;
}
fn mul_fp_by_nonresidue_and_add(y: &mut Self::Fp, x: &Self::Fp) {
let mut original = *y;
original.double_in_place().double_in_place();
original += &*y;
*y = *x;
*y -= original;
}
}
pub const FQ2_ZERO: Fq2 = field_new!(Fq2, FQ_ZERO, FQ_ZERO);
pub const FQ2_ONE: Fq2 = field_new!(Fq2, FQ_ONE, FQ_ZERO);

191
bls12_377/src/fields/fq6.rs
View File

@@ -1,184 +1,79 @@
use super::*;
use ark_ff::{biginteger::BigInteger384, field_new, fields::*};
use ark_ff::{fields::*, MontFp};
pub type Fq6 = Fp6<Fq6Parameters>;
use crate::*;
pub type Fq6 = Fp6<Fq6Config>;
#[derive(Clone, Copy)]
pub struct Fq6Parameters;
pub struct Fq6Config;
impl Fp6Parameters for Fq6Parameters {
type Fp2Params = Fq2Parameters;
impl Fp6Config for Fq6Config {
type Fp2Config = Fq2Config;
/// NONRESIDUE = U
#[rustfmt::skip]
const NONRESIDUE: Fq2 = field_new!(Fq2,
field_new!(Fq, BigInteger384([0, 0, 0, 0, 0, 0])),
field_new!(Fq, BigInteger384([
202099033278250856u64,
5854854902718660529u64,
11492539364873682930u64,
8885205928937022213u64,
5545221690922665192u64,
39800542322357402u64,
])),
);
const NONRESIDUE: Fq2 = Fq2::new(Fq::ZERO, Fq::ONE);
#[rustfmt::skip]
const FROBENIUS_COEFF_FP6_C1: &'static [Fq2] = &[
// Fp2::NONRESIDUE^(((q^0) - 1) / 3)
field_new!(Fq2,
field_new!(Fq, BigInteger384([
0x2cdffffffffff68,
0x51409f837fffffb1,
0x9f7db3a98a7d3ff2,
0x7b4e97b76e7c6305,
0x4cf495bf803c84e8,
0x8d6661e2fdf49a,
])),
field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])),
),
Fq2::new(Fq::ONE, Fq::ZERO),
// Fp2::NONRESIDUE^(((q^1) - 1) / 3)
field_new!(Fq2,
field_new!(Fq, BigInteger384([
0x5892506da58478da,
0x133366940ac2a74b,
0x9b64a150cdf726cf,
0x5cc426090a9c587e,
0x5cf848adfdcd640c,
0x4702bf3ac02380,
])),
field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])),
Fq2::new(
MontFp!("80949648264912719408558363140637477264845294720710499478137287262712535938301461879813459410946"),
Fq::ZERO,
),
// Fp2::NONRESIDUE^(((q^2) - 1) / 3)
field_new!(Fq2,
field_new!(Fq, BigInteger384([
0xdacd106da5847973,
0xd8fe2454bac2a79a,
0x1ada4fd6fd832edc,
0xfb9868449d150908,
0xd63eb8aeea32285e,
0x167d6a36f873fd0,
])),
field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])),
Fq2::new(
MontFp!("80949648264912719408558363140637477264845294720710499478137287262712535938301461879813459410945"),
Fq::ZERO,
),
// Fp2::NONRESIDUE^(((q^3) - 1) / 3)
field_new!(Fq2,
field_new!(Fq, BigInteger384([
0x823ac00000000099,
0xc5cabdc0b000004f,
0x7f75ae862f8c080d,
0x9ed4423b9278b089,
0x79467000ec64c452,
0x120d3e434c71c50,
])),
field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])),
),
Fq2::new(MontFp!("-1"), Fq::ZERO),
// Fp2::NONRESIDUE^(((q^4) - 1) / 3)
field_new!(Fq2,
field_new!(Fq, BigInteger384([
0x2c766f925a7b8727,
0x3d7f6b0253d58b5,
0x838ec0deec122131,
0xbd5eb3e9f658bb10,
0x6942bd126ed3e52e,
0x1673786dd04ed6a,
])),
field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])),
Fq2::new(
MontFp!("258664426012969093929703085429980814127835149614277183275038967946009968870203535512256352201271898244626862047231"),
Fq::ZERO,
),
// Fp2::NONRESIDUE^(((q^5) - 1) / 3)
field_new!(Fq2,
field_new!(Fq, BigInteger384([
0xaa3baf925a7b868e,
0x3e0d38ef753d5865,
0x4191258bc861923,
0x1e8a71ae63e00a87,
0xeffc4d11826f20dc,
0x4663a2a83dd119,
])),
field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])),
Fq2::new(
MontFp!("258664426012969093929703085429980814127835149614277183275038967946009968870203535512256352201271898244626862047232"),
Fq::ZERO,
),
];
#[rustfmt::skip]
const FROBENIUS_COEFF_FP6_C2: &'static [Fq2] = &[
// Fp2::NONRESIDUE^((2*(q^0) - 2) / 3)
field_new!(Fq2,
field_new!(Fq, BigInteger384([
0x2cdffffffffff68,
0x51409f837fffffb1,
0x9f7db3a98a7d3ff2,
0x7b4e97b76e7c6305,
0x4cf495bf803c84e8,
0x8d6661e2fdf49a,
])),
field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])),
),
Fq2::new(Fq::ONE, Fq::ZERO),
// Fp2::NONRESIDUE^((2*(q^1) - 2) / 3)
field_new!(Fq2,
field_new!(Fq, BigInteger384([
0xdacd106da5847973,
0xd8fe2454bac2a79a,
0x1ada4fd6fd832edc,
0xfb9868449d150908,
0xd63eb8aeea32285e,
0x167d6a36f873fd0,
])),
field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])),
Fq2::new(
MontFp!("80949648264912719408558363140637477264845294720710499478137287262712535938301461879813459410945"),
Fq::ZERO
),
// Fp2::NONRESIDUE^((2*(q^2) - 2) / 3)
field_new!(Fq2,
field_new!(Fq, BigInteger384([
0x2c766f925a7b8727,
0x3d7f6b0253d58b5,
0x838ec0deec122131,
0xbd5eb3e9f658bb10,
0x6942bd126ed3e52e,
0x1673786dd04ed6a,
])),
field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])),
Fq2::new(
MontFp!("258664426012969093929703085429980814127835149614277183275038967946009968870203535512256352201271898244626862047231"),
Fq::ZERO,
),
// Fp2::NONRESIDUE^((2*(q^3) - 2) / 3)
field_new!(Fq2,
field_new!(Fq, BigInteger384([
0x2cdffffffffff68,
0x51409f837fffffb1,
0x9f7db3a98a7d3ff2,
0x7b4e97b76e7c6305,
0x4cf495bf803c84e8,
0x8d6661e2fdf49a,
])),
field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])),
),
Fq2::new(Fq::ONE, Fq::ZERO),
// Fp2::NONRESIDUE^((2*(q^4) - 2) / 3)
field_new!(Fq2,
field_new!(Fq, BigInteger384([
0xdacd106da5847973,
0xd8fe2454bac2a79a,
0x1ada4fd6fd832edc,
0xfb9868449d150908,
0xd63eb8aeea32285e,
0x167d6a36f873fd0,
])),
field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])),
Fq2::new(
MontFp!("80949648264912719408558363140637477264845294720710499478137287262712535938301461879813459410945"),
Fq::ZERO,
),
// Fp2::NONRESIDUE^((2*(q^5) - 2) / 3)
field_new!(Fq2,
field_new!(Fq, BigInteger384([
0x2c766f925a7b8727,
0x3d7f6b0253d58b5,
0x838ec0deec122131,
0xbd5eb3e9f658bb10,
0x6942bd126ed3e52e,
0x1673786dd04ed6a,
])),
field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])),
Fq2::new(
MontFp!("258664426012969093929703085429980814127835149614277183275038967946009968870203535512256352201271898244626862047231"),
Fq::ZERO,
),
];
#[inline(always)]
fn mul_fp2_by_nonresidue(fe: &Fq2) -> Fq2 {
fn mul_fp2_by_nonresidue_in_place(fe: &mut Fq2) -> &mut Fq2 {
// Karatsuba multiplication with constant other = u.
let c0 = Fq2Parameters::mul_fp_by_nonresidue(&fe.c1);
let c1 = fe.c0;
field_new!(Fq2, c0, c1)
let old_c0 = fe.c0;
fe.c0 = fe.c1;
Fq2Config::mul_fp_by_nonresidue_in_place(&mut fe.c0);
fe.c1 = old_c0;
fe
}
}

120
bls12_377/src/fields/fr.rs
View File

@@ -1,95 +1,27 @@
use ark_ff::{biginteger::BigInteger256 as BigInteger, fields::*};
//! Bls12-377 scalar field.
/// Roots of unity computed from modulus and R using this sage code:
///
/// ```ignore
/// q = 8444461749428370424248824938781546531375899335154063827935233455917409239041
/// R = 6014086494747379908336260804527802945383293308637734276299549080986809532403 # Montgomery R
/// s = 47
/// o = q - 1
/// F = GF(q)
/// g = F.multiplicative_generator()
/// g = F.multiplicative_generator()
/// assert g.multiplicative_order() == o
/// g2 = g ** (o/2**s)
/// assert g2.multiplicative_order() == 2**s
/// def into_chunks(val, width, n):
/// return [int(int(val) // (2 ** (width * i)) % 2 ** width) for i in range(n)]
/// print("Gen: ", g * R % q)
/// print("Gen: ", into_chunks(g * R % q, 64, 4))
/// print("2-adic gen: ", into_chunks(g2 * R % q, 64, 4))
/// ```
use ark_ff::fields::{Fp256, MontBackend, MontConfig};
pub type Fr = Fp256<FrParameters>;
pub struct FrParameters;
impl Fp256Parameters for FrParameters {}
impl FftParameters for FrParameters {
type BigInt = BigInteger;
const TWO_ADICITY: u32 = 47;
#[rustfmt::skip]
const TWO_ADIC_ROOT_OF_UNITY: BigInteger = BigInteger([
0x3c3d3ca739381fb2,
0x9a14cda3ec99772b,
0xd7aacc7c59724826,
0xd1ba211c5cc349c,
]);
}
impl FpParameters for FrParameters {
/// MODULUS = 8444461749428370424248824938781546531375899335154063827935233455917409239041
#[rustfmt::skip]
const MODULUS: BigInteger = BigInteger([
725501752471715841u64,
6461107452199829505u64,
6968279316240510977u64,
1345280370688173398u64,
]);
const MODULUS_BITS: u32 = 253;
const CAPACITY: u32 = Self::MODULUS_BITS - 1;
const REPR_SHAVE_BITS: u32 = 3;
#[rustfmt::skip]
const R: BigInteger = BigInteger([
9015221291577245683u64,
8239323489949974514u64,
1646089257421115374u64,
958099254763297437u64,
]);
#[rustfmt::skip]
const R2: BigInteger = BigInteger([
2726216793283724667u64,
14712177743343147295u64,
12091039717619697043u64,
81024008013859129u64,
]);
const INV: u64 = 725501752471715839u64;
// GENERATOR = 11
#[rustfmt::skip]
const GENERATOR: BigInteger = BigInteger([
1855201571499933546u64,
8511318076631809892u64,
6222514765367795509u64,
1122129207579058019u64,
]);
/// (r - 1)/2 =
/// 4222230874714185212124412469390773265687949667577031913967616727958704619520
#[rustfmt::skip]
const MODULUS_MINUS_ONE_DIV_TWO: BigInteger = BigInteger([
0x8508c00000000000,
0xacd53b7f68000000,
0x305a268f2e1bd800,
0x955b2af4d1652ab,
]);
// T and T_MINUS_ONE_DIV_TWO, where r - 1 = 2^s * t
/// t = (r - 1) / 2^s =
/// 60001509534603559531609739528203892656505753216962260608619555
#[rustfmt::skip]
const T: BigInteger = BigInteger([
0xedfda00000021423,
0x9a3cb86f6002b354,
0xcabd34594aacc168,
0x2556,
]);
/// (t - 1) / 2 =
/// 30000754767301779765804869764101946328252876608481130304309777
#[rustfmt::skip]
const T_MINUS_ONE_DIV_TWO: BigInteger = BigInteger([
0x76fed00000010a11,
0x4d1e5c37b00159aa,
0x655e9a2ca55660b4,
0x12ab,
]);
}
#[derive(MontConfig)]
#[modulus = "8444461749428370424248824938781546531375899335154063827935233455917409239041"]
#[generator = "22"]
pub struct FrConfig;
pub type Fr = Fp256<MontBackend<FrConfig, 4>>;

398
bls12_377/src/fields/tests.rs
View File

@@ -1,127 +1,52 @@
use ark_algebra_test_templates::*;
use ark_ff::{
biginteger::{BigInteger, BigInteger384},
fields::{
fp6_3over2::Fp6Parameters, FftField, FftParameters, Field, Fp2Parameters, FpParameters,
PrimeField, SquareRootField,
},
test_rng, One, UniformRand, Zero,
biginteger::{BigInt, BigInteger, BigInteger384},
fields::{FftField, Field, Fp6Config, PrimeField},
Fp384, One, UniformRand, Zero,
};
use ark_serialize::{buffer_bit_byte_size, CanonicalSerialize};
use core::{
use ark_std::{
cmp::Ordering,
ops::{AddAssign, MulAssign, SubAssign},
ops::{AddAssign, MulAssign},
test_rng,
};
use rand::{Rng, SeedableRng};
use rand_xorshift::XorShiftRng;
use crate::{Fq, Fq12, Fq2, Fq2Parameters, Fq6, Fq6Parameters, FqParameters, Fr};
use crate::{Fq, Fq12, Fq2, Fq6, Fq6Config, Fr};
use ark_curve_tests::fields::*;
pub(crate) const ITERATIONS: usize = 5;
#[test]
fn test_fr() {
let mut rng = test_rng();
for _ in 0..ITERATIONS {
let a: Fr = rng.gen();
let b: Fr = rng.gen();
field_test(a, b);
primefield_test::<Fr>();
sqrt_field_test(b);
let byte_size = a.serialized_size();
field_serialization_test::<Fr>(byte_size);
}
}
#[test]
fn test_fq() {
let mut rng = test_rng();
for _ in 0..ITERATIONS {
let a: Fq = rng.gen();
let b: Fq = rng.gen();
field_test(a, b);
primefield_test::<Fq>();
sqrt_field_test(a);
let byte_size = a.serialized_size();
let (_, buffer_size) = buffer_bit_byte_size(Fq::size_in_bits());
assert_eq!(byte_size, buffer_size);
field_serialization_test::<Fq>(byte_size);
}
}
#[test]
fn test_fq2() {
let mut rng = test_rng();
for _ in 0..ITERATIONS {
let a: Fq2 = rng.gen();
let b: Fq2 = rng.gen();
field_test(a, b);
sqrt_field_test(a);
}
frobenius_test::<Fq2, _>(Fq::characteristic(), 13);
let byte_size = Fq2::zero().serialized_size();
field_serialization_test::<Fq2>(byte_size);
}
#[test]
fn test_fq6() {
let mut rng = test_rng();
for _ in 0..ITERATIONS {
let g: Fq6 = rng.gen();
let h: Fq6 = rng.gen();
field_test(g, h);
}
frobenius_test::<Fq6, _>(Fq::characteristic(), 13);
let byte_size = Fq6::zero().serialized_size();
field_serialization_test::<Fq6>(byte_size);
}
#[test]
fn test_fq12() {
let mut rng = test_rng();
for _ in 0..ITERATIONS {
let g: Fq12 = rng.gen();
let h: Fq12 = rng.gen();
field_test(g, h);
}
frobenius_test::<Fq12, _>(Fq::characteristic(), 13);
let byte_size = Fq12::zero().serialized_size();
field_serialization_test::<Fq12>(byte_size);
}
test_field!(fr; Fr; mont_prime_field);
test_field!(fq; Fq; mont_prime_field);
test_field!(fq2; Fq2);
test_field!(fq6; Fq6);
test_field!(fq12; Fq12);
#[test]
fn test_fq_repr_from() {
assert_eq!(
BigInteger384::from(100),
BigInteger384([100, 0, 0, 0, 0, 0])
);
assert_eq!(BigInt::from(100u64), BigInt::new([100, 0, 0, 0, 0, 0]));
}
#[test]
fn test_fq_repr_is_odd() {
assert!(!BigInteger384::from(0).is_odd());
assert!(BigInteger384::from(0).is_even());
assert!(BigInteger384::from(1).is_odd());
assert!(!BigInteger384::from(1).is_even());
assert!(!BigInteger384::from(324834872).is_odd());
assert!(BigInteger384::from(324834872).is_even());
assert!(BigInteger384::from(324834873).is_odd());
assert!(!BigInteger384::from(324834873).is_even());
assert!(!BigInteger384::from(0u64).is_odd());
assert!(BigInteger384::from(0u64).is_even());
assert!(BigInteger384::from(1u64).is_odd());
assert!(!BigInteger384::from(1u64).is_even());
assert!(!BigInteger384::from(324834872u64).is_odd());
assert!(BigInteger384::from(324834872u64).is_even());
assert!(BigInteger384::from(324834873u64).is_odd());
assert!(!BigInteger384::from(324834873u64).is_even());
}
#[test]
fn test_fq_repr_is_zero() {
assert!(BigInteger384::from(0).is_zero());
assert!(!BigInteger384::from(1).is_zero());
assert!(!BigInteger384([0, 0, 0, 0, 1, 0]).is_zero());
assert!(BigInteger384::from(0u64).is_zero());
assert!(!BigInteger384::from(1u64).is_zero());
assert!(!BigInt::new([0, 0, 0, 0, 1, 0]).is_zero());
}
#[test]
fn test_fq_repr_num_bits() {
let mut a = BigInteger384::from(0);
let mut a = BigInteger384::from(0u64);
assert_eq!(0, a.num_bits());
a = BigInteger384::from(1);
a = BigInteger384::from(1u64);
for i in 1..385 {
assert_eq!(i, a.num_bits());
a.mul2();
@@ -129,229 +54,16 @@ fn test_fq_repr_num_bits() {
assert_eq!(0, a.num_bits());
}
#[test]
fn test_fq_add_assign() {
// Test associativity
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
for _ in 0..1000 {
// Generate a, b, c and ensure (a + b) + c == a + (b + c).
let a = Fq::rand(&mut rng);
let b = Fq::rand(&mut rng);
let c = Fq::rand(&mut rng);
let mut tmp1 = a;
tmp1.add_assign(&b);
tmp1.add_assign(&c);
let mut tmp2 = b;
tmp2.add_assign(&c);
tmp2.add_assign(&a);
assert_eq!(tmp1, tmp2);
}
}
#[test]
fn test_fq_sub_assign() {
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
for _ in 0..1000 {
// Ensure that (a - b) + (b - a) = 0.
let a = Fq::rand(&mut rng);
let b = Fq::rand(&mut rng);
let mut tmp1 = a;
tmp1.sub_assign(&b);
let mut tmp2 = b;
tmp2.sub_assign(&a);
tmp1.add_assign(&tmp2);
assert!(tmp1.is_zero());
}
}
#[test]
fn test_fq_mul_assign() {
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
for _ in 0..1000000 {
// Ensure that (a * b) * c = a * (b * c)
let a = Fq::rand(&mut rng);
let b = Fq::rand(&mut rng);
let c = Fq::rand(&mut rng);
let mut tmp1 = a;
tmp1.mul_assign(&b);
tmp1.mul_assign(&c);
let mut tmp2 = b;
tmp2.mul_assign(&c);
tmp2.mul_assign(&a);
assert_eq!(tmp1, tmp2);
}
for _ in 0..1000000 {
// Ensure that r * (a + b + c) = r*a + r*b + r*c
let r = Fq::rand(&mut rng);
let mut a = Fq::rand(&mut rng);
let mut b = Fq::rand(&mut rng);
let mut c = Fq::rand(&mut rng);
let mut tmp1 = a;
tmp1.add_assign(&b);
tmp1.add_assign(&c);
tmp1.mul_assign(&r);
a.mul_assign(&r);
b.mul_assign(&r);
c.mul_assign(&r);
a.add_assign(&b);
a.add_assign(&c);
assert_eq!(tmp1, a);
}
}
#[test]
fn test_fq_squaring() {
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
for _ in 0..1000000 {
// Ensure that (a * a) = a^2
let a = Fq::rand(&mut rng);
let mut tmp = a;
tmp.square_in_place();
let mut tmp2 = a;
tmp2.mul_assign(&a);
assert_eq!(tmp, tmp2);
}
}
#[test]
fn test_fq_inverse() {
assert!(Fq::zero().inverse().is_none());
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let one = Fq::one();
for _ in 0..1000 {
// Ensure that a * a^-1 = 1
let mut a = Fq::rand(&mut rng);
let ainv = a.inverse().unwrap();
a.mul_assign(&ainv);
assert_eq!(a, one);
}
}
#[test]
fn test_fq_double_in_place() {
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
for _ in 0..1000 {
// Ensure doubling a is equivalent to adding a to itself.
let mut a = Fq::rand(&mut rng);
let mut b = a;
b.add_assign(&a);
a.double_in_place();
assert_eq!(a, b);
}
}
#[test]
fn test_fq_negate() {
{
let a = -Fq::zero();
assert!(a.is_zero());
}
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
for _ in 0..1000 {
// Ensure (a - (-a)) = 0.
let mut a = Fq::rand(&mut rng);
let b = -a;
a.add_assign(&b);
assert!(a.is_zero());
}
}
#[test]
fn test_fq_pow() {
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
for i in 0..1000 {
// Exponentiate by various small numbers and ensure it consists with repeated
// multiplication.
let a = Fq::rand(&mut rng);
let target = a.pow(&[i]);
let mut c = Fq::one();
for _ in 0..i {
c.mul_assign(&a);
}
assert_eq!(c, target);
}
for _ in 0..1000 {
// Exponentiating by the modulus should have no effect in a prime field.
let a = Fq::rand(&mut rng);
assert_eq!(a, a.pow(Fq::characteristic()));
}
}
#[test]
fn test_fq_sqrt() {
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
assert_eq!(Fq::zero().sqrt().unwrap(), Fq::zero());
for _ in 0..1000 {
// Ensure sqrt(a^2) = a or -a
let a = Fq::rand(&mut rng);
let nega = -a;
let mut b = a;
b.square_in_place();
let b = b.sqrt().unwrap();
assert!(a == b || nega == b);
}
for _ in 0..1000 {
// Ensure sqrt(a)^2 = a for random a
let a = Fq::rand(&mut rng);
if let Some(mut tmp) = a.sqrt() {
tmp.square_in_place();
assert_eq!(a, tmp);
}
}
}
#[test]
fn test_fq_num_bits() {
assert_eq!(FqParameters::MODULUS_BITS, 377);
assert_eq!(FqParameters::CAPACITY, 376);
assert_eq!(Fq::MODULUS_BIT_SIZE, 377);
}
#[test]
fn test_fq_root_of_unity() {
assert_eq!(FqParameters::TWO_ADICITY, 46);
assert_eq!(Fq::TWO_ADICITY, 46);
assert_eq!(
Fq::multiplicative_generator().pow([
Fq::GENERATOR.pow([
0x7510c00000021423,
0x88bee82520005c2d,
0x67cc03d44e3c7bcd,
@@ -359,21 +71,21 @@ fn test_fq_root_of_unity() {
0xe9185f1443ab18ec,
0x6b8
]),
Fq::two_adic_root_of_unity()
Fq::TWO_ADIC_ROOT_OF_UNITY
);
assert_eq!(
Fq::two_adic_root_of_unity().pow([1 << FqParameters::TWO_ADICITY]),
Fq::TWO_ADIC_ROOT_OF_UNITY.pow([1 << Fq::TWO_ADICITY]),
Fq::one()
);
assert!(Fq::multiplicative_generator().sqrt().is_none());
assert!(Fq::GENERATOR.sqrt().is_none());
}
#[test]
fn test_fq_ordering() {
// BigInteger384's ordering is well-tested, but we still need to make sure the
// Fq elements aren't being compared in Montgomery form.
for i in 0..100 {
assert!(Fq::from(BigInteger384::from(i + 1)) > Fq::from(BigInteger384::from(i)));
for i in 0..100u64 {
assert!(Fq::from(Fp384::from(i + 1)) > Fq::from(Fp384::from(i)));
}
}
@@ -383,14 +95,8 @@ fn test_fq_legendre() {
assert_eq!(QuadraticResidue, Fq::one().legendre());
assert_eq!(Zero, Fq::zero().legendre());
assert_eq!(
QuadraticResidue,
Fq::from(BigInteger384::from(4)).legendre()
);
assert_eq!(
QuadraticNonResidue,
Fq::from(BigInteger384::from(5)).legendre()
);
assert_eq!(QuadraticResidue, Fq::from(Fp384::from(4u64)).legendre());
assert_eq!(QuadraticNonResidue, Fq::from(Fp384::from(5u64)).legendre());
}
#[test]
@@ -430,33 +136,13 @@ fn test_fq2_legendre() {
// i^2 = -1
let mut m1 = -Fq2::one();
assert_eq!(QuadraticResidue, m1.legendre());
m1 = Fq6Parameters::mul_fp2_by_nonresidue(&m1);
Fq6Config::mul_fp2_by_nonresidue_in_place(&mut m1);
assert_eq!(QuadraticNonResidue, m1.legendre());
}
#[test]
fn test_fq2_mul_nonresidue() {
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let nqr = Fq2::new(Fq::zero(), Fq::one());
let quadratic_non_residue = Fq2::new(
Fq2Parameters::QUADRATIC_NONRESIDUE.0,
Fq2Parameters::QUADRATIC_NONRESIDUE.1,
);
for _ in 0..1000 {
let mut a = Fq2::rand(&mut rng);
let mut b = a;
a = quadratic_non_residue * &a;
b.mul_assign(&nqr);
assert_eq!(a, b);
}
}
#[test]
fn test_fq6_mul_by_1() {
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let mut rng = test_rng();
for _ in 0..1000 {
let c1 = Fq2::rand(&mut rng);
@@ -472,7 +158,7 @@ fn test_fq6_mul_by_1() {
#[test]
fn test_fq6_mul_by_01() {
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let mut rng = test_rng();
for _ in 0..1000 {
let c0 = Fq2::rand(&mut rng);
@@ -489,7 +175,7 @@ fn test_fq6_mul_by_01() {
#[test]
fn test_fq12_mul_by_014() {
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let mut rng = test_rng();
for _ in 0..1000 {
let c0 = Fq2::rand(&mut rng);
@@ -510,7 +196,7 @@ fn test_fq12_mul_by_014() {
#[test]
fn test_fq12_mul_by_034() {
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let mut rng = test_rng();
for _ in 0..1000 {
let c0 = Fq2::rand(&mut rng);

17
bls12_377/src/lib.rs Normal file → Executable file
View File

@@ -8,16 +8,18 @@
)]
#![forbid(unsafe_code)]
//! This library implements the BLS12_377 curve generated in [[BCGMMW20, “Zexe”]](https://eprint.iacr.org/2018/962).
//! The name denotes that it is a Barreto--Lynn--Scott curve of embedding degree 12,
//! defined over a 377-bit (prime) field. The main feature of this curve is that
//! both the scalar field and the base field are highly 2-adic.
//! (This is in contrast to the BLS12_381 curve for which only the scalar field is highly 2-adic.)
//! This library implements the BLS12_377 curve generated in [\[BCGMMW20, “Zexe”\]](https://eprint.iacr.org/2018/962).
//! The name denotes that it is a Barreto--Lynn--Scott curve of embedding degree
//! 12, defined over a 377-bit (prime) field. The main feature of this curve is
//! that both the scalar field and the base field are highly 2-adic.
//! (This is in contrast to the BLS12_381 curve for which only the scalar field
//! is highly 2-adic.)
//!
//!
//! Curve information:
//! * Base field: q = 258664426012969094010652733694893533536393512754914660539884262666720468348340822774968888139573360124440321458177
//! * Scalar field: r = 8444461749428370424248824938781546531375899335154063827935233455917409239041
//! * Scalar field: r =
//! 8444461749428370424248824938781546531375899335154063827935233455917409239041
//! * valuation(q - 1, 2) = 46
//! * valuation(r - 1, 2) = 47
//! * G1 curve equation: y^2 = x^3 + 1
@@ -29,6 +31,9 @@ mod curves;
mod fields;
#[cfg(feature = "r1cs")]
pub mod constraints;
#[cfg(feature = "curve")]
pub use curves::*;

29
bls12_381/Cargo.toml
View File

@@ -1,27 +1,27 @@
[package]
name = "ark-bls12-381"
version = "0.1.0"
version = "0.4.0-alpha.2"
authors = [ "arkworks contributors" ]
description = "The BLS12-381 pairing-friendly elliptic curve"
homepage = "https://arworks.rs"
repository = "https://github.com/arkworks/algebra"
homepage = "https://arkworks.rs"
repository = "https://github.com/arkworks-rs/curves"
documentation = "https://docs.rs/ark-bls12-381/"
keywords = ["cryptography", "finite fields", "elliptic curves" ]
keywords = ["cryptography", "finite-fields", "elliptic-curves" ]
categories = ["cryptography"]
include = ["Cargo.toml", "src", "README.md", "LICENSE-APACHE", "LICENSE-MIT"]
license = "MIT/Apache-2.0"
edition = "2018"
edition = "2021"
[dependencies]
ark-ff = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-ec = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-std = { git = "https://github.com/arkworks-rs/utils", default-features = false }
ark-ff = { version="0.4.0-alpha", default-features = false }
ark-ec = { version="0.4.0-alpha", default-features = false }
ark-std = { version = "0.4.0-alpha", default-features = false }
ark-serialize = { version = "0.4.0-alpha", default-features = false }
[dev-dependencies]
ark-serialize = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-curve-tests = { path = "../curve-tests", default-features = false }
rand = { version = "0.7", default-features = false }
rand_xorshift = "0.2"
ark-algebra-test-templates = { version = "0.4.0-alpha", default-features = false }
ark-algebra-bench-templates = { version = "0.4.0-alpha", default-features = false }
hex = "^0.4.0"
[features]
default = [ "curve" ]
@@ -29,3 +29,8 @@ std = [ "ark-std/std", "ark-ff/std", "ark-ec/std" ]
curve = [ "scalar_field" ]
scalar_field = []
[[bench]]
name = "bls12_381"
path = "benches/bls12_381.rs"
harness = false

16
bls12_381/benches/bls12_381.rs Normal file
View File

@@ -0,0 +1,16 @@
use ark_algebra_bench_templates::*;
use ark_bls12_381::{
fq::Fq, fq2::Fq2, fr::Fr, Bls12_381, Fq12, G1Projective as G1, G2Projective as G2,
};
bench!(
Name = "Bls12_381",
Pairing = Bls12_381,
G1 = G1,
G2 = G2,
ScalarField = Fr,
G1BaseField = Fq,
G2BaseField = Fq2,
TargetField = Fq12,
);

28
bls12_381/scripts/base_field.sage Normal file
View File

@@ -0,0 +1,28 @@
modulus = 4002409555221667393417789825735904156556882819939007885332058136124031650490837864442687629129015664037894272559787
assert(modulus.is_prime())
Fp = GF(modulus)
generator = Fp(0);
for i in range(0, 20):
i = Fp(i);
neg_i = Fp(-i)
if not(i.is_primitive_root() or neg_i.is_primitive_root()):
continue
elif i.is_primitive_root():
assert(i.is_primitive_root());
print("Generator: %d" % i)
generator = i
break
else:
assert(neg_i.is_primitive_root());
print("Generator: %d" % neg_i)
generator = neg_i
break
two_adicity = valuation(modulus - 1, 2);
trace = (modulus - 1) / 2**two_adicity;
two_adic_root_of_unity = generator^trace
print("2-adic Root of Unity: %d " % two_adic_root_of_unity)

28
bls12_381/scripts/scalar_field.sage Normal file
View File

@@ -0,0 +1,28 @@
modulus = 52435875175126190479447740508185965837690552500527637822603658699938581184513
assert(modulus.is_prime())
Fp = GF(modulus)
generator = Fp(0);
for i in range(0, 20):
i = Fp(i);
neg_i = Fp(-i)
if not(i.is_primitive_root() or neg_i.is_primitive_root()):
continue
elif i.is_primitive_root():
assert(i.is_primitive_root());
print("Generator: %d" % i)
generator = i
break
else:
assert(neg_i.is_primitive_root());
print("Generator: %d" % neg_i)
generator = neg_i
break
two_adicity = valuation(modulus - 1, 2);
trace = (modulus - 1) / 2**two_adicity;
two_adic_root_of_unity = generator^trace
print("2-adic Root of Unity: %d " % two_adic_root_of_unity)

