arnaucube/ark-curves-cherry-picked
1
0
Fork 0
mirror of https://github.com/arnaucube/ark-curves-cherry-picked.git synced 2026-01-27 22:23:48 +01:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: arnaucube:reduce-generics
Branches Tags
arnaucube:cherry-pick arnaucube:master arnaucube:use-algebra-ci-no-std arnaucube:releases arnaucube:update-to-latest-arkworks arnaucube:sjoseph/big_integer_documentation arnaucube:reduce-generics arnaucube:fq2_neg_nonresidue arnaucube:initialize
arnaucube:v0.4.0-alpha.2 arnaucube:v0.4.0-alpha.1 arnaucube:v0.3.0 arnaucube:ark-vesta-v0.2.0 arnaucube:ark-ed-on-mnt4-753-v0.2.0
..
compare: arnaucube:fq2_neg_nonresidue
Branches Tags
arnaucube:cherry-pick arnaucube:master arnaucube:use-algebra-ci-no-std arnaucube:releases arnaucube:update-to-latest-arkworks arnaucube:sjoseph/big_integer_documentation arnaucube:reduce-generics arnaucube:fq2_neg_nonresidue arnaucube:initialize
arnaucube:v0.4.0-alpha.2 arnaucube:v0.4.0-alpha.1 arnaucube:v0.3.0 arnaucube:ark-vesta-v0.2.0 arnaucube:ark-ed-on-mnt4-753-v0.2.0

4 Commits
reduce-gen ... fq2_neg_no

Author SHA1 Message Date
Dev Ojha
53dd4de35b Merge branch 'master' into fq2_neg_nonresidue 2021-02-06 00:39:52 -06:00
ValarDragon
cd60d33bcb new add + mul by residue + 1 2021-02-05 20:13:02 -06:00
ValarDragon
64ece6414f Add optimization for bls12_381 and bn254 2021-02-05 12:48:57 -06:00
ValarDragon
bb033e9949 Use negative non-residue optimization 2021-02-05 11:53:30 -06:00
89 changed files with 621 additions and 1552 deletions
Expand all files Collapse all files

65
.github/workflows/ci.yml vendored
View File

@@ -29,8 +29,8 @@ jobs:
command: fmt
args: --all -- --check
check:
name: Check
test:
name: Test
runs-on: ubuntu-latest
env:
RUSTFLAGS: -Dwarnings
@@ -78,60 +78,13 @@ jobs:
args: --all-features --examples --workspace --benches
if: matrix.rust == 'nightly'
directories: # Job that list subdirectories
name: List directories for parallelizing tests
runs-on: ubuntu-latest
outputs:
dir: ${{ steps.set-dirs.outputs.dir }} # generate output name dir by using inner step output
steps:
- uses: actions/checkout@v2
- id: set-dirs # Give it an id to handle to get step outputs in the outputs key above
run: echo "::set-output name=dir::$(ls -d */ | jq -R -s -c 'split("\n")[:-1]')"
# Define step output named dir base on ls command transformed to JSON thanks to jq
test:
name: Test
runs-on: ubuntu-latest
needs: [directories] # Depends on previous job
strategy:
matrix:
dir: ${{fromJson(needs.directories.outputs.dir)}} # List matrix strategy from directories dynamically
# rust:
# - stable
# - nightly
exclude:
- dir: scripts/
- dir: curve-constraint-tests/
- dir: curve-benches/
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Run tests
run: |
cd ${{matrix.dir}}
cargo test --all-features
docs:
name: Check Documentation
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v1
- name: Install Rust
uses: actions-rs/toolchain@v1
with:
profile: minimal
toolchain: stable
override: true
components: rustfmt
- name: cargo doc --all --no-deps --document-private-items --all-features
uses: actions-rs/cargo@v1
with:
command: doc
args: --all --no-deps --document-private-items --all-features
- name: Test
uses: actions-rs/cargo@v1
with:
command: test
args: "--workspace \
--all-features \
--exclude curve-benches"
check_no_std:
name: Check no_std

20
.github/workflows/linkify_changelog.yml vendored
View File

@@ -1,20 +0,0 @@
name: Linkify Changelog
on:
workflow_dispatch
jobs:
linkify:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Add links
run: python3 scripts/linkify_changelog.py CHANGELOG.md
- name: Commit
run: |
git config user.name github-actions
git config user.email github-actions@github.com
git add .
git commit -m "Linkify Changelog"
git push

45
CHANGELOG.md
View File

@@ -1,39 +1,10 @@
# CHANGELOG
## Pending
### Breaking changes
### Features
### Improvements
### Bug fixes
## v0.3.0
### Breaking changes
- [\#60](https://github.com/arkworks-rs/curves/pull/60) Change the scalar group generator of `Fr` of `bls12_377` Fr from `11` to `22`.
- [\#61](https://github.com/arkworks-rs/curves/pull/61) Remove `ATE_LOOP_COUNT_IS_NEGATIVE` from BN254 curve parameter.
### Features
- [\#64](https://github.com/arkworks-rs/curves/pull/64) Implement the Bandersnatch curve, another twisted Edwards curve for BLS12-381.
### Improvements
### Bug fixes
## v0.2.0
### Breaking changes
- Requires all crates from `arkworks-rs/algebra` to have version `v0.2.0` or greater.
### Features
- [\#3](https://github.com/arkworks-rs/curves/pull/3) Add constraints for
- #3 Add constraints for
`ark-bls12-377`,
`ark-ed-on-bls12-377`,
`ark-ed-on-bls12-381`,
@@ -46,19 +17,15 @@
`ark-mnt6-298`,
`ark-mnt4-753`,
`ark-mnt6-753`.
- [\#7](https://github.com/arkworks-rs/curves/pull/7) Add benchmarks for Edwards curves.
- [\#19](https://github.com/arkworks-rs/curves/pull/19) Change field constants to be provided as normal strings, instead of in Montgomery form.
- [\#53](https://github.com/arkworks-rs/curves/pull/53) Add benchmarks for Pallas and Vesta curves.
- #7 Add benchmarks for Edwards curves.
- #19 Change field constants to be provided as normal strings, instead of in montgomery form.
### Improvements
- [\#42](https://github.com/arkworks-rs/curves/pull/42) Remove the dependency of `rand_xorshift`.
- #42 Remove the dependency of `rand_xorshift`.
### Bug fixes
- [\#28](https://github.com/arkworks-rs/curves/pull/28), [\#49](https://github.com/arkworks-rs/curves/pull/49) Fix broken documentation links.
- [\#38](https://github.com/arkworks-rs/curves/pull/38) Compile with `panic='abort'` in release mode, for safety of the library across FFI boundaries.
- [\#45](https://github.com/arkworks-rs/curves/pull/45) Fix `ark-ed-on-mnt4-753`.
- #28 Fix broken documentation links.
- #38 Compile with `panic='abort'` in release mode, for safety of the library across FFI boundaries.
## v0.1.0

6
Cargo.toml
View File

@@ -15,7 +15,6 @@ members = [
"bls12_381",
"ed_on_bls12_381",
"ed_on_bls12_381_bandersnatch",
"bn254",
"ed_on_bn254",
@@ -26,7 +25,7 @@ members = [
"mnt4_753",
"mnt6_753",
"ed_on_mnt4_753",
"ed_on_mnt4_298",
"pallas",
"vesta",
@@ -56,6 +55,3 @@ lto = "thin"
incremental = true
debug-assertions = true
debug = true
[patch.crates-io]
ark-r1cs-std = { git = "https://github.com/arkworks-rs/r1cs-std", branch = "reduce-generics", optional = true, default-features = false }

1
README.md
View File

@@ -5,7 +5,6 @@ This repository contains implementations of some popular elliptic curves. The cu
### BLS12-381 and embedded curves
* [`ark-bls12-381`](bls12_381): Implements the BLS12-381 pairing-friendly curve
* [`ark-ed-on-bls12-381`](ed_on_bls12_381): Implements a Twisted Edwards curve atop the scalar field of BLS12-381
* [`ark-ed-on-bls12-381-bandersnatch`](ed_on_bls12_381_bandersnatch): Implements Bandersnatch, another Twisted Edwards curve atop the scalar field of BLS12-381
### BLS12-377 and related curves
* [`ark-bls12-377`](bls12_377): Implements the BLS12-377 pairing-friendly curve

22
bls12_377/Cargo.toml
View File

@@ -1,27 +1,27 @@
[package]
name = "ark-bls12-377"
version = "0.3.0"
version = "0.1.0"
authors = [ "arkworks contributors" ]
description = "The BLS12-377 pairing-friendly elliptic curve"
homepage = "https://arkworks.rs"
repository = "https://github.com/arkworks-rs/curves"
repository = "https://github.com/arkworks-rs/algebra"
documentation = "https://docs.rs/ark-bls12-377/"
keywords = ["cryptography", "finite-fields", "elliptic-curves" ]
keywords = ["cryptography", "finite fields", "elliptic curves" ]
categories = ["cryptography"]
include = ["Cargo.toml", "src", "README.md", "LICENSE-APACHE", "LICENSE-MIT"]
license = "MIT/Apache-2.0"
edition = "2018"
[dependencies]
ark-ff = { version="^0.3.0", default-features = false }
ark-ec = { version="^0.3.0", default-features = false }
ark-r1cs-std = { version="^0.3.0", default-features = false, optional = true }
ark-std = { version="^0.3.0", default-features = false }
ark-ff = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-ec = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-r1cs-std = { git = "https://github.com/arkworks-rs/r1cs-std", default-features = false, optional = true }
ark-std = { git = "https://github.com/arkworks-rs/utils", default-features = false }
[dev-dependencies]
ark-relations = { version="^0.3.0", default-features = false }
ark-serialize = { version="^0.3.0", default-features = false }
ark-algebra-test-templates = { version="^0.3.0", default-features = false }
ark-relations = { git = "https://github.com/arkworks-rs/snark", default-features = false }
ark-serialize = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-algebra-test-templates = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-curve-constraint-tests = { path = "../curve-constraint-tests", default-features = false }
[features]
@@ -31,4 +31,4 @@ std = [ "ark-std/std", "ark-ff/std", "ark-ec/std" ]
curve = [ "scalar_field", "base_field" ]
scalar_field = []
base_field = []
r1cs = [ "base_field", "ark-r1cs-std" ]
r1cs = [ "base_field", "ark-r1cs-std" ]

14
bls12_377/src/constraints/curves.rs
View File

@@ -16,8 +16,14 @@ pub type G2PreparedVar = bls12::G2PreparedVar<Parameters>;
#[test]
fn test() {
use ark_ec::models::bls12::Bls12Parameters;
ark_curve_constraint_tests::curves::sw_test::<<Parameters as Bls12Parameters>::G1Parameters>()
.unwrap();
ark_curve_constraint_tests::curves::sw_test::<<Parameters as Bls12Parameters>::G2Parameters>()
.unwrap();
ark_curve_constraint_tests::curves::sw_test::<
<Parameters as Bls12Parameters>::G1Parameters,
G1Var,
>()
.unwrap();
ark_curve_constraint_tests::curves::sw_test::<
<Parameters as Bls12Parameters>::G2Parameters,
G2Var,
>()
.unwrap();
}

12
bls12_377/src/constraints/mod.rs
View File

@@ -130,17 +130,17 @@
//! let pairing_result_native = Bls12_377::pairing(a_native, b_native);
//!
//! // Prepare `a` and `b` for pairing.
//! let a_prep = Bls12_377::prepare_g1(&a)?;
//! let b_prep = Bls12_377::prepare_g2(&b)?;
//! let pairing_result = Bls12_377::pairing_gadget(a_prep, b_prep)?;
//! let a_prep = constraints::PairingVar::prepare_g1(&a)?;
//! let b_prep = constraints::PairingVar::prepare_g2(&b)?;
//! let pairing_result = constraints::PairingVar::pairing(a_prep, b_prep)?;
//!
//! // Check that the value of &a + &b is correct.
//! assert_eq!(pairing_result.value()?, pairing_result_native);
//!
//! // Check that operations on variables and constants are equivalent.
//! let a_prep_const = Bls12_377::prepare_g1(&a_const)?;
//! let b_prep_const = Bls12_377::prepare_g2(&b_const)?;
//! let pairing_result_const = Bls12_377::pairing_gadget(a_prep_const, b_prep_const)?;
//! let a_prep_const = constraints::PairingVar::prepare_g1(&a_const)?;
//! let b_prep_const = constraints::PairingVar::prepare_g2(&b_const)?;
//! let pairing_result_const = constraints::PairingVar::pairing(a_prep_const, b_prep_const)?;
//! println!("Done here 3");
//!
//! pairing_result.enforce_equal(&pairing_result_const)?;

6
bls12_377/src/constraints/pairing.rs
View File

@@ -1,8 +1,10 @@
use crate::Parameters;
/// Specifies the constraints for computing a pairing in the BLS12-377 bilinear group.
pub use crate::Bls12_377;
pub type PairingVar = ark_r1cs_std::pairing::bls12::PairingVar<Parameters>;
#[test]
fn test() {
use crate::Bls12_377;
ark_curve_constraint_tests::pairing::bilinearity_test::<Bls12_377>().unwrap()
ark_curve_constraint_tests::pairing::bilinearity_test::<Bls12_377, PairingVar>().unwrap()
}

30
bls12_377/src/fields/fq2.rs
View File

@@ -25,6 +25,7 @@ impl Fp2Parameters for Fq2Parameters {
field_new!(Fq, "-1"),
];
// Mul by -5
#[inline(always)]
fn mul_fp_by_nonresidue(fe: &Self::Fp) -> Self::Fp {
let original = fe;
@@ -32,6 +33,35 @@ impl Fp2Parameters for Fq2Parameters {
fe.double_in_place();
fe - original
}
// x + -5 * y, computed as x - 5*y
#[inline(always)]
fn add_and_mul_fp_by_nonresidue(x: &Self::Fp, y: &Self::Fp) -> Self::Fp {
// c becomes 5 * y
let mut c = y.double();
c.double_in_place();
c += y;
*x - c
}
// x + y + (-5 * y), computed as x - 4*y
#[inline(always)]
fn add_and_mul_fp_by_nonresidue_plus_one(x: &Self::Fp, y: &Self::Fp) -> Self::Fp {
// c becomes 4 * y
let mut c = y.double();
c.double_in_place();
*x - c
}
// x - (-5 * y), computed as x + 5*y
#[inline(always)]
fn sub_and_mul_fp_by_nonresidue(x: &Self::Fp, y: &Self::Fp) -> Self::Fp {
// c becomes 5 * y
let mut c = y.double();
c.double_in_place();
c += y;
*x + c
}
}
pub const FQ2_ZERO: Fq2 = field_new!(Fq2, FQ_ZERO, FQ_ZERO);

41
bls12_377/src/fields/fr.rs
View File

@@ -1,24 +1,3 @@
///! Bls12-377 scalar field.
///
/// Roots of unity computed from modulus and R using this sage code:
///
/// ```ignore
/// q = 8444461749428370424248824938781546531375899335154063827935233455917409239041
/// R = 6014086494747379908336260804527802945383293308637734276299549080986809532403 # Montgomery R
/// s = 47
/// o = q - 1
/// F = GF(q)
/// g = F.multiplicative_generator()
/// g = F.multiplicative_generator()
/// assert g.multiplicative_order() == o
/// g2 = g ** (o/2**s)
/// assert g2.multiplicative_order() == 2**s
/// def into_chunks(val, width, n):
/// return [int(int(val) // (2 ** (width * i)) % 2 ** width) for i in range(n)]
/// print("Gen: ", g * R % q)
/// print("Gen: ", into_chunks(g * R % q, 64, 4))
/// print("2-adic gen: ", into_chunks(g2 * R % q, 64, 4))
/// ```
use ark_ff::{biginteger::BigInteger256 as BigInteger, fields::*};
pub type Fr = Fp256<FrParameters>;
@@ -33,10 +12,10 @@ impl FftParameters for FrParameters {
#[rustfmt::skip]
const TWO_ADIC_ROOT_OF_UNITY: BigInteger = BigInteger([
12646347781564978760u64,
6783048705277173164u64,
268534165941069093u64,
1121515446318641358u64,
0x3c3d3ca739381fb2,
0x9a14cda3ec99772b,
0xd7aacc7c59724826,
0xd1ba211c5cc349c,
]);
}
impl FpParameters for FrParameters {
@@ -74,15 +53,15 @@ impl FpParameters for FrParameters {
const INV: u64 = 725501752471715839u64;
/// GENERATOR = 22
/// GENERATOR = 11
/// Encoded in Montgomery form, so the value is
/// (22 * R) % q = 5642976643016801619665363617888466827793962762719196659561577942948671127251
/// (11 * R) % q = 7043719196222586021957094278335006679584931048936630243748405699433040183146
#[rustfmt::skip]
const GENERATOR: BigInteger = BigInteger([
2984901390528151251u64,
10561528701063790279u64,
5476750214495080041u64,
898978044469942640u64,
1855201571499933546u64,
8511318076631809892u64,
6222514765367795509u64,
1122129207579058019u64,
]);
/// (r - 1)/2 =

2
bls12_377/src/lib.rs
View File

@@ -8,7 +8,7 @@
)]
#![forbid(unsafe_code)]
//! This library implements the BLS12_377 curve generated in [\[BCGMMW20, “Zexe”\]](https://eprint.iacr.org/2018/962).
//! This library implements the BLS12_377 curve generated in [[BCGMMW20, “Zexe”]](https://eprint.iacr.org/2018/962).
//! The name denotes that it is a Barreto--Lynn--Scott curve of embedding degree 12,
//! defined over a 377-bit (prime) field. The main feature of this curve is that
//! both the scalar field and the base field are highly 2-adic.

16
bls12_381/Cargo.toml
View File

@@ -1,25 +1,25 @@
[package]
name = "ark-bls12-381"
version = "0.3.0"
version = "0.1.0"
authors = [ "arkworks contributors" ]
description = "The BLS12-381 pairing-friendly elliptic curve"
homepage = "https://arkworks.rs"
repository = "https://github.com/arkworks-rs/curves"
repository = "https://github.com/arkworks-rs/algebra"
documentation = "https://docs.rs/ark-bls12-381/"
keywords = ["cryptography", "finite-fields", "elliptic-curves" ]
keywords = ["cryptography", "finite fields", "elliptic curves" ]
categories = ["cryptography"]
include = ["Cargo.toml", "src", "README.md", "LICENSE-APACHE", "LICENSE-MIT"]
license = "MIT/Apache-2.0"
edition = "2018"
[dependencies]
ark-ff = { version="^0.3.0", default-features = false }
ark-ec = { version="^0.3.0", default-features = false }
ark-std = { version="^0.3.0", default-features = false }
ark-ff = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-ec = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-std = { git = "https://github.com/arkworks-rs/utils", default-features = false }
[dev-dependencies]
ark-serialize = { version="^0.3.0", default-features = false }
ark-algebra-test-templates = { version="^0.3.0", default-features = false }
ark-serialize = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-algebra-test-templates = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
[features]
default = [ "curve" ]

12
bls12_381/src/fields/fq2.rs
View File

@@ -29,6 +29,18 @@ impl Fp2Parameters for Fq2Parameters {
fn mul_fp_by_nonresidue(fp: &Self::Fp) -> Self::Fp {
-(*fp)
}
// x + -1 * y, computed as x - y
#[inline(always)]
fn add_and_mul_fp_by_nonresidue(x: &Self::Fp, y: &Self::Fp) -> Self::Fp {
*x - y
}
// x - (-1 * y), computed as x + y
#[inline(always)]
fn sub_and_mul_fp_by_nonresidue(x: &Self::Fp, y: &Self::Fp) -> Self::Fp {
*x + y
}
}
pub const FQ2_ZERO: Fq2 = field_new!(Fq2, FQ_ZERO, FQ_ZERO);

16
bn254/Cargo.toml
View File

@@ -1,25 +1,25 @@
[package]
name = "ark-bn254"
version = "0.3.0"
version = "0.1.0"
authors = [ "arkworks contributors" ]
description = "The BN254 pairing-friendly elliptic curve"
homepage = "https://arkworks.rs"
repository = "https://github.com/arkworks-rs/curves"
repository = "https://github.com/arkworks-rs/algebra"
documentation = "https://docs.rs/ark-bn254/"
keywords = ["cryptography", "finite-fields", "elliptic-curves" ]
keywords = ["cryptography", "finite fields", "elliptic curves" ]
categories = ["cryptography"]
include = ["Cargo.toml", "src", "README.md", "LICENSE-APACHE", "LICENSE-MIT"]
license = "MIT/Apache-2.0"
edition = "2018"
[dependencies]
ark-ff = { version="^0.3.0", default-features = false }
ark-ec = { version="^0.3.0", default-features = false }
ark-std = { version="^0.3.0", default-features = false }
ark-ff = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-ec = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-std = { git = "https://github.com/arkworks-rs/utils", default-features = false }
[dev-dependencies]
ark-serialize = { version="^0.3.0", default-features = false }
ark-algebra-test-templates = { version="^0.3.0", default-features = false }
ark-serialize = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-algebra-test-templates = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
[features]
default = [ "curve" ]

2
bn254/src/curves/mod.rs
View File

@@ -21,6 +21,8 @@ impl BnParameters for Parameters {
0, 1, 1, 1, 0, 0, -1, 0, 0, 1, 0, 0, 0, 0, 0, -1, 0, 0, 1, 1, 0, 0, -1, 0, 0, 0, 1, 1, 0,
-1, 0, 0, 1, 0, 1, 1,
];
/// `ate_loop_count` is positive.
const ATE_LOOP_COUNT_IS_NEGATIVE: bool = false;
const TWIST_MUL_BY_Q_X: Fq2 = field_new!(
Fq2,

4
bn254/src/fields/fq.rs
View File

@@ -19,7 +19,7 @@ impl FftParameters for FqParameters {
]);
}
impl FpParameters for FqParameters {
/// MODULUS = 21888242871839275222246405745257275088696311157297823662689037894645226208583
/// MODULUS = 258664426012969094010652733694893533536393512754914660539884262666720468348340822774968888139573360124440321458177
#[rustfmt::skip]
const MODULUS: BigInteger = BigInteger([
0x3c208c16d87cfd47,
@@ -82,7 +82,7 @@ impl FpParameters for FqParameters {
]);
// (T - 1) // 2 =
// 5472060717959818805561601436314318772174077789324455915672259473661306552145
// 1837921289030710838195067919506396475074392872918698035817074744121558668640693829665401097909504529
#[rustfmt::skip]
const T_MINUS_ONE_DIV_TWO: BigInteger = BigInteger([
0x4f082305b61f3f51,

12
bn254/src/fields/fq2.rs
View File

@@ -32,6 +32,18 @@ impl Fp2Parameters for Fq2Parameters {
fn mul_fp_by_nonresidue(fe: &Self::Fp) -> Self::Fp {
-(*fe)
}
// x + -1 * y, computed as x - y
#[inline(always)]
fn add_and_mul_fp_by_nonresidue(x: &Self::Fp, y: &Self::Fp) -> Self::Fp {
*x - y
}
// x - (-1 * y), computed as x + y
#[inline(always)]
fn sub_and_mul_fp_by_nonresidue(x: &Self::Fp, y: &Self::Fp) -> Self::Fp {
*x + y
}
}
pub const FQ2_ZERO: Fq2 = field_new!(Fq2, FQ_ZERO, FQ_ZERO);

13
bn254/src/fields/fr.rs
View File

@@ -34,8 +34,6 @@ impl FpParameters for FrParameters {
const REPR_SHAVE_BITS: u32 = 2;
/// R = pow(2, 320) % MODULUS
/// = 6350874878119819312338956282401532410528162663560392320966563075034087161851
#[rustfmt::skip]
const R: BigInteger = BigInteger([
12436184717236109307u64,
@@ -44,8 +42,6 @@ impl FpParameters for FrParameters {
1011752739694698287u64,
]);
/// R2 = R * R % MODULUS
/// = 944936681149208446651664254269745548490766851729442924617792859073125903783
#[rustfmt::skip]
const R2: BigInteger = BigInteger([
1997599621687373223u64,
@@ -54,10 +50,9 @@ impl FpParameters for FrParameters {
150537098327114917u64,
]);
/// INV = (-MODULUS) ^ {-1} % pow(2, 64) = 14042775128853446655
const INV: u64 = 14042775128853446655u64;
/// GENERATOR = 5
// GENERATOR = 5
#[rustfmt::skip]
const GENERATOR: BigInteger = BigInteger([
1949230679015292902u64,
@@ -66,7 +61,7 @@ impl FpParameters for FrParameters {
1571765431670520771u64,
]);
/// (MODULUS - 1)/2 =
/// (r - 1)/2 =
/// 10944121435919637611123202872628637544274182200208017171849102093287904247808
#[rustfmt::skip]
const MODULUS_MINUS_ONE_DIV_TWO: BigInteger = BigInteger([
@@ -78,7 +73,7 @@ impl FpParameters for FrParameters {
// T and T_MINUS_ONE_DIV_TWO, where r - 1 = 2^s * t
/// T = (MODULUS - 1) / 2^s =
/// t = (r - 1) / 2^s =
/// 81540058820840996586704275553141814055101440848469862132140264610111
#[rustfmt::skip]
const T: BigInteger = BigInteger([
@@ -88,7 +83,7 @@ impl FpParameters for FrParameters {
0x30644e72e,
]);
/// (T - 1) / 2 =
/// (t - 1) / 2 =
/// 40770029410420498293352137776570907027550720424234931066070132305055
#[rustfmt::skip]
const T_MINUS_ONE_DIV_TWO: BigInteger = BigInteger([

4
bn254/src/lib.rs
View File

@@ -8,7 +8,7 @@
)]
#![forbid(unsafe_code)]
//! This library implements the BN254 curve that was sampled as part of the [\[BCTV14\]](https://eprint.iacr.org/2013/879.pdf) paper .
//! This library implements the BN254 curve that was sampled as part of the [[BCTV14]][https://eprint.iacr.org/2013/879.pdf] paper .
//! The name denotes that it is a Barreto--Naehrig curve of embedding degree 12,
//! defined over a 254-bit (prime) field. The scalar field is highly 2-adic.
//!
@@ -26,7 +26,7 @@
//! * valuation(r - 1, 2) = 28
//! * G1 curve equation: y^2 = x^3 + 3
//! * G2 curve equation: y^2 = x^3 + B, where
//! * B = 3/(u+9) where Fq2 is represented as Fq\[u\]/(u^2+1)
//! * B = 3/(u+9) where Fq2[u]=Fq/u+1
//! = Fq2(19485874751759354771024239261021720505790618469301721065564631296452457478373, 266929791119991161246907387137283842545076965332900288569378510910307636690)
#[cfg(feature = "curve")]

18
bw6_761/Cargo.toml
View File

@@ -1,26 +1,26 @@
[package]
name = "ark-bw6-761"
version = "0.3.0"
version = "0.1.0"
authors = [ "arkworks contributors" ]
description = "The BW6-761 pairing-friendly elliptic curve"
homepage = "https://arkworks.rs"
repository = "https://github.com/arkworks-rs/curves"
repository = "https://github.com/arkworks-rs/algebra"
documentation = "https://docs.rs/ark-bw6-761/"
keywords = ["cryptography", "finite-fields", "elliptic-curves" ]
keywords = ["cryptography", "finite fields", "elliptic curves" ]
categories = ["cryptography"]
include = ["Cargo.toml", "src", "README.md", "LICENSE-APACHE", "LICENSE-MIT"]
license = "MIT/Apache-2.0"
edition = "2018"
[dependencies]
ark-ff = { version="^0.3.0", default-features = false }
ark-ec = { version="^0.3.0", default-features = false }
ark-std = { version="^0.3.0", default-features = false }
ark-bls12-377 = { version="^0.3.0", path = "../bls12_377", default-features = false, features = [ "base_field" ] }
ark-ff = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-ec = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-std = { git = "https://github.com/arkworks-rs/utils", default-features = false }
ark-bls12-377 = { path = "../bls12_377", default-features = false, features = [ "base_field" ] }
[dev-dependencies]
ark-serialize = { version="^0.3.0", default-features = false }
ark-algebra-test-templates = { version="^0.3.0", default-features = false }
ark-serialize = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-algebra-test-templates = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
[features]
default = []

2
bw6_761/src/fields/fq3.rs
View File

@@ -16,7 +16,7 @@ impl Fp3Parameters for Fq3Parameters {
type Fp = Fq;
/// NONRESIDUE = -4
// Fq3 = Fq\[u\]/u^3+4
// Fq3 = Fq[u]/u^3+4
#[rustfmt::skip]
const NONRESIDUE: Fq = field_new!(Fq, "-4");

2
bw6_761/src/lib.rs
View File

@@ -8,7 +8,7 @@
)]
#![forbid(unsafe_code)]
//! This library implements the BW6_761 curve generated in [\[EG20\]](https://eprint.iacr.org/2020/351).
//! This library implements the BW6_761 curve generated in [[EG20]](https://eprint.iacr.org/2020/351).
//! The name denotes that it is a curve generated using the Brezing--Weng method, and that
//! its embedding degree is 6.
//! The main feature of this curve is that the scalar field equals the base field of the BLS12_377 curve.

20
cp6_782/Cargo.toml
View File

@@ -1,26 +1,28 @@
[package]
name = "ark-cp6-782"
version = "0.3.0"
version = "0.1.0"
authors = [ "arkworks contributors" ]
description = "The CP6-782 pairing-friendly elliptic curve"
homepage = "https://arkworks.rs"
repository = "https://github.com/arkworks-rs/curves"
repository = "https://github.com/arkworks-rs/algebra"
documentation = "https://docs.rs/ark-cp6-782/"
keywords = ["cryptography", "finite-fields", "elliptic-curves" ]
keywords = ["cryptography", "finite fields", "elliptic curves" ]
categories = ["cryptography"]
include = ["Cargo.toml", "src", "README.md", "LICENSE-APACHE", "LICENSE-MIT"]
license = "MIT/Apache-2.0"
edition = "2018"
[dependencies]
ark-ff = { version = "^0.3.0", default-features = false }
ark-ec = { version = "^0.3.0", default-features = false }
ark-std = { version = "^0.3.0", default-features = false }
ark-bls12-377 = { version = "^0.3.0", path = "../bls12_377", default-features = false, features = [ "base_field" ] }
ark-ff = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-ec = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-std = { git = "https://github.com/arkworks-rs/utils", default-features = false }
ark-bls12-377 = { path = "../bls12_377", default-features = false, features = [ "base_field" ] }
[dev-dependencies]
ark-serialize = { version = "^0.3.0", default-features = false }
ark-algebra-test-templates = { version = "^0.3.0", default-features = false }
ark-serialize = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-algebra-test-templates = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
rand = { version = "0.7", default-features = false }
rand_xorshift = "0.2"
[features]
default = []

2
cp6_782/src/lib.rs
View File

@@ -8,7 +8,7 @@
)]
#![forbid(unsafe_code)]
//! This library implements the CP6_782 curve generated in [\[BCGMMW20, “Zexe”\]](https://eprint.iacr.org/2018/962).
//! This library implements the CP6_782 curve generated in [[BCGMMW20, “Zexe”]](https://eprint.iacr.org/2018/962).
//! The name denotes that it was generated using the Cocks--Pinch method for the embedding degree 6.
//! The main feature of this curve is that the scalar field equals the base field of the BLS12_377 curve.
//!

29
curve-benches/Cargo.toml
View File

@@ -1,20 +1,19 @@
[package]
name = "ark-curve-benches"
version = "0.3.0"
version = "0.1.1-alpha.0"
authors = [
"Sean Bowe",
"Alessandro Chiesa",
"Matthew Green",
"Ian Miers",
"Pratyush Mishra",
"Howard Wu",
"Daira Hopwood"
"Howard Wu"
]
description = "A benchmark library for finite fields and elliptic curves"
homepage = "https://arkworks.rs"
repository = "https://github.com/arkworks-rs/curves"
repository = "https://github.com/arkworks-rs/algebra"
documentation = "https://docs.rs/algebra/"
keywords = ["cryptography", "finite-fields", "elliptic-curves", "pairing"]
keywords = ["cryptography", "finite fields", "elliptic curves", "pairing"]
categories = ["cryptography"]
include = ["Cargo.toml", "src", "README.md", "LICENSE-APACHE", "LICENSE-MIT"]
license = "MIT/Apache-2.0"
@@ -28,10 +27,10 @@ build = "build.rs"
bencher = { version = "0.1.5" }
[dev-dependencies]
ark-std = { version = "^0.3.0", default-features = false }
ark-ec = { version = "^0.3.0", default-features = false }
ark-ff = { version = "^0.3.0", default-features = false }
ark-serialize = { version = "^0.3.0", default-features = false }
ark-std = { git = "https://github.com/arkworks-rs/utils", default-features = false }
ark-ec = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-ff = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-serialize = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-mnt4-298 = { path = "../mnt4_298" }
ark-mnt6-298 = { path = "../mnt6_298" }
@@ -43,8 +42,6 @@ ark-bls12-381 = { path = "../bls12_381" }
ark-ed-on-bls12-381 = { path = "../ed_on_bls12_381" }
ark-bw6-761 = { path = "../bw6_761" }
ark-cp6-782 = { path = "../cp6_782" }
ark-pallas = { path = "../pallas" }
ark-vesta = { path = "../vesta" }
[features]
asm = [ "ark-ff/asm"]
@@ -103,13 +100,3 @@ harness = false
name = "mnt6_753"
path = "benches/mnt6_753.rs"
harness = false
[[bench]]
name = "pallas"
path = "benches/pallas.rs"
harness = false
[[bench]]
name = "vesta"
path = "benches/vesta.rs"
harness = false

19
curve-benches/benches/pallas.rs
View File

@@ -1,19 +0,0 @@
use ark_curve_benches::*;
use ark_std::ops::{AddAssign, MulAssign, SubAssign};
use ark_ec::ProjectiveCurve;
use ark_ff::{
biginteger::{BigInteger256 as FrRepr, BigInteger256 as FqRepr},
BigInteger, Field, PrimeField, SquareRootField, UniformRand,
};
use ark_pallas::{fq::Fq, fr::Fr, Affine as GAffine, Projective as G};
mod g {
use super::*;
ec_bench!(G, GAffine);
}
f_bench!(Fq, Fq, FqRepr, FqRepr, fq);
f_bench!(Fr, Fr, FrRepr, FrRepr, fr);
bencher::benchmark_main!(fq, fr, g::group_ops);

19
curve-benches/benches/vesta.rs
View File

@@ -1,19 +0,0 @@
use ark_curve_benches::*;
use ark_std::ops::{AddAssign, MulAssign, SubAssign};
use ark_ec::ProjectiveCurve;
use ark_ff::{
biginteger::{BigInteger256 as FrRepr, BigInteger256 as FqRepr},
BigInteger, Field, PrimeField, SquareRootField, UniformRand,
};
use ark_vesta::{fq::Fq, fr::Fr, Affine as GAffine, Projective as G};
mod g {
use super::*;
ec_bench!(G, GAffine);
}
f_bench!(Fq, Fq, FqRepr, FqRepr, fq);
f_bench!(Fr, Fr, FrRepr, FrRepr, fr);
bencher::benchmark_main!(fq, fr, g::group_ops);

16
curve-constraint-tests/Cargo.toml
View File

@@ -1,24 +1,24 @@
[package]
name = "ark-curve-constraint-tests"
version = "0.3.0"
version = "0.1.0"
authors = [ "arkworks contributors" ]
description = "A library for testing constraints for finite fields, elliptic curves, and pairings"
homepage = "https://arkworks.rs"
repository = "https://github.com/arkworks-rs/curves"
documentation = "https://docs.rs/ark-curve-constraint-tests/"
keywords = ["cryptography", "finite-fields", "elliptic-curves", "r1cs" ]
keywords = ["cryptography", "finite fields", "elliptic curves", "r1cs" ]
categories = ["cryptography"]
include = ["Cargo.toml", "src", "README.md", "LICENSE-APACHE", "LICENSE-MIT"]
license = "MIT/Apache-2.0"
edition = "2018"
[dependencies]
ark-std = { version = "^0.3.0", default-features = false }
ark-serialize = { version = "^0.3.0", default-features = false }
ark-ff = { version = "^0.3.0", default-features = false }
ark-relations = { version = "^0.3.0", default-features = false }
ark-r1cs-std = { version = "^0.3.0", default-features = false }
ark-ec = { version = "^0.3.0", default-features = false }
ark-std = { git = "https://github.com/arkworks-rs/utils", default-features = false }
ark-serialize = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-ff = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-relations = { git = "https://github.com/arkworks-rs/snark", default-features = false }
ark-r1cs-std = { git = "https://github.com/arkworks-rs/r1cs-std", default-features = false }
ark-ec = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
[features]
default = []

107
curve-constraint-tests/src/lib.rs
View File

@@ -233,8 +233,7 @@ pub mod fields {
pub mod curves {
use ark_ec::{
short_weierstrass_jacobian::GroupProjective as SWProjective,
twisted_edwards_extended::GroupProjective as TEProjective, ModelParameters,
ProjectiveCurve,
twisted_edwards_extended::GroupProjective as TEProjective, ProjectiveCurve,
};
use ark_ff::{BitIteratorLE, Field, FpParameters, One, PrimeField};
use ark_relations::r1cs::{ConstraintSystem, SynthesisError};
@@ -242,13 +241,12 @@ pub mod curves {
use ark_r1cs_std::prelude::*;
type ConstraintF<P> = <<P as ModelParameters>::BaseField as Field>::BasePrimeField;
pub fn group_test<C, ConstraintF>() -> Result<(), SynthesisError>
pub fn group_test<C, ConstraintF, GG>() -> Result<(), SynthesisError>
where
C: CurveWithVar<ConstraintF>,
C: ProjectiveCurve,
ConstraintF: Field,
for<'a> &'a C::Var: GroupOpsBounds<'a, C, C::Var>,
GG: CurveVar<C, ConstraintF>,
for<'a> &'a GG: GroupOpsBounds<'a, C, GG>,
{
let modes = [
AllocationMode::Input,
@@ -261,14 +259,12 @@ pub mod curves {
let mut rng = test_rng();
let a_native = C::rand(&mut rng);
let b_native = C::rand(&mut rng);
let a =
C::Var::new_variable(ark_relations::ns!(cs, "generate_a"), || Ok(a_native), mode)
.unwrap();
let b =
C::Var::new_variable(ark_relations::ns!(cs, "generate_b"), || Ok(b_native), mode)
.unwrap();
let a = GG::new_variable(ark_relations::ns!(cs, "generate_a"), || Ok(a_native), mode)
.unwrap();
let b = GG::new_variable(ark_relations::ns!(cs, "generate_b"), || Ok(b_native), mode)
.unwrap();
let zero = C::Var::zero();
let zero = GG::zero();
assert_eq!(zero.value()?, zero.value()?);
// a == a
@@ -277,14 +273,14 @@ pub mod curves {
assert_eq!((&a + &zero).value()?, a.value()?);
// a - 0 = a
assert_eq!((&a - &zero).value()?, a.value()?);
// a - a = 0
assert_eq!((&a - &a).value()?, zero.value()?);
// a + b = b + a
let a_b = &a + &b;
let b_a = &b + &a;
assert_eq!(a_b.value()?, b_a.value()?);
a_b.enforce_equal(&b_a)?;
assert!(cs.is_satisfied().unwrap());
// a - a = 0
assert_eq!((&a - &a).value()?, zero.value()?);
// (a + b) + a = a + (b + a)
let ab_a = &a_b + &a;
@@ -384,15 +380,13 @@ pub mod curves {
Ok(())
}
type SWVar<P> = <SWProjective<P> as CurveWithVar<ConstraintF<P>>>::Var;
pub fn sw_test<P>() -> Result<(), SynthesisError>
pub fn sw_test<P, GG>() -> Result<(), SynthesisError>
where
P: ark_ec::SWModelParameters,
SWProjective<P>: CurveWithVar<ConstraintF<P>> + ProjectiveCurve,
for<'a> &'a SWVar<P>: GroupOpsBounds<'a, SWProjective<P>, SWVar<P>>,
GG: CurveVar<SWProjective<P>, <P::BaseField as Field>::BasePrimeField>,
for<'a> &'a GG: GroupOpsBounds<'a, SWProjective<P>, GG>,
{
group_test::<SWProjective<P>, _>()?;
group_test::<SWProjective<P>, _, GG>()?;
let modes = [
AllocationMode::Input,
AllocationMode::Witness,
@@ -411,12 +405,14 @@ pub mod curves {
let b_affine = b.into_affine();
let ns = ark_relations::ns!(cs, "allocating variables");
let mut gadget_a = SWVar::<P>::new_variable(cs.clone(), || Ok(a), mode)?;
let gadget_b = SWVar::<P>::new_variable(cs.clone(), || Ok(b), mode)?;
let zero = SWVar::<P>::zero();
let mut gadget_a = GG::new_variable(cs.clone(), || Ok(a), mode)?;
let gadget_b = GG::new_variable(cs.clone(), || Ok(b), mode)?;
let zero = GG::zero();
drop(ns);
assert_eq!(gadget_a.value()?.into_affine(), a_affine);
assert_eq!(gadget_b.value()?.into_affine(), b_affine);
assert_eq!(gadget_a.value()?.into_affine().x, a_affine.x);
assert_eq!(gadget_a.value()?.into_affine().y, a_affine.y);
assert_eq!(gadget_b.value()?.into_affine().x, b_affine.x);
assert_eq!(gadget_b.value()?.into_affine().y, b_affine.y);
assert_eq!(cs.which_is_unsatisfied().unwrap(), None);
// Check addition
@@ -457,15 +453,13 @@ pub mod curves {
Ok(())
}
type TEVar<P> = <TEProjective<P> as CurveWithVar<ConstraintF<P>>>::Var;
pub fn te_test<P>() -> Result<(), SynthesisError>
pub fn te_test<P, GG>() -> Result<(), SynthesisError>
where
P: ark_ec::TEModelParameters,
TEProjective<P>: CurveWithVar<ConstraintF<P>> + ProjectiveCurve,
for<'a> &'a TEVar<P>: GroupOpsBounds<'a, TEProjective<P>, TEVar<P>>,
GG: CurveVar<TEProjective<P>, <P::BaseField as Field>::BasePrimeField>,
for<'a> &'a GG: GroupOpsBounds<'a, TEProjective<P>, GG>,
{
group_test::<TEProjective<P>, _>()?;
group_test::<TEProjective<P>, _, GG>()?;
let modes = [
AllocationMode::Input,
AllocationMode::Witness,
@@ -484,12 +478,14 @@ pub mod curves {
let b_affine = b.into_affine();
let ns = ark_relations::ns!(cs, "allocating variables");
let mut gadget_a = TEVar::<P>::new_variable(cs.clone(), || Ok(a), mode)?;
let gadget_b = TEVar::<P>::new_variable(cs.clone(), || Ok(b), mode)?;
let mut gadget_a = GG::new_variable(cs.clone(), || Ok(a), mode)?;
let gadget_b = GG::new_variable(cs.clone(), || Ok(b), mode)?;
drop(ns);
assert_eq!(gadget_a.value()?.into_affine(), a_affine);
assert_eq!(gadget_b.value()?.into_affine(), b_affine);
assert_eq!(gadget_a.value()?.into_affine().x, a_affine.x);
assert_eq!(gadget_a.value()?.into_affine().y, a_affine.y);
assert_eq!(gadget_b.value()?.into_affine().x, b_affine.x);
assert_eq!(gadget_b.value()?.into_affine().y, b_affine.y);
assert_eq!(cs.which_is_unsatisfied()?, None);
// Check addition
@@ -531,21 +527,16 @@ pub mod curves {
pub mod pairing {
use ark_ec::{PairingEngine, ProjectiveCurve};
use ark_ff::{BitIteratorLE, Field, PrimeField};
use ark_r1cs_std::{fields::fp::FpVar, prelude::*};
use ark_r1cs_std::prelude::*;
use ark_relations::r1cs::{ConstraintSystem, SynthesisError};
use ark_std::{test_rng, vec::Vec, UniformRand};
#[allow(dead_code)]
pub fn bilinearity_test<P: PairingGadget>() -> Result<(), SynthesisError>
pub fn bilinearity_test<E: PairingEngine, P: PairingVar<E>>() -> Result<(), SynthesisError>
where
for<'a> &'a P::G1Var: GroupOpsBounds<'a, P::G1Projective, P::G1Var>,
for<'a> &'a P::G2Var: GroupOpsBounds<'a, P::G2Projective, P::G2Var>,
for<'a> &'a P::GTVar: FieldOpsBounds<'a, P::Fqk, P::GTVar>,
P::Fq