arnaucube/ark-curves-cherry-picked
1
0
Fork 0
mirror of https://github.com/arnaucube/ark-curves-cherry-picked.git synced 2026-01-27 14:13:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: arnaucube:initialize
Branches Tags
arnaucube:cherry-pick arnaucube:master arnaucube:use-algebra-ci-no-std arnaucube:releases arnaucube:update-to-latest-arkworks arnaucube:sjoseph/big_integer_documentation arnaucube:reduce-generics arnaucube:fq2_neg_nonresidue arnaucube:initialize
arnaucube:v0.4.0-alpha.2 arnaucube:v0.4.0-alpha.1 arnaucube:v0.3.0 arnaucube:ark-vesta-v0.2.0 arnaucube:ark-ed-on-mnt4-753-v0.2.0
...
compare: arnaucube:sjoseph/big_integer_documentation
Branches Tags
arnaucube:cherry-pick arnaucube:master arnaucube:use-algebra-ci-no-std arnaucube:releases arnaucube:update-to-latest-arkworks arnaucube:sjoseph/big_integer_documentation arnaucube:reduce-generics arnaucube:fq2_neg_nonresidue arnaucube:initialize
arnaucube:v0.4.0-alpha.2 arnaucube:v0.4.0-alpha.1 arnaucube:v0.3.0 arnaucube:ark-vesta-v0.2.0 arnaucube:ark-ed-on-mnt4-753-v0.2.0

69 Commits
initialize ... sjoseph/bi

Author SHA1 Message Date
Solomon
60b6e5d63b Renamed add_nocarry and sub_noborrow for curves 2021-10-21 12:24:02 -07:00
zhenfei
461e4190b1 adding SW parameters for Bandersnatch curve (#67) 
Co-authored-by: Pratyush Mishra <pratyushmishra@berkeley.edu>
 2021-10-20 10:12:15 -07:00
zhenfei
5fe1862c9a Twisted Edwards parameters for BLS12-377 (#76) 
Co-authored-by: Pratyush Mishra <pratyushmishra@berkeley.edu>
 2021-10-19 11:30:41 -07:00
Simon Masson
2118e14b6a Use Scott's subgroup membership tests for G1 and G2 of BLS12-381. (#74) 
* implementation of the fast subgroup check for bls12_381

* add a bench

* subgroup check for g1

* subgroup check modifications

* remove useless test

* fmt

* need the last version of arkworks/algebra

* remove Parameters0

* using projective points is more efficient

* use of projective coordinates in G2

* fmt

* documentation on the constants and the psi function

* references for algorithms of eprint 2021/1130

* fmt

* sed ^ **

* minor improvement

* fmt

* fix Cargo toml

* nits

* some cleanup for g1

* add the beta test back

* fmt

* g2

* changelog

* add a  note on the Cargo.toml

* nits

* avoid variable name conflicts

* add the early-out optimization

Co-authored-by: weikeng <w.k@berkeley.edu>
 2021-09-25 10:34:13 -07:00
Weikeng Chen
b5c2d8eba3 Fix a comment on Bandersnatch's TEModelParameters (#65) 
Pratyush noticed a comment regarding COEFF_A has not been updated. This PR fixes so.
 2021-06-30 20:14:37 -07:00
zhenfei
129795aa4c Implement the Bandersnatch curve (#64) 
* impl bandersnatch

* clean up

* update changelog

* Relocate the readme so they show up in the doc

* Delete README.md

* Relocate the changelog entry

* rename & fmt

Co-authored-by: Weikeng Chen <w.k@berkeley.edu>
 2021-06-29 18:04:08 -07:00
George Gkitsas
a9cb9bfcb2 Fix incorrect repository links in Cargo.toml files (#63) 
* fixes repository in cargo files

* lint fixes
 2021-06-23 08:58:50 -07:00
Weikeng Chen
d2c998736e Release v0.3.0 (#62) 
* release

* update CHANGELOG.md
 2021-06-06 13:47:19 -07:00
Alex Ozdemir
ada1fdac07 Fix Bls12-377 scalar group generator (#60) 
* Fix Bls12-377 scalar group generator

Previously we used 11 as a generator, which has order (p-1)/35.

Now we use 22, which has the right order.

Fixed the two-adic root of unity in accordance with the new generator.

fixes #47

* add the CHANGE LOG

Co-authored-by: weikeng <w.k@berkeley.edu>
 2021-05-06 16:46:22 -07:00
Weikeng Chen
8c795ec0cf Update the documentation of BN254's field parameters (#59) 2021-05-06 08:22:07 -07:00
Daira Hopwood
9d232a7dcd Fix a comment describing BN254. (#55) 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-04-16 14:54:33 -07:00
Daira Hopwood
4d6c49640c Add benchmarks for Pallas and Vesta curves. (#53) 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-04-16 10:18:06 -07:00
Pratyush Mishra
880a010f5e Reduce CI time by parallelizing per-curve tests (#52) 2021-04-11 14:53:06 -07:00
Dev Ojha
269fe97519 Release v0.2 (#51) 2021-03-24 20:18:59 -05:00
Dev Ojha
de78b0da1d Update CHANGELOG.md (#50) 
Co-authored-by: Pratyush Mishra <pratyushmishra@berkeley.edu>
 2021-03-24 12:00:47 -05:00
Pratyush Mishra
5c0dcd5ca1 Fix links in curve documentation (#49) 2021-03-24 09:25:56 -07:00
Weikeng Chen
507cfa355a Remove the two remaining direct references to rand (#47) 2021-03-23 16:31:55 -07:00
Dev Ojha
fea21d919a Linkify changelog (#46) 2021-03-23 13:59:51 -05:00
Weikeng Chen
666da1e3b2 Fix ed-on-mnt4-753 (#45) 
* fix ed-mnt4-753

* update CHANGELOG
 2021-02-09 09:33:28 -08:00
Weikeng Chen
74f6efb821 Replace rand with ark_std::rand (#42) 
* replace rand

* update CHANGELOG

* fmt

* fix

* fix
 2021-02-04 20:12:47 -08:00
Dev Ojha
684969909b Add benchmark for sub_assign (#41) 2021-02-04 13:50:08 -08:00
Pratyush Mishra
487f0043d8 Upgrade to test-templates from algebra (#40) 
* Upgrade to test-templates from algebra

* Fix Cargo.toml

* Fix search and replace

* Update

* Fix cargo tomls
 2021-01-31 11:47:41 -08:00
Dev Ojha
cd88721883 Switch to panic='abort' for safety across FFI boundaries (#38) 2021-01-21 14:51:10 -06:00
Pratyush Mishra
6ed2450b55 More comprehensive scalar multiplication tests (#37) 2021-01-15 13:55:17 -08:00
Pratyush Mishra
04b5ef1265 Make constraint tests check all allocation modes (#35) 2021-01-08 23:03:52 -08:00
Daira Hopwood
39c58df3a6 Add Pallas and Vesta curves (#21) 
Co-authored-by: Ying Tong Lai <yingtong@electriccoin.co>
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
Co-authored-by: Pratyush Mishra <pratyushmishra@berkeley.edu>
Co-authored-by: therealyingtong <yingtong@z.cash>
 2020-12-30 16:56:00 -08:00
Pratyush Mishra
e7d7d01a02 Add MSM benchmark (#24) 2020-12-16 13:39:29 -06:00
Pratyush Mishra
621355df14 Fix links in Cargo.tomls (#29) 
Co-authored-by: Dev Ojha <ValarDragon@users.noreply.github.com>
 2020-12-16 11:12:01 -08:00
Dev Ojha
505b72e71e Add Changelog and contributing file (#31) 
* Add issue/PR templates

Co-authored-by: Pratyush Mishra <pratyushmishra@berkeley.edu>
 2020-12-16 00:57:59 -06:00
Pratyush Mishra
ae06af2448 Handle Fp64 related issue (#32) 2020-12-16 00:36:01 -06:00
Pratyush Mishra
72b04dbacb Better inversion in tests (#30) 2020-12-15 21:17:28 -08:00
Pratyush Mishra
9654fb6513 Fix rng in constraint tests 2020-12-15 20:49:55 -08:00
ValarDragon
145a573b41 Add missed import 2020-12-15 20:49:55 -08:00
ValarDragon
b7d6d11ff6 Fix doctests 2020-12-15 20:49:55 -08:00
ValarDragon
9c8d0fbe4c undo patch.crates.io 2020-12-15 20:49:55 -08:00
ValarDragon
febd2048ee fix lint 2020-12-15 20:49:55 -08:00
ValarDragon
2d081cd315 UniformRand updates 2020-12-15 20:49:55 -08:00
ValarDragon
530d618cca Change test_rng import to ark-std 2020-12-15 20:49:55 -08:00
Antoine Rondelet
b17b17efcc Fixed broken links (#28) 2020-12-14 07:55:09 -08:00
Pratyush Mishra
7f1fcd6696 Format 2020-12-10 19:06:20 -08:00
Pratyush Mishra
3198749ccb Improvements 2020-12-10 19:06:20 -08:00
Pratyush Mishra
ac0dcc7ae9 Work 2020-12-10 19:06:20 -08:00
Pratyush Mishra
76cc7aa044 Change benchmark order 2020-12-10 19:06:20 -08:00
Pratyush Mishra
c6a51adb77 Move to bencher 2020-12-10 19:06:20 -08:00
Pratyush Mishra
4ab7431059 Reduce number of samples 2020-12-10 19:06:20 -08:00
Pratyush Mishra
651f772755 Move to criterion 2020-12-10 19:06:20 -08:00
Pratyush Mishra
98717da099 Fix MNT4-753 Fq4 Frobenius coefficient 2020-12-10 12:47:25 -08:00
Pratyush Mishra
0486c30b3b Format 2020-12-10 12:47:25 -08:00
Pratyush Mishra
4e45f92ca9 Fixes 2020-12-10 12:47:25 -08:00
Pratyush Mishra
a1ce3291dd Update ed_on_cp6 2020-12-10 12:47:25 -08:00
Pratyush Mishra
1534bbbfdf Update MNT6-298 2020-12-10 12:47:25 -08:00
Pratyush Mishra
6f7235d939 Update MNT4-298 2020-12-10 12:47:25 -08:00
Pratyush Mishra
4b050b1aae Update MNT4-753 2020-12-10 12:47:25 -08:00
Pratyush Mishra
5f62fab169 Update MNT6-753 2020-12-10 12:47:25 -08:00
Pratyush Mishra
9a97d75149 Update edwards curves constants 2020-12-10 12:47:25 -08:00
Pratyush Mishra
7f6ff28e6c Update ed_on_bn254 2020-12-10 12:47:25 -08:00
Pratyush Mishra
128f0f5b65 Update ed_on_bls12_381 2020-12-10 12:47:25 -08:00
Pratyush Mishra
23a25faccf Update ed_on_bls12_377 2020-12-10 12:47:25 -08:00
Pratyush Mishra
abdaafdd54 Update CP6-782 2020-12-10 12:47:25 -08:00
Pratyush Mishra
6a6b3711c6 Update BW6-761 2020-12-10 12:47:25 -08:00
Pratyush Mishra
31664a0e2e Update BN254 2020-12-10 12:47:25 -08:00
Pratyush Mishra
b0565ad0c5 Update BLS12-381 2020-12-10 12:47:25 -08:00
Pratyush Mishra
0445d45c07 Update BLS12-377 2020-12-10 12:47:25 -08:00
therealyingtong
23e87bf224 Correct Base field <-> Scalar field in mnt6298 documentation 2020-11-17 16:55:59 -08:00
Pratyush Mishra
c4e4e18dee Fix benchmark compilation and add benchmarks for Edwards curves 2020-11-11 23:51:00 -08:00
Dev Ojha
e523a7e3fc Add reference to the curve API definitions in the README (#6) 
Co-authored-by: Pratyush Mishra <pratyushmishra@berkeley.edu>
 2020-11-09 14:16:21 -08:00
Pratyush Mishra
66a1fc9cf7 Add constraints for relevant curves (#3) 2020-10-19 12:45:23 -07:00
Pratyush Mishra
f6132a4c0e default-features = false for curve-benches (#2) 2020-10-11 20:40:00 -07:00
Pratyush Mishra
33261b4c41 Update documentation for BLS12 fields (#1) 2020-10-11 20:26:26 -07:00
245 changed files with 7321 additions and 6151 deletions
Expand all files Collapse all files

25
.github/ISSUE_TEMPLATE/bug_report.md vendored Normal file
View File

@@ -0,0 +1,25 @@
---
name: Bug Report
about: Create a report to help us squash bugs!
---
<!-- < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < ☺
v ✰ Thanks for opening an issue! ✰
v Before smashing the submit button please review the template.
v Please also ensure that this is not a duplicate issue :)
☺ > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -->∂
## Summary of Bug
<!-- Concisely describe the issue -->
## Version
<!-- git commit hash or tagged version -->
## Steps to Reproduce
<!-- Also please note what feature flags the library was compiled with? -->
<!-- If this is a build issue, also indicate your OS and compiler versions (clang --version) -->

35
.github/ISSUE_TEMPLATE/feature_request.md vendored Normal file
View File

@@ -0,0 +1,35 @@
---
name: Feature Request
about: Create a proposal to request a feature
---
<!-- < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < ☺
v ✰ Thanks for opening an issue! ✰
v Before smashing the submit button please review the template.
v Word of caution: poorly thought-out proposals may be rejected
v without deliberation
☺ > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -->
## Summary
<!-- Short, concise description of the proposed feature -->
## Problem Definition
<!-- Why do we need this feature?
What problems may be addressed by introducing this feature?
Are there any disadvantages of including this feature? -->
## Proposal
<!-- Detailed description of requirements of implementation -->
____
#### For Admin Use
- [ ] Not duplicate issue
- [ ] Appropriate labels applied
- [ ] Appropriate contributors tagged
- [ ] Contributor assigned/self-assigned

26
.github/PULL_REQUEST_TEMPLATE.md vendored Normal file
View File

@@ -0,0 +1,26 @@
<!-- < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < ☺
v ✰ Thanks for creating a PR! ✰
v Before hitting that submit button please review the checkboxes.
v If a checkbox is n/a - please still include it but + a little note why
☺ > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -->
## Description
<!-- Add a description of the changes that this PR introduces and the files that
are the most critical to review.
-->
closes: #XXXX
---
Before we can merge this PR, please make sure that all the following items have been
checked off. If any of the checklist items are not applicable, please leave them but
write a little note why.
- [ ] Targeted PR against correct branch (master)
- [ ] Linked to Github issue with discussion and accepted design OR have an explanation in the PR that describes this work.
- [ ] Wrote unit tests
- [ ] Updated relevant documentation in the code
- [ ] Added a relevant changelog entry to the `Pending` section in `CHANGELOG.md`
- [ ] Re-reviewed `Files changed` in the Github PR explorer

72
.github/workflows/ci.yml vendored
View File

@@ -29,8 +29,8 @@ jobs:
command: fmt
args: --all -- --check
test:
name: Test
check:
name: Check
runs-on: ubuntu-latest
env:
RUSTFLAGS: -Dwarnings
@@ -78,13 +78,60 @@ jobs:
args: --all-features --examples --workspace --benches
if: matrix.rust == 'nightly'
- name: Test
directories: # Job that list subdirectories
name: List directories for parallelizing tests
runs-on: ubuntu-latest
outputs:
dir: ${{ steps.set-dirs.outputs.dir }} # generate output name dir by using inner step output
steps:
- uses: actions/checkout@v2
- id: set-dirs # Give it an id to handle to get step outputs in the outputs key above
run: echo "::set-output name=dir::$(ls -d */ | jq -R -s -c 'split("\n")[:-1]')"
# Define step output named dir base on ls command transformed to JSON thanks to jq
test:
name: Test
runs-on: ubuntu-latest
needs: [directories] # Depends on previous job
strategy:
matrix:
dir: ${{fromJson(needs.directories.outputs.dir)}} # List matrix strategy from directories dynamically
# rust:
# - stable
# - nightly
exclude:
- dir: scripts/
- dir: curve-constraint-tests/
- dir: curve-benches/
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Run tests
run: |
cd ${{matrix.dir}}
cargo test --all-features
docs:
name: Check Documentation
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v1
- name: Install Rust
uses: actions-rs/toolchain@v1
with:
profile: minimal
toolchain: stable
override: true
components: rustfmt
- name: cargo doc --all --no-deps --document-private-items --all-features
uses: actions-rs/cargo@v1
with:
command: test
args: "--workspace \
--all-features \
--exclude curve-benches"
command: doc
args: --all --no-deps --document-private-items --all-features
check_no_std:
name: Check no_std
@@ -94,13 +141,6 @@ jobs:
uses: actions/checkout@v2
- name: Install Rust (${{ matrix.rust }})
uses: actions-rs/toolchain@v1
with:
toolchain: stable
target: thumbv6m-none-eabi
override: true
- name: Install Rust ARM64 (${{ matrix.rust }})
uses: actions-rs/toolchain@v1
with:
toolchain: stable
@@ -119,10 +159,10 @@ jobs:
uses: actions-rs/cargo@v1
with:
command: check
args: --examples --workspace --exclude ark-curve-tests --exclude ark-curve-benches --target thumbv6m-none-eabi
args: --examples --workspace --exclude ark-curve-constraint-tests --exclude ark-curve-benches --target aarch64-unknown-none
- name: build
uses: actions-rs/cargo@v1
with:
command: build
args: --workspace --exclude ark-curve-tests --exclude ark-curve-benches --target thumbv6m-none-eabi
args: --workspace --exclude ark-curve-constraint-tests --exclude ark-curve-benches --target aarch64-unknown-none

20
.github/workflows/linkify_changelog.yml vendored Normal file
View File

@@ -0,0 +1,20 @@
name: Linkify Changelog
on:
workflow_dispatch
jobs:
linkify:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Add links
run: python3 scripts/linkify_changelog.py CHANGELOG.md
- name: Commit
run: |
git config user.name github-actions
git config user.email github-actions@github.com
git add .
git commit -m "Linkify Changelog"
git push

69
CHANGELOG.md Normal file
View File

@@ -0,0 +1,69 @@
# CHANGELOG
## Pending
- [\#76](https://github.com/arkworks-rs/curves/pull/76) twisted Edwards parameters for bls12-377
### Breaking changes
### Features
### Improvements
- [\#74](https://github.com/arkworks-rs/curves/pull/74) Use Scott's subgroup membership tests for `G1` and `G2` of BLS12-381.
### Bug fixes
## v0.3.0
### Breaking changes
- [\#60](https://github.com/arkworks-rs/curves/pull/60) Change the scalar group generator of `Fr` of `bls12_377` Fr from `11` to `22`.
- [\#61](https://github.com/arkworks-rs/curves/pull/61) Remove `ATE_LOOP_COUNT_IS_NEGATIVE` from BN254 curve parameter.
### Features
- [\#64](https://github.com/arkworks-rs/curves/pull/64) Implement the Bandersnatch curve, another twisted Edwards curve for BLS12-381.
### Improvements
### Bug fixes
## v0.2.0
### Breaking changes
- Requires all crates from `arkworks-rs/algebra` to have version `v0.2.0` or greater.
### Features
- [\#3](https://github.com/arkworks-rs/curves/pull/3) Add constraints for
`ark-bls12-377`,
`ark-ed-on-bls12-377`,
`ark-ed-on-bls12-381`,
`ark-ed-on-bn254`,
`ark-ed-on-cp6-782`,
`ark-ed-on-bw6-761`,
`ark-ed-on-mnt4-298`,
`ark-ed-on-mnt4-753`,
`ark-mnt4-298`,
`ark-mnt6-298`,
`ark-mnt4-753`,
`ark-mnt6-753`.
- [\#7](https://github.com/arkworks-rs/curves/pull/7) Add benchmarks for Edwards curves.
- [\#19](https://github.com/arkworks-rs/curves/pull/19) Change field constants to be provided as normal strings, instead of in Montgomery form.
- [\#53](https://github.com/arkworks-rs/curves/pull/53) Add benchmarks for Pallas and Vesta curves.
### Improvements
- [\#42](https://github.com/arkworks-rs/curves/pull/42) Remove the dependency of `rand_xorshift`.
### Bug fixes
- [\#28](https://github.com/arkworks-rs/curves/pull/28), [\#49](https://github.com/arkworks-rs/curves/pull/49) Fix broken documentation links.
- [\#38](https://github.com/arkworks-rs/curves/pull/38) Compile with `panic='abort'` in release mode, for safety of the library across FFI boundaries.
- [\#45](https://github.com/arkworks-rs/curves/pull/45) Fix `ark-ed-on-mnt4-753`.
## v0.1.0
Initial Release

65
CONTRIBUTING.md Normal file
View File

@@ -0,0 +1,65 @@
# Contributing
Thank you for considering making contributions to `curves`!
Contributing to this repo can be done in several forms, such as participating in discussion or proposing code changes.
To ensure a smooth workflow for all contributors, the following general procedure for contributing has been established:
1) Either open or find an issue you'd like to help with
2) Participate in thoughtful discussion on that issue
3) If you would like to contribute:
* If the issue is a feature proposal, ensure that the proposal has been accepted
* Ensure that nobody else has already begun working on this issue.
If they have, please try to contact them to collaborate
* If nobody has been assigned for the issue and you would like to work on it, make a comment on the issue to inform the community of your intentions to begin work. (So we can avoid duplication of efforts)
* We suggest using standard Github best practices for contributing: fork the repo, branch from the HEAD of `master`, make some commits on your branch, and submit a PR from the branch to `master`.
More detail on this is below
* Be sure to include a relevant change log entry in the Pending section of CHANGELOG.md (see file for log format)
* If the change is breaking, we may add migration instructions.
Note that for very small or clear problems (such as typos), or well isolated improvements, it is not required to an open issue to submit a PR.
But be aware that for more complex problems/features touching multiple parts of the codebase, if a PR is opened before an adequate design discussion has taken place in a github issue, that PR runs a larger likelihood of being rejected.
Looking for a good place to start contributing? How about checking out some good first issues
## Branch Structure
`curves` has its default branch as `master`, which is where PRs are merged into. Releases will be periodically made, on no set schedule.
All other branches should be assumed to be miscellaneous feature development branches.
All downstream users of the library should be using tagged versions of the library pulled from cargo.
## How to work on a fork
Please skip this section if you're familiar with contributing to opensource github projects.
First fork the repo from the github UI, and clone it locally.
Then in the repo, you want to add the repo you forked from as a new remote. You do this as:
```bash
git remote add upstream git@github.com:arkworks-rs/curves.git
```
Then the way you make code contributions is to first think of a branch name that describes your change.
Then do the following:
```bash
git checkout master
git pull upstream master
git checkout -b $NEW_BRANCH_NAME
```
and then work as normal on that branch, and pull request to upstream master when you're done =)
## Updating documentation
All PRs should aim to leave the code more documented than it started with.
Please don't assume that its easy to infer what the code is doing,
as that is usually not the case for these complex protocols.
(Even when you already understand the paper!)
Its often very useful to describe what is the high level view of what a code block is doing,
and either refer to the relevant section of a paper or include a short proof/argument for why it makes sense before the actual logic.
## Performance improvements
All performance improvements should be accompanied with benchmarks improving, or otherwise have it be clear that things have improved.
For some areas of the codebase, performance roughly follows the number of field multiplications, but there are also many areas where
hard to predict low level system effects such as cache locality and superscalar operations become important for performance.
Thus performance can often become very non-intuitive / diverge from minimizing the number of arithmetic operations.

458
Cargo.lock generated
View File

@@ -1,458 +0,0 @@
# This file is automatically @generated by Cargo.
# It is not intended for manual editing.
[[package]]
name = "ark-bls12-377"
version = "0.1.0"
dependencies = [
"ark-curve-tests",
"ark-ec",
"ark-ff",
"ark-serialize",
"ark-std",
"rand",
"rand_xorshift",
]
[[package]]
name = "ark-bls12-381"
version = "0.1.0"
dependencies = [
"ark-curve-tests",
"ark-ec",
"ark-ff",
"ark-serialize",
"ark-std",
"rand",
"rand_xorshift",
]
[[package]]
name = "ark-bn254"
version = "0.1.0"
dependencies = [
"ark-curve-tests",
"ark-ec",
"ark-ff",
"ark-serialize",
"ark-std",
"rand",
"rand_xorshift",
]
[[package]]
name = "ark-bw6-761"
version = "0.1.0"
dependencies = [
"ark-bls12-377",
"ark-curve-tests",
"ark-ec",
"ark-ff",
"ark-serialize",
"ark-std",
"rand",
"rand_xorshift",
]
[[package]]
name = "ark-cp6-782"
version = "0.1.0"
dependencies = [
"ark-bls12-377",
"ark-curve-tests",
"ark-ec",
"ark-ff",
"ark-serialize",
"ark-std",
"rand",
"rand_xorshift",
]
[[package]]
name = "ark-curve-benches"
version = "0.1.1-alpha.0"
dependencies = [
"ark-bls12-377",
"ark-bls12-381",
"ark-bn254",
"ark-bw6-761",
"ark-cp6-782",
"ark-ec",
"ark-ff",
"ark-mnt4-298",
"ark-mnt4-753",
"ark-mnt6-298",
"ark-mnt6-753",
"ark-serialize",
"paste",
"rand",
"rand_xorshift",
"rustc_version",
]
[[package]]
name = "ark-curve-tests"
version = "0.1.0"
dependencies = [
"ark-ec",
"ark-ff",
"ark-serialize",
"ark-std",
"rand",
"rand_xorshift",
]
[[package]]
name = "ark-ec"
version = "0.1.0"
source = "git+https://github.com/arkworks-rs/algebra#d5202f896ca9700c5c22d7a1266ada600f913dc4"
dependencies = [
"ark-ff",
"ark-serialize",
"ark-std",
"derivative",
"num-traits",
"rand",
]
[[package]]
name = "ark-ed-on-bls12-377"
version = "0.1.0"
dependencies = [
"ark-bls12-377",
"ark-curve-tests",
"ark-ec",
"ark-ff",
"ark-serialize",
"ark-std",
"rand",
"rand_xorshift",
]
[[package]]
name = "ark-ed-on-bls12-381"
version = "0.1.0"
dependencies = [
"ark-bls12-381",
"ark-curve-tests",
"ark-ec",
"ark-ff",
"ark-serialize",
"ark-std",
"rand",
"rand_xorshift",
]
[[package]]
name = "ark-ed-on-bn254"
version = "0.1.0"
dependencies = [
"ark-bn254",
"ark-curve-tests",
"ark-ec",
"ark-ff",
"ark-serialize",
"ark-std",
"rand",
"rand_xorshift",
]
[[package]]
name = "ark-ed-on-bw6-761"
version = "0.1.0"
dependencies = [
"ark-ed-on-cp6-782",
]
[[package]]
name = "ark-ed-on-cp6-782"
version = "0.1.0"
dependencies = [
"ark-bls12-377",
"ark-curve-tests",
"ark-ec",
"ark-ff",
"ark-serialize",
"ark-std",
"rand",
"rand_xorshift",
]
[[package]]
name = "ark-ed-on-mnt4-298"
version = "0.1.0"
dependencies = [
"ark-curve-tests",
"ark-ec",
"ark-ff",
"ark-mnt4-298",
"ark-serialize",
"ark-std",
"rand",
"rand_xorshift",
]
[[package]]
name = "ark-ff"
version = "0.1.0"
source = "git+https://github.com/arkworks-rs/algebra#d5202f896ca9700c5c22d7a1266ada600f913dc4"
dependencies = [
"ark-ff-asm",
"ark-serialize",
"ark-std",
"derivative",
"num-traits",
"rand",
"rustc_version",
]
[[package]]
name = "ark-ff-asm"
version = "0.1.0"
source = "git+https://github.com/arkworks-rs/algebra#d5202f896ca9700c5c22d7a1266ada600f913dc4"
dependencies = [
"quote",
"syn",
]
[[package]]
name = "ark-mnt4-298"
version = "0.1.0"
dependencies = [
"ark-curve-tests",
"ark-ec",
"ark-ff",
"ark-serialize",
"ark-std",
"rand",
"rand_xorshift",
]
[[package]]
name = "ark-mnt4-753"
version = "0.1.0"
dependencies = [
"ark-curve-tests",
"ark-ec",
"ark-ff",
"ark-serialize",
"ark-std",
"rand",
"rand_xorshift",
]
[[package]]
name = "ark-mnt6-298"
version = "0.1.0"
dependencies = [
"ark-curve-tests",
"ark-ec",
"ark-ff",
"ark-mnt4-298",
"ark-serialize",
"ark-std",
"rand",
"rand_xorshift",
]
[[package]]
name = "ark-mnt6-753"
version = "0.1.0"
dependencies = [
"ark-curve-tests",
"ark-ec",
"ark-ff",
"ark-mnt4-753",
"ark-serialize",
"ark-std",
"rand",
"rand_xorshift",
]
[[package]]
name = "ark-serialize"
version = "0.1.0"
source = "git+https://github.com/arkworks-rs/algebra#d5202f896ca9700c5c22d7a1266ada600f913dc4"
dependencies = [
"ark-std",
]
[[package]]
name = "ark-std"
version = "0.1.0"
source = "git+https://github.com/arkworks-rs/utils#7bde3ab01799da8429b8fa9c3f152201415cdfe7"
[[package]]
name = "autocfg"
version = "1.0.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "cdb031dd78e28731d87d56cc8ffef4a8f36ca26c38fe2de700543e627f8a464a"
[[package]]
name = "cfg-if"
version = "0.1.10"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4785bdd1c96b2a846b2bd7cc02e86b6b3dbf14e7e53446c4f54c92a361040822"
[[package]]
name = "derivative"
version = "2.1.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "cb582b60359da160a9477ee80f15c8d784c477e69c217ef2cdd4169c24ea380f"
dependencies = [
"proc-macro2",
"quote",
"syn",
]
[[package]]
name = "getrandom"
version = "0.1.15"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "fc587bc0ec293155d5bfa6b9891ec18a1e330c234f896ea47fbada4cadbe47e6"
dependencies = [
"cfg-if",
"libc",
"wasi",
]
[[package]]
name = "libc"
version = "0.2.79"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "2448f6066e80e3bfc792e9c98bf705b4b0fc6e8ef5b43e5889aff0eaa9c58743"
[[package]]
name = "num-traits"
version = "0.2.12"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ac267bcc07f48ee5f8935ab0d24f316fb722d7a1292e2913f0cc196b29ffd611"
dependencies = [
"autocfg",
]
[[package]]
name = "paste"
version = "1.0.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0520af26d4cf99643dbbe093a61507922b57232d9978d8491fdc8f7b44573c8c"
[[package]]
name = "ppv-lite86"
version = "0.2.9"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c36fa947111f5c62a733b652544dd0016a43ce89619538a8ef92724a6f501a20"
[[package]]
name = "proc-macro2"
version = "1.0.24"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1e0704ee1a7e00d7bb417d0770ea303c1bccbabf0ef1667dae92b5967f5f8a71"
dependencies = [
"unicode-xid",
]
[[package]]
name = "quote"
version = "1.0.7"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "aa563d17ecb180e500da1cfd2b028310ac758de548efdd203e18f283af693f37"
dependencies = [
"proc-macro2",
]
[[package]]
name = "rand"
version = "0.7.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6a6b1679d49b24bbfe0c803429aa1874472f50d9b363131f0e89fc356b544d03"
dependencies = [
"getrandom",
"libc",
"rand_chacha",
"rand_core",
"rand_hc",
]
[[package]]
name = "rand_chacha"
version = "0.2.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f4c8ed856279c9737206bf725bf36935d8666ead7aa69b52be55af369d193402"
dependencies = [
"ppv-lite86",
"rand_core",
]
[[package]]
name = "rand_core"
version = "0.5.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "90bde5296fc891b0cef12a6d03ddccc162ce7b2aff54160af9338f8d40df6d19"
dependencies = [
"getrandom",
]
[[package]]
name = "rand_hc"
version = "0.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ca3129af7b92a17112d59ad498c6f81eaf463253766b90396d39ea7a39d6613c"
dependencies = [
"rand_core",
]
[[package]]
name = "rand_xorshift"
version = "0.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "77d416b86801d23dde1aa643023b775c3a462efc0ed96443add11546cdf1dca8"
dependencies = [
"rand_core",
]
[[package]]
name = "rustc_version"
version = "0.2.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "138e3e0acb6c9fb258b19b67cb8abd63c00679d2851805ea151465464fe9030a"
dependencies = [
"semver",
]
[[package]]
name = "semver"
version = "0.9.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1d7eb9ef2c18661902cc47e535f9bc51b78acd254da71d375c2f6720d9a40403"
dependencies = [
"semver-parser",
]
[[package]]
name = "semver-parser"
version = "0.7.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "388a1df253eca08550bef6c72392cfe7c30914bf41df5269b68cbd6ff8f570a3"
[[package]]
name = "syn"
version = "1.0.44"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e03e57e4fcbfe7749842d53e24ccb9aa12b7252dbe5e91d2acad31834c8b8fdd"
dependencies = [
"proc-macro2",
"quote",
"unicode-xid",
]
[[package]]
name = "unicode-xid"
version = "0.2.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f7fe0bb3479651439c9112f72b6c505038574c9fbb575ed1bf3b797fa39dd564"
[[package]]
name = "wasi"
version = "0.9.0+wasi-snapshot-preview1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "cccddf32554fecc6acb585f82a32a72e28b48f8c4c1883ddfeeeaa96f7d8e519"

16
Cargo.toml
View File

@@ -2,7 +2,7 @@
members = [
"curve-benches",
"curve-tests",
"curve-constraint-tests",
"bls12_377",
"ed_on_bls12_377",
@@ -15,6 +15,7 @@ members = [
"bls12_381",
"ed_on_bls12_381",
"ed_on_bls12_381_bandersnatch",
"bn254",
"ed_on_bn254",
@@ -25,13 +26,17 @@ members = [
"mnt4_753",
"mnt6_753",
"ed_on_mnt4_298",
"ed_on_mnt4_753",
"pallas",
"vesta",
]
[profile.release]
opt-level = 3
lto = "thin"
incremental = true
panic = 'abort'
[profile.bench]
opt-level = 3
@@ -43,6 +48,7 @@ debug-assertions = false
[profile.dev]
opt-level = 0
panic = 'abort'
[profile.test]
opt-level = 3
@@ -50,3 +56,9 @@ lto = "thin"
incremental = true
debug-assertions = true
debug = true
# To be removed in the new release.
[patch.crates-io]
ark-ec = { git = "https://github.com/arkworks-rs/algebra" }
ark-ff = { git = "https://github.com/arkworks-rs/algebra" }
ark-serialize = { git = "https://github.com/arkworks-rs/algebra" }

37
README.md
View File

@@ -1,31 +1,36 @@
# Curve implementations
This directory contains implementations of some popular elliptic curves.
This repository contains implementations of some popular elliptic curves. The curve API implemented here matches the curve traits defined [here](https://github.com/arkworks-rs/algebra/blob/master/ec/src/lib.rs) in the [arkworks-rs/algebra](https://github.com/arkworks-rs/algebra) repository.
### BLS12-381 and embedded curves
* [`ark-bls12-381`](bls12-381): Implements the BLS12-381 pairing-friendly curve
* [`ark-ed-on-bls12-381`](ed-on-bls12-381): Implements a Twisted Edwards curve atop the scalar field of BLS12-381
* [`ark-bls12-381`](bls12_381): Implements the BLS12-381 pairing-friendly curve
* [`ark-ed-on-bls12-381`](ed_on_bls12_381): Implements a Twisted Edwards curve atop the scalar field of BLS12-381
* [`ark-ed-on-bls12-381-bandersnatch`](ed_on_bls12_381_bandersnatch): Implements Bandersnatch, another Twisted Edwards curve atop the scalar field of BLS12-381
### BLS12-377 and related curves
* [`ark-bls12-377`](bls12-377): Implements the BLS12-377 pairing-friendly curve
* [`ark-ed-on-bls12-377`](ed-on-bls12-377): Implements a Twisted Edwards curve atop the scalar field of BLS12-377
* [`ark-bls12-377`](bls12_377): Implements the BLS12-377 pairing-friendly curve
* [`ark-ed-on-bls12-377`](ed_on_bls12_377): Implements a Twisted Edwards curve atop the scalar field of BLS12-377
* [`ark-bw6-761`](bw6-761): Implements the BW6-761 pairing-friendly curve, which is a curve whose scalar field equals the base field of BLS12-377
* [`ark-ed-on-bw6-761`](ed-on-bw6-761): Implements a Twisted Edwards curve atop the scalar field of BW6-761
* [`ark-bw6-761`](bw6_761): Implements the BW6-761 pairing-friendly curve, which is a curve whose scalar field equals the base field of BLS12-377
* [`ark-ed-on-bw6-761`](ed_on_bw6_761): Implements a Twisted Edwards curve atop the scalar field of BW6-761
* [`ark-cp6-782`](cp6-782): Implements the CP6-782 pairing-friendly curve, which is a curve whose scalar field equals the base field of BLS12-377
* [`ark-ed-on-cp6-782`](ed-on-cp6-782): Implements a Twisted Edwards curve atop the scalar field of CP6-782. This is the same curve as in `ark-ed-on-bw6-761`
* [`ark-cp6-782`](cp6_782): Implements the CP6-782 pairing-friendly curve, which is a curve whose scalar field equals the base field of BLS12-377
* [`ark-ed-on-cp6-782`](ed_on_cp6_782): Implements a Twisted Edwards curve atop the scalar field of CP6-782. This is the same curve as in `ark-ed-on-bw6-761`
### BN254 and related curves
* [`ark-bn254`](bn254): Implements the BN254 pairing-friendly curve
* [`ark-ed-on-bn254`](ed-on-bn254): Implements a Twisted Edwards curve atop the scalar field of BN254
* [`ark-ed-on-bn254`](ed_on_bn254): Implements a Twisted Edwards curve atop the scalar field of BN254
### MNT-298 cycle of curves and related curves
* [`ark-mnt4-298`](mnt4-298): Implements the MNT4-298 pairing-friendly curve. This curve forms a pairing-friendly cycle with MNT6-298
* [`ark-mnt6-298`](mnt6-298): Implements the MNT6-298 pairing-friendly curve. This curve forms a pairing-friendly cycle with MNT4-298
* [`ark-ed-on-mnt4-298`](ed-on-mnt4-298): Implements a Twisted Edwards curve atop the scalar field of MNT4-298
* [`ark-mnt4-298`](mnt4_298): Implements the MNT4-298 pairing-friendly curve. This curve forms a pairing-friendly cycle with MNT6-298
* [`ark-mnt6-298`](mnt6_298): Implements the MNT6-298 pairing-friendly curve. This curve forms a pairing-friendly cycle with MNT4-298
* [`ark-ed-on-mnt4-298`](ed_on_mnt4_298): Implements a Twisted Edwards curve atop the scalar field of MNT4-298
### MNT-753 cycle of curves and related curves
* [`ark-mnt4-753`](mnt4-753): Implements the MNT4-753 pairing-friendly curve. This curve forms a pairing-friendly cycle with MNT6-753
* [`ark-mnt6-753`](mnt6-753): Implements the MNT6-753 pairing-friendly curve. This curve forms a pairing-friendly cycle with MNT4-753
* [`ark-ed-on-mnt4-753`](ed-on-mnt4-753): Implements a Twisted Edwards curve atop the scalar field of MNT4-753
* [`ark-mnt4-753`](mnt4_753): Implements the MNT4-753 pairing-friendly curve. This curve forms a pairing-friendly cycle with MNT6-753
* [`ark-mnt6-753`](mnt6_753): Implements the MNT6-753 pairing-friendly curve. This curve forms a pairing-friendly cycle with MNT4-753
* [`ark-ed-on-mnt4-753`](ed_on_mnt4_753): Implements a Twisted Edwards curve atop the scalar field of MNT4-753
### [Pasta](https://electriccoin.co/blog/the-pasta-curves-for-halo-2-and-beyond/) cycle of curves
* [`ark-pallas`](pallas): Implements Pallas, a prime-order curve that forms an amicable pair with Vesta
* [`ark-vesta`](vesta): Implements Vesta, a prime-order curve that forms an amicable pair with Pallas

24
bls12_377/Cargo.toml
View File

@@ -1,27 +1,28 @@
[package]
name = "ark-bls12-377"
version = "0.1.0"
version = "0.3.0"
authors = [ "arkworks contributors" ]
description = "The BLS12-377 pairing-friendly elliptic curve"
homepage = "https://arworks.rs"
repository = "https://github.com/arkworks/algebra"
homepage = "https://arkworks.rs"
repository = "https://github.com/arkworks-rs/curves"
documentation = "https://docs.rs/ark-bls12-377/"
keywords = ["cryptography", "finite fields", "elliptic curves" ]
keywords = ["cryptography", "finite-fields", "elliptic-curves" ]
categories = ["cryptography"]
include = ["Cargo.toml", "src", "README.md", "LICENSE-APACHE", "LICENSE-MIT"]
license = "MIT/Apache-2.0"
edition = "2018"
[dependencies]
ark-ff = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-ec = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-std = { git = "https://github.com/arkworks-rs/utils", default-features = false }
ark-ff = { version="^0.3.0", default-features = false }
ark-ec = { version="^0.3.0", default-features = false }
ark-r1cs-std = { version="^0.3.0", default-features = false, optional = true }
ark-std = { version="^0.3.0", default-features = false }
[dev-dependencies]
ark-serialize = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-curve-tests = { path = "../curve-tests", default-features = false }
rand = { version = "0.7", default-features = false }
rand_xorshift = "0.2"
ark-relations = { version="^0.3.0", default-features = false }
ark-serialize = { version="^0.3.0", default-features = false }
ark-algebra-test-templates = { version="^0.3.0", default-features = false }
ark-curve-constraint-tests = { path = "../curve-constraint-tests", default-features = false }
[features]
default = [ "curve" ]
@@ -30,3 +31,4 @@ std = [ "ark-std/std", "ark-ff/std", "ark-ec/std" ]
curve = [ "scalar_field", "base_field" ]
scalar_field = []
base_field = []
r1cs = [ "base_field", "ark-r1cs-std" ]

45
bls12_377/src/constraints/curves.rs Normal file
View File

@@ -0,0 +1,45 @@
use crate::Parameters;
use ark_ec::bls12::Bls12Parameters;
use ark_ec::ModelParameters;
use ark_r1cs_std::{
fields::fp::FpVar,
groups::{bls12, curves::twisted_edwards::AffineVar as TEAffineVar},
};
/// An element of G1 in the BLS12-377 bilinear group.
pub type G1Var = bls12::G1Var<Parameters>;
/// An element of G2 in the BLS12-377 bilinear group.
pub type G2Var = bls12::G2Var<Parameters>;
/// An element of G1 (in TE Affine form) in the BLS12-377 bilinear group.
pub type G1TEAffineVar = TEAffineVar<
<Parameters as Bls12Parameters>::G1Parameters,
FpVar<<<Parameters as Bls12Parameters>::G1Parameters as ModelParameters>::BaseField>,
>;
/// Represents the cached precomputation that can be performed on a G1 element
/// which enables speeding up pairing computation.
pub type G1PreparedVar = bls12::G1PreparedVar<Parameters>;
/// Represents the cached precomputation that can be performed on a G2 element
/// which enables speeding up pairing computation.
pub type G2PreparedVar = bls12::G2PreparedVar<Parameters>;
#[test]
fn test() {
use ark_ec::models::bls12::Bls12Parameters;
ark_curve_constraint_tests::curves::sw_test::<
<Parameters as Bls12Parameters>::G1Parameters,
G1Var,
>()
.unwrap();
ark_curve_constraint_tests::curves::te_test::<
<Parameters as Bls12Parameters>::G1Parameters,
G1TEAffineVar,
>()
.unwrap();
ark_curve_constraint_tests::curves::sw_test::<
<Parameters as Bls12Parameters>::G2Parameters,
G2Var,
>()
.unwrap();
}

32
bls12_377/src/constraints/fields.rs Normal file
View File

@@ -0,0 +1,32 @@
use crate::{Fq, Fq12Parameters, Fq2Parameters, Fq6Parameters};
use ark_r1cs_std::fields::{fp::FpVar, fp12::Fp12Var, fp2::Fp2Var, fp6_3over2::Fp6Var};
/// A variable that is the R1CS equivalent of `crate::Fq`.
pub type FqVar = FpVar<Fq>;
/// A variable that is the R1CS equivalent of `crate::Fq2`.
pub type Fq2Var = Fp2Var<Fq2Parameters>;
/// A variable that is the R1CS equivalent of `crate::Fq6`.
pub type Fq6Var = Fp6Var<Fq6Parameters>;
/// A variable that is the R1CS equivalent of `crate::Fq12`.
pub type Fq12Var = Fp12Var<Fq12Parameters>;
#[test]
fn bls12_377_field_test() {
use super::*;
use crate::{Fq, Fq12, Fq2, Fq6};
use ark_curve_constraint_tests::fields::*;
field_test::<_, _, FqVar>().unwrap();
frobenius_tests::<Fq, _, FqVar>(13).unwrap();
field_test::<_, _, Fq2Var>().unwrap();
frobenius_tests::<Fq2, _, Fq2Var>(13).unwrap();
field_test::<_, _, Fq6Var>().unwrap();
frobenius_tests::<Fq6, _, Fq6Var>(13).unwrap();
field_test::<_, _, Fq12Var>().unwrap();
frobenius_tests::<Fq12, _, Fq12Var>(13).unwrap();
}

163
bls12_377/src/constraints/mod.rs Normal file
View File

@@ -0,0 +1,163 @@
//! This module implements the R1CS equivalent of `crate`.
//!
//! It implements field variables for `crate::{Fq, Fq2, Fq6, Fq12}`,
//! group variables for `crate::{G1, G2}`, and implements constraint
//! generation for computing `Bls12_377::pairing`.
//!
//! The field underlying these constraints is `crate::Fq`.
//!
//! # Examples
//!
//! One can perform standard algebraic operations on `FqVar`:
//!
//! ```
//! # fn main() -> Result<(), ark_relations::r1cs::SynthesisError> {
//! use ark_std::UniformRand;
//! use ark_relations::r1cs::*;
//! use ark_r1cs_std::prelude::*;
//! use ark_bls12_377::{*, constraints::*};
//!
//! let cs = ConstraintSystem::<Fq>::new_ref();
//! // This rng is just for test purposes; do not use it
//! // in real applications.
//! let mut rng = ark_std::test_rng();
//!
//! // Generate some random `Fq` elements.
//! let a_native = Fq::rand(&mut rng);
//! let b_native = Fq::rand(&mut rng);
//!
//! // Allocate `a_native` and `b_native` as witness variables in `cs`.
//! let a = FqVar::new_witness(ark_relations::ns!(cs, "generate_a"), || Ok(a_native))?;
//! let b = FqVar::new_witness(ark_relations::ns!(cs, "generate_b"), || Ok(b_native))?;
//!
//! // Allocate `a_native` and `b_native` as constants in `cs`. This does not add any
//! // constraints or variables.
//! let a_const = FqVar::new_constant(ark_relations::ns!(cs, "a_as_constant"), a_native)?;
//! let b_const = FqVar::new_constant(ark_relations::ns!(cs, "b_as_constant"), b_native)?;
//!
//! let one = FqVar::one();
//! let zero = FqVar::zero();
//!
//! // Sanity check one + one = two
//! let two = &one + &one + &zero;
//! two.enforce_equal(&one.double()?)?;
//!
//! assert!(cs.is_satisfied()?);
//!
//! // Check that the value of &a + &b is correct.
//! assert_eq!((&a + &b).value()?, a_native + &b_native);
//!
//! // Check that the value of &a * &b is correct.
//! assert_eq!((&a * &b).value()?, a_native * &b_native);
//!
//! // Check that operations on variables and constants are equivalent.
//! (&a + &b).enforce_equal(&(&a_const + &b_const))?;
//! assert!(cs.is_satisfied()?);
//! # Ok(())
//! # }
//! ```
//!
//! One can also perform standard algebraic operations on `G1Var` and `G2Var`:
//!
//! ```
//! # fn main() -> Result<(), ark_relations::r1cs::SynthesisError> {
//! # use ark_std::UniformRand;
//! # use ark_relations::r1cs::*;
//! # use ark_r1cs_std::prelude::*;
//! # use ark_bls12_377::{*, constraints::*};
//!
//! # let cs = ConstraintSystem::<Fq>::new_ref();
//! # let mut rng = ark_std::test_rng();
//!
//! // Generate some random `G1` elements.
//! let a_native = G1Projective::rand(&mut rng);
//! let b_native = G1Projective::rand(&mut rng);
//!
//! // Allocate `a_native` and `b_native` as witness variables in `cs`.
//! let a = G1Var::new_witness(ark_relations::ns!(cs, "a"), || Ok(a_native))?;
//! let b = G1Var::new_witness(ark_relations::ns!(cs, "b"), || Ok(b_native))?;
//!
//! // Allocate `a_native` and `b_native` as constants in `cs`. This does not add any
//! // constraints or variables.
//! let a_const = G1Var::new_constant(ark_relations::ns!(cs, "a_as_constant"), a_native)?;
//! let b_const = G1Var::new_constant(ark_relations::ns!(cs, "b_as_constant"), b_native)?;
//!
//! // This returns the identity of `G1`.
//! let zero = G1Var::zero();
//!
//! // Sanity check one + one = two
//! let two_a = &a + &a + &zero;
//! two_a.enforce_equal(&a.double()?)?;
//!
//! assert!(cs.is_satisfied()?);
//!
//! // Check that the value of &a + &b is correct.
//! assert_eq!((&a + &b).value()?, a_native + &b_native);
//!
//! // Check that operations on variables and constants are equivalent.
//! (&a + &b).enforce_equal(&(&a_const + &b_const))?;
//! assert!(cs.is_satisfied()?);
//! # Ok(())
//! # }
//! ```
//!
//! Finally, one can check pairing computations as well:
//!
//! ```
//! # fn main() -> Result<(), ark_relations::r1cs::SynthesisError> {
//! # use ark_std::UniformRand;
//! # use ark_ec::PairingEngine;
//! # use ark_relations::r1cs::*;
//! # use ark_r1cs_std::prelude::*;
//! # use ark_bls12_377::{*, constraints::*};
//!
//! # let cs = ConstraintSystem::<Fq>::new_ref();
//! # let mut rng = ark_std::test_rng();
//!
//! // Generate random `G1` and `G2` elements.
//! let a_native = G1Projective::rand(&mut rng);
//! let b_native = G2Projective::rand(&mut rng);
//!
//! // Allocate `a_native` and `b_native` as witness variables in `cs`.
//! let a = G1Var::new_witness(ark_relations::ns!(cs, "a"), || Ok(a_native))?;
//! let b = G2Var::new_witness(ark_relations::ns!(cs, "b"), || Ok(b_native))?;
//!
//! // Allocate `a_native` and `b_native` as constants in `cs`. This does not add any
//! // constraints or variables.
//! let a_const = G1Var::new_constant(ark_relations::ns!(cs, "a_as_constant"), a_native)?;
//! let b_const = G2Var::new_constant(ark_relations::ns!(cs, "b_as_constant"), b_native)?;
//!
//! let pairing_result_native = Bls12_377::pairing(a_native, b_native);
//!
//! // Prepare `a` and `b` for pairing.
//! let a_prep = constraints::PairingVar::prepare_g1(&a)?;
//! let b_prep = constraints::PairingVar::prepare_g2(&b)?;
//! let pairing_result = constraints::PairingVar::pairing(a_prep, b_prep)?;
//!
//! // Check that the value of &a + &b is correct.
//! assert_eq!(pairing_result.value()?, pairing_result_native);
//!
//! // Check that operations on variables and constants are equivalent.
//! let a_prep_const = constraints::PairingVar::prepare_g1(&a_const)?;
//! let b_prep_const = constraints::PairingVar::prepare_g2(&b_const)?;
//! let pairing_result_const = constraints::PairingVar::pairing(a_prep_const, b_prep_const)?;
//! println!("Done here 3");
//!
//! pairing_result.enforce_equal(&pairing_result_const)?;
//! assert!(cs.is_satisfied()?);
//! # Ok(())
//! # }
//! ```
mod fields;
pub use fields::*;
#[cfg(feature = "curve")]
mod curves;
#[cfg(feature = "curve")]
mod pairing;
#[cfg(feature = "curve")]
pub use curves::*;
#[cfg(feature = "curve")]
pub use pairing::*;

10
bls12_377/src/constraints/pairing.rs Normal file
View File

@@ -0,0 +1,10 @@
use crate::Parameters;
/// Specifies the constraints for computing a pairing in the BLS12-377 bilinear group.
pub type PairingVar = ark_r1cs_std::pairing::bls12::PairingVar<Parameters>;
#[test]
fn test() {
use crate::Bls12_377;
ark_curve_constraint_tests::pairing::bilinearity_test::<Bls12_377, PairingVar>().unwrap()
}

228
bls12_377/src/curves/g1.rs
View File

@@ -1,10 +1,16 @@
use ark_ec::models::{ModelParameters, SWModelParameters};
use ark_ff::{
biginteger::{BigInteger256, BigInteger384},
field_new, Zero,
use ark_ec::models::{
twisted_edwards_extended::{
GroupAffine as TEGroupAffine, GroupProjective as TEGroupProjective,
},
ModelParameters, MontgomeryModelParameters, SWModelParameters, TEModelParameters,
};
use ark_ff::{field_new, Zero};
use core::ops::Neg;
use crate::{Fq, Fr};
use crate::{
fields::{FQ_ONE, FQ_ZERO},
Fq, Fr,
};
#[derive(Clone, Default, PartialEq, Eq)]
pub struct Parameters;
@@ -16,18 +22,11 @@ impl ModelParameters for Parameters {
impl SWModelParameters for Parameters {
/// COEFF_A = 0
const COEFF_A: Fq = field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0]));
const COEFF_A: Fq = FQ_ZERO;
/// COEFF_B = 1
#[rustfmt::skip]
const COEFF_B: Fq = field_new!(Fq, BigInteger384([
0x2cdffffffffff68,
0x51409f837fffffb1,
0x9f7db3a98a7d3ff2,
0x7b4e97b76e7c6305,
0x4cf495bf803c84e8,
0x8d6661e2fdf49a,
]));
const COEFF_B: Fq = FQ_ONE;
/// COFACTOR = (x - 1)^2 / 3 = 30631250834960419227450344600217059328
const COFACTOR: &'static [u64] = &[0x0, 0x170b5d4430000000];
@@ -35,12 +34,7 @@ impl SWModelParameters for Parameters {
/// COFACTOR_INV = COFACTOR^{-1} mod r
/// = 5285428838741532253824584287042945485047145357130994810877
#[rustfmt::skip]
const COFACTOR_INV: Fr = field_new!(Fr, BigInteger256([
2013239619100046060,
4201184776506987597,
2526766393982337036,
1114629510922847535,
]));
const COFACTOR_INV: Fr = field_new!(Fr, "5285428838741532253824584287042945485047145357130994810877");
/// AFFINE_GENERATOR_COEFFS = (G1_GENERATOR_X, G1_GENERATOR_Y)
const AFFINE_GENERATOR_COEFFS: (Self::BaseField, Self::BaseField) =
@@ -52,26 +46,188 @@ impl SWModelParameters for Parameters {
}
}
pub type G1TEAffine = TEGroupAffine<Parameters>;
pub type G1TEProjective = TEGroupProjective<Parameters>;
/// Bls12_377::G1 also has a twisted Edwards form.
/// It can be obtained via the following script, implementing
/// 1. SW -> Montgomery -> TE1 transformation: <https://en.wikipedia.org/wiki/Montgomery_curve>
/// 2. TE1 -> TE2 normalization (enforcing `a = -1`)
/// ``` sage
///
/// # modulus
/// p = 0x1ae3a4617c510eac63b05c06ca1493b1a22d9f300f5138f1ef3622fba094800170b5d44300000008508c00000000001
/// Fp = Zmod(p)
///
/// #####################################################
/// # Weierstrass curve: y² = x³ + A * x + B
/// #####################################################
/// # curve y^2 = x^3 + 1
/// WA = Fp(0)
/// WB = Fp(1)
///
/// #####################################################
/// # Montgomery curve: By² = x³ + A * x² + x
/// #####################################################
/// # root for x^3 + 1 = 0
/// alpha = -1
/// # s = 1 / (sqrt(3alpha^2 + a))
/// s = 1/(Fp(3).sqrt())
///
/// # MA = 3 * alpha * s
/// MA = Fp(228097355113300204138531148905234651262148041026195375645000724271212049151994375092458297304264351187709081232384)
/// # MB = s
/// MB = Fp(10189023633222963290707194929886294091415157242906428298294512798502806398782149227503530278436336312243746741931)
///
/// # #####################################################
/// # # Twisted Edwards curve 1: a * x² + y² = 1 + d * x² * y²
/// # #####################################################
/// # We first convert to TE form obtaining a curve with a != -1, and then
/// # apply a transformation to obtain a TE curve with a = -1.
/// # a = (MA+2)/MB
/// TE1a = Fp(61134141799337779744243169579317764548490943457438569789767076791016838392692895365021181670618017873462480451583)
/// # b = (MA-2)/MB
/// TE1d = Fp(197530284213631314266409564115575768987902569297476090750117185875703629955647927409947706468955342250977841006588)
///
/// # #####################################################
/// # # Twisted Edwards curve 2: a * x² + y² = 1 + d * x² * y²
/// # #####################################################
/// # a = -1
/// TE2a = Fp(-1)
/// # b = -TE1d/TE1a
/// TE2d = Fp(122268283598675559488486339158635529096981886914877139579534153582033676785385790730042363341236035746924960903179)
///
/// ```
impl TEModelParameters for Parameters {
/// COEFF_A = -1
const COEFF_A: Fq = field_new!(Fq, "-1");
/// COEFF_D = 122268283598675559488486339158635529096981886914877139579534153582033676785385790730042363341236035746924960903179 mod q
#[rustfmt::skip]
const COEFF_D: Fq = field_new!(Fq, "122268283598675559488486339158635529096981886914877139579534153582033676785385790730042363341236035746924960903179");
/// COFACTOR = (x - 1)^2 / 3 = 30631250834960419227450344600217059328
const COFACTOR: &'static [u64] = &[0x0, 0x170b5d4430000000];
/// COFACTOR_INV = COFACTOR^{-1} mod r
/// = 5285428838741532253824584287042945485047145357130994810877
#[rustfmt::skip]
const COFACTOR_INV: Fr = field_new!(Fr, "5285428838741532253824584287042945485047145357130994810877");
/// AFFINE_GENERATOR_COEFFS = (GENERATOR_X, GENERATOR_Y)
const AFFINE_GENERATOR_COEFFS: (Self::BaseField, Self::BaseField) =
(TE_GENERATOR_X, TE_GENERATOR_Y);
type MontgomeryModelParameters = Parameters;
/// Multiplication by `a` is multiply by `-1`.
#[inline(always)]
fn mul_by_a(elem: &Self::BaseField) -> Self::BaseField {
elem.neg()
}
}
// BLS12-377::G1 also has a Montgomery form.
// BLS12-377::G1 also has a twisted Edwards form.
// It can be obtained via the following script, implementing
// SW -> Montgomery transformation: <https://en.wikipedia.org/wiki/Montgomery_curve>
// ``` sage
//
// # modulus
// p=0x1ae3a4617c510eac63b05c06ca1493b1a22d9f300f5138f1ef3622fba094800170b5d44300000008508c00000000001
// Fp=Zmod(p)
//
// #####################################################
// # Weierstrass curve: y² = x³ + A * x + B
// #####################################################
// # curve y^2 = x^3 + 1
// WA=Fp(0)
// WB=Fp(1)
//
// #####################################################
// # Montgomery curve: By² = x³ + A * x² + x
// #####################################################
// # root for x^3 + 1 = 0
// alpha = -1
// # s = 1 / (sqrt(3alpha^2 + a))
// s = 1/(Fp(3).sqrt())
//
// # MA = 3 * alpha * s
// MA=Fp(228097355113300204138531148905234651262148041026195375645000724271212049151994375092458297304264351187709081232384)
// # MB = s
// MB=Fp(10189023633222963290707194929886294091415157242906428298294512798502806398782149227503530278436336312243746741931)
// ```
impl MontgomeryModelParameters for Parameters {
/// COEFF_A = 228097355113300204138531148905234651262148041026195375645000724271212049151994375092458297304264351187709081232384
#[rustfmt::skip]
const COEFF_A: Fq = field_new!(Fq, "228097355113300204138531148905234651262148041026195375645000724271212049151994375092458297304264351187709081232384");
/// COEFF_B = 10189023633222963290707194929886294091415157242906428298294512798502806398782149227503530278436336312243746741931
#[rustfmt::skip]
const COEFF_B: Fq = field_new!(Fq, "10189023633222963290707194929886294091415157242906428298294512798502806398782149227503530278436336312243746741931");
type TEModelParameters = Parameters;
}
/// G1_GENERATOR_X =
/// 81937999373150964239938255573465948239988671502647976594219695644855304257327692006745978603320413799295628339695
#[rustfmt::skip]
pub const G1_GENERATOR_X: Fq = field_new!(Fq, BigInteger384([
0x260f33b9772451f4,
0xc54dd773169d5658,
0x5c1551c469a510dd,
0x761662e4425e1698,
0xc97d78cc6f065272,
0xa41206b361fd4d,
]));
pub const G1_GENERATOR_X: Fq = field_new!(Fq, "81937999373150964239938255573465948239988671502647976594219695644855304257327692006745978603320413799295628339695");
/// G1_GENERATOR_Y =
/// 241266749859715473739788878240585681733927191168601896383759122102112907357779751001206799952863815012735208165030
#[rustfmt::skip]
pub const G1_GENERATOR_Y: Fq = field_new!(Fq, BigInteger384([
0x8193961fb8cb81f3,
0x638d4c5f44adb8,
0xfafaf3dad4daf54a,
0xc27849e2d655cd18,
0x2ec3ddb401d52814,
0x7da93326303c71,
]));
pub const G1_GENERATOR_Y: Fq = field_new!(Fq, "241266749859715473739788878240585681733927191168601896383759122102112907357779751001206799952863815012735208165030");
// The generator for twisted Edward form is the same SW generator converted into the normalized TE form (TE2).
// ``` sage
// # following scripts in previous section
// #####################################################
// # Weierstrass curve generator
// #####################################################
// Wx = Fp(81937999373150964239938255573465948239988671502647976594219695644855304257327692006745978603320413799295628339695)
// Wy = Fp(241266749859715473739788878240585681733927191168601896383759122102112907357779751001206799952863815012735208165030)
//
// assert(Wy^2 - Wx^3 - WA * Wx - WB == 0)
//
// #####################################################
// # Montgomery curve generator
// #####################################################
// # x = s * (x - alpha)
// Mx = Fp(251803586774461569862800610331871502335378228972505599912537082323947581271784390797244487924068052270360793200630)
// # y = s * y
// My = Fp(77739247071951651095607889637653357561348174979132042929587539214321586851215673796661346812932566642719051699820)
//
// assert(MB * My^2 == Mx^3+ MA * Mx^2 + Mx)
//
// # #####################################################
// # # Twisted Edwards curve 1 generator
// # #####################################################
// # x = Mx/My
// TE1x = Fp(82241236807150726090333472814441006963902378430536027612759193445733851062772474760677400112551677454953925168208)
// # y = (Mx - 1)/(Mx+1)
// TE1y = Fp(6177051365529633638563236407038680211609544222665285371549726196884440490905471891908272386851767077598415378235)
//
// assert( TE1a * TE1x^2 + TE1y^2 == 1 + TE1d * TE1x^2 * TE1y^2 )
//
//
// # #####################################################
// # # Twisted Edwards curve 2 generator
// # #####################################################
// beta = (-TE1a).sqrt()
// # x = TE1x * sqrt(-TE1a)
// TE2x = Fp(71222569531709137229370268896323705690285216175189308202338047559628438110820800641278662592954630774340654489393)
// # y = TE1y
// TE2y = Fp(6177051365529633638563236407038680211609544222665285371549726196884440490905471891908272386851767077598415378235)
//
// assert( TE2a * TE2x^2 + TE2y^2 == 1 + TE2d * TE2x^2 * TE2y^2 )
// ```
/// TE_GENERATOR_X =
/// 71222569531709137229370268896323705690285216175189308202338047559628438110820800641278662592954630774340654489393
#[rustfmt::skip]
pub const TE_GENERATOR_X: Fq = field_new!(Fq, "71222569531709137229370268896323705690285216175189308202338047559628438110820800641278662592954630774340654489393");
/// TE_GENERATOR_Y =
/// 6177051365529633638563236407038680211609544222665285371549726196884440490905471891908272386851767077598415378235
#[rustfmt::skip]
pub const TE_GENERATOR_Y: Fq = field_new!(Fq, "6177051365529633638563236407038680211609544222665285371549726196884440490905471891908272386851767077598415378235");

61
bls12_377/src/curves/g2.rs
View File

@@ -1,10 +1,7 @@
use ark_ec::models::{ModelParameters, SWModelParameters};
use ark_ff::{
biginteger::{BigInteger256, BigInteger384},
field_new, Zero,
};
use ark_ff::{field_new, Zero};
use crate::{g1, Fq, Fq2, Fr};
use crate::{fields::FQ_ZERO, g1, Fq, Fq2, Fr};
#[derive(Clone, Default, PartialEq, Eq)]
pub struct Parameters;
@@ -30,15 +27,8 @@ impl SWModelParameters for Parameters {
/// 155198655607781456406391640216936120121836107652948796323930557600032281009004493664981332883744016074664192874906]
#[rustfmt::skip]
const COEFF_B: Fq2 = field_new!(Fq2,
field_new!(Fq, BigInteger384([0, 0, 0, 0, 0, 0])),
field_new!(Fq, BigInteger384([
9255502405446297221,
10229180150694123945,
9215585410771530959,
13357015519562362907,
5437107869987383107,
16259554076827459,
])),
FQ_ZERO,
field_new!(Fq, "155198655607781456406391640216936120121836107652948796323930557600032281009004493664981332883744016074664192874906"),
);
/// COFACTOR =
@@ -58,12 +48,7 @@ impl SWModelParameters for Parameters {
/// COFACTOR_INV = COFACTOR^{-1} mod r
/// = 6764900296503390671038341982857278410319949526107311149686707033187604810669
#[rustfmt::skip]
const COFACTOR_INV: Fr = field_new!(Fr, BigInteger256([
15499857013495546999,
4613531467548868169,
14546778081091178013,
549402535258503313,
]));
const COFACTOR_INV: Fr = field_new!(Fr, "6764900296503390671038341982857278410319949526107311149686707033187604810669");
/// AFFINE_GENERATOR_COEFFS = (G2_GENERATOR_X, G2_GENERATOR_Y)
const AFFINE_GENERATOR_COEFFS: (Self::BaseField, Self::BaseField) =
@@ -83,47 +68,19 @@ pub const G2_GENERATOR_Y: Fq2 = field_new!(Fq2, G2_GENERATOR_Y_C0, G2_GENERATOR_
/// G2_GENERATOR_X_C0 =
/// 233578398248691099356572568220835526895379068987715365179118596935057653620464273615301663571204657964920925606294
#[rustfmt::skip]
pub const G2_GENERATOR_X_C0: Fq = field_new!(Fq, BigInteger384([
0x68904082f268725b,
0x668f2ea74f45328b,
0xebca7a65802be84f,
0x1e1850f4c1ada3e6,
0x830dc22d588ef1e9,
0x1862a81767c0982,
]));
pub const G2_GENERATOR_X_C0: Fq = field_new!(Fq, "233578398248691099356572568220835526895379068987715365179118596935057653620464273615301663571204657964920925606294");
/// G2_GENERATOR_X_C1 =
/// 140913150380207355837477652521042157274541796891053068589147167627541651775299824604154852141315666357241556069118
#[rustfmt::skip]
pub const G2_GENERATOR_X_C1: Fq = field_new!(Fq, BigInteger384([
0x5f02a915c91c7f39,
0xf8c553ba388da2a7,
0xd51a416dbd198850,
0xe943c6f38ae3073a,
0xffe24aa8259a4981,
0x11853391e73dfdd,
]));
pub const G2_GENERATOR_X_C1: Fq = field_new!(Fq, "140913150380207355837477652521042157274541796891053068589147167627541651775299824604154852141315666357241556069118");
/// G2_GENERATOR_Y_C0 =
/// 63160294768292073209381361943935198908131692476676907196754037919244929611450776219210369229519898517858833747423
#[rustfmt::skip]
pub const G2_GENERATOR_Y_C0: Fq = field_new!(Fq, BigInteger384([
0xd5b19b897881430f,
0x5be9118a5b371ed,
0x6063f91f86c131ee,
0x3244a61be8f4ec19,
0xa02e425b9f9a3a12,
0x18af8c04f3360d2,
]));
pub const G2_GENERATOR_Y_C0: Fq = field_new!(Fq, "63160294768292073209381361943935198908131692476676907196754037919244929611450776219210369229519898517858833747423");
/// G2_GENERATOR_Y_C1 =
/// 149157405641012693445398062341192467754805999074082136895788947234480009303640899064710353187729182149407503257491
#[rustfmt::skip]
pub const G2_GENERATOR_Y_C1: Fq = field_new!(Fq, BigInteger384([
0x57601ac71a5b96f5,
0xe99acc1714f2440e,
0x2339612f10118ea9,
0x8321e68a3b1cd722,
0x2b543b050cc74917,
0x590182b396c112,
]));
pub const G2_GENERATOR_Y_C1: Fq = field_new!(Fq, "149157405641012693445398062341192467754805999074082136895788947234480009303640899064710353187729182149407503257491");

2
bls12_377/src/curves/mod.rs
View File

@@ -31,3 +31,5 @@ pub type G1Affine = bls12::G1Affine<Parameters>;
pub type G1Projective = bls12::G1Projective<Parameters>;
pub type G2Affine = bls12::G2Affine<Parameters>;
pub type G2Projective = bls12::G2Projective<Parameters>;
pub use g1::{G1TEAffine, G1TEProjective};

25
bls12_377/src/curves/tests.rs
View File

@@ -1,18 +1,22 @@
#![allow(unused_imports)]
use crate::{
g1, g2, Bls12_377, Fq, Fq12, Fq2, Fr, G1Affine, G1Projective, G1TEProjective, G2Affine,
G2Projective,
};
use ark_ec::{
models::SWModelParameters, short_weierstrass_jacobian, AffineCurve, PairingEngine,
ProjectiveCurve,
};
use ark_ff::{
fields::{Field, FpParameters, PrimeField, SquareRootField},
test_rng, One, Zero,
One, Zero,
};
use ark_serialize::CanonicalSerialize;
use ark_ec::{models::SWModelParameters, AffineCurve, PairingEngine, ProjectiveCurve};
use ark_std::{rand::Rng, test_rng};
use core::ops::{AddAssign, MulAssign};
use rand::Rng;
use crate::{g1, g2, Bls12_377, Fq, Fq12, Fq2, Fr, G1Affine, G1Projective, G2Affine, G2Projective};
use ark_curve_tests::{
curves::{curve_tests, sw_tests},
use ark_algebra_test_templates::{
curves::{curve_tests, edwards_tests, sw_tests},
groups::group_test,
};
@@ -21,6 +25,7 @@ fn test_g1_projective_curve() {
curve_tests::<G1Projective>();
sw_tests::<g1::Parameters>();
edwards_tests::<g1::Parameters>();
}
#[test]
@@ -29,6 +34,10 @@ fn test_g1_projective_group() {
let a: G1Projective = rng.gen();
let b: G1Projective = rng.gen();
group_test(a, b);
let c = rng.gen();
let d = rng.gen();
group_test::<G1TEProjective>(c, d);
}
#[test]

12
bls12_377/src/fields/fq.rs
View File

@@ -1,4 +1,4 @@
use ark_ff::{biginteger::BigInteger384 as BigInteger, field_new, fields::*};
use ark_ff::{biginteger::BigInteger384 as BigInteger, fields::*};
pub type Fq = Fp384<FqParameters>;
@@ -38,6 +38,7 @@ impl FpParameters for FqParameters {
const REPR_SHAVE_BITS: u32 = 7;
/// R = 85013442423176922659824578519796707547925331718418265885885478904210582549405549618995257669764901891699128663912
#[rustfmt::skip]
const R: BigInteger = BigInteger([
202099033278250856u64,
@@ -60,7 +61,9 @@ impl FpParameters for FqParameters {
const INV: u64 = 9586122913090633727u64;
// GENERATOR = -5
/// GENERATOR = -5
/// Encoded in Montgomery form, so the value here is
/// (-5 * R) % q = 92261639910053574722182574790803529333160366917737991650341130812388023949653897454961487930322210790384999596794
#[rustfmt::skip]
const GENERATOR: BigInteger = BigInteger([
0xfc0b8000000002fa,
@@ -82,6 +85,7 @@ impl FpParameters for FqParameters {
]);
// T and T_MINUS_ONE_DIV_TWO, where MODULUS - 1 = 2^S * T
// For T coprime to 2
// T = (MODULUS - 1) // 2^S =
// 3675842578061421676390135839012792950148785745837396071634149488243117337281387659330802195819009059
@@ -109,6 +113,6 @@ impl FpParameters for FqParameters {
}
#[allow(dead_code)]
pub const FQ_ONE: Fq = field_new!(Fq, FqParameters::R);
pub const FQ_ONE: Fq = Fq::new(FqParameters::R);
#[allow(dead_code)]
pub const FQ_ZERO: Fq = field_new!(Fq, BigInteger([0, 0, 0, 0, 0, 0]));
pub const FQ_ZERO: Fq = Fq::new(BigInteger([0, 0, 0, 0, 0, 0]));

115
bls12_377/src/fields/fq12.rs
View File

@@ -1,5 +1,5 @@
use super::*;
use ark_ff::{biginteger::BigInteger384, field_new, fields::*};
use ark_ff::{field_new, fields::*};
pub type Fq12 = Fp12<Fq12Parameters>;
@@ -14,147 +14,60 @@ impl Fp12Parameters for Fq12Parameters {
#[rustfmt::skip]
const FROBENIUS_COEFF_FP12_C1: &'static [Fq2] = &[
// Fp2::NONRESIDUE^(((q^0) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, BigInteger384([
0x2cdffffffffff68,
0x51409f837fffffb1,
0x9f7db3a98a7d3ff2,
0x7b4e97b76e7c6305,
0x4cf495bf803c84e8,
0x8d6661e2fdf49a,
])),
FQ_ZERO,
),
field_new!(Fq2, FQ_ONE, FQ_ZERO),
// Fp2::NONRESIDUE^(((q^1) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, BigInteger384([
0x6ec47a04a3f7ca9e,
0xa42e0cb968c1fa44,
0x578d5187fbd2bd23,
0x930eeb0ac79dd4bd,
0xa24883de1e09a9ee,
0xdaa7058067d46f,
])),
field_new!(Fq, "92949345220277864758624960506473182677953048909283248980960104381795901929519566951595905490535835115111760994353"),
FQ_ZERO,
),
// Fp2::NONRESIDUE^(((q^2) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, BigInteger384([
0x5892506da58478da,
0x133366940ac2a74b,
0x9b64a150cdf726cf,
0x5cc426090a9c587e,
0x5cf848adfdcd640c,
0x4702bf3ac02380,
])),
field_new!(Fq, "80949648264912719408558363140637477264845294720710499478137287262712535938301461879813459410946"),
FQ_ZERO,
),
// Fp2::NONRESIDUE^(((q^3) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, BigInteger384([
0x982c13d9d084771f,
0xfd49de0c6da34a32,
0x61a530d183ab0e53,
0xdf8fe44106dd9879,
0x40f29b58d88472bc,
0x158723199046d5d,
])),
field_new!(Fq, "216465761340224619389371505802605247630151569547285782856803747159100223055385581585702401816380679166954762214499"),
FQ_ZERO,
),
// Fp2::NONRESIDUE^(((q^4) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, BigInteger384([
0xdacd106da5847973,
0xd8fe2454bac2a79a,
0x1ada4fd6fd832edc,
0xfb9868449d150908,
0xd63eb8aeea32285e,
0x167d6a36f873fd0,
])),
field_new!(Fq, "80949648264912719408558363140637477264845294720710499478137287262712535938301461879813459410945"),
FQ_ZERO,
),
// Fp2::NONRESIDUE^(((q^5) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, BigInteger384([
0x296799d52c8cac81,
0x591bd15304e14fee,
0xa17df4987d85130,
0x4c80f9363f3fc3bc,
0x9eaa177aba7ac8ce,
0x7dcb2c189c98ed,
])),
field_new!(Fq, "123516416119946754630746545296132064952198520638002533875843642777304321125866014634106496325844844051843001220146"),
FQ_ZERO,
),
// Fp2::NONRESIDUE^(((q^6) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, BigInteger384([
0x823ac00000000099,
0xc5cabdc0b000004f,
0x7f75ae862f8c080d,
0x9ed4423b9278b089,
0x79467000ec64c452,
0x120d3e434c71c50,
])),
field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])),
field_new!(Fq, "-1"),
FQ_ZERO,
),
// Fp2::NONRESIDUE^(((q^7) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, BigInteger384([
0x164445fb5c083563,
0x72dd508ac73e05bc,
0xc76610a7be368adc,
0x8713eee839573ed1,
0x23f281e24e979f4c,
0xd39340975d3c7b,
])),
field_new!(Fq, "165715080792691229252027773188420350858440463845631411558924158284924566418821255823372982649037525009328560463824"),
FQ_ZERO,
),
// Fp2::NONRESIDUE^(((q^8) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, BigInteger384([
0x2c766f925a7b8727,
0x3d7f6b0253d58b5,
0x838ec0deec122131,
0xbd5eb3e9f658bb10,
0x6942bd126ed3e52e,
0x1673786dd04ed6a,
])),
field_new!(Fq, "258664426012969093929703085429980814127835149614277183275038967946009968870203535512256352201271898244626862047231"),
FQ_ZERO,
),
// Fp2::NONRESIDUE^(((q^9) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, BigInteger384([
0xecdcac262f7b88e2,
0x19c17f37c25cb5cd,
0xbd4e315e365e39ac,
0x3a92f5b1fa177b15,
0x85486a67941cd67e,
0x55c8147ec0a38d,
])),
field_new!(Fq, "42198664672744474621281227892288285906241943207628877683080515507620245292955241189266486323192680957485559243678"),
FQ_ZERO,
),
// Fp2::NONRESIDUE^(((q^10) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, BigInteger384([
0xaa3baf925a7b868e,
0x3e0d38ef753d5865,
0x4191258bc861923,
0x1e8a71ae63e00a87,
0xeffc4d11826f20dc,
0x4663a2a83dd119,
])),
field_new!(Fq, "258664426012969093929703085429980814127835149614277183275038967946009968870203535512256352201271898244626862047232"),
FQ_ZERO,
),
// Fp2::NONRESIDUE^(((q^11) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, BigInteger384([
0x5ba1262ad3735380,
0xbdef8bf12b1eb012,
0x14db82e63230f6cf,
0xcda1e0bcc1b54fd3,
0x2790ee45b226806c,
0x1306f19ff2877fd,
])),
field_new!(Fq, "135148009893022339379906188398761468584194992116912126664040619889416147222474808140862391813728516072597320238031"),
FQ_ZERO,
),
];

41
bls12_377/src/fields/fq2.rs
View File

@@ -1,5 +1,5 @@
use super::*;
use ark_ff::{biginteger::BigInteger384 as BigInteger, field_new, fields::*};
use ark_ff::{field_new, fields::*};
pub type Fq2 = Fp2<Fq2Parameters>;
@@ -10,50 +10,19 @@ impl Fp2Parameters for Fq2Parameters {
/// NONRESIDUE = -5
#[rustfmt::skip]
const NONRESIDUE: Fq = field_new!(Fq, BigInteger([
0xfc0b8000000002fa,
0x97d39cf6e000018b,
0x2072420fbfa05044,
0xcbbcbd50d97c3802,
0xbaf1ec35813f9eb,
0x9974a2c0945ad2,
]));
const NONRESIDUE: Fq = field_new!(Fq, "-5");
/// QUADRATIC_NONRESIDUE = U
#[rustfmt::skip]
const QUADRATIC_NONRESIDUE: (Fq, Fq) = (
field_new!(Fq, BigInteger([0, 0, 0, 0, 0, 0])),
field_new!(Fq, BigInteger([
202099033278250856u64,
5854854902718660529u64,
11492539364873682930u64,
8885205928937022213u64,
5545221690922665192u64,
39800542322357402u64,
])),
);
const QUADRATIC_NONRESIDUE: (Fq, Fq) = (FQ_ZERO, FQ_ONE);
/// Coefficients for the Frobenius automorphism.
#[rustfmt::skip]
const FROBENIUS_COEFF_FP2_C1: &'static [Fq] = &[
// NONRESIDUE**(((q^0) - 1) / 2)
field_new!(Fq, BigInteger([
0x2cdffffffffff68,
0x51409f837fffffb1,
0x9f7db3a98a7d3ff2,
0x7b4e97b76e7c6305,
0x4cf495bf803c84e8,
0x8d6661e2fdf49a,
])),
FQ_ONE,
// NONRESIDUE**(((q^1) - 1) / 2)
field_new!(Fq, BigInteger([
0x823ac00000000099,
0xc5cabdc0b000004f,
0x7f75ae862f8c080d,
0x9ed4423b9278b089,
0x79467000ec64c452,
0x120d3e434c71c50,
])),
field_new!(Fq, "-1"),
];
#[inline(always)]

150
bls12_377/src/fields/fq6.rs
View File

@@ -1,5 +1,5 @@
use super::*;
use ark_ff::{biginteger::BigInteger384, field_new, fields::*};
use ark_ff::{field_new, fields::*};
pub type Fq6 = Fp6<Fq6Parameters>;
@@ -11,166 +11,60 @@ impl Fp6Parameters for Fq6Parameters {
/// NONRESIDUE = U
#[rustfmt::skip]
const NONRESIDUE: Fq2 = field_new!(Fq2,
field_new!(Fq, BigInteger384([0, 0, 0, 0, 0, 0])),
field_new!(Fq, BigInteger384([
202099033278250856u64,
5854854902718660529u64,
11492539364873682930u64,
8885205928937022213u64,
5545221690922665192u64,
39800542322357402u64,
])),
);
const NONRESIDUE: Fq2 = field_new!(Fq2, FQ_ZERO, FQ_ONE);
#[rustfmt::skip]
const FROBENIUS_COEFF_FP6_C1: &'static [Fq2] = &[
// Fp2::NONRESIDUE^(((q^0) - 1) / 3)
field_new!(Fq2,
field_new!(Fq, BigInteger384([
0x2cdffffffffff68,
0x51409f837fffffb1,
0x9f7db3a98a7d3ff2,
0x7b4e97b76e7c6305,
0x4cf495bf803c84e8,
0x8d6661e2fdf49a,
])),
field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])),
),
field_new!(Fq2, FQ_ONE, FQ_ZERO),
// Fp2::NONRESIDUE^(((q^1) - 1) / 3)
field_new!(Fq2,
field_new!(Fq, BigInteger384([
0x5892506da58478da,
0x133366940ac2a74b,
0x9b64a150cdf726cf,
0x5cc426090a9c587e,
0x5cf848adfdcd640c,
0x4702bf3ac02380,
])),
field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])),
field_new!(Fq, "80949648264912719408558363140637477264845294720710499478137287262712535938301461879813459410946"),
FQ_ZERO,
),
// Fp2::NONRESIDUE^(((q^2) - 1) / 3)
field_new!(Fq2,
field_new!(Fq, BigInteger384([
0xdacd106da5847973,
0xd8fe2454bac2a79a,
0x1ada4fd6fd832edc,
0xfb9868449d150908,
0xd63eb8aeea32285e,
0x167d6a36f873fd0,
])),
field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])),
field_new!(Fq, "80949648264912719408558363140637477264845294720710499478137287262712535938301461879813459410945"),
FQ_ZERO,
),
// Fp2::NONRESIDUE^(((q^3) - 1) / 3)
field_new!(Fq2,
field_new!(Fq, BigInteger384([
0x823ac00000000099,
0xc5cabdc0b000004f,
0x7f75ae862f8c080d,
0x9ed4423b9278b089,
0x79467000ec64c452,
0x120d3e434c71c50,
])),
field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])),
),
field_new!(Fq2, field_new!(Fq, "-1"), FQ_ZERO),
// Fp2::NONRESIDUE^(((q^4) - 1) / 3)
field_new!(Fq2,
field_new!(Fq, BigInteger384([
0x2c766f925a7b8727,
0x3d7f6b0253d58b5,
0x838ec0deec122131,
0xbd5eb3e9f658bb10,
0x6942bd126ed3e52e,
0x1673786dd04ed6a,
])),
field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])),
field_new!(Fq, "258664426012969093929703085429980814127835149614277183275038967946009968870203535512256352201271898244626862047231"),
FQ_ZERO,
),
// Fp2::NONRESIDUE^(((q^5) - 1) / 3)
field_new!(Fq2,
field_new!(Fq, BigInteger384([
0xaa3baf925a7b868e,
0x3e0d38ef753d5865,
0x4191258bc861923,
0x1e8a71ae63e00a87,
0xeffc4d11826f20dc,
0x4663a2a83dd119,
])),
field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])),
field_new!(Fq, "258664426012969093929703085429980814127835149614277183275038967946009968870203535512256352201271898244626862047232"),
FQ_ZERO,
),
];
#[rustfmt::skip]
const FROBENIUS_COEFF_FP6_C2: &'static [Fq2] = &[
// Fp2::NONRESIDUE^((2*(q^0) - 2) / 3)
field_new!(Fq2,
field_new!(Fq, BigInteger384([
0x2cdffffffffff68,
0x51409f837fffffb1,
0x9f7db3a98a7d3ff2,
0x7b4e97b76e7c6305,
0x4cf495bf803c84e8,
0x8d6661e2fdf49a,
])),
field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])),
),
field_new!(Fq2, FQ_ONE, FQ_ZERO),
// Fp2::NONRESIDUE^((2*(q^1) - 2) / 3)
field_new!(Fq2,
field_new!(Fq, BigInteger384([
0xdacd106da5847973,
0xd8fe2454bac2a79a,
0x1ada4fd6fd832edc,
0xfb9868449d150908,
0xd63eb8aeea32285e,
0x167d6a36f873fd0,
])),
field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])),
field_new!(Fq, "80949648264912719408558363140637477264845294720710499478137287262712535938301461879813459410945"),
FQ_ZERO
),
// Fp2::NONRESIDUE^((2*(q^2) - 2) / 3)
field_new!(Fq2,
field_new!(Fq, BigInteger384([
0x2c766f925a7b8727,
0x3d7f6b0253d58b5,
0x838ec0deec122131,
0xbd5eb3e9f658bb10,
0x6942bd126ed3e52e,
0x1673786dd04ed6a,
])),
field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])),
field_new!(Fq, "258664426012969093929703085429980814127835149614277183275038967946009968870203535512256352201271898244626862047231"),
FQ_ZERO,
),
// Fp2::NONRESIDUE^((2*(q^3) - 2) / 3)
field_new!(Fq2,
field_new!(Fq, BigInteger384([
0x2cdffffffffff68,
0x51409f837fffffb1,
0x9f7db3a98a7d3ff2,
0x7b4e97b76e7c6305,
0x4cf495bf803c84e8,
0x8d6661e2fdf49a,
])),
field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])),
),
field_new!(Fq2, FQ_ONE, FQ_ZERO),
// Fp2::NONRESIDUE^((2*(q^4) - 2) / 3)
field_new!(Fq2,
field_new!(Fq, BigInteger384([
0xdacd106da5847973,
0xd8fe2454bac2a79a,
0x1ada4fd6fd832edc,
0xfb9868449d150908,
0xd63eb8aeea32285e,
0x167d6a36f873fd0,
])),
field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])),
field_new!(Fq, "80949648264912719408558363140637477264845294720710499478137287262712535938301461879813459410945"),
FQ_ZERO,
),
// Fp2::NONRESIDUE^((2*(q^5) - 2) / 3)
field_new!(Fq2,
field_new!(Fq, BigInteger384([
0x2c766f925a7b8727,
0x3d7f6b0253d58b5,
0x838ec0deec122131,
0xbd5eb3e9f658bb10,
0x6942bd126ed3e52e,
0x1673786dd04ed6a,
])),
field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])),
field_new!(Fq, "258664426012969093929703085429980814127835149614277183275038967946009968870203535512256352201271898244626862047231"),
FQ_ZERO,
),
];

44
bls12_377/src/fields/fr.rs
View File

@@ -1,3 +1,24 @@
//! Bls12-377 scalar field.
///
/// Roots of unity computed from modulus and R using this sage code:
///
/// ```ignore
/// q = 8444461749428370424248824938781546531375899335154063827935233455917409239041
/// R = 6014086494747379908336260804527802945383293308637734276299549080986809532403 # Montgomery R
/// s = 47
/// o = q - 1
/// F = GF(q)
/// g = F.multiplicative_generator()
/// g = F.multiplicative_generator()
/// assert g.multiplicative_order() == o
/// g2 = g ** (o/2**s)
/// assert g2.multiplicative_order() == 2**s
/// def into_chunks(val, width, n):
/// return [int(int(val) // (2 ** (width * i)) % 2 ** width) for i in range(n)]
/// print("Gen: ", g * R % q)
/// print("Gen: ", into_chunks(g * R % q, 64, 4))
/// print("2-adic gen: ", into_chunks(g2 * R % q, 64, 4))
/// ```
use ark_ff::{biginteger::BigInteger256 as BigInteger, fields::*};
pub type Fr = Fp256<FrParameters>;
@@ -12,10 +33,10 @@ impl FftParameters for FrParameters {
#[rustfmt::skip]
const TWO_ADIC_ROOT_OF_UNITY: BigInteger = BigInteger([
0x3c3d3ca739381fb2,
0x9a14cda3ec99772b,
0xd7aacc7c59724826,
0xd1ba211c5cc349c,
12646347781564978760u64,
6783048705277173164u64,
268534165941069093u64,
1121515446318641358u64,
]);
}
impl FpParameters for FrParameters {
@@ -34,6 +55,7 @@ impl FpParameters for FrParameters {
const REPR_SHAVE_BITS: u32 = 3;
/// R = 6014086494747379908336260804527802945383293308637734276299549080986809532403
#[rustfmt::skip]
const R: BigInteger = BigInteger([
9015221291577245683u64,
@@ -52,13 +74,16 @@ impl FpParameters for FrParameters {
const INV: u64 = 725501752471715839u64;
// GENERATOR = 11
/// GENERATOR = 22
/// Encoded in Montgomery form, so the value is
/// (22 * R) % q =
/// 5642976643016801619665363617888466827793962762719196659561577942948671127251
#[rustfmt::skip]
const GENERATOR: BigInteger = BigInteger([
1855201571499933546u64,
8511318076631809892u64,
6222514765367795509u64,
1122129207579058019u64,
2984901390528151251u64,
10561528701063790279u64,
5476750214495080041u64,
898978044469942640u64,
]);
/// (r - 1)/2 =
@@ -72,6 +97,7 @@ impl FpParameters for FrParameters {
]);
// T and T_MINUS_ONE_DIV_TWO, where r - 1 = 2^s * t
// For T coprime to 2
/// t = (r - 1) / 2^s =
/// 60001509534603559531609739528203892656505753216962260608619555

36
bls12_377/src/fields/tests.rs
View File

@@ -4,19 +4,18 @@ use ark_ff::{
fp6_3over2::Fp6Parameters, FftField, FftParameters, Field, Fp2Parameters, FpParameters,
PrimeField, SquareRootField,
},
test_rng, One, UniformRand, Zero,
One, UniformRand, Zero,
};
use ark_serialize::{buffer_bit_byte_size, CanonicalSerialize};
use ark_std::{rand::Rng, test_rng};
use core::{
cmp::Ordering,
ops::{AddAssign, MulAssign, SubAssign},
};
use rand::{Rng, SeedableRng};
use rand_xorshift::XorShiftRng;
use crate::{Fq, Fq12, Fq2, Fq2Parameters, Fq6, Fq6Parameters, FqParameters, Fr};
use ark_curve_tests::fields::*;
use ark_algebra_test_templates::fields::*;
pub(crate) const ITERATIONS: usize = 5;
@@ -72,6 +71,7 @@ fn test_fq6() {
let h: Fq6 = rng.gen();
field_test(g, h);
}
frobenius_test::<Fq6, _>(Fq::characteristic(), 13);
let byte_size = Fq6::zero().serialized_size();
field_serialization_test::<Fq6>(byte_size);
@@ -133,7 +133,7 @@ fn test_fq_repr_num_bits() {
fn test_fq_add_assign() {
// Test associativity
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let mut rng = test_rng();
for _ in 0..1000 {
// Generate a, b, c and ensure (a + b) + c == a + (b + c).
@@ -155,7 +155,7 @@ fn test_fq_add_assign() {
#[test]
fn test_fq_sub_assign() {
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let mut rng = test_rng();
for _ in 0..1000 {
// Ensure that (a - b) + (b - a) = 0.
@@ -175,7 +175,7 @@ fn test_fq_sub_assign() {
#[test]
fn test_fq_mul_assign() {
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let mut rng = test_rng();
for _ in 0..1000000 {
// Ensure that (a * b) * c = a * (b * c)
@@ -220,7 +220,7 @@ fn test_fq_mul_assign() {
#[test]
fn test_fq_squaring() {
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let mut rng = test_rng();
for _ in 0..1000000 {
// Ensure that (a * a) = a^2
@@ -240,7 +240,7 @@ fn test_fq_squaring() {
fn test_fq_inverse() {
assert!(Fq::zero().inverse().is_none());
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let mut rng = test_rng();
let one = Fq::one();
@@ -255,7 +255,7 @@ fn test_fq_inverse() {
#[test]
fn test_fq_double_in_place() {
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let mut rng = test_rng();
for _ in 0..1000 {
// Ensure doubling a is equivalent to adding a to itself.
@@ -275,7 +275,7 @@ fn test_fq_negate() {
assert!(a.is_zero());
}
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let mut rng = test_rng();
for _ in 0..1000 {
// Ensure (a - (-a)) = 0.
@@ -289,7 +289,7 @@ fn test_fq_negate() {
#[test]
fn test_fq_pow() {
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let mut rng = test_rng();
for i in 0..1000 {
// Exponentiate by various small numbers and ensure it consists with repeated
@@ -313,7 +313,7 @@ fn test_fq_pow() {
#[test]
fn test_fq_sqrt() {
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let mut rng = test_rng();
assert_eq!(Fq::zero().sqrt().unwrap(), Fq::zero());
@@ -436,7 +436,7 @@ fn test_fq2_legendre() {
#[test]
fn test_fq2_mul_nonresidue() {
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let mut rng = test_rng();
let nqr = Fq2::new(Fq::zero(), Fq::one());
@@ -456,7 +456,7 @@ fn test_fq2_mul_nonresidue() {
#[test]
fn test_fq6_mul_by_1() {
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let mut rng = test_rng();
for _ in 0..1000 {
let c1 = Fq2::rand(&mut rng);
@@ -472,7 +472,7 @@ fn test_fq6_mul_by_1() {
#[test]
fn test_fq6_mul_by_01() {
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let mut rng = test_rng();
for _ in 0..1000 {
let c0 = Fq2::rand(&mut rng);
@@ -489,7 +489,7 @@ fn test_fq6_mul_by_01() {
#[test]
fn test_fq12_mul_by_014() {
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let mut rng = test_rng();
for _ in 0..1000 {
let c0 = Fq2::rand(&mut rng);
@@ -510,7 +510,7 @@ fn test_fq12_mul_by_014() {
#[test]
fn test_fq12_mul_by_034() {
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let mut rng = test_rng();
for _ in 0..1000 {
let c0 = Fq2::rand(&mut rng);

5
bls12_377/src/lib.rs
View File

@@ -8,7 +8,7 @@
)]
#![forbid(unsafe_code)]
//! This library implements the BLS12_377 curve generated in [[BCGMMW20, “Zexe”]](https://eprint.iacr.org/2018/962).
//! This library implements the BLS12_377 curve generated in [\[BCGMMW20, “Zexe”\]](https://eprint.iacr.org/2018/962).
//! The name denotes that it is a Barreto--Lynn--Scott curve of embedding degree 12,
//! defined over a 377-bit (prime) field. The main feature of this curve is that
//! both the scalar field and the base field are highly 2-adic.
@@ -29,6 +29,9 @@ mod curves;
mod fields;
#[cfg(feature = "r1cs")]
pub mod constraints;
#[cfg(feature = "curve")]
pub use curves::*;

20
bls12_381/Cargo.toml
View File

@@ -1,27 +1,25 @@
[package]
name = "ark-bls12-381"
version = "0.1.0"
version = "0.3.0"
authors = [ "arkworks contributors" ]
description = "The BLS12-381 pairing-friendly elliptic curve"
homepage = "https://arworks.rs"
repository = "https://github.com/arkworks/algebra"
homepage = "https://arkworks.rs"
repository = "https://github.com/arkworks-rs/curves"
documentation = "https://docs.rs/ark-bls12-381/"
keywords = ["cryptography", "finite fields", "elliptic curves" ]
keywords = ["cryptography", "finite-fields", "elliptic-curves" ]
categories = ["cryptography"]
include = ["Cargo.toml", "src", "README.md", "LICENSE-APACHE", "LICENSE-MIT"]
license = "MIT/Apache-2.0"
edition = "2018"
[dependencies]
ark-ff = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-ec = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-std = { git = "https://github.com/arkworks-rs/utils", default-features = false }
ark-ff = { version="^0.3.0", default-features = false }
ark-ec = { version="^0.3.0", default-features = false }
ark-std = { version="^0.3.0", default-features = false }
[dev-dependencies]
ark-serialize = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-curve-tests = { path = "../curve-tests", default-features = false }
rand = { version = "0.7", default-features = false }
rand_xorshift = "0.2"
ark-serialize = { version="^0.3.0", default-features = false }
ark-algebra-test-templates = { version="^0.3.0", default-features = false }
[features]
default = [ "curve" ]

75
bls12_381/src/curves/g1.rs
View File

@@ -1,12 +1,13 @@
use crate::*;
use ark_ec::{
bls12,
bls12::Bls12Parameters,
models::{ModelParameters, SWModelParameters},
short_weierstrass_jacobian::GroupAffine,
AffineCurve, ProjectiveCurve,
};
use ark_ff::{
biginteger::{BigInteger256, BigInteger384},
field_new, Zero,
};
use ark_ff::{biginteger::BigInteger256, field_new, Zero};
use ark_std::ops::Neg;
pub type G1Affine = bls12::G1Affine<crate::Parameters>;
pub type G1Projective = bls12::G1Projective<crate::Parameters>;
@@ -21,18 +22,11 @@ impl ModelParameters for Parameters {
impl SWModelParameters for Parameters {
/// COEFF_A = 0
const COEFF_A: Fq = field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0]));
const COEFF_A: Fq = field_new!(Fq, "0");
/// COEFF_B = 4
#[rustfmt::skip]
const COEFF_B: Fq = field_new!(Fq, BigInteger384([
0xaa270000000cfff3,
0x53cc0032fc34000a,
0x478fe97a6b0a807f,
0xb1d37ebee6ba24d7,
0x8ec9733bbf78ab2f,
0x9d645513d83de7e,
]));
const COEFF_B: Fq = field_new!(Fq, "4");
/// COFACTOR = (x - 1)^2 / 3 = 76329603384216526031706109802092473003
const COFACTOR: &'static [u64] = &[0x8c00aaab0000aaab, 0x396c8c005555e156];
@@ -40,12 +34,7 @@ impl SWModelParameters for Parameters {
/// COFACTOR_INV = COFACTOR^{-1} mod r
/// = 52435875175126190458656871551744051925719901746859129887267498875565241663483
#[rustfmt::skip]
const COFACTOR_INV: Fr = field_new!(Fr, BigInteger256([
288839107172787499,
1152722415086798946,
2612889808468387987,
5124657601728438008,
]));
const COFACTOR_INV: Fr = field_new!(Fr, "52435875175126190458656871551744051925719901746859129887267498875565241663483");
/// AFFINE_GENERATOR_COEFFS = (G1_GENERATOR_X, G1_GENERATOR_Y)
const AFFINE_GENERATOR_COEFFS: (Self::BaseField, Self::BaseField) =
@@ -55,28 +44,44 @@ impl SWModelParameters for Parameters {
fn mul_by_a(_: &Self::BaseField) -> Self::BaseField {
Self::BaseField::zero()
}
fn is_in_correct_subgroup_assuming_on_curve(p: &GroupAffine<Parameters>) -> bool {
// Algorithm from Section 6 of https://eprint.iacr.org/2021/1130.
//
// Check that endomorphism_p(P) == -[X^2]P
let x = BigInteger256::new([crate::Parameters::X[0], 0, 0, 0]);
// An early-out optimization described in Section 6.
// If uP == P but P != point of infinity, then the point is not in the right subgroup.
let x_times_p = p.mul(x);
if x_times_p.eq(p) && !p.infinity {
return false;
}
let minus_x_squared_times_p = x_times_p.mul(x).neg();
let endomorphism_p = endomorphism(p);
minus_x_squared_times_p.eq(&endomorphism_p)
}
}
/// G1_GENERATOR_X =
/// 3685416753713387016781088315183077757961620795782546409894578378688607592378376318836054947676345821548104185464507
#[rustfmt::skip]
pub const G1_GENERATOR_X: Fq = field_new!(Fq, BigInteger384([
0x5cb38790fd530c16,
0x7817fc679976fff5,
0x154f95c7143ba1c1,
0xf0ae6acdf3d0e747,
0xedce6ecc21dbf440,
0x120177419e0bfb75,
]));
pub const G1_GENERATOR_X: Fq = field_new!(Fq, "3685416753713387016781088315183077757961620795782546409894578378688607592378376318836054947676345821548104185464507");
/// G1_GENERATOR_Y =
/// 1339506544944476473020471379941921221584933875938349620426543736416511423956333506472724655353366534992391756441569
#[rustfmt::skip]
pub const G1_GENERATOR_Y: Fq = field_new!(Fq, BigInteger384([
0xbaac93d50ce72271,
0x8c22631a7918fd8e,
0xdd595f13570725ce,
0x51ac582950405194,
0xe1c8c3fad0059c0,
0xbbc3efc5008a26a,
]));
pub const G1_GENERATOR_Y: Fq = field_new!(Fq, "1339506544944476473020471379941921221584933875938349620426543736416511423956333506472724655353366534992391756441569");
/// BETA is a non-trivial cubic root of unity in Fq.
pub const BETA: Fq = field_new!(Fq, "793479390729215512621379701633421447060886740281060493010456487427281649075476305620758731620350");
pub fn endomorphism(p: &GroupAffine<Parameters>) -> GroupAffine<Parameters> {
// Endomorphism of the points on the curve.
// endomorphism_p(x,y) = (BETA * x, y) where BETA is a non-trivial cubic root of unity in Fq.
let mut res = (*p).clone();
res.x *= BETA;
res
}

115
bls12_381/src/curves/g2.rs
View File

@@ -1,12 +1,12 @@
use crate::*;
use ark_ec::bls12::Bls12Parameters;
use ark_ec::{
bls12,
models::{ModelParameters, SWModelParameters},
short_weierstrass_jacobian::GroupAffine,
AffineCurve,
};
use ark_ff::{
biginteger::{BigInteger256, BigInteger384},
field_new, Zero,
};
use ark_ff::{biginteger::BigInteger256, field_new, Field, Zero};
pub type G2Affine = bls12::G2Affine<crate::Parameters>;
pub type G2Projective = bls12::G2Projective<crate::Parameters>;
@@ -44,12 +44,7 @@ impl SWModelParameters for Parameters {
/// COFACTOR_INV = COFACTOR^{-1} mod r
/// 26652489039290660355457965112010883481355318854675681319708643586776743290055
#[rustfmt::skip]
const COFACTOR_INV: Fr = field_new!(Fr, BigInteger256([
6746407649509787816,
1304054119431494378,
2461312685643913071,
5956596749362435284,
]));
const COFACTOR_INV: Fr = field_new!(Fr, "26652489039290660355457965112010883481355318854675681319708643586776743290055");
/// AFFINE_GENERATOR_COEFFS = (G2_GENERATOR_X, G2_GENERATOR_Y)
const AFFINE_GENERATOR_COEFFS: (Self::BaseField, Self::BaseField) =
@@ -59,6 +54,21 @@ impl SWModelParameters for Parameters {
fn mul_by_a(_: &Self::BaseField) -> Self::BaseField {
Self::BaseField::zero()
}
fn is_in_correct_subgroup_assuming_on_curve(point: &GroupAffine<Parameters>) -> bool {
// Algorithm from Section 4 of https://eprint.iacr.org/2021/1130.
//
// Checks that [p]P = [X]P
let mut x_times_point = point.mul(BigInteger256([crate::Parameters::X[0], 0, 0, 0]));
if crate::Parameters::X_IS_NEGATIVE {
x_times_point = -x_times_point;
}
let p_times_point = p_power_endomorphism(point);
x_times_point.eq(&p_times_point)
}
}
pub const G2_GENERATOR_X: Fq2 = field_new!(Fq2, G2_GENERATOR_X_C0, G2_GENERATOR_X_C1);
@@ -67,47 +77,68 @@ pub const G2_GENERATOR_Y: Fq2 = field_new!(Fq2, G2_GENERATOR_Y_C0, G2_GENERATOR_
/// G2_GENERATOR_X_C0 =
/// 352701069587466618187139116011060144890029952792775240219908644239793785735715026873347600343865175952761926303160
#[rustfmt::skip]
pub const G2_GENERATOR_X_C0: Fq = field_new!(Fq, BigInteger384([
0xf5f28fa202940a10,
0xb3f5fb2687b4961a,
0xa1a893b53e2ae580,
0x9894999d1a3caee9,
0x6f67b7631863366b,
0x58191924350bcd7,
]));
pub const G2_GENERATOR_X_C0: Fq = field_new!(Fq, "352701069587466618187139116011060144890029952792775240219908644239793785735715026873347600343865175952761926303160");
/// G2_GENERATOR_X_C1 =
/// 3059144344244213709971259814753781636986470325476647558659373206291635324768958432433509563104347017837885763365758
#[rustfmt::skip]
pub const G2_GENERATOR_X_C1: Fq = field_new!(Fq, BigInteger384([
0xa5a9c0759e23f606,
0xaaa0c59dbccd60c3,
0x3bb17e18e2867806,
0x1b1ab6cc8541b367,
0xc2b6ed0ef2158547,
0x11922a097360edf3,
]));
pub const G2_GENERATOR_X_C1: Fq = field_new!(Fq, "3059144344244213709971259814753781636986470325476647558659373206291635324768958432433509563104347017837885763365758");
/// G2_GENERATOR_Y_C0 =
/// 1985150602287291935568054521177171638300868978215655730859378665066344726373823718423869104263333984641494340347905
#[rustfmt::skip]
pub const G2_GENERATOR_Y_C0: Fq = field_new!(Fq, BigInteger384([
0x4c730af860494c4a,
0x597cfa1f5e369c5a,
0xe7e6856caa0a635a,
0xbbefb5e96e0d495f,
0x7d3a975f0ef25a2,
0x83fd8e7e80dae5,
]));
pub const G2_GENERATOR_Y_C0: Fq = field_new!(Fq, "1985150602287291935568054521177171638300868978215655730859378665066344726373823718423869104263333984641494340347905");
/// G2_GENERATOR_Y_C1 =
/// 927553665492332455747201965776037880757740193453592970025027978793976877002675564980949289727957565575433344219582
#[rustfmt::skip]
pub const G2_GENERATOR_Y_C1: Fq = field_new!(Fq, BigInteger384([
0xadc0fc92df64b05d,
0x18aa270a2b1461dc,
0x86adac6a3be4eba0,
0x79495c4ec93da33a,
0xe7175850a43ccaed,
0xb2bc2a163de1bf2,
]));
pub const G2_GENERATOR_Y_C1: Fq = field_new!(Fq, "927553665492332455747201965776037880757740193453592970025027978793976877002675564980949289727957565575433344219582");
// psi(x,y) = (x**p * PSI_X, y**p * PSI_Y) is the Frobenius composed
// with the quadratic twist and its inverse
// PSI_X = 1/(u+1)^((p-1)/3)
pub const P_POWER_ENDOMORPHISM_COEFF_0 : Fq2 = field_new!(
Fq2,
FQ_ZERO,
field_new!(
Fq,
"4002409555221667392624310435006688643935503118305586438271171395842971157480381377015405980053539358417135540939437"
)
);
// PSI_Y = 1/(u+1)^((p-1)/2)
pub const P_POWER_ENDOMORPHISM_COEFF_1: Fq2 = field_new!(
Fq2,
field_new!(
Fq,
"2973677408986561043442465346520108879172042883009249989176415018091420807192182638567116318576472649347015917690530"),
field_new!(
Fq,
"1028732146235106349975324479215795277384839936929757896155643118032610843298655225875571310552543014690878354869257")
);
pub fn p_power_endomorphism(p: &GroupAffine<Parameters>) -> GroupAffine<Parameters> {
// The p-power endomorphism for G2 is defined as follows:
// 1. Note that G2 is defined on curve E': y^2 = x^3 + 4(u+1). To map a point (x, y) in E' to (s, t) in E,
// one set s = x / ((u+1) ^ (1/3)), t = y / ((u+1) ^ (1/2)), because E: y^2 = x^3 + 4.
// 2. Apply the Frobenius endomorphism (s, t) => (s', t'), another point on curve E,
// where s' = s^p, t' = t^p.
// 3. Map the point from E back to E'; that is,
// one set x' = s' * ((u+1) ^ (1/3)), y' = t' * ((u+1) ^ (1/2)).
//
// To sum up, it maps
// (x,y) -> (x^p / ((u+1)^((p-1)/3)), y^p / ((u+1)^((p-1)/2)))
// as implemented in the code as follows.
let mut res = *p;
res.x.frobenius_map(1);
res.y.frobenius_map(1);
let tmp_x = res.x.clone();
res.x.c0 = -P_POWER_ENDOMORPHISM_COEFF_0.c1 * &tmp_x.c1;
res.x.c1 = P_POWER_ENDOMORPHISM_COEFF_0.c1 * &tmp_x.c0;
res.y *= P_POWER_ENDOMORPHISM_COEFF_1;
res
}

65
bls12_381/src/curves/tests.rs
View File

@@ -1,15 +1,21 @@
#![allow(unused_imports)]
use ark_ec::{models::SWModelParameters, AffineCurve, PairingEngine, ProjectiveCurve};
use ark_ec::{
models::SWModelParameters,
short_weierstrass_jacobian::{GroupAffine, GroupProjective},
AffineCurve, PairingEngine, ProjectiveCurve,
};
use ark_ff::{
fields::{Field, FpParameters, PrimeField, SquareRootField},
test_rng, One, Zero,
BitIteratorBE, One, UniformRand, Zero,
};
use ark_serialize::CanonicalSerialize;
use ark_std::rand::Rng;
use ark_std::test_rng;
use core::ops::{AddAssign, MulAssign};
use rand::Rng;
use crate::{g1, g2, Bls12_381, Fq, Fq12, Fq2, Fr, G1Affine, G1Projective, G2Affine, G2Projective};
use ark_curve_tests::{curves::*, groups::*};
use ark_algebra_test_templates::{curves::*, groups::*};
use ark_ec::group::Group;
#[test]
fn test_g1_projective_curve() {
@@ -114,3 +120,54 @@ fn test_g1_generator_raw() {
x.add_assign(&Fq::one());
}
}
#[test]
fn test_g1_endomorphism_beta() {
assert!(g1::BETA.pow(&[3u64]).is_one());
}
#[test]
fn test_g1_subgroup_membership_via_endomorphism() {
let mut rng = test_rng();
let generator = G1Projective::rand(&mut rng).into_affine();
assert!(generator.is_in_correct_subgroup_assuming_on_curve());
}
#[test]
fn test_g1_subgroup_non_membership_via_endomorphism() {
let mut rng = test_rng();
loop {
let x = Fq::rand(&mut rng);
let greatest = rng.gen();
if let Some(p) = G1Affine::get_point_from_x(x, greatest) {
if !p.into_projective().mul(Fr::characteristic()).is_zero() {
assert!(!p.is_in_correct_subgroup_assuming_on_curve());
return;
}
}
}
}
#[test]
fn test_g2_subgroup_membership_via_endomorphism() {
let mut rng = test_rng();
let generator = G2Projective::rand(&mut rng).into_affine();
assert!(generator.is_in_correct_subgroup_assuming_on_curve());
}
#[test]
fn test_g2_subgroup_non_membership_via_endomorphism() {
let mut rng = test_rng();
loop {
let x = Fq2::rand(&mut rng);
let greatest = rng.gen();
if let Some(p) = G2Affine::get_point_from_x(x, greatest) {
if !p.into_projective().mul(Fr::characteristic()).is_zero() {
assert!(!p.is_in_correct_subgroup_assuming_on_curve());
return;
}
}
}
}

13
bls12_381/src/fields/fq.rs
View File

@@ -42,6 +42,7 @@ impl FpParameters for FqParameters {
const REPR_SHAVE_BITS: u32 = 3;
/// R = 3380320199399472671518931668520476396067793891014375699959770179129436917079669831430077592723774664465579537268733
#[rustfmt::skip]
const R: BigInteger = BigInteger([
0x760900000002fffd,
@@ -64,7 +65,9 @@ impl FpParameters for FqParameters {
const INV: u64 = 0x89f3fffcfffcfffd;
// GENERATOR = 2
/// GENERATOR = 2
/// Encoded in Montgomery form, so the value is
/// 2 * R % q = 2758230843577277949620073511305048635578704962089743514587482222134842183668501798417467556318533664893264801977679
#[rustfmt::skip]
const GENERATOR: BigInteger = BigInteger([
0x321300000006554f,
@@ -85,8 +88,8 @@ impl FpParameters for FqParameters {
0xd0088f51cbff34d,
]);
// T and T_MINUS_ONE_DIV_TWO, where MODULUS - 1 = 2^S * T
/// T and T_MINUS_ONE_DIV_TWO, where MODULUS - 1 = 2^S * T
/// For T coprime to 2
#[rustfmt::skip]
const T: BigInteger = BigInteger([
0xdcff7fffffffd555,
@@ -108,5 +111,5 @@ impl FpParameters for FqParameters {
]);
}
pub const FQ_ONE: Fq = field_new!(Fq, FqParameters::R);
pub const FQ_ZERO: Fq = field_new!(Fq, BigInteger([0, 0, 0, 0, 0, 0]));
pub const FQ_ONE: Fq = field_new!(Fq, "1");
pub const FQ_ZERO: Fq = field_new!(Fq, "0");

195
bls12_381/src/fields/fq12.rs
View File

@@ -1,5 +1,5 @@
use crate::*;
use ark_ff::{biginteger::BigInteger384, field_new, fields::*};
use ark_ff::{field_new, fields::*};
pub type Fq12 = Fp12<Fq12Parameters>;
@@ -11,183 +11,66 @@ impl Fp12Parameters for Fq12Parameters {
const NONRESIDUE: Fq6 = field_new!(Fq6, FQ2_ZERO, FQ2_ONE, FQ2_ZERO);
#[rustfmt::skip]
const FROBENIUS_COEFF_FP12_C1: &'static [Fq2] = &[
// Fq2(u + 1)**(((q^0) - 1) / 6)
FQ2_ONE,
// Fq2(u + 1)**(((q^1) - 1) / 6)
// Fp2::NONRESIDUE^(((q^0) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, BigInteger384([
0x7089552b319d465,
0xc6695f92b50a8313,
0x97e83cccd117228f,
0xa35baecab2dc29ee,
0x1ce393ea5daace4d,
0x8f2220fb0fb66eb,
])),
field_new!(Fq, BigInteger384([
0xb2f66aad4ce5d646,
0x5842a06bfc497cec,
0xcf4895d42599d394,
0xc11b9cba40a8e8d0,
0x2e3813cbe5a0de89,
0x110eefda88847faf,
])),
field_new!(Fq, "1"),
field_new!(Fq, "0"),
),
// Fq2(u + 1)**(((q^2) - 1) / 6)
// Fp2::NONRESIDUE^(((q^1) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, BigInteger384([
0xecfb361b798dba3a,
0xc100ddb891865a2c,
0xec08ff1232bda8e,
0xd5c13cc6f1ca4721,
0x47222a47bf7b5c04,
0x110f184e51c5f59,
])),
FQ_ZERO,
field_new!(Fq, "3850754370037169011952147076051364057158807420970682438676050522613628423219637725072182697113062777891589506424760"),
field_new!(Fq, "151655185184498381465642749684540099398075398968325446656007613510403227271200139370504932015952886146304766135027"),
),
// Fq2(u + 1)**(((q^3) - 1) / 6)
// Fp2::NONRESIDUE^(((q^2) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, BigInteger384([
0x3e2f585da55c9ad1,
0x4294213d86c18183,
0x382844c88b623732,
0x92ad2afd19103e18,
0x1d794e4fac7cf0b9,
0xbd592fc7d825ec8,
])),
field_new!(Fq, BigInteger384([
0x7bcfa7a25aa30fda,
0xdc17dec12a927e7c,
0x2f088dd86b4ebef1,
0xd1ca2087da74d4a7,
0x2da2596696cebc1d,
0xe2b7eedbbfd87d2,
])),
field_new!(Fq, "793479390729215512621379701633421447060886740281060493010456487427281649075476305620758731620351"),
field_new!(Fq, "0"),
),
// Fq2(u + 1)**(((q^4) - 1) / 6)
// Fp2::NONRESIDUE^(((q^3) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, BigInteger384([
0x30f1361b798a64e8,
0xf3b8ddab7ece5a2a,
0x16a8ca3ac61577f7,
0xc26a2ff874fd029b,
0x3636b76660701c6e,
0x51ba4ab241b6160,
])),
FQ_ZERO,
field_new!(Fq, "2973677408986561043442465346520108879172042883009249989176415018091420807192182638567116318576472649347015917690530"),
field_new!(Fq, "1028732146235106349975324479215795277384839936929757896155643118032610843298655225875571310552543014690878354869257"),
),
// Fq2(u + 1)**(((q^5) - 1) / 6)
// Fp2::NONRESIDUE^(((q^4) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, BigInteger384([
0x3726c30af242c66c,
0x7c2ac1aad1b6fe70,
0xa04007fbba4b14a2,
0xef517c3266341429,
0x95ba654ed2226b,
0x2e370eccc86f7dd,
])),
field_new!(Fq, BigInteger384([
0x82d83cf50dbce43f,
0xa2813e53df9d018f,
0xc6f0caa53c65e181,
0x7525cf528d50fe95,
0x4a85ed50f4798a6b,
0x171da0fd6cf8eebd,
])),
field_new!(Fq, "793479390729215512621379701633421447060886740281060493010456487427281649075476305620758731620350"),
field_new!(Fq, "0"),
),
// Fq2(u + 1)**(((q^6) - 1) / 6)
// Fp2::NONRESIDUE^(((q^5) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, BigInteger384([
0x43f5fffffffcaaae,
0x32b7fff2ed47fffd,
0x7e83a49a2e99d69,
0xeca8f3318332bb7a,
0xef148d1ea0f4c069,
0x40ab3263eff0206,
])),
FQ_ZERO,
field_new!(Fq, "3125332594171059424908108096204648978570118281977575435832422631601824034463382777937621250592425535493320683825557"),
field_new!(Fq, "877076961050607968509681729531255177986764537961432449499635504522207616027455086505066378536590128544573588734230"),
),
// Fq2(u + 1)**(((q^7) - 1) / 6)
// Fp2::NONRESIDUE^(((q^6) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, BigInteger384([
0xb2f66aad4ce5d646,
0x5842a06bfc497cec,
0xcf4895d42599d394,
0xc11b9cba40a8e8d0,
0x2e3813cbe5a0de89,
0x110eefda88847faf,
])),
field_new!(Fq, BigInteger384([
0x7089552b319d465,
0xc6695f92b50a8313,
0x97e83cccd117228f,
0xa35baecab2dc29ee,
0x1ce393ea5daace4d,
0x8f2220fb0fb66eb,
])),
field_new!(Fq, "-1"),
field_new!(Fq, "0"),
),
// Fq2(u + 1)**(((q^8) - 1) / 6)
// Fp2::NONRESIDUE^(((q^7) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, BigInteger384([
0xcd03c9e48671f071,
0x5dab22461fcda5d2,
0x587042afd3851b95,
0x8eb60ebe01bacb9e,
0x3f97d6e83d050d2,
0x18f0206554638741,
])),
FQ_ZERO,
field_new!(Fq, "151655185184498381465642749684540099398075398968325446656007613510403227271200139370504932015952886146304766135027"),
field_new!(Fq, "3850754370037169011952147076051364057158807420970682438676050522613628423219637725072182697113062777891589506424760"),
),
// Fq2(u + 1)**(((q^9) - 1) / 6)
// Fp2::NONRESIDUE^(((q^8) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, BigInteger384([
0x7bcfa7a25aa30fda,
0xdc17dec12a927e7c,
0x2f088dd86b4ebef1,
0xd1ca2087da74d4a7,
0x2da2596696cebc1d,
0xe2b7eedbbfd87d2,
])),
field_new!(Fq, BigInteger384([
0x3e2f585da55c9ad1,
0x4294213d86c18183,
0x382844c88b623732,
0x92ad2afd19103e18,
0x1d794e4fac7cf0b9,
0xbd592fc7d825ec8,
])),
field_new!(Fq, "4002409555221667392624310435006688643935503118305586438271171395842971157480381377015405980053539358417135540939436"),
field_new!(Fq, "0"),
),
// Fq2(u + 1)**(((q^10) - 1) / 6)
// Fp2::NONRESIDUE^(((q^9) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, BigInteger384([
0x890dc9e4867545c3,
0x2af322533285a5d5,
0x50880866309b7e2c,
0xa20d1b8c7e881024,
0x14e4f04fe2db9068,
0x14e56d3f1564853a,
])),
FQ_ZERO,
field_new!(Fq, "1028732146235106349975324479215795277384839936929757896155643118032610843298655225875571310552543014690878354869257"),
field_new!(Fq, "2973677408986561043442465346520108879172042883009249989176415018091420807192182638567116318576472649347015917690530"),
),
// Fq2(u + 1)**(((q^11) - 1) / 6)
// Fp2::NONRESIDUE^(((q^10) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, BigInteger384([
0x82d83cf50dbce43f,
0xa2813e53df9d018f,
0xc6f0caa53c65e181,
0x7525cf528d50fe95,
0x4a85ed50f4798a6b,
0x171da0fd6cf8eebd,
])),
field_new!(Fq, BigInteger384([
0x3726c30af242c66c,
0x7c2ac1aad1b6fe70,
0xa04007fbba4b14a2,
0xef517c3266341429,
0x95ba654ed2226b,
0x2e370eccc86f7dd,
])),
field_new!(Fq, "4002409555221667392624310435006688643935503118305586438271171395842971157480381377015405980053539358417135540939437"),
field_new!(Fq, "0"),
),
// Fp2::NONRESIDUE^(((q^11) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, "877076961050607968509681729531255177986764537961432449499635504522207616027455086505066378536590128544573588734230"),
field_new!(Fq, "3125332594171059424908108096204648978570118281977575435832422631601824034463382777937621250592425535493320683825557"),
),
];
}

48
bls12_381/src/fields/fq2.rs
View File

@@ -1,5 +1,5 @@
use crate::*;
use ark_ff::{biginteger::BigInteger384 as BigInteger, field_new, fields::*};
use ark_ff::{field_new, fields::*};
pub type Fq2 = Fp2<Fq2Parameters>;
@@ -10,57 +10,19 @@ impl Fp2Parameters for Fq2Parameters {
/// NONRESIDUE = -1
#[rustfmt::skip]
const NONRESIDUE: Fq = field_new!(Fq, BigInteger([
0x43f5fffffffcaaae,
0x32b7fff2ed47fffd,
0x7e83a49a2e99d69,
0xeca8f3318332bb7a,
0xef148d1ea0f4c069,
0x40ab3263eff0206,
]));
const NONRESIDUE: Fq = field_new!(Fq, "-1");
/// QUADRATIC_NONRESIDUE = (U + 1)
#[rustfmt::skip]
const QUADRATIC_NONRESIDUE: (Fq, Fq) = (
field_new!(Fq, BigInteger([
0x760900000002fffd,
0xebf4000bc40c0002,
0x5f48985753c758ba,
0x77ce585370525745,
0x5c071a97a256ec6d,
0x15f65ec3fa80e493,
])),
field_new!(Fq, BigInteger([
0x760900000002fffd,
0xebf4000bc40c0002,
0x5f48985753c758ba,
0x77ce585370525745,
0x5c071a97a256ec6d,
0x15f65ec3fa80e493,
])),
);
const QUADRATIC_NONRESIDUE: (Fq, Fq) = (FQ_ONE, FQ_ONE);
/// Coefficients for the Frobenius automorphism.
#[rustfmt::skip]
const FROBENIUS_COEFF_FP2_C1: &'static [Fq] = &[
// Fq(-1)**(((q^0) - 1) / 2)
field_new!(Fq, BigInteger([
0x760900000002fffd,
0xebf4000bc40c0002,
0x5f48985753c758ba,
0x77ce585370525745,
0x5c071a97a256ec6d,
0x15f65ec3fa80e493,
])),
field_new!(Fq, "1"),
// Fq(-1)**(((q^1) - 1) / 2)
field_new!(Fq, BigInteger([
0x43f5fffffffcaaae,
0x32b7fff2ed47fffd,
0x7e83a49a2e99d69,
0xeca8f3318332bb7a,
0xef148d1ea0f4c069,
0x40ab3263eff0206,
])),
field_new!(Fq, "-1"),
];
#[inline(always)]

164
bls12_381/src/fields/fq6.rs
View File

@@ -1,5 +1,5 @@
use crate::*;
use ark_ff::{biginteger::BigInteger384, field_new, fields::*};
use ark_ff::{field_new, fields::*};
pub type Fq6 = Fp6<Fq6Parameters>;
@@ -12,97 +12,41 @@ impl Fp6Parameters for Fq6Parameters {
/// NONRESIDUE = (U + 1)
#[rustfmt::skip]
const NONRESIDUE: Fq2 = field_new!(Fq2,
field_new!(Fq, BigInteger384([
0x760900000002fffd,
0xebf4000bc40c0002,
0x5f48985753c758ba,
0x77ce585370525745,
0x5c071a97a256ec6d,
0x15f65ec3fa80e493,
])),
field_new!(Fq, BigInteger384([
0x760900000002fffd,
0xebf4000bc40c0002,
0x5f48985753c758ba,
0x77ce585370525745,
0x5c071a97a256ec6d,
0x15f65ec3fa80e493,
])),
field_new!(Fq, "1"),
field_new!(Fq, "1"),
);
#[rustfmt::skip]
const FROBENIUS_COEFF_FP6_C1: &'static [Fq2] = &[
// Fq2(u + 1)**(((q^0) - 1) / 3)
// Fp2::NONRESIDUE^(((q^0) - 1) / 3)
field_new!(Fq2,
field_new!(Fq, BigInteger384([
0x760900000002fffd,
0xebf4000bc40c0002,
0x5f48985753c758ba,
0x77ce585370525745,
0x5c071a97a256ec6d,
0x15f65ec3fa80e493,
])),
field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])),
field_new!(Fq, "1"),
field_new!(Fq, "0"),
),
// Fq2(u + 1)**(((q^1) - 1) / 3)
// Fp2::NONRESIDUE^(((q^1) - 1) / 3)
field_new!(Fq2,
field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])),
field_new!(Fq, BigInteger384([
0xcd03c9e48671f071,
0x5dab22461fcda5d2,
0x587042afd3851b95,
0x8eb60ebe01bacb9e,
0x3f97d6e83d050d2,
0x18f0206554638741,
])),
field_new!(Fq, "0"),
field_new!(Fq, "4002409555221667392624310435006688643935503118305586438271171395842971157480381377015405980053539358417135540939436"),
),
// Fq2(u + 1)**(((q^2) - 1) / 3)
// Fp2::NONRESIDUE^(((q^2) - 1) / 3)
field_new!(Fq2,
field_new!(Fq, BigInteger384([
0x30f1361b798a64e8,
0xf3b8ddab7ece5a2a,
0x16a8ca3ac61577f7,
0xc26a2ff874fd029b,
0x3636b76660701c6e,
0x51ba4ab241b6160,
])),
field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])),
field_new!(Fq, "793479390729215512621379701633421447060886740281060493010456487427281649075476305620758731620350"),
field_new!(Fq, "0"),
),
// Fq2(u + 1)**(((q^3) - 1) / 3)
// Fp2::NONRESIDUE^(((q^3) - 1) / 3)
field_new!(Fq2,
field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])),
field_new!(Fq, BigInteger384([
0x760900000002fffd,
0xebf4000bc40c0002,
0x5f48985753c758ba,
0x77ce585370525745,
0x5c071a97a256ec6d,
0x15f65ec3fa80e493,
])),
field_new!(Fq, "0"),
field_new!(Fq, "1"),
),
// Fq2(u + 1)**(((q^4) - 1) / 3)
// Fp2::NONRESIDUE^(((q^4) - 1) / 3)
field_new!(Fq2,
field_new!(Fq, BigInteger384([
0xcd03c9e48671f071,
0x5dab22461fcda5d2,
0x587042afd3851b95,
0x8eb60ebe01bacb9e,
0x3f97d6e83d050d2,
0x18f0206554638741,
])),
field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])),
field_new!(Fq, "4002409555221667392624310435006688643935503118305586438271171395842971157480381377015405980053539358417135540939436"),
field_new!(Fq, "0"),
),
// Fq2(u + 1)**(((q^5) - 1) / 3)
// Fp2::NONRESIDUE^(((q^5) - 1) / 3)
field_new!(Fq2,
field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])),
field_new!(Fq, BigInteger384([
0x30f1361b798a64e8,
0xf3b8ddab7ece5a2a,
0x16a8ca3ac61577f7,
0xc26a2ff874fd029b,
0x3636b76660701c6e,
0x51ba4ab241b6160,
])),
field_new!(Fq, "0"),
field_new!(Fq, "793479390729215512621379701633421447060886740281060493010456487427281649075476305620758731620350"),
),
];
@@ -110,75 +54,33 @@ impl Fp6Parameters for Fq6Parameters {
const FROBENIUS_COEFF_FP6_C2: &'static [Fq2] = &[
// Fq2(u + 1)**(((2q^0) - 2) / 3)
field_new!(Fq2,
field_new!(Fq, BigInteger384([
0x760900000002fffd,
0xebf4000bc40c0002,
0x5f48985753c758ba,
0x77ce585370525745,
0x5c071a97a256ec6d,
0x15f65ec3fa80e493,
])),
field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])),
field_new!(Fq, "1"),
field_new!(Fq, "0"),
),
// Fq2(u + 1)**(((2q^1) - 2) / 3)
field_new!(Fq2,
field_new!(Fq, BigInteger384([
0x890dc9e4867545c3,
0x2af322533285a5d5,
0x50880866309b7e2c,
0xa20d1b8c7e881024,
0x14e4f04fe2db9068,
0x14e56d3f1564853a,
])),
field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])),
field_new!(Fq, "4002409555221667392624310435006688643935503118305586438271171395842971157480381377015405980053539358417135540939437"),
field_new!(Fq, "0"),
),
// Fq2(u + 1)**(((2q^2) - 2) / 3)
field_new!(Fq2,
field_new!(Fq, BigInteger384([
0xcd03c9e48671f071,
0x5dab22461fcda5d2,
0x587042afd3851b95,
0x8eb60ebe01bacb9e,
0x3f97d6e83d050d2,
0x18f0206554638741,
])),
field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])),
field_new!(Fq, "4002409555221667392624310435006688643935503118305586438271171395842971157480381377015405980053539358417135540939436"),
field_new!(Fq, "0"),
),
// Fq2(u + 1)**(((2q^3) - 2) / 3)
field_new!(Fq2,
field_new!(Fq, BigInteger384([
0x43f5fffffffcaaae,
0x32b7fff2ed47fffd,
0x7e83a49a2e99d69,
0xeca8f3318332bb7a,
0xef148d1ea0f4c069,
0x40ab3263eff0206,
])),
field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])),
field_new!(Fq, "-1"),
field_new!(Fq, "0"),
),
// Fq2(u + 1)**(((2q^4) - 2) / 3)
field_new!(Fq2,
field_new!(Fq, BigInteger384([
0x30f1361b798a64e8,
0xf3b8ddab7ece5a2a,
0x16a8ca3ac61577f7,
0xc26a2ff874fd029b,
0x3636b76660701c6e,
0x51ba4ab241b6160,
])),
field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])),
field_new!(Fq, "793479390729215512621379701633421447060886740281060493010456487427281649075476305620758731620350"),
field_new!(Fq, "0"),
),
// Fq2(u + 1)**(((2q^5) - 2) / 3)
field_new!(Fq2,
field_new!(Fq, BigInteger384([
0xecfb361b798dba3a,
0xc100ddb891865a2c,
0xec08ff1232bda8e,
0xd5c13cc6f1ca4721,
0x47222a47bf7b5c04,
0x110f184e51c5f59,
])),
field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])),
field_new!(Fq, "793479390729215512621379701633421447060886740281060493010456487427281649075476305620758731620351"),
field_new!(Fq, "0"),
),
];

6
bls12_381/src/fields/fr.rs
View File

@@ -37,6 +37,7 @@ impl FpParameters for FrParameters {
const REPR_SHAVE_BITS: u32 = 1;
/// R = 10920338887063814464675503992315976177888879664585288394250266608035967270910
#[rustfmt::skip]
const R: BigInteger = BigInteger([
0x1fffffffe,
@@ -55,7 +56,9 @@ impl FpParameters for FrParameters {
const INV: u64 = 0xfffffffeffffffff;
//
/// GENERATOR = 7
/// Encoded in Montgomery form, so the value here is
/// 7 * R % q = 24006497034320510773280787438025867407531605151569380937148207556313189711857
#[rustfmt::skip]
const GENERATOR: BigInteger = BigInteger([
0xefffffff1,
@@ -73,6 +76,7 @@ impl FpParameters for FrParameters {
]);
// T and T_MINUS_ONE_DIV_TWO, where MODULUS - 1 = 2^S * T
// For T coprime to 2
// T = (MODULUS - 1) / 2^S =
// 12208678567578594777604504606729831043093128246378069236549469339647

90
bls12_381/src/fields/tests.rs
View File

@@ -10,17 +10,15 @@ use core::{
cmp::Ordering,
ops::{AddAssign, MulAssign, SubAssign},
};
use rand::SeedableRng;
use rand_xorshift::XorShiftRng;
use crate::{Fq, Fq12, Fq12Parameters, Fq2, Fq2Parameters, Fq6, Fq6Parameters, FqParameters, Fr};
use ark_curve_tests::fields::*;
use ark_algebra_test_templates::fields::*;
pub(crate) const ITERATIONS: usize = 5;
#[test]
fn test_fr() {
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let mut rng = ark_std::test_rng();
for _ in 0..ITERATIONS {
let a: Fr = UniformRand::rand(&mut rng);
let b: Fr = UniformRand::rand(&mut rng);
@@ -32,7 +30,7 @@ fn test_fr() {
#[test]
fn test_fq() {
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let mut rng = ark_std::test_rng();
for _ in 0..ITERATIONS {
let a: Fq = UniformRand::rand(&mut rng);
let b: Fq = UniformRand::rand(&mut rng);
@@ -44,7 +42,7 @@ fn test_fq() {
#[test]
fn test_fq2() {
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let mut rng = ark_std::test_rng();
for _ in 0..ITERATIONS {
let a: Fq2 = UniformRand::rand(&mut rng);
let b: Fq2 = UniformRand::rand(&mut rng);
@@ -56,7 +54,7 @@ fn test_fq2() {
#[test]
fn test_fq6() {
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let mut rng = ark_std::test_rng();
for _ in 0..ITERATIONS {
let g: Fq6 = UniformRand::rand(&mut rng);
let h: Fq6 = UniformRand::rand(&mut rng);
@@ -67,7 +65,7 @@ fn test_fq6() {
#[test]
fn test_fq12() {
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let mut rng = ark_std::test_rng();
for _ in 0..ITERATIONS {
let g: Fq12 = UniformRand::rand(&mut rng);
let h: Fq12 = UniformRand::rand(&mut rng);
@@ -1006,8 +1004,8 @@ fn test_fq_repr_num_bits() {
}
#[test]
fn test_fq_repr_sub_noborrow() {
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
fn test_fq_repr_sub_ret_borrow() {
let mut rng = ark_std::test_rng();
let mut t = BigInteger384([
0x827a4a08041ebd9,
@@ -1017,7 +1015,7 @@ fn test_fq_repr_sub_noborrow() {
0xad0eb3948a5c34fd,
0xd56f7b5ab8b5ce8,
]);
t.sub_noborrow(&BigInteger384([
t.sub_ret_borrow(&BigInteger384([
0xc7867917187ca02b,
0x5d75679d4911ffef,
0x8c5b3e48b1a71c15,
@@ -1052,12 +1050,12 @@ fn test_fq_repr_sub_noborrow() {
assert!(b < c);
let mut csub_ba = c;
csub_ba.sub_noborrow(&b);
csub_ba.sub_noborrow(&a);
csub_ba.sub_ret_borrow(&b);
csub_ba.sub_ret_borrow(&a);
let mut csub_ab = c;
csub_ab.sub_noborrow(&a);
csub_ab.sub_noborrow(&b);
csub_ab.sub_ret_borrow(&a);
csub_ab.sub_ret_borrow(&b);
assert_eq!(csub_ab, csub_ba);
}
@@ -1071,7 +1069,7 @@ fn test_fq_repr_sub_noborrow() {
0x4b1ba7b6434bacd7,
0x1a0111ea397fe69a,
]);
qplusone.sub_noborrow(&BigInteger384([
qplusone.sub_ret_borrow(&BigInteger384([
0xb9feffffffffaaac,
0x1eabfffeb153ffff,
0x6730d2a0f6b0f624,
@@ -1093,8 +1091,8 @@ fn test_fq_repr_sub_noborrow() {
}
#[test]
fn test_fq_repr_add_nocarry() {
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
fn test_fq_repr_add_ret_carry() {
let mut rng = ark_std::test_rng();
let mut t = BigInteger384([
0x827a4a08041ebd9,
@@ -1104,7 +1102,7 @@ fn test_fq_repr_add_nocarry() {
0xad0eb3948a5c34fd,
0xd56f7b5ab8b5ce8,
]);
t.add_nocarry(&BigInteger384([
t.add_ret_carry(&BigInteger384([
0xc7867917187ca02b,
0x5d75679d4911ffef,
0x8c5b3e48b1a71c15,
@@ -1135,28 +1133,28 @@ fn test_fq_repr_add_nocarry() {
c.0[5] >>= 3;
let mut abc = a;
abc.add_nocarry(&b);
abc.add_nocarry(&c);
abc.add_ret_carry(&b);
abc.add_ret_carry(&c);
let mut acb = a;
acb.add_nocarry(&c);
acb.add_nocarry(&b);
acb.add_ret_carry(&c);
acb.add_ret_carry(&b);
let mut bac = b;
bac.add_nocarry(&a);
bac.add_nocarry(&c);
bac.add_ret_carry(&a);
bac.add_ret_carry(&c);
let mut bca = b;
bca.add_nocarry(&c);
bca.add_nocarry(&a);
bca.add_ret_carry(&c);
bca.add_ret_carry(&a);
let mut cab = c;
cab.add_nocarry(&a);
cab.add_nocarry(&b);
cab.add_ret_carry(&a);
cab.add_ret_carry(&b);
let mut cba = c;
cba.add_nocarry(&b);
cba.add_nocarry(&a);
cba.add_ret_carry(&b);
cba.add_ret_carry(&a);
assert_eq!(abc, acb);
assert_eq!(abc, bac);
@@ -1174,7 +1172,7 @@ fn test_fq_repr_add_nocarry() {
0xffffffffffffffff,
0xffffffffffffffff,
]);
x.add_nocarry(&BigInteger384::from(1));
x.add_ret_carry(&BigInteger384::from(1));
assert!(x.is_zero());
}
@@ -1282,7 +1280,7 @@ fn test_fq_add_assign() {
// Test associativity
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let mut rng = ark_std::test_rng();
for _ in 0..1000 {
// Generate a, b, c and ensure (a + b) + c == a + (b + c).
@@ -1390,7 +1388,7 @@ fn test_fq_sub_assign() {
);
}
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let mut rng = ark_std::test_rng();
for _ in 0..1000 {
// Ensure that (a - b) + (b - a) = 0.
@@ -1437,7 +1435,7 @@ fn test_fq_mul_assign() {
]))
);
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let mut rng = ark_std::test_rng();
for _ in 0..1000000 {
// Ensure that (a * b) * c = a * (b * c)
@@ -1503,7 +1501,7 @@ fn test_fq_squaring() {
]))
);
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let mut rng = ark_std::test_rng();
for _ in 0..1000000 {
// Ensure that (a * a) = a^2
@@ -1523,7 +1521,7 @@ fn test_fq_squaring() {
fn test_fq_inverse() {
assert!(Fq::zero().inverse().is_none());
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let mut rng = ark_std::test_rng();
let one = Fq::one();
@@ -1538,7 +1536,7 @@ fn test_fq_inverse() {
#[test]
fn test_fq_double_in_place() {
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let mut rng = ark_std::test_rng();
for _ in 0..1000 {
// Ensure doubling a is equivalent to adding a to itself.
@@ -1558,7 +1556,7 @@ fn test_fq_negate() {
assert!(a.is_zero());
}
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let mut rng = ark_std::test_rng();
for _ in 0..1000 {
// Ensure (a - (-a)) = 0.
@@ -1572,7 +1570,7 @@ fn test_fq_negate() {
#[test]
fn test_fq_pow() {
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let mut rng = ark_std::test_rng();
for i in 0..1000 {
// Exponentiate by various small numbers and ensure it consists with repeated
@@ -1596,7 +1594,7 @@ fn test_fq_pow() {
#[test]
fn test_fq_sqrt() {
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let mut rng = ark_std::test_rng();
assert_eq!(Fq::zero().sqrt().unwrap(), Fq::zero());
@@ -2237,7 +2235,7 @@ fn test_fq2_legendre() {
#[test]
fn test_fq2_mul_nonresidue() {
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let mut rng = ark_std::test_rng();
let nqr = Fq2::new(Fq::one(), Fq::one());
@@ -2253,7 +2251,7 @@ fn test_fq2_mul_nonresidue() {
#[test]
fn test_fq6_mul_nonresidue() {
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let mut rng = ark_std::test_rng();
let nqr = Fq6::new(Fq2::zero(), Fq2::one(), Fq2::zero());
@@ -2269,7 +2267,7 @@ fn test_fq6_mul_nonresidue() {
#[test]
fn test_fq6_mul_by_1() {
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let mut rng = ark_std::test_rng();
for _ in 0..1000 {
let c1 = Fq2::rand(&mut rng);
@@ -2285,7 +2283,7 @@ fn test_fq6_mul_by_1() {
#[test]
fn test_fq6_mul_by_01() {
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let mut rng = ark_std::test_rng();
for _ in 0..1000 {
let c0 = Fq2::rand(&mut rng);
@@ -2302,7 +2300,7 @@ fn test_fq6_mul_by_01() {
#[test]
fn test_fq12_mul_by_014() {
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let mut rng = ark_std::test_rng();
for _ in 0..1000 {
let c0 = Fq2::rand(&mut rng);

20
bn254/Cargo.toml
View File

@@ -1,27 +1,25 @@
[package]
name = "ark-bn254"
version = "0.1.0"
version = "0.3.0"
authors = [ "arkworks contributors" ]
description = "The BN254 pairing-friendly elliptic curve"
homepage = "https://arworks.rs"
repository = "https://github.com/arkworks/algebra"
homepage = "https://arkworks.rs"
repository = "https://github.com/arkworks-rs/curves"
documentation = "https://docs.rs/ark-bn254/"
keywords = ["cryptography", "finite fields", "elliptic curves" ]
keywords = ["cryptography", "finite-fields", "elliptic-curves" ]
categories = ["cryptography"]
include = ["Cargo.toml", "src", "README.md", "LICENSE-APACHE", "LICENSE-MIT"]
license = "MIT/Apache-2.0"
edition = "2018"
[dependencies]
ark-ff = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-ec = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-std = { git = "https://github.com/arkworks-rs/utils", default-features = false }
ark-ff = { version="^0.3.0", default-features = false }
ark-ec = { version="^0.3.0", default-features = false }
ark-std = { version="^0.3.0", default-features = false }
[dev-dependencies]
ark-serialize = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-curve-tests = { path = "../curve-tests", default-features = false }
rand = { version = "0.7", default-features = false }
rand_xorshift = "0.2"
ark-serialize = { version="^0.3.0", default-features = false }
ark-algebra-test-templates = { version="^0.3.0", default-features = false }
[features]
default = [ "curve" ]

42
bn254/src/curves/g1.rs
View File

@@ -1,5 +1,5 @@
use ark_ec::models::{ModelParameters, SWModelParameters};
use ark_ff::{biginteger::BigInteger256, field_new, Zero};
use ark_ff::{field_new, Zero};
use crate::{Fq, Fr};
@@ -13,28 +13,16 @@ impl ModelParameters for Parameters {
impl SWModelParameters for Parameters {
/// COEFF_A = 0
const COEFF_A: Fq = field_new!(Fq, BigInteger256([0x0, 0x0, 0x0, 0x0]));
const COEFF_A: Fq = field_new!(Fq, "0");
/// COEFF_B = 3
#[rustfmt::skip]
const COEFF_B: Fq = field_new!(Fq, BigInteger256([
0x7a17caa950ad28d7,
0x1f6ac17ae15521b9,
0x334bea4e696bd284,
0x2a1f6744ce179d8e,
]));
const COEFF_B: Fq = field_new!(Fq, "3");
/// COFACTOR = 1
const COFACTOR: &'static [u64] = &[0x1];
/// COFACTOR_INV = COFACTOR^{-1} mod r = 1
#[rustfmt::skip]
const COFACTOR_INV: Fr = field_new!(Fr, BigInteger256([
0xac96341c4ffffffb,
0x36fc76959f60cd29,
0x666ea36f7879462e,
0xe0a77c19a07df2f,
]));
const COFACTOR_INV: Fr = field_new!(Fr, "1");
/// AFFINE_GENERATOR_COEFFS = (G1_GENERATOR_X, G1_GENERATOR_Y)
const AFFINE_GENERATOR_COEFFS: (Self::BaseField, Self::BaseField) =
@@ -46,22 +34,8 @@ impl SWModelParameters for Parameters {
}
}
/// G1_GENERATOR_X =
/// 1
#[rustfmt::skip]
pub const G1_GENERATOR_X: Fq = field_new!(Fq, BigInteger256([
0xd35d438dc58f0d9d,
0x0a78eb28f5c70b3d,
0x666ea36f7879462c,
0x0e0a77c19a07df2f,
]));
/// G1_GENERATOR_X = 1
pub const G1_GENERATOR_X: Fq = field_new!(Fq, "1");
/// G1_GENERATOR_Y =
/// 2
#[rustfmt::skip]
pub const G1_GENERATOR_Y: Fq = field_new!(Fq, BigInteger256([
0xa6ba871b8b1e1b3a,
0x14f1d651eb8e167b,
0xccdd46def0f28c58,
0x1c14ef83340fbe5e,
]));
/// G1_GENERATOR_Y = 2
pub const G1_GENERATOR_Y: Fq = field_new!(Fq, "2");

58
bn254/src/curves/g2.rs
View File

@@ -1,7 +1,7 @@
use ark_ec::models::{ModelParameters, SWModelParameters};
use ark_ff::{biginteger::BigInteger256, field_new, Zero};
use ark_ff::{field_new, Zero};
use crate::{g1, Fq, Fq2, Fr};
use crate::{Fq, Fq2, Fr};
#[derive(Clone, Default, PartialEq, Eq)]
pub struct Parameters;
@@ -14,27 +14,14 @@ impl ModelParameters for Parameters {
impl SWModelParameters for Parameters {
/// COEFF_A = [0, 0]
#[rustfmt::skip]
const COEFF_A: Fq2 = field_new!(Fq2,
g1::Parameters::COEFF_A,
g1::Parameters::COEFF_A,
);
const COEFF_A: Fq2 = field_new!(Fq2, field_new!(Fq, "0"), field_new!(Fq, "0"));
/// COEFF_B = 3/(u+9)
/// = (19485874751759354771024239261021720505790618469301721065564631296452457478373, 266929791119991161246907387137283842545076965332900288569378510910307636690)
#[rustfmt::skip]
const COEFF_B: Fq2 = field_new!(Fq2,
field_new!(Fq, BigInteger256([
0x3bf938e377b802a8,
0x020b1b273633535d,
0x26b7edf049755260,
0x2514c6324384a86d,
])),
field_new!(Fq, BigInteger256([
0x38e7ecccd1dcff67,
0x65f0b37d93ce0d3e,
0xd749d0dd22ac00aa,
0x0141b9ce4a688d4d,
])),
field_new!(Fq, "19485874751759354771024239261021720505790618469301721065564631296452457478373"),
field_new!(Fq, "266929791119991161246907387137283842545076965332900288569378510910307636690"),
);
/// COFACTOR = (36 * X^4) + (36 * X^3) + (30 * X^2) + 6*X + 1
@@ -49,12 +36,7 @@ impl SWModelParameters for Parameters {
/// COFACTOR_INV = COFACTOR^{-1} mod r
#[rustfmt::skip]
const COFACTOR_INV: Fr = field_new!(Fr, BigInteger256([
0x7fff17d53ff2895e,
0xd0617390cf7919e5,
0xb9af426b22d0eb61,
0x270485e31bd72a4d,
]));
const COFACTOR_INV: Fr = field_new!(Fr, "10944121435919637613327163357776759465618812564592884533313067514031822496649");
/// AFFINE_GENERATOR_COEFFS = (G2_GENERATOR_X, G2_GENERATOR_Y)
const AFFINE_GENERATOR_COEFFS: (Self::BaseField, Self::BaseField) =
@@ -74,39 +56,19 @@ pub const G2_GENERATOR_Y: Fq2 = field_new!(Fq2, G2_GENERATOR_Y_C0, G2_GENERATOR_
/// G2_GENERATOR_X_C0 =
/// 10857046999023057135944570762232829481370756359578518086990519993285655852781
#[rustfmt::skip]
pub const G2_GENERATOR_X_C0: Fq = field_new!(Fq, BigInteger256([
0x8e83b5d102bc2026,
0xdceb1935497b0172,
0xfbb8264797811adf,
0x19573841af96503b,
]));
pub const G2_GENERATOR_X_C0: Fq = field_new!(Fq, "10857046999023057135944570762232829481370756359578518086990519993285655852781");
/// G2_GENERATOR_X_C1 =
/// 11559732032986387107991004021392285783925812861821192530917403151452391805634
#[rustfmt::skip]
pub const G2_GENERATOR_X_C1: Fq = field_new!(Fq, BigInteger256([
0xafb4737da84c6140,
0x6043dd5a5802d8c4,
0x09e950fc52a02f86,
0x14fef0833aea7b6b,
]));
pub const G2_GENERATOR_X_C1: Fq = field_new!(Fq, "11559732032986387107991004021392285783925812861821192530917403151452391805634");
/// G2_GENERATOR_Y_C0 =
/// 8495653923123431417604973247489272438418190587263600148770280649306958101930
#[rustfmt::skip]
pub const G2_GENERATOR_Y_C0: Fq = field_new!(Fq, BigInteger256([
0x619dfa9d886be9f6,
0xfe7fd297f59e9b78,
0xff9e1a62231b7dfe,
0x28fd7eebae9e4206,
]));
pub const G2_GENERATOR_Y_C0: Fq = field_new!(Fq, "8495653923123431417604973247489272438418190587263600148770280649306958101930");
/// G2_GENERATOR_Y_C1 =
/// 4082367875863433681332203403145435568316851327593401208105741076214120093531
#[rustfmt::skip]
pub const G2_GENERATOR_Y_C1: Fq = field_new!(Fq, BigInteger256([
0x64095b56c71856ee,
0xdc57f922327d3cbb,
0x55f935be33351076,
0x0da4a0e693fd6482,
]));
pub const G2_GENERATOR_Y_C1: Fq = field_new!(Fq, "4082367875863433681332203403145435568316851327593401208105741076214120093531");

33
bn254/src/curves/mod.rs
View File

@@ -3,7 +3,7 @@ use ark_ec::{
bn,
bn::{Bn, BnParameters, TwistType},
};
use ark_ff::{biginteger::BigInteger256, field_new};
use ark_ff::field_new;
pub mod g1;
pub mod g2;
@@ -21,48 +21,27 @@ impl BnParameters for Parameters {
0, 1, 1, 1, 0, 0, -1, 0, 0, 1, 0, 0, 0, 0, 0, -1, 0, 0, 1, 1, 0, 0, -1, 0, 0, 0, 1, 1, 0,
-1, 0, 0, 1, 0, 1, 1,
];
/// `ate_loop_count` is positive.
const ATE_LOOP_COUNT_IS_NEGATIVE: bool = false;
const TWIST_MUL_BY_Q_X: Fq2 = field_new!(
Fq2,
field_new!(
Fq,
BigInteger256([
0xb5773b104563ab30,
0x347f91c8a9aa6454,
0x7a007127242e0991,
0x1956bcd8118214ec,
])
"21575463638280843010398324269430826099269044274347216827212613867836435027261"
),
field_new!(
Fq,
BigInteger256([
0x6e849f1ea0aa4757,
0xaa1c7b6d89f89141,
0xb6e713cdfae0ca3a,
0x26694fbb4e82ebc3,
])
"10307601595873709700152284273816112264069230130616436755625194854815875713954"
),
);
const TWIST_MUL_BY_Q_Y: Fq2 = field_new!(
Fq2,
field_new!(
Fq,
BigInteger256([
0xe4bbdd0c2936b629,
0xbb30f162e133bacb,
0x31a9d1b6f9645366,
0x253570bea500f8dd,
])
"2821565182194536844548159561693502659359617185244120367078079554186484126554"
),
field_new!(
Fq,
BigInteger256([
0xa1d77ce45ffe77c7,
0x07affd117826d1db,
0x6d16bd27bb7edc6b,
0x2c87200285defecc,
])
"3505843767911556378687030309984248845540243509899259641013678093033130930403"
),
);
const TWIST_TYPE: TwistType = TwistType::D;

7
bn254/src/curves/tests.rs
View File

@@ -2,15 +2,16 @@
use ark_ec::{models::SWModelParameters, AffineCurve, PairingEngine, ProjectiveCurve};
use ark_ff::{
fields::{Field, FpParameters, PrimeField, SquareRootField},
test_rng, One, Zero,
One, Zero,
};
use ark_serialize::CanonicalSerialize;
use ark_std::rand::Rng;
use ark_std::test_rng;
use core::ops::{AddAssign, MulAssign};
use rand::Rng;
use crate::{g1, g2, Bn254, Fq, Fq12, Fq2, Fr, G1Affine, G1Projective, G2Affine, G2Projective};
use ark_curve_tests::{curves::*, groups::*};
use ark_algebra_test_templates::{curves::*, groups::*};
#[test]
fn test_g1_projective_curve() {

8
bn254/src/fields/fq.rs
View File

@@ -19,7 +19,7 @@ impl FftParameters for FqParameters {
]);
}
impl FpParameters for FqParameters {
/// MODULUS = 258664426012969094010652733694893533536393512754914660539884262666720468348340822774968888139573360124440321458177
/// MODULUS = 21888242871839275222246405745257275088696311157297823662689037894645226208583
#[rustfmt::skip]
const MODULUS: BigInteger = BigInteger([
0x3c208c16d87cfd47,
@@ -82,7 +82,7 @@ impl FpParameters for FqParameters {
]);
// (T - 1) // 2 =
// 1837921289030710838195067919506396475074392872918698035817074744121558668640693829665401097909504529
// 5472060717959818805561601436314318772174077789324455915672259473661306552145
#[rustfmt::skip]
const T_MINUS_ONE_DIV_TWO: BigInteger = BigInteger([
0x4f082305b61f3f51,
@@ -92,5 +92,5 @@ impl FpParameters for FqParameters {
]);
}
pub const FQ_ONE: Fq = field_new!(Fq, FqParameters::R);
pub const FQ_ZERO: Fq = field_new!(Fq, BigInteger([0, 0, 0, 0]));
pub const FQ_ONE: Fq = field_new!(Fq, "1");
pub const FQ_ZERO: Fq = field_new!(Fq, "0");

136
bn254/src/fields/fq12.rs
View File

@@ -1,5 +1,5 @@
use super::*;
use ark_ff::{biginteger::BigInteger256, field_new, fields::*};
use ark_ff::{field_new, fields::*};
pub type Fq12 = Fp12<Fq12Parameters>;
@@ -14,146 +14,64 @@ impl Fp12Parameters for Fq12Parameters {
#[rustfmt::skip]
const FROBENIUS_COEFF_FP12_C1: &'static [Fq2] = &[
// Fp2::NONRESIDUE^(((q^0) - 1) / 6)
FQ2_ONE,
field_new!(Fq2,
field_new!(Fq, "1"),
field_new!(Fq, "0"),
),
// Fp2::NONRESIDUE^(((q^1) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, BigInteger256([
0xaf9ba69633144907,
0xca6b1d7387afb78a,
0x11bded5ef08a2087,
0x02f34d751a1f3a7c,
])),
field_new!(Fq, BigInteger256([
0xa222ae234c492d72,
0xd00f02a4565de15b,
0xdc2ff3a253dfc926,
0x10a75716b3899551,
])),
field_new!(Fq, "8376118865763821496583973867626364092589906065868298776909617916018768340080"),
field_new!(Fq, "16469823323077808223889137241176536799009286646108169935659301613961712198316"),
),
// Fp2::NONRESIDUE^(((q^2) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, BigInteger256([
0xca8d800500fa1bf2,
0xf0c5d61468b39769,
0x0e201271ad0d4418,
0x04290f65bad856e6,
])),
FQ_ZERO,
field_new!(Fq, "21888242871839275220042445260109153167277707414472061641714758635765020556617"),
field_new!(Fq, "0"),
),
// Fp2::NONRESIDUE^(((q^3) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, BigInteger256([
0x365316184e46d97d,
0x0af7129ed4c96d9f,
0x659da72fca1009b5,
0x08116d8983a20d23,
])),
field_new!(Fq, BigInteger256([
0xb1df4af7c39c1939,
0x3d9f02878a73bf7f,
0x9b2220928caf0ae0,
0x26684515eff054a6,
])),
field_new!(Fq, "11697423496358154304825782922584725312912383441159505038794027105778954184319"),
field_new!(Fq, "303847389135065887422783454877609941456349188919719272345083954437860409601"),
),
// Fp2::NONRESIDUE^(((q^4) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, BigInteger256([
0x3350c88e13e80b9c,
0x7dce557cdb5e56b9,
0x6001b4b8b615564a,
0x2682e617020217e0,
])),
FQ_ZERO,
field_new!(Fq, "21888242871839275220042445260109153167277707414472061641714758635765020556616"),
field_new!(Fq, "0"),
),
// Fp2::NONRESIDUE^(((q^5) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, BigInteger256([
0x86b76f821b329076,
0x408bf52b4d19b614,
0x53dfb9d0d985e92d,
0x051e20146982d2a7,
])),
field_new!(Fq, BigInteger256([
0x0fbc9cd47752ebc7,
0x6d8fffe33415de24,
0xbef22cf038cf41b9,
0x15c0edff3c66bf54,
])),
field_new!(Fq, "3321304630594332808241809054958361220322477375291206261884409189760185844239"),
field_new!(Fq, "5722266937896532885780051958958348231143373700109372999374820235121374419868"),
),
// Fp2::NONRESIDUE^(((q^6) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, BigInteger256([
0x68c3488912edefaa,
0x8d087f6872aabf4f,
0x51e1a24709081231,
0x2259d6b14729c0fa,
])),
FQ_ZERO,
field_new!(Fq, "-1"),
field_new!(Fq, "0"),
),
// Fp2::NONRESIDUE^(((q^7) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, BigInteger256([
0x8c84e580a568b440,
0xcd164d1de0c21302,
0xa692585790f737d5,
0x2d7100fdc71265ad,
])),
field_new!(Fq, BigInteger256([
0x99fdddf38c33cfd5,
0xc77267ed1213e931,
0xdc2052142da18f36,
0x1fbcf75c2da80ad7,
])),
field_new!(Fq, "13512124006075453725662431877630910996106405091429524885779419978626457868503"),
field_new!(Fq, "5418419548761466998357268504080738289687024511189653727029736280683514010267"),
),
// Fp2::NONRESIDUE^(((q^8) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, BigInteger256([
0x71930c11d782e155,
0xa6bb947cffbe3323,
0xaa303344d4741444,
0x2c3b3f0d26594943,
])),
FQ_ZERO,
field_new!(Fq, "2203960485148121921418603742825762020974279258880205651966"),
field_new!(Fq, "0"),
),
// Fp2::NONRESIDUE^(((q^9) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, BigInteger256([
0x05cd75fe8a3623ca,
0x8c8a57f293a85cee,
0x52b29e86b7714ea8,
0x2852e0e95d8f9306,
])),
field_new!(Fq, BigInteger256([
0x8a41411f14e0e40e,
0x59e26809ddfe0b0d,
0x1d2e2523f4d24d7d,
0x09fc095cf1414b83,
])),
field_new!(Fq, "10190819375481120917420622822672549775783927716138318623895010788866272024264"),
field_new!(Fq, "21584395482704209334823622290379665147239961968378104390343953940207365798982"),
),
// Fp2::NONRESIDUE^(((q^10) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, BigInteger256([
0x08cfc388c494f1ab,
0x19b315148d1373d4,
0x584e90fdcb6c0213,
0x09e1685bdf2f8849,
])),
FQ_ZERO,
field_new!(Fq, "2203960485148121921418603742825762020974279258880205651967"),
field_new!(Fq, "0"),
),
// Fp2::NONRESIDUE^(((q^11) - 1) / 6)
field_new!(Fq2,
field_new!(Fq, BigInteger256([
0xb5691c94bd4a6cd1,
0x56f575661b581478,
0x64708be5a7fb6f30,
0x2b462e5e77aecd82,
])),
field_new!(Fq, BigInteger256([
0x2c63ef42612a1180,
0x29f16aae345bec69,
0xf95e18c648b216a4,
0x1aa36073a4cae0d4,
])),
field_new!(Fq, "18566938241244942414004596690298913868373833782006617400804628704885040364344"),
field_new!(Fq, "16165975933942742336466353786298926857552937457188450663314217659523851788715"),
),
];
}

37
bn254/src/fields/fq2.rs
View File

@@ -1,5 +1,5 @@
use super::*;
use ark_ff::{biginteger::BigInteger256 as BigInteger, field_new, fields::*};
use ark_ff::{field_new, fields::*};
pub type Fq2 = Fp2<Fq2Parameters>;
@@ -10,47 +10,22 @@ impl Fp2Parameters for Fq2Parameters {
/// NONRESIDUE = -1
#[rustfmt::skip]
const NONRESIDUE: Fq = field_new!(Fq, BigInteger([
0x68c3488912edefaa,
0x8d087f6872aabf4f,
0x51e1a24709081231,
0x2259d6b14729c0fa,
]));
const NONRESIDUE: Fq = field_new!(Fq, "-1");
/// QUADRATIC_NONRESIDUE = U+2
#[rustfmt::skip]
const QUADRATIC_NONRESIDUE: (Fq, Fq) = (
field_new!(Fq, BigInteger([
12014063508332092218u64,
1509222997478479483u64,
14762033076929465432u64,
2023505479389396574u64,
])),
field_new!(Fq, BigInteger([
202099033278250856u64,
8885205928937022213u64,
5545221690922665192u64,
39800542322357402u64,
])),
field_new!(Fq, "2"),
field_new!(Fq, "1"),
);
/// Coefficients for the Frobenius automorphism.
#[rustfmt::skip]
const FROBENIUS_COEFF_FP2_C1: &'static [Fq] = &[
// NONRESIDUE**(((q^0) - 1) / 2)
field_new!(Fq, BigInteger([
0xd35d438dc58f0d9d,
0x0a78eb28f5c70b3d,
0x666ea36f7879462c,
0xe0a77c19a07df2f,
])),
field_new!(Fq, "1"),
// NONRESIDUE**(((q^1) - 1) / 2)
field_new!(Fq, BigInteger([
0x68c3488912edefaa,
0x8d087f6872aabf4f,
0x51e1a24709081231,
0x2259d6b14729c0fa,
])),
field_new!(Fq, "-1"),
];
#[inline(always)]

155
bn254/src/fields/fq6.rs
View File

@@ -1,5 +1,5 @@
use super::*;
use ark_ff::{biginteger::BigInteger256, field_new, fields::*};
use ark_ff::{field_new, fields::*};
pub type Fq6 = Fp6<Fq6Parameters>;
@@ -11,175 +11,72 @@ impl Fp6Parameters for Fq6Parameters {
/// NONRESIDUE = U+9
#[rustfmt::skip]
const NONRESIDUE: Fq2 = field_new!(Fq2,
field_new!(Fq, BigInteger256([
0xf60647ce410d7ff7,
0x2f3d6f4dd31bd011,
0x2943337e3940c6d1,
0x1d9598e8a7e39857,
])),
field_new!(Fq, BigInteger256([
202099033278250856u64,
8885205928937022213u64,
5545221690922665192u64,
39800542322357402u64,
])),
);
const NONRESIDUE: Fq2 = field_new!(Fq2, field_new!(Fq, "9"), field_new!(Fq, "1"));
#[rustfmt::skip]
const FROBENIUS_COEFF_FP6_C1: &'static [Fq2] = &[
// Fp2::NONRESIDUE^(((q^0) - 1) / 3)
field_new!(Fq2,
field_new!(Fq, BigInteger256([
0xd35d438dc58f0d9d,
0x0a78eb28f5c70b3d,
0x666ea36f7879462c,
0xe0a77c19a07df2f,
])),
field_new!(Fq, BigInteger256([0x0, 0x0, 0x0, 0x0])),
field_new!(Fq, "1"),
field_new!(Fq, "0"),
),
// Fp2::NONRESIDUE^(((q^1) - 1) / 3)
field_new!(Fq2,
field_new!(Fq, BigInteger256([
0xb5773b104563ab30,
0x347f91c8a9aa6454,
0x7a007127242e0991,
0x1956bcd8118214ec,
])),
field_new!(Fq, BigInteger256([
0x6e849f1ea0aa4757,
0xaa1c7b6d89f89141,
0xb6e713cdfae0ca3a,
0x26694fbb4e82ebc3,
])),
field_new!(Fq, "21575463638280843010398324269430826099269044274347216827212613867836435027261"),
field_new!(Fq, "10307601595873709700152284273816112264069230130616436755625194854815875713954"),
),
// Fp2::NONRESIDUE^(((q^2) - 1) / 3)
field_new!(Fq2,
field_new!(Fq, BigInteger256([
0x3350c88e13e80b9c,
0x7dce557cdb5e56b9,
0x6001b4b8b615564a,
0x2682e617020217e0,
])),
field_new!(Fq, BigInteger256([0x0, 0x0, 0x0, 0x0])),
field_new!(Fq, "21888242871839275220042445260109153167277707414472061641714758635765020556616"),
field_new!(Fq, "0"),
),
// Fp2::NONRESIDUE^(((q^3) - 1) / 3)
field_new!(Fq2,
field_new!(Fq, BigInteger256([
0xc9af22f716ad6bad,
0xb311782a4aa662b2,
0x19eeaf64e248c7f4,
0x20273e77e3439f82,
])),
field_new!(Fq, BigInteger256([
0xacc02860f7ce93ac,
0x3933d5817ba76b4c,
0x69e6188b446c8467,
0xa46036d4417cc55,
])),
field_new!(Fq, "3772000881919853776433695186713858239009073593817195771773381919316419345261"),
field_new!(Fq, "2236595495967245188281701248203181795121068902605861227855261137820944008926"),
),
// Fp2::NONRESIDUE^(((q^4) - 1) / 3)
field_new!(Fq2,
field_new!(Fq, BigInteger256([
0x71930c11d782e155,
0xa6bb947cffbe3323,
0xaa303344d4741444,
0x2c3b3f0d26594943,
])),
field_new!(Fq, BigInteger256([0x0, 0x0, 0x0, 0x0])),
field_new!(Fq, "2203960485148121921418603742825762020974279258880205651966"),
field_new!(Fq, "0"),
),
// Fp2::NONRESIDUE^(((q^5) - 1) / 3)
field_new!(Fq2,
field_new!(Fq, BigInteger256([
0xf91aba2654e8e3b1,
0x4771cb2fdc92ce12,
0xdcb16ae0fc8bdf35,
0x274aa195cd9d8be4,
])),
field_new!(Fq, BigInteger256([
0x5cfc50ae18811f8b,
0x4bb28433cb43988c,
0x4fd35f13c3b56219,
0x301949bd2fc8883a,
])),
field_new!(Fq, "18429021223477853657660792034369865839114504446431234726392080002137598044644"),
field_new!(Fq, "9344045779998320333812420223237981029506012124075525679208581902008406485703"),
),
];
#[rustfmt::skip]
const FROBENIUS_COEFF_FP6_C2: &'static [Fq2] = &[
// Fp2::NONRESIDUE^((2*(q^0) - 2) / 3)
field_new!(Fq2,
field_new!(Fq, BigInteger256([
0xd35d438dc58f0d9d,
0x0a78eb28f5c70b3d,
0x666ea36f7879462c,
0xe0a77c19a07df2f,
])),
field_new!(Fq, BigInteger256([0x0, 0x0, 0x0, 0x0])),
field_new!(Fq, "1"),
field_new!(Fq, "0"),
),
// Fp2::NONRESIDUE^((2*(q^1) - 2) / 3)
field_new!(Fq2,
field_new!(Fq, BigInteger256([
0x7361d77f843abe92,
0xa5bb2bd3273411fb,
0x9c941f314b3e2399,
0x15df9cddbb9fd3ec,
])),
field_new!(Fq, BigInteger256([
0x5dddfd154bd8c949,
0x62cb29a5a4445b60,
0x37bc870a0c7dd2b9,
0x24830a9d3171f0fd,
])),
field_new!(Fq, "2581911344467009335267311115468803099551665605076196740867805258568234346338"),
field_new!(Fq, "19937756971775647987995932169929341994314640652964949448313374472400716661030"),
),
// Fp2::NONRESIDUE^((2*(q^2) - 2) / 3)
field_new!(Fq2,
field_new!(Fq, BigInteger256([
0x71930c11d782e155,
0xa6bb947cffbe3323,
0xaa303344d4741444,
0x2c3b3f0d26594943,
])),
field_new!(Fq, BigInteger256([0x0, 0x0, 0x0, 0x0])),
field_new!(Fq, "2203960485148121921418603742825762020974279258880205651966"),
field_new!(Fq, "0"),
),
// Fp2::NONRESIDUE^((2*(q^3) - 2) / 3)
field_new!(Fq2,
field_new!(Fq, BigInteger256([
0x448a93a57b6762df,
0xbfd62df528fdeadf,
0xd858f5d00e9bd47a,
0x6b03d4d3476ec58,
])),
field_new!(Fq, BigInteger256([
0x2b19daf4bcc936d1,
0xa1a54e7a56f4299f,
0xb533eee05adeaef1,
0x170c812b84dda0b2,
])),
field_new!(Fq, "5324479202449903542726783395506214481928257762400643279780343368557297135718"),
field_new!(Fq, "16208900380737693084919495127334387981393726419856888799917914180988844123039"),
),
// Fp2::NONRESIDUE^((2*(q^4) - 2) / 3)
field_new!(Fq2,
field_new!(Fq, BigInteger256([
0x3350c88e13e80b9c,
0x7dce557cdb5e56b9,
0x6001b4b8b615564a,
0x2682e617020217e0,
])),
field_new!(Fq, BigInteger256([0x0, 0x0, 0x0, 0x0])),
field_new!(Fq, "21888242871839275220042445260109153167277707414472061641714758635765020556616"),
field_new!(Fq, "0"),
),
// Fp2::NONRESIDUE^((2*(q^5) - 2) / 3)
field_new!(Fq2,
field_new!(Fq, BigInteger256([
0x843420f1d8dadbd6,
0x31f010c9183fcdb2,
0x436330b527a76049,
0x13d47447f11adfe4,
])),
field_new!(Fq, BigInteger256([
0xef494023a857fa74,
0x2a925d02d5ab101a,
0x83b015829ba62f10,
0x2539111d0c13aea3,
])),
field_new!(Fq, "13981852324922362344252311234282257507216387789820983642040889267519694726527"),
field_new!(Fq, "7629828391165209371577384193250820201684255241773809077146787135900891633097"),
),
];

13
bn254/src/fields/fr.rs
View File

@@ -34,6 +34,8 @@ impl FpParameters for FrParameters {
const REPR_SHAVE_BITS: u32 = 2;
/// R = pow(2, 320) % MODULUS
/// = 6350874878119819312338956282401532410528162663560392320966563075034087161851
#[rustfmt::skip]
const R: BigInteger = BigInteger([
12436184717236109307u64,
@@ -42,6 +44,8 @@ impl FpParameters for FrParameters {
1011752739694698287u64,
]);
/// R2 = R * R % MODULUS
/// = 944936681149208446651664254269745548490766851729442924617792859073125903783
#[rustfmt::skip]
const R2: BigInteger = BigInteger([
1997599621687373223u64,
@@ -50,9 +54,10 @@ impl FpParameters for FrParameters {
150537098327114917u64,
]);
/// INV = (-MODULUS) ^ {-1} % pow(2, 64) = 14042775128853446655
const INV: u64 = 14042775128853446655u64;
// GENERATOR = 5
/// GENERATOR = 5
#[rustfmt::skip]
const GENERATOR: BigInteger = BigInteger([
1949230679015292902u64,
@@ -61,7 +66,7 @@ impl FpParameters for FrParameters {
1571765431670520771u64,
]);
/// (r - 1)/2 =
/// (MODULUS - 1)/2 =
/// 10944121435919637611123202872628637544274182200208017171849102093287904247808
#[rustfmt::skip]
const MODULUS_MINUS_ONE_DIV_TWO: BigInteger = BigInteger([
@@ -73,7 +78,7 @@ impl FpParameters for FrParameters {
// T and T_MINUS_ONE_DIV_TWO, where r - 1 = 2^s * t
/// t = (r - 1) / 2^s =
/// T = (MODULUS - 1) / 2^s =
/// 81540058820840996586704275553141814055101440848469862132140264610111
#[rustfmt::skip]
const T: BigInteger = BigInteger([
@@ -83,7 +88,7 @@ impl FpParameters for FrParameters {
0x30644e72e,
]);
/// (t - 1) / 2 =
/// (T - 1) / 2 =
/// 40770029410420498293352137776570907027550720424234931066070132305055
#[rustfmt::skip]
const T_MINUS_ONE_DIV_TWO: BigInteger = BigInteger([

34
bn254/src/fields/tests.rs
View File

@@ -4,18 +4,18 @@ use ark_ff::{
fp6_3over2::Fp6Parameters, FftField, FftParameters, Field, FpParameters, PrimeField,
SquareRootField,
},
test_rng, One, UniformRand, Zero,
One, UniformRand, Zero,
};
use ark_serialize::{buffer_bit_byte_size, CanonicalSerialize};
use ark_std::rand::Rng;
use ark_std::test_rng;
use core::{
cmp::Ordering,
ops::{AddAssign, MulAssign, SubAssign},
};
use rand::{Rng, SeedableRng};
use rand_xorshift::XorShiftRng;
use crate::{Fq, Fq12, Fq2, Fq6, Fq6Parameters, FqParameters, Fr};
use ark_curve_tests::fields::*;
use ark_algebra_test_templates::fields::*;
pub(crate) const ITERATIONS: usize = 5;
@@ -129,7 +129,7 @@ fn test_fq_repr_num_bits() {
fn test_fq_add_assign() {
// Test associativity
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let mut rng = ark_std::test_rng();
for _ in 0..1000 {
// Generate a, b, c and ensure (a + b) + c == a + (b + c).
@@ -151,7 +151,7 @@ fn test_fq_add_assign() {
#[test]
fn test_fq_sub_assign() {
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let mut rng = ark_std::test_rng();
for _ in 0..1000 {
// Ensure that (a - b) + (b - a) = 0.
@@ -171,7 +171,7 @@ fn test_fq_sub_assign() {
#[test]
fn test_fq_mul_assign() {
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let mut rng = ark_std::test_rng();
for _ in 0..1000000 {
// Ensure that (a * b) * c = a * (b * c)
@@ -216,7 +216,7 @@ fn test_fq_mul_assign() {
#[test]
fn test_fq_squaring() {
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let mut rng = ark_std::test_rng();
for _ in 0..1000000 {
// Ensure that (a * a) = a^2
@@ -236,7 +236,7 @@ fn test_fq_squaring() {
fn test_fq_inverse() {
assert!(Fq::zero().inverse().is_none());
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let mut rng = ark_std::test_rng();
let one = Fq::one();
@@ -251,7 +251,7 @@ fn test_fq_inverse() {
#[test]
fn test_fq_double_in_place() {
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let mut rng = ark_std::test_rng();
for _ in 0..1000 {
// Ensure doubling a is equivalent to adding a to itself.
@@ -271,7 +271,7 @@ fn test_fq_negate() {
assert!(a.is_zero());
}
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let mut rng = ark_std::test_rng();
for _ in 0..1000 {
// Ensure (a - (-a)) = 0.
@@ -285,7 +285,7 @@ fn test_fq_negate() {
#[test]
fn test_fq_pow() {
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let mut rng = ark_std::test_rng();
for i in 0..1000 {
// Exponentiate by various small numbers and ensure it consists with repeated
@@ -309,7 +309,7 @@ fn test_fq_pow() {
#[test]
fn test_fq_sqrt() {
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let mut rng = ark_std::test_rng();
assert_eq!(Fq::zero().sqrt().unwrap(), Fq::zero());
@@ -430,7 +430,7 @@ fn test_fq2_legendre() {
#[test]
fn test_fq6_mul_by_1() {
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let mut rng = ark_std::test_rng();
for _ in 0..1000 {
let c1 = Fq2::rand(&mut rng);
@@ -446,7 +446,7 @@ fn test_fq6_mul_by_1() {
#[test]
fn test_fq6_mul_by_01() {
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let mut rng = ark_std::test_rng();
for _ in 0..1000 {
let c0 = Fq2::rand(&mut rng);
@@ -463,7 +463,7 @@ fn test_fq6_mul_by_01() {
#[test]
fn test_fq12_mul_by_014() {
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let mut rng = ark_std::test_rng();
for _ in 0..1000 {
let c0 = Fq2::rand(&mut rng);
@@ -484,7 +484,7 @@ fn test_fq12_mul_by_014() {
#[test]
fn test_fq12_mul_by_034() {
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let mut rng = ark_std::test_rng();
for _ in 0..1000 {
let c0 = Fq2::rand(&mut rng);

4
bn254/src/lib.rs
View File

@@ -8,7 +8,7 @@
)]
#![forbid(unsafe_code)]
//! This library implements the BN254 curve that was sampled as part of the [[BCTV14]][https://eprint.iacr.org/2013/879.pdf] paper .
//! This library implements the BN254 curve that was sampled as part of the [\[BCTV14\]](https://eprint.iacr.org/2013/879.pdf) paper .
//! The name denotes that it is a Barreto--Naehrig curve of embedding degree 12,
//! defined over a 254-bit (prime) field. The scalar field is highly 2-adic.
//!
@@ -26,7 +26,7 @@
//! * valuation(r - 1, 2) = 28
//! * G1 curve equation: y^2 = x^3 + 3
//! * G2 curve equation: y^2 = x^3 + B, where
//! * B = 3/(u+9) where Fq2[u]=Fq/u+1
//! * B = 3/(u+9) where Fq2 is represented as Fq\[u\]/(u^2+1)
//! = Fq2(19485874751759354771024239261021720505790618469301721065564631296452457478373, 266929791119991161246907387137283842545076965332900288569378510910307636690)
#[cfg(feature = "curve")]

22
bw6_761/Cargo.toml
View File

@@ -1,28 +1,26 @@
[package]
name = "ark-bw6-761"
version = "0.1.0"
version = "0.3.0"
authors = [ "arkworks contributors" ]
description = "The BW6-761 pairing-friendly elliptic curve"
homepage = "https://arworks.rs"
repository = "https://github.com/arkworks/algebra"
homepage = "https://arkworks.rs"
repository = "https://github.com/arkworks-rs/curves"
documentation = "https://docs.rs/ark-bw6-761/"
keywords = ["cryptography", "finite fields", "elliptic curves" ]
keywords = ["cryptography", "finite-fields", "elliptic-curves" ]
categories = ["cryptography"]
include = ["Cargo.toml", "src", "README.md", "LICENSE-APACHE", "LICENSE-MIT"]
license = "MIT/Apache-2.0"
edition = "2018"
[dependencies]
ark-ff = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-ec = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-std = { git = "https://github.com/arkworks-rs/utils", default-features = false }
ark-bls12-377 = { path = "../bls12_377", default-features = false, features = [ "base_field" ] }
ark-ff = { version="^0.3.0", default-features = false }
ark-ec = { version="^0.3.0", default-features = false }
ark-std = { version="^0.3.0", default-features = false }
ark-bls12-377 = { version="^0.3.0", path = "../bls12_377", default-features = false, features = [ "base_field" ] }
[dev-dependencies]
ark-serialize = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-curve-tests = { path = "../curve-tests", default-features = false }
rand = { version = "0.7", default-features = false }
rand_xorshift = "0.2"
ark-serialize = { version="^0.3.0", default-features = false }
ark-algebra-test-templates = { version="^0.3.0", default-features = false }
[features]
default = []

61
bw6_761/src/curves/g1.rs
View File

@@ -3,10 +3,7 @@ use ark_ec::{
models::{ModelParameters, SWModelParameters},
short_weierstrass_jacobian::{GroupAffine, GroupProjective},
};
use ark_ff::{
biginteger::{BigInteger384, BigInteger768},
field_new,
};
use ark_ff::field_new;
pub type G1Affine = GroupAffine<Parameters>;
pub type G1Projective = GroupProjective<Parameters>;
@@ -23,24 +20,11 @@ impl SWModelParameters for Parameters {
/// COEFF_A = 0
#[rustfmt::skip]
const COEFF_A: Fq = field_new!(Fq, BigInteger768([0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]));
const COEFF_A: Fq = field_new!(Fq, "0");
/// COEFF_B = -1
#[rustfmt::skip]
const COEFF_B: Fq = field_new!(Fq, BigInteger768([
0xf29a000000007ab6,
0x8c391832e000739b,
0x77738a6b6870f959,
0xbe36179047832b03,
0x84f3089e56574722,
0xc5a3614ac0b1d984,
0x5c81153f4906e9fe,
0x4d28be3a9f55c815,
0xd72c1d6f77d5f5c5,
0x73a18e069ac04458,
0xf9dfaa846595555f,
0xd0f0a60a5be58c,
]));
const COEFF_B: Fq = field_new!(Fq, "-1");
/// COFACTOR =
/// 26642435879335816683987677701488073867751118270052650655942102502312977592501693353047140953112195348280268661194876
@@ -57,14 +41,7 @@ impl SWModelParameters for Parameters {
/// COFACTOR^(-1) mod r =
/// 91141326767669940707819291241958318717982251277713150053234367522357946997763584490607453720072232540829942217804
#[rustfmt::skip]
const COFACTOR_INV: Fr = field_new!(Fr, BigInteger384([
489703175600125849,
3883341943836920852,
1678256062427438196,
5848789333018172718,
7127967896440782320,
71512347676739162,
]));
const COFACTOR_INV: Fr = field_new!(Fr, "91141326767669940707819291241958318717982251277713150053234367522357946997763584490607453720072232540829942217804");
/// AFFINE_GENERATOR_COEFFS = (G1_GENERATOR_X, G1_GENERATOR_Y)
const AFFINE_GENERATOR_COEFFS: (Self::BaseField, Self::BaseField) =
@@ -79,35 +56,9 @@ impl SWModelParameters for Parameters {
/// G1_GENERATOR_X =
/// 6238772257594679368032145693622812838779005809760824733138787810501188623461307351759238099287535516224314149266511977132140828635950940021790489507611754366317801811090811367945064510304504157188661901055903167026722666149426237
#[rustfmt::skip]
pub const G1_GENERATOR_X: Fq = field_new!(Fq, BigInteger768([
0xd6e42d7614c2d770,
0x4bb886eddbc3fc21,
0x64648b044098b4d2,
0x1a585c895a422985,
0xf1a9ac17cf8685c9,
0x352785830727aea5,
0xddf8cb12306266fe,
0x6913b4bfbc9e949a,
0x3a4b78d67ba5f6ab,
0x0f481c06a8d02a04,
0x91d4e7365c43edac,
0xf4d17cd48beca5,
]));
pub const G1_GENERATOR_X: Fq = field_new!(Fq, "6238772257594679368032145693622812838779005809760824733138787810501188623461307351759238099287535516224314149266511977132140828635950940021790489507611754366317801811090811367945064510304504157188661901055903167026722666149426237");
/// G1_GENERATOR_Y =
/// 2101735126520897423911504562215834951148127555913367997162789335052900271653517958562461315794228241561913734371411178226936527683203879553093934185950470971848972085321797958124416462268292467002957525517188485984766314758624099
#[rustfmt::skip]
pub const G1_GENERATOR_Y: Fq = field_new!(Fq, BigInteger768([
0x97e805c4bd16411f,
0x870d844e1ee6dd08,
0x1eba7a37cb9eab4d,
0xd544c4df10b9889a,
0x8fe37f21a33897be,
0xe9bf99a43a0885d2,
0xd7ee0c9e273de139,
0xaa6a9ec7a38dd791,
0x8f95d3fcf765da8e,
0x42326e7db7357c99,
0xe217e407e218695f,
0x9d1eb23b7cf684,
]));
pub const G1_GENERATOR_Y: Fq = field_new!(Fq, "2101735126520897423911504562215834951148127555913367997162789335052900271653517958562461315794228241561913734371411178226936527683203879553093934185950470971848972085321797958124416462268292467002957525517188485984766314758624099");

61
bw6_761/src/curves/g2.rs
View File

@@ -3,10 +3,7 @@ use ark_ec::{
models::{ModelParameters, SWModelParameters},
short_weierstrass_jacobian::{GroupAffine, GroupProjective},
};
use ark_ff::{
biginteger::{BigInteger384, BigInteger768},
field_new,
};
use ark_ff::field_new;
pub type G2Affine = GroupAffine<Parameters>;
pub type G2Projective = GroupProjective<Parameters>;
@@ -23,24 +20,11 @@ impl SWModelParameters for Parameters {
/// COEFF_A = 0
#[rustfmt::skip]
const COEFF_A: Fq = field_new!(Fq, BigInteger768([0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]));
const COEFF_A: Fq = field_new!(Fq, "0");
/// COEFF_B = 4
#[rustfmt::skip]
const COEFF_B: Fq = field_new!(Fq, BigInteger768([
0x136efffffffe16c9,
0x82cf5a6dcffe3319,
0x6458c05f1f0e0741,
0xd10ae605e52a4eda,
0x41ca591c0266e100,
0x7d0fd59c3626929f,
0x9967dc004d00c112,
0x1ccff9c033379af5,
0x9ad6ec10a23f63af,
0x5cec11251a72c235,
0x8d18b1ae789ba83e,
10403402007434220,
]));
const COEFF_B: Fq = field_new!(Fq, "4");
/// COFACTOR =
/// 26642435879335816683987677701488073867751118270052650655942102502312977592501693353047140953112195348280268661194869
@@ -57,14 +41,7 @@ impl SWModelParameters for Parameters {
/// COFACTOR^(-1) mod r =
/// 214911522365886453591244899095480747723790054550866810551297776298664428889000553861210287833206024638187939842124
#[rustfmt::skip]
const COFACTOR_INV: Fr = field_new!(Fr, BigInteger384([
14378295991815829998,
14586153992421458638,
9788477762582722914,
12654821707953664524,
15185631607604703397,
26723985783783076,
]));
const COFACTOR_INV: Fr = field_new!(Fr, "214911522365886453591244899095480747723790054550866810551297776298664428889000553861210287833206024638187939842124");
/// AFFINE_GENERATOR_COEFFS = (G2_GENERATOR_X, G2_GENERATOR_Y)
const AFFINE_GENERATOR_COEFFS: (Self::BaseField, Self::BaseField) =
@@ -79,35 +56,9 @@ impl SWModelParameters for Parameters {
/// G2_GENERATOR_X =
/// 6445332910596979336035888152774071626898886139774101364933948236926875073754470830732273879639675437155036544153105017729592600560631678554299562762294743927912429096636156401171909259073181112518725201388196280039960074422214428
#[rustfmt::skip]
pub const G2_GENERATOR_X: Fq = field_new!(Fq, BigInteger768([
0x3d902a84cd9f4f78,
0x864e451b8a9c05dd,
0xc2b3c0d6646c5673,
0x17a7682def1ecb9d,
0xbe31a1e0fb768fe3,
0x4df125e09b92d1a6,
0x0943fce635b02ee9,
0xffc8e7ad0605e780,
0x8165c00a39341e95,
0x8ccc2ae90a0f094f,
0x73a8b8cc0ad09e0c,
0x11027e203edd9f4,
]));
pub const G2_GENERATOR_X: Fq = field_new!(Fq, "6445332910596979336035888152774071626898886139774101364933948236926875073754470830732273879639675437155036544153105017729592600560631678554299562762294743927912429096636156401171909259073181112518725201388196280039960074422214428");
/// G2_GENERATOR_Y =
/// 562923658089539719386922163444547387757586534741080263946953401595155211934630598999300396317104182598044793758153214972605680357108252243146746187917218885078195819486220416605630144001533548163105316661692978285266378674355041
#[rustfmt::skip]
pub const G2_GENERATOR_Y: Fq = field_new!(Fq, BigInteger768([
0x9a159be4e773f67c,
0x6b957244aa8f4e6b,
0xa27b70c9c945a38c,
0xacb6a09fda11d0ab,
0x3abbdaa9bb6b1291,
0xdbdf642af5694c36,
0xb6360bb9560b369f,
0xac0bd1e822b8d6da,
0xfa355d17afe6945f,
0x8d6a0fc1fbcad35e,
0x72a63c7874409840,
0x114976e5b0db280,
]));
pub const G2_GENERATOR_Y: Fq = field_new!(Fq, "562923658089539719386922163444547387757586534741080263946953401595155211934630598999300396317104182598044793758153214972605680357108252243146746187917218885078195819486220416605630144001533548163105316661692978285266378674355041");

11
bw6_761/src/curves/tests.rs
View File

@@ -1,10 +1,11 @@
use ark_ec::{AffineCurve, PairingEngine, ProjectiveCurve};
use ark_ff::{test_rng, Field, One, PrimeField};
use rand::Rng;
use ark_ff::{Field, One, PrimeField};
use ark_std::rand::Rng;
use ark_std::test_rng;
use crate::*;
use ark_curve_tests::{curves::*, groups::*};
use ark_algebra_test_templates::{curves::*, groups::*};
#[test]
fn test_g1_projective_curve() {
@@ -57,8 +58,8 @@ fn test_bilinearity() {
let b: G2Projective = rng.gen();
let s: Fr = rng.gen();
let sa = a.mul(s);
let sb = b.mul(s);
let sa = a.mul(s.into_repr());
let sb = b.mul(s.into_repr());
let ans1 = BW6_761::pairing(sa, b);
let ans2 = BW6_761::pairing(a, sb);

4
bw6_761/src/fields/fq.rs
View File

@@ -8,8 +8,8 @@ pub type Fq = Fp768<FqParameters>;
pub struct FqParameters;
pub const FQ_ONE: Fq = field_new!(Fq, FqParameters::R);
pub const FQ_ZERO: Fq = field_new!(Fq, BigInteger([0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]));
pub const FQ_ONE: Fq = field_new!(Fq, "1");
pub const FQ_ZERO: Fq = field_new!(Fq, "0");
impl Fp768Parameters for FqParameters {}
impl FftParameters for FqParameters {

133
bw6_761/src/fields/fq3.rs
View File

@@ -1,10 +1,12 @@
use ark_ff::{
biginteger::BigInteger768 as BigInteger,
field_new,
fields::fp3::{Fp3, Fp3Parameters},
};
use crate::Fq;
use crate::{
fields::{FQ_ONE, FQ_ZERO},
Fq,
};
pub type Fq3 = Fp3<Fq3Parameters>;
@@ -14,22 +16,9 @@ impl Fp3Parameters for Fq3Parameters {
type Fp = Fq;
/// NONRESIDUE = -4
// Fq3 = Fq[u]/u^3+4
// Fq3 = Fq\[u\]/u^3+4
#[rustfmt::skip]
const NONRESIDUE: Fq = field_new!(Fq, BigInteger([
0xe12e00000001e9c2,
0x63c1e3faa001cd69,
0xb1b4384fcbe29cf6,
0xc79630bc713d5a1d,
0x30127ac071851e2d,
0x0979f350dcd36af1,
0x6a66defed8b361f2,
0x53abac78b24d4e23,
0xb7ab89dede485a92,
0x5c3a0745675e8452,
0x446f17918c5f5700,
0xfdf24e3267fa1e,
]));
const NONRESIDUE: Fq = field_new!(Fq, "-4");
// (MODULUS^3 - 1) % 2^TWO_ADICITY == 0
const TWO_ADICITY: u32 = 1;
@@ -78,117 +67,25 @@ impl Fp3Parameters for Fq3Parameters {
// NONRESIDUE^T % q
#[rustfmt::skip]
const QUADRATIC_NONRESIDUE_TO_T: (Fq, Fq, Fq) = (
field_new!(Fq, BigInteger([
0xf29a000000007ab6,
0x8c391832e000739b,
0x77738a6b6870f959,
0xbe36179047832b03,
0x84f3089e56574722,
0xc5a3614ac0b1d984,
0x5c81153f4906e9fe,
0x4d28be3a9f55c815,
0xd72c1d6f77d5f5c5,
0x73a18e069ac04458,
0xf9dfaa846595555f,
0xd0f0a60a5be58c,
])),
field_new!(Fq, BigInteger([0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0])),
field_new!(Fq, BigInteger([0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0])),
field_new!(Fq, "6891450384315732539396789682275657542479668912536150109513790160209623422243491736087683183289411687640864567753786613451161759120554247759349511699125301598951605099378508850372543631423596795951899700429969112842764913119068298"),
FQ_ZERO,
FQ_ZERO,
);
// NQR ^ (MODULUS^i - 1)/3, i=0,1,2 with NQR = u = (0,1,0)
#[rustfmt::skip]
const FROBENIUS_COEFF_FP3_C1: &'static [Fq] = &[
field_new!(Fq, BigInteger([
0x0202ffffffff85d5,
0x5a5826358fff8ce7,
0x9e996e43827faade,
0xda6aff320ee47df4,
0xece9cb3e1d94b80b,
0xc0e667a25248240b,
0xa74da5bfdcad3905,
0x2352e7fe462f2103,
0x7b56588008b1c87c,
0x45848a63e711022f,
0xd7a81ebb9f65a9df,
0x51f77ef127e87d,
])),
field_new!(Fq, BigInteger([
0x7f96b51bd840c549,
0xd59782096496171f,
0x49b046fd9ce14bbc,
0x4b6163bba7527a56,
0xef6c92fb771d59f1,
0x0425bedbac1dfdc7,
0xd3ac39de759c0ffd,
0x9f43ed0e063a81d0,
0x5bd7d20b4f9a3ce2,
0x0411f03c36cf5c3c,
0x2d658fd49661c472,
0x1100249ae760b93,
])),
field_new!(Fq, BigInteger([
0x67a04ae427bfb5f8,
0x9d32d491eb6a5cff,
0x43d03c1cb68051d4,
0x0b75ca96f69859a5,
0x0763497f5325ec60,
0x48076b5c278dd94d,
0x8ca3965ff91efd06,
0x1e6077657ea02f5d,
0xcdd6c153a8c37724,
0x28b5b634e5c22ea4,
0x9e01e3efd42e902c,
0xe3d6815769a804,
])),
FQ_ONE,
field_new!(Fq, "4922464560225523242118178942575080391082002530232324381063048548642823052024664478336818169867474395270858391911405337707247735739826664939444490469542109391530482826728203582549674992333383150446779312029624171857054392282775648"),
field_new!(Fq, "1968985824090209297278610739700577151397666382303825728450741611566800370218827257750865013421937292370006175842381275743914023380727582819905021229583192207421122272650305267822868639090213645505120388400344940985710520836292650"),
];
// NQR ^ (2*MODULUS^i - 2)/3, i=0,1,2 with NQR = u = (0,1,0)
#[rustfmt::skip]
const FROBENIUS_COEFF_FP3_C2: &'static [Fq] = &[
field_new!(Fq, BigInteger([
0x0202ffffffff85d5,
0x5a5826358fff8ce7,
0x9e996e43827faade,
0xda6aff320ee47df4,
0xece9cb3e1d94b80b,
0xc0e667a25248240b,
0xa74da5bfdcad3905,
0x2352e7fe462f2103,
0x7b56588008b1c87c,
0x45848a63e711022f,
0xd7a81ebb9f65a9df,
0x51f77ef127e87d,
])),
field_new!(Fq, BigInteger([
0x67a04ae427bfb5f8,
0x9d32d491eb6a5cff,
0x43d03c1cb68051d4,
0x0b75ca96f69859a5,
0x0763497f5325ec60,
0x48076b5c278dd94d,
0x8ca3965ff91efd06,
0x1e6077657ea02f5d,
0xcdd6c153a8c37724,
0x28b5b634e5c22ea4,
0x9e01e3efd42e902c,
0xe3d6815769a804,
])),
field_new!(Fq, BigInteger([
0x7f96b51bd840c549,
0xd59782096496171f,
0x49b046fd9ce14bbc,
0x4b6163bba7527a56,
0xef6c92fb771d59f1,
0x0425bedbac1dfdc7,
0xd3ac39de759c0ffd,
0x9f43ed0e063a81d0,
0x5bd7d20b4f9a3ce2,
0x0411f03c36cf5c3c,
0x2d658fd49661c472,
0x1100249ae760b93,
])),
FQ_ONE,
field_new!(Fq, "1968985824090209297278610739700577151397666382303825728450741611566800370218827257750865013421937292370006175842381275743914023380727582819905021229583192207421122272650305267822868639090213645505120388400344940985710520836292650"),
field_new!(Fq, "4922464560225523242118178942575080391082002530232324381063048548642823052024664478336818169867474395270858391911405337707247735739826664939444490469542109391530482826728203582549674992333383150446779312029624171857054392282775648"),
];
#[inline(always)]

91
bw6_761/src/fields/fq6.rs
View File

@@ -1,6 +1,5 @@
use crate::{Fq, Fq3, Fq3Parameters, FQ_ONE, FQ_ZERO};
use ark_ff::{
biginteger::BigInteger768 as BigInteger,
field_new,
fields::fp6_2over3::{Fp6, Fp6Parameters},
};
@@ -18,89 +17,11 @@ impl Fp6Parameters for Fq6Parameters {
#[rustfmt::skip]
const FROBENIUS_COEFF_FP6_C1: &'static [Fq] = &[
field_new!(Fq, BigInteger([
0x0202ffffffff85d5,
0x5a5826358fff8ce7,
0x9e996e43827faade,
0xda6aff320ee47df4,
0xece9cb3e1d94b80b,
0xc0e667a25248240b,
0xa74da5bfdcad3905,
0x2352e7fe462f2103,
0x7b56588008b1c87c,
0x45848a63e711022f,
0xd7a81ebb9f65a9df,
0x51f77ef127e87d,
])),
field_new!(Fq, BigInteger([
0x8cfcb51bd8404a93,
0x495e69d68495a383,
0xd23cbc9234705263,
0x8d2b4c2b5fcf4f52,
0x6a798a5d20c612ce,
0x3e825d90eb6c2443,
0x772b249f2c9525fe,
0x521b2ed366e4b9bb,
0x84abb49bd7c4471d,
0x907062359c0f17e3,
0x3385e55030cc6f12,
0x3f11a3a41a2606,
])),
field_new!(Fq, BigInteger([
0x7f96b51bd840c549,
0xd59782096496171f,
0x49b046fd9ce14bbc,
0x4b6163bba7527a56,
0xef6c92fb771d59f1,
0x0425bedbac1dfdc7,
0xd3ac39de759c0ffd,
0x9f43ed0e063a81d0,
0x5bd7d20b4f9a3ce2,
0x0411f03c36cf5c3c,
0x2d658fd49661c472,
0x1100249ae760b93,
])),
field_new!(Fq, BigInteger([
0xf29a000000007ab6,
0x8c391832e000739b,
0x77738a6b6870f959,
0xbe36179047832b03,
0x84f3089e56574722,
0xc5a3614ac0b1d984,
0x5c81153f4906e9fe,
0x4d28be3a9f55c815,
0xd72c1d6f77d5f5c5,
0x73a18e069ac04458,
0xf9dfaa846595555f,
0xd0f0a60a5be58c,
])),
field_new!(Fq, BigInteger([
0x67a04ae427bfb5f8,
0x9d32d491eb6a5cff,
0x43d03c1cb68051d4,
0x0b75ca96f69859a5,
0x0763497f5325ec60,
0x48076b5c278dd94d,
0x8ca3965ff91efd06,
0x1e6077657ea02f5d,
0xcdd6c153a8c37724,
0x28b5b634e5c22ea4,
0x9e01e3efd42e902c,
0xe3d6815769a804,
])),
field_new!(Fq, BigInteger([
0x75064ae427bf3b42,
0x10f9bc5f0b69e963,
0xcc5cb1b14e0f587b,
0x4d3fb306af152ea1,
0x827040e0fccea53d,
0x82640a1166dbffc8,
0x30228120b0181307,
0xd137b92adf4a6748,
0xf6aaa3e430ed815e,
0xb514282e4b01ea4b,
0xa422396b6e993acc,
0x12e5db4d0dc277,
])),
field_new!(Fq, "1"),
field_new!(Fq, "4922464560225523242118178942575080391082002530232324381063048548642823052024664478336818169867474395270858391911405337707247735739826664939444490469542109391530482826728203582549674992333383150446779312029624171857054392282775649"),
field_new!(Fq, "4922464560225523242118178942575080391082002530232324381063048548642823052024664478336818169867474395270858391911405337707247735739826664939444490469542109391530482826728203582549674992333383150446779312029624171857054392282775648"),
field_new!(Fq, "-1"),
field_new!(Fq, "1968985824090209297278610739700577151397666382303825728450741611566800370218827257750865013421937292370006175842381275743914023380727582819905021229583192207421122272650305267822868639090213645505120388400344940985710520836292650"),
field_new!(Fq, "1968985824090209297278610739700577151397666382303825728450741611566800370218827257750865013421937292370006175842381275743914023380727582819905021229583192207421122272650305267822868639090213645505120388400344940985710520836292651"),
];
}

7
bw6_761/src/fields/tests.rs
View File

@@ -1,10 +1,11 @@
use ark_ff::{test_rng, Field, PrimeField};
use ark_ff::{Field, PrimeField};
use ark_serialize::{buffer_bit_byte_size, CanonicalSerialize};
use rand::Rng;
use ark_std::rand::Rng;
use ark_std::test_rng;
use crate::*;
use ark_curve_tests::fields::*;
use ark_algebra_test_templates::fields::*;
#[test]
fn test_fr() {

2
bw6_761/src/lib.rs
View File

@@ -8,7 +8,7 @@
)]
#![forbid(unsafe_code)]
//! This library implements the BW6_761 curve generated in [[EG20]](https://eprint.iacr.org/2020/351).
//! This library implements the BW6_761 curve generated in [\[EG20\]](https://eprint.iacr.org/2020/351).
//! The name denotes that it is a curve generated using the Brezing--Weng method, and that
//! its embedding degree is 6.
//! The main feature of this curve is that the scalar field equals the base field of the BLS12_377 curve.

22
cp6_782/Cargo.toml
View File

@@ -1,28 +1,26 @@
[package]
name = "ark-cp6-782"
version = "0.1.0"
version = "0.3.0"
authors = [ "arkworks contributors" ]
description = "The CP6-782 pairing-friendly elliptic curve"
homepage = "https://arworks.rs"
repository = "https://github.com/arkworks/algebra"
homepage = "https://arkworks.rs"
repository = "https://github.com/arkworks-rs/curves"
documentation = "https://docs.rs/ark-cp6-782/"
keywords = ["cryptography", "finite fields", "elliptic curves" ]
keywords = ["cryptography", "finite-fields", "elliptic-curves" ]
categories = ["cryptography"]
include = ["Cargo.toml", "src", "README.md", "LICENSE-APACHE", "LICENSE-MIT"]
license = "MIT/Apache-2.0"
edition = "2018"
[dependencies]
ark-ff = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-ec = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-std = { git = "https://github.com/arkworks-rs/utils", default-features = false }
ark-bls12-377 = { path = "../bls12_377", default-features = false, features = [ "base_field" ] }
ark-ff = { version = "^0.3.0", default-features = false }
ark-ec = { version = "^0.3.0", default-features = false }
ark-std = { version = "^0.3.0", default-features = false }
ark-bls12-377 = { version = "^0.3.0", path = "../bls12_377", default-features = false, features = [ "base_field" ] }
[dev-dependencies]
ark-serialize = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-curve-tests = { path = "../curve-tests", default-features = false }
rand = { version = "0.7", default-features = false }
rand_xorshift = "0.2"
ark-serialize = { version = "^0.3.0", default-features = false }
ark-algebra-test-templates = { version = "^0.3.0", default-features = false }
[features]
default = []

78
cp6_782/src/curves/g1.rs
View File

@@ -2,10 +2,7 @@ use ark_ec::{
models::{ModelParameters, SWModelParameters},
short_weierstrass_jacobian::{GroupAffine, GroupProjective},
};
use ark_ff::{
biginteger::{BigInteger384, BigInteger832},
field_new,
};
use ark_ff::field_new;
use crate::{Fq, Fr};
@@ -23,39 +20,11 @@ impl ModelParameters for Parameters {
impl SWModelParameters for Parameters {
/// COEFF_A = 5
#[rustfmt::skip]
const COEFF_A: Fq = field_new!(Fq, BigInteger832([
0x781c76643018bd7a,
0x64f3a5a4f1d1ad48,
0xd2f8a1eb4f72692d,
0xc35eb123c6ed72ca,
0xb58d6bcfd32de058,
0x841eab13b02a492c,
0x4b70dc5a54c487e7,
0x2f231a8808a74c59,
0x5e2915154d70b050,
0x8a40fa16f37a6b37,
0xd01980093a72c54b,
0xef6845c25398004c,
0x48,
]));
const COEFF_A: Fq = field_new!(Fq, "5");
/// COEFF_B = 17764315118651679038286329069295091506801468118146712649886336045535808055361274148466772191243305528312843236347777260247138934336850548243151534538734724191505953341403463040067571652261229308333392040104884438208594329793895206056414
#[rustfmt::skip]
const COEFF_B: Fq = field_new!(Fq, BigInteger832([
0xec5bd271ad37429,
0x9db8ac843ecca28a,
0x94f29bcb7e01bc74,
0x1b0bebb77bb5af0,
0x75b8cef4aa27ee17,
0xb5767ae80812cf6b,
0x592fa41e377a0d8c,
0xb6c6deedbb52df3e,
0xcb1343e488737fd4,
0x878020734d05b5a9,
0x2f51354eddfa069a,
0x498e2ecdc545243e,
0x2c2,
]));
const COEFF_B: Fq = field_new!(Fq, "17764315118651679038286329069295091506801468118146712649886336045535808055361274148466772191243305528312843236347777260247138934336850548243151534538734724191505953341403463040067571652261229308333392040104884438208594329793895206056414");
/// COFACTOR =
/// 86482221941698704497288378992285180119495364068003923046442785886272123124361700722982503222189455144364945735564951561028
@@ -73,14 +42,7 @@ impl SWModelParameters for Parameters {
/// COFACTOR^(-1) mod r =
/// 163276846538158998893990986356139314746223949404500031940624325017036397274793417940375498603127780919653358641788
#[rustfmt::skip]
const COFACTOR_INV: Fr = field_new!(Fr, BigInteger384([
4179837108212676264,
15545810469293120493,
13202863094424182470,
9506285060796071546,
9248558385029790142,
87030208545296111,
]));
const COFACTOR_INV: Fr = field_new!(Fr, "163276846538158998893990986356139314746223949404500031940624325017036397274793417940375498603127780919653358641788");
/// AFFINE_GENERATOR_COEFFS = (G1_GENERATOR_X, G1_GENERATOR_Y)
const AFFINE_GENERATOR_COEFFS: (Self::BaseField, Self::BaseField) =
@@ -90,37 +52,9 @@ impl SWModelParameters for Parameters {
/// G1_GENERATOR_X =
/// 5511163824921585887915590525772884263960974614921003940645351443740084257508990841338974915037175497689287870585840954231884082785026301437744745393958283053278991955159266640440849940136976927372133743626748847559939620888818486853646
#[rustfmt::skip]
pub const G1_GENERATOR_X: Fq = field_new!(Fq, BigInteger832([
0x5901480e5bc22290,
0x20024afcdb9bd3a9,
0x12dc18ff416e8138,
0x28c69aa0ea223e18,
0xafb1524a1eb7efe6,
0x3d5c34edc3764ca2,
0x736c2230c8466ce9,
0xacfaa04e051014f1,
0x5d5ff82f00ff2964,
0x64c13ba270a26eaf,
0x50e9864b56ab172e,
0xd8370826a322499e,
0x00000000000006f1,
]));
pub const G1_GENERATOR_X: Fq = field_new!(Fq, "5511163824921585887915590525772884263960974614921003940645351443740084257508990841338974915037175497689287870585840954231884082785026301437744745393958283053278991955159266640440849940136976927372133743626748847559939620888818486853646");
/// G1_GENERATOR_Y =
/// 7913123550914612057135582061699117755797758113868200992327595317370485234417808273674357776714522052694559358668442301647906991623400754234679697332299689255516547752391831738454121261248793568285885897998257357202903170202349380518443
#[rustfmt::skip]
pub const G1_GENERATOR_Y: Fq = field_new!(Fq, BigInteger832([
0x8af8b64b402e1953,
0xd1bbceb3a258ea51,
0xdca9efa3140aaa0d,
0x807a610058ddedb2,
0xeb898562fe88076c,
0x0e4342ca56dd8ce2,
0x4f5528d29f1bde9a,
0xf18b0c6c19feb372,
0x94503ac2fac9199c,
0xffc86a8aff08ea34,
0xf7b1295214735d8c,
0x44eda9e0f55edd10,
0x0000000000000ef3,
]));
pub const G1_GENERATOR_Y: Fq = field_new!(Fq, "7913123550914612057135582061699117755797758113868200992327595317370485234417808273674357776714522052694559358668442301647906991623400754234679697332299689255516547752391831738454121261248793568285885897998257357202903170202349380518443");

142
cp6_782/src/curves/g2.rs
View File

@@ -2,10 +2,7 @@ use ark_ec::{
models::{ModelParameters, SWModelParameters},
short_weierstrass_jacobian::{GroupAffine, GroupProjective},
};
use ark_ff::{
biginteger::{BigInteger384, BigInteger832},
field_new,
};
use ark_ff::field_new;
use crate::{Fq, Fq3, Fr, FQ_ZERO};
@@ -26,21 +23,7 @@ impl SWModelParameters for Parameters {
const COEFF_A: Fq3 = field_new!(Fq3,
FQ_ZERO,
FQ_ZERO,
field_new!(Fq, BigInteger832([
0x781c76643018bd7a,
0x64f3a5a4f1d1ad48,
0xd2f8a1eb4f72692d,
0xc35eb123c6ed72ca,
0xb58d6bcfd32de058,
0x841eab13b02a492c,
0x4b70dc5a54c487e7,
0x2f231a8808a74c59,
0x5e2915154d70b050,
0x8a40fa16f37a6b37,
0xd01980093a72c54b,
0xef6845c25398004c,
0x48,
])),
field_new!(Fq, "5"),
);
/// COEFF_B = (G1::COEFF_B * TWIST^3, 0, 0) =
@@ -48,21 +31,7 @@ impl SWModelParameters for Parameters {
/// 0, 0)
#[rustfmt::skip]
const COEFF_B: Fq3 = field_new!(Fq3,
field_new!(Fq, BigInteger832([
0xc00a9afc5cbce615,
0x0260c2b730644102,
0x9051e955661691ec,
0x15f9af8514839e37,
0xfa62826ca407172b,
0x37043dc868f48874,
0x876b5588d132b025,
0x481952128335562a,
0x4ffa729aeddd7dcd,
0xe181a5dae94a399f,
0x671fb50145b255d8,
0xbc3860730482d728,
0x00000000000023dd,
])),
field_new!(Fq, "7237353553714858194254855835825640240663090882935418626687402315497764195116318527743248304684159666286416318482685337633828994152723793439622384740540789612754127688659139509552568164770448654259255628317166934203899992395064470477612"),
FQ_ZERO,
FQ_ZERO,
);
@@ -107,14 +76,7 @@ impl SWModelParameters for Parameters {
/// COFACTOR^(-1) mod r =
/// 45586359457219724873147353901735745013467692594291916855200979604570630929674383405372210802279573887880950375598
#[rustfmt::skip]
const COFACTOR_INV: Fr = field_new!(Fr, BigInteger384([
7373687189387546408,
11284009518041539892,
301575489693670883,
13203058298476577559,
18441611830097862156,
4115759498196698,
]));
const COFACTOR_INV: Fr = field_new!(Fr, "45586359457219724873147353901735745013467692594291916855200979604570630929674383405372210802279573887880950375598");
/// AFFINE_GENERATOR_COEFFS = (G2_GENERATOR_X, G2_GENERATOR_Y)
const AFFINE_GENERATOR_COEFFS: (Self::BaseField, Self::BaseField) =
@@ -129,113 +91,29 @@ const G2_GENERATOR_Y: Fq3 =
/// G2_GENERATOR_X_C0 =
/// 13426761183630949215425595811885033211332897733228446437546263564078445562454176776915160094418980045665397361295624472103734543457352048745726512354895954850428989867542989474136256025045975283415690491751906307188562464175510373683338
#[rustfmt::skip]
pub const G2_GENERATOR_X_C0: Fq = field_new!(Fq, BigInteger832([
0x03b3fe4c8d4ecac7,
0x9568212677524d1e,
0xf5de3f2228d187c1,
0x7bac772e31a420ef,
0x0255cf59968a612b,
0x991d4676f6b5d605,
0x02dd2ae4831d29ea,
0xbeca7c9a62e392c2,
0xfc1d0633d48d2fc5,
0x7867813be5f7d2a1,
0x6f567b6617030028,
0xf08c9fa6ca6809df,
0x0000000000000de9,
]));
pub const G2_GENERATOR_X_C0: Fq = field_new!(Fq, "13426761183630949215425595811885033211332897733228446437546263564078445562454176776915160094418980045665397361295624472103734543457352048745726512354895954850428989867542989474136256025045975283415690491751906307188562464175510373683338");
/// G2_GENERATOR_X_C1 =
/// 20471601555918880743198170952645906008198510944268658573129351735028343217532386920456705632337352161031960990613816401042894531220068552819818037605513359562118363589199569321421558696125646867661360498323171027455638052943806292028610
#[rustfmt::skip]
pub const G2_GENERATOR_X_C1: Fq = field_new!(Fq, BigInteger832([
0xefd1b506e5fbe05f,
0xad27d47a4975140c,
0xfa11540132dbc27a,
0x8dca42b6da7c4717,
0x66d30fd7fd76207a,
0xb8e4f65c68932b1d,
0x3b7f971e93ad14be,
0xf860a89f4e582f9f,
0x7d438aaa3986f73b,
0xa37ec0c18c6e106a,
0x9f2dfb98b5185b54,
0x19995e421ca939bc,
0x0000000000002f4f,
]));
pub const G2_GENERATOR_X_C1: Fq = field_new!(Fq, "20471601555918880743198170952645906008198510944268658573129351735028343217532386920456705632337352161031960990613816401042894531220068552819818037605513359562118363589199569321421558696125646867661360498323171027455638052943806292028610");
/// G2_GENERATOR_X_C2 =
/// 3905053196875761830053608605277158152930144841844497593936739534395003062685449846381431331169369910535935138116320442345524758217411779027270883193856999691582831339845600938304719916501940381093815781408183227875600753651697934495980
#[rustfmt::skip]
pub const G2_GENERATOR_X_C2: Fq = field_new!(Fq, BigInteger832([
0xc081ed832bdf911e,
0xb85ff7aeebdfe7b3,
0x96dce6bb307b14eb,
0x578f7ded84bd824c,
0xb799305a9971d184,
0x0116ad33c2874b90,
0x862dce68efdca245,
0x4190947c70534c1d,
0x1b1aa80334248d03,
0xb13b07aff63fcf27,
0x5727687b73ab4fff,
0xf559a7f4eb8d180a,
0x0000000000002d37,
]));
pub const G2_GENERATOR_X_C2: Fq = field_new!(Fq, "3905053196875761830053608605277158152930144841844497593936739534395003062685449846381431331169369910535935138116320442345524758217411779027270883193856999691582831339845600938304719916501940381093815781408183227875600753651697934495980");
/// G2_GENERATOR_Y_C0 =
/// 8567517639523571619872938228644013584947463594196306323477160496987712111576624702939472765993995586889532559039169098780892505598589581147768095093536988446010255611523736706017580686335404469207486594272103717837888228343074699140243
#[rustfmt::skip]
pub const G2_GENERATOR_Y_C0: Fq = field_new!(Fq, BigInteger832([
0x3f680b59e26b33d1,
0x720fdf65b9e15b17,
0x0f0b56def11247b1,
0x5ea05417c8a4a52c,
0x4ad59dc4f7c47a09,
0xf393e0db62107115,
0xde3b16404a53d2bb,
0xeaa74961636280e0,
0x2d16ccd14cf5a88c,
0x5667565a06187d0e,
0xb446fdc7565d0261,
0xd3ad395d6fd0faab,
0x0000000000000655,
]));
pub const G2_GENERATOR_Y_C0: Fq = field_new!(Fq, "8567517639523571619872938228644013584947463594196306323477160496987712111576624702939472765993995586889532559039169098780892505598589581147768095093536988446010255611523736706017580686335404469207486594272103717837888228343074699140243");
/// G2_GENERATOR_Y_C1 =
/// 3890537069205870914984502594450293167889863914413852788876350245583932846980126025043974070704295857226211547108005650399870458089721518559480870503159804530091559886149680718531004778697982910253701559194337987238111062202037698927752
#[rustfmt::skip]
pub const G2_GENERATOR_Y_C1: Fq = field_new!(Fq, BigInteger832([
0x9e86cc63207679dd,
0x4e16d9a9d87c3e47,
0xdbee3524db80627d,
0x137322b87d93befc,
0x24a7ca2f9aae90a0,
0x44abea538df3e854,
0xc01d176c6e042eee,
0xf5fcc4caabc75699,
0x1f99972699a38960,
0x30d4cc8256bf963d,
0xa3634826edcfefff,
0x34f3bd0c8e5a4b38,
0x0000000000001d28,
]));
pub const G2_GENERATOR_Y_C1: Fq = field_new!(Fq, "3890537069205870914984502594450293167889863914413852788876350245583932846980126025043974070704295857226211547108005650399870458089721518559480870503159804530091559886149680718531004778697982910253701559194337987238111062202037698927752");
/// G2_GENERATOR_Y_C2 =
/// 10936269922612615564271188303104593362724754284143779051599749016735041389483971486958818324356025479751246744831831158558101688599198721653921723013062333636402617118847009085485166284126970598561393411916461254016145116183331671450721
#[rustfmt::skip]
pub const G2_GENERATOR_Y_C2: Fq = field_new!(Fq, BigInteger832([
0xfc478105dedf3654,
0xa6fcfcfdd2710d6a,
0x05a68c283d5d4c65,
0x9fab8d94c667a679,
0x009b0a616ea54ff9,
0xf0df517bc7bc6382,
0xdb44338e7491f5b7,
0xcd192a7e53453f45,
0xa041a7a60982d92c,
0x4dd01c62bae4c7ff,
0x79a69a54e6b66178,
0xd47b0bfe832b05f8,
0x00000000000000ef,
]));
pub const G2_GENERATOR_Y_C2: Fq = field_new!(Fq, "10936269922612615564271188303104593362724754284143779051599749016735041389483971486958818324356025479751246744831831158558101688599198721653921723013062333636402617118847009085485166284126970598561393411916461254016145116183331671450721");

10
cp6_782/src/curves/mod.rs
View File

@@ -2,11 +2,11 @@ use ark_ec::{models::SWModelParameters, PairingEngine};
use ark_ff::{
biginteger::BigInteger832,
field_new,
fields::{BitIteratorBE, Field, FpParameters},
fields::{BitIteratorBE, Field},
One,
};
use crate::{Fq, Fq3, Fq6, FqParameters, Fr};
use crate::{Fq, Fq3, Fq6, Fr, FQ_ONE, FQ_ZERO};
pub mod g1;
pub use self::g1::{G1Affine, G1Projective};
@@ -153,12 +153,6 @@ impl CP6_782 {
}
}
/// FQ_ZERO = 0
pub const FQ_ZERO: Fq = field_new!(Fq, BigInteger832([0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]));
/// FQ_ONE = 1
pub const FQ_ONE: Fq = field_new!(Fq, FqParameters::R);
/// TWIST = (0, 1, 0)
pub const TWIST: Fq3 = field_new!(Fq3, FQ_ZERO, FQ_ONE, FQ_ZERO);

11
cp6_782/src/curves/tests.rs
View File

@@ -1,10 +1,11 @@
use ark_ec::{AffineCurve, PairingEngine, ProjectiveCurve};
use ark_ff::{test_rng, Field, One, PrimeField};
use rand::Rng;
use ark_ff::{Field, One, PrimeField};
use ark_std::rand::Rng;
use ark_std::test_rng;
use crate::*;
use ark_curve_tests::{curves::*, groups::*};
use ark_algebra_test_templates::{curves::*, groups::*};
#[test]
fn test_g1_projective_curve() {
@@ -57,8 +58,8 @@ fn test_bilinearity() {
let b: G2Projective = rng.gen();
let s: Fr = rng.gen();
let sa = a.mul(s);
let sb = b.mul(s);
let sa = a.mul(s.into_repr());
let sb = b.mul(s.into_repr());
let ans1 = CP6_782::pairing(sa, b);
let ans2 = CP6_782::pairing(a, sb);

3
cp6_782/src/fields/fq.rs
View File

@@ -7,6 +7,9 @@ pub type Fq = Fp832<FqParameters>;
pub struct FqParameters;
pub const FQ_ONE: Fq = ark_ff::field_new!(Fq, "1");
pub const FQ_ZERO: Fq = ark_ff::field_new!(Fq, "0");
impl Fp832Parameters for FqParameters {}
impl FftParameters for FqParameters {
type BigInt = BigInteger;

135
cp6_782/src/fields/fq3.rs
View File

@@ -1,6 +1,5 @@
use crate::Fq;
use crate::{fields::FQ_ZERO, Fq};
use ark_ff::{
biginteger::BigInteger832 as BigInteger,
field_new,
fields::fp3::{Fp3, Fp3Parameters},
Field,
@@ -15,21 +14,7 @@ impl Fp3Parameters for Fq3Parameters {
/// NONRESIDUE = 13
#[rustfmt::skip]
const NONRESIDUE: Fq = field_new!(Fq, BigInteger([
0xe755952f4650755e,
0x16c44ce1331ef791,
0x162f8835b467306f,
0xac1c2b31e1062c4c,
0x20b3dab9a2a935e1,
0xccd2ec5fd01e00c1,
0x4d1d1bf190c8da9b,
0x49cba09fb0e13fbe,
0xe392ed2957c061a3,
0x3159d02b3c93d6e1,
0x71566d160a9f8614,
0xa5840728fc854414,
0x2dc4,
]));
const NONRESIDUE: Fq = field_new!(Fq, "13");
const TWO_ADICITY: u32 = 3;
@@ -76,121 +61,23 @@ impl Fp3Parameters for Fq3Parameters {
#[rustfmt::skip]
const QUADRATIC_NONRESIDUE_TO_T: (Fq, Fq, Fq) = (
field_new!(Fq, BigInteger([
0x59987c0ef8e31739,
0x59578d750d6f57dd,
0x9672547570dddab8,
0x1a1f630e1d6dbdd5,
0xde15f46e52d7613e,
0x6a1b6e4f80179926,
0x461ad119d93123b,
0x12054e3654907ed9,
0x85ea06b12bf811a0,
0xc01d53d07347f9ec,
0x70c424eb666c3922,
0x1796ce4ed605d49e,
0x68b,
])),
field_new!(Fq, BigInteger([0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0])),
field_new!(Fq, BigInteger([0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0])),
field_new!(Fq, "5759691735434357221228070840130186543101559976323700017469395641639510585333061695996665166662748527158637897523704071820491869715512532675375604262649010727161924084052120196921150869218319839231115277876207074651754402338718419191428"),
FQ_ZERO,
FQ_ZERO,
);
#[rustfmt::skip]
const FROBENIUS_COEFF_FP3_C1: &'static [Fq] = &[
field_new!(Fq, BigInteger([
0x9b4e60b420910c71,
0xe068d7c83f284a6e,
0x1f708acc7c452c43,
0xeb2f6a66cca51856,
0x9acf675f886e9fcd,
0xb26885e567cc8082,
0x75d05357183eb61f,
0x24db4a09b5842a32,
0x85e64cf9ba4b14ae,
0xf311a6784358a588,
0xe8d431c061aecb4a,
0xd92c8b4aab19f288,
0x21d3,
])),
field_new!(Fq, BigInteger([
0xe793e750fc0c0fdc,
0x28cd75f5634a867e,
0xde5e9b1261eb3c33,
0x68a0fb1c17595903,
0x19626d2c9f392e46,
0xc4d95794cb378b83,
0x54870f1f582d67c9,
0xf3f1a0ac4aceb56d,
0x811361215ea4fd47,
0x32cd6ee17d95bd00,
0x725f9881049a9c52,
0x5acb70be0613a307,
0x11bb,
])),
field_new!(Fq, BigInteger([
0x57ec31b05ef70e9c,
0x4b273803cb8a715d,
0xf0443627811cbe40,
0x485f10c72ec590f1,
0x66a35e7875569c25,
0xdb621dfd9498071a,
0xe0de3451f11039a8,
0x6a3f87d780a6f7eb,
0x637875d359122b11,
0x967e0211b37c8d9d,
0x8e255dfc2908fec6,
0x90da2a32facafe8f,
0x4b9,
])),
field_new!(Fq, "1"),
field_new!(Fq, "2416169158604010336818399199316106389588878314690767988978701685873498866746813334102117883272276610365242925950967572554030909749205624998805208910209389668659757274773858916683688639755413288353778854399286396639505385648830027756861"),
field_new!(Fq, "19953705140271686593528343007184948545186721150606416593204794941773275185711211206130361134875604609812811649452874332003866805473427708373329547516091672819022569300184729084448897691707139947053705234905346679611277243843727293068715"),
];
#[rustfmt::skip]
const FROBENIUS_COEFF_FP3_C2: &'static [Fq] = &[
field_new!(Fq, BigInteger([
0x9b4e60b420910c71,
0xe068d7c83f284a6e,
0x1f708acc7c452c43,
0xeb2f6a66cca51856,
0x9acf675f886e9fcd,
0xb26885e567cc8082,
0x75d05357183eb61f,
0x24db4a09b5842a32,
0x85e64cf9ba4b14ae,
0xf311a6784358a588,
0xe8d431c061aecb4a,
0xd92c8b4aab19f288,
0x21d3,
])),
field_new!(Fq, BigInteger([
0x57ec31b05ef70e9c,
0x4b273803cb8a715d,
0xf0443627811cbe40,
0x485f10c72ec590f1,
0x66a35e7875569c25,
0xdb621dfd9498071a,
0xe0de3451f11039a8,
0x6a3f87d780a6f7eb,
0x637875d359122b11,
0x967e0211b37c8d9d,
0x8e255dfc2908fec6,
0x90da2a32facafe8f,
0x4b9,
])),
field_new!(Fq, BigInteger([
0xe793e750fc0c0fdc,
0x28cd75f5634a867e,
0xde5e9b1261eb3c33,
0x68a0fb1c17595903,
0x19626d2c9f392e46,
0xc4d95794cb378b83,
0x54870f1f582d67c9,
0xf3f1a0ac4aceb56d,
0x811361215ea4fd47,
0x32cd6ee17d95bd00,
0x725f9881049a9c52,
0x5acb70be0613a307,
0x11bb,
])),
field_new!(Fq, "1"),
field_new!(Fq, "19953705140271686593528343007184948545186721150606416593204794941773275185711211206130361134875604609812811649452874332003866805473427708373329547516091672819022569300184729084448897691707139947053705234905346679611277243843727293068715"),
field_new!(Fq, "2416169158604010336818399199316106389588878314690767988978701685873498866746813334102117883272276610365242925950967572554030909749205624998805208910209389668659757274773858916683688639755413288353778854399286396639505385648830027756861"),
];
#[inline(always)]

97
cp6_782/src/fields/fq6.rs
View File

@@ -1,6 +1,5 @@
use crate::{Fq, Fq3, Fq3Parameters, FQ_ONE, FQ_ZERO};
use ark_ff::{
biginteger::BigInteger832 as BigInteger,
field_new,
fields::fp6_2over3::{Fp6, Fp6Parameters},
};
@@ -18,95 +17,11 @@ impl Fp6Parameters for Fq6Parameters {
#[rustfmt::skip]
const FROBENIUS_COEFF_FP6_C1: &'static [Fq] = &[
field_new!(Fq, BigInteger([
0x9b4e60b420910c71,
0xe068d7c83f284a6e,
0x1f708acc7c452c43,
0xeb2f6a66cca51856,
0x9acf675f886e9fcd,
0xb26885e567cc8082,
0x75d05357183eb61f,
0x24db4a09b5842a32,
0x85e64cf9ba4b14ae,
0xf311a6784358a588,
0xe8d431c061aecb4a,
0xd92c8b4aab19f288,
0x21d3,
])),
field_new!(Fq, BigInteger([
0x82e248051c9d1c4d,
0x9364dbda272d0ed,
0xfdcf25dede306877,
0x53d06582e3fe7159,
0xb431d48c27a7ce14,
0x7741dd7a33040c05,
0xca576276706c1de9,
0x18cceab60052df9f,
0x6f9ae1b18f011f6,
0x25df1559c0ee6289,
0x5b33ca416649679d,
0x33f7fc08b12d9590,
0x338f,
])),
field_new!(Fq, BigInteger([
0xe793e750fc0c0fdc,
0x28cd75f5634a867e,
0xde5e9b1261eb3c33,
0x68a0fb1c17595903,
0x19626d2c9f392e46,
0xc4d95794cb378b83,
0x54870f1f582d67c9,
0xf3f1a0ac4aceb56d,
0x811361215ea4fd47,
0x32cd6ee17d95bd00,
0x725f9881049a9c52,
0x5acb70be0613a307,
0x11bb,
])),
field_new!(Fq, BigInteger([
0x3f8019015b031e78,
0x73f4adf92ed4f7dc,
0xcea2d139e307fa73,
0xb1000be3461ee9f5,
0x8005cba5148fca6b,
0xa03b75925fcf929d,
0x35654371493da172,
0x5e312883cb75ad59,
0xe48bd6f4b7b72859,
0xc94b70f331124a9d,
0x84f67d2da39b18,
0xeba59af100dea197,
0x1674,
])),
field_new!(Fq, BigInteger([
0x57ec31b05ef70e9c,
0x4b273803cb8a715d,
0xf0443627811cbe40,
0x485f10c72ec590f1,
0x66a35e7875569c25,
0xdb621dfd9498071a,
0xe0de3451f11039a8,
0x6a3f87d780a6f7eb,
0x637875d359122b11,
0x967e0211b37c8d9d,
0x8e255dfc2908fec6,
0x90da2a32facafe8f,
0x4b9,
])),
field_new!(Fq, BigInteger([
0xf33a92647f881b0d,
0x2b900fcc0ab2bbcb,
0xfb4c0f3fd61ea84,
0x338e7b2dfb6aa948,
0x172c5d7fdc53bf3,
0x8dcaa3e2fc64879d,
0x56ae87a9094eefc8,
0x8f1ad1e1362b221e,
0xe95ec2cd135d3fbf,
0x898fa889f6d53325,
0x76f98fbc8ab7ca11,
0x6a06b57da5e4f118,
0x268d,
])),
field_new!(Fq, "1"),
field_new!(Fq, "2416169158604010336818399199316106389588878314690767988978701685873498866746813334102117883272276610365242925950967572554030909749205624998805208910209389668659757274773858916683688639755413288353778854399286396639505385648830027756862"),
field_new!(Fq, "2416169158604010336818399199316106389588878314690767988978701685873498866746813334102117883272276610365242925950967572554030909749205624998805208910209389668659757274773858916683688639755413288353778854399286396639505385648830027756861"),
field_new!(Fq, "22369874298875696930346742206501054934775599465297184582183496627646774052458024540232479018147881220178054575403841904557897715222633333372134756426301062487682326574958588001132586331462553235407484089304633076250782629492557320825576"),
field_new!(Fq, "19953705140271686593528343007184948545186721150606416593204794941773275185711211206130361134875604609812811649452874332003866805473427708373329547516091672819022569300184729084448897691707139947053705234905346679611277243843727293068715"),
field_new!(Fq, "19953705140271686593528343007184948545186721150606416593204794941773275185711211206130361134875604609812811649452874332003866805473427708373329547516091672819022569300184729084448897691707139947053705234905346679611277243843727293068716"),
];
}

7
cp6_782/src/fields/tests.rs
View File

@@ -1,10 +1,11 @@
use ark_ff::{test_rng, Field, PrimeField};
use ark_ff::{Field, PrimeField};
use ark_serialize::{buffer_bit_byte_size, CanonicalSerialize};
use rand::Rng;
use ark_std::rand::Rng;
use ark_std::test_rng;
use crate::*;
use ark_curve_tests::fields::*;
use ark_algebra_test_templates::fields::*;
#[test]
fn test_fr() {

2
cp6_782/src/lib.rs
View File

@@ -8,7 +8,7 @@
)]
#![forbid(unsafe_code)]
//! This library implements the CP6_782 curve generated in [[BCGMMW20, “Zexe”]](https://eprint.iacr.org/2018/962).
//! This library implements the CP6_782 curve generated in [\[BCGMMW20, “Zexe”\]](https://eprint.iacr.org/2018/962).
//! The name denotes that it was generated using the Cocks--Pinch method for the embedding degree 6.
//! The main feature of this curve is that the scalar field equals the base field of the BLS12_377 curve.
//!

103
curve-benches/Cargo.toml
View File

@@ -1,19 +1,20 @@
[package]
name = "ark-curve-benches"
version = "0.1.1-alpha.0"
version = "0.3.0"
authors = [
"Sean Bowe",
"Alessandro Chiesa",
"Matthew Green",
"Ian Miers",
"Pratyush Mishra",
"Howard Wu"
"Howard Wu",
"Daira Hopwood"
]
description = "A benchmark library for finite fields and elliptic curves"
homepage = "https://arkworks.rs"
repository = "https://github.com/arkworks-rs/algebra"
repository = "https://github.com/arkworks-rs/curves"
documentation = "https://docs.rs/algebra/"
keywords = ["cryptography", "finite fields", "elliptic curves", "pairing"]
keywords = ["cryptography", "finite-fields", "elliptic-curves", "pairing"]
categories = ["cryptography"]
include = ["Cargo.toml", "src", "README.md", "LICENSE-APACHE", "LICENSE-MIT"]
license = "MIT/Apache-2.0"
@@ -24,27 +25,91 @@ build = "build.rs"
################################# Dependencies ################################
[dependencies]
ark-ec = { git = "https://github.com/arkworks-rs/algebra" }
ark-ff = { git = "https://github.com/arkworks-rs/algebra" }
ark-serialize = { git = "https://github.com/arkworks-rs/algebra" }
bencher = { version = "0.1.5" }
ark-mnt4-298 = { path = "../mnt4_298", optional = true }
ark-mnt6-298 = { path = "../mnt6_298", optional = true }
ark-mnt4-753 = { path = "../mnt4_753", optional = true }
ark-mnt6-753 = { path = "../mnt6_753", optional = true }
ark-bn254 = { path = "../bn254", default-features = false, optional = true }
ark-bls12-377 = { path = "../bls12_377", optional = true }
ark-bls12-381 = { path = "../bls12_381", optional = true }
ark-bw6-761 = { path = "../bw6_761", optional = true }
ark-cp6-782 = { path = "../cp6_782", optional = true }
[dev-dependencies]
ark-std = { version = "^0.3.0", default-features = false }
ark-ec = { version = "^0.3.0", default-features = false }
ark-ff = { version = "^0.3.0", default-features = false }
ark-serialize = { version = "^0.3.0", default-features = false }
rand = "0.7"
rand_xorshift = { version = "0.2" }
paste = "1.0"
ark-mnt4-298 = { path = "../mnt4_298" }
ark-mnt6-298 = { path = "../mnt6_298" }
ark-mnt4-753 = { path = "../mnt4_753" }
ark-mnt6-753 = { path = "../mnt6_753" }
ark-bn254 = { path = "../bn254" }
ark-bls12-377 = { path = "../bls12_377" }
ark-bls12-381 = { path = "../bls12_381" }
ark-ed-on-bls12-381 = { path = "../ed_on_bls12_381" }
ark-bw6-761 = { path = "../bw6_761" }
ark-cp6-782 = { path = "../cp6_782" }
ark-pallas = { path = "../pallas" }
ark-vesta = { path = "../vesta" }
[features]
asm = [ "ark-ff/asm"]
parallel = [ "ark-ff/parallel", "ark-ec/parallel", ]
n_fold = []
[build-dependencies]
rustc_version = "0.2"
[[bench]]
name = "bls12_377"
path = "benches/bls12_377.rs"
harness = false
[[bench]]
name = "bls12_381"
path = "benches/bls12_381.rs"
harness = false
[[bench]]
name = "bn254"
path = "benches/bn254.rs"
harness = false
[[bench]]
name = "bw6_761"
path = "benches/bw6_761.rs"
harness = false
[[bench]]
name = "cp6_782"
path = "benches/cp6_782.rs"
harness = false
[[bench]]
name = "ed_on_bls12_381"
path = "benches/ed_on_bls12_381.rs"
harness = false
[[bench]]
name = "mnt4_298"
path = "benches/mnt4_298.rs"
harness = false
[[bench]]
name = "mnt6_298"
path = "benches/mnt6_298.rs"
harness = false
[[bench]]
name = "mnt4_753"
path = "benches/mnt4_753.rs"
harness = false
[[bench]]
name = "mnt6_753"
path = "benches/mnt6_753.rs"
harness = false
[[bench]]
name = "pallas"
path = "benches/pallas.rs"
harness = false
[[bench]]
name = "vesta"
path = "benches/vesta.rs"
harness = false

30
curve-benches/benches/bls12_377.rs Normal file
View File

@@ -0,0 +1,30 @@
use ark_curve_benches::*;
use ark_std::ops::{AddAssign, MulAssign, SubAssign};
use ark_bls12_377::{
fq::Fq, fq2::Fq2, fr::Fr, Bls12_377, Fq12, G1Affine, G1Projective as G1, G2Affine,
G2Projective as G2,
};
use ark_ec::{PairingEngine, ProjectiveCurve};
use ark_ff::{
biginteger::{BigInteger256 as FrRepr, BigInteger384 as FqRepr},
BigInteger, Field, PrimeField, SquareRootField, UniformRand,
};
mod g1 {
use super::*;
ec_bench!(G1, G1Affine);
}
mod g2 {
use super::*;
ec_bench!(G2, G2Affine);
}
f_bench!(Fq, Fq, FqRepr, FqRepr, fq);
f_bench!(Fr, Fr, FrRepr, FrRepr, fr);
f_bench!(extension, Fq2, Fq2, fq2);
f_bench!(target, Fq12, Fq12, fq12);
pairing_bench!(Bls12_377, Fq12);
bencher::benchmark_main!(fq, fr, fq2, fq12, g1::group_ops, g2::group_ops, pairing);

30
curve-benches/benches/bls12_381.rs Normal file
View File

@@ -0,0 +1,30 @@
use ark_curve_benches::*;
use ark_std::ops::{AddAssign, MulAssign, SubAssign};
use ark_bls12_381::{
fq::Fq, fq2::Fq2, fr::Fr, Bls12_381, Fq12, G1Affine, G1Projective as G1, G2Affine,
G2Projective as G2,
};
use ark_ec::{PairingEngine, ProjectiveCurve};
use ark_ff::{
biginteger::{BigInteger256 as FrRepr, BigInteger384 as FqRepr},
BigInteger, Field, PrimeField, SquareRootField, UniformRand,
};
mod g1 {
use super::*;
ec_bench!(G1, G1Affine);
}
mod g2 {
use super::*;
ec_bench!(G2, G2Affine);
}
f_bench!(Fq, Fq, FqRepr, FqRepr, fq);
f_bench!(Fr, Fr, FrRepr, FrRepr, fr);
f_bench!(extension, Fq2, Fq2, fq2);
f_bench!(target, Fq12, Fq12, fq12);
pairing_bench!(Bls12_381, Fq12);
bencher::benchmark_main!(fq, fr, fq2, fq12, g1::group_ops, g2::group_ops, pairing);

30
curve-benches/benches/bn254.rs Normal file
View File

@@ -0,0 +1,30 @@
use ark_curve_benches::*;
use ark_std::ops::{AddAssign, MulAssign, SubAssign};
use ark_bn254::{
fq::Fq, fq2::Fq2, fr::Fr, Bn254, Fq12, G1Affine, G1Projective as G1, G2Affine,
G2Projective as G2,
};
use ark_ec::{PairingEngine, ProjectiveCurve};
use ark_ff::{
biginteger::{BigInteger256 as FrRepr, BigInteger256 as FqRepr},
BigInteger, Field, PrimeField, SquareRootField, UniformRand,
};
mod g1 {
use super::*;
ec_bench!(G1, G1Affine);
}
mod g2 {
use super::*;
ec_bench!(G2, G2Affine);
}
f_bench!(Fq, Fq, FqRepr, FqRepr, fq);
f_bench!(Fr, Fr, FrRepr, FrRepr, fr);
f_bench!(extension, Fq2, Fq2, fq2);
f_bench!(target, Fq12, Fq12, fq12);
pairing_bench!(Bn254, Fq12);
bencher::benchmark_main!(fq, fr, fq2, fq12, g1::group_ops, g2::group_ops, pairing);

29
curve-benches/benches/bw6_761.rs Normal file
View File

@@ -0,0 +1,29 @@
use ark_curve_benches::*;
use ark_std::ops::{AddAssign, MulAssign, SubAssign};
use ark_bw6_761::{
fq::Fq, fq3::Fq3, fr::Fr, Fq6, G1Affine, G1Projective as G1, G2Affine, G2Projective as G2,
BW6_761,
};
use ark_ec::{PairingEngine, ProjectiveCurve};
use ark_ff::{
biginteger::{BigInteger384 as FrRepr, BigInteger768 as FqRepr},
BigInteger, Field, PrimeField, SquareRootField, UniformRand,
};
mod g1 {
use super::*;
ec_bench!(G1, G1Affine);
}
mod g2 {
use super::*;
ec_bench!(G2, G2Affine);
}
f_bench!(extension, Fq3, Fq3, fq3);
f_bench!(target, Fq6, Fq6, fq6);
f_bench!(Fq, Fq, FqRepr, FqRepr, fq);
f_bench!(Fr, Fr, FrRepr, FrRepr, fr);
pairing_bench!(BW6_761, Fq6);
bencher::benchmark_main!(fq, fr, fq3, fq6, g1::group_ops, g2::group_ops, pairing);

29
curve-benches/benches/cp6_782.rs Normal file
View File

@@ -0,0 +1,29 @@
use ark_curve_benches::*;
use ark_std::ops::{AddAssign, MulAssign, SubAssign};
use ark_cp6_782::{
fq::Fq, fq3::Fq3, fr::Fr, Fq6, G1Affine, G1Projective as G1, G2Affine, G2Projective as G2,
CP6_782,
};
use ark_ec::{PairingEngine, ProjectiveCurve};
use ark_ff::{
biginteger::{BigInteger384 as FrRepr, BigInteger832 as FqRepr},
BigInteger, Field, PrimeField, SquareRootField, UniformRand,
};
mod g1 {
use super::*;
ec_bench!(G1, G1Affine);
}
mod g2 {
use super::*;
ec_bench!(G2, G2Affine);
}
f_bench!(extension, Fq3, Fq3, fq3);
f_bench!(target, Fq6, Fq6, fq6);
f_bench!(Fq, Fq, FqRepr, FqRepr, fq);
f_bench!(Fr, Fr, FrRepr, FrRepr, fr);
pairing_bench!(CP6_782, Fq6);
bencher::benchmark_main!(fq, fr, fq3, fq6, g1::group_ops, g2::group_ops, pairing);

19
curve-benches/benches/ed_on_bls12_381.rs Normal file
View File

@@ -0,0 +1,19 @@
use ark_curve_benches::*;
use ark_std::ops::{AddAssign, MulAssign, SubAssign};
use ark_ec::ProjectiveCurve;
use ark_ed_on_bls12_381::{fq::Fq, fr::Fr, EdwardsAffine as GAffine, EdwardsProjective as G};
use ark_ff::{
biginteger::{BigInteger256 as FrRepr, BigInteger256 as FqRepr},
BigInteger, Field, PrimeField, SquareRootField, UniformRand,
};
mod g {
use super::*;
ec_bench!(G, GAffine);
}
f_bench!(Fq, Fq, FqRepr, FqRepr, fq);
f_bench!(Fr, Fr, FrRepr, FrRepr, fr);
bencher::benchmark_main!(fq, fr, g::group_ops);

29
curve-benches/benches/mnt4_298.rs Normal file
View File

@@ -0,0 +1,29 @@
use ark_curve_benches::*;
use ark_std::ops::{AddAssign, MulAssign, SubAssign};
use ark_ec::{PairingEngine, ProjectiveCurve};
use ark_ff::{
biginteger::BigInteger320 as FqRepr, BigInteger, Field, PrimeField, SquareRootField,
UniformRand,
};
use ark_mnt4_298::{
fq::Fq, fq2::Fq2, fr::Fr, Fq4, G1Affine, G1Projective as G1, G2Affine, G2Projective as G2,
MNT4_298,
};
mod g1 {
use super::*;
ec_bench!(G1, G1Affine);
}
mod g2 {
use super::*;
ec_bench!(G2, G2Affine);
}
f_bench!(extension, Fq2, Fq2, fq2);
f_bench!(target, Fq4, Fq4, fq4);
f_bench!(Fq, Fq, FqRepr, FqRepr, fq);
f_bench!(Fr, Fr, FqRepr, FqRepr, fr);
pairing_bench!(MNT4_298, Fq4);
bencher::benchmark_main!(fq, fr, fq2, fq4, g1::group_ops, g2::group_ops, pairing);

29
curve-benches/benches/mnt4_753.rs Normal file
View File

@@ -0,0 +1,29 @@
use ark_curve_benches::*;
use ark_std::ops::{AddAssign, MulAssign, SubAssign};
use ark_ec::{PairingEngine, ProjectiveCurve};
use ark_ff::{
biginteger::BigInteger768 as FqRepr, BigInteger, Field, PrimeField, SquareRootField,
UniformRand,
};
use ark_mnt4_753::{
fq::Fq, fq2::Fq2, fr::Fr, Fq4, G1Affine, G1Projective as G1, G2Affine, G2Projective as G2,
MNT4_753,
};
mod g1 {
use super::*;
ec_bench!(G1, G1Affine);
}
mod g2 {
use super::*;
ec_bench!(G2, G2Affine);
}
f_bench!(extension, Fq2, Fq2, fq2);
f_bench!(target, Fq4, Fq4, fq4);
f_bench!(Fq, Fq, FqRepr, FqRepr, fq);
f_bench!(Fr, Fr, FqRepr, FqRepr, fr);
pairing_bench!(MNT4_753, Fq4);
bencher::benchmark_main!(fq, fr, fq2, fq4, g1::group_ops, g2::group_ops, pairing);

29
curve-benches/benches/mnt6_298.rs Normal file
View File

@@ -0,0 +1,29 @@
use ark_curve_benches::*;
use ark_std::ops::{AddAssign, MulAssign, SubAssign};
use ark_ec::{PairingEngine, ProjectiveCurve};
use ark_ff::{
biginteger::BigInteger320 as FqRepr, BigInteger, Field, PrimeField, SquareRootField,
UniformRand,
};
use ark_mnt6_298::{
fq::Fq, fq3::Fq3, fr::Fr, Fq6, G1Affine, G1Projective as G1, G2Affine, G2Projective as G2,
MNT6_298,
};
mod g1 {
use super::*;
ec_bench!(G1, G1Affine);
}
mod g2 {
use super::*;
ec_bench!(G2, G2Affine);
}
f_bench!(extension, Fq3, Fq3, fq3);
f_bench!(target, Fq6, Fq6, fq6);
f_bench!(Fq, Fq, FqRepr, FqRepr, fq);
f_bench!(Fr, Fr, FqRepr, FqRepr, fr);
pairing_bench!(MNT6_298, Fq6);
bencher::benchmark_main!(fq, fr, fq3, fq6, g1::group_ops, g2::group_ops, pairing);

29
curve-benches/benches/mnt6_753.rs Normal file
View File

@@ -0,0 +1,29 @@
use ark_curve_benches::*;
use ark_std::ops::{AddAssign, MulAssign, SubAssign};
use ark_ec::{PairingEngine, ProjectiveCurve};
use ark_ff::{
biginteger::BigInteger768 as FqRepr, BigInteger, Field, PrimeField, SquareRootField,
UniformRand,
};
use ark_mnt6_753::{
fq::Fq, fq3::Fq3, fr::Fr, Fq6, G1Affine, G1Projective as G1, G2Affine, G2Projective as G2,
MNT6_753,
};
mod g1 {
use super::*;
ec_bench!(G1, G1Affine);
}
mod g2 {
use super::*;
ec_bench!(G2, G2Affine);
}
f_bench!(extension, Fq3, Fq3, fq3);
f_bench!(target, Fq6, Fq6, fq6);
f_bench!(Fq, Fq, FqRepr, FqRepr, fq);
f_bench!(Fr, Fr, FqRepr, FqRepr, fr);
pairing_bench!(MNT6_753, Fq6);
bencher::benchmark_main!(fq, fr, fq3, fq6, g1::group_ops, g2::group_ops, pairing);

19
curve-benches/benches/pallas.rs Normal file
View File

@@ -0,0 +1,19 @@
use ark_curve_benches::*;
use ark_std::ops::{AddAssign, MulAssign, SubAssign};
use ark_ec::ProjectiveCurve;
use ark_ff::{
biginteger::{BigInteger256 as FrRepr, BigInteger256 as FqRepr},
BigInteger, Field, PrimeField, SquareRootField, UniformRand,
};
use ark_pallas::{fq::Fq, fr::Fr, Affine as GAffine, Projective as G};
mod g {
use super::*;
ec_bench!(G, GAffine);
}
f_bench!(Fq, Fq, FqRepr, FqRepr, fq);
f_bench!(Fr, Fr, FrRepr, FrRepr, fr);
bencher::benchmark_main!(fq, fr, g::group_ops);

19
curve-benches/benches/vesta.rs Normal file
View File

@@ -0,0 +1,19 @@
use ark_curve_benches::*;
use ark_std::ops::{AddAssign, MulAssign, SubAssign};
use ark_ec::ProjectiveCurve;
use ark_ff::{
biginteger::{BigInteger256 as FrRepr, BigInteger256 as FqRepr},
BigInteger, Field, PrimeField, SquareRootField, UniformRand,
};
use ark_vesta::{fq::Fq, fr::Fr, Affine as GAffine, Projective as G};
mod g {
use super::*;
ec_bench!(G, GAffine);
}
f_bench!(Fq, Fq, FqRepr, FqRepr, fq);
f_bench!(Fr, Fr, FrRepr, FrRepr, fr);
bencher::benchmark_main!(fq, fr, g::group_ops);

23
curve-benches/src/curves/bls12_377.rs
View File

@@ -1,23 +0,0 @@
use rand::SeedableRng;
use rand_xorshift::XorShiftRng;
use std::ops::{AddAssign, MulAssign, SubAssign};
use ark_bls12_377::bls12_377::{
fq::Fq, fq2::Fq2, fr::Fr, Bls12_377, Fq12, G1Affine, G1Projective as G1, G2Affine,
G2Projective as G2, Parameters,
};
use ark_ec::{
bls12::{G1Prepared, G2Prepared},
PairingEngine, ProjectiveCurve,
};
use ark_ff::{
biginteger::{BigInteger256 as FrRepr, BigInteger384 as FqRepr},
BigInteger, Field, PrimeField, SquareRootField, UniformRand,
};
ec_bench!();
f_bench!(1, Fq2, Fq2, fq2);
f_bench!(2, Fq12, Fq12, fq12);
f_bench!(Fq, Fq, FqRepr, FqRepr, fq);
f_bench!(Fr, Fr, FrRepr, FrRepr, fr);
pairing_bench!(Bls12_377, Fq12, prepared_v);

23
curve-benches/src/curves/bls12_381.rs
View File

@@ -1,23 +0,0 @@
use rand::SeedableRng;
use rand_xorshift::XorShiftRng;
use std::ops::{AddAssign, MulAssign, SubAssign};
use ark_bls12_381::bls12_381::{
fq::Fq, fq2::Fq2, fr::Fr, Bls12_381, Fq12, G1Affine, G1Projective as G1, G2Affine,
G2Projective as G2, Parameters,
};
use ark_ec::{
bls12::{G1Prepared, G2Prepared},
PairingEngine, ProjectiveCurve,
};
use ark_ff::{
biginteger::{BigInteger256 as FrRepr, BigInteger384 as FqRepr},
BigInteger, Field, PrimeField, SquareRootField, UniformRand,
};
ec_bench!();
f_bench!(1, Fq2, Fq2, fq2);
f_bench!(2, Fq12, Fq12, fq12);
f_bench!(Fq, Fq, FqRepr, FqRepr, fq);
f_bench!(Fr, Fr, FrRepr, FrRepr, fr);
pairing_bench!(Bls12_381, Fq12, prepared_v);

23
curve-benches/src/curves/bn254.rs
View File

@@ -1,23 +0,0 @@
use rand::SeedableRng;
use rand_xorshift::XorShiftRng;
use std::ops::{AddAssign, MulAssign, SubAssign};
use ark_ec::{
bn::{G1Prepared, G2Prepared},
PairingEngine, ProjectiveCurve,
};
use ark_ef::{
biginteger::{BigInteger256 as FrRepr, BigInteger256 as FqRepr},
BigInteger, Field, PrimeField, SquareRootField, UniformRand,
};
use ark_en254::bn254::{
fq::Fq, fq2::Fq2, fr::Fr, Bls12_381, Fq12, G1Affine, G1Projective as G1, G2Affine,
G2Projective as G2, Parameters,
};
ec_bench!();
f_bench!(1, Fq2, Fq2, fq2);
f_bench!(2, Fq12, Fq12, fq12);
f_bench!(Fq, Fq, FqRepr, FqRepr, fq);
f_bench!(Fr, Fr, FrRepr, FrRepr, fr);
pairing_bench!(Bn254, Fq12, prepared_v);

23
curve-benches/src/curves/bw6_761.rs
View File

@@ -1,23 +0,0 @@
use rand::SeedableRng;
use rand_xorshift::XorShiftRng;
use std::ops::{AddAssign, MulAssign, SubAssign};
use ark_bls12_377::bw6_761::{
fq::Fq, fq3::Fq3, fr::Fr, Fq6, G1Affine, G1Projective as G1, G2Affine, G2Projective as G2,
Parameters, BW6_761,
};
use ark_ec::{
bw6::{G1Prepared, G2Prepared},
PairingEngine, ProjectiveCurve,
};
use ark_ff::{
biginteger::{BigInteger384 as FrRepr, BigInteger768 as FqRepr},
BigInteger, Field, PrimeField, SquareRootField, UniformRand,
};
ec_bench!();
f_bench!(1, Fq3, Fq3, fq3);
f_bench!(2, Fq6, Fq6, fq6);
f_bench!(Fq, Fq, FqRepr, FqRepr, fq);
f_bench!(Fr, Fr, FrRepr, FrRepr, fr);
pairing_bench!(BW6_761, Fq6, prepared_v);

20
curve-benches/src/curves/cp6_782.rs
View File

@@ -1,20 +0,0 @@
use rand::SeedableRng;
use rand_xorshift::XorShiftRng;
use std::ops::{AddAssign, MulAssign, SubAssign};
use ark_bls12_377::cp6_782::{
fq::Fq, fq3::Fq3, fr::Fr, Fq6, G1Affine, G1Projective as G1, G2Affine, G2Projective as G2,
CP6_782,
};
use ark_ec::{PairingEngine, ProjectiveCurve};
use ark_ff::{
biginteger::{BigInteger384 as FrRepr, BigInteger832 as FqRepr},
BigInteger, Field, PrimeField, SquareRootField, UniformRand,
};
ec_bench!();
f_bench!(1, Fq3, Fq3, fq3);
f_bench!(2, Fq6, Fq6, fq6);
f_bench!(Fq, Fq, FqRepr, FqRepr, fq);
f_bench!(Fr, Fr, FrRepr, FrRepr, fr);
pairing_bench!(CP6_782, Fq6, affine_v);

22
curve-benches/src/curves/mnt4_298.rs
View File

@@ -1,22 +0,0 @@
use rand::SeedableRng;
use rand_xorshift::XorShiftRng;
use std::ops::{AddAssign, MulAssign, SubAssign};
use ark_ec::{
mnt4::{G1Prepared, G2Prepared},
PairingEngine, ProjectiveCurve,
};
use ark_ff::{
biginteger::BigInteger320 as FqRepr, BigInteger, Field, PrimeField, SquareRootField,
UniformRand,
};
use ark_mnt_298::mnt4_298::{
fq::Fq, fq2::Fq2, fr::Fr, Fq4, G1Affine, G1Projective as G1, G2Affine, G2Projective as G2,
Parameters, MNT4_298,
};
ec_bench!();
f_bench!(1, Fq2, Fq2, fq2);
f_bench!(2, Fq4, Fq4, fq4);
f_bench!(Fq, Fq, FqRepr, FqRepr, fq);
pairing_bench!(MNT4_298, Fq4, prepared_v);

22
curve-benches/src/curves/mnt4_753.rs
View File

@@ -1,22 +0,0 @@
use rand::SeedableRng;
use rand_xorshift::XorShiftRng;
use std::ops::{AddAssign, MulAssign, SubAssign};
use ark_ec::{
mnt4::{G1Prepared, G2Prepared},
PairingEngine, ProjectiveCurve,
};
use ark_ff::{
biginteger::BigInteger768 as FqRepr, BigInteger, Field, PrimeField, SquareRootField,
UniformRand,
};
use ark_mnt_753::mnt4_753::{
fq::Fq, fq2::Fq2, fr::Fr, Fq4, G1Affine, G1Projective as G1, G2Affine, G2Projective as G2,
Parameters, MNT4_753,
};
ec_bench!();
f_bench!(1, Fq2, Fq2, fq2);
f_bench!(2, Fq4, Fq4, fq4);
f_bench!(Fq, Fq, FqRepr, FqRepr, fq);
pairing_bench!(MNT4_753, Fq4, prepared_v);

22
curve-benches/src/curves/mnt6_298.rs
View File

@@ -1,22 +0,0 @@
use rand::SeedableRng;
use rand_xorshift::XorShiftRng;
use std::ops::{AddAssign, MulAssign, SubAssign};
use ark_ec::{
mnt6::{G1Prepared, G2Prepared},
PairingEngine, ProjectiveCurve,
};
use ark_ff::{
biginteger::BigInteger320 as FqRepr, BigInteger, Field, PrimeField, SquareRootField,
UniformRand,
};
use ark_mnt_298::mnt6_298::{
fq::Fq, fq3::Fq3, fr::Fr, Fq6, G1Affine, G1Projective as G1, G2Affine, G2Projective as G2,
Parameters, MNT6_298,
};
ec_bench!();
f_bench!(1, Fq3, Fq3, fq3);
f_bench!(2, Fq6, Fq6, fq6);
f_bench!(Fq, Fq, FqRepr, FqRepr, fq);
pairing_bench!(MNT6_298, Fq6, prepared_v);

22
curve-benches/src/curves/mnt6_753.rs
View File

@@ -1,22 +0,0 @@
use rand::SeedableRng;
use rand_xorshift::XorShiftRng;
use std::ops::{AddAssign, MulAssign, SubAssign};
use ark_ec::{
mnt6::{G1Prepared, G2Prepared},
PairingEngine, ProjectiveCurve,
};
use ark_ff::{
biginteger::BigInteger768 as FqRepr, BigInteger, Field, PrimeField, SquareRootField,
UniformRand,
};
use ark_mnt_753::mnt6_753::{
fq::Fq, fq3::Fq3, fr::Fr, Fq6, G1Affine, G1Projective as G1, G2Affine, G2Projective as G2,
Parameters, MNT6_753,
};
ec_bench!();
f_bench!(1, Fq3, Fq3, fq3);
f_bench!(2, Fq6, Fq6, fq6);
f_bench!(Fq, Fq, FqRepr, FqRepr, fq);
pairing_bench!(MNT6_753, Fq6, prepared_v);

18
curve-benches/src/curves/mod.rs
View File

@@ -1,18 +0,0 @@
#[cfg(feature = "bls12_377")]
mod bls12_377;
#[cfg(feature = "bls12_381")]
mod bls12_381;
#[cfg(feature = "bn254")]
mod bn254;
#[cfg(feature = "bw6_761")]
mod bw6_761;
#[cfg(feature = "cp6_782")]
mod cp6_782;
#[cfg(feature = "mnt4_298")]
mod mnt4_298;
#[cfg(feature = "mnt4_753")]
mod mnt4_753;
#[cfg(feature = "mnt6_298")]
mod mnt6_298;
#[cfg(feature = "mnt6_753")]
mod mnt6_753;

12
curve-benches/src/lib.rs
View File

@@ -1,12 +1,8 @@
#![cfg_attr(nightly, feature(test))]
#![allow(unused_macros, unused_imports)]
#[cfg(nightly)]
extern crate test;
#[cfg(all(nightly, test))]
#[macro_use]
pub mod macros;
pub use macros::*;
#[cfg(all(nightly, test))]
mod curves;
#[macro_use]
pub extern crate bencher;
pub use bencher::*;

316
curve-benches/src/macros/ec.rs
View File

@@ -1,19 +1,18 @@
#[macro_export]
macro_rules! ec_bench {
() => {
#[bench]
fn bench_g1_rand(b: &mut ::test::Bencher) {
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
b.iter(|| G1::rand(&mut rng));
($projective:ty, $affine:ty) => {
fn rand(b: &mut $crate::bencher::Bencher) {
let mut rng = ark_std::test_rng();
b.iter(|| <$projective>::rand(&mut rng));
}
#[bench]
fn bench_g1_mul_assign(b: &mut ::test::Bencher) {
fn mul_assign(b: &mut $crate::bencher::Bencher) {
const SAMPLES: usize = 1000;
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let mut rng = ark_std::test_rng();
let v: Vec<(G1, Fr)> = (0..SAMPLES)
.map(|_| (G1::rand(&mut rng), Fr::rand(&mut rng)))
let v: Vec<($projective, Fr)> = (0..SAMPLES)
.map(|_| (<$projective>::rand(&mut rng), Fr::rand(&mut rng)))
.collect();
let mut count = 0;
@@ -25,14 +24,13 @@ macro_rules! ec_bench {
});
}
#[bench]
fn bench_g1_add_assign(b: &mut ::test::Bencher) {
fn add_assign(b: &mut $crate::bencher::Bencher) {
const SAMPLES: usize = 1000;
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let mut rng = ark_std::test_rng();
let v: Vec<(G1, G1)> = (0..SAMPLES)
.map(|_| (G1::rand(&mut rng), G1::rand(&mut rng)))
let v: Vec<($projective, $projective)> = (0..SAMPLES)
.map(|_| (<$projective>::rand(&mut rng), <$projective>::rand(&mut rng)))
.collect();
let mut count = 0;
@@ -44,14 +42,54 @@ macro_rules! ec_bench {
});
}
#[bench]
fn bench_g1_add_assign_mixed(b: &mut ::test::Bencher) {
fn sub_assign(b: &mut $crate::bencher::Bencher) {
const SAMPLES: usize = 1000;
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let mut rng = ark_std::test_rng();
let v: Vec<(G1, G1Affine)> = (0..SAMPLES)
.map(|_| (G1::rand(&mut rng), G1::rand(&mut rng).into()))
let v: Vec<($projective, $projective)> = (0..SAMPLES)
.map(|_| (<$projective>::rand(&mut rng), <$projective>::rand(&mut rng)))
.collect();
let mut count = 0;
b.iter(|| {
let mut tmp = v[count].0;
n_fold!(tmp, v, sub_assign, count);
count = (count + 1) % SAMPLES;
tmp
});
}
fn double(b: &mut $crate::bencher::Bencher) {
const SAMPLES: usize = 1000;
let mut rng = ark_std::test_rng();
let v: Vec<$projective> = (0..SAMPLES)
.map(|_| <$projective>::rand(&mut rng))
.collect();
let mut count = 0;
b.iter(|| {
let mut tmp = v[count];
n_fold!(tmp, double_in_place);
count = (count + 1) % SAMPLES;
tmp
});
}
fn add_assign_mixed(b: &mut $crate::bencher::Bencher) {
const SAMPLES: usize = 1000;
let mut rng = ark_std::test_rng();
let v: Vec<($projective, $affine)> = (0..SAMPLES)
.map(|_| {
(
<$projective>::rand(&mut rng),
<$projective>::rand(&mut rng).into(),
)
})
.collect();
let mut count = 0;
@@ -63,35 +101,15 @@ macro_rules! ec_bench {
});
}
#[bench]
fn bench_g1_double(b: &mut ::test::Bencher) {
const SAMPLES: usize = 1000;
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let v: Vec<(G1, G1)> = (0..SAMPLES)
.map(|_| (G1::rand(&mut rng), G1::rand(&mut rng)))
.collect();
let mut count = 0;
b.iter(|| {
let mut tmp = v[count].0;
n_fold!(tmp, double_in_place);
count = (count + 1) % SAMPLES;
tmp
});
}
#[bench]
fn bench_g1_deser(b: &mut ::test::Bencher) {
fn deser(b: &mut $crate::bencher::Bencher) {
use ark_ec::ProjectiveCurve;
use ark_serialize::{CanonicalDeserialize, CanonicalSerialize};
const SAMPLES: usize = 1000;
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let mut rng = ark_std::test_rng();
let mut num_bytes = 0;
let tmp = G1::rand(&mut rng).into_affine();
let tmp = <$projective>::rand(&mut rng).into_affine();
let v: Vec<_> = (0..SAMPLES)
.flat_map(|_| {
let mut bytes = Vec::with_capacity(1000);
@@ -105,20 +123,21 @@ macro_rules! ec_bench {
b.iter(|| {
count = (count + 1) % SAMPLES;
let index = count * num_bytes;
G1Affine::deserialize(&v[index..(index + num_bytes)]).unwrap()
<$affine>::deserialize(&v[index..(index + num_bytes)]).unwrap()
});
}
#[bench]
fn bench_g1_ser(b: &mut ::test::Bencher) {
fn ser(b: &mut $crate::bencher::Bencher) {
use ark_ec::ProjectiveCurve;
use ark_serialize::CanonicalSerialize;
const SAMPLES: usize = 1000;
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let mut rng = ark_std::test_rng();
let mut v: Vec<_> = (0..SAMPLES).map(|_| G1::rand(&mut rng)).collect();
let v = G1::batch_normalization_into_affine(v.as_mut_slice());
let mut v: Vec<_> = (0..SAMPLES)
.map(|_| <$projective>::rand(&mut rng))
.collect();
let v = <$projective>::batch_normalization_into_affine(v.as_mut_slice());
let mut bytes = Vec::with_capacity(1000);
let mut count = 0;
@@ -130,16 +149,15 @@ macro_rules! ec_bench {
});
}
#[bench]
fn bench_g1_deser_unchecked(b: &mut ::test::Bencher) {
fn deser_unchecked(b: &mut $crate::bencher::Bencher) {
use ark_ec::ProjectiveCurve;
use ark_serialize::{CanonicalDeserialize, CanonicalSerialize};
const SAMPLES: usize = 1000;
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let mut rng = ark_std::test_rng();
let mut num_bytes = 0;
let tmp = G1::rand(&mut rng).into_affine();
let tmp = <$projective>::rand(&mut rng).into_affine();
let v: Vec<_> = (0..SAMPLES)
.flat_map(|_| {
let mut bytes = Vec::with_capacity(1000);
@@ -153,19 +171,20 @@ macro_rules! ec_bench {
b.iter(|| {
count = (count + 1) % SAMPLES;
let index = count * num_bytes;
G1Affine::deserialize_unchecked(&v[index..(index + num_bytes)]).unwrap()
<$affine>::deserialize_unchecked(&v[index..(index + num_bytes)]).unwrap()
});
}
#[bench]
fn bench_g1_ser_unchecked(b: &mut ::test::Bencher) {
fn ser_unchecked(b: &mut $crate::bencher::Bencher) {
use ark_serialize::{CanonicalDeserialize, CanonicalSerialize};
const SAMPLES: usize = 1000;
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let mut rng = ark_std::test_rng();
let mut v: Vec<_> = (0..SAMPLES).map(|_| G1::rand(&mut rng)).collect();
let v = G1::batch_normalization_into_affine(v.as_mut_slice());
let mut v: Vec<_> = (0..SAMPLES)
.map(|_| <$projective>::rand(&mut rng))
.collect();
let v = <$projective>::batch_normalization_into_affine(v.as_mut_slice());
let mut bytes = Vec::with_capacity(1000);
let mut count = 0;
@@ -177,102 +196,19 @@ macro_rules! ec_bench {
});
}
#[bench]
fn bench_g2_rand(b: &mut ::test::Bencher) {
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
b.iter(|| G2::rand(&mut rng));
}
#[bench]
fn bench_g2_mul_assign(b: &mut ::test::Bencher) {
const SAMPLES: usize = 1000;
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let v: Vec<(G2, Fr)> = (0..SAMPLES)
.map(|_| (G2::rand(&mut rng), Fr::rand(&mut rng)))
.collect();
let mut count = 0;
b.iter(|| {
let mut tmp = v[count].0;
tmp *= v[count].1;
count = (count + 1) % SAMPLES;
tmp
});
}
#[bench]
fn bench_g2_add_assign(b: &mut ::test::Bencher) {
const SAMPLES: usize = 1000;
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let v: Vec<(G2, G2)> = (0..SAMPLES)
.map(|_| (G2::rand(&mut rng), G2::rand(&mut rng)))
.collect();
let mut count = 0;
b.iter(|| {
let mut tmp = v[count].0;
tmp.add_assign(&v[count].1);
count = (count + 1) % SAMPLES;
tmp
});
}
#[bench]
fn bench_g2_add_assign_mixed(b: &mut ::test::Bencher) {
const SAMPLES: usize = 1000;
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let v: Vec<(G2, G2Affine)> = (0..SAMPLES)
.map(|_| (G2::rand(&mut rng), G2::rand(&mut rng).into()))
.collect();
let mut count = 0;
b.iter(|| {
let mut tmp = v[count].0;
tmp.add_assign_mixed(&v[count].1);
count = (count + 1) % SAMPLES;
tmp
});
}
#[bench]
fn bench_g2_double(b: &mut ::test::Bencher) {
const SAMPLES: usize = 1000;
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let v: Vec<(G2, G2)> = (0..SAMPLES)
.map(|_| (G2::rand(&mut rng), G2::rand(&mut rng)))
.collect();
let mut count = 0;
b.iter(|| {
let mut tmp = v[count].0;
tmp.double_in_place();
count = (count + 1) % SAMPLES;
tmp
});
}
#[bench]
fn bench_g2_deser(b: &mut ::test::Bencher) {
fn deser_uncompressed(b: &mut $crate::bencher::Bencher) {
use ark_ec::ProjectiveCurve;
use ark_serialize::{CanonicalDeserialize, CanonicalSerialize};
const SAMPLES: usize = 1000;
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let mut rng = ark_std::test_rng();
let mut num_bytes = 0;
let tmp = G2::rand(&mut rng).into_affine();
let tmp = <$projective>::rand(&mut rng).into_affine();
let v: Vec<_> = (0..SAMPLES)
.flat_map(|_| {
let mut bytes = Vec::with_capacity(1000);
tmp.serialize(&mut bytes).unwrap();
tmp.serialize_uncompressed(&mut bytes).unwrap();
num_bytes = bytes.len();
bytes
})
@@ -282,76 +218,40 @@ macro_rules! ec_bench {
b.iter(|| {
count = (count + 1) % SAMPLES;
let index = count * num_bytes;
G2Affine::deserialize(&v[index..(index + num_bytes)]).unwrap()
<$affine>::deserialize_uncompressed(&v[index..(index + num_bytes)]).unwrap()
});
}
#[bench]
fn bench_g2_ser(b: &mut ::test::Bencher) {
fn msm_131072(b: &mut $crate::bencher::Bencher) {
use ark_serialize::{CanonicalDeserialize, CanonicalSerialize};
const SAMPLES: usize = 1000;
const SAMPLES: usize = 131072;
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let mut rng = ark_std::test_rng();
let mut v: Vec<_> = (0..SAMPLES).map(|_| G2::rand(&mut rng)).collect();
let v = G2::batch_normalization_into_affine(v.as_mut_slice());
let mut bytes = Vec::with_capacity(1000);
let mut count = 0;
b.iter(|| {
let tmp = v[count];
count = (count + 1) % SAMPLES;
bytes.clear();
tmp.serialize(&mut bytes)
});
}
#[bench]
fn bench_g2_deser_unchecked(b: &mut ::test::Bencher) {
use ark_ec::ProjectiveCurve;
use ark_serialize::{CanonicalDeserialize, CanonicalSerialize};
const SAMPLES: usize = 1000;
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let mut num_bytes = 0;
let tmp = G2::rand(&mut rng).into_affine();
let v: Vec<_> = (0..SAMPLES)
.flat_map(|_| {
let mut bytes = Vec::with_capacity(1000);
tmp.serialize_unchecked(&mut bytes).unwrap();
num_bytes = bytes.len();
bytes
})
let g = <$projective>::rand(&mut rng).into_affine();
let v: Vec<_> = (0..SAMPLES).map(|_| g).collect();
let scalars: Vec<_> = (0..SAMPLES)
.map(|_| Fr::rand(&mut rng).into_repr())
.collect();
let mut count = 0;
b.iter(|| {
count = (count + 1) % SAMPLES;
let index = count * num_bytes;
G2Affine::deserialize_unchecked(&v[index..(index + num_bytes)]).unwrap()
});
b.bench_n(1, |b| {
b.iter(|| ark_ec::msm::VariableBaseMSM::multi_scalar_mul(&v, &scalars));
})
}
#[bench]
fn bench_g2_ser_unchecked(b: &mut ::test::Bencher) {
use ark_ec::ProjectiveCurve;
use ark_serialize::CanonicalSerialize;
const SAMPLES: usize = 1000;
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let mut v: Vec<_> = (0..SAMPLES).map(|_| G2::rand(&mut rng)).collect();
let v = G2::batch_normalization_into_affine(v.as_mut_slice());
let mut bytes = Vec::with_capacity(1000);
let mut count = 0;
b.iter(|| {
let tmp = v[count];
count = (count + 1) % SAMPLES;
bytes.clear();
tmp.serialize_unchecked(&mut bytes)
});
}
$crate::benchmark_group!(
group_ops,
rand,
mul_assign,
add_assign,
sub_assign,
add_assign_mixed,
double,
ser,
deser,
ser_unchecked,
deser_unchecked,
deser_uncompressed,
msm_131072,
);
};
}

294
curve-benches/src/macros/field.rs
View File

@@ -1,29 +1,98 @@
#[macro_export]
macro_rules! f_bench {
// Use this for base fields
($f:ident, $f_type:ty, $f_repr:ident, $f_repr_type:ty, $field_ident:ident) => {
field_common!($f, $f_type, $field_ident);
sqrt!($f, $f_type, $field_ident);
field_base!($f, $f_type, $f_repr, $f_repr_type, $field_ident);
($f:ident, $f_type:ty, $f_repr:ident, $f_repr_type:ty, $modname:ident) => {
pub mod $modname {
use super::*;
field_common!($f, $f_type);
sqrt!($f, $f_type);
prime_field!($f, $f_type, $f_repr, $f_repr_type);
$crate::benchmark_group!(
$modname,
// common stuff
add_assign,
sub_assign,
double,
negate,
mul_assign,
square,
inverse,
ser,
deser,
ser_unchecked,
deser_unchecked,
// sqrt field stuff
sqrt,
// prime field stuff
repr_add_ret_carry,
repr_sub_ret_borrow,
repr_num_bits,
repr_mul2,
repr_div2,
into_repr,
from_repr,
);
}
use $modname::$modname;
};
// use this for intermediate fields
(1, $f:ident, $f_type:ty, $field_ident:ident) => {
field_common!($f, $f_type, $field_ident);
sqrt!($f, $f_type, $field_ident);
(extension, $f:ident, $f_type:ty, $modname:ident) => {
mod $modname {
use super::*;
field_common!($f, $f_type);
sqrt!($f, $f_type);
$crate::benchmark_group!(
$modname,
// common stuff
add_assign,
sub_assign,
double,
negate,
mul_assign,
square,
inverse,
ser,
deser,
ser_unchecked,
deser_unchecked,
// sqrt field stuff
sqrt,
);
}
use $modname::$modname;
};
// Use this for the full extension field Fqk
(2, $f:ident, $f_type:ty, $field_ident:ident) => {
field_common!($f, $f_type, $field_ident);
(target, $f:ident, $f_type:ty, $modname:ident) => {
mod $modname {
use super::*;
field_common!($f, $f_type);
$crate::benchmark_group!(
$modname,
// common stuff
add_assign,
sub_assign,
double,
negate,
mul_assign,
square,
inverse,
ser,
deser,
ser_unchecked,
deser_unchecked,
);
}
use $modname::$modname;
};
}
#[macro_export]
macro_rules! field_common {
($f:ident, $f_type:ty, $field_ident:ident) => {
paste::item! {
#[bench]
fn [<bench_ $field_ident _add_assign>](b: &mut ::test::Bencher) {
($f:ident, $f_type:ty) => {
fn add_assign(b: &mut $crate::bencher::Bencher) {
const SAMPLES: usize = 1000;
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let mut rng = ark_std::test_rng();
let v: Vec<_> = (0..SAMPLES)
.map(|_| ($f::rand(&mut rng), $f::rand(&mut rng)))
@@ -38,11 +107,10 @@ macro_rules! field_common {
});
}
#[bench]
fn [<bench_ $field_ident _sub_assign>](b: &mut ::test::Bencher) {
fn sub_assign(b: &mut $crate::bencher::Bencher) {
const SAMPLES: usize = 1000;
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let mut rng = ark_std::test_rng();
let v: Vec<_> = (0..SAMPLES)
.map(|_| ($f::rand(&mut rng), $f::rand(&mut rng)))
@@ -57,11 +125,42 @@ macro_rules! field_common {
});
}
#[bench]
fn [<bench_ $field_ident _mul_assign>](b: &mut ::test::Bencher) {
fn double(b: &mut $crate::bencher::Bencher) {
const SAMPLES: usize = 1000;
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let mut rng = ark_std::test_rng();
let v: Vec<$f_type> = (0..SAMPLES).map(|_| $f::rand(&mut rng)).collect();
let mut count = 0;
b.iter(|| {
let mut tmp = v[count];
n_fold!(tmp, double_in_place);
count = (count + 1) % SAMPLES;
tmp
});
}
fn negate(b: &mut $crate::bencher::Bencher) {
const SAMPLES: usize = 1000;
let mut rng = ark_std::test_rng();
let v: Vec<$f_type> = (0..SAMPLES).map(|_| $f::rand(&mut rng)).collect();
let mut count = 0;
b.iter(|| {
let mut tmp = v[count];
tmp = -tmp;
count = (count + 1) % SAMPLES;
tmp
});
}
fn mul_assign(b: &mut $crate::bencher::Bencher) {
const SAMPLES: usize = 1000;
let mut rng = ark_std::test_rng();
let v: Vec<_> = (0..SAMPLES)
.map(|_| ($f::rand(&mut rng), $f::rand(&mut rng)))
@@ -76,28 +175,10 @@ macro_rules! field_common {
});
}
#[bench]
fn [<bench_ $field_ident _double>](b: &mut ::test::Bencher) {
fn square(b: &mut $crate::bencher::Bencher) {
const SAMPLES: usize = 1000;
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let v: Vec<$f_type> = (0..SAMPLES).map(|_| $f::rand(&mut rng)).collect();
let mut count = 0;
b.iter(|| {
let mut tmp = v[count];
n_fold!(tmp, double_in_place);
count = (count + 1) % SAMPLES;
tmp
});
}
#[bench]
fn [<bench_ $field_ident _square>](b: &mut ::test::Bencher) {
const SAMPLES: usize = 1000;
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let mut rng = ark_std::test_rng();
let v: Vec<$f_type> = (0..SAMPLES).map(|_| $f::rand(&mut rng)).collect();
@@ -110,11 +191,10 @@ macro_rules! field_common {
});
}
#[bench]
fn [<bench_ $field_ident _inverse>](b: &mut ::test::Bencher) {
fn inverse(b: &mut $crate::bencher::Bencher) {
const SAMPLES: usize = 1000;
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let mut rng = ark_std::test_rng();
let v: Vec<$f_type> = (0..SAMPLES).map(|_| $f::rand(&mut rng)).collect();
@@ -126,36 +206,36 @@ macro_rules! field_common {
});
}
#[bench]
fn [<bench_ $field_ident _deser>](b: &mut ::test::Bencher) {
use ark_serialize::{CanonicalSerialize, CanonicalDeserialize};
fn deser(b: &mut $crate::bencher::Bencher) {
use ark_serialize::{CanonicalDeserialize, CanonicalSerialize};
const SAMPLES: usize = 1000;
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let mut rng = ark_std::test_rng();
let mut num_bytes = 0;
let v: Vec<_> = (0..SAMPLES).flat_map(|_| {
let v: Vec<_> = (0..SAMPLES)
.flat_map(|_| {
let mut bytes = Vec::with_capacity(1000);
let tmp = $f::rand(&mut rng);
tmp.serialize(&mut bytes).unwrap();
num_bytes = bytes.len();
bytes
}).collect();
})
.collect();
let mut count = 0;
b.iter(|| {
count = (count + 1) % SAMPLES;
let index = count * num_bytes;
$f_type::deserialize(&v[index..(index + num_bytes)]).unwrap()
<$f_type>::deserialize(&v[index..(index + num_bytes)]).unwrap()
});
}
#[bench]
fn [<bench_ $field_ident _ser>](b: &mut ::test::Bencher) {
fn ser(b: &mut $crate::bencher::Bencher) {
use ark_serialize::CanonicalSerialize;
const SAMPLES: usize = 1000;
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let mut rng = ark_std::test_rng();
let v: Vec<$f_type> = (0..SAMPLES).map(|_| $f::rand(&mut rng)).collect();
let mut bytes = Vec::with_capacity(1000);
@@ -166,40 +246,39 @@ macro_rules! field_common {
count = (count + 1) % SAMPLES;
bytes.clear();
tmp.serialize(&mut bytes)
});
}
#[bench]
fn [<bench_ $field_ident _deser_unchecked>](b: &mut ::test::Bencher) {
use ark_serialize::{CanonicalSerialize, CanonicalDeserialize};
fn deser_unchecked(b: &mut $crate::bencher::Bencher) {
use ark_serialize::{CanonicalDeserialize, CanonicalSerialize};
const SAMPLES: usize = 1000;
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let mut rng = ark_std::test_rng();
let mut num_bytes = 0;
let v: Vec<_> = (0..SAMPLES).flat_map(|_| {
let v: Vec<_> = (0..SAMPLES)
.flat_map(|_| {
let mut bytes = Vec::with_capacity(1000);
let tmp = $f::rand(&mut rng);
tmp.serialize_unchecked(&mut bytes).unwrap();
num_bytes = bytes.len();
bytes
}).collect();
})
.collect();
let mut count = 0;
b.iter(|| {
count = (count + 1) % SAMPLES;
let index = count * num_bytes;
$f_type::deserialize_unchecked(&v[index..(index + num_bytes)]).unwrap()
<$f_type>::deserialize_unchecked(&v[index..(index + num_bytes)]).unwrap()
});
}
#[bench]
fn [<bench_ $field_ident _ser_unchecked>](b: &mut ::test::Bencher) {
fn ser_unchecked(b: &mut $crate::bencher::Bencher) {
use ark_serialize::CanonicalSerialize;
const SAMPLES: usize = 1000;
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let mut rng = ark_std::test_rng();
let v: Vec<$f_type> = (0..SAMPLES).map(|_| $f::rand(&mut rng)).collect();
let mut bytes = Vec::with_capacity(1000);
@@ -210,21 +289,18 @@ macro_rules! field_common {
count = (count + 1) % SAMPLES;
bytes.clear();
tmp.serialize_unchecked(&mut bytes)
});
}
}
};
}
#[macro_export]
macro_rules! sqrt {
($f:ident, $f_type:ty, $field_ident:ident) => {
paste::item! {
#[bench]
fn [<bench_ $field_ident _sqrt>](b: &mut ::test::Bencher) {
($f:ident, $f_type:ty) => {
pub fn sqrt(b: &mut $crate::bencher::Bencher) {
const SAMPLES: usize = 1000;
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let mut rng = ark_std::test_rng();
let v: Vec<$f_type> = (0..SAMPLES)
.map(|_| {
@@ -240,18 +316,16 @@ macro_rules! sqrt {
v[count].sqrt()
});
}
}
};
}
macro_rules! field_base {
($f:ident, $f_type:ty, $f_repr:ident, $f_repr_type:ty, $field_ident:ident) => {
paste::item! {
#[bench]
fn [<bench_ $field_ident _repr_add_nocarry>](b: &mut ::test::Bencher) {
#[macro_export]
macro_rules! prime_field {
($f:ident, $f_type:ty, $f_repr:ident, $f_repr_type:ty) => {
fn repr_add_ret_carry(b: &mut $crate::bencher::Bencher) {
const SAMPLES: usize = 1000;
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let mut rng = ark_std::test_rng();
let v: Vec<_> = (0..SAMPLES)
.map(|_| {
@@ -269,17 +343,16 @@ macro_rules! field_base {
let mut count = 0;
b.iter(|| {
let mut tmp = v[count].0;
n_fold!(tmp, v, add_nocarry, count);
n_fold!(tmp, v, add_ret_carry, count);
count = (count + 1) % SAMPLES;
tmp
});
}
#[bench]
fn [<bench_ $field_ident _repr_sub_noborrow>](b: &mut ::test::Bencher) {
fn repr_sub_ret_borrow(b: &mut $crate::bencher::Bencher) {
const SAMPLES: usize = 1000;
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let mut rng = ark_std::test_rng();
let v: Vec<_> = (0..SAMPLES)
.map(|_| {
@@ -296,17 +369,16 @@ macro_rules! field_base {
let mut count = 0;
b.iter(|| {
let mut tmp = v[count].0;
n_fold!(tmp, v, sub_noborrow, count);
n_fold!(tmp, v, sub_ret_borrow, count);
count = (count + 1) % SAMPLES;
tmp
tmp;
});
}
#[bench]
fn [<bench_ $field_ident _repr_num_bits>](b: &mut ::test::Bencher) {
fn repr_num_bits(b: &mut $crate::bencher::Bencher) {
const SAMPLES: usize = 1000;
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let mut rng = ark_std::test_rng();
let v: Vec<$f_repr_type> = (0..SAMPLES).map(|_| $f_repr::rand(&mut rng)).collect();
@@ -314,15 +386,14 @@ macro_rules! field_base {
b.iter(|| {
let tmp = v[count].num_bits();
count = (count + 1) % SAMPLES;
tmp
tmp;
});
}
#[bench]
fn [<bench_ $field_ident _repr_mul2>](b: &mut ::test::Bencher) {
fn repr_mul2(b: &mut $crate::bencher::Bencher) {
const SAMPLES: usize = 1000;
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let mut rng = ark_std::test_rng();
let v: Vec<$f_repr_type> = (0..SAMPLES).map(|_| $f_repr::rand(&mut rng)).collect();
@@ -331,15 +402,14 @@ macro_rules! field_base {
let mut tmp = v[count];
n_fold!(tmp, mul2);
count = (count + 1) % SAMPLES;
tmp
tmp;
});
}
#[bench]
fn [<bench_ $field_ident _repr_div2>](b: &mut ::test::Bencher) {
fn repr_div2(b: &mut $crate::bencher::Bencher) {
const SAMPLES: usize = 1000;
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let mut rng = ark_std::test_rng();
let v: Vec<$f_repr_type> = (0..SAMPLES).map(|_| $f_repr::rand(&mut rng)).collect();
@@ -348,47 +418,28 @@ macro_rules! field_base {
let mut tmp = v[count];
n_fold!(tmp, div2);
count = (count + 1) % SAMPLES;
tmp
tmp;
});
}
#[bench]
fn [<bench_ $field_ident _negate>](b: &mut ::test::Bencher) {
fn into_repr(b: &mut $crate::bencher::Bencher) {
const SAMPLES: usize = 1000;
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let v: Vec<$f_type> = (0..SAMPLES).map(|_| $f::rand(&mut rng)).collect();
let mut count = 0;
b.iter(|| {
let mut tmp = v[count];
tmp = -tmp;
count = (count + 1) % SAMPLES;
tmp
});
}
#[bench]
fn [<bench_ $field_ident _into_repr>](b: &mut ::test::Bencher) {
const SAMPLES: usize = 1000;
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let mut rng = ark_std::test_rng();
let v: Vec<$f_type> = (0..SAMPLES).map(|_| $f::rand(&mut rng)).collect();
let mut count = 0;
b.iter(|| {
count = (count + 1) % SAMPLES;
v[count].into_repr()
v[count].into_repr();
});
}
#[bench]
fn [<bench_ $field_ident _from_repr>](b: &mut ::test::Bencher) {
fn from_repr(b: &mut $crate::bencher::Bencher) {
const SAMPLES: usize = 1000;
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let mut rng = ark_std::test_rng();
let v: Vec<$f_repr_type> = (0..SAMPLES)
.map(|_| $f::rand(&mut rng).into_repr())
@@ -397,9 +448,8 @@ macro_rules! field_base {
let mut count = 0;
b.iter(|| {
count = (count + 1) % SAMPLES;
$f::from(v[count])
let _ = $f::from(v[count]);
});
}
}
};
}

6
curve-benches/src/macros/mod.rs
View File

@@ -1,3 +1,6 @@
#[macro_use]
mod utils;
#[macro_use]
mod ec;
@@ -6,6 +9,3 @@ mod field;
#[macro_use]
mod pairing;
#[macro_use]
mod utils;

39
curve-benches/src/macros/pairing.rs
View File

@@ -1,28 +1,38 @@
#[macro_export]
macro_rules! pairing_bench {
($curve:ident, $pairing_field:ident, $pairing_type:ident) => {
#[bench]
fn bench_pairing_miller_loop(b: &mut ::test::Bencher) {
($curve:ident, $pairing_field:ident) => {
fn miller_loop(b: &mut $crate::bencher::Bencher) {
const SAMPLES: usize = 1000;
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
$pairing_type!(v, rng);
let mut rng = ark_std::test_rng();
let g1s = (0..SAMPLES).map(|_| G1::rand(&mut rng)).collect::<Vec<_>>();
let g2s = (0..SAMPLES).map(|_| G2::rand(&mut rng)).collect::<Vec<_>>();
let g1s = G1::batch_normalization_into_affine(&g1s);
let g2s = G2::batch_normalization_into_affine(&g2s);
let prepared = g1s
.into_iter()
.zip(g2s)
.map(|(g1, g2)| (g1.into(), g2.into()))
.collect::<Vec<(
<$curve as PairingEngine>::G1Prepared,
<$curve as PairingEngine>::G2Prepared,
)>>();
let mut count = 0;
b.iter(|| {
let tmp = $curve::miller_loop(&[(v[count].0.clone(), v[count].1.clone())]);
let tmp =
$curve::miller_loop(&[(prepared[count].0.clone(), prepared[count].1.clone())]);
count = (count + 1) % SAMPLES;
tmp
});
}
#[bench]
fn bench_pairing_final_exponentiation(b: &mut ::test::Bencher) {
fn final_exponentiation(b: &mut $crate::bencher::Bencher) {
const SAMPLES: usize = 1000;
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let mut rng = ark_std::test_rng();
let v: Vec<$pairing_field> = (0..SAMPLES)
let v: Vec<_> = (0..SAMPLES)
.map(|_| {
(
G1Affine::from(G1::rand(&mut rng)).into(),
@@ -40,11 +50,10 @@ macro_rules! pairing_bench {
});
}
#[bench]
fn bench_pairing_full(b: &mut ::test::Bencher) {
fn full_pairing(b: &mut $crate::bencher::Bencher) {
const SAMPLES: usize = 1000;
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let mut rng = ark_std::test_rng();
let v: Vec<(G1, G2)> = (0..SAMPLES)
.map(|_| (G1::rand(&mut rng), G2::rand(&mut rng)))
@@ -57,5 +66,7 @@ macro_rules! pairing_bench {
tmp
});
}
$crate::benchmark_group!(pairing, miller_loop, final_exponentiation, full_pairing,);
};
}

61
curve-benches/src/macros/utils.rs
View File

@@ -1,49 +1,36 @@
#[macro_export]
macro_rules! n_fold {
($tmp:ident, $v:ident, $func:ident, $count:ident) => {
const ITERS: usize = 1000;
#[cfg(not(feature = "n_fold"))]
$tmp.$func(&$v[$count].1);
#[cfg(feature = "n_fold")]
for _ in 0..ITERS {
$tmp.$func(&$v[$count].1);
}
};
($tmp:ident, $func:ident) => {
const ITERS: usize = 1000;
#[cfg(not(feature = "n_fold"))]
$tmp.$func();
#[cfg(feature = "n_fold")]
for _ in 0..ITERS {
$tmp.$func();
}
};
}
macro_rules! prepared_v {
($v:ident, $rng:ident) => {
let $v: Vec<(G1Prepared<Parameters>, G2Prepared<Parameters>)> = (0..SAMPLES)
.map(|_| {
(
G1Affine::from(G1::rand(&mut $rng)).into(),
G2Affine::from(G2::rand(&mut $rng)).into(),
)
})
.collect();
};
}
macro_rules! affine_v {
($v:ident, $rng:ident) => {
let $v: Vec<(G1Affine, G2Affine)> = (0..SAMPLES)
.map(|_| {
(
G1Affine::from(G1::rand(&mut $rng)).into(),
G2Affine::from(G2::rand(&mut $rng)).into(),
)
})
.collect();
/// Defines a function called `$group_name` that returns the test description
/// values for the listed functions `$function`.
#[macro_export]
macro_rules! benchmark_group {
($group_name:ident, $($function:path),+) => {
pub fn $group_name() -> ::std::vec::Vec<$crate::TestDescAndFn> {
use $crate::{TestDescAndFn, TestFn, TestDesc};
use std::borrow::Cow;
let mut benches = ::std::vec::Vec::new();
$(
benches.push(TestDescAndFn {
desc: TestDesc {
name: Cow::from(module_path!().to_string() + "::" + stringify!($function)),
ignore: false,
},
testfn: TestFn::StaticBenchFn($function),
});
)+
benches
}
};
($group_name:ident, $($function:path,)+) => {
benchmark_group!($group_name, $($function),+);
};
}

25
curve-constraint-tests/Cargo.toml Normal file
View File

@@ -0,0 +1,25 @@
[package]
name = "ark-curve-constraint-tests"
version = "0.3.0"
authors = [ "arkworks contributors" ]
description = "A library for testing constraints for finite fields, elliptic curves, and pairings"
homepage = "https://arkworks.rs"
repository = "https://github.com/arkworks-rs/curves"
documentation = "https://docs.rs/ark-curve-constraint-tests/"
keywords = ["cryptography", "finite-fields", "elliptic-curves", "r1cs" ]
categories = ["cryptography"]
include = ["Cargo.toml", "src", "README.md", "LICENSE-APACHE", "LICENSE-MIT"]
license = "MIT/Apache-2.0"
edition = "2018"
[dependencies]
ark-std = { version = "^0.3.0", default-features = false }
ark-serialize = { version = "^0.3.0", default-features = false }
ark-ff = { version = "^0.3.0", default-features = false }
ark-relations = { version = "^0.3.0", default-features = false }
ark-r1cs-std = { version = "^0.3.0", default-features = false }
ark-ec = { version = "^0.3.0", default-features = false }
[features]
default = []
std = [ "ark-std/std", "ark-ff/std", "ark-serialize/std", "ark-ec/std", "ark-relations/std", "ark-r1cs-std/std" ]

625
curve-constraint-tests/src/lib.rs Normal file
View File

@@ -0,0 +1,625 @@
#![macro_use]
extern crate ark_relations;
pub mod fields {
use ark_ff::{BitIteratorLE, Field, UniformRand};
use ark_r1cs_std::prelude::*;
use ark_relations::r1cs::{ConstraintSystem, SynthesisError};
use ark_std::test_rng;
use ark_std::vec::Vec;
pub fn field_test<F, ConstraintF, AF>() -> Result<(), SynthesisError>
where
F: Field,
ConstraintF: Field,
AF: FieldVar<F, ConstraintF>,
AF: TwoBitLookupGadget<ConstraintF, TableConstant = F>,
for<'a> &'a AF: FieldOpsBounds<'a, F, AF>,
{
let modes = [
AllocationMode::Input,
AllocationMode::Witness,
AllocationMode::Constant,
];
for &mode in &modes {
let cs = ConstraintSystem::<ConstraintF>::new_ref();
let mut rng = test_rng();
let a_native = F::rand(&mut rng);
let b_native = F::rand(&mut rng);
let a = AF::new_variable(ark_relations::ns!(cs, "generate_a"), || Ok(a_native), mode)?;
let b = AF::new_variable(ark_relations::ns!(cs, "generate_b"), || Ok(b_native), mode)?;
let b_const = AF::new_constant(ark_relations::ns!(cs, "b_as_constant"), b_native)?;
let zero = AF::zero();
let zero_native = zero.value()?;
zero.enforce_equal(&zero)?;
let one = AF::one();
let one_native = one.value()?;
one.enforce_equal(&one)?;
one.enforce_not_equal(&zero)?;
let one_dup = &zero + &one;
one_dup.enforce_equal(&one)?;
let two = &one + &one;
two.enforce_equal(&two)?;
two.enforce_equal(&one.double()?)?;
two.enforce_not_equal(&one)?;
two.enforce_not_equal(&zero)?;
// a + 0 = a
let a_plus_zero = &a + &zero;
assert_eq!(a_plus_zero.value()?, a_native);
a_plus_zero.enforce_equal(&a)?;
a_plus_zero.enforce_not_equal(&a.double()?)?;
// a - 0 = a
let a_minus_zero = &a - &zero;
assert_eq!(a_minus_zero.value()?, a_native);
a_minus_zero.enforce_equal(&a)?;
// a - a = 0
let a_minus_a = &a - &a;
assert_eq!(a_minus_a.value()?, zero_native);
a_minus_a.enforce_equal(&zero)?;
// a + b = b + a
let a_b = &a + &b;
let b_a = &b + &a;
assert_eq!(a_b.value()?, a_native + &b_native);
a_b.enforce_equal(&b_a)?;
// (a + b) + a = a + (b + a)
let ab_a = &a_b + &a;
let a_ba = &a + &b_a;
assert_eq!(ab_a.value()?, a_native + &b_native + &a_native);
ab_a.enforce_equal(&a_ba)?;
let b_times_a_plus_b = &a_b * &b;
let b_times_b_plus_a = &b_a * &b;
assert_eq!(
b_times_a_plus_b.value()?,
b_native * &(b_native + &a_native)
);
assert_eq!(
b_times_a_plus_b.value()?,
(b_native + &a_native) * &b_native
);
assert_eq!(
b_times_a_plus_b.value()?,
(a_native + &b_native) * &b_native
);
b_times_b_plus_a.enforce_equal(&b_times_a_plus_b)?;
// a * 1 = a
assert_eq!((&a * &one).value()?, a_native * &one_native);
// a * b = b * a
let ab = &a * &b;
let ba = &b * &a;
assert_eq!(ab.value()?, ba.value()?);
assert_eq!(ab.value()?, a_native * &b_native);
let ab_const = &a * &b_const;
let b_const_a = &b_const * &a;
assert_eq!(ab_const.value()?, b_const_a.value()?);
assert_eq!(ab_const.value()?, ab.value()?);
assert_eq!(ab_const.value()?, a_native * &b_native);
// (a * b) * a = a * (b * a)
let ab_a = &ab * &a;
let a_ba = &a * &ba;
assert_eq!(ab_a.value()?, a_ba.value()?);
assert_eq!(ab_a.value()?, a_native * &b_native * &a_native);
let aa = &a * &a;
let a_squared = a.square()?;
a_squared.enforce_equal(&aa)?;
assert_eq!(aa.value()?, a_squared.value()?);
assert_eq!(aa.value()?, a_native.square());
let aa = &a * a_native;
a_squared.enforce_equal(&aa)?;
assert_eq!(aa.value()?, a_squared.value()?);
assert_eq!(aa.value()?, a_native.square());
let a_b2 = &a + b_native;
a_b.enforce_equal(&a_b2)?;
assert_eq!(a_b.value()?, a_b2.value()?);
let a_inv = a.inverse()?;
a_inv.mul_equals(&a, &one)?;
assert_eq!(a_inv.value()?, a.value()?.inverse().unwrap());
assert_eq!(a_inv.value()?, a_native.inverse().unwrap());
let a_b_inv = a.mul_by_inverse(&b)?;
a_b_inv.mul_equals(&b, &a)?;
assert_eq!(a_b_inv.value()?, a_native * b_native.inverse().unwrap());
// a * a * a = a^3
let bits = BitIteratorLE::without_trailing_zeros([3u64])
.map(Boolean::constant)
.collect::<Vec<_>>();
assert_eq!(a_native.pow([0x3]), a.pow_le(&bits)?.value()?);
// a * a * a = a^3
assert_eq!(a_native.pow([0x3]), a.pow_by_constant(&[0x3])?.value()?);
assert!(cs.is_satisfied().unwrap());
let mut constants = [F::zero(); 4];
for c in &mut constants {
*c = UniformRand::rand(&mut test_rng());
}
let bits = [
Boolean::<ConstraintF>::constant(false),
Boolean::constant(true),
];
let lookup_result = AF::two_bit_lookup(&bits, constants.as_ref())?;
assert_eq!(lookup_result.value()?, constants[2]);
assert!(cs.is_satisfied().unwrap());
let f = F::from(1u128 << 64);
let f_bits = ark_ff::BitIteratorLE::new(&[0u64, 1u64]).collect::<Vec<_>>();
let fv = AF::new_variable(ark_relations::ns!(cs, "alloc u128"), || Ok(f), mode)?;
assert_eq!(fv.to_bits_le()?.value().unwrap()[..128], f_bits[..128]);
assert!(cs.is_satisfied().unwrap());
let r_native: F = UniformRand::rand(&mut test_rng());
let r = AF::new_variable(ark_relations::ns!(cs, "r_native"), || Ok(r_native), mode)
.unwrap();
let _ = r.to_non_unique_bits_le()?;
assert!(cs.is_satisfied().unwrap());
let _ = r.to_bits_le()?;
assert!(cs.is_satisfied().unwrap());
let bytes = r.to_non_unique_bytes()?;
assert_eq!(ark_ff::to_bytes!(r_native).unwrap(), bytes.value().unwrap());
assert!(cs.is_satisfied().unwrap());
let bytes = r.to_bytes()?;
assert_eq!(ark_ff::to_bytes!(r_native).unwrap(), bytes.value().unwrap());
assert!(cs.is_satisfied().unwrap());
let ab_false = &a + (AF::from(Boolean::Constant(false)) * b_native);
let ab_true = &a + (AF::from(Boolean::Constant(true)) * b_native);
assert_eq!(ab_false.value()?, a_native);
assert_eq!(ab_true.value()?, a_native + &b_native);
if !cs.is_satisfied().unwrap() {
panic!(
"Unsatisfied in mode {:?}.\n{:?}",
mode,
cs.which_is_unsatisfied().unwrap()
);
}
assert!(cs.is_satisfied().unwrap());
}
Ok(())
}
pub fn frobenius_tests<F: Field, ConstraintF, AF>(maxpower: usize) -> Result<(), SynthesisError>
where
F: Field,
ConstraintF: Field,
AF: FieldVar<F, ConstraintF>,
for<'a> &'a AF: FieldOpsBounds<'a, F, AF>,
{
let modes = [
AllocationMode::Input,
AllocationMode::Witness,
AllocationMode::Constant,
];
for &mode in &modes {
let cs = ConstraintSystem::<ConstraintF>::new_ref();
let mut rng = test_rng();
for i in 0..=maxpower {
let mut a = F::rand(&mut rng);
let mut a_gadget = AF::new_variable(ark_relations::ns!(cs, "a"), || Ok(a), mode)?;
a_gadget.frobenius_map_in_place(i)?;
a.frobenius_map(i);
assert_eq!(a_gadget.value()?, a);
}
assert!(cs.is_satisfied().unwrap());
}
Ok(())
}
}
pub mod curves {
use ark_ec::{
short_weierstrass_jacobian::GroupProjective as SWProjective,
twisted_edwards_extended::GroupProjective as TEProjective, ProjectiveCurve,
};
use ark_ff::{BitIteratorLE, Field, FpParameters, One, PrimeField};
use ark_relations::r1cs::{ConstraintSystem, SynthesisError};
use ark_std::{test_rng, vec::Vec, UniformRand};
use ark_r1cs_std::prelude::*;
pub fn group_test<C, ConstraintF, GG>() -> Result<(), SynthesisError>
where
C: ProjectiveCurve,
ConstraintF: Field,
GG: CurveVar<C, ConstraintF>,
for<'a> &'a GG: GroupOpsBounds<'a, C, GG>,
{
let modes = [
AllocationMode::Input,
AllocationMode::Witness,
AllocationMode::Constant,
];
for &mode in &modes {
let cs = ConstraintSystem::<ConstraintF>::new_ref();
let mut rng = test_rng();
let a_native = C::rand(&mut rng);
let b_native = C::rand(&mut rng);
let a = GG::new_variable(ark_relations::ns!(cs, "generate_a"), || Ok(a_native), mode)
.unwrap();
let b = GG::new_variable(ark_relations::ns!(cs, "generate_b"), || Ok(b_native), mode)
.unwrap();
let zero = GG::zero();
assert_eq!(zero.value()?, zero.value()?);
// a == a
assert_eq!(a.value()?, a.value()?);
// a + 0 = a
assert_eq!((&a + &zero).value()?, a.value()?);
// a - 0 = a
assert_eq!((&a - &zero).value()?, a.value()?);
// a - a = 0
assert_eq!((&a - &a).value()?, zero.value()?);
// a + b = b + a
let a_b = &a + &b;
let b_a = &b + &a;
assert_eq!(a_b.value()?, b_a.value()?);
a_b.enforce_equal(&b_a)?;
assert!(cs.is_satisfied().unwrap());
// (a + b) + a = a + (b + a)
let ab_a = &a_b + &a;
let a_ba = &a + &b_a;
assert_eq!(ab_a.value()?, a_ba.value()?);
ab_a.enforce_equal(&a_ba)?;
assert!(cs.is_satisfied().unwrap());
// a.double() = a + a
let a_a = &a + &a;
let mut a2 = a.clone();
a2.double_in_place()?;
a2.enforce_equal(&a_a)?;
assert_eq!(a2.value()?, a_native.double());
assert_eq!(a_a.value()?, a_native.double());
assert_eq!(a2.value()?, a_a.value()?);
assert!(cs.is_satisfied().unwrap());
// b.double() = b + b
let mut b2 = b.clone();
b2.double_in_place()?;
let b_b = &b + &b;
b2.enforce_equal(&b_b)?;
assert!(cs.is_satisfied().unwrap());
assert_eq!(b2.value()?, b_b.value()?);
let _ = a.to_bytes()?;
assert!(cs.is_satisfied().unwrap());
let _ = a.to_non_unique_bytes()?;
assert!(cs.is_satisfied().unwrap());
let _ = b.to_bytes()?;
let _ = b.to_non_unique_bytes()?;
if !cs.is_satisfied().unwrap() {
panic!(
"Unsatisfied in mode {:?}.\n{:?}",
mode,
cs.which_is_unsatisfied().unwrap()
);
}
assert!(cs.is_satisfied().unwrap());
let modulus = <C::ScalarField as PrimeField>::Params::MODULUS
.as_ref()
.to_vec();
let mut max = modulus.clone();
for limb in &mut max {
*limb = u64::MAX;
}
let modulus_last_limb_bits = <C::ScalarField as PrimeField>::Params::MODULUS_BITS % 64;
*max.last_mut().unwrap() >>= 64 - modulus_last_limb_bits;
let scalars = [
C::ScalarField::rand(&mut rng).into_repr().as_ref().to_vec(),
vec![u64::rand(&mut rng)],
(-C::ScalarField::one()).into_repr().as_ref().to_vec(),
<C::ScalarField as PrimeField>::Params::MODULUS
.as_ref()
.to_vec(),
max,
vec![0; 50],
vec![1000012341233u64; 36],
];
let mut input = vec![];
// Check scalar mul with edge cases
for scalar in scalars.iter() {
let native_result = a_native.mul(scalar);
let native_result = native_result.into_affine();
let scalar_bits: Vec<bool> = BitIteratorLE::new(&scalar).collect();
input =
Vec::new_witness(ark_relations::ns!(cs, "bits"), || Ok(scalar_bits)).unwrap();
let result = a
.scalar_mul_le(input.iter())
.expect(&format!("Mode: {:?}", mode));
let result_val = result.value()?.into_affine();
assert_eq!(
result_val, native_result,
"gadget & native values are diff. after scalar mul {:?}",
scalar,
);
assert!(cs.is_satisfied().unwrap());
}
let result = zero.scalar_mul_le(input.iter())?;
let result_val = result.value()?.into_affine();
result.enforce_equal(&zero)?;
assert_eq!(
result_val,
C::zero().into_affine(),
"gadget & native values are diff. after scalar mul of zero"
);
assert!(cs.is_satisfied().unwrap());
}
Ok(())
}
pub fn sw_test<P, GG>() -> Result<(), SynthesisError>
where
P: ark_ec::SWModelParameters,
GG: CurveVar<SWProjective<P>, <P::BaseField as Field>::BasePrimeField>,
for<'a> &'a GG: GroupOpsBounds<'a, SWProjective<P>, GG>,
{
group_test::<SWProjective<P>, _, GG>()?;
let modes = [
AllocationMode::Input,
AllocationMode::Witness,
AllocationMode::Constant,
];
for &mode in &modes {
use ark_ec::group::Group;
let mut rng = test_rng();
let cs = ConstraintSystem::<<P::BaseField as Field>::BasePrimeField>::new_ref();
let a = SWProjective::<P>::rand(&mut rng);
let b = SWProjective::<P>::rand(&mut rng);
let a_affine = a.into_affine();
let b_affine = b.into_affine();
let ns = ark_relations::ns!(cs, "allocating variables");
let mut gadget_a = GG::new_variable(cs.clone(), || Ok(a), mode)?;
let gadget_b = GG::new_variable(cs.clone(), || Ok(b), mode)?;
let zero = GG::zero();
drop(ns);
assert_eq!(gadget_a.value()?.into_affine().x, a_affine.x);
assert_eq!(gadget_a.value()?.into_affine().y, a_affine.y);
assert_eq!(gadget_b.value()?.into_affine().x, b_affine.x);
assert_eq!(gadget_b.value()?.into_affine().y, b_affine.y);
assert_eq!(cs.which_is_unsatisfied().unwrap(), None);
// Check addition
let ab = a + &b;
let ab_affine = ab.into_affine();
let gadget_ab = &gadget_a + &gadget_b;
let gadget_ba = &gadget_b + &gadget_a;
gadget_ba.enforce_equal(&gadget_ab)?;
let ab_val = gadget_ab.value()?.into_affine();
assert_eq!(ab_val, ab_affine, "Result of addition is unequal");
assert!(cs.is_satisfied().unwrap());
let gadget_a_zero = &gadget_a + &zero;
gadget_a_zero.enforce_equal(&gadget_a)?;
// Check doubling
let aa = Group::double(&a);
let aa_affine = aa.into_affine();
gadget_a.double_in_place()?;
let aa_val = gadget_a.value()?.into_affine();
assert_eq!(
aa_val, aa_affine,
"Gadget and native values are unequal after double."
);
assert!(cs.is_satisfied().unwrap());
if !cs.is_satisfied().unwrap() {
panic!(
"Unsatisfied in mode {:?}.\n{:?}",
mode,
cs.which_is_unsatisfied().unwrap()
);
}
assert!(cs.is_satisfied().unwrap());
}
Ok(())
}
pub fn te_test<P, GG>() -> Result<(), SynthesisError>
where
P: ark_ec::TEModelParameters,
GG: CurveVar<TEProjective<P>, <P::BaseField as Field>::BasePrimeField>,
for<'a> &'a GG: GroupOpsBounds<'a, TEProjective<P>, GG>,
{
group_test::<TEProjective<P>, _, GG>()?;
let modes = [
AllocationMode::Input,
AllocationMode::Witness,
AllocationMode::Constant,
];
for &mode in &modes {
use ark_ec::group::Group;
let mut rng = test_rng();
let cs = ConstraintSystem::<<P::BaseField as Field>::BasePrimeField>::new_ref();
let a = TEProjective::<P>::rand(&mut rng);
let b = TEProjective::<P>::rand(&mut rng);
let a_affine = a.into_affine();
let b_affine = b.into_affine();
let ns = ark_relations::ns!(cs, "allocating variables");
let mut gadget_a = GG::new_variable(cs.clone(), || Ok(a), mode)?;
let gadget_b = GG::new_variable(cs.clone(), || Ok(b), mode)?;
drop(ns);
assert_eq!(gadget_a.value()?.into_affine().x, a_affine.x);
assert_eq!(gadget_a.value()?.into_affine().y, a_affine.y);
assert_eq!(gadget_b.value()?.into_affine().x, b_affine.x);
assert_eq!(gadget_b.value()?.into_affine().y, b_affine.y);
assert_eq!(cs.which_is_unsatisfied()?, None);
// Check addition
let ab = a + &b;
let ab_affine = ab.into_affine();
let gadget_ab = &gadget_a + &gadget_b;
let gadget_ba = &gadget_b + &gadget_a;
gadget_ba.enforce_equal(&gadget_ab)?;
let ab_val = gadget_ab.value()?.into_affine();
assert_eq!(ab_val, ab_affine, "Result of addition is unequal");
assert!(cs.is_satisfied().unwrap());
// Check doubling
let aa = Group::double(&a);
let aa_affine = aa.into_affine();
gadget_a.double_in_place()?;
let aa_val = gadget_a.value()?.into_affine();
assert_eq!(
aa_val, aa_affine,
"Gadget and native values are unequal after double."
);
assert!(cs.is_satisfied().unwrap());
if !cs.is_satisfied().unwrap() {
panic!(
"Unsatisfied in mode {:?}.\n{:?}",
mode,
cs.which_is_unsatisfied().unwrap()
);
}
assert!(cs.is_satisfied().unwrap());
}
Ok(())
}
}
pub mod pairing {
use ark_ec::{PairingEngine, ProjectiveCurve};
use ark_ff::{BitIteratorLE, Field, PrimeField};
use ark_r1cs_std::prelude::*;
use ark_relations::r1cs::{ConstraintSystem, SynthesisError};
use ark_std::{test_rng, vec::Vec, UniformRand};
#[allow(dead_code)]
pub fn bilinearity_test<E: PairingEngine, P: PairingVar<E>>() -> Result<(), SynthesisError>
where
for<'a> &'a P::G1Var: GroupOpsBounds<'a, E::G1Projective, P::G1Var>,
for<'a> &'a P::G2Var: GroupOpsBounds<'a, E::G2Projective, P::G2Var>,
for<'a> &'a P::GTVar: FieldOpsBounds<'a, E::Fqk, P::GTVar>,
{
let modes = [
AllocationMode::Input,
AllocationMode::Witness,
AllocationMode::Constant,
];
for &mode in &modes {
let cs = ConstraintSystem::<E::Fq>::new_ref();
let mut rng = test_rng();
let a = E::G1Projective::rand(&mut rng);
let b = E::G2Projective::rand(&mut rng);
let s = E::Fr::rand(&mut rng);
let mut sa = a;
sa *= s;
let mut sb = b;
sb *= s;
let a_g = P::G1Var::new_variable(cs.clone(), || Ok(a.into_affine()), mode)?;
let b_g = P::G2Var::new_variable(cs.clone(), || Ok(b.into_affine()), mode)?;
let sa_g = P::G1Var::new_variable(cs.clone(), || Ok(sa.into_affine()), mode)?;
let sb_g = P::G2Var::new_variable(cs.clone(), || Ok(sb.into_affine()), mode)?;
let mut _preparation_num_constraints = cs.num_constraints();
let a_prep_g = P::prepare_g1(&a_g)?;
let b_prep_g = P::prepare_g2(&b_g)?;
_preparation_num_constraints = cs.num_constraints() - _preparation_num_constraints;
let sa_prep_g = P::prepare_g1(&sa_g)?;
let sb_prep_g = P::prepare_g2(&sb_g)?;
let (ans1_g, ans1_n) = {
let _ml_constraints = cs.num_constraints();
let ml_g = P::miller_loop(&[sa_prep_g], &[b_prep_g.clone()])?;
let _fe_constraints = cs.num_constraints();
let ans_g = P::final_exponentiation(&ml_g)?;
let ans_n = E::pairing(sa, b);
(ans_g, ans_n)
};
let (ans2_g, ans2_n) = {
let ans_g = P::pairing(a_prep_g.clone(), sb_prep_g)?;
let ans_n = E::pairing(a, sb);
(ans_g, ans_n)
};
let (ans3_g, ans3_n) = {
let s_iter = BitIteratorLE::without_trailing_zeros(s.into_repr())
.map(Boolean::constant)
.collect::<Vec<_>>();
let mut ans_g = P::pairing(a_prep_g, b_prep_g)?;
let mut ans_n = E::pairing(a, b);
ans_n = ans_n.pow(s.into_repr());
ans_g = ans_g.pow_le(&s_iter)?;
(ans_g, ans_n)
};
ans1_g.enforce_equal(&ans2_g)?;
ans2_g.enforce_equal(&ans3_g)?;
assert_eq!(ans1_g.value()?, ans1_n, "Failed native test 1");
assert_eq!(ans2_g.value()?, ans2_n, "Failed native test 2");
assert_eq!(ans3_g.value()?, ans3_n, "Failed native test 3");
assert_eq!(ans1_n, ans2_n, "Failed ans1_native == ans2_native");
assert_eq!(ans2_n, ans3_n, "Failed ans2_native == ans3_native");
assert_eq!(ans1_g.value()?, ans3_g.value()?, "Failed ans1 == ans3");
assert_eq!(ans1_g.value()?, ans2_g.value()?, "Failed ans1 == ans2");
assert_eq!(ans2_g.value()?, ans3_g.value()?, "Failed ans2 == ans3");
if !cs.is_satisfied().unwrap() {
panic!(
"Unsatisfied in mode {:?}.\n{:?}",
mode,
cs.which_is_unsatisfied().unwrap()
);
}
assert!(cs.is_satisfied().unwrap(), "cs is not satisfied");
}
Ok(())
}
}

33
curve-tests/Cargo.toml
View File

@@ -1,33 +0,0 @@
[package]
name = "ark-curve-tests"
version = "0.1.0"
authors = [
"Sean Bowe",
"Alessandro Chiesa",
"Matthew Green",
"Ian Miers",
"Pratyush Mishra",
"Howard Wu",
"arkworks contributors"
]
description = "A library for tests for finite fields, elliptic curves, and pairings"
homepage = "https://arworks.rs"
repository = "https://github.com/arkworks/algebra"
documentation = "https://docs.rs/ark-curve-tests/"
keywords = ["cryptography", "finite fields", "elliptic curves" ]
categories = ["cryptography"]
include = ["Cargo.toml", "src", "README.md", "LICENSE-APACHE", "LICENSE-MIT"]
license = "MIT/Apache-2.0"
edition = "2018"
[dependencies]
ark-std = { git = "https://github.com/arkworks-rs/utils", default-features = false }
ark-serialize = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-ff = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-ec = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
rand = { version = "0.7", default-features = false}
rand_xorshift = { version = "0.2", default-features = false}
[features]
default = []
std = [ "ark-std/std", "ark-ff/std", "ark-serialize/std", "ark-ec/std" ]

1
curve-tests/LICENSE-APACHE
View File

@@ -1 +0,0 @@
../LICENSE-APACHE

Some files were not shown because too many files have changed in this diff Show More