216
bls12_381/src/curves/g1.rs
View File

@@ -1,82 +1,194 @@
use crate::*;
use ark_ec::{
bls12,
models::{ModelParameters, SWModelParameters},
bls12::Bls12Config,
models::CurveConfig,
short_weierstrass::{Affine, SWCurveConfig},
AffineRepr, Group,
};
use ark_ff::{
biginteger::{BigInteger256, BigInteger384},
field_new, Zero,
use ark_ff::{Field, MontFp, PrimeField, Zero};
use ark_serialize::{Compress, SerializationError};
use ark_std::{ops::Neg, One};
use crate::util::{
read_g1_compressed, read_g1_uncompressed, serialize_fq, EncodingFlags, G1_SERIALIZED_SIZE,
};
pub type G1Affine = bls12::G1Affine<crate::Parameters>;
pub type G1Projective = bls12::G1Projective<crate::Parameters>;
pub type G1Affine = bls12::G1Affine<crate::Config>;
pub type G1Projective = bls12::G1Projective<crate::Config>;
#[derive(Clone, Default, PartialEq, Eq)]
pub struct Parameters;
pub struct Config;
impl ModelParameters for Parameters {
impl CurveConfig for Config {
type BaseField = Fq;
type ScalarField = Fr;
}
impl SWModelParameters for Parameters {
/// COEFF_A = 0
const COEFF_A: Fq = field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0]));
/// COEFF_B = 4
#[rustfmt::skip]
const COEFF_B: Fq = field_new!(Fq, BigInteger384([
0xaa270000000cfff3,
0x53cc0032fc34000a,
0x478fe97a6b0a807f,
0xb1d37ebee6ba24d7,
0x8ec9733bbf78ab2f,
0x9d645513d83de7e,
]));
/// COFACTOR = (x - 1)^2 / 3 = 76329603384216526031706109802092473003
const COFACTOR: &'static [u64] = &[0x8c00aaab0000aaab, 0x396c8c005555e156];
/// COFACTOR_INV = COFACTOR^{-1} mod r
/// = 52435875175126190458656871551744051925719901746859129887267498875565241663483
#[rustfmt::skip]
const COFACTOR_INV: Fr = field_new!(Fr, BigInteger256([
288839107172787499,
1152722415086798946,
2612889808468387987,
5124657601728438008,
]));
const COFACTOR_INV: Fr =
MontFp!("52435875175126190458656871551744051925719901746859129887267498875565241663483");
}
impl SWCurveConfig for Config {
/// COEFF_A = 0
const COEFF_A: Fq = Fq::ZERO;
/// COEFF_B = 4
const COEFF_B: Fq = MontFp!("4");
/// AFFINE_GENERATOR_COEFFS = (G1_GENERATOR_X, G1_GENERATOR_Y)
const AFFINE_GENERATOR_COEFFS: (Self::BaseField, Self::BaseField) =
(G1_GENERATOR_X, G1_GENERATOR_Y);
const GENERATOR: G1Affine = G1Affine::new_unchecked(G1_GENERATOR_X, G1_GENERATOR_Y);
#[inline(always)]
fn mul_by_a(_: &Self::BaseField) -> Self::BaseField {
fn mul_by_a(_: Self::BaseField) -> Self::BaseField {
Self::BaseField::zero()
}
#[inline]
fn is_in_correct_subgroup_assuming_on_curve(p: &G1Affine) -> bool {
// Algorithm from Section 6 of https://eprint.iacr.org/2021/1130.
//
// Check that endomorphism_p(P) == -[X^2]P
// An early-out optimization described in Section 6.
// If uP == P but P != point of infinity, then the point is not in the right
// subgroup.
let x_times_p = p.mul_bigint(crate::Config::X);
if x_times_p.eq(p) && !p.infinity {
return false;
}
let minus_x_squared_times_p = x_times_p.mul_bigint(crate::Config::X).neg();
let endomorphism_p = endomorphism(p);
minus_x_squared_times_p.eq(&endomorphism_p)
}
#[inline]
fn clear_cofactor(p: &G1Affine) -> G1Affine {
// Using the effective cofactor, as explained in
// Section 5 of https://eprint.iacr.org/2019/403.pdf.
//
// It is enough to multiply by (1 - x), instead of (x - 1)^2 / 3
let h_eff = one_minus_x().into_bigint();
Config::mul_affine(&p, h_eff.as_ref()).into()
}
fn deserialize_with_mode<R: ark_serialize::Read>(
mut reader: R,
compress: ark_serialize::Compress,
validate: ark_serialize::Validate,
) -> Result<Affine<Self>, ark_serialize::SerializationError> {
let p = if compress == ark_serialize::Compress::Yes {
read_g1_compressed(&mut reader)?
} else {
read_g1_uncompressed(&mut reader)?
};
if validate == ark_serialize::Validate::Yes && !p.is_in_correct_subgroup_assuming_on_curve()
{
return Err(SerializationError::InvalidData);
}
Ok(p)
}
fn serialize_with_mode<W: ark_serialize::Write>(
item: &Affine<Self>,
mut writer: W,
compress: ark_serialize::Compress,
) -> Result<(), SerializationError> {
let encoding = EncodingFlags {
is_compressed: compress == ark_serialize::Compress::Yes,
is_infinity: item.is_zero(),
is_lexographically_largest: item.y > -item.y,
};
let mut p = *item;
if encoding.is_infinity {
p = G1Affine::zero();
}
// need to access the field struct `x` directly, otherwise we get None from xy()
// method
let x_bytes = serialize_fq(p.x);
if encoding.is_compressed {
let mut bytes: [u8; G1_SERIALIZED_SIZE] = x_bytes;
encoding.encode_flags(&mut bytes);
writer.write_all(&bytes)?;
} else {
let mut bytes = [0u8; 2 * G1_SERIALIZED_SIZE];
bytes[0..G1_SERIALIZED_SIZE].copy_from_slice(&x_bytes[..]);
bytes[G1_SERIALIZED_SIZE..].copy_from_slice(&serialize_fq(p.y)[..]);
encoding.encode_flags(&mut bytes);
writer.write_all(&bytes)?;
};
Ok(())
}
fn serialized_size(compress: Compress) -> usize {
if compress == Compress::Yes {
G1_SERIALIZED_SIZE
} else {
G1_SERIALIZED_SIZE * 2
}
}
}
fn one_minus_x() -> Fr {
const X: Fr = Fr::from_sign_and_limbs(!crate::Config::X_IS_NEGATIVE, crate::Config::X);
Fr::one() - X
}
/// G1_GENERATOR_X =
/// 3685416753713387016781088315183077757961620795782546409894578378688607592378376318836054947676345821548104185464507
#[rustfmt::skip]
pub const G1_GENERATOR_X: Fq = field_new!(Fq, BigInteger384([
0x5cb38790fd530c16,
0x7817fc679976fff5,
0x154f95c7143ba1c1,
0xf0ae6acdf3d0e747,
0xedce6ecc21dbf440,
0x120177419e0bfb75,
]));
pub const G1_GENERATOR_X: Fq = MontFp!("3685416753713387016781088315183077757961620795782546409894578378688607592378376318836054947676345821548104185464507");
/// G1_GENERATOR_Y =
/// 1339506544944476473020471379941921221584933875938349620426543736416511423956333506472724655353366534992391756441569
#[rustfmt::skip]
pub const G1_GENERATOR_Y: Fq = field_new!(Fq, BigInteger384([
0xbaac93d50ce72271,
0x8c22631a7918fd8e,
0xdd595f13570725ce,
0x51ac582950405194,
0xe1c8c3fad0059c0,
0xbbc3efc5008a26a,
]));
pub const G1_GENERATOR_Y: Fq = MontFp!("1339506544944476473020471379941921221584933875938349620426543736416511423956333506472724655353366534992391756441569");
/// BETA is a non-trivial cubic root of unity in Fq.
pub const BETA: Fq = MontFp!("793479390729215512621379701633421447060886740281060493010456487427281649075476305620758731620350");
pub fn endomorphism(p: &Affine<Config>) -> Affine<Config> {
// Endomorphism of the points on the curve.
// endomorphism_p(x,y) = (BETA * x, y)
// where BETA is a non-trivial cubic root of unity in Fq.
let mut res = (*p).clone();
res.x *= BETA;
res
}
#[cfg(test)]
mod test {
use super::*;
use ark_std::{rand::Rng, UniformRand};
fn sample_unchecked() -> Affine<g1::Config> {
let mut rng = ark_std::test_rng();
loop {
let x = Fq::rand(&mut rng);
let greatest = rng.gen();
if let Some(p) = Affine::get_point_from_x_unchecked(x, greatest) {
return p;
}
}
}
#[test]
fn test_cofactor_clearing() {
const SAMPLES: usize = 100;
for _ in 0..SAMPLES {
let p: Affine<g1::Config> = sample_unchecked();
let p = p.clear_cofactor();
assert!(p.is_on_curve());
assert!(p.is_in_correct_subgroup_assuming_on_curve());
}
}
}

313
bls12_381/src/curves/g2.rs
View File

@@ -1,30 +1,30 @@
use crate::*;
use ark_std::ops::Neg;
use ark_ec::{
bls12,
models::{ModelParameters, SWModelParameters},
bls12::Bls12Config,
models::CurveConfig,
short_weierstrass::{Affine, Projective, SWCurveConfig},
AffineRepr, CurveGroup, Group,
};
use ark_ff::{
biginteger::{BigInteger256, BigInteger384},
field_new, Zero,
use ark_ff::{Field, MontFp, Zero};
use ark_serialize::{Compress, SerializationError};
use super::util::{serialize_fq, EncodingFlags, G2_SERIALIZED_SIZE};
use crate::{
util::{read_g2_compressed, read_g2_uncompressed},
*,
};
pub type G2Affine = bls12::G2Affine<crate::Parameters>;
pub type G2Projective = bls12::G2Projective<crate::Parameters>;
pub type G2Affine = bls12::G2Affine<crate::Config>;
pub type G2Projective = bls12::G2Projective<crate::Config>;
#[derive(Clone, Default, PartialEq, Eq)]
pub struct Parameters;
pub struct Config;
impl ModelParameters for Parameters {
impl CurveConfig for Config {
type BaseField = Fq2;
type ScalarField = Fr;
}
impl SWModelParameters for Parameters {
/// COEFF_A = [0, 0]
const COEFF_A: Fq2 = field_new!(Fq2, g1::Parameters::COEFF_A, g1::Parameters::COEFF_A,);
/// COEFF_B = [4, 4]
const COEFF_B: Fq2 = field_new!(Fq2, g1::Parameters::COEFF_B, g1::Parameters::COEFF_B,);
/// COFACTOR = (x^8 - 4 x^7 + 5 x^6) - (4 x^4 + 6 x^3 - 4 x^2 - 4 x + 13) //
/// 9
@@ -43,71 +43,254 @@ impl SWModelParameters for Parameters {
/// COFACTOR_INV = COFACTOR^{-1} mod r
/// 26652489039290660355457965112010883481355318854675681319708643586776743290055
#[rustfmt::skip]
const COFACTOR_INV: Fr = field_new!(Fr, BigInteger256([
6746407649509787816,
1304054119431494378,
2461312685643913071,
5956596749362435284,
]));
const COFACTOR_INV: Fr =
MontFp!("26652489039290660355457965112010883481355318854675681319708643586776743290055");
}
impl SWCurveConfig for Config {
/// COEFF_A = [0, 0]
const COEFF_A: Fq2 = Fq2::new(g1::Config::COEFF_A, g1::Config::COEFF_A);
/// COEFF_B = [4, 4]
const COEFF_B: Fq2 = Fq2::new(g1::Config::COEFF_B, g1::Config::COEFF_B);
/// AFFINE_GENERATOR_COEFFS = (G2_GENERATOR_X, G2_GENERATOR_Y)
const AFFINE_GENERATOR_COEFFS: (Self::BaseField, Self::BaseField) =
(G2_GENERATOR_X, G2_GENERATOR_Y);
const GENERATOR: G2Affine = G2Affine::new_unchecked(G2_GENERATOR_X, G2_GENERATOR_Y);
#[inline(always)]
fn mul_by_a(_: &Self::BaseField) -> Self::BaseField {
fn mul_by_a(_: Self::BaseField) -> Self::BaseField {
Self::BaseField::zero()
}
fn is_in_correct_subgroup_assuming_on_curve(point: &G2Affine) -> bool {
// Algorithm from Section 4 of https://eprint.iacr.org/2021/1130.
//
// Checks that [p]P = [X]P
let mut x_times_point = point.mul_bigint(crate::Config::X);
if crate::Config::X_IS_NEGATIVE {
x_times_point = -x_times_point;
}
let p_times_point = p_power_endomorphism(point);
x_times_point.eq(&p_times_point)
}
#[inline]
fn clear_cofactor(p: &G2Affine) -> G2Affine {
// Based on Section 4.1 of https://eprint.iacr.org/2017/419.pdf
// [h(ψ)]P = [x^2 x 1]P + [x 1]ψ(P) + (ψ^2)(2P)
// x = -15132376222941642752
// When multiplying, use -c1 instead, and then negate the result. That's much
// more efficient, since the scalar -c1 has less limbs and a much lower Hamming
// weight.
let x: &'static [u64] = crate::Config::X;
let p_projective = p.into_group();
// [x]P
let x_p = Config::mul_affine(p, &x).neg();
// ψ(P)
let psi_p = p_power_endomorphism(&p);
// (ψ^2)(2P)
let mut psi2_p2 = double_p_power_endomorphism(&p_projective.double());
// tmp = [x]P + ψ(P)
let mut tmp = x_p.clone();
tmp += &psi_p;
// tmp2 = [x^2]P + [x]ψ(P)
let mut tmp2: Projective<Config> = tmp;
tmp2 = tmp2.mul_bigint(x).neg();
// add up all the terms
psi2_p2 += tmp2;
psi2_p2 -= x_p;
psi2_p2 += &-psi_p;
(psi2_p2 - p_projective).into_affine()
}
fn deserialize_with_mode<R: ark_serialize::Read>(
mut reader: R,
compress: ark_serialize::Compress,
validate: ark_serialize::Validate,
) -> Result<Affine<Self>, ark_serialize::SerializationError> {
let p = if compress == ark_serialize::Compress::Yes {
read_g2_compressed(&mut reader)?
} else {
read_g2_uncompressed(&mut reader)?
};
if validate == ark_serialize::Validate::Yes && !p.is_in_correct_subgroup_assuming_on_curve()
{
return Err(SerializationError::InvalidData);
}
Ok(p)
}
fn serialize_with_mode<W: ark_serialize::Write>(
item: &Affine<Self>,
mut writer: W,
compress: ark_serialize::Compress,
) -> Result<(), SerializationError> {
let encoding = EncodingFlags {
is_compressed: compress == ark_serialize::Compress::Yes,
is_infinity: item.is_zero(),
is_lexographically_largest: item.y > -item.y,
};
let mut p = *item;
if encoding.is_infinity {
p = G2Affine::zero();
}
let mut x_bytes = [0u8; G2_SERIALIZED_SIZE];
let c1_bytes = serialize_fq(p.x.c1);
let c0_bytes = serialize_fq(p.x.c0);
x_bytes[0..48].copy_from_slice(&c1_bytes[..]);
x_bytes[48..96].copy_from_slice(&c0_bytes[..]);
if encoding.is_compressed {
let mut bytes: [u8; G2_SERIALIZED_SIZE] = x_bytes;
encoding.encode_flags(&mut bytes);
writer.write_all(&bytes)?;
} else {
let mut bytes = [0u8; 2 * G2_SERIALIZED_SIZE];
let mut y_bytes = [0u8; G2_SERIALIZED_SIZE];
let c1_bytes = serialize_fq(p.y.c1);
let c0_bytes = serialize_fq(p.y.c0);
y_bytes[0..48].copy_from_slice(&c1_bytes[..]);
y_bytes[48..96].copy_from_slice(&c0_bytes[..]);
bytes[0..G2_SERIALIZED_SIZE].copy_from_slice(&x_bytes);
bytes[G2_SERIALIZED_SIZE..].copy_from_slice(&y_bytes);
encoding.encode_flags(&mut bytes);
writer.write_all(&bytes)?;
};
Ok(())
}
fn serialized_size(compress: ark_serialize::Compress) -> usize {
if compress == Compress::Yes {
G2_SERIALIZED_SIZE
} else {
2 * G2_SERIALIZED_SIZE
}
}
}
pub const G2_GENERATOR_X: Fq2 = field_new!(Fq2, G2_GENERATOR_X_C0, G2_GENERATOR_X_C1);
pub const G2_GENERATOR_Y: Fq2 = field_new!(Fq2, G2_GENERATOR_Y_C0, G2_GENERATOR_Y_C1);
pub const G2_GENERATOR_X: Fq2 = Fq2::new(G2_GENERATOR_X_C0, G2_GENERATOR_X_C1);
pub const G2_GENERATOR_Y: Fq2 = Fq2::new(G2_GENERATOR_Y_C0, G2_GENERATOR_Y_C1);
/// G2_GENERATOR_X_C0 =
/// 352701069587466618187139116011060144890029952792775240219908644239793785735715026873347600343865175952761926303160
#[rustfmt::skip]
pub const G2_GENERATOR_X_C0: Fq = field_new!(Fq, BigInteger384([
0xf5f28fa202940a10,
0xb3f5fb2687b4961a,
0xa1a893b53e2ae580,
0x9894999d1a3caee9,
0x6f67b7631863366b,
0x58191924350bcd7,
]));
pub const G2_GENERATOR_X_C0: Fq = MontFp!("352701069587466618187139116011060144890029952792775240219908644239793785735715026873347600343865175952761926303160");
/// G2_GENERATOR_X_C1 =
/// 3059144344244213709971259814753781636986470325476647558659373206291635324768958432433509563104347017837885763365758
#[rustfmt::skip]
pub const G2_GENERATOR_X_C1: Fq = field_new!(Fq, BigInteger384([
0xa5a9c0759e23f606,
0xaaa0c59dbccd60c3,
0x3bb17e18e2867806,
0x1b1ab6cc8541b367,
0xc2b6ed0ef2158547,
0x11922a097360edf3,
]));
pub const G2_GENERATOR_X_C1: Fq = MontFp!("3059144344244213709971259814753781636986470325476647558659373206291635324768958432433509563104347017837885763365758");
/// G2_GENERATOR_Y_C0 =
/// 1985150602287291935568054521177171638300868978215655730859378665066344726373823718423869104263333984641494340347905
#[rustfmt::skip]
pub const G2_GENERATOR_Y_C0: Fq = field_new!(Fq, BigInteger384([
0x4c730af860494c4a,
0x597cfa1f5e369c5a,
0xe7e6856caa0a635a,
0xbbefb5e96e0d495f,
0x7d3a975f0ef25a2,
0x83fd8e7e80dae5,
]));
pub const G2_GENERATOR_Y_C0: Fq = MontFp!("1985150602287291935568054521177171638300868978215655730859378665066344726373823718423869104263333984641494340347905");
/// G2_GENERATOR_Y_C1 =
/// 927553665492332455747201965776037880757740193453592970025027978793976877002675564980949289727957565575433344219582
#[rustfmt::skip]
pub const G2_GENERATOR_Y_C1: Fq = field_new!(Fq, BigInteger384([
0xadc0fc92df64b05d,
0x18aa270a2b1461dc,
0x86adac6a3be4eba0,
0x79495c4ec93da33a,
0xe7175850a43ccaed,
0xb2bc2a163de1bf2,
]));
pub const G2_GENERATOR_Y_C1: Fq = MontFp!("927553665492332455747201965776037880757740193453592970025027978793976877002675564980949289727957565575433344219582");
// psi(x,y) = (x**p * PSI_X, y**p * PSI_Y) is the Frobenius composed
// with the quadratic twist and its inverse
// PSI_X = 1/(u+1)^((p-1)/3)
pub const P_POWER_ENDOMORPHISM_COEFF_0 : Fq2 = Fq2::new(
Fq::ZERO,
MontFp!(
"4002409555221667392624310435006688643935503118305586438271171395842971157480381377015405980053539358417135540939437"
)
);
// PSI_Y = 1/(u+1)^((p-1)/2)
pub const P_POWER_ENDOMORPHISM_COEFF_1: Fq2 = Fq2::new(
MontFp!(
"2973677408986561043442465346520108879172042883009249989176415018091420807192182638567116318576472649347015917690530"),
MontFp!(
"1028732146235106349975324479215795277384839936929757896155643118032610843298655225875571310552543014690878354869257")
);
pub const DOUBLE_P_POWER_ENDOMORPHISM: Fq2 = Fq2::new(
MontFp!("4002409555221667392624310435006688643935503118305586438271171395842971157480381377015405980053539358417135540939436"),
Fq::ZERO
);
pub fn p_power_endomorphism(p: &Affine<Config>) -> Affine<Config> {
// The p-power endomorphism for G2 is defined as follows:
// 1. Note that G2 is defined on curve E': y^2 = x^3 + 4(u+1).
// To map a point (x, y) in E' to (s, t) in E,
// one set s = x / ((u+1) ^ (1/3)), t = y / ((u+1) ^ (1/2)),
// because E: y^2 = x^3 + 4.
// 2. Apply the Frobenius endomorphism (s, t) => (s', t'),
// another point on curve E, where s' = s^p, t' = t^p.
// 3. Map the point from E back to E'; that is,
// one set x' = s' * ((u+1) ^ (1/3)), y' = t' * ((u+1) ^ (1/2)).
//
// To sum up, it maps
// (x,y) -> (x^p / ((u+1)^((p-1)/3)), y^p / ((u+1)^((p-1)/2)))
// as implemented in the code as follows.
let mut res = *p;
res.x.frobenius_map_in_place(1);
res.y.frobenius_map_in_place(1);
let tmp_x = res.x.clone();
res.x.c0 = -P_POWER_ENDOMORPHISM_COEFF_0.c1 * &tmp_x.c1;
res.x.c1 = P_POWER_ENDOMORPHISM_COEFF_0.c1 * &tmp_x.c0;
res.y *= P_POWER_ENDOMORPHISM_COEFF_1;
res
}
/// For a p-power endomorphism psi(P), compute psi(psi(P))
pub fn double_p_power_endomorphism(p: &Projective<Config>) -> Projective<Config> {
let mut res = *p;
res.x *= DOUBLE_P_POWER_ENDOMORPHISM;
res.y = res.y.neg();
res
}
#[cfg(test)]
mod test {
use super::*;
use ark_std::UniformRand;
#[test]
fn test_cofactor_clearing() {
// multiplying by h_eff and clearing the cofactor by the efficient
// endomorphism-based method should yield the same result.
let h_eff: &'static [u64] = &[
0xe8020005aaa95551,
0x59894c0adebbf6b4,
0xe954cbc06689f6a3,
0x2ec0ec69d7477c1a,
0x6d82bf015d1212b0,
0x329c2f178731db95,
0x9986ff031508ffe1,
0x88e2a8e9145ad768,
0x584c6a0ea91b3528,
0xbc69f08f2ee75b3,
];
let mut rng = ark_std::test_rng();
const SAMPLES: usize = 10;
for _ in 0..SAMPLES {
let p = Affine::<g2::Config>::rand(&mut rng);
let optimised = p.clear_cofactor().into_group();
let naive = g2::Config::mul_affine(&p, h_eff);
assert_eq!(optimised, naive);
}
}
}

21
bls12_381/src/curves/mod.rs
View File

@@ -1,9 +1,10 @@
use ark_ec::bls12::{Bls12, Bls12Parameters, TwistType};
use ark_ec::bls12::{Bls12, Bls12Config, TwistType};
use crate::{Fq, Fq12Parameters, Fq2Parameters, Fq6Parameters};
use crate::{Fq, Fq12Config, Fq2Config, Fq6Config};
pub mod g1;
pub mod g2;
pub(crate) mod util;
#[cfg(test)]
mod tests;
@@ -13,18 +14,18 @@ pub use self::{
g2::{G2Affine, G2Projective},
};
pub type Bls12_381 = Bls12<Parameters>;
pub type Bls12_381 = Bls12<Config>;
pub struct Parameters;
pub struct Config;
impl Bls12Parameters for Parameters {
impl Bls12Config for Config {
const X: &'static [u64] = &[0xd201000000010000];
const X_IS_NEGATIVE: bool = true;
const TWIST_TYPE: TwistType = TwistType::M;
type Fp = Fq;
type Fp2Params = Fq2Parameters;
type Fp6Params = Fq6Parameters;
type Fp12Params = Fq12Parameters;
type G1Parameters = self::g1::Parameters;
type G2Parameters = self::g2::Parameters;
type Fp2Config = Fq2Config;
type Fp6Config = Fq6Config;
type Fp12Config = Fq12Config;
type G1Config = self::g1::Config;
type G2Config = self::g2::Config;
}

116
bls12_381/src/curves/tests.rs
View File

@@ -1,116 +0,0 @@
#![allow(unused_imports)]
use ark_ec::{models::SWModelParameters, AffineCurve, PairingEngine, ProjectiveCurve};
use ark_ff::{
fields::{Field, FpParameters, PrimeField, SquareRootField},
test_rng, One, Zero,
};
use ark_serialize::CanonicalSerialize;
use core::ops::{AddAssign, MulAssign};
use rand::Rng;
use crate::{g1, g2, Bls12_381, Fq, Fq12, Fq2, Fr, G1Affine, G1Projective, G2Affine, G2Projective};
use ark_curve_tests::{curves::*, groups::*};
#[test]
fn test_g1_projective_curve() {
curve_tests::<G1Projective>();
sw_tests::<g1::Parameters>();
}
#[test]
fn test_g1_projective_group() {
let mut rng = test_rng();
let a: G1Projective = rng.gen();
let b: G1Projective = rng.gen();
group_test(a, b);
}
#[test]
fn test_g1_generator() {
let generator = G1Affine::prime_subgroup_generator();
assert!(generator.is_on_curve());
assert!(generator.is_in_correct_subgroup_assuming_on_curve());
}
#[test]
fn test_g2_projective_curve() {
curve_tests::<G2Projective>();
sw_tests::<g2::Parameters>();
}
#[test]
fn test_g2_projective_group() {
let mut rng = test_rng();
let a: G2Projective = rng.gen();
let b: G2Projective = rng.gen();
group_test(a, b);
}
#[test]
fn test_g2_generator() {
let generator = G2Affine::prime_subgroup_generator();
assert!(generator.is_on_curve());
assert!(generator.is_in_correct_subgroup_assuming_on_curve());
}
#[test]
fn test_bilinearity() {
let mut rng = test_rng();
let a: G1Projective = rng.gen();
let b: G2Projective = rng.gen();
let s: Fr = rng.gen();
let mut sa = a;
sa.mul_assign(s);
let mut sb = b;
sb.mul_assign(s);
let ans1 = Bls12_381::pairing(sa, b);
let ans2 = Bls12_381::pairing(a, sb);
let ans3 = Bls12_381::pairing(a, b).pow(s.into_repr());
assert_eq!(ans1, ans2);
assert_eq!(ans2, ans3);
assert_ne!(ans1, Fq12::one());
assert_ne!(ans2, Fq12::one());
assert_ne!(ans3, Fq12::one());
assert_eq!(ans1.pow(Fr::characteristic()), Fq12::one());
assert_eq!(ans2.pow(Fr::characteristic()), Fq12::one());
assert_eq!(ans3.pow(Fr::characteristic()), Fq12::one());
}
#[test]
fn test_g1_generator_raw() {
let mut x = Fq::zero();
let mut i = 0;
loop {
// y^2 = x^3 + b
let mut rhs = x;
rhs.square_in_place();
rhs.mul_assign(&x);
rhs.add_assign(&g1::Parameters::COEFF_B);
if let Some(y) = rhs.sqrt() {
let p = G1Affine::new(x, if y < -y { y } else { -y }, false);
assert!(!p.is_in_correct_subgroup_assuming_on_curve());
let g1 = p.scale_by_cofactor();
if !g1.is_zero() {
assert_eq!(i, 4);
let g1 = G1Affine::from(g1);
assert!(g1.is_in_correct_subgroup_assuming_on_curve());
assert_eq!(g1, G1Affine::prime_subgroup_generator());
break;
}
}
i += 1;
x.add_assign(&Fq::one());
}
}

BIN
bls12_381/src/curves/tests/g1_compressed_valid_test_vectors.dat Normal file
View File

Binary file not shown.

BIN
bls12_381/src/curves/tests/g1_uncompressed_valid_test_vectors.dat Normal file
View File

Binary file not shown.

BIN
bls12_381/src/curves/tests/g2_compressed_valid_test_vectors.dat Normal file
View File

Binary file not shown.

BIN
bls12_381/src/curves/tests/g2_uncompressed_valid_test_vectors.dat Normal file
View File

Binary file not shown.

119
bls12_381/src/curves/tests/mod.rs Executable file
View File

@@ -0,0 +1,119 @@
use ark_algebra_test_templates::*;
use ark_ec::{AffineRepr, CurveGroup, Group};
use ark_ff::{fields::Field, One, UniformRand, Zero};
use ark_serialize::{CanonicalDeserialize, CanonicalSerialize, Compress, Validate};
use ark_std::{rand::Rng, test_rng, vec};
use crate::{Bls12_381, Fq, Fq2, Fr, G1Affine, G1Projective, G2Affine, G2Projective};
test_group!(g1; G1Projective; sw);
test_group!(g2; G2Projective; sw);
test_group!(pairing_output; ark_ec::pairing::PairingOutput<Bls12_381>; msm);
test_pairing!(pairing; crate::Bls12_381);
#[test]
fn test_g1_endomorphism_beta() {
assert!(crate::g1::BETA.pow(&[3u64]).is_one());
}
#[test]
fn test_g1_subgroup_membership_via_endomorphism() {
let mut rng = test_rng();
let generator = G1Projective::rand(&mut rng).into_affine();
assert!(generator.is_in_correct_subgroup_assuming_on_curve());
}
#[test]
fn test_g1_subgroup_non_membership_via_endomorphism() {
let mut rng = test_rng();
loop {
let x = Fq::rand(&mut rng);
let greatest = rng.gen();
if let Some(p) = G1Affine::get_point_from_x_unchecked(x, greatest) {
if !p.mul_bigint(Fr::characteristic()).is_zero() {
assert!(!p.is_in_correct_subgroup_assuming_on_curve());
return;
}
}
}
}
#[test]
fn test_g2_subgroup_membership_via_endomorphism() {
let mut rng = test_rng();
let generator = G2Projective::rand(&mut rng).into_affine();
assert!(generator.is_in_correct_subgroup_assuming_on_curve());
}
#[test]
fn test_g2_subgroup_non_membership_via_endomorphism() {
let mut rng = test_rng();
loop {
let x = Fq2::rand(&mut rng);
let greatest = rng.gen();
if let Some(p) = G2Affine::get_point_from_x_unchecked(x, greatest) {
if !p.mul_bigint(Fr::characteristic()).is_zero() {
assert!(!p.is_in_correct_subgroup_assuming_on_curve());
return;
}
}
}
}
// Test vectors and macro adapted from https://github.com/zkcrypto/bls12_381/blob/e224ad4ea1babfc582ccd751c2bf128611d10936/src/tests/mod.rs
macro_rules! test_vectors {
($projective:ident, $affine:ident, $compress:expr, $expected:ident) => {
let mut e = $projective::zero();
let mut v = vec![];
{
let mut expected = $expected;
for _ in 0..1000 {
let e_affine = $affine::from(e);
let mut serialized = vec![0u8; e.serialized_size($compress)];
e_affine
.serialize_with_mode(serialized.as_mut_slice(), $compress)
.unwrap();
v.extend_from_slice(&serialized[..]);
let mut decoded = serialized;
let len_of_encoding = decoded.len();
(&mut decoded[..]).copy_from_slice(&expected[0..len_of_encoding]);
expected = &expected[len_of_encoding..];
let decoded =
$affine::deserialize_with_mode(&decoded[..], $compress, Validate::Yes).unwrap();
assert_eq!(e_affine, decoded);
e += &$projective::generator();
}
}
assert_eq!(&v[..], $expected);
};
}
#[test]
fn g1_compressed_valid_test_vectors() {
let bytes: &'static [u8] = include_bytes!("g1_compressed_valid_test_vectors.dat");
test_vectors!(G1Projective, G1Affine, Compress::Yes, bytes);
}
#[test]
fn g1_uncompressed_valid_test_vectors() {
let bytes: &'static [u8] = include_bytes!("g1_uncompressed_valid_test_vectors.dat");
test_vectors!(G1Projective, G1Affine, Compress::No, bytes);
}
#[test]
fn g2_compressed_valid_test_vectors() {
let bytes: &'static [u8] = include_bytes!("g2_compressed_valid_test_vectors.dat");
test_vectors!(G2Projective, G2Affine, Compress::Yes, bytes);
}
#[test]
fn g2_uncompressed_valid_test_vectors() {
let bytes: &'static [u8] = include_bytes!("g2_uncompressed_valid_test_vectors.dat");
test_vectors!(G2Projective, G2Affine, Compress::No, bytes);
}

215
bls12_381/src/curves/util.rs Normal file
View File

@@ -0,0 +1,215 @@
use ark_ec::{short_weierstrass::Affine, AffineRepr};
use ark_ff::{BigInteger384, PrimeField};
use ark_serialize::SerializationError;
use crate::{g1::Config as G1Config, g2::Config as G2Config, Fq, Fq2, G1Affine, G2Affine};
pub const G1_SERIALIZED_SIZE: usize = 48;
pub const G2_SERIALIZED_SIZE: usize = 96;
pub struct EncodingFlags {
pub is_compressed: bool,
pub is_infinity: bool,
pub is_lexographically_largest: bool,
}
impl EncodingFlags {
pub fn get_flags(bytes: &[u8]) -> Self {
let compression_flag_set = (bytes[0] >> 7) & 1;
let infinity_flag_set = (bytes[0] >> 6) & 1;
let sort_flag_set = (bytes[0] >> 5) & 1;
Self {
is_compressed: compression_flag_set == 1,
is_infinity: infinity_flag_set == 1,
is_lexographically_largest: sort_flag_set == 1,
}
}
pub fn encode_flags(&self, bytes: &mut [u8]) {
if self.is_compressed {
bytes[0] |= 1 << 7;
}
if self.is_infinity {
bytes[0] |= 1 << 6;
}
if self.is_compressed && !self.is_infinity && self.is_lexographically_largest {
bytes[0] |= 1 << 5;
}
}
}
pub(crate) fn deserialize_fq(bytes: [u8; 48]) -> Option<Fq> {
let mut tmp = BigInteger384::new([0, 0, 0, 0, 0, 0]);
// Note: The following unwraps are if the compiler cannot convert
// the byte slice into [u8;8], we know this is infallible since we
// are providing the indices at compile time and bytes has a fixed size
tmp.0[5] = u64::from_be_bytes(<[u8; 8]>::try_from(&bytes[0..8]).unwrap());
tmp.0[4] = u64::from_be_bytes(<[u8; 8]>::try_from(&bytes[8..16]).unwrap());
tmp.0[3] = u64::from_be_bytes(<[u8; 8]>::try_from(&bytes[16..24]).unwrap());
tmp.0[2] = u64::from_be_bytes(<[u8; 8]>::try_from(&bytes[24..32]).unwrap());
tmp.0[1] = u64::from_be_bytes(<[u8; 8]>::try_from(&bytes[32..40]).unwrap());
tmp.0[0] = u64::from_be_bytes(<[u8; 8]>::try_from(&bytes[40..48]).unwrap());
Fq::from_bigint(tmp)
}
pub(crate) fn serialize_fq(field: Fq) -> [u8; 48] {
let mut result = [0u8; 48];
let rep = field.into_bigint();
result[0..8].copy_from_slice(&rep.0[5].to_be_bytes());
result[8..16].copy_from_slice(&rep.0[4].to_be_bytes());
result[16..24].copy_from_slice(&rep.0[3].to_be_bytes());
result[24..32].copy_from_slice(&rep.0[2].to_be_bytes());
result[32..40].copy_from_slice(&rep.0[1].to_be_bytes());
result[40..48].copy_from_slice(&rep.0[0].to_be_bytes());
result
}
pub(crate) fn read_fq_with_offset(
bytes: &[u8],
offset: usize,
mask: bool,
) -> Result<Fq, ark_serialize::SerializationError> {
let mut tmp = [0; G1_SERIALIZED_SIZE];
// read `G1_SERIALIZED_SIZE` bytes
tmp.copy_from_slice(&bytes[offset * G1_SERIALIZED_SIZE..G1_SERIALIZED_SIZE * (offset + 1)]);
if mask {
// Mask away the flag bits
tmp[0] &= 0b0001_1111;
}
deserialize_fq(tmp).ok_or(SerializationError::InvalidData)
}
pub(crate) fn read_g1_compressed<R: ark_serialize::Read>(
mut reader: R,
) -> Result<Affine<G1Config>, ark_serialize::SerializationError> {
let mut bytes = [0u8; G1_SERIALIZED_SIZE];
reader
.read_exact(&mut bytes)
.ok()
.ok_or(SerializationError::InvalidData)?;
// Obtain the three flags from the start of the byte sequence
let flags = EncodingFlags::get_flags(&bytes[..]);
// we expect to be deserializing a compressed point
if !flags.is_compressed {
return Err(SerializationError::UnexpectedFlags);
}
if flags.is_infinity {
return Ok(G1Affine::zero());
}
// Attempt to obtain the x-coordinate
let x = read_fq_with_offset(&bytes, 0, true)?;
let p = G1Affine::get_point_from_x_unchecked(x, flags.is_lexographically_largest)
.ok_or(SerializationError::InvalidData)?;
Ok(p)
}
pub(crate) fn read_g1_uncompressed<R: ark_serialize::Read>(
mut reader: R,
) -> Result<Affine<G1Config>, ark_serialize::SerializationError> {
let mut bytes = [0u8; 2 * G1_SERIALIZED_SIZE];
reader
.read_exact(&mut bytes)
.map_err(|_| SerializationError::InvalidData)?;
// Obtain the three flags from the start of the byte sequence
let flags = EncodingFlags::get_flags(&bytes[..]);
// we expect to be deserializing an uncompressed point
if flags.is_compressed {
return Err(SerializationError::UnexpectedFlags);
}
if flags.is_infinity {
return Ok(G1Affine::zero());
}
// Attempt to obtain the x-coordinate
let x = read_fq_with_offset(&bytes, 0, true)?;
// Attempt to obtain the y-coordinate
let y = read_fq_with_offset(&bytes, 1, false)?;
let p = G1Affine::new_unchecked(x, y);
Ok(p)
}
pub(crate) fn read_g2_compressed<R: ark_serialize::Read>(
mut reader: R,
) -> Result<Affine<G2Config>, ark_serialize::SerializationError> {
let mut bytes = [0u8; G2_SERIALIZED_SIZE];
reader
.read_exact(&mut bytes)
.map_err(|_| SerializationError::InvalidData)?;
// Obtain the three flags from the start of the byte sequence
let flags = EncodingFlags::get_flags(&bytes);
// we expect to be deserializing a compressed point
if !flags.is_compressed {
return Err(SerializationError::UnexpectedFlags);
}
if flags.is_infinity {
return Ok(G2Affine::zero());
}
// Attempt to obtain the x-coordinate
let xc1 = read_fq_with_offset(&bytes, 0, true)?;
let xc0 = read_fq_with_offset(&bytes, 1, false)?;
let x = Fq2::new(xc0, xc1);
let p = G2Affine::get_point_from_x_unchecked(x, flags.is_lexographically_largest)
.ok_or(SerializationError::InvalidData)?;
Ok(p)
}
pub(crate) fn read_g2_uncompressed<R: ark_serialize::Read>(
mut reader: R,
) -> Result<Affine<G2Config>, ark_serialize::SerializationError> {
let mut bytes = [0u8; 2 * G2_SERIALIZED_SIZE];
reader
.read_exact(&mut bytes)
.map_err(|_| SerializationError::InvalidData)?;
// Obtain the three flags from the start of the byte sequence
let flags = EncodingFlags::get_flags(&bytes);
// we expect to be deserializing an uncompressed point
if flags.is_compressed {
return Err(SerializationError::UnexpectedFlags);
}
if flags.is_infinity {
return Ok(G2Affine::zero());
}
// Attempt to obtain the x-coordinate
let xc1 = read_fq_with_offset(&bytes, 0, true)?;
let xc0 = read_fq_with_offset(&bytes, 1, false)?;
let x = Fq2::new(xc0, xc1);
// Attempt to obtain the y-coordinate
let yc1 = read_fq_with_offset(&bytes, 2, false)?;
let yc0 = read_fq_with_offset(&bytes, 3, false)?;
let y = Fq2::new(yc0, yc1);
let p = G2Affine::new_unchecked(x, y);
Ok(p)
}

119
bls12_381/src/fields/fq.rs
View File

@@ -1,112 +1,9 @@
use ark_ff::{
biginteger::BigInteger384 as BigInteger,
field_new,
fields::{FftParameters, Fp384, Fp384Parameters, FpParameters},
};
use ark_ff::fields::{Fp384, MontBackend, MontConfig};
pub type Fq = Fp384<FqParameters>;
pub struct FqParameters;
impl Fp384Parameters for FqParameters {}
impl FftParameters for FqParameters {
type BigInt = BigInteger;
const TWO_ADICITY: u32 = 1;
#[rustfmt::skip]
const TWO_ADIC_ROOT_OF_UNITY: BigInteger = BigInteger([
0x43f5fffffffcaaae,
0x32b7fff2ed47fffd,
0x7e83a49a2e99d69,
0xeca8f3318332bb7a,
0xef148d1ea0f4c069,
0x40ab3263eff0206,
]);
}
impl FpParameters for FqParameters {
/// MODULUS = 4002409555221667393417789825735904156556882819939007885332058136124031650490837864442687629129015664037894272559787
#[rustfmt::skip]
const MODULUS: BigInteger = BigInteger([
0xb9feffffffffaaab,
0x1eabfffeb153ffff,
0x6730d2a0f6b0f624,
0x64774b84f38512bf,
0x4b1ba7b6434bacd7,
0x1a0111ea397fe69a,
]);
const MODULUS_BITS: u32 = 381;
const CAPACITY: u32 = Self::MODULUS_BITS - 1;
const REPR_SHAVE_BITS: u32 = 3;
#[rustfmt::skip]
const R: BigInteger = BigInteger([
0x760900000002fffd,
0xebf4000bc40c0002,
0x5f48985753c758ba,
0x77ce585370525745,
0x5c071a97a256ec6d,
0x15f65ec3fa80e493,
]);
#[rustfmt::skip]
const R2: BigInteger = BigInteger([
0xf4df1f341c341746,
0xa76e6a609d104f1,
0x8de5476c4c95b6d5,
0x67eb88a9939d83c0,
0x9a793e85b519952d,
0x11988fe592cae3aa,
]);
const INV: u64 = 0x89f3fffcfffcfffd;
// GENERATOR = 2
#[rustfmt::skip]
const GENERATOR: BigInteger = BigInteger([
0x321300000006554f,
0xb93c0018d6c40005,
0x57605e0db0ddbb51,
0x8b256521ed1f9bcb,
0x6cf28d7901622c03,
0x11ebab9dbb81e28c,
]);
#[rustfmt::skip]
const MODULUS_MINUS_ONE_DIV_TWO: BigInteger = BigInteger([
0xdcff7fffffffd555,
0xf55ffff58a9ffff,
0xb39869507b587b12,
0xb23ba5c279c2895f,
0x258dd3db21a5d66b,
0xd0088f51cbff34d,
]);
// T and T_MINUS_ONE_DIV_TWO, where MODULUS - 1 = 2^S * T
#[rustfmt::skip]
const T: BigInteger = BigInteger([
0xdcff7fffffffd555,
0xf55ffff58a9ffff,
0xb39869507b587b12,
0xb23ba5c279c2895f,
0x258dd3db21a5d66b,
0xd0088f51cbff34d,
]);
#[rustfmt::skip]
const T_MINUS_ONE_DIV_TWO: BigInteger = BigInteger([
0xee7fbfffffffeaaa,
0x7aaffffac54ffff,
0xd9cc34a83dac3d89,
0xd91dd2e13ce144af,
0x92c6e9ed90d2eb35,
0x680447a8e5ff9a6,
]);
}
pub const FQ_ONE: Fq = field_new!(Fq, FqParameters::R);
pub const FQ_ZERO: Fq = field_new!(Fq, BigInteger([0, 0, 0, 0, 0, 0]));
#[derive(MontConfig)]
#[modulus = "4002409555221667393417789825735904156556882819939007885332058136124031650490837864442687629129015664037894272559787"]
#[generator = "2"]
#[small_subgroup_base = "3"]
#[small_subgroup_power = "2"]
pub struct FqConfig;
pub type Fq = Fp384<MontBackend<FqConfig, 6>>;

230
bls12_381/src/fields/fq12.rs
View File

@@ -1,193 +1,77 @@
use crate::*;
use ark_ff::{biginteger::BigInteger384, field_new, fields::*};
use ark_ff::{fields::*, MontFp};
pub type Fq12 = Fp12<Fq12Parameters>;
use crate::*;
pub type Fq12 = Fp12<Fq12Config>;
#[derive(Clone, Copy)]
pub struct Fq12Parameters;
pub struct Fq12Config;
impl Fp12Parameters for Fq12Parameters {
type Fp6Params = Fq6Parameters;
impl Fp12Config for Fq12Config {
type Fp6Config = Fq6Config;
const NONRESIDUE: Fq6 = field_new!(Fq6, FQ2_ZERO, FQ2_ONE, FQ2_ZERO);
const NONRESIDUE: Fq6 = Fq6::new(Fq2::ZERO, Fq2::ONE, Fq2::ZERO);
#[rustfmt::skip]
const FROBENIUS_COEFF_FP12_C1: &'static [Fq2] = &[
// Fq2(u + 1)**(((q^0) - 1) / 6)
FQ2_ONE,
// Fq2(u + 1)**(((q^1) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, BigInteger384([
0x7089552b319d465,
0xc6695f92b50a8313,
0x97e83cccd117228f,
0xa35baecab2dc29ee,
0x1ce393ea5daace4d,
0x8f2220fb0fb66eb,
])),
field_new!(Fq, BigInteger384([
0xb2f66aad4ce5d646,
0x5842a06bfc497cec,
0xcf4895d42599d394,
0xc11b9cba40a8e8d0,
0x2e3813cbe5a0de89,
0x110eefda88847faf,
])),
// Fp2::NONRESIDUE^(((q^0) - 1) / 6)
Fq2::new(
Fq::ONE,
Fq::ZERO,
),
// Fq2(u + 1)**(((q^2) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, BigInteger384([
0xecfb361b798dba3a,
0xc100ddb891865a2c,
0xec08ff1232bda8e,
0xd5c13cc6f1ca4721,
0x47222a47bf7b5c04,
0x110f184e51c5f59,
])),
FQ_ZERO,
// Fp2::NONRESIDUE^(((q^1) - 1) / 6)
Fq2::new(
MontFp!("3850754370037169011952147076051364057158807420970682438676050522613628423219637725072182697113062777891589506424760"),
MontFp!("151655185184498381465642749684540099398075398968325446656007613510403227271200139370504932015952886146304766135027"),
),
// Fq2(u + 1)**(((q^3) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, BigInteger384([
0x3e2f585da55c9ad1,
0x4294213d86c18183,
0x382844c88b623732,
0x92ad2afd19103e18,
0x1d794e4fac7cf0b9,
0xbd592fc7d825ec8,
])),
field_new!(Fq, BigInteger384([
0x7bcfa7a25aa30fda,
0xdc17dec12a927e7c,
0x2f088dd86b4ebef1,
0xd1ca2087da74d4a7,
0x2da2596696cebc1d,
0xe2b7eedbbfd87d2,
])),
// Fp2::NONRESIDUE^(((q^2) - 1) / 6)
Fq2::new(
MontFp!("793479390729215512621379701633421447060886740281060493010456487427281649075476305620758731620351"),
Fq::ZERO,
),
// Fq2(u + 1)**(((q^4) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, BigInteger384([
0x30f1361b798a64e8,
0xf3b8ddab7ece5a2a,
0x16a8ca3ac61577f7,
0xc26a2ff874fd029b,
0x3636b76660701c6e,
0x51ba4ab241b6160,
])),
FQ_ZERO,
// Fp2::NONRESIDUE^(((q^3) - 1) / 6)
Fq2::new(
MontFp!("2973677408986561043442465346520108879172042883009249989176415018091420807192182638567116318576472649347015917690530"),
MontFp!("1028732146235106349975324479215795277384839936929757896155643118032610843298655225875571310552543014690878354869257"),
),
// Fq2(u + 1)**(((q^5) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, BigInteger384([
0x3726c30af242c66c,
0x7c2ac1aad1b6fe70,
0xa04007fbba4b14a2,
0xef517c3266341429,
0x95ba654ed2226b,
0x2e370eccc86f7dd,
])),
field_new!(Fq, BigInteger384([
0x82d83cf50dbce43f,
0xa2813e53df9d018f,
0xc6f0caa53c65e181,
0x7525cf528d50fe95,
0x4a85ed50f4798a6b,
0x171da0fd6cf8eebd,
])),
// Fp2::NONRESIDUE^(((q^4) - 1) / 6)
Fq2::new(
MontFp!("793479390729215512621379701633421447060886740281060493010456487427281649075476305620758731620350"),
Fq::ZERO,
),
// Fq2(u + 1)**(((q^6) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, BigInteger384([
0x43f5fffffffcaaae,
0x32b7fff2ed47fffd,
0x7e83a49a2e99d69,
0xeca8f3318332bb7a,
0xef148d1ea0f4c069,
0x40ab3263eff0206,
])),
FQ_ZERO,
// Fp2::NONRESIDUE^(((q^5) - 1) / 6)
Fq2::new(
MontFp!("3125332594171059424908108096204648978570118281977575435832422631601824034463382777937621250592425535493320683825557"),
MontFp!("877076961050607968509681729531255177986764537961432449499635504522207616027455086505066378536590128544573588734230"),
),
// Fq2(u + 1)**(((q^7) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, BigInteger384([
0xb2f66aad4ce5d646,
0x5842a06bfc497cec,
0xcf4895d42599d394,
0xc11b9cba40a8e8d0,
0x2e3813cbe5a0de89,
0x110eefda88847faf,
])),
field_new!(Fq, BigInteger384([
0x7089552b319d465,
0xc6695f92b50a8313,
0x97e83cccd117228f,
0xa35baecab2dc29ee,
0x1ce393ea5daace4d,
0x8f2220fb0fb66eb,
])),
// Fp2::NONRESIDUE^(((q^6) - 1) / 6)
Fq2::new(
MontFp!("-1"),
Fq::ZERO,
),
// Fq2(u + 1)**(((q^8) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, BigInteger384([
0xcd03c9e48671f071,
0x5dab22461fcda5d2,
0x587042afd3851b95,
0x8eb60ebe01bacb9e,
0x3f97d6e83d050d2,
0x18f0206554638741,
])),
FQ_ZERO,
// Fp2::NONRESIDUE^(((q^7) - 1) / 6)
Fq2::new(
MontFp!("151655185184498381465642749684540099398075398968325446656007613510403227271200139370504932015952886146304766135027"),
MontFp!("3850754370037169011952147076051364057158807420970682438676050522613628423219637725072182697113062777891589506424760"),
),
// Fq2(u + 1)**(((q^9) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, BigInteger384([
0x7bcfa7a25aa30fda,
0xdc17dec12a927e7c,
0x2f088dd86b4ebef1,
0xd1ca2087da74d4a7,
0x2da2596696cebc1d,
0xe2b7eedbbfd87d2,
])),
field_new!(Fq, BigInteger384([
0x3e2f585da55c9ad1,
0x4294213d86c18183,
0x382844c88b623732,
0x92ad2afd19103e18,
0x1d794e4fac7cf0b9,
0xbd592fc7d825ec8,
])),
// Fp2::NONRESIDUE^(((q^8) - 1) / 6)
Fq2::new(
MontFp!("4002409555221667392624310435006688643935503118305586438271171395842971157480381377015405980053539358417135540939436"),
Fq::ZERO,
),
// Fq2(u + 1)**(((q^10) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, BigInteger384([
0x890dc9e4867545c3,
0x2af322533285a5d5,
0x50880866309b7e2c,
0xa20d1b8c7e881024,
0x14e4f04fe2db9068,
0x14e56d3f1564853a,
])),
FQ_ZERO,
// Fp2::NONRESIDUE^(((q^9) - 1) / 6)
Fq2::new(
MontFp!("1028732146235106349975324479215795277384839936929757896155643118032610843298655225875571310552543014690878354869257"),
MontFp!("2973677408986561043442465346520108879172042883009249989176415018091420807192182638567116318576472649347015917690530"),
),
// Fq2(u + 1)**(((q^11) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, BigInteger384([
0x82d83cf50dbce43f,
0xa2813e53df9d018f,
0xc6f0caa53c65e181,
0x7525cf528d50fe95,
0x4a85ed50f4798a6b,
0x171da0fd6cf8eebd,
])),
field_new!(Fq, BigInteger384([
0x3726c30af242c66c,
0x7c2ac1aad1b6fe70,
0xa04007fbba4b14a2,
0xef517c3266341429,
0x95ba654ed2226b,
0x2e370eccc86f7dd,
])),
// Fp2::NONRESIDUE^(((q^10) - 1) / 6)
Fq2::new(
MontFp!("4002409555221667392624310435006688643935503118305586438271171395842971157480381377015405980053539358417135540939437"),
Fq::ZERO,
),
// Fp2::NONRESIDUE^(((q^11) - 1) / 6)
Fq2::new(
MontFp!("877076961050607968509681729531255177986764537961432449499635504522207616027455086505066378536590128544573588734230"),
MontFp!("3125332594171059424908108096204648978570118281977575435832422631601824034463382777937621250592425535493320683825557"),
),
];
}

81
bls12_381/src/fields/fq2.rs
View File

@@ -1,73 +1,42 @@
use ark_ff::{fields::*, MontFp};
use crate::*;
use ark_ff::{biginteger::BigInteger384 as BigInteger, field_new, fields::*};
pub type Fq2 = Fp2<Fq2Parameters>;
pub type Fq2 = Fp2<Fq2Config>;
pub struct Fq2Parameters;
pub struct Fq2Config;
impl Fp2Parameters for Fq2Parameters {
impl Fp2Config for Fq2Config {
type Fp = Fq;
/// NONRESIDUE = -1
#[rustfmt::skip]
const NONRESIDUE: Fq = field_new!(Fq, BigInteger([
0x43f5fffffffcaaae,
0x32b7fff2ed47fffd,
0x7e83a49a2e99d69,
0xeca8f3318332bb7a,
0xef148d1ea0f4c069,
0x40ab3263eff0206,
]));
/// QUADRATIC_NONRESIDUE = (U + 1)
#[rustfmt::skip]
const QUADRATIC_NONRESIDUE: (Fq, Fq) = (
field_new!(Fq, BigInteger([
0x760900000002fffd,
0xebf4000bc40c0002,
0x5f48985753c758ba,
0x77ce585370525745,
0x5c071a97a256ec6d,
0x15f65ec3fa80e493,
])),
field_new!(Fq, BigInteger([
0x760900000002fffd,
0xebf4000bc40c0002,
0x5f48985753c758ba,
0x77ce585370525745,
0x5c071a97a256ec6d,
0x15f65ec3fa80e493,
])),
);
const NONRESIDUE: Fq = MontFp!("-1");
/// Coefficients for the Frobenius automorphism.
#[rustfmt::skip]
const FROBENIUS_COEFF_FP2_C1: &'static [Fq] = &[
// Fq(-1)**(((q^0) - 1) / 2)
field_new!(Fq, BigInteger([
0x760900000002fffd,
0xebf4000bc40c0002,
0x5f48985753c758ba,
0x77ce585370525745,
0x5c071a97a256ec6d,
0x15f65ec3fa80e493,
])),
Fq::ONE,
// Fq(-1)**(((q^1) - 1) / 2)
field_new!(Fq, BigInteger([
0x43f5fffffffcaaae,
0x32b7fff2ed47fffd,
0x7e83a49a2e99d69,
0xeca8f3318332bb7a,
0xef148d1ea0f4c069,
0x40ab3263eff0206,
])),
MontFp!("-1"),
];
#[inline(always)]
fn mul_fp_by_nonresidue(fp: &Self::Fp) -> Self::Fp {
-(*fp)
fn mul_fp_by_nonresidue_in_place(fp: &mut Self::Fp) -> &mut Self::Fp {
fp.neg_in_place()
}
#[inline(always)]
fn sub_and_mul_fp_by_nonresidue(y: &mut Self::Fp, x: &Self::Fp) {
*y += x;
}
#[inline(always)]
fn mul_fp_by_nonresidue_plus_one_and_add(y: &mut Self::Fp, x: &Self::Fp) {
*y = *x;
}
fn mul_fp_by_nonresidue_and_add(y: &mut Self::Fp, x: &Self::Fp) {
y.neg_in_place();
*y += x;
}
}
pub const FQ2_ZERO: Fq2 = field_new!(Fq2, FQ_ZERO, FQ_ZERO);
pub const FQ2_ONE: Fq2 = field_new!(Fq2, FQ_ONE, FQ_ZERO);

215
bls12_381/src/fields/fq6.rs
View File

@@ -1,194 +1,91 @@
use crate::*;
use ark_ff::{biginteger::BigInteger384, field_new, fields::*};
use ark_ff::{fields::*, MontFp};
pub type Fq6 = Fp6<Fq6Parameters>;
use crate::*;
pub type Fq6 = Fp6<Fq6Config>;
#[derive(Clone, Copy)]
pub struct Fq6Parameters;
pub struct Fq6Config;
impl Fp6Parameters for Fq6Parameters {
type Fp2Params = Fq2Parameters;
impl Fp6Config for Fq6Config {
type Fp2Config = Fq2Config;
/// NONRESIDUE = (U + 1)
#[rustfmt::skip]
const NONRESIDUE: Fq2 = field_new!(Fq2,
field_new!(Fq, BigInteger384([
0x760900000002fffd,
0xebf4000bc40c0002,
0x5f48985753c758ba,
0x77ce585370525745,
0x5c071a97a256ec6d,
0x15f65ec3fa80e493,
])),
field_new!(Fq, BigInteger384([
0x760900000002fffd,
0xebf4000bc40c0002,
0x5f48985753c758ba,
0x77ce585370525745,
0x5c071a97a256ec6d,
0x15f65ec3fa80e493,
])),
);
const NONRESIDUE: Fq2 = Fq2::new(Fq::ONE, Fq::ONE);
#[rustfmt::skip]
const FROBENIUS_COEFF_FP6_C1: &'static [Fq2] = &[
// Fq2(u + 1)**(((q^0) - 1) / 3)
field_new!(Fq2,
field_new!(Fq, BigInteger384([
0x760900000002fffd,
0xebf4000bc40c0002,
0x5f48985753c758ba,
0x77ce585370525745,
0x5c071a97a256ec6d,
0x15f65ec3fa80e493,
])),
field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])),
// Fp2::NONRESIDUE^(((q^0) - 1) / 3)
Fq2::new(
Fq::ONE,
Fq::ZERO,
),
// Fq2(u + 1)**(((q^1) - 1) / 3)
field_new!(Fq2,
field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])),
field_new!(Fq, BigInteger384([
0xcd03c9e48671f071,
0x5dab22461fcda5d2,
0x587042afd3851b95,
0x8eb60ebe01bacb9e,
0x3f97d6e83d050d2,
0x18f0206554638741,
])),
// Fp2::NONRESIDUE^(((q^1) - 1) / 3)
Fq2::new(
Fq::ZERO,
MontFp!("4002409555221667392624310435006688643935503118305586438271171395842971157480381377015405980053539358417135540939436"),
),
// Fq2(u + 1)**(((q^2) - 1) / 3)
field_new!(Fq2,
field_new!(Fq, BigInteger384([
0x30f1361b798a64e8,
0xf3b8ddab7ece5a2a,
0x16a8ca3ac61577f7,
0xc26a2ff874fd029b,
0x3636b76660701c6e,
0x51ba4ab241b6160,
])),
field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])),
// Fp2::NONRESIDUE^(((q^2) - 1) / 3)
Fq2::new(
MontFp!("793479390729215512621379701633421447060886740281060493010456487427281649075476305620758731620350"),
Fq::ZERO,
),
// Fq2(u + 1)**(((q^3) - 1) / 3)
field_new!(Fq2,
field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])),
field_new!(Fq, BigInteger384([
0x760900000002fffd,
0xebf4000bc40c0002,
0x5f48985753c758ba,
0x77ce585370525745,
0x5c071a97a256ec6d,
0x15f65ec3fa80e493,
])),
// Fp2::NONRESIDUE^(((q^3) - 1) / 3)
Fq2::new(
Fq::ZERO,
Fq::ONE,
),
// Fq2(u + 1)**(((q^4) - 1) / 3)
field_new!(Fq2,
field_new!(Fq, BigInteger384([
0xcd03c9e48671f071,
0x5dab22461fcda5d2,
0x587042afd3851b95,
0x8eb60ebe01bacb9e,
0x3f97d6e83d050d2,
0x18f0206554638741,
])),
field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])),
// Fp2::NONRESIDUE^(((q^4) - 1) / 3)
Fq2::new(
MontFp!("4002409555221667392624310435006688643935503118305586438271171395842971157480381377015405980053539358417135540939436"),
Fq::ZERO,
),
// Fq2(u + 1)**(((q^5) - 1) / 3)
field_new!(Fq2,
field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])),
field_new!(Fq, BigInteger384([
0x30f1361b798a64e8,
0xf3b8ddab7ece5a2a,
0x16a8ca3ac61577f7,
0xc26a2ff874fd029b,
0x3636b76660701c6e,
0x51ba4ab241b6160,
])),
// Fp2::NONRESIDUE^(((q^5) - 1) / 3)
Fq2::new(
Fq::ZERO,
MontFp!("793479390729215512621379701633421447060886740281060493010456487427281649075476305620758731620350"),
),
];
];
#[rustfmt::skip]
const FROBENIUS_COEFF_FP6_C2: &'static [Fq2] = &[
// Fq2(u + 1)**(((2q^0) - 2) / 3)
field_new!(Fq2,
field_new!(Fq, BigInteger384([
0x760900000002fffd,
0xebf4000bc40c0002,
0x5f48985753c758ba,
0x77ce585370525745,
0x5c071a97a256ec6d,
0x15f65ec3fa80e493,
])),
field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])),
Fq2::new(
Fq::ONE,
Fq::ZERO,
),
// Fq2(u + 1)**(((2q^1) - 2) / 3)
field_new!(Fq2,
field_new!(Fq, BigInteger384([
0x890dc9e4867545c3,
0x2af322533285a5d5,
0x50880866309b7e2c,
0xa20d1b8c7e881024,
0x14e4f04fe2db9068,
0x14e56d3f1564853a,
])),
field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])),
Fq2::new(
MontFp!("4002409555221667392624310435006688643935503118305586438271171395842971157480381377015405980053539358417135540939437"),
Fq::ZERO,
),
// Fq2(u + 1)**(((2q^2) - 2) / 3)
field_new!(Fq2,
field_new!(Fq, BigInteger384([
0xcd03c9e48671f071,
0x5dab22461fcda5d2,
0x587042afd3851b95,
0x8eb60ebe01bacb9e,
0x3f97d6e83d050d2,
0x18f0206554638741,
])),
field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])),
Fq2::new(
MontFp!("4002409555221667392624310435006688643935503118305586438271171395842971157480381377015405980053539358417135540939436"),
Fq::ZERO,
),
// Fq2(u + 1)**(((2q^3) - 2) / 3)
field_new!(Fq2,
field_new!(Fq, BigInteger384([
0x43f5fffffffcaaae,
0x32b7fff2ed47fffd,
0x7e83a49a2e99d69,
0xeca8f3318332bb7a,
0xef148d1ea0f4c069,
0x40ab3263eff0206,
])),
field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])),
Fq2::new(
MontFp!("-1"),
Fq::ZERO,
),
// Fq2(u + 1)**(((2q^4) - 2) / 3)
field_new!(Fq2,
field_new!(Fq, BigInteger384([
0x30f1361b798a64e8,
0xf3b8ddab7ece5a2a,
0x16a8ca3ac61577f7,
0xc26a2ff874fd029b,
0x3636b76660701c6e,
0x51ba4ab241b6160,
])),
field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])),
Fq2::new(
MontFp!("793479390729215512621379701633421447060886740281060493010456487427281649075476305620758731620350"),
Fq::ZERO,
),
// Fq2(u + 1)**(((2q^5) - 2) / 3)
field_new!(Fq2,
field_new!(Fq, BigInteger384([
0xecfb361b798dba3a,
0xc100ddb891865a2c,
0xec08ff1232bda8e,
0xd5c13cc6f1ca4721,
0x47222a47bf7b5c04,
0x110f184e51c5f59,
])),
field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])),
Fq2::new(
MontFp!("793479390729215512621379701633421447060886740281060493010456487427281649075476305620758731620351"),
Fq::ZERO,
),
];
/// Multiply this element by the quadratic nonresidue 1 + u.
/// Make this generic.
fn mul_fp2_by_nonresidue(fe: &Fq2) -> Fq2 {
let mut copy = *fe;
let t0 = copy.c0;
copy.c0 -= &fe.c1;
copy.c1 += &t0;
copy
fn mul_fp2_by_nonresidue_in_place(fe: &mut Fq2) -> &mut Fq2 {
let t0 = fe.c0;
fe.c0 -= &fe.c1;
fe.c1 += &t0;
fe
}
}

103
bls12_381/src/fields/fr.rs
View File

@@ -1,96 +1,9 @@
use ark_ff::{
biginteger::BigInteger256 as BigInteger,
fields::{FftParameters, Fp256, Fp256Parameters, FpParameters},
};
use ark_ff::fields::{Fp256, MontBackend, MontConfig};
pub type Fr = Fp256<FrParameters>;
pub struct FrParameters;
impl Fp256Parameters for FrParameters {}
impl FftParameters for FrParameters {
type BigInt = BigInteger;
const TWO_ADICITY: u32 = 32;
#[rustfmt::skip]
const TWO_ADIC_ROOT_OF_UNITY: BigInteger = BigInteger([
0xb9b58d8c5f0e466a,
0x5b1b4c801819d7ec,
0xaf53ae352a31e64,
0x5bf3adda19e9b27b,
]);
}
impl FpParameters for FrParameters {
/// MODULUS = 52435875175126190479447740508185965837690552500527637822603658699938581184513
#[rustfmt::skip]
const MODULUS: BigInteger = BigInteger([
0xffffffff00000001,
0x53bda402fffe5bfe,
0x3339d80809a1d805,
0x73eda753299d7d48,
]);
const MODULUS_BITS: u32 = 255;
const CAPACITY: u32 = Self::MODULUS_BITS - 1;
const REPR_SHAVE_BITS: u32 = 1;
#[rustfmt::skip]
const R: BigInteger = BigInteger([
0x1fffffffe,
0x5884b7fa00034802,
0x998c4fefecbc4ff5,
0x1824b159acc5056f,
]);
#[rustfmt::skip]
const R2: BigInteger = BigInteger([
0xc999e990f3f29c6d,
0x2b6cedcb87925c23,
0x5d314967254398f,
0x748d9d99f59ff11,
]);
const INV: u64 = 0xfffffffeffffffff;
//
#[rustfmt::skip]
const GENERATOR: BigInteger = BigInteger([
0xefffffff1,
0x17e363d300189c0f,
0xff9c57876f8457b0,
0x351332208fc5a8c4,
]);
#[rustfmt::skip]
const MODULUS_MINUS_ONE_DIV_TWO: BigInteger = BigInteger([
0x7fffffff80000000,
0xa9ded2017fff2dff,
0x199cec0404d0ec02,
0x39f6d3a994cebea4,
]);
// T and T_MINUS_ONE_DIV_TWO, where MODULUS - 1 = 2^S * T
// T = (MODULUS - 1) / 2^S =
// 12208678567578594777604504606729831043093128246378069236549469339647
#[rustfmt::skip]
const T: BigInteger = BigInteger([
0xfffe5bfeffffffff,
0x9a1d80553bda402,
0x299d7d483339d808,
0x73eda753,
]);
// (T - 1) / 2 =
// 6104339283789297388802252303364915521546564123189034618274734669823
#[rustfmt::skip]
const T_MINUS_ONE_DIV_TWO: BigInteger = BigInteger([
0x7fff2dff7fffffff,
0x4d0ec02a9ded201,
0x94cebea4199cec04,
0x39f6d3a9,
]);
}
#[derive(MontConfig)]
#[modulus = "52435875175126190479447740508185965837690552500527637822603658699938581184513"]
#[generator = "7"]
#[small_subgroup_base = "3"]
#[small_subgroup_power = "1"]
pub struct FrConfig;
pub type Fr = Fp256<MontBackend<FrConfig, 4>>;

2
bls12_381/src/fields/mod.rs
View File

@@ -23,5 +23,5 @@ pub mod fq12;
#[cfg(feature = "curve")]
pub use self::fq12::*;
#[cfg(all(feature = "curve", feature = "std", test))]
#[cfg(all(feature = "curve", test))]
mod tests;

873
bls12_381/src/fields/tests.rs
View File

File diff suppressed because it is too large Load Diff

11
bls12_381/src/lib.rs Normal file → Executable file
View File

@@ -9,15 +9,16 @@
#![forbid(unsafe_code)]
//! This library implements the BLS12_381 curve generated by [Sean Bowe](https://electriccoin.co/blog/new-snark-curve/).
//! The name denotes that it is a Barreto--Lynn--Scott curve of embedding degree 12,
//! defined over a 381-bit (prime) field.
//! This curve was intended to replace the BN254 curve to provide a higher security
//! level without incurring a large performance overhead.
//! The name denotes that it is a Barreto--Lynn--Scott curve of embedding degree
//! 12, defined over a 381-bit (prime) field.
//! This curve was intended to replace the BN254 curve to provide a higher
//! security level without incurring a large performance overhead.
//!
//!
//! Curve information:
//! * Base field: q = 4002409555221667393417789825735904156556882819939007885332058136124031650490837864442687629129015664037894272559787
//! * Scalar field: r = 52435875175126190479447740508185965837690552500527637822603658699938581184513
//! * Scalar field: r =
//! 52435875175126190479447740508185965837690552500527637822603658699938581184513
//! * valuation(q - 1, 2) = 1
//! * valuation(r - 1, 2) = 32
//! * G1 curve equation: y^2 = x^3 + 4

30
bn254/Cargo.toml
View File

@@ -1,31 +1,37 @@
[package]
name = "ark-bn254"
version = "0.1.0"
version = "0.4.0"
authors = [ "arkworks contributors" ]
description = "The BN254 pairing-friendly elliptic curve"
homepage = "https://arworks.rs"
repository = "https://github.com/arkworks/algebra"
homepage = "https://arkworks.rs"
repository = "https://github.com/arkworks-rs/curves"
documentation = "https://docs.rs/ark-bn254/"
keywords = ["cryptography", "finite fields", "elliptic curves" ]
keywords = ["cryptography", "finite-fields", "elliptic-curves" ]
categories = ["cryptography"]
include = ["Cargo.toml", "src", "README.md", "LICENSE-APACHE", "LICENSE-MIT"]
license = "MIT/Apache-2.0"
edition = "2018"
edition = "2021"
[dependencies]
ark-ff = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-ec = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-std = { git = "https://github.com/arkworks-rs/utils", default-features = false }
ark-ff = { version="0.4.0-alpha", default-features = false }
ark-ec = { version="0.4.0-alpha", default-features = false }
ark-std = { version = "0.4.0-alpha", default-features = false }
ark-r1cs-std = { version = "0.4.0-alpha", default-features = false, optional = true }
[dev-dependencies]
ark-serialize = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-curve-tests = { path = "../curve-tests", default-features = false }
rand = { version = "0.7", default-features = false }
rand_xorshift = "0.2"
ark-serialize = { version = "0.4.0-alpha", default-features = false }
ark-algebra-test-templates = { version = "0.4.0-alpha", default-features = false }
ark-algebra-bench-templates = { version = "0.4.0-alpha", default-features = false }
[features]
default = [ "curve" ]
std = [ "ark-std/std", "ark-ff/std", "ark-ec/std" ]
r1cs = [ "ark-r1cs-std" ]
curve = [ "scalar_field" ]
scalar_field = []
[[bench]]
name = "bn254"
path = "benches/bn254.rs"
harness = false

13
bn254/benches/bn254.rs Normal file
View File

@@ -0,0 +1,13 @@
use ark_algebra_bench_templates::*;
use ark_bn254::{fq::Fq, fq2::Fq2, fr::Fr, Bn254, Fq12, G1Projective as G1, G2Projective as G2};
bench!(
Name = "BN254",
Pairing = Bn254,
G1 = G1,
G2 = G2,
ScalarField = Fr,
G1BaseField = Fq,
G2BaseField = Fq2,
TargetField = Fq12,
);

28
bn254/scripts/base_field.sage Normal file
View File

@@ -0,0 +1,28 @@
modulus = 21888242871839275222246405745257275088696311157297823662689037894645226208583
assert(modulus.is_prime())
Fp = GF(modulus)
generator = Fp(0);
for i in range(0, 20):
i = Fp(i);
neg_i = Fp(-i)
if not(i.is_primitive_root() or neg_i.is_primitive_root()):
continue
elif i.is_primitive_root():
assert(i.is_primitive_root());
print("Generator: %d" % i)
generator = i
break
else:
assert(neg_i.is_primitive_root());
print("Generator: %d" % neg_i)
generator = neg_i
break
two_adicity = valuation(modulus - 1, 2);
trace = (modulus - 1) / 2**two_adicity;
two_adic_root_of_unity = generator^trace
print("2-adic Root of Unity: %d " % two_adic_root_of_unity)

28
bn254/scripts/scalar_field.sage Normal file
View File

@@ -0,0 +1,28 @@
modulus = 21888242871839275222246405745257275088548364400416034343698204186575808495617
assert(modulus.is_prime())
Fp = GF(modulus)
generator = Fp(0);
for i in range(0, 20):
i = Fp(i);
neg_i = Fp(-i)
if not(i.is_primitive_root() or neg_i.is_primitive_root()):
continue
elif i.is_primitive_root():
assert(i.is_primitive_root());
print("Generator: %d" % i)
generator = i
break
else:
assert(neg_i.is_primitive_root());
print("Generator: %d" % neg_i)
generator = neg_i
break
two_adicity = valuation(modulus - 1, 2);
trace = (modulus - 1) / 2**two_adicity;
two_adic_root_of_unity = generator^trace
print("2-adic Root of Unity: %d " % two_adic_root_of_unity)

11
bn254/src/constraints/curves.rs Normal file
View File

@@ -0,0 +1,11 @@
use ark_r1cs_std::groups::curves::short_weierstrass::ProjectiveVar;
use crate::{constraints::FBaseVar, g1::Config};
/// A group element in the Bn254 prime-order group.
pub type GVar = ProjectiveVar<Config, FBaseVar>;
#[test]
fn test() {
ark_curve_constraint_tests::curves::sw_test::<Config, GVar>().unwrap();
}

11
bn254/src/constraints/fields.rs Normal file
View File

@@ -0,0 +1,11 @@
use ark_r1cs_std::fields::fp::FpVar;
use crate::fq::Fq;
/// A variable that is the R1CS equivalent of `crate::Fq`.
pub type FBaseVar = FpVar<Fq>;
#[test]
fn test() {
ark_curve_constraint_tests::fields::field_test::<_, _, FBaseVar>().unwrap();
}

107
bn254/src/constraints/mod.rs Normal file
View File

@@ -0,0 +1,107 @@
//! This module implements the R1CS equivalent of `ark_bn254`.
//!
//! It implements field variables for `crate::Fq`,
//! and group variables for `crate::G1Projective`.
//!
//! The field underlying these constraints is `crate::Fq`.
//!
//! # Examples
//!
//! One can perform standard algebraic operations on `FBaseVar`:
//!
//! ```
//! # fn main() -> Result<(), ark_relations::r1cs::SynthesisError> {
//! use ark_std::UniformRand;
//! use ark_relations::r1cs::*;
//! use ark_r1cs_std::prelude::*;
//! use ark_bn254::{*, constraints::*};
//!
//! let cs = ConstraintSystem::<Fq>::new_ref();
//! // This rng is just for test purposes; do not use it
//! // in real applications.
//! let mut rng = ark_std::test_rng();
//!
//! // Generate some random `Fq` elements.
//! let a_native = Fq::rand(&mut rng);
//! let b_native = Fq::rand(&mut rng);
//!
//! // Allocate `a_native` and `b_native` as witness variables in `cs`.
//! let a = FBaseVar::new_witness(ark_relations::ns!(cs, "generate_a"), || Ok(a_native))?;
//! let b = FBaseVar::new_witness(ark_relations::ns!(cs, "generate_b"), || Ok(b_native))?;
//!
//! // Allocate `a_native` and `b_native` as constants in `cs`. This does not add any
//! // constraints or variables.
//! let a_const = FBaseVar::new_constant(ark_relations::ns!(cs, "a_as_constant"), a_native)?;
//! let b_const = FBaseVar::new_constant(ark_relations::ns!(cs, "b_as_constant"), b_native)?;
//!
//! let one = FBaseVar::one();
//! let zero = FBaseVar::zero();
//!
//! // Sanity check one + one = two
//! let two = &one + &one + &zero;
//! two.enforce_equal(&one.double()?)?;
//!
//! assert!(cs.is_satisfied()?);
//!
//! // Check that the value of &a + &b is correct.
//! assert_eq!((&a + &b).value()?, a_native + &b_native);
//!
//! // Check that the value of &a * &b is correct.
//! assert_eq!((&a * &b).value()?, a_native * &b_native);
//!
//! // Check that operations on variables and constants are equivalent.
//! (&a + &b).enforce_equal(&(&a_const + &b_const))?;
//! assert!(cs.is_satisfied()?);
//! # Ok(())
//! # }
//! ```
//!
//! One can also perform standard algebraic operations on `GVar`:
//!
//! ```
//! # fn main() -> Result<(), ark_relations::r1cs::SynthesisError> {
//! # use ark_std::UniformRand;
//! # use ark_relations::r1cs::*;
//! # use ark_r1cs_std::prelude::*;
//! # use ark_bn254::{*, constraints::*};
//!
//! # let cs = ConstraintSystem::<Fq>::new_ref();
//! # let mut rng = ark_std::test_rng();
//!
//! // Generate some random `G1Projective` elements.
//! let a_native = G1Projective::rand(&mut rng);
//! let b_native = G1Projective::rand(&mut rng);
//!
//! // Allocate `a_native` and `b_native` as witness variables in `cs`.
//! let a = GVar::new_witness(ark_relations::ns!(cs, "a"), || Ok(a_native))?;
//! let b = GVar::new_witness(ark_relations::ns!(cs, "b"), || Ok(b_native))?;
//!
//! // Allocate `a_native` and `b_native` as constants in `cs`. This does not add any
//! // constraints or variables.
//! let a_const = GVar::new_constant(ark_relations::ns!(cs, "a_as_constant"), a_native)?;
//! let b_const = GVar::new_constant(ark_relations::ns!(cs, "b_as_constant"), b_native)?;
//!
//! // This returns the identity.
//! let zero = GVar::zero();
//!
//! // Sanity check one + one = two
//! let two_a = &a + &a + &zero;
//! two_a.enforce_equal(&a.double()?)?;
//!
//! assert!(cs.is_satisfied()?);
//!
//! // Check that the value of &a + &b is correct.
//! assert_eq!((&a + &b).value()?, a_native + &b_native);
//!
//! // Check that operations on variables and constants are equivalent.
//! (&a + &b).enforce_equal(&(&a_const + &b_const))?;
//! assert!(cs.is_satisfied()?);
//! # Ok(())
//! # }
//! ```
mod curves;
mod fields;
pub use curves::*;
pub use fields::*;

70
bn254/src/curves/g1.rs
View File

@@ -1,67 +1,45 @@
use ark_ec::models::{ModelParameters, SWModelParameters};
use ark_ff::{biginteger::BigInteger256, field_new, Zero};
use ark_ec::{
models::{short_weierstrass::SWCurveConfig, CurveConfig},
short_weierstrass::Affine,
};
use ark_ff::{Field, MontFp, Zero};
use crate::{Fq, Fr};
#[derive(Clone, Default, PartialEq, Eq)]
pub struct Parameters;
pub struct Config;
impl ModelParameters for Parameters {
pub type G1Affine = Affine<Config>;
impl CurveConfig for Config {
type BaseField = Fq;
type ScalarField = Fr;
}
impl SWModelParameters for Parameters {
/// COEFF_A = 0
const COEFF_A: Fq = field_new!(Fq, BigInteger256([0x0, 0x0, 0x0, 0x0]));
/// COEFF_B = 3
#[rustfmt::skip]
const COEFF_B: Fq = field_new!(Fq, BigInteger256([
0x7a17caa950ad28d7,
0x1f6ac17ae15521b9,
0x334bea4e696bd284,
0x2a1f6744ce179d8e,
]));
/// COFACTOR = 1
const COFACTOR: &'static [u64] = &[0x1];
/// COFACTOR_INV = COFACTOR^{-1} mod r = 1
#[rustfmt::skip]
const COFACTOR_INV: Fr = field_new!(Fr, BigInteger256([
0xac96341c4ffffffb,
0x36fc76959f60cd29,
0x666ea36f7879462e,
0xe0a77c19a07df2f,
]));
const COFACTOR_INV: Fr = Fr::ONE;
}
impl SWCurveConfig for Config {
/// COEFF_A = 0
const COEFF_A: Fq = Fq::ZERO;
/// COEFF_B = 3
const COEFF_B: Fq = MontFp!("3");
/// AFFINE_GENERATOR_COEFFS = (G1_GENERATOR_X, G1_GENERATOR_Y)
const AFFINE_GENERATOR_COEFFS: (Self::BaseField, Self::BaseField) =
(G1_GENERATOR_X, G1_GENERATOR_Y);
const GENERATOR: G1Affine = G1Affine::new_unchecked(G1_GENERATOR_X, G1_GENERATOR_Y);
#[inline(always)]
fn mul_by_a(_: &Self::BaseField) -> Self::BaseField {
fn mul_by_a(_: Self::BaseField) -> Self::BaseField {
Self::BaseField::zero()
}
}
/// G1_GENERATOR_X =
/// 1
#[rustfmt::skip]
pub const G1_GENERATOR_X: Fq = field_new!(Fq, BigInteger256([
0xd35d438dc58f0d9d,
0x0a78eb28f5c70b3d,
0x666ea36f7879462c,
0x0e0a77c19a07df2f,
]));
/// G1_GENERATOR_X = 1
pub const G1_GENERATOR_X: Fq = Fq::ONE;
/// G1_GENERATOR_Y =
/// 2
#[rustfmt::skip]
pub const G1_GENERATOR_Y: Fq = field_new!(Fq, BigInteger256([
0xa6ba871b8b1e1b3a,
0x14f1d651eb8e167b,
0xccdd46def0f28c58,
0x1c14ef83340fbe5e,
]));
/// G1_GENERATOR_Y = 2
pub const G1_GENERATOR_Y: Fq = MontFp!("2");

112
bn254/src/curves/g2.rs
View File

@@ -1,44 +1,22 @@
use ark_ec::models::{ModelParameters, SWModelParameters};
use ark_ff::{biginteger::BigInteger256, field_new, Zero};
use ark_ec::{
models::{short_weierstrass::SWCurveConfig, CurveConfig},
short_weierstrass::Affine,
};
use ark_ff::{Field, MontFp, Zero};
use crate::{g1, Fq, Fq2, Fr};
use crate::{Fq, Fq2, Fr};
pub type G2Affine = Affine<Config>;
#[derive(Clone, Default, PartialEq, Eq)]
pub struct Parameters;
pub struct Config;
impl ModelParameters for Parameters {
impl CurveConfig for Config {
type BaseField = Fq2;
type ScalarField = Fr;
}
impl SWModelParameters for Parameters {
/// COEFF_A = [0, 0]
#[rustfmt::skip]
const COEFF_A: Fq2 = field_new!(Fq2,
g1::Parameters::COEFF_A,
g1::Parameters::COEFF_A,
);
/// COEFF_B = 3/(u+9)
/// = (19485874751759354771024239261021720505790618469301721065564631296452457478373, 266929791119991161246907387137283842545076965332900288569378510910307636690)
#[rustfmt::skip]
const COEFF_B: Fq2 = field_new!(Fq2,
field_new!(Fq, BigInteger256([
0x3bf938e377b802a8,
0x020b1b273633535d,
0x26b7edf049755260,
0x2514c6324384a86d,
])),
field_new!(Fq, BigInteger256([
0x38e7ecccd1dcff67,
0x65f0b37d93ce0d3e,
0xd749d0dd22ac00aa,
0x0141b9ce4a688d4d,
])),
);
/// COFACTOR = (36 * X^4) + (36 * X^3) + (30 * X^2) + 6*X + 1
/// = 21888242871839275222246405745257275088844257914179612981679871602714643921549
/// 21888242871839275222246405745257275088844257914179612981679871602714643921549
#[rustfmt::skip]
const COFACTOR: &'static [u64] = &[
0x345f2299c0f9fa8d,
@@ -48,65 +26,49 @@ impl SWModelParameters for Parameters {
];
/// COFACTOR_INV = COFACTOR^{-1} mod r
#[rustfmt::skip]
const COFACTOR_INV: Fr = field_new!(Fr, BigInteger256([
0x7fff17d53ff2895e,
0xd0617390cf7919e5,
0xb9af426b22d0eb61,
0x270485e31bd72a4d,
]));
const COFACTOR_INV: Fr =
MontFp!("10944121435919637613327163357776759465618812564592884533313067514031822496649");
}
impl SWCurveConfig for Config {
/// COEFF_A = [0, 0]
const COEFF_A: Fq2 = Fq2::ZERO;
/// COEFF_B = 3/(u+9)
/// (19485874751759354771024239261021720505790618469301721065564631296452457478373, 266929791119991161246907387137283842545076965332900288569378510910307636690)
const COEFF_B: Fq2 = Fq2::new(
MontFp!("19485874751759354771024239261021720505790618469301721065564631296452457478373"),
MontFp!("266929791119991161246907387137283842545076965332900288569378510910307636690"),
);
/// AFFINE_GENERATOR_COEFFS = (G2_GENERATOR_X, G2_GENERATOR_Y)
const AFFINE_GENERATOR_COEFFS: (Self::BaseField, Self::BaseField) =
(G2_GENERATOR_X, G2_GENERATOR_Y);
const GENERATOR: G2Affine = G2Affine::new_unchecked(G2_GENERATOR_X, G2_GENERATOR_Y);
#[inline(always)]
fn mul_by_a(_: &Self::BaseField) -> Self::BaseField {
fn mul_by_a(_: Self::BaseField) -> Self::BaseField {
Self::BaseField::zero()
}
}
#[rustfmt::skip]
pub const G2_GENERATOR_X: Fq2 = field_new!(Fq2, G2_GENERATOR_X_C0, G2_GENERATOR_X_C1);
#[rustfmt::skip]
pub const G2_GENERATOR_Y: Fq2 = field_new!(Fq2, G2_GENERATOR_Y_C0, G2_GENERATOR_Y_C1);
pub const G2_GENERATOR_X: Fq2 = Fq2::new(G2_GENERATOR_X_C0, G2_GENERATOR_X_C1);
pub const G2_GENERATOR_Y: Fq2 = Fq2::new(G2_GENERATOR_Y_C0, G2_GENERATOR_Y_C1);
/// G2_GENERATOR_X_C0 =
/// 10857046999023057135944570762232829481370756359578518086990519993285655852781
#[rustfmt::skip]
pub const G2_GENERATOR_X_C0: Fq = field_new!(Fq, BigInteger256([
0x8e83b5d102bc2026,
0xdceb1935497b0172,
0xfbb8264797811adf,
0x19573841af96503b,
]));
pub const G2_GENERATOR_X_C0: Fq =
MontFp!("10857046999023057135944570762232829481370756359578518086990519993285655852781");
/// G2_GENERATOR_X_C1 =
/// 11559732032986387107991004021392285783925812861821192530917403151452391805634
#[rustfmt::skip]
pub const G2_GENERATOR_X_C1: Fq = field_new!(Fq, BigInteger256([
0xafb4737da84c6140,
0x6043dd5a5802d8c4,
0x09e950fc52a02f86,
0x14fef0833aea7b6b,
]));
pub const G2_GENERATOR_X_C1: Fq =
MontFp!("11559732032986387107991004021392285783925812861821192530917403151452391805634");
/// G2_GENERATOR_Y_C0 =
/// 8495653923123431417604973247489272438418190587263600148770280649306958101930
#[rustfmt::skip]
pub const G2_GENERATOR_Y_C0: Fq = field_new!(Fq, BigInteger256([
0x619dfa9d886be9f6,
0xfe7fd297f59e9b78,
0xff9e1a62231b7dfe,
0x28fd7eebae9e4206,
]));
pub const G2_GENERATOR_Y_C0: Fq =
MontFp!("8495653923123431417604973247489272438418190587263600148770280649306958101930");
/// G2_GENERATOR_Y_C1 =
/// 4082367875863433681332203403145435568316851327593401208105741076214120093531
#[rustfmt::skip]
pub const G2_GENERATOR_Y_C1: Fq = field_new!(Fq, BigInteger256([
0x64095b56c71856ee,
0xdc57f922327d3cbb,
0x55f935be33351076,
0x0da4a0e693fd6482,
]));
pub const G2_GENERATOR_Y_C1: Fq =
MontFp!("4082367875863433681332203403145435568316851327593401208105741076214120093531");

81
bn254/src/curves/mod.rs
View File

@@ -1,18 +1,20 @@
use crate::*;
use ark_ec::{
bn,
bn::{Bn, BnParameters, TwistType},
bn::{Bn, BnConfig, TwistType},
};
use ark_ff::{biginteger::BigInteger256, field_new};
use ark_ff::MontFp;
use crate::*;
pub mod g1;
pub mod g2;
#[cfg(test)]
mod tests;
pub struct Parameters;
pub struct Config;
impl BnParameters for Parameters {
impl BnConfig for Config {
const X: &'static [u64] = &[4965661367192848881];
/// `x` is positive.
const X_IS_NEGATIVE: bool = false;
@@ -21,62 +23,27 @@ impl BnParameters for Parameters {
0, 1, 1, 1, 0, 0, -1, 0, 0, 1, 0, 0, 0, 0, 0, -1, 0, 0, 1, 1, 0, 0, -1, 0, 0, 0, 1, 1, 0,
-1, 0, 0, 1, 0, 1, 1,
];
/// `ate_loop_count` is positive.
const ATE_LOOP_COUNT_IS_NEGATIVE: bool = false;
const TWIST_MUL_BY_Q_X: Fq2 = field_new!(
Fq2,
field_new!(
Fq,
BigInteger256([
0xb5773b104563ab30,
0x347f91c8a9aa6454,
0x7a007127242e0991,
0x1956bcd8118214ec,
])
),
field_new!(
Fq,
BigInteger256([
0x6e849f1ea0aa4757,
0xaa1c7b6d89f89141,
0xb6e713cdfae0ca3a,
0x26694fbb4e82ebc3,
])
),
const TWIST_MUL_BY_Q_X: Fq2 = Fq2::new(
MontFp!("21575463638280843010398324269430826099269044274347216827212613867836435027261"),
MontFp!("10307601595873709700152284273816112264069230130616436755625194854815875713954"),
);
const TWIST_MUL_BY_Q_Y: Fq2 = field_new!(
Fq2,
field_new!(
Fq,
BigInteger256([
0xe4bbdd0c2936b629,
0xbb30f162e133bacb,
0x31a9d1b6f9645366,
0x253570bea500f8dd,
])
),
field_new!(
Fq,
BigInteger256([
0xa1d77ce45ffe77c7,
0x07affd117826d1db,
0x6d16bd27bb7edc6b,
0x2c87200285defecc,
])
),
const TWIST_MUL_BY_Q_Y: Fq2 = Fq2::new(
MontFp!("2821565182194536844548159561693502659359617185244120367078079554186484126554"),
MontFp!("3505843767911556378687030309984248845540243509899259641013678093033130930403"),
);
const TWIST_TYPE: TwistType = TwistType::D;
type Fp = Fq;
type Fp2Params = Fq2Parameters;
type Fp6Params = Fq6Parameters;
type Fp12Params = Fq12Parameters;
type G1Parameters = g1::Parameters;
type G2Parameters = g2::Parameters;
type Fp2Config = Fq2Config;
type Fp6Config = Fq6Config;
type Fp12Config = Fq12Config;
type G1Config = g1::Config;
type G2Config = g2::Config;
}
pub type Bn254 = Bn<Parameters>;
pub type Bn254 = Bn<Config>;
pub type G1Affine = bn::G1Affine<Parameters>;
pub type G1Projective = bn::G1Projective<Parameters>;
pub type G2Affine = bn::G2Affine<Parameters>;
pub type G2Projective = bn::G2Projective<Parameters>;
pub type G1Affine = bn::G1Affine<Config>;
pub type G1Projective = bn::G1Projective<Config>;
pub type G2Affine = bn::G2Affine<Config>;
pub type G2Projective = bn::G2Projective<Config>;

90
bn254/src/curves/tests.rs Normal file → Executable file
View File

@@ -1,85 +1,9 @@
#![allow(unused_imports)]
use ark_ec::{models::SWModelParameters, AffineCurve, PairingEngine, ProjectiveCurve};
use ark_ff::{
fields::{Field, FpParameters, PrimeField, SquareRootField},
test_rng, One, Zero,
};
use ark_serialize::CanonicalSerialize;
use core::ops::{AddAssign, MulAssign};
use rand::Rng;
use ark_algebra_test_templates::*;
use ark_ff::fields::Field;
use crate::{g1, g2, Bn254, Fq, Fq12, Fq2, Fr, G1Affine, G1Projective, G2Affine, G2Projective};
use crate::{Bn254, G1Projective, G2Projective};
use ark_curve_tests::{curves::*, groups::*};
#[test]
fn test_g1_projective_curve() {
curve_tests::<G1Projective>();
sw_tests::<g1::Parameters>();
}
#[test]
fn test_g1_projective_group() {
let mut rng = test_rng();
let a: G1Projective = rng.gen();
let b: G1Projective = rng.gen();
group_test(a, b);
}
#[test]
fn test_g1_generator() {
let generator = G1Affine::prime_subgroup_generator();
assert!(generator.is_on_curve());
assert!(generator.is_in_correct_subgroup_assuming_on_curve());
}
#[test]
fn test_g2_projective_curve() {
curve_tests::<G2Projective>();
sw_tests::<g2::Parameters>();
}
#[test]
fn test_g2_projective_group() {
let mut rng = test_rng();
let a: G2Projective = rng.gen();
let b: G2Projective = rng.gen();
group_test(a, b);
}
#[test]
fn test_g2_generator() {
let generator = G2Affine::prime_subgroup_generator();
assert!(generator.is_on_curve());
assert!(generator.is_in_correct_subgroup_assuming_on_curve());
}
#[test]
fn test_bilinearity() {
let mut rng = test_rng();
let a: G1Projective = rng.gen();
let b: G2Projective = rng.gen();
let s: Fr = rng.gen();
let mut sa = a;
sa.mul_assign(s);
let mut sb = b;
sb.mul_assign(s);
let ans1 = Bn254::pairing(sa, b);
let ans2 = Bn254::pairing(a, sb);
let ans3 = Bn254::pairing(a, b).pow(s.into_repr());
assert_eq!(ans1, ans2);
assert_eq!(ans2, ans3);
assert_ne!(ans1, Fq12::one());
assert_ne!(ans2, Fq12::one());
assert_ne!(ans3, Fq12::one());
assert_eq!(ans1.pow(Fr::characteristic()), Fq12::one());
assert_eq!(ans2.pow(Fr::characteristic()), Fq12::one());
assert_eq!(ans3.pow(Fr::characteristic()), Fq12::one());
}
test_group!(g1; G1Projective; sw);
test_group!(g2; G2Projective; sw);
test_group!(pairing_output; ark_ec::pairing::PairingOutput<Bn254>; msm);
test_pairing!(pairing; crate::Bn254);

101
bn254/src/fields/fq.rs
View File

@@ -1,96 +1,7 @@
use ark_ff::{biginteger::BigInteger256 as BigInteger, field_new, fields::*};
use ark_ff::fields::{Fp256, MontBackend, MontConfig};
pub type Fq = Fp256<FqParameters>;
pub struct FqParameters;
impl Fp256Parameters for FqParameters {}
impl FftParameters for FqParameters {
type BigInt = BigInteger;
const TWO_ADICITY: u32 = 1;
#[rustfmt::skip]
const TWO_ADIC_ROOT_OF_UNITY: BigInteger = BigInteger([
0x68c3488912edefaa,
0x8d087f6872aabf4f,
0x51e1a24709081231,
0x2259d6b14729c0fa,
]);
}
impl FpParameters for FqParameters {
/// MODULUS = 258664426012969094010652733694893533536393512754914660539884262666720468348340822774968888139573360124440321458177
#[rustfmt::skip]
const MODULUS: BigInteger = BigInteger([
0x3c208c16d87cfd47,
0x97816a916871ca8d,
0xb85045b68181585d,
0x30644e72e131a029,
]);
const MODULUS_BITS: u32 = 254;
const CAPACITY: u32 = Self::MODULUS_BITS - 1;
const REPR_SHAVE_BITS: u32 = 2;
#[rustfmt::skip]
const R: BigInteger = BigInteger([
0xd35d438dc58f0d9d,
0x0a78eb28f5c70b3d,
0x666ea36f7879462c,
0xe0a77c19a07df2f,
]);
#[rustfmt::skip]
const R2: BigInteger = BigInteger([
0xf32cfc5b538afa89,
0xb5e71911d44501fb,
0x47ab1eff0a417ff6,
0x6d89f71cab8351f,
]);
const INV: u64 = 9786893198990664585u64;
// GENERATOR = 3
#[rustfmt::skip]
const GENERATOR: BigInteger = BigInteger([
0x7a17caa950ad28d7,
0x1f6ac17ae15521b9,
0x334bea4e696bd284,
0x2a1f6744ce179d8e,
]);
#[rustfmt::skip]
const MODULUS_MINUS_ONE_DIV_TWO: BigInteger = BigInteger([
0x9e10460b6c3e7ea3,
0xcbc0b548b438e546,
0xdc2822db40c0ac2e,
0x183227397098d014,
]);
// T and T_MINUS_ONE_DIV_TWO, where MODULUS - 1 = 2^S * T
// T = (MODULUS - 1) // 2^S =
// 10944121435919637611123202872628637544348155578648911831344518947322613104291
#[rustfmt::skip]
const T: BigInteger = BigInteger([
0x9e10460b6c3e7ea3,
0xcbc0b548b438e546,
0xdc2822db40c0ac2e,
0x183227397098d014,
]);
// (T - 1) // 2 =
// 1837921289030710838195067919506396475074392872918698035817074744121558668640693829665401097909504529
#[rustfmt::skip]
const T_MINUS_ONE_DIV_TWO: BigInteger = BigInteger([
0x4f082305b61f3f51,
0x65e05aa45a1c72a3,
0x6e14116da0605617,
0xc19139cb84c680a,
]);
}
pub const FQ_ONE: Fq = field_new!(Fq, FqParameters::R);
pub const FQ_ZERO: Fq = field_new!(Fq, BigInteger([0, 0, 0, 0]));
#[derive(MontConfig)]
#[modulus = "21888242871839275222246405745257275088696311157297823662689037894645226208583"]
#[generator = "3"]
pub struct FqConfig;
pub type Fq = Fp256<MontBackend<FqConfig, 4>>;

186
bn254/src/fields/fq12.rs
View File

@@ -1,159 +1,89 @@
use super::*;
use ark_ff::{biginteger::BigInteger256, field_new, fields::*};
use ark_ff::{fields::*, MontFp};
pub type Fq12 = Fp12<Fq12Parameters>;
use crate::*;
pub type Fq12 = Fp12<Fq12Config>;
#[derive(Clone, Copy)]
pub struct Fq12Parameters;
pub struct Fq12Config;
impl Fp12Parameters for Fq12Parameters {
type Fp6Params = Fq6Parameters;
impl Fp12Config for Fq12Config {
type Fp6Config = Fq6Config;
const NONRESIDUE: Fq6 = field_new!(Fq6, FQ2_ZERO, FQ2_ONE, FQ2_ZERO);
const NONRESIDUE: Fq6 = Fq6::new(Fq2::ZERO, Fq2::ONE, Fq2::ZERO);
#[rustfmt::skip]
const FROBENIUS_COEFF_FP12_C1: &'static [Fq2] = &[
// Fp2::NONRESIDUE^(((q^0) - 1) / 6)
FQ2_ONE,
Fq2::new(Fq::ONE, Fq::ZERO),
// Fp2::NONRESIDUE^(((q^1) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, BigInteger256([
0xaf9ba69633144907,
0xca6b1d7387afb78a,
0x11bded5ef08a2087,
0x02f34d751a1f3a7c,
])),
field_new!(Fq, BigInteger256([
0xa222ae234c492d72,
0xd00f02a4565de15b,
0xdc2ff3a253dfc926,
0x10a75716b3899551,
])),
Fq2::new(
MontFp!("8376118865763821496583973867626364092589906065868298776909617916018768340080"),
MontFp!(
"16469823323077808223889137241176536799009286646108169935659301613961712198316"
),
),
// Fp2::NONRESIDUE^(((q^2) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, BigInteger256([
0xca8d800500fa1bf2,
0xf0c5d61468b39769,
0x0e201271ad0d4418,
0x04290f65bad856e6,
])),
FQ_ZERO,
Fq2::new(
MontFp!(
"21888242871839275220042445260109153167277707414472061641714758635765020556617"
),
Fq::ZERO,
),
// Fp2::NONRESIDUE^(((q^3) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, BigInteger256([
0x365316184e46d97d,
0x0af7129ed4c96d9f,
0x659da72fca1009b5,
0x08116d8983a20d23,
])),
field_new!(Fq, BigInteger256([
0xb1df4af7c39c1939,
0x3d9f02878a73bf7f,
0x9b2220928caf0ae0,
0x26684515eff054a6,
])),
Fq2::new(
MontFp!(
"11697423496358154304825782922584725312912383441159505038794027105778954184319"
),
MontFp!("303847389135065887422783454877609941456349188919719272345083954437860409601"),
),
// Fp2::NONRESIDUE^(((q^4) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, BigInteger256([
0x3350c88e13e80b9c,
0x7dce557cdb5e56b9,
0x6001b4b8b615564a,
0x2682e617020217e0,
])),
FQ_ZERO,
Fq2::new(
MontFp!(
"21888242871839275220042445260109153167277707414472061641714758635765020556616"
),
Fq::ZERO,
),
// Fp2::NONRESIDUE^(((q^5) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, BigInteger256([
0x86b76f821b329076,
0x408bf52b4d19b614,
0x53dfb9d0d985e92d,
0x051e20146982d2a7,
])),
field_new!(Fq, BigInteger256([
0x0fbc9cd47752ebc7,
0x6d8fffe33415de24,
0xbef22cf038cf41b9,
0x15c0edff3c66bf54,
])),
Fq2::new(
MontFp!("3321304630594332808241809054958361220322477375291206261884409189760185844239"),
MontFp!("5722266937896532885780051958958348231143373700109372999374820235121374419868"),
),
// Fp2::NONRESIDUE^(((q^6) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, BigInteger256([
0x68c3488912edefaa,
0x8d087f6872aabf4f,
0x51e1a24709081231,
0x2259d6b14729c0fa,
])),
FQ_ZERO,
),
Fq2::new(MontFp!("-1"), Fq::ZERO),
// Fp2::NONRESIDUE^(((q^7) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, BigInteger256([
0x8c84e580a568b440,
0xcd164d1de0c21302,
0xa692585790f737d5,
0x2d7100fdc71265ad,
])),
field_new!(Fq, BigInteger256([
0x99fdddf38c33cfd5,
0xc77267ed1213e931,
0xdc2052142da18f36,
0x1fbcf75c2da80ad7,
])),
Fq2::new(
MontFp!(
"13512124006075453725662431877630910996106405091429524885779419978626457868503"
),
MontFp!("5418419548761466998357268504080738289687024511189653727029736280683514010267"),
),
// Fp2::NONRESIDUE^(((q^8) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, BigInteger256([
0x71930c11d782e155,
0xa6bb947cffbe3323,
0xaa303344d4741444,
0x2c3b3f0d26594943,
])),
FQ_ZERO,
Fq2::new(
MontFp!("2203960485148121921418603742825762020974279258880205651966"),
Fq::ZERO,
),
// Fp2::NONRESIDUE^(((q^9) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, BigInteger256([
0x05cd75fe8a3623ca,
0x8c8a57f293a85cee,
0x52b29e86b7714ea8,
0x2852e0e95d8f9306,
])),
field_new!(Fq, BigInteger256([
0x8a41411f14e0e40e,
0x59e26809ddfe0b0d,
0x1d2e2523f4d24d7d,
0x09fc095cf1414b83,
])),
Fq2::new(
MontFp!(
"10190819375481120917420622822672549775783927716138318623895010788866272024264"
),
MontFp!(
"21584395482704209334823622290379665147239961968378104390343953940207365798982"
),
),
// Fp2::NONRESIDUE^(((q^10) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, BigInteger256([
0x08cfc388c494f1ab,
0x19b315148d1373d4,
0x584e90fdcb6c0213,
0x09e1685bdf2f8849,
])),
FQ_ZERO,
Fq2::new(
MontFp!("2203960485148121921418603742825762020974279258880205651967"),
Fq::ZERO,
),
// Fp2::NONRESIDUE^(((q^11) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, BigInteger256([
0xb5691c94bd4a6cd1,
0x56f575661b581478,
0x64708be5a7fb6f30,
0x2b462e5e77aecd82,
])),
field_new!(Fq, BigInteger256([
0x2c63ef42612a1180,
0x29f16aae345bec69,
0xf95e18c648b216a4,
0x1aa36073a4cae0d4,
])),
Fq2::new(
MontFp!(
"18566938241244942414004596690298913868373833782006617400804628704885040364344"
),
MontFp!(
"16165975933942742336466353786298926857552937457188450663314217659523851788715"
),
),
];
}

58
bn254/src/fields/fq2.rs
View File

@@ -1,63 +1,27 @@
use super::*;
use ark_ff::{biginteger::BigInteger256 as BigInteger, field_new, fields::*};
use ark_ff::{fields::*, MontFp};
pub type Fq2 = Fp2<Fq2Parameters>;
use crate::*;
pub struct Fq2Parameters;
pub type Fq2 = Fp2<Fq2Config>;
impl Fp2Parameters for Fq2Parameters {
pub struct Fq2Config;
impl Fp2Config for Fq2Config {
type Fp = Fq;
/// NONRESIDUE = -1
#[rustfmt::skip]
const NONRESIDUE: Fq = field_new!(Fq, BigInteger([
0x68c3488912edefaa,
0x8d087f6872aabf4f,
0x51e1a24709081231,
0x2259d6b14729c0fa,
]));
/// QUADRATIC_NONRESIDUE = U+2
#[rustfmt::skip]
const QUADRATIC_NONRESIDUE: (Fq, Fq) = (
field_new!(Fq, BigInteger([
12014063508332092218u64,
1509222997478479483u64,
14762033076929465432u64,
2023505479389396574u64,
])),
field_new!(Fq, BigInteger([
202099033278250856u64,
8885205928937022213u64,
5545221690922665192u64,
39800542322357402u64,
])),
);
const NONRESIDUE: Fq = MontFp!("-1");
/// Coefficients for the Frobenius automorphism.
#[rustfmt::skip]
const FROBENIUS_COEFF_FP2_C1: &'static [Fq] = &[
// NONRESIDUE**(((q^0) - 1) / 2)
field_new!(Fq, BigInteger([
0xd35d438dc58f0d9d,
0x0a78eb28f5c70b3d,
0x666ea36f7879462c,
0xe0a77c19a07df2f,
])),
Fq::ONE,
// NONRESIDUE**(((q^1) - 1) / 2)
field_new!(Fq, BigInteger([
0x68c3488912edefaa,
0x8d087f6872aabf4f,
0x51e1a24709081231,
0x2259d6b14729c0fa,
])),
MontFp!("-1"),
];
#[inline(always)]
fn mul_fp_by_nonresidue(fe: &Self::Fp) -> Self::Fp {
-(*fe)
fn mul_fp_by_nonresidue_in_place(fe: &mut Self::Fp) -> &mut Self::Fp {
fe.neg_in_place()
}
}
pub const FQ2_ZERO: Fq2 = field_new!(Fq2, FQ_ZERO, FQ_ZERO);
pub const FQ2_ONE: Fq2 = field_new!(Fq2, FQ_ONE, FQ_ZERO);

218
bn254/src/fields/fq6.rs
View File

@@ -1,195 +1,105 @@
use super::*;
use ark_ff::{biginteger::BigInteger256, field_new, fields::*};
use ark_ff::{fields::*, MontFp};
pub type Fq6 = Fp6<Fq6Parameters>;
use crate::*;
pub type Fq6 = Fp6<Fq6Config>;
#[derive(Clone, Copy)]
pub struct Fq6Parameters;
pub struct Fq6Config;
impl Fp6Parameters for Fq6Parameters {
type Fp2Params = Fq2Parameters;
impl Fp6Config for Fq6Config {
type Fp2Config = Fq2Config;
/// NONRESIDUE = U+9
#[rustfmt::skip]
const NONRESIDUE: Fq2 = field_new!(Fq2,
field_new!(Fq, BigInteger256([
0xf60647ce410d7ff7,
0x2f3d6f4dd31bd011,
0x2943337e3940c6d1,
0x1d9598e8a7e39857,
])),
field_new!(Fq, BigInteger256([
202099033278250856u64,
8885205928937022213u64,
5545221690922665192u64,
39800542322357402u64,
])),
);
const NONRESIDUE: Fq2 = Fq2::new(MontFp!("9"), Fq::ONE);
#[rustfmt::skip]
const FROBENIUS_COEFF_FP6_C1: &'static [Fq2] = &[
// Fp2::NONRESIDUE^(((q^0) - 1) / 3)
field_new!(Fq2,
field_new!(Fq, BigInteger256([
0xd35d438dc58f0d9d,
0x0a78eb28f5c70b3d,
0x666ea36f7879462c,
0xe0a77c19a07df2f,
])),
field_new!(Fq, BigInteger256([0x0, 0x0, 0x0, 0x0])),
),
Fq2::new(Fq::ONE, Fq::ZERO),
// Fp2::NONRESIDUE^(((q^1) - 1) / 3)
field_new!(Fq2,
field_new!(Fq, BigInteger256([
0xb5773b104563ab30,
0x347f91c8a9aa6454,
0x7a007127242e0991,
0x1956bcd8118214ec,
])),
field_new!(Fq, BigInteger256([
0x6e849f1ea0aa4757,
0xaa1c7b6d89f89141,
0xb6e713cdfae0ca3a,
0x26694fbb4e82ebc3,
])),
Fq2::new(
MontFp!(
"21575463638280843010398324269430826099269044274347216827212613867836435027261"
),
MontFp!(
"10307601595873709700152284273816112264069230130616436755625194854815875713954"
),
),
// Fp2::NONRESIDUE^(((q^2) - 1) / 3)
field_new!(Fq2,
field_new!(Fq, BigInteger256([
0x3350c88e13e80b9c,
0x7dce557cdb5e56b9,
0x6001b4b8b615564a,
0x2682e617020217e0,
])),
field_new!(Fq, BigInteger256([0x0, 0x0, 0x0, 0x0])),
Fq2::new(
MontFp!(
"21888242871839275220042445260109153167277707414472061641714758635765020556616"
),
Fq::ZERO,
),
// Fp2::NONRESIDUE^(((q^3) - 1) / 3)
field_new!(Fq2,
field_new!(Fq, BigInteger256([
0xc9af22f716ad6bad,
0xb311782a4aa662b2,
0x19eeaf64e248c7f4,
0x20273e77e3439f82,
])),
field_new!(Fq, BigInteger256([
0xacc02860f7ce93ac,
0x3933d5817ba76b4c,
0x69e6188b446c8467,
0xa46036d4417cc55,
])),
Fq2::new(
MontFp!("3772000881919853776433695186713858239009073593817195771773381919316419345261"),
MontFp!("2236595495967245188281701248203181795121068902605861227855261137820944008926"),
),
// Fp2::NONRESIDUE^(((q^4) - 1) / 3)
field_new!(Fq2,
field_new!(Fq, BigInteger256([
0x71930c11d782e155,
0xa6bb947cffbe3323,
0xaa303344d4741444,
0x2c3b3f0d26594943,
])),
field_new!(Fq, BigInteger256([0x0, 0x0, 0x0, 0x0])),
Fq2::new(
MontFp!("2203960485148121921418603742825762020974279258880205651966"),
Fq::ZERO,
),
// Fp2::NONRESIDUE^(((q^5) - 1) / 3)
field_new!(Fq2,
field_new!(Fq, BigInteger256([
0xf91aba2654e8e3b1,
0x4771cb2fdc92ce12,
0xdcb16ae0fc8bdf35,
0x274aa195cd9d8be4,
])),
field_new!(Fq, BigInteger256([
0x5cfc50ae18811f8b,
0x4bb28433cb43988c,
0x4fd35f13c3b56219,
0x301949bd2fc8883a,
])),
Fq2::new(
MontFp!(
"18429021223477853657660792034369865839114504446431234726392080002137598044644"
),
MontFp!("9344045779998320333812420223237981029506012124075525679208581902008406485703"),
),
];
#[rustfmt::skip]
const FROBENIUS_COEFF_FP6_C2: &'static [Fq2] = &[
// Fp2::NONRESIDUE^((2*(q^0) - 2) / 3)
field_new!(Fq2,
field_new!(Fq, BigInteger256([
0xd35d438dc58f0d9d,
0x0a78eb28f5c70b3d,
0x666ea36f7879462c,
0xe0a77c19a07df2f,
])),
field_new!(Fq, BigInteger256([0x0, 0x0, 0x0, 0x0])),
),
Fq2::new(Fq::ONE, Fq::ZERO),
// Fp2::NONRESIDUE^((2*(q^1) - 2) / 3)
field_new!(Fq2,
field_new!(Fq, BigInteger256([
0x7361d77f843abe92,
0xa5bb2bd3273411fb,
0x9c941f314b3e2399,
0x15df9cddbb9fd3ec,
])),
field_new!(Fq, BigInteger256([
0x5dddfd154bd8c949,
0x62cb29a5a4445b60,
0x37bc870a0c7dd2b9,
0x24830a9d3171f0fd,
])),
Fq2::new(
MontFp!("2581911344467009335267311115468803099551665605076196740867805258568234346338"),
MontFp!(
"19937756971775647987995932169929341994314640652964949448313374472400716661030"
),
),
// Fp2::NONRESIDUE^((2*(q^2) - 2) / 3)
field_new!(Fq2,
field_new!(Fq, BigInteger256([
0x71930c11d782e155,
0xa6bb947cffbe3323,
0xaa303344d4741444,
0x2c3b3f0d26594943,
])),
field_new!(Fq, BigInteger256([0x0, 0x0, 0x0, 0x0])),
Fq2::new(
MontFp!("2203960485148121921418603742825762020974279258880205651966"),
Fq::ZERO,
),
// Fp2::NONRESIDUE^((2*(q^3) - 2) / 3)
field_new!(Fq2,
field_new!(Fq, BigInteger256([
0x448a93a57b6762df,
0xbfd62df528fdeadf,
0xd858f5d00e9bd47a,
0x6b03d4d3476ec58,
])),
field_new!(Fq, BigInteger256([
0x2b19daf4bcc936d1,
0xa1a54e7a56f4299f,
0xb533eee05adeaef1,
0x170c812b84dda0b2,
])),
Fq2::new(
MontFp!("5324479202449903542726783395506214481928257762400643279780343368557297135718"),
MontFp!(
"16208900380737693084919495127334387981393726419856888799917914180988844123039"
),
),
// Fp2::NONRESIDUE^((2*(q^4) - 2) / 3)
field_new!(Fq2,
field_new!(Fq, BigInteger256([
0x3350c88e13e80b9c,
0x7dce557cdb5e56b9,
0x6001b4b8b615564a,
0x2682e617020217e0,
])),
field_new!(Fq, BigInteger256([0x0, 0x0, 0x0, 0x0])),
Fq2::new(
MontFp!(
"21888242871839275220042445260109153167277707414472061641714758635765020556616"
),
Fq::ZERO,
),
// Fp2::NONRESIDUE^((2*(q^5) - 2) / 3)
field_new!(Fq2,
field_new!(Fq, BigInteger256([
0x843420f1d8dadbd6,
0x31f010c9183fcdb2,
0x436330b527a76049,
0x13d47447f11adfe4,
])),
field_new!(Fq, BigInteger256([
0xef494023a857fa74,
0x2a925d02d5ab101a,
0x83b015829ba62f10,
0x2539111d0c13aea3,
])),
Fq2::new(
MontFp!(
"13981852324922362344252311234282257507216387789820983642040889267519694726527"
),
MontFp!("7629828391165209371577384193250820201684255241773809077146787135900891633097"),
),
];
#[inline(always)]
fn mul_fp2_by_nonresidue(fe: &Fq2) -> Fq2 {
fn mul_fp2_by_nonresidue_in_place(fe: &mut Fq2) -> &mut Fq2 {
// (c0+u*c1)*(9+u) = (9*c0-c1)+u*(9*c1+c0)
let mut f = *fe;
f.double_in_place().double_in_place().double_in_place();
let c0 = f.c0 + fe.c0 + Fq2Parameters::mul_fp_by_nonresidue(&fe.c1);
let mut c0 = fe.c1;
Fq2Config::mul_fp_by_nonresidue_in_place(&mut c0);
c0 += &f.c0;
c0 += &fe.c0;
let c1 = f.c1 + fe.c1 + fe.c0;
field_new!(Fq2, c0, c1)
*fe = Fq2::new(c0, c1);
fe
}
}

100
bn254/src/fields/fr.rs
View File

@@ -1,95 +1,7 @@
use ark_ff::{biginteger::BigInteger256 as BigInteger, fields::*};
use ark_ff::fields::{Fp256, MontBackend, MontConfig};
pub type Fr = Fp256<FrParameters>;
pub struct FrParameters;
impl Fp256Parameters for FrParameters {}
impl FftParameters for FrParameters {
type BigInt = BigInteger;
const TWO_ADICITY: u32 = 28;
#[rustfmt::skip]
const TWO_ADIC_ROOT_OF_UNITY: BigInteger = BigInteger([
7164790868263648668u64,
11685701338293206998u64,
6216421865291908056u64,
1756667274303109607u64,
]);
}
impl FpParameters for FrParameters {
/// MODULUS = 21888242871839275222246405745257275088548364400416034343698204186575808495617
#[rustfmt::skip]
const MODULUS: BigInteger = BigInteger([
4891460686036598785u64,
2896914383306846353u64,
13281191951274694749u64,
3486998266802970665u64,
]);
const MODULUS_BITS: u32 = 254;
const CAPACITY: u32 = Self::MODULUS_BITS - 1;
const REPR_SHAVE_BITS: u32 = 2;
#[rustfmt::skip]
const R: BigInteger = BigInteger([
12436184717236109307u64,
3962172157175319849u64,
7381016538464732718u64,
1011752739694698287u64,
]);
#[rustfmt::skip]
const R2: BigInteger = BigInteger([
1997599621687373223u64,
6052339484930628067u64,
10108755138030829701u64,
150537098327114917u64,
]);
const INV: u64 = 14042775128853446655u64;
// GENERATOR = 5
#[rustfmt::skip]
const GENERATOR: BigInteger = BigInteger([
1949230679015292902u64,
16913946402569752895u64,
5177146667339417225u64,
1571765431670520771u64,
]);
/// (r - 1)/2 =
/// 10944121435919637611123202872628637544274182200208017171849102093287904247808
#[rustfmt::skip]
const MODULUS_MINUS_ONE_DIV_TWO: BigInteger = BigInteger([
0xa1f0fac9f8000000,
0x9419f4243cdcb848,
0xdc2822db40c0ac2e,
0x183227397098d014,
]);
// T and T_MINUS_ONE_DIV_TWO, where r - 1 = 2^s * t
/// t = (r - 1) / 2^s =
/// 81540058820840996586704275553141814055101440848469862132140264610111
#[rustfmt::skip]
const T: BigInteger = BigInteger([
0x9b9709143e1f593f,
0x181585d2833e8487,
0x131a029b85045b68,
0x30644e72e,
]);
/// (t - 1) / 2 =
/// 40770029410420498293352137776570907027550720424234931066070132305055
#[rustfmt::skip]
const T_MINUS_ONE_DIV_TWO: BigInteger = BigInteger([
0xcdcb848a1f0fac9f,
0x0c0ac2e9419f4243,
0x098d014dc2822db4,
0x183227397,
]);
}
#[derive(MontConfig)]
#[modulus = "21888242871839275222246405745257275088548364400416034343698204186575808495617"]
#[generator = "5"]
pub struct FrConfig;
pub type Fr = Fp256<MontBackend<FrConfig, 4>>;

365
bn254/src/fields/tests.rs
View File

@@ -1,123 +1,51 @@
use ark_algebra_test_templates::*;
use ark_ff::{
biginteger::{BigInteger, BigInteger256},
fields::{
fp6_3over2::Fp6Parameters, FftField, FftParameters, Field, FpParameters, PrimeField,
SquareRootField,
},
test_rng, One, UniformRand, Zero,
biginteger::{BigInt, BigInteger, BigInteger256},
fields::{FftField, Field, Fp6Config, PrimeField},
One, UniformRand, Zero,
};
use ark_serialize::{buffer_bit_byte_size, CanonicalSerialize};
use core::{
use ark_std::{
cmp::Ordering,
ops::{AddAssign, MulAssign, SubAssign},
ops::{AddAssign, MulAssign},
};
use rand::{Rng, SeedableRng};
use rand_xorshift::XorShiftRng;
use crate::{Fq, Fq12, Fq2, Fq6, Fq6Parameters, FqParameters, Fr};
use ark_curve_tests::fields::*;
use crate::{Fq, Fq12, Fq2, Fq6, Fq6Config, Fr};
pub(crate) const ITERATIONS: usize = 5;
#[test]
fn test_fr() {
let mut rng = test_rng();
for _ in 0..ITERATIONS {
let a: Fr = rng.gen();
let b: Fr = rng.gen();
field_test(a, b);
primefield_test::<Fr>();
sqrt_field_test(b);
let byte_size = a.serialized_size();
field_serialization_test::<Fr>(byte_size);
}
}
#[test]
fn test_fq() {
let mut rng = test_rng();
for _ in 0..ITERATIONS {
let a: Fq = rng.gen();
let b: Fq = rng.gen();
field_test(a, b);
primefield_test::<Fq>();
sqrt_field_test(a);
let byte_size = a.serialized_size();
let (_, buffer_size) = buffer_bit_byte_size(Fq::size_in_bits());
assert_eq!(byte_size, buffer_size);
field_serialization_test::<Fq>(byte_size);
}
}
#[test]
fn test_fq2() {
let mut rng = test_rng();
for _ in 0..ITERATIONS {
let a: Fq2 = rng.gen();
let b: Fq2 = rng.gen();
field_test(a, b);
sqrt_field_test(a);
}
frobenius_test::<Fq2, _>(Fq::characteristic(), 13);
let byte_size = Fq2::zero().serialized_size();
field_serialization_test::<Fq2>(byte_size);
}
#[test]
fn test_fq6() {
let mut rng = test_rng();
for _ in 0..ITERATIONS {
let g: Fq6 = rng.gen();
let h: Fq6 = rng.gen();
field_test(g, h);
}
frobenius_test::<Fq6, _>(Fq::characteristic(), 13);
let byte_size = Fq6::zero().serialized_size();
field_serialization_test::<Fq6>(byte_size);
}
#[test]
fn test_fq12() {
let mut rng = test_rng();
for _ in 0..ITERATIONS {
let g: Fq12 = rng.gen();
let h: Fq12 = rng.gen();
field_test(g, h);
}
frobenius_test::<Fq12, _>(Fq::characteristic(), 13);
let byte_size = Fq12::zero().serialized_size();
field_serialization_test::<Fq12>(byte_size);
}
test_field!(fr; Fr; mont_prime_field);
test_field!(fq; Fq; mont_prime_field);
test_field!(fq2; Fq2);
test_field!(fq6; Fq6);
test_field!(fq12; Fq12);
#[test]
fn test_fq_repr_from() {
assert_eq!(BigInteger256::from(100), BigInteger256([100, 0, 0, 0]));
assert_eq!(BigInteger256::from(100u64), BigInt::new([100, 0, 0, 0]));
}
#[test]
fn test_fq_repr_is_odd() {
assert!(!BigInteger256::from(0).is_odd());
assert!(BigInteger256::from(0).is_even());
assert!(BigInteger256::from(1).is_odd());
assert!(!BigInteger256::from(1).is_even());
assert!(!BigInteger256::from(324834872).is_odd());
assert!(BigInteger256::from(324834872).is_even());
assert!(BigInteger256::from(324834873).is_odd());
assert!(!BigInteger256::from(324834873).is_even());
assert!(!BigInteger256::from(0u64).is_odd());
assert!(BigInteger256::from(0u64).is_even());
assert!(BigInteger256::from(1u64).is_odd());
assert!(!BigInteger256::from(1u64).is_even());
assert!(!BigInteger256::from(324834872u64).is_odd());
assert!(BigInteger256::from(324834872u64).is_even());
assert!(BigInteger256::from(324834873u64).is_odd());
assert!(!BigInteger256::from(324834873u64).is_even());
}
#[test]
fn test_fq_repr_is_zero() {
assert!(BigInteger256::from(0).is_zero());
assert!(!BigInteger256::from(1).is_zero());
assert!(!BigInteger256([0, 0, 1, 0]).is_zero());
assert!(BigInteger256::from(0u64).is_zero());
assert!(!BigInteger256::from(1u64).is_zero());
assert!(!BigInt::new([0, 0, 1, 0]).is_zero());
}
#[test]
fn test_fq_repr_num_bits() {
let mut a = BigInteger256::from(0);
let mut a = BigInteger256::from(0u64);
assert_eq!(0, a.num_bits());
a = BigInteger256::from(1);
a = BigInteger256::from(1u64);
for i in 1..257 {
assert_eq!(i, a.num_bits());
a.mul2();
@@ -125,248 +53,35 @@ fn test_fq_repr_num_bits() {
assert_eq!(0, a.num_bits());
}
#[test]
fn test_fq_add_assign() {
// Test associativity
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
for _ in 0..1000 {
// Generate a, b, c and ensure (a + b) + c == a + (b + c).
let a = Fq::rand(&mut rng);
let b = Fq::rand(&mut rng);
let c = Fq::rand(&mut rng);
let mut tmp1 = a;
tmp1.add_assign(&b);
tmp1.add_assign(&c);
let mut tmp2 = b;
tmp2.add_assign(&c);
tmp2.add_assign(&a);
assert_eq!(tmp1, tmp2);
}
}
#[test]
fn test_fq_sub_assign() {
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
for _ in 0..1000 {
// Ensure that (a - b) + (b - a) = 0.
let a = Fq::rand(&mut rng);
let b = Fq::rand(&mut rng);
let mut tmp1 = a;
tmp1.sub_assign(&b);
let mut tmp2 = b;
tmp2.sub_assign(&a);
tmp1.add_assign(&tmp2);
assert!(tmp1.is_zero());
}
}
#[test]
fn test_fq_mul_assign() {
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
for _ in 0..1000000 {
// Ensure that (a * b) * c = a * (b * c)
let a = Fq::rand(&mut rng);
let b = Fq::rand(&mut rng);
let c = Fq::rand(&mut rng);
let mut tmp1 = a;
tmp1.mul_assign(&b);
tmp1.mul_assign(&c);
let mut tmp2 = b;
tmp2.mul_assign(&c);
tmp2.mul_assign(&a);
assert_eq!(tmp1, tmp2);
}
for _ in 0..1000000 {
// Ensure that r * (a + b + c) = r*a + r*b + r*c
let r = Fq::rand(&mut rng);
let mut a = Fq::rand(&mut rng);
let mut b = Fq::rand(&mut rng);
let mut c = Fq::rand(&mut rng);
let mut tmp1 = a;
tmp1.add_assign(&b);
tmp1.add_assign(&c);
tmp1.mul_assign(&r);
a.mul_assign(&r);
b.mul_assign(&r);
c.mul_assign(&r);
a.add_assign(&b);
a.add_assign(&c);
assert_eq!(tmp1, a);
}
}
#[test]
fn test_fq_squaring() {
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
for _ in 0..1000000 {
// Ensure that (a * a) = a^2
let a = Fq::rand(&mut rng);
let mut tmp = a;
tmp.square_in_place();
let mut tmp2 = a;
tmp2.mul_assign(&a);
assert_eq!(tmp, tmp2);
}
}
#[test]
fn test_fq_inverse() {
assert!(Fq::zero().inverse().is_none());
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let one = Fq::one();
for _ in 0..1000 {
// Ensure that a * a^-1 = 1
let mut a = Fq::rand(&mut rng);
let ainv = a.inverse().unwrap();
a.mul_assign(&ainv);
assert_eq!(a, one);
}
}
#[test]
fn test_fq_double_in_place() {
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
for _ in 0..1000 {
// Ensure doubling a is equivalent to adding a to itself.
let mut a = Fq::rand(&mut rng);
let mut b = a;
b.add_assign(&a);
a.double_in_place();
assert_eq!(a, b);
}
}
#[test]
fn test_fq_negate() {
{
let a = -Fq::zero();
assert!(a.is_zero());
}
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
for _ in 0..1000 {
// Ensure (a - (-a)) = 0.
let mut a = Fq::rand(&mut rng);
let b = -a;
a.add_assign(&b);
assert!(a.is_zero());
}
}
#[test]
fn test_fq_pow() {
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
for i in 0..1000 {
// Exponentiate by various small numbers and ensure it consists with repeated
// multiplication.
let a = Fq::rand(&mut rng);
let target = a.pow(&[i]);
let mut c = Fq::one();
for _ in 0..i {
c.mul_assign(&a);
}
assert_eq!(c, target);
}
for _ in 0..1000 {
// Exponentiating by the modulus should have no effect in a prime field.
let a = Fq::rand(&mut rng);
assert_eq!(a, a.pow(Fq::characteristic()));
}
}
#[test]
fn test_fq_sqrt() {
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
assert_eq!(Fq::zero().sqrt().unwrap(), Fq::zero());
for _ in 0..1000 {
// Ensure sqrt(a^2) = a or -a
let a = Fq::rand(&mut rng);
let nega = -a;
let mut b = a;
b.square_in_place();
let b = b.sqrt().unwrap();
assert!(a == b || nega == b);
}
for _ in 0..1000 {
// Ensure sqrt(a)^2 = a for random a
let a = Fq::rand(&mut rng);
if let Some(mut tmp) = a.sqrt() {
tmp.square_in_place();
assert_eq!(a, tmp);
}
}
}
#[test]
fn test_fq_num_bits() {
assert_eq!(FqParameters::MODULUS_BITS, 254);
assert_eq!(FqParameters::CAPACITY, 253);
assert_eq!(Fq::MODULUS_BIT_SIZE, 254);
}
#[test]
fn test_fq_root_of_unity() {
assert_eq!(FqParameters::TWO_ADICITY, 1);
assert_eq!(Fq::TWO_ADICITY, 1);
assert_eq!(
Fq::multiplicative_generator().pow([
Fq::GENERATOR.pow([
0x9e10460b6c3e7ea3,
0xcbc0b548b438e546,
0xdc2822db40c0ac2e,
0x183227397098d014,
]),
Fq::two_adic_root_of_unity()
Fq::TWO_ADIC_ROOT_OF_UNITY
);
assert_eq!(
Fq::two_adic_root_of_unity().pow([1 << FqParameters::TWO_ADICITY]),
Fq::TWO_ADIC_ROOT_OF_UNITY.pow([1 << Fq::TWO_ADICITY]),
Fq::one()
);
assert!(Fq::multiplicative_generator().sqrt().is_none());
assert!(Fq::GENERATOR.sqrt().is_none());
}
#[test]
fn test_fq_ordering() {
// BigInteger256's ordering is well-tested, but we still need to make sure the
// Fq elements aren't being compared in Montgomery form.
for i in 0..100 {
for i in 0..100u64 {
assert!(Fq::from(BigInteger256::from(i + 1)) > Fq::from(BigInteger256::from(i)));
}
}
@@ -379,11 +94,11 @@ fn test_fq_legendre() {
assert_eq!(Zero, Fq::zero().legendre());
assert_eq!(
QuadraticResidue,
Fq::from(BigInteger256::from(4)).legendre()
Fq::from(BigInteger256::from(4u64)).legendre()
);
assert_eq!(
QuadraticNonResidue,
Fq::from(BigInteger256::from(5)).legendre()
Fq::from(BigInteger256::from(5u64)).legendre()
);
}
@@ -424,13 +139,13 @@ fn test_fq2_legendre() {
// i^2 = -1
let mut m1 = -Fq2::one();
assert_eq!(QuadraticResidue, m1.legendre());
m1 = Fq6Parameters::mul_fp2_by_nonresidue(&m1);
Fq6Config::mul_fp2_by_nonresidue_in_place(&mut m1);
assert_eq!(QuadraticNonResidue, m1.legendre());
}
#[test]
fn test_fq6_mul_by_1() {
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let mut rng = ark_std::test_rng();
for _ in 0..1000 {
let c1 = Fq2::rand(&mut rng);
@@ -446,7 +161,7 @@ fn test_fq6_mul_by_1() {
#[test]
fn test_fq6_mul_by_01() {
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let mut rng = ark_std::test_rng();
for _ in 0..1000 {
let c0 = Fq2::rand(&mut rng);
@@ -463,7 +178,7 @@ fn test_fq6_mul_by_01() {
#[test]
fn test_fq12_mul_by_014() {
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let mut rng = ark_std::test_rng();
for _ in 0..1000 {
let c0 = Fq2::rand(&mut rng);
@@ -484,7 +199,7 @@ fn test_fq12_mul_by_014() {
#[test]
fn test_fq12_mul_by_034() {
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let mut rng = ark_std::test_rng();
for _ in 0..1000 {
let c0 = Fq2::rand(&mut rng);

16
bn254/src/lib.rs Normal file → Executable file
View File

@@ -8,7 +8,7 @@
)]
#![forbid(unsafe_code)]
//! This library implements the BN254 curve that was sampled as part of the [[BCTV14]][https://eprint.iacr.org/2013/879.pdf] paper .
//! This library implements the BN254 curve that was sampled as part of the [\[BCTV14\]](https://eprint.iacr.org/2013/879.pdf) paper .
//! The name denotes that it is a Barreto--Naehrig curve of embedding degree 12,
//! defined over a 254-bit (prime) field. The scalar field is highly 2-adic.
//!
@@ -20,14 +20,17 @@
//!
//!
//! Curve information:
//! * Base field: q = 21888242871839275222246405745257275088696311157297823662689037894645226208583
//! * Scalar field: r = 21888242871839275222246405745257275088548364400416034343698204186575808495617
//! * Base field: q =
//! 21888242871839275222246405745257275088696311157297823662689037894645226208583
//! * Scalar field: r =
//! 21888242871839275222246405745257275088548364400416034343698204186575808495617
//! * valuation(q - 1, 2) = 1
//! * valuation(r - 1, 2) = 28
//! * G1 curve equation: y^2 = x^3 + 3
//! * G2 curve equation: y^2 = x^3 + B, where
//! * B = 3/(u+9) where Fq2[u]=Fq/u+1
//! = Fq2(19485874751759354771024239261021720505790618469301721065564631296452457478373, 266929791119991161246907387137283842545076965332900288569378510910307636690)
//! * B = 3/(u+9) where Fq2 is represented as Fq\[u\]/(u^2+1) =
//! Fq2(19485874751759354771024239261021720505790618469301721065564631296452457478373,
//! 266929791119991161246907387137283842545076965332900288569378510910307636690)
#[cfg(feature = "curve")]
mod curves;
@@ -38,3 +41,6 @@ mod fields;
pub use curves::*;
pub use fields::*;
#[cfg(feature = "r1cs")]
pub mod constraints;

30
bw6_761/Cargo.toml
View File

@@ -1,29 +1,33 @@
[package]
name = "ark-bw6-761"
version = "0.1.0"
version = "0.4.0-alpha.2"
authors = [ "arkworks contributors" ]
description = "The BW6-761 pairing-friendly elliptic curve"
homepage = "https://arworks.rs"
repository = "https://github.com/arkworks/algebra"
homepage = "https://arkworks.rs"
repository = "https://github.com/arkworks-rs/curves"
documentation = "https://docs.rs/ark-bw6-761/"
keywords = ["cryptography", "finite fields", "elliptic curves" ]
keywords = ["cryptography", "finite-fields", "elliptic-curves" ]
categories = ["cryptography"]
include = ["Cargo.toml", "src", "README.md", "LICENSE-APACHE", "LICENSE-MIT"]
license = "MIT/Apache-2.0"
edition = "2018"
edition = "2021"
[dependencies]
ark-ff = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-ec = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-std = { git = "https://github.com/arkworks-rs/utils", default-features = false }
ark-bls12-377 = { path = "../bls12_377", default-features = false, features = [ "base_field" ] }
ark-ff = { version="0.4.0-alpha", default-features = false }
ark-ec = { version="0.4.0-alpha", default-features = false }
ark-std = { version = "0.4.0-alpha", default-features = false }
ark-bls12-377 = { version = "0.4.0-alpha", path = "../bls12_377", default-features = false, features = [ "base_field" ] }
[dev-dependencies]
ark-serialize = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-curve-tests = { path = "../curve-tests", default-features = false }
rand = { version = "0.7", default-features = false }
rand_xorshift = "0.2"
ark-serialize = { version = "0.4.0-alpha", default-features = false }
ark-algebra-test-templates = { version = "0.4.0-alpha", default-features = false }
ark-algebra-bench-templates = { version = "0.4.0-alpha", default-features = false }
[features]
default = []
std = [ "ark-std/std", "ark-ff/std", "ark-ec/std", "ark-bls12-377/std" ]
[[bench]]
name = "bw6_761"
path = "benches/bw6_761.rs"
harness = false

0
curve-benches/LICENSE-APACHE → bw6_761/LICENSE-APACHE
View File

0
curve-benches/LICENSE-MIT → bw6_761/LICENSE-MIT
View File

16
bw6_761/benches/bw6_761.rs Normal file
View File

@@ -0,0 +1,16 @@
use ark_algebra_bench_templates::*;
use ark_bw6_761::{
fq::Fq, fq3::Fq3, fq6::Fq6, fr::Fr, g1::G1Projective as G1, g2::G2Projective as G2, BW6_761,
};
bench!(
Name = "BW6_761",
Pairing = BW6_761,
G1 = G1,
G2 = G2,
ScalarField = Fr,
G1BaseField = Fq,
G2BaseField = Fq3,
TargetField = Fq6,
);

28
bw6_761/scripts/base_field.sage Normal file
View File

@@ -0,0 +1,28 @@
modulus = 6891450384315732539396789682275657542479668912536150109513790160209623422243491736087683183289411687640864567753786613451161759120554247759349511699125301598951605099378508850372543631423596795951899700429969112842764913119068299
assert(modulus.is_prime())
Fp = GF(modulus)
generator = Fp(0);
for i in range(0, 20):
i = Fp(i);
neg_i = Fp(-i)
if not(i.is_primitive_root() or neg_i.is_primitive_root()):
continue
elif i.is_primitive_root():
assert(i.is_primitive_root());
print("Generator: %d" % i)
generator = i
break
else:
assert(neg_i.is_primitive_root());
print("Generator: %d" % neg_i)
generator = neg_i
break
two_adicity = valuation(modulus - 1, 2);
trace = (modulus - 1) / 2**two_adicity;
two_adic_root_of_unity = generator^trace
print("2-adic Root of Unity: %d " % two_adic_root_of_unity)

28
bw6_761/scripts/scalar_field.sage Normal file
View File

@@ -0,0 +1,28 @@
modulus = 258664426012969094010652733694893533536393512754914660539884262666720468348340822774968888139573360124440321458177
assert(modulus.is_prime())
Fp = GF(modulus)
generator = Fp(0);
for i in range(0, 20):
i = Fp(i);
neg_i = Fp(-i)
if not(i.is_primitive_root() or neg_i.is_primitive_root()):
continue
elif i.is_primitive_root():
assert(i.is_primitive_root());
print("Generator: %d" % i)
generator = i
break
else:
assert(neg_i.is_primitive_root());
print("Generator: %d" % neg_i)
generator = neg_i
break
two_adicity = valuation(modulus - 1, 2);
trace = (modulus - 1) / 2**two_adicity;
two_adic_root_of_unity = generator^trace
print("2-adic Root of Unity: %d " % two_adic_root_of_unity)

99
bw6_761/src/curves/g1.rs
View File

@@ -1,46 +1,20 @@
use crate::{Fq, Fr};
use ark_ec::{
models::{ModelParameters, SWModelParameters},
short_weierstrass_jacobian::{GroupAffine, GroupProjective},
};
use ark_ff::{
biginteger::{BigInteger384, BigInteger768},
field_new,
models::{short_weierstrass::SWCurveConfig, CurveConfig},
short_weierstrass::{Affine, Projective},
};
use ark_ff::{Field, MontFp};
pub type G1Affine = GroupAffine<Parameters>;
pub type G1Projective = GroupProjective<Parameters>;
use crate::{Fq, Fr};
pub type G1Affine = Affine<Config>;
pub type G1Projective = Projective<Config>;
#[derive(Clone, Default, PartialEq, Eq)]
pub struct Parameters;
pub struct Config;
impl ModelParameters for Parameters {
impl CurveConfig for Config {
type BaseField = Fq;
type ScalarField = Fr;
}
impl SWModelParameters for Parameters {
/// COEFF_A = 0
#[rustfmt::skip]
const COEFF_A: Fq = field_new!(Fq, BigInteger768([0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]));
/// COEFF_B = -1
#[rustfmt::skip]
const COEFF_B: Fq = field_new!(Fq, BigInteger768([
0xf29a000000007ab6,
0x8c391832e000739b,
0x77738a6b6870f959,
0xbe36179047832b03,
0x84f3089e56574722,
0xc5a3614ac0b1d984,
0x5c81153f4906e9fe,
0x4d28be3a9f55c815,
0xd72c1d6f77d5f5c5,
0x73a18e069ac04458,
0xf9dfaa846595555f,
0xd0f0a60a5be58c,
]));
/// COFACTOR =
/// 26642435879335816683987677701488073867751118270052650655942102502312977592501693353047140953112195348280268661194876
@@ -56,21 +30,20 @@ impl SWModelParameters for Parameters {
/// COFACTOR^(-1) mod r =
/// 91141326767669940707819291241958318717982251277713150053234367522357946997763584490607453720072232540829942217804
#[rustfmt::skip]
const COFACTOR_INV: Fr = field_new!(Fr, BigInteger384([
489703175600125849,
3883341943836920852,
1678256062427438196,
5848789333018172718,
7127967896440782320,
71512347676739162,
]));
const COFACTOR_INV: Fr = MontFp!("91141326767669940707819291241958318717982251277713150053234367522357946997763584490607453720072232540829942217804");
}
impl SWCurveConfig for Config {
/// COEFF_A = 0
const COEFF_A: Fq = Fq::ZERO;
/// COEFF_B = -1
const COEFF_B: Fq = MontFp!("-1");
/// AFFINE_GENERATOR_COEFFS = (G1_GENERATOR_X, G1_GENERATOR_Y)
const AFFINE_GENERATOR_COEFFS: (Self::BaseField, Self::BaseField) =
(G1_GENERATOR_X, G1_GENERATOR_Y);
const GENERATOR: G1Affine = G1Affine::new_unchecked(G1_GENERATOR_X, G1_GENERATOR_Y);
#[inline(always)]
fn mul_by_a(_elem: &Self::BaseField) -> Self::BaseField {
fn mul_by_a(_elem: Self::BaseField) -> Self::BaseField {
use ark_ff::Zero;
Self::BaseField::zero()
}
@@ -78,36 +51,8 @@ impl SWModelParameters for Parameters {
/// G1_GENERATOR_X =
/// 6238772257594679368032145693622812838779005809760824733138787810501188623461307351759238099287535516224314149266511977132140828635950940021790489507611754366317801811090811367945064510304504157188661901055903167026722666149426237
#[rustfmt::skip]
pub const G1_GENERATOR_X: Fq = field_new!(Fq, BigInteger768([
0xd6e42d7614c2d770,
0x4bb886eddbc3fc21,
0x64648b044098b4d2,
0x1a585c895a422985,
0xf1a9ac17cf8685c9,
0x352785830727aea5,
0xddf8cb12306266fe,
0x6913b4bfbc9e949a,
0x3a4b78d67ba5f6ab,
0x0f481c06a8d02a04,
0x91d4e7365c43edac,
0xf4d17cd48beca5,
]));
pub const G1_GENERATOR_X: Fq = MontFp!("6238772257594679368032145693622812838779005809760824733138787810501188623461307351759238099287535516224314149266511977132140828635950940021790489507611754366317801811090811367945064510304504157188661901055903167026722666149426237");
/// G1_GENERATOR_Y =
/// 2101735126520897423911504562215834951148127555913367997162789335052900271653517958562461315794228241561913734371411178226936527683203879553093934185950470971848972085321797958124416462268292467002957525517188485984766314758624099
#[rustfmt::skip]
pub const G1_GENERATOR_Y: Fq = field_new!(Fq, BigInteger768([
0x97e805c4bd16411f,
0x870d844e1ee6dd08,
0x1eba7a37cb9eab4d,
0xd544c4df10b9889a,
0x8fe37f21a33897be,
0xe9bf99a43a0885d2,
0xd7ee0c9e273de139,
0xaa6a9ec7a38dd791,
0x8f95d3fcf765da8e,
0x42326e7db7357c99,
0xe217e407e218695f,
0x9d1eb23b7cf684,
]));
pub const G1_GENERATOR_Y: Fq = MontFp!("2101735126520897423911504562215834951148127555913367997162789335052900271653517958562461315794228241561913734371411178226936527683203879553093934185950470971848972085321797958124416462268292467002957525517188485984766314758624099");

100
bw6_761/src/curves/g2.rs
View File

@@ -1,46 +1,20 @@
use crate::{Fq, Fr};
use ark_ec::{
models::{ModelParameters, SWModelParameters},
short_weierstrass_jacobian::{GroupAffine, GroupProjective},
};
use ark_ff::{
biginteger::{BigInteger384, BigInteger768},
field_new,
models::{short_weierstrass::SWCurveConfig, CurveConfig},
short_weierstrass::{Affine, Projective},
};
use ark_ff::{Field, MontFp};
pub type G2Affine = GroupAffine<Parameters>;
pub type G2Projective = GroupProjective<Parameters>;
use crate::{Fq, Fr};
pub type G2Affine = Affine<Config>;
pub type G2Projective = Projective<Config>;
#[derive(Clone, Default, PartialEq, Eq)]
pub struct Parameters;
pub struct Config;
impl ModelParameters for Parameters {
impl CurveConfig for Config {
type BaseField = Fq;
type ScalarField = Fr;
}
impl SWModelParameters for Parameters {
/// COEFF_A = 0
#[rustfmt::skip]
const COEFF_A: Fq = field_new!(Fq, BigInteger768([0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]));
/// COEFF_B = 4
#[rustfmt::skip]
const COEFF_B: Fq = field_new!(Fq, BigInteger768([
0x136efffffffe16c9,
0x82cf5a6dcffe3319,
0x6458c05f1f0e0741,
0xd10ae605e52a4eda,
0x41ca591c0266e100,
0x7d0fd59c3626929f,
0x9967dc004d00c112,
0x1ccff9c033379af5,
0x9ad6ec10a23f63af,
0x5cec11251a72c235,
0x8d18b1ae789ba83e,
10403402007434220,
]));
/// COFACTOR =
/// 26642435879335816683987677701488073867751118270052650655942102502312977592501693353047140953112195348280268661194869
@@ -56,21 +30,21 @@ impl SWModelParameters for Parameters {
/// COFACTOR^(-1) mod r =
/// 214911522365886453591244899095480747723790054550866810551297776298664428889000553861210287833206024638187939842124
#[rustfmt::skip]
const COFACTOR_INV: Fr = field_new!(Fr, BigInteger384([
14378295991815829998,
14586153992421458638,
9788477762582722914,
12654821707953664524,
15185631607604703397,
26723985783783076,
]));
const COFACTOR_INV: Fr = MontFp!("214911522365886453591244899095480747723790054550866810551297776298664428889000553861210287833206024638187939842124");
}
impl SWCurveConfig for Config {
/// COEFF_A = 0
const COEFF_A: Fq = Fq::ZERO;
/// COEFF_B = 4
const COEFF_B: Fq = MontFp!("4");
/// AFFINE_GENERATOR_COEFFS = (G2_GENERATOR_X, G2_GENERATOR_Y)
const AFFINE_GENERATOR_COEFFS: (Self::BaseField, Self::BaseField) =
(G2_GENERATOR_X, G2_GENERATOR_Y);
const GENERATOR: G2Affine = G2Affine::new_unchecked(G2_GENERATOR_X, G2_GENERATOR_Y);
#[inline(always)]
fn mul_by_a(_elem: &Self::BaseField) -> Self::BaseField {
fn mul_by_a(_elem: Self::BaseField) -> Self::BaseField {
use ark_ff::Zero;
Self::BaseField::zero()
}
@@ -78,36 +52,8 @@ impl SWModelParameters for Parameters {
/// G2_GENERATOR_X =
/// 6445332910596979336035888152774071626898886139774101364933948236926875073754470830732273879639675437155036544153105017729592600560631678554299562762294743927912429096636156401171909259073181112518725201388196280039960074422214428
#[rustfmt::skip]
pub const G2_GENERATOR_X: Fq = field_new!(Fq, BigInteger768([
0x3d902a84cd9f4f78,
0x864e451b8a9c05dd,
0xc2b3c0d6646c5673,
0x17a7682def1ecb9d,
0xbe31a1e0fb768fe3,
0x4df125e09b92d1a6,
0x0943fce635b02ee9,
0xffc8e7ad0605e780,
0x8165c00a39341e95,
0x8ccc2ae90a0f094f,
0x73a8b8cc0ad09e0c,
0x11027e203edd9f4,
]));
pub const G2_GENERATOR_X: Fq = MontFp!("6445332910596979336035888152774071626898886139774101364933948236926875073754470830732273879639675437155036544153105017729592600560631678554299562762294743927912429096636156401171909259073181112518725201388196280039960074422214428");
/// G2_GENERATOR_Y =
/// 562923658089539719386922163444547387757586534741080263946953401595155211934630598999300396317104182598044793758153214972605680357108252243146746187917218885078195819486220416605630144001533548163105316661692978285266378674355041
#[rustfmt::skip]
pub const G2_GENERATOR_Y: Fq = field_new!(Fq, BigInteger768([
0x9a159be4e773f67c,
0x6b957244aa8f4e6b,
0xa27b70c9c945a38c,
0xacb6a09fda11d0ab,
0x3abbdaa9bb6b1291,
0xdbdf642af5694c36,
0xb6360bb9560b369f,
0xac0bd1e822b8d6da,
0xfa355d17afe6945f,
0x8d6a0fc1fbcad35e,
0x72a63c7874409840,
0x114976e5b0db280,
]));
pub const G2_GENERATOR_Y: Fq = MontFp!("562923658089539719386922163444547387757586534741080263946953401595155211934630598999300396317104182598044793758153214972605680357108252243146746187917218885078195819486220416605630144001533548163105316661692978285266378674355041");

31
bw6_761/src/curves/mod.rs
View File

@@ -1,9 +1,10 @@
use crate::*;
use ark_ec::{
bw6,
bw6::{BW6Parameters, TwistType, BW6},
bw6::{BW6Config, TwistType, BW6},
};
use ark_ff::biginteger::BigInteger768 as BigInteger;
use ark_ff::{biginteger::BigInteger768 as BigInteger, BigInt};
use crate::*;
pub mod g1;
pub mod g2;
@@ -12,10 +13,10 @@ pub mod g2;
mod tests;
#[derive(PartialEq, Eq)]
pub struct Parameters;
pub struct Config;
impl BW6Parameters for Parameters {
const X: BigInteger = BigInteger([
impl BW6Config for Config {
const X: BigInteger = BigInt::new([
0x8508c00000000001,
0x0,
0x0,
@@ -47,15 +48,15 @@ impl BW6Parameters for Parameters {
const ATE_LOOP_COUNT_2_IS_NEGATIVE: bool = false;
const TWIST_TYPE: TwistType = TwistType::M;
type Fp = Fq;
type Fp3Params = Fq3Parameters;
type Fp6Params = Fq6Parameters;
type G1Parameters = g1::Parameters;
type G2Parameters = g2::Parameters;
type Fp3Config = Fq3Config;
type Fp6Config = Fq6Config;
type G1Config = g1::Config;
type G2Config = g2::Config;
}
pub type BW6_761 = BW6<Parameters>;
pub type BW6_761 = BW6<Config>;
pub type G1Affine = bw6::G1Affine<Parameters>;
pub type G1Projective = bw6::G1Projective<Parameters>;
pub type G2Affine = bw6::G2Affine<Parameters>;
pub type G2Projective = bw6::G2Projective<Parameters>;
pub type G1Affine = bw6::G1Affine<Config>;
pub type G1Projective = bw6::G1Projective<Config>;
pub type G2Affine = bw6::G2Affine<Config>;
pub type G2Projective = bw6::G2Projective<Config>;

81
bw6_761/src/curves/tests.rs
View File

@@ -1,77 +1,8 @@
use ark_ec::{AffineCurve, PairingEngine, ProjectiveCurve};
use ark_ff::{test_rng, Field, One, PrimeField};
use rand::Rng;
use crate::*;
use ark_algebra_test_templates::*;
use ark_ff::Field;
use ark_curve_tests::{curves::*, groups::*};
#[test]
fn test_g1_projective_curve() {
curve_tests::<G1Projective>();
sw_tests::<g1::Parameters>();
}
#[test]
fn test_g1_projective_group() {
let mut rng = test_rng();
let a: G1Projective = rng.gen();
let b: G1Projective = rng.gen();
group_test(a, b);
}
#[test]
fn test_g1_generator() {
let generator = G1Affine::prime_subgroup_generator();
assert!(generator.is_on_curve());
assert!(generator.is_in_correct_subgroup_assuming_on_curve());
}
#[test]
fn test_g2_projective_curve() {
curve_tests::<G2Projective>();
sw_tests::<g2::Parameters>();
}
#[test]
fn test_g2_projective_group() {
let mut rng = test_rng();
let a: G2Projective = rng.gen();
let b: G2Projective = rng.gen();
group_test(a, b);
}
#[test]
fn test_g2_generator() {
let generator = G2Affine::prime_subgroup_generator();
assert!(generator.is_on_curve());
assert!(generator.is_in_correct_subgroup_assuming_on_curve());
}
#[test]
fn test_bilinearity() {
let mut rng = test_rng();
let a: G1Projective = rng.gen();
let b: G2Projective = rng.gen();
let s: Fr = rng.gen();
let sa = a.mul(s);
let sb = b.mul(s);
let ans1 = BW6_761::pairing(sa, b);
let ans2 = BW6_761::pairing(a, sb);
let ans3 = BW6_761::pairing(a, b).pow(s.into_repr());
assert_eq!(ans1, ans2);
assert_eq!(ans2, ans3);
assert_ne!(ans1, Fq6::one());
assert_ne!(ans2, Fq6::one());
assert_ne!(ans3, Fq6::one());
assert_eq!(ans1.pow(Fr::characteristic()), Fq6::one());
assert_eq!(ans2.pow(Fr::characteristic()), Fq6::one());
assert_eq!(ans3.pow(Fr::characteristic()), Fq6::one());
}
test_group!(g1; G1Projective; sw);
test_group!(g2; G2Projective; sw);
test_group!(pairing_output; ark_ec::pairing::PairingOutput<BW6_761>; msm);
test_pairing!(pairing; crate::BW6_761);

180
bw6_761/src/fields/fq.rs
View File

@@ -1,175 +1,7 @@
use ark_ff::{
biginteger::BigInteger768 as BigInteger,
field_new,
fields::{FftParameters, Fp768, Fp768Parameters, FpParameters},
};
use ark_ff::fields::{Fp768, MontBackend, MontConfig};
pub type Fq = Fp768<FqParameters>;
pub struct FqParameters;
pub const FQ_ONE: Fq = field_new!(Fq, FqParameters::R);
pub const FQ_ZERO: Fq = field_new!(Fq, BigInteger([0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]));
impl Fp768Parameters for FqParameters {}
impl FftParameters for FqParameters {
type BigInt = BigInteger;
// The internal representation of this type is six 64-bit unsigned
// integers in little-endian order. Values are always in
// Montgomery form; i.e., Scalar(a) = aR mod p, with R=2^768.
// (MODULUS - 1) % 2^TWO_ADICITY == 0
const TWO_ADICITY: u32 = 1;
// least_quadratic_nonresidue(MODULUS) in Sage.
#[rustfmt::skip]
const TWO_ADIC_ROOT_OF_UNITY: BigInteger = BigInteger([
17481284903592032950u64,
10104133845767975835u64,
8607375506753517913u64,
13706168424391191299u64,
9580010308493592354u64,
14241333420363995524u64,
6665632285037357566u64,
5559902898979457045u64,
15504799981718861253u64,
8332096944629367896u64,
18005297320867222879u64,
58811391084848524u64,
]);
}
impl FpParameters for FqParameters {
/// MODULUS = 6891450384315732539396789682275657542479668912536150109513790160209623422243491736087683183289411687640864567753786613451161759120554247759349511699125301598951605099378508850372543631423596795951899700429969112842764913119068299
#[rustfmt::skip]
const MODULUS: BigInteger = BigInteger([
0xf49d00000000008b,
0xe6913e6870000082,
0x160cf8aeeaf0a437,
0x98a116c25667a8f8,
0x71dcd3dc73ebff2e,
0x8689c8ed12f9fd90,
0x03cebaff25b42304,
0x707ba638e584e919,
0x528275ef8087be41,
0xb926186a81d14688,
0xd187c94004faff3e,
0x122e824fb83ce0a
]);
const MODULUS_BITS: u32 = 761;
const CAPACITY: u32 = Self::MODULUS_BITS - 1;
// gap to 64-bit machine word
const REPR_SHAVE_BITS: u32 = 7;
// 2^768 % MODULUS
#[rustfmt::skip]
const R: BigInteger = BigInteger([
144959613005956565u64,
6509995272855063783u64,
11428286765660613342u64,
15738672438262922740u64,
17071399330169272331u64,
13899911246788437003u64,
12055474021000362245u64,
2545351818702954755u64,
8887388221587179644u64,
5009280847225881135u64,
15539704305423854047u64,
23071597697427581u64,
]);
// R^2
#[rustfmt::skip]
const R2: BigInteger = BigInteger([
14305184132582319705u64,
8868935336694416555u64,
9196887162930508889u64,
15486798265448570248u64,
5402985275949444416u64,
10893197322525159598u64,
3204916688966998390u64,
12417238192559061753u64,
12426306557607898622u64,
1305582522441154384u64,
10311846026977660324u64,
48736111365249031u64,
]);
// (-1/MODULUS) % 2^64
const INV: u64 = 744663313386281181u64;
/// GENERATOR = 2
// primitive_root(MODULUS)
#[rustfmt::skip]
const GENERATOR: BigInteger = BigInteger([
289919226011913130u64,
13019990545710127566u64,
4409829457611675068u64,
13030600802816293865u64,
15696054586628993047u64,
9353078419867322391u64,
5664203968291172875u64,
5090703637405909511u64,
17774776443174359288u64,
10018561694451762270u64,
12632664537138156478u64,
46143195394855163u64,
]);
// (MODULUS - 1) / 2
#[rustfmt::skip]
const MODULUS_MINUS_ONE_DIV_TWO: BigInteger = BigInteger([
0x7a4e800000000045,
0xf3489f3438000041,
0x0b067c577578521b,
0x4c508b612b33d47c,
0x38ee69ee39f5ff97,
0x4344e476897cfec8,
0x81e75d7f92da1182,
0xb83dd31c72c2748c,
0x29413af7c043df20,
0x5c930c3540e8a344,
0x68c3e4a0027d7f9f,
0x9174127dc1e705,
]);
// T =
// 3445725192157866269698394841137828771239834456268075054756895080104811711121745868043841591644705843820432283876893306725580879560277123879674755849562650799475802549689254425186271815711798397975949850214984556421382456559534149
// (MODULUS - 1) / 2 ^ TWO_ADICITY
#[rustfmt::skip]
const T: BigInteger = BigInteger([
0x7a4e800000000045,
0xf3489f3438000041,
0x0b067c577578521b,
0x4c508b612b33d47c,
0x38ee69ee39f5ff97,
0x4344e476897cfec8,
0x81e75d7f92da1182,
0xb83dd31c72c2748c,
0x29413af7c043df20,
0x5c930c3540e8a344,
0x68c3e4a0027d7f9f,
0x9174127dc1e705,
]);
// (T - 1)/2 =
// 1722862596078933134849197420568914385619917228134037527378447540052405855560872934021920795822352921910216141938446653362790439780138561939837377924781325399737901274844627212593135907855899198987974925107492278210691228279767074
#[rustfmt::skip]
const T_MINUS_ONE_DIV_TWO: BigInteger = BigInteger([
0xbd27400000000022,
0xf9a44f9a1c000020,
0x05833e2bbabc290d,
0xa62845b09599ea3e,
0x1c7734f71cfaffcb,
0x21a2723b44be7f64,
0x40f3aebfc96d08c1,
0x5c1ee98e39613a46,
0x14a09d7be021ef90,
0xae49861aa07451a2,
0xb461f250013ebfcf,
0x48ba093ee0f382,
]);
}
#[derive(MontConfig)]
#[modulus = "6891450384315732539396789682275657542479668912536150109513790160209623422243491736087683183289411687640864567753786613451161759120554247759349511699125301598951605099378508850372543631423596795951899700429969112842764913119068299"]
#[generator = "2"]
pub struct FqConfig;
pub type Fq = Fp768<MontBackend<FqConfig, 12>>;

152
bw6_761/src/fields/fq3.rs
View File

@@ -1,42 +1,27 @@
use ark_ff::{
biginteger::BigInteger768 as BigInteger,
field_new,
fields::fp3::{Fp3, Fp3Parameters},
fields::fp3::{Fp3, Fp3Config},
Field, MontFp,
};
use crate::Fq;
pub type Fq3 = Fp3<Fq3Parameters>;
pub type Fq3 = Fp3<Fq3Config>;
pub struct Fq3Parameters;
pub struct Fq3Config;
impl Fp3Parameters for Fq3Parameters {
impl Fp3Config for Fq3Config {
type Fp = Fq;
/// NONRESIDUE = -4
// Fq3 = Fq[u]/u^3+4
#[rustfmt::skip]
const NONRESIDUE: Fq = field_new!(Fq, BigInteger([
0xe12e00000001e9c2,
0x63c1e3faa001cd69,
0xb1b4384fcbe29cf6,
0xc79630bc713d5a1d,
0x30127ac071851e2d,
0x0979f350dcd36af1,
0x6a66defed8b361f2,
0x53abac78b24d4e23,
0xb7ab89dede485a92,
0x5c3a0745675e8452,
0x446f17918c5f5700,
0xfdf24e3267fa1e,
]));
// Fq3 = Fq\[u\]/u^3+4
const NONRESIDUE: Fq = MontFp!("-4");
// (MODULUS^3 - 1) % 2^TWO_ADICITY == 0
const TWO_ADICITY: u32 = 1;
// (T-1)/2 with T = (MODULUS^3-1) / 2^TWO_ADICITY
#[rustfmt::skip]
const T_MINUS_ONE_DIV_TWO: &'static [u64] = &[
const TRACE_MINUS_ONE_DIV_TWO: &'static [u64] = &[
0xb5e7c000000a3eac,
0xf79b99dbf41cf4ab,
0xe9372b1919e55ee5,
@@ -76,125 +61,28 @@ impl Fp3Parameters for Fq3Parameters {
];
// NONRESIDUE^T % q
#[rustfmt::skip]
const QUADRATIC_NONRESIDUE_TO_T: (Fq, Fq, Fq) = (
field_new!(Fq, BigInteger([
0xf29a000000007ab6,
0x8c391832e000739b,
0x77738a6b6870f959,
0xbe36179047832b03,
0x84f3089e56574722,
0xc5a3614ac0b1d984,
0x5c81153f4906e9fe,
0x4d28be3a9f55c815,
0xd72c1d6f77d5f5c5,
0x73a18e069ac04458,
0xf9dfaa846595555f,
0xd0f0a60a5be58c,
])),
field_new!(Fq, BigInteger([0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0])),
field_new!(Fq, BigInteger([0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0])),
const QUADRATIC_NONRESIDUE_TO_T: Fq3 = Fq3::new(
MontFp!("6891450384315732539396789682275657542479668912536150109513790160209623422243491736087683183289411687640864567753786613451161759120554247759349511699125301598951605099378508850372543631423596795951899700429969112842764913119068298"),
Fq::ZERO,
Fq::ZERO,
);
// NQR ^ (MODULUS^i - 1)/3, i=0,1,2 with NQR = u = (0,1,0)
#[rustfmt::skip]
const FROBENIUS_COEFF_FP3_C1: &'static [Fq] = &[
field_new!(Fq, BigInteger([
0x0202ffffffff85d5,
0x5a5826358fff8ce7,
0x9e996e43827faade,
0xda6aff320ee47df4,
0xece9cb3e1d94b80b,
0xc0e667a25248240b,
0xa74da5bfdcad3905,
0x2352e7fe462f2103,
0x7b56588008b1c87c,
0x45848a63e711022f,
0xd7a81ebb9f65a9df,
0x51f77ef127e87d,
])),
field_new!(Fq, BigInteger([
0x7f96b51bd840c549,
0xd59782096496171f,
0x49b046fd9ce14bbc,
0x4b6163bba7527a56,
0xef6c92fb771d59f1,
0x0425bedbac1dfdc7,
0xd3ac39de759c0ffd,
0x9f43ed0e063a81d0,
0x5bd7d20b4f9a3ce2,
0x0411f03c36cf5c3c,
0x2d658fd49661c472,
0x1100249ae760b93,
])),
field_new!(Fq, BigInteger([
0x67a04ae427bfb5f8,
0x9d32d491eb6a5cff,
0x43d03c1cb68051d4,
0x0b75ca96f69859a5,
0x0763497f5325ec60,
0x48076b5c278dd94d,
0x8ca3965ff91efd06,
0x1e6077657ea02f5d,
0xcdd6c153a8c37724,
0x28b5b634e5c22ea4,
0x9e01e3efd42e902c,
0xe3d6815769a804,
])),
Fq::ONE,
MontFp!("4922464560225523242118178942575080391082002530232324381063048548642823052024664478336818169867474395270858391911405337707247735739826664939444490469542109391530482826728203582549674992333383150446779312029624171857054392282775648"),
MontFp!("1968985824090209297278610739700577151397666382303825728450741611566800370218827257750865013421937292370006175842381275743914023380727582819905021229583192207421122272650305267822868639090213645505120388400344940985710520836292650"),
];
// NQR ^ (2*MODULUS^i - 2)/3, i=0,1,2 with NQR = u = (0,1,0)
#[rustfmt::skip]
const FROBENIUS_COEFF_FP3_C2: &'static [Fq] = &[
field_new!(Fq, BigInteger([
0x0202ffffffff85d5,
0x5a5826358fff8ce7,
0x9e996e43827faade,
0xda6aff320ee47df4,
0xece9cb3e1d94b80b,
0xc0e667a25248240b,
0xa74da5bfdcad3905,
0x2352e7fe462f2103,
0x7b56588008b1c87c,
0x45848a63e711022f,
0xd7a81ebb9f65a9df,
0x51f77ef127e87d,
])),
field_new!(Fq, BigInteger([
0x67a04ae427bfb5f8,
0x9d32d491eb6a5cff,
0x43d03c1cb68051d4,
0x0b75ca96f69859a5,
0x0763497f5325ec60,
0x48076b5c278dd94d,
0x8ca3965ff91efd06,
0x1e6077657ea02f5d,
0xcdd6c153a8c37724,
0x28b5b634e5c22ea4,
0x9e01e3efd42e902c,
0xe3d6815769a804,
])),
field_new!(Fq, BigInteger([
0x7f96b51bd840c549,
0xd59782096496171f,
0x49b046fd9ce14bbc,
0x4b6163bba7527a56,
0xef6c92fb771d59f1,
0x0425bedbac1dfdc7,
0xd3ac39de759c0ffd,
0x9f43ed0e063a81d0,
0x5bd7d20b4f9a3ce2,
0x0411f03c36cf5c3c,
0x2d658fd49661c472,
0x1100249ae760b93,
])),
Fq::ONE,
MontFp!("1968985824090209297278610739700577151397666382303825728450741611566800370218827257750865013421937292370006175842381275743914023380727582819905021229583192207421122272650305267822868639090213645505120388400344940985710520836292650"),
MontFp!("4922464560225523242118178942575080391082002530232324381063048548642823052024664478336818169867474395270858391911405337707247735739826664939444490469542109391530482826728203582549674992333383150446779312029624171857054392282775648"),
];
#[inline(always)]
fn mul_fp_by_nonresidue(fe: &Self::Fp) -> Self::Fp {
let original = -(*fe);
let double = original + &original;
double + &double
fn mul_fp_by_nonresidue_in_place(fe: &mut Self::Fp) -> &mut Self::Fp {
fe.double_in_place().double_in_place().neg_in_place()
}
}

110
bw6_761/src/fields/fq6.rs
View File

@@ -1,106 +1,26 @@
use crate::{Fq, Fq3, Fq3Parameters, FQ_ONE, FQ_ZERO};
use ark_ff::{
biginteger::BigInteger768 as BigInteger,
field_new,
fields::fp6_2over3::{Fp6, Fp6Parameters},
fields::fp6_2over3::{Fp6, Fp6Config},
Field, MontFp,
};
pub type Fq6 = Fp6<Fq6Parameters>;
use crate::{Fq, Fq3, Fq3Config};
pub struct Fq6Parameters;
pub type Fq6 = Fp6<Fq6Config>;
impl Fp6Parameters for Fq6Parameters {
type Fp3Params = Fq3Parameters;
pub struct Fq6Config;
impl Fp6Config for Fq6Config {
type Fp3Config = Fq3Config;
/// NONRESIDUE = (0, 1, 0)
#[rustfmt::skip]
const NONRESIDUE: Fq3 = field_new!(Fq3, FQ_ZERO, FQ_ONE, FQ_ZERO);
const NONRESIDUE: Fq3 = Fq3::new(Fq::ZERO, Fq::ONE, Fq::ZERO);
#[rustfmt::skip]
const FROBENIUS_COEFF_FP6_C1: &'static [Fq] = &[
field_new!(Fq, BigInteger([
0x0202ffffffff85d5,
0x5a5826358fff8ce7,
0x9e996e43827faade,
0xda6aff320ee47df4,
0xece9cb3e1d94b80b,
0xc0e667a25248240b,
0xa74da5bfdcad3905,
0x2352e7fe462f2103,
0x7b56588008b1c87c,
0x45848a63e711022f,
0xd7a81ebb9f65a9df,
0x51f77ef127e87d,
])),
field_new!(Fq, BigInteger([
0x8cfcb51bd8404a93,
0x495e69d68495a383,
0xd23cbc9234705263,
0x8d2b4c2b5fcf4f52,
0x6a798a5d20c612ce,
0x3e825d90eb6c2443,
0x772b249f2c9525fe,
0x521b2ed366e4b9bb,
0x84abb49bd7c4471d,
0x907062359c0f17e3,
0x3385e55030cc6f12,
0x3f11a3a41a2606,
])),
field_new!(Fq, BigInteger([
0x7f96b51bd840c549,
0xd59782096496171f,
0x49b046fd9ce14bbc,
0x4b6163bba7527a56,
0xef6c92fb771d59f1,
0x0425bedbac1dfdc7,
0xd3ac39de759c0ffd,
0x9f43ed0e063a81d0,
0x5bd7d20b4f9a3ce2,
0x0411f03c36cf5c3c,
0x2d658fd49661c472,
0x1100249ae760b93,
])),
field_new!(Fq, BigInteger([
0xf29a000000007ab6,
0x8c391832e000739b,
0x77738a6b6870f959,
0xbe36179047832b03,
0x84f3089e56574722,
0xc5a3614ac0b1d984,
0x5c81153f4906e9fe,
0x4d28be3a9f55c815,
0xd72c1d6f77d5f5c5,
0x73a18e069ac04458,
0xf9dfaa846595555f,
0xd0f0a60a5be58c,
])),
field_new!(Fq, BigInteger([
0x67a04ae427bfb5f8,
0x9d32d491eb6a5cff,
0x43d03c1cb68051d4,
0x0b75ca96f69859a5,
0x0763497f5325ec60,
0x48076b5c278dd94d,
0x8ca3965ff91efd06,
0x1e6077657ea02f5d,
0xcdd6c153a8c37724,
0x28b5b634e5c22ea4,
0x9e01e3efd42e902c,
0xe3d6815769a804,
])),
field_new!(Fq, BigInteger([
0x75064ae427bf3b42,
0x10f9bc5f0b69e963,
0xcc5cb1b14e0f587b,
0x4d3fb306af152ea1,
0x827040e0fccea53d,
0x82640a1166dbffc8,
0x30228120b0181307,
0xd137b92adf4a6748,
0xf6aaa3e430ed815e,
0xb514282e4b01ea4b,
0xa422396b6e993acc,
0x12e5db4d0dc277,
])),
Fq::ONE,
MontFp!("4922464560225523242118178942575080391082002530232324381063048548642823052024664478336818169867474395270858391911405337707247735739826664939444490469542109391530482826728203582549674992333383150446779312029624171857054392282775649"),
MontFp!("4922464560225523242118178942575080391082002530232324381063048548642823052024664478336818169867474395270858391911405337707247735739826664939444490469542109391530482826728203582549674992333383150446779312029624171857054392282775648"),
MontFp!("-1"),
MontFp!("1968985824090209297278610739700577151397666382303825728450741611566800370218827257750865013421937292370006175842381275743914023380727582819905021229583192207421122272650305267822868639090213645505120388400344940985710520836292650"),
MontFp!("1968985824090209297278610739700577151397666382303825728450741611566800370218827257750865013421937292370006175842381275743914023380727582819905021229583192207421122272650305267822868639090213645505120388400344940985710520836292651"),
];
}

2
bw6_761/src/fields/fr.rs
View File

@@ -1 +1 @@
pub use ark_bls12_377::{Fq as Fr, FqParameters as FrParameters};
pub use ark_bls12_377::{Fq as Fr, FqConfig as FrConfig};

54
bw6_761/src/fields/tests.rs
View File

@@ -1,51 +1,7 @@
use ark_ff::{test_rng, Field, PrimeField};
use ark_serialize::{buffer_bit_byte_size, CanonicalSerialize};
use rand::Rng;
use crate::*;
use ark_algebra_test_templates::*;
use ark_curve_tests::fields::*;
#[test]
fn test_fr() {
let mut rng = test_rng();
let a: Fr = rng.gen();
let b: Fr = rng.gen();
field_test(a, b);
sqrt_field_test(a);
primefield_test::<Fr>();
}
#[test]
fn test_fq() {
let mut rng = test_rng();
let a: Fq = rng.gen();
let b: Fq = rng.gen();
field_test(a, b);
primefield_test::<Fq>();
sqrt_field_test(a);
let byte_size = a.serialized_size();
let (_, buffer_size) = buffer_bit_byte_size(Fq::size_in_bits());
assert_eq!(byte_size, buffer_size);
field_serialization_test::<Fq>(byte_size);
}
#[test]
fn test_fq3() {
let mut rng = test_rng();
let a: Fq3 = rng.gen();
let b: Fq3 = rng.gen();
field_test(a, b);
sqrt_field_test(a);
frobenius_test::<Fq3, _>(Fq::characteristic(), 13);
}
#[test]
fn test_fq6() {
let mut rng = test_rng();
let a: Fq6 = rng.gen();
let b: Fq6 = rng.gen();
field_test(a, b);
frobenius_test::<Fq6, _>(Fq::characteristic(), 13);
}
test_field!(fr; Fr; mont_prime_field);
test_field!(fq; Fq; mont_prime_field);
test_field!(fq3; Fq3);
test_field!(fq6; Fq6);

9
bw6_761/src/lib.rs Normal file → Executable file
View File

@@ -8,10 +8,11 @@
)]
#![forbid(unsafe_code)]
//! This library implements the BW6_761 curve generated in [[EG20]](https://eprint.iacr.org/2020/351).
//! The name denotes that it is a curve generated using the Brezing--Weng method, and that
//! its embedding degree is 6.
//! The main feature of this curve is that the scalar field equals the base field of the BLS12_377 curve.
//! This library implements the BW6_761 curve generated in [\[EG20\]](https://eprint.iacr.org/2020/351).
//! The name denotes that it is a curve generated using the Brezing--Weng
//! method, and that its embedding degree is 6.
//! The main feature of this curve is that the scalar field equals the base
//! field of the BLS12_377 curve.
//!
//! Curve information:
//! * Base field: q = 6891450384315732539396789682275657542479668912536150109513790160209623422243491736087683183289411687640864567753786613451161759120554247759349511699125301598951605099378508850372543631423596795951899700429969112842764913119068299

31
cp6_782/Cargo.toml
View File

@@ -1,29 +1,34 @@
[package]
name = "ark-cp6-782"
version = "0.1.0"
version = "0.4.0-alpha.2"
authors = [ "arkworks contributors" ]
description = "The CP6-782 pairing-friendly elliptic curve"
homepage = "https://arworks.rs"
repository = "https://github.com/arkworks/algebra"
homepage = "https://arkworks.rs"
repository = "https://github.com/arkworks-rs/curves"
documentation = "https://docs.rs/ark-cp6-782/"
keywords = ["cryptography", "finite fields", "elliptic curves" ]
keywords = ["cryptography", "finite-fields", "elliptic-curves" ]
categories = ["cryptography"]
include = ["Cargo.toml", "src", "README.md", "LICENSE-APACHE", "LICENSE-MIT"]
license = "MIT/Apache-2.0"
edition = "2018"
edition = "2021"
[dependencies]
ark-ff = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-ec = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-std = { git = "https://github.com/arkworks-rs/utils", default-features = false }
ark-bls12-377 = { path = "../bls12_377", default-features = false, features = [ "base_field" ] }
ark-ff = { version = "0.4.0-alpha", default-features = false }
ark-ec = { version = "0.4.0-alpha", default-features = false }
ark-std = { version = "0.4.0-alpha", default-features = false }
ark-bls12-377 = { version = "0.4.0-alpha", path = "../bls12_377", default-features = false, features = [ "base_field" ] }
itertools = { version = "0.10", default-features = false }
ark-serialize = { version = "0.4.0-alpha", default-features = false }
[dev-dependencies]
ark-serialize = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-curve-tests = { path = "../curve-tests", default-features = false }
rand = { version = "0.7", default-features = false }
rand_xorshift = "0.2"
ark-algebra-test-templates = { version = "0.4.0-alpha", default-features = false }
ark-algebra-bench-templates = { version = "0.4.0-alpha", default-features = false }
[features]
default = []
std = [ "ark-std/std", "ark-ff/std", "ark-ec/std", "ark-bls12-377/std" ]
[[bench]]
name = "cp6_782"
path = "benches/cp6_782.rs"
harness = false

0
curve-tests/LICENSE-APACHE → cp6_782/LICENSE-APACHE
View File

0
curve-tests/LICENSE-MIT → cp6_782/LICENSE-MIT
View File

15
cp6_782/benches/cp6_782.rs Normal file
View File

@@ -0,0 +1,15 @@
use ark_algebra_bench_templates::*;
use ark_cp6_782::{
fq::Fq, fq3::Fq3, fq6::Fq6, fr::Fr, g1::G1Projective as G1, g2::G2Projective as G2, CP6_782,
};
bench!(
Name = "CP6_782",
Pairing = CP6_782,
G1 = G1,
G2 = G2,
ScalarField = Fr,
G1BaseField = Fq,
G2BaseField = Fq3,
TargetField = Fq6,
);

28
cp6_782/scripts/base_field.sage Normal file
View File

@@ -0,0 +1,28 @@
modulus = 22369874298875696930346742206501054934775599465297184582183496627646774052458024540232479018147881220178054575403841904557897715222633333372134756426301062487682326574958588001132586331462553235407484089304633076250782629492557320825577
assert(modulus.is_prime())
Fp = GF(modulus)
generator = Fp(0);
for i in range(0, 20):
i = Fp(i);
neg_i = Fp(-i)
if not(i.is_primitive_root() or neg_i.is_primitive_root()):
continue
elif i.is_primitive_root():
assert(i.is_primitive_root());
print("Generator: %d" % i)
generator = i
break
else:
assert(neg_i.is_primitive_root());
print("Generator: %d" % neg_i)
generator = neg_i
break
two_adicity = valuation(modulus - 1, 2);
trace = (modulus - 1) / 2**two_adicity;
two_adic_root_of_unity = generator^trace
print("2-adic Root of Unity: %d " % two_adic_root_of_unity)

28
cp6_782/scripts/scalar_field.sage Normal file
View File

@@ -0,0 +1,28 @@
modulus = 258664426012969094010652733694893533536393512754914660539884262666720468348340822774968888139573360124440321458177
assert(modulus.is_prime())
Fp = GF(modulus)
generator = Fp(0);
for i in range(0, 20):
i = Fp(i);
neg_i = Fp(-i)
if not(i.is_primitive_root() or neg_i.is_primitive_root()):
continue
elif i.is_primitive_root():
assert(i.is_primitive_root());
print("Generator: %d" % i)
generator = i
break
else:
assert(neg_i.is_primitive_root());
print("Generator: %d" % neg_i)
generator = neg_i
break
two_adicity = valuation(modulus - 1, 2);
trace = (modulus - 1) / 2**two_adicity;
two_adic_root_of_unity = generator^trace
print("2-adic Root of Unity: %d " % two_adic_root_of_unity)

152
cp6_782/src/curves/g1.rs
View File

@@ -1,61 +1,62 @@
use ark_ec::{
models::{ModelParameters, SWModelParameters},
short_weierstrass_jacobian::{GroupAffine, GroupProjective},
};
use ark_ff::{
biginteger::{BigInteger384, BigInteger832},
field_new,
models::{short_weierstrass::SWCurveConfig, CurveConfig},
short_weierstrass::{Affine, Projective},
AffineRepr, CurveGroup,
};
use ark_ff::MontFp;
use ark_serialize::{CanonicalDeserialize, CanonicalSerialize};
use ark_std::vec::Vec;
use crate::{Fq, Fr};
pub type G1Affine = GroupAffine<Parameters>;
pub type G1Projective = GroupProjective<Parameters>;
pub type G1Affine = Affine<Config>;
pub type G1Projective = Projective<Config>;
#[derive(Clone, Default, PartialEq, Eq)]
pub struct Parameters;
#[derive(Clone, Debug, PartialEq, Eq, CanonicalSerialize, CanonicalDeserialize)]
pub struct G1Prepared(pub G1Affine);
impl ModelParameters for Parameters {
type BaseField = Fq;
type ScalarField = Fr;
impl From<G1Affine> for G1Prepared {
fn from(other: G1Affine) -> Self {
G1Prepared(other)
}
}
impl SWModelParameters for Parameters {
/// COEFF_A = 5
#[rustfmt::skip]
const COEFF_A: Fq = field_new!(Fq, BigInteger832([
0x781c76643018bd7a,
0x64f3a5a4f1d1ad48,
0xd2f8a1eb4f72692d,
0xc35eb123c6ed72ca,
0xb58d6bcfd32de058,
0x841eab13b02a492c,
0x4b70dc5a54c487e7,
0x2f231a8808a74c59,
0x5e2915154d70b050,
0x8a40fa16f37a6b37,
0xd01980093a72c54b,
0xef6845c25398004c,
0x48,
]));
impl From<G1Projective> for G1Prepared {
fn from(q: G1Projective) -> Self {
q.into_affine().into()
}
}
/// COEFF_B = 17764315118651679038286329069295091506801468118146712649886336045535808055361274148466772191243305528312843236347777260247138934336850548243151534538734724191505953341403463040067571652261229308333392040104884438208594329793895206056414
#[rustfmt::skip]
const COEFF_B: Fq = field_new!(Fq, BigInteger832([
0xec5bd271ad37429,
0x9db8ac843ecca28a,
0x94f29bcb7e01bc74,
0x1b0bebb77bb5af0,
0x75b8cef4aa27ee17,
0xb5767ae80812cf6b,
0x592fa41e377a0d8c,
0xb6c6deedbb52df3e,
0xcb1343e488737fd4,
0x878020734d05b5a9,
0x2f51354eddfa069a,
0x498e2ecdc545243e,
0x2c2,
]));
impl<'a> From<&'a G1Affine> for G1Prepared {
fn from(other: &'a G1Affine) -> Self {
G1Prepared(*other)
}
}
impl<'a> From<&'a G1Projective> for G1Prepared {
fn from(q: &'a G1Projective) -> Self {
q.into_affine().into()
}
}
impl G1Prepared {
pub fn is_zero(&self) -> bool {
self.0.is_zero()
}
}
impl Default for G1Prepared {
fn default() -> Self {
G1Prepared(G1Affine::generator())
}
}
#[derive(Clone, Default, PartialEq, Eq)]
pub struct Config;
impl CurveConfig for Config {
type BaseField = Fq;
type ScalarField = Fr;
/// COFACTOR =
/// 86482221941698704497288378992285180119495364068003923046442785886272123124361700722982503222189455144364945735564951561028
@@ -72,55 +73,24 @@ impl SWModelParameters for Parameters {
/// COFACTOR^(-1) mod r =
/// 163276846538158998893990986356139314746223949404500031940624325017036397274793417940375498603127780919653358641788
#[rustfmt::skip]
const COFACTOR_INV: Fr = field_new!(Fr, BigInteger384([
4179837108212676264,
15545810469293120493,
13202863094424182470,
9506285060796071546,
9248558385029790142,
87030208545296111,
]));
const COFACTOR_INV: Fr = MontFp!("163276846538158998893990986356139314746223949404500031940624325017036397274793417940375498603127780919653358641788");
}
impl SWCurveConfig for Config {
/// COEFF_A = 5
const COEFF_A: Fq = MontFp!("5");
/// COEFF_B = 17764315118651679038286329069295091506801468118146712649886336045535808055361274148466772191243305528312843236347777260247138934336850548243151534538734724191505953341403463040067571652261229308333392040104884438208594329793895206056414
const COEFF_B: Fq = MontFp!("17764315118651679038286329069295091506801468118146712649886336045535808055361274148466772191243305528312843236347777260247138934336850548243151534538734724191505953341403463040067571652261229308333392040104884438208594329793895206056414");
/// AFFINE_GENERATOR_COEFFS = (G1_GENERATOR_X, G1_GENERATOR_Y)
const AFFINE_GENERATOR_COEFFS: (Self::BaseField, Self::BaseField) =
(G1_GENERATOR_X, G1_GENERATOR_Y);
const GENERATOR: G1Affine = G1Affine::new_unchecked(G1_GENERATOR_X, G1_GENERATOR_Y);
}
/// G1_GENERATOR_X =
/// 5511163824921585887915590525772884263960974614921003940645351443740084257508990841338974915037175497689287870585840954231884082785026301437744745393958283053278991955159266640440849940136976927372133743626748847559939620888818486853646
#[rustfmt::skip]
pub const G1_GENERATOR_X: Fq = field_new!(Fq, BigInteger832([
0x5901480e5bc22290,
0x20024afcdb9bd3a9,
0x12dc18ff416e8138,
0x28c69aa0ea223e18,
0xafb1524a1eb7efe6,
0x3d5c34edc3764ca2,
0x736c2230c8466ce9,
0xacfaa04e051014f1,
0x5d5ff82f00ff2964,
0x64c13ba270a26eaf,
0x50e9864b56ab172e,
0xd8370826a322499e,
0x00000000000006f1,
]));
pub const G1_GENERATOR_X: Fq = MontFp!("5511163824921585887915590525772884263960974614921003940645351443740084257508990841338974915037175497689287870585840954231884082785026301437744745393958283053278991955159266640440849940136976927372133743626748847559939620888818486853646");
/// G1_GENERATOR_Y =
/// 7913123550914612057135582061699117755797758113868200992327595317370485234417808273674357776714522052694559358668442301647906991623400754234679697332299689255516547752391831738454121261248793568285885897998257357202903170202349380518443
#[rustfmt::skip]
pub const G1_GENERATOR_Y: Fq = field_new!(Fq, BigInteger832([
0x8af8b64b402e1953,
0xd1bbceb3a258ea51,
0xdca9efa3140aaa0d,
0x807a610058ddedb2,
0xeb898562fe88076c,
0x0e4342ca56dd8ce2,
0x4f5528d29f1bde9a,
0xf18b0c6c19feb372,
0x94503ac2fac9199c,
0xffc86a8aff08ea34,
0xf7b1295214735d8c,
0x44eda9e0f55edd10,
0x0000000000000ef3,
]));
pub const G1_GENERATOR_Y: Fq = MontFp!("7913123550914612057135582061699117755797758113868200992327595317370485234417808273674357776714522052694559358668442301647906991623400754234679697332299689255516547752391831738454121261248793568285885897998257357202903170202349380518443");

248
cp6_782/src/curves/g2.rs
View File

@@ -1,71 +1,62 @@
use ark_ec::{
models::{ModelParameters, SWModelParameters},
short_weierstrass_jacobian::{GroupAffine, GroupProjective},
};
use ark_ff::{
biginteger::{BigInteger384, BigInteger832},
field_new,
models::CurveConfig,
short_weierstrass::{Affine, Projective, SWCurveConfig},
AffineRepr, CurveGroup,
};
use ark_ff::{Field, MontFp};
use ark_serialize::{CanonicalDeserialize, CanonicalSerialize};
use ark_std::vec::Vec;
use crate::{Fq, Fq3, Fr, FQ_ZERO};
use crate::{Fq, Fq3, Fr};
pub type G2Affine = GroupAffine<Parameters>;
pub type G2Projective = GroupProjective<Parameters>;
pub type G2Affine = Affine<Config>;
pub type G2Projective = Projective<Config>;
#[derive(Clone, Default, PartialEq, Eq)]
pub struct Parameters;
#[derive(Clone, Debug, PartialEq, Eq, CanonicalSerialize, CanonicalDeserialize)]
pub struct G2Prepared(pub G2Affine);
impl ModelParameters for Parameters {
type BaseField = Fq3;
type ScalarField = Fr;
impl From<G2Affine> for G2Prepared {
fn from(other: G2Affine) -> Self {
G2Prepared(other)
}
}
impl SWModelParameters for Parameters {
/// COEFF_A = (0, 0, COEFF_A * TWIST^2) = (0, 0, 5)
#[rustfmt::skip]
const COEFF_A: Fq3 = field_new!(Fq3,
FQ_ZERO,
FQ_ZERO,
field_new!(Fq, BigInteger832([
0x781c76643018bd7a,
0x64f3a5a4f1d1ad48,
0xd2f8a1eb4f72692d,
0xc35eb123c6ed72ca,
0xb58d6bcfd32de058,
0x841eab13b02a492c,
0x4b70dc5a54c487e7,
0x2f231a8808a74c59,
0x5e2915154d70b050,
0x8a40fa16f37a6b37,
0xd01980093a72c54b,
0xef6845c25398004c,
0x48,
])),
);
impl From<G2Projective> for G2Prepared {
fn from(q: G2Projective) -> Self {
q.into_affine().into()
}
}
/// COEFF_B = (G1::COEFF_B * TWIST^3, 0, 0) =
/// (7237353553714858194254855835825640240663090882935418626687402315497764195116318527743248304684159666286416318482685337633828994152723793439622384740540789612754127688659139509552568164770448654259255628317166934203899992395064470477612,
/// 0, 0)
#[rustfmt::skip]
const COEFF_B: Fq3 = field_new!(Fq3,
field_new!(Fq, BigInteger832([
0xc00a9afc5cbce615,
0x0260c2b730644102,
0x9051e955661691ec,
0x15f9af8514839e37,
0xfa62826ca407172b,
0x37043dc868f48874,
0x876b5588d132b025,
0x481952128335562a,
0x4ffa729aeddd7dcd,
0xe181a5dae94a399f,
0x671fb50145b255d8,
0xbc3860730482d728,
0x00000000000023dd,
])),
FQ_ZERO,
FQ_ZERO,
);
impl<'a> From<&'a G2Affine> for G2Prepared {
fn from(other: &'a G2Affine) -> Self {
G2Prepared(*other)
}
}
impl<'a> From<&'a G2Projective> for G2Prepared {
fn from(q: &'a G2Projective) -> Self {
q.into_affine().into()
}
}
impl G2Prepared {
pub fn is_zero(&self) -> bool {
self.0.is_zero()
}
}
impl Default for G2Prepared {
fn default() -> Self {
G2Prepared(G2Affine::generator())
}
}
#[derive(Clone, Default, PartialEq, Eq)]
pub struct Config;
impl CurveConfig for Config {
type BaseField = Fq3;
type ScalarField = Fr;
/// COFACTOR =
/// 43276679045916726782882096851503554444292580777869919574700824986947162516693702667493938255647666346010819253090121562084993205202476199057555142869892665220155573207800985012241638987472334344174208389303164492698303448192856551557283997344470334833850065978668184377503856699635686872344035470027430053642178229054516302338812152178131995800255516474185251732445975837621097393375441662426280154371264547168198834382681059556891327702516519955053315674076980350109237328216856859758931256208439575383786363605925879337208599843910819433766160937121108797819223653884174994325142959644019600
@@ -106,136 +97,49 @@ impl SWModelParameters for Parameters {
/// COFACTOR^(-1) mod r =
/// 45586359457219724873147353901735745013467692594291916855200979604570630929674383405372210802279573887880950375598
#[rustfmt::skip]
const COFACTOR_INV: Fr = field_new!(Fr, BigInteger384([
7373687189387546408,
11284009518041539892,
301575489693670883,
13203058298476577559,
18441611830097862156,
4115759498196698,
]));
/// AFFINE_GENERATOR_COEFFS = (G2_GENERATOR_X, G2_GENERATOR_Y)
const AFFINE_GENERATOR_COEFFS: (Self::BaseField, Self::BaseField) =
(G2_GENERATOR_X, G2_GENERATOR_Y);
const COFACTOR_INV: Fr = MontFp!("45586359457219724873147353901735745013467692594291916855200979604570630929674383405372210802279573887880950375598");
}
const G2_GENERATOR_X: Fq3 =
field_new!(Fq3, G2_GENERATOR_X_C0, G2_GENERATOR_X_C1, G2_GENERATOR_X_C2);
const G2_GENERATOR_Y: Fq3 =
field_new!(Fq3, G2_GENERATOR_Y_C0, G2_GENERATOR_Y_C1, G2_GENERATOR_Y_C2);
impl SWCurveConfig for Config {
/// COEFF_A = (0, 0, COEFF_A * TWIST^2) = (0, 0, 5)
const COEFF_A: Fq3 = Fq3::new(Fq::ZERO, Fq::ZERO, MontFp!("5"));
/// COEFF_B = (G1::COEFF_B * TWIST^3, 0, 0) =
/// (7237353553714858194254855835825640240663090882935418626687402315497764195116318527743248304684159666286416318482685337633828994152723793439622384740540789612754127688659139509552568164770448654259255628317166934203899992395064470477612,
/// 0, 0)
const COEFF_B: Fq3 = Fq3::new(
MontFp!("7237353553714858194254855835825640240663090882935418626687402315497764195116318527743248304684159666286416318482685337633828994152723793439622384740540789612754127688659139509552568164770448654259255628317166934203899992395064470477612"),
Fq::ZERO,
Fq::ZERO,
);
/// AFFINE_GENERATOR_COEFFS = (G2_GENERATOR_X, G2_GENERATOR_Y)
const GENERATOR: G2Affine = G2Affine::new_unchecked(G2_GENERATOR_X, G2_GENERATOR_Y);
}
const G2_GENERATOR_X: Fq3 = Fq3::new(G2_GENERATOR_X_C0, G2_GENERATOR_X_C1, G2_GENERATOR_X_C2);
const G2_GENERATOR_Y: Fq3 = Fq3::new(G2_GENERATOR_Y_C0, G2_GENERATOR_Y_C1, G2_GENERATOR_Y_C2);
/// G2_GENERATOR_X_C0 =
/// 13426761183630949215425595811885033211332897733228446437546263564078445562454176776915160094418980045665397361295624472103734543457352048745726512354895954850428989867542989474136256025045975283415690491751906307188562464175510373683338
#[rustfmt::skip]
pub const G2_GENERATOR_X_C0: Fq = field_new!(Fq, BigInteger832([
0x03b3fe4c8d4ecac7,
0x9568212677524d1e,
0xf5de3f2228d187c1,
0x7bac772e31a420ef,
0x0255cf59968a612b,
0x991d4676f6b5d605,
0x02dd2ae4831d29ea,
0xbeca7c9a62e392c2,
0xfc1d0633d48d2fc5,
0x7867813be5f7d2a1,
0x6f567b6617030028,
0xf08c9fa6ca6809df,
0x0000000000000de9,
]));
pub const G2_GENERATOR_X_C0: Fq = MontFp!("13426761183630949215425595811885033211332897733228446437546263564078445562454176776915160094418980045665397361295624472103734543457352048745726512354895954850428989867542989474136256025045975283415690491751906307188562464175510373683338");
/// G2_GENERATOR_X_C1 =
/// 20471601555918880743198170952645906008198510944268658573129351735028343217532386920456705632337352161031960990613816401042894531220068552819818037605513359562118363589199569321421558696125646867661360498323171027455638052943806292028610
#[rustfmt::skip]
pub const G2_GENERATOR_X_C1: Fq = field_new!(Fq, BigInteger832([
0xefd1b506e5fbe05f,
0xad27d47a4975140c,
0xfa11540132dbc27a,
0x8dca42b6da7c4717,
0x66d30fd7fd76207a,
0xb8e4f65c68932b1d,
0x3b7f971e93ad14be,
0xf860a89f4e582f9f,
0x7d438aaa3986f73b,
0xa37ec0c18c6e106a,
0x9f2dfb98b5185b54,
0x19995e421ca939bc,
0x0000000000002f4f,
]));
pub const G2_GENERATOR_X_C1: Fq = MontFp!("20471601555918880743198170952645906008198510944268658573129351735028343217532386920456705632337352161031960990613816401042894531220068552819818037605513359562118363589199569321421558696125646867661360498323171027455638052943806292028610");
/// G2_GENERATOR_X_C2 =
/// 3905053196875761830053608605277158152930144841844497593936739534395003062685449846381431331169369910535935138116320442345524758217411779027270883193856999691582831339845600938304719916501940381093815781408183227875600753651697934495980
#[rustfmt::skip]
pub const G2_GENERATOR_X_C2: Fq = field_new!(Fq, BigInteger832([
0xc081ed832bdf911e,
0xb85ff7aeebdfe7b3,
0x96dce6bb307b14eb,
0x578f7ded84bd824c,
0xb799305a9971d184,
0x0116ad33c2874b90,
0x862dce68efdca245,
0x4190947c70534c1d,
0x1b1aa80334248d03,
0xb13b07aff63fcf27,
0x5727687b73ab4fff,
0xf559a7f4eb8d180a,
0x0000000000002d37,
]));
pub const G2_GENERATOR_X_C2: Fq = MontFp!("3905053196875761830053608605277158152930144841844497593936739534395003062685449846381431331169369910535935138116320442345524758217411779027270883193856999691582831339845600938304719916501940381093815781408183227875600753651697934495980");
/// G2_GENERATOR_Y_C0 =
/// 8567517639523571619872938228644013584947463594196306323477160496987712111576624702939472765993995586889532559039169098780892505598589581147768095093536988446010255611523736706017580686335404469207486594272103717837888228343074699140243
#[rustfmt::skip]
pub const G2_GENERATOR_Y_C0: Fq = field_new!(Fq, BigInteger832([
0x3f680b59e26b33d1,
0x720fdf65b9e15b17,
0x0f0b56def11247b1,
0x5ea05417c8a4a52c,
0x4ad59dc4f7c47a09,
0xf393e0db62107115,
0xde3b16404a53d2bb,
0xeaa74961636280e0,
0x2d16ccd14cf5a88c,
0x5667565a06187d0e,
0xb446fdc7565d0261,
0xd3ad395d6fd0faab,
0x0000000000000655,
]));
pub const G2_GENERATOR_Y_C0: Fq = MontFp!("8567517639523571619872938228644013584947463594196306323477160496987712111576624702939472765993995586889532559039169098780892505598589581147768095093536988446010255611523736706017580686335404469207486594272103717837888228343074699140243");
/// G2_GENERATOR_Y_C1 =
/// 3890537069205870914984502594450293167889863914413852788876350245583932846980126025043974070704295857226211547108005650399870458089721518559480870503159804530091559886149680718531004778697982910253701559194337987238111062202037698927752
#[rustfmt::skip]
pub const G2_GENERATOR_Y_C1: Fq = field_new!(Fq, BigInteger832([
0x9e86cc63207679dd,
0x4e16d9a9d87c3e47,
0xdbee3524db80627d,
0x137322b87d93befc,
0x24a7ca2f9aae90a0,
0x44abea538df3e854,
0xc01d176c6e042eee,
0xf5fcc4caabc75699,
0x1f99972699a38960,
0x30d4cc8256bf963d,
0xa3634826edcfefff,
0x34f3bd0c8e5a4b38,
0x0000000000001d28,
]));
pub const G2_GENERATOR_Y_C1: Fq = MontFp!("3890537069205870914984502594450293167889863914413852788876350245583932846980126025043974070704295857226211547108005650399870458089721518559480870503159804530091559886149680718531004778697982910253701559194337987238111062202037698927752");
/// G2_GENERATOR_Y_C2 =
/// 10936269922612615564271188303104593362724754284143779051599749016735041389483971486958818324356025479751246744831831158558101688599198721653921723013062333636402617118847009085485166284126970598561393411916461254016145116183331671450721
#[rustfmt::skip]
pub const G2_GENERATOR_Y_C2: Fq = field_new!(Fq, BigInteger832([
0xfc478105dedf3654,
0xa6fcfcfdd2710d6a,
0x05a68c283d5d4c65,
0x9fab8d94c667a679,
0x009b0a616ea54ff9,
0xf0df517bc7bc6382,
0xdb44338e7491f5b7,
0xcd192a7e53453f45,
0xa041a7a60982d92c,
0x4dd01c62bae4c7ff,
0x79a69a54e6b66178,
0xd47b0bfe832b05f8,
0x00000000000000ef,
]));
pub const G2_GENERATOR_Y_C2: Fq = MontFp!("10936269922612615564271188303104593362724754284143779051599749016735041389483971486958818324356025479751246744831831158558101688599198721653921723013062333636402617118847009085485166284126970598561393411916461254016145116183331671450721");

91
cp6_782/src/curves/mod.rs
View File

@@ -1,18 +1,19 @@
use ark_ec::{models::SWModelParameters, PairingEngine};
use ark_ff::{
biginteger::BigInteger832,
field_new,
fields::{BitIteratorBE, Field, FpParameters},
One,
use ark_ec::{
models::short_weierstrass::SWCurveConfig,
pairing::{MillerLoopOutput, Pairing, PairingOutput},
};
use ark_ff::{
biginteger::BigInteger832, BigInt, BitIteratorBE, CyclotomicMultSubgroup, Field, One,
};
use itertools::Itertools;
use crate::{Fq, Fq3, Fq6, FqParameters, Fr};
use crate::{Fq, Fq3, Fq6, Fr};
pub mod g1;
pub use self::g1::{G1Affine, G1Projective};
pub use self::g1::{G1Affine, G1Prepared, G1Projective};
pub mod g2;
pub use self::g2::{G2Affine, G2Projective};
pub use self::g2::{G2Affine, G2Prepared, G2Projective};
#[cfg(test)]
mod tests;
@@ -22,40 +23,40 @@ pub type GT = Fq6;
#[derive(Copy, Clone, Debug, PartialEq, Eq)]
pub struct CP6_782;
impl PairingEngine for CP6_782 {
type Fr = Fr;
type G1Projective = G1Projective;
impl Pairing for CP6_782 {
type ScalarField = Fr;
type BaseField = Fq;
type G1 = G1Projective;
type G1Affine = G1Affine;
type G1Prepared = G1Affine;
type G2Projective = G2Projective;
type G1Prepared = G1Prepared;
type G2 = G2Projective;
type G2Affine = G2Affine;
type G2Prepared = G2Affine;
type Fq = Fq;
type Fqe = Fq3;
type Fqk = Fq6;
type G2Prepared = G2Prepared;
type TargetField = Fq6;
fn miller_loop<'a, I>(i: I) -> Self::Fqk
where
I: IntoIterator<Item = &'a (Self::G1Prepared, Self::G2Prepared)>,
{
let mut result = Self::Fqk::one();
for &(ref p, ref q) in i {
result *= &CP6_782::ate_miller_loop(p, q);
}
result
fn multi_miller_loop(
a: impl IntoIterator<Item = impl Into<Self::G1Prepared>>,
b: impl IntoIterator<Item = impl Into<Self::G2Prepared>>,
) -> MillerLoopOutput<Self> {
let mut result = Self::TargetField::one();
a.into_iter().zip_eq(b).for_each(|(p, q)| {
let (p, q) = (p.into(), q.into());
result *= &CP6_782::ate_miller_loop(&p, &q);
});
MillerLoopOutput(result)
}
fn final_exponentiation(r: &Self::Fqk) -> Option<Self::Fqk> {
Some(CP6_782::final_exponentiation(r))
fn final_exponentiation(r: MillerLoopOutput<Self>) -> Option<PairingOutput<Self>> {
Some(PairingOutput(CP6_782::final_exponentiation(&r.0)))
}
}
impl CP6_782 {
pub fn ate_pairing(p: &G1Affine, q: &G2Affine) -> GT {
CP6_782::final_exponentiation(&CP6_782::ate_miller_loop(p, q))
}
fn ate_miller_loop(p: &G1Prepared, q: &G2Prepared) -> Fq6 {
let p = p.0;
let q = q.0;
fn ate_miller_loop(p: &G1Affine, q: &G2Affine) -> Fq6 {
let px = p.x;
let py = p.y;
let qx = q.x;
@@ -77,7 +78,7 @@ impl CP6_782 {
let old_rx_square = old_rx.square();
let old_rx_square_3 = old_rx_square.double() + &old_rx_square;
let old_rx_square_3_a = old_rx_square_3 + &g2::Parameters::COEFF_A;
let old_rx_square_3_a = old_rx_square_3 + &g2::Config::COEFF_A;
let old_ry_double_inverse = old_ry.double().inverse().unwrap();
let gamma = old_rx_square_3_a * &old_ry_double_inverse;
@@ -88,7 +89,7 @@ impl CP6_782 {
let x = py_twist_squared;
let y = gamma_old_rx - &old_ry - &gamma_twist_px;
let ell_rr_at_p = Fq6::new(x, y);
let ell_rr_at_p: Fq6 = Fq6::new(x, y);
rx = gamma.square() - &old_rx.double();
ry = gamma * &(old_rx - &rx) - &old_ry;
@@ -106,7 +107,7 @@ impl CP6_782 {
let x = py_twist_squared;
let y = gamma_qx - &qy - &gamma_twist_px;
let ell_rq_at_p = Fq6::new(x, y);
let ell_rq_at_p: Fq6 = Fq6::new(x, y);
rx = gamma.square() - &old_rx - &qx;
ry = gamma * &(old_rx - &rx) - &old_ry;
@@ -128,19 +129,19 @@ impl CP6_782 {
// elt_q3 = elt^(q^3)
let mut elt_q3 = elt.clone();
elt_q3.frobenius_map(3);
elt_q3.frobenius_map_in_place(3);
// elt_q3_over_elt = elt^(q^3-1)
let elt_q3_over_elt = elt_q3 * elt_inv;
// alpha = elt^((q^3-1) * q)
let mut alpha = elt_q3_over_elt.clone();
alpha.frobenius_map(1);
alpha.frobenius_map_in_place(1);
// beta = elt^((q^3-1)*(q+1)
alpha * &elt_q3_over_elt
}
fn final_exponentiation_last(elt: &Fq6, elt_inv: &Fq6) -> Fq6 {
let mut elt_q = elt.clone();
elt_q.frobenius_map(1);
elt_q.frobenius_map_in_place(1);
let w1_part = elt_q.cyclotomic_exp(&FINAL_EXPONENT_LAST_CHUNK_W1);
let w0_part = if FINAL_EXPONENT_LAST_CHUNK_W0_IS_NEG {
@@ -153,14 +154,8 @@ impl CP6_782 {
}
}
/// FQ_ZERO = 0
pub const FQ_ZERO: Fq = field_new!(Fq, BigInteger832([0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]));
/// FQ_ONE = 1
pub const FQ_ONE: Fq = field_new!(Fq, FqParameters::R);
/// TWIST = (0, 1, 0)
pub const TWIST: Fq3 = field_new!(Fq3, FQ_ZERO, FQ_ONE, FQ_ZERO);
pub const TWIST: Fq3 = Fq3::new(Fq::ZERO, Fq::ONE, Fq::ZERO);
/// ATE_IS_LOOP_COUNT_NEG = false
pub const ATE_IS_LOOP_COUNT_NEG: bool = false;
@@ -188,7 +183,7 @@ pub const FINAL_EXPONENT_LAST_CHUNK_W0_IS_NEG: bool = true;
/// FINAL_EXPONENT_LAST_CHUNK_ABS_OF_W0 =
/// 7000705447348627246181409558336018323010329260726930841638672011287206690002601216854775649561085256265269640040570922609783227469279331691880282815325569032149343779036142830666859805506518426649197067288711084398033
pub const FINAL_EXPONENT_LAST_CHUNK_ABS_OF_W0: BigInteger832 = BigInteger832([
pub const FINAL_EXPONENT_LAST_CHUNK_ABS_OF_W0: BigInteger832 = BigInt::new([
0xb62ef36af72855d1,
0x676b5cef49d290fa,
0xd17fcf3c60947427,
@@ -206,7 +201,7 @@ pub const FINAL_EXPONENT_LAST_CHUNK_ABS_OF_W0: BigInteger832 = BigInteger832([
/// FINAL_EXPONENT_LAST_CHUNK_W1 =
/// 86482221941698704497288378992285180119495364068003923046442785886272123124361700722982503222189455144364945735564951562986
pub const FINAL_EXPONENT_LAST_CHUNK_W1: BigInteger832 = BigInteger832([
pub const FINAL_EXPONENT_LAST_CHUNK_W1: BigInteger832 = BigInt::new([
0x5657b9b57b942aea,
0x84f9a65f3bd54eaf,
0x5ea4214e35cd127,

80
cp6_782/src/curves/tests.rs
View File

@@ -1,77 +1,9 @@
use ark_ec::{AffineCurve, PairingEngine, ProjectiveCurve};
use ark_ff::{test_rng, Field, One, PrimeField};
use rand::Rng;
use ark_algebra_test_templates::*;
use ark_ff::Field;
use crate::*;
use ark_curve_tests::{curves::*, groups::*};
#[test]
fn test_g1_projective_curve() {
curve_tests::<G1Projective>();
sw_tests::<g1::Parameters>();
}
#[test]
fn test_g1_projective_group() {
let mut rng = test_rng();
let a: G1Projective = rng.gen();
let b: G1Projective = rng.gen();
group_test(a, b);
}
#[test]
fn test_g1_generator() {
let generator = G1Affine::prime_subgroup_generator();
assert!(generator.is_on_curve());
assert!(generator.is_in_correct_subgroup_assuming_on_curve());
}
#[test]
fn test_g2_projective_curve() {
curve_tests::<G2Projective>();
sw_tests::<g2::Parameters>();
}
#[test]
fn test_g2_projective_group() {
let mut rng = test_rng();
let a: G2Projective = rng.gen();
let b: G2Projective = rng.gen();
group_test(a, b);
}
#[test]
fn test_g2_generator() {
let generator = G2Affine::prime_subgroup_generator();
assert!(generator.is_on_curve());
assert!(generator.is_in_correct_subgroup_assuming_on_curve());
}
#[test]
fn test_bilinearity() {
let mut rng = test_rng();
let a: G1Projective = rng.gen();
let b: G2Projective = rng.gen();
let s: Fr = rng.gen();
let sa = a.mul(s);
let sb = b.mul(s);
let ans1 = CP6_782::pairing(sa, b);
let ans2 = CP6_782::pairing(a, sb);
let ans3 = CP6_782::pairing(a, b).pow(s.into_repr());
assert_eq!(ans1, ans2);
assert_eq!(ans2, ans3);
assert_ne!(ans1, Fq6::one());
assert_ne!(ans2, Fq6::one());
assert_ne!(ans3, Fq6::one());
assert_eq!(ans1.pow(Fr::characteristic()), Fq6::one());
assert_eq!(ans2.pow(Fr::characteristic()), Fq6::one());
assert_eq!(ans3.pow(Fr::characteristic()), Fq6::one());
}
test_group!(g1; G1Projective; sw);
test_group!(g2; G2Projective; sw);
test_group!(pairing_output; ark_ec::pairing::PairingOutput<CP6_782>; msm);
test_pairing!(pairing; crate::CP6_782);

171
cp6_782/src/fields/fq.rs
View File

@@ -1,166 +1,7 @@
use ark_ff::{
biginteger::BigInteger832 as BigInteger,
fields::{FftParameters, Fp832, Fp832Parameters, FpParameters},
};
use ark_ff::fields::{Fp832, MontBackend, MontConfig};
pub type Fq = Fp832<FqParameters>;
pub struct FqParameters;
impl Fp832Parameters for FqParameters {}
impl FftParameters for FqParameters {
type BigInt = BigInteger;
const TWO_ADICITY: u32 = 3;
#[rustfmt::skip]
const TWO_ADIC_ROOT_OF_UNITY: BigInteger = BigInteger([
18044746167194862600u64,
63590321303744709u64,
5009346151370959890u64,
2859114157767503991u64,
8301813204852325413u64,
5629414263664332594u64,
2637340888701394641u64,
17433538052687852753u64,
2230763098934759248u64,
3785382115983092023u64,
8895511354022222370u64,
15792083141709071785u64,
1328u64,
]);
}
impl FpParameters for FqParameters {
/// MODULUS = 22369874298875696930346742206501054934775599465297184582183496627646774052458024540232479018147881220178054575403841904557897715222633333372134756426301062487682326574958588001132586331462553235407484089304633076250782629492557320825577
#[rustfmt::skip]
const MODULUS: BigInteger = BigInteger([
0xdace79b57b942ae9,
0x545d85c16dfd424a,
0xee135c065f4d26b7,
0x9c2f764a12c4024b,
0x1ad533049cfe6a39,
0x52a3fb77c79c1320,
0xab3596c8617c5792,
0x830c728d80f9d78b,
0x6a7223ee72023d07,
0xbc5d176b746af026,
0xe959283d8f526663,
0xc4d2263babf8941f,
0x3848,
]);
const MODULUS_BITS: u32 = 782;
const CAPACITY: u32 = Self::MODULUS_BITS - 1;
const REPR_SHAVE_BITS: u32 = 50;
#[rustfmt::skip]
const R: BigInteger = BigInteger([
11190988450819017841u64,
16170411717126802030u64,
2265463223430229059u64,
16946880912571045974u64,
11155248462028513229u64,
12855672356664541314u64,
8489376931127408159u64,
2655797810825538098u64,
9648483887143916718u64,
17514963461276738952u64,
16777089214204267338u64,
15649035958020076168u64,
8659u64,
]);
#[rustfmt::skip]
const R2: BigInteger = BigInteger([
13983406830510863714u64,
17863856572171232656u64,
1698388424046564526u64,
1773634430448388392u64,
8684647957094413275u64,
3992637317298078843u64,
18420879196616862245u64,
3238482510270583127u64,
7928200707794018216u64,
10024831010452223910u64,
9613847725664942650u64,
15361265984156787358u64,
7833u64,
]);
const INV: u64 = 14469047335842394791u64;
/// GENERATOR = 13
#[rustfmt::skip]
const GENERATOR: BigInteger = BigInteger([
16669393626057438558u64,
1640520694378723217u64,
1598646156981121135u64,
12401834967100173388u64,
2356467520877704673u64,
14759118825104212161u64,
5556628239575210651u64,
5317520392768798654u64,
16398429955031064995u64,
3556102264904210145u64,
8166834915717907988u64,
11926665585800594452u64,
11716u64,
]);
#[rustfmt::skip]
const MODULUS_MINUS_ONE_DIV_TWO: BigInteger = BigInteger([
0x6d673cdabdca1574,
0xaa2ec2e0b6fea125,
0xf709ae032fa6935b,
0xce17bb2509620125,
0xd6a99824e7f351c,
0x2951fdbbe3ce0990,
0xd59acb6430be2bc9,
0xc1863946c07cebc5,
0x353911f739011e83,
0xde2e8bb5ba357813,
0xf4ac941ec7a93331,
0x6269131dd5fc4a0f,
0x1c24,
]);
// (T - 1)/2 =
// 1398117143679731058146671387906315933423474966581074036386468539227923378278626533764529938634242576261128410962740119034868607201414583335758422276643816405480145410934911750070786645716409577212967755581539567265673914343284832551598
#[rustfmt::skip]
const T_MINUS_ONE_DIV_TWO: BigInteger = BigInteger([
0xadace79b57b942ae,
0x7545d85c16dfd424,
0xbee135c065f4d26b,
0x99c2f764a12c4024,
0x1ad533049cfe6a3,
0x252a3fb77c79c132,
0xbab3596c8617c579,
0x7830c728d80f9d78,
0x66a7223ee72023d0,
0x3bc5d176b746af02,
0xfe959283d8f52666,
0x8c4d2263babf8941,
0x384,
]);
// T =
// 2796234287359462116293342775812631866846949933162148072772937078455846756557253067529059877268485152522256821925480238069737214402829166671516844553287632810960290821869823500141573291432819154425935511163079134531347828686569665103197
#[rustfmt::skip]
const T: BigInteger = BigInteger([
0x5b59cf36af72855d,
0xea8bb0b82dbfa849,
0x7dc26b80cbe9a4d6,
0x3385eec942588049,
0x35aa660939fcd47,
0x4a547f6ef8f38264,
0x7566b2d90c2f8af2,
0xf0618e51b01f3af1,
0xcd4e447dce4047a0,
0x778ba2ed6e8d5e04,
0xfd2b2507b1ea4ccc,
0x189a44c7757f1283,
0x709,
]);
}
#[derive(MontConfig)]
#[modulus = "22369874298875696930346742206501054934775599465297184582183496627646774052458024540232479018147881220178054575403841904557897715222633333372134756426301062487682326574958588001132586331462553235407484089304633076250782629492557320825577"]
#[generator = "13"]
pub struct FqConfig;
pub type Fq = Fp832<MontBackend<FqConfig, 13>>;

166
cp6_782/src/fields/fq3.rs
View File

@@ -1,40 +1,24 @@
use crate::Fq;
use ark_ff::{
biginteger::BigInteger832 as BigInteger,
field_new,
fields::fp3::{Fp3, Fp3Parameters},
Field,
fields::fp3::{Fp3, Fp3Config},
Field, MontFp,
};
pub type Fq3 = Fp3<Fq3Parameters>;
use crate::Fq;
pub struct Fq3Parameters;
pub type Fq3 = Fp3<Fq3Config>;
impl Fp3Parameters for Fq3Parameters {
pub struct Fq3Config;
impl Fp3Config for Fq3Config {
type Fp = Fq;
/// NONRESIDUE = 13
#[rustfmt::skip]
const NONRESIDUE: Fq = field_new!(Fq, BigInteger([
0xe755952f4650755e,
0x16c44ce1331ef791,
0x162f8835b467306f,
0xac1c2b31e1062c4c,
0x20b3dab9a2a935e1,
0xccd2ec5fd01e00c1,
0x4d1d1bf190c8da9b,
0x49cba09fb0e13fbe,
0xe392ed2957c061a3,
0x3159d02b3c93d6e1,
0x71566d160a9f8614,
0xa5840728fc854414,
0x2dc4,
]));
const NONRESIDUE: Fq = MontFp!("13");
const TWO_ADICITY: u32 = 3;
#[rustfmt::skip]
const T_MINUS_ONE_DIV_TWO: &'static [u64] = &[
const TRACE_MINUS_ONE_DIV_TWO: &'static [u64] = &[
0x62730e2cd2029617,
0x660647f735cb88cf,
0x274359d60784f69d,
@@ -74,131 +58,31 @@ impl Fp3Parameters for Fq3Parameters {
0x2b87fda171,
];
#[rustfmt::skip]
const QUADRATIC_NONRESIDUE_TO_T: (Fq, Fq, Fq) = (
field_new!(Fq, BigInteger([
0x59987c0ef8e31739,
0x59578d750d6f57dd,
0x9672547570dddab8,
0x1a1f630e1d6dbdd5,
0xde15f46e52d7613e,
0x6a1b6e4f80179926,
0x461ad119d93123b,
0x12054e3654907ed9,
0x85ea06b12bf811a0,
0xc01d53d07347f9ec,
0x70c424eb666c3922,
0x1796ce4ed605d49e,
0x68b,
])),
field_new!(Fq, BigInteger([0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0])),
field_new!(Fq, BigInteger([0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0])),
const QUADRATIC_NONRESIDUE_TO_T: Fq3 = Fq3::new(
MontFp!("5759691735434357221228070840130186543101559976323700017469395641639510585333061695996665166662748527158637897523704071820491869715512532675375604262649010727161924084052120196921150869218319839231115277876207074651754402338718419191428"),
Fq::ZERO,
Fq::ZERO,
);
#[rustfmt::skip]
const FROBENIUS_COEFF_FP3_C1: &'static [Fq] = &[
field_new!(Fq, BigInteger([
0x9b4e60b420910c71,
0xe068d7c83f284a6e,
0x1f708acc7c452c43,
0xeb2f6a66cca51856,
0x9acf675f886e9fcd,
0xb26885e567cc8082,
0x75d05357183eb61f,
0x24db4a09b5842a32,
0x85e64cf9ba4b14ae,
0xf311a6784358a588,
0xe8d431c061aecb4a,
0xd92c8b4aab19f288,
0x21d3,
])),
field_new!(Fq, BigInteger([
0xe793e750fc0c0fdc,
0x28cd75f5634a867e,
0xde5e9b1261eb3c33,
0x68a0fb1c17595903,
0x19626d2c9f392e46,
0xc4d95794cb378b83,
0x54870f1f582d67c9,
0xf3f1a0ac4aceb56d,
0x811361215ea4fd47,
0x32cd6ee17d95bd00,
0x725f9881049a9c52,
0x5acb70be0613a307,
0x11bb,
])),
field_new!(Fq, BigInteger([
0x57ec31b05ef70e9c,
0x4b273803cb8a715d,
0xf0443627811cbe40,
0x485f10c72ec590f1,
0x66a35e7875569c25,
0xdb621dfd9498071a,
0xe0de3451f11039a8,
0x6a3f87d780a6f7eb,
0x637875d359122b11,
0x967e0211b37c8d9d,
0x8e255dfc2908fec6,
0x90da2a32facafe8f,
0x4b9,
])),
Fq::ONE,
MontFp!("2416169158604010336818399199316106389588878314690767988978701685873498866746813334102117883272276610365242925950967572554030909749205624998805208910209389668659757274773858916683688639755413288353778854399286396639505385648830027756861"),
MontFp!("19953705140271686593528343007184948545186721150606416593204794941773275185711211206130361134875604609812811649452874332003866805473427708373329547516091672819022569300184729084448897691707139947053705234905346679611277243843727293068715"),
];
#[rustfmt::skip]
const FROBENIUS_COEFF_FP3_C2: &'static [Fq] = &[
field_new!(Fq, BigInteger([
0x9b4e60b420910c71,
0xe068d7c83f284a6e,
0x1f708acc7c452c43,
0xeb2f6a66cca51856,
0x9acf675f886e9fcd,
0xb26885e567cc8082,
0x75d05357183eb61f,
0x24db4a09b5842a32,
0x85e64cf9ba4b14ae,
0xf311a6784358a588,
0xe8d431c061aecb4a,
0xd92c8b4aab19f288,
0x21d3,
])),
field_new!(Fq, BigInteger([
0x57ec31b05ef70e9c,
0x4b273803cb8a715d,
0xf0443627811cbe40,
0x485f10c72ec590f1,
0x66a35e7875569c25,
0xdb621dfd9498071a,
0xe0de3451f11039a8,
0x6a3f87d780a6f7eb,
0x637875d359122b11,
0x967e0211b37c8d9d,
0x8e255dfc2908fec6,
0x90da2a32facafe8f,
0x4b9,
])),
field_new!(Fq, BigInteger([
0xe793e750fc0c0fdc,
0x28cd75f5634a867e,
0xde5e9b1261eb3c33,
0x68a0fb1c17595903,
0x19626d2c9f392e46,
0xc4d95794cb378b83,
0x54870f1f582d67c9,
0xf3f1a0ac4aceb56d,
0x811361215ea4fd47,
0x32cd6ee17d95bd00,
0x725f9881049a9c52,
0x5acb70be0613a307,
0x11bb,
])),
Fq::ONE,
MontFp!("19953705140271686593528343007184948545186721150606416593204794941773275185711211206130361134875604609812811649452874332003866805473427708373329547516091672819022569300184729084448897691707139947053705234905346679611277243843727293068715"),
MontFp!("2416169158604010336818399199316106389588878314690767988978701685873498866746813334102117883272276610365242925950967572554030909749205624998805208910209389668659757274773858916683688639755413288353778854399286396639505385648830027756861"),
];
#[inline(always)]
fn mul_fp_by_nonresidue(fe: &Self::Fp) -> Self::Fp {
fn mul_fp_by_nonresidue_in_place(fe: &mut Self::Fp) -> &mut Self::Fp {
let original = *fe;
let mut four_fe = fe.double();
four_fe.double_in_place();
let eight_fe = four_fe.double();
eight_fe + &four_fe + &original
fe.double_in_place();
*fe += original;
fe.double_in_place().double_in_place();
*fe += original;
fe
}
}

116
cp6_782/src/fields/fq6.rs
View File

@@ -1,112 +1,26 @@
use crate::{Fq, Fq3, Fq3Parameters, FQ_ONE, FQ_ZERO};
use ark_ff::{
biginteger::BigInteger832 as BigInteger,
field_new,
fields::fp6_2over3::{Fp6, Fp6Parameters},
fields::fp6_2over3::{Fp6, Fp6Config},
Field, MontFp,
};
pub type Fq6 = Fp6<Fq6Parameters>;
use crate::{Fq, Fq3, Fq3Config};
pub struct Fq6Parameters;
pub type Fq6 = Fp6<Fq6Config>;
impl Fp6Parameters for Fq6Parameters {
type Fp3Params = Fq3Parameters;
pub struct Fq6Config;
impl Fp6Config for Fq6Config {
type Fp3Config = Fq3Config;
/// NONRESIDUE = (0, 1, 0).
#[rustfmt::skip]
const NONRESIDUE: Fq3 = field_new!(Fq3, FQ_ZERO, FQ_ONE, FQ_ZERO);
const NONRESIDUE: Fq3 = Fq3::new(Fq::ZERO, Fq::ONE, Fq::ZERO);
#[rustfmt::skip]
const FROBENIUS_COEFF_FP6_C1: &'static [Fq] = &[
field_new!(Fq, BigInteger([
0x9b4e60b420910c71,
0xe068d7c83f284a6e,
0x1f708acc7c452c43,
0xeb2f6a66cca51856,
0x9acf675f886e9fcd,
0xb26885e567cc8082,
0x75d05357183eb61f,
0x24db4a09b5842a32,
0x85e64cf9ba4b14ae,
0xf311a6784358a588,
0xe8d431c061aecb4a,
0xd92c8b4aab19f288,
0x21d3,
])),
field_new!(Fq, BigInteger([
0x82e248051c9d1c4d,
0x9364dbda272d0ed,
0xfdcf25dede306877,
0x53d06582e3fe7159,
0xb431d48c27a7ce14,
0x7741dd7a33040c05,
0xca576276706c1de9,
0x18cceab60052df9f,
0x6f9ae1b18f011f6,
0x25df1559c0ee6289,
0x5b33ca416649679d,
0x33f7fc08b12d9590,
0x338f,
])),
field_new!(Fq, BigInteger([
0xe793e750fc0c0fdc,
0x28cd75f5634a867e,
0xde5e9b1261eb3c33,
0x68a0fb1c17595903,
0x19626d2c9f392e46,
0xc4d95794cb378b83,
0x54870f1f582d67c9,
0xf3f1a0ac4aceb56d,
0x811361215ea4fd47,
0x32cd6ee17d95bd00,
0x725f9881049a9c52,
0x5acb70be0613a307,
0x11bb,
])),
field_new!(Fq, BigInteger([
0x3f8019015b031e78,
0x73f4adf92ed4f7dc,
0xcea2d139e307fa73,
0xb1000be3461ee9f5,
0x8005cba5148fca6b,
0xa03b75925fcf929d,
0x35654371493da172,
0x5e312883cb75ad59,
0xe48bd6f4b7b72859,
0xc94b70f331124a9d,
0x84f67d2da39b18,
0xeba59af100dea197,
0x1674,
])),
field_new!(Fq, BigInteger([
0x57ec31b05ef70e9c,
0x4b273803cb8a715d,
0xf0443627811cbe40,
0x485f10c72ec590f1,
0x66a35e7875569c25,
0xdb621dfd9498071a,
0xe0de3451f11039a8,
0x6a3f87d780a6f7eb,
0x637875d359122b11,
0x967e0211b37c8d9d,
0x8e255dfc2908fec6,
0x90da2a32facafe8f,
0x4b9,
])),
field_new!(Fq, BigInteger([
0xf33a92647f881b0d,
0x2b900fcc0ab2bbcb,
0xfb4c0f3fd61ea84,
0x338e7b2dfb6aa948,
0x172c5d7fdc53bf3,
0x8dcaa3e2fc64879d,
0x56ae87a9094eefc8,
0x8f1ad1e1362b221e,
0xe95ec2cd135d3fbf,
0x898fa889f6d53325,
0x76f98fbc8ab7ca11,
0x6a06b57da5e4f118,
0x268d,
])),
Fq::ONE,
MontFp!("2416169158604010336818399199316106389588878314690767988978701685873498866746813334102117883272276610365242925950967572554030909749205624998805208910209389668659757274773858916683688639755413288353778854399286396639505385648830027756862"),
MontFp!("2416169158604010336818399199316106389588878314690767988978701685873498866746813334102117883272276610365242925950967572554030909749205624998805208910209389668659757274773858916683688639755413288353778854399286396639505385648830027756861"),
MontFp!("22369874298875696930346742206501054934775599465297184582183496627646774052458024540232479018147881220178054575403841904557897715222633333372134756426301062487682326574958588001132586331462553235407484089304633076250782629492557320825576"),
MontFp!("19953705140271686593528343007184948545186721150606416593204794941773275185711211206130361134875604609812811649452874332003866805473427708373329547516091672819022569300184729084448897691707139947053705234905346679611277243843727293068715"),
MontFp!("19953705140271686593528343007184948545186721150606416593204794941773275185711211206130361134875604609812811649452874332003866805473427708373329547516091672819022569300184729084448897691707139947053705234905346679611277243843727293068716"),
];
}

2
cp6_782/src/fields/fr.rs
View File

@@ -1 +1 @@
pub use ark_bls12_377::{Fq as Fr, FqParameters as FrParameters};
pub use ark_bls12_377::{Fq as Fr, FqConfig as FrConfig};

2
cp6_782/src/fields/mod.rs
View File

@@ -10,5 +10,5 @@ pub use self::fq3::*;
pub mod fq6;
pub use self::fq6::*;
#[cfg(all(feature = "cp6_782", test))]
#[cfg(test)]
mod tests;

Some files were not shown because too many files have changed in this diff Show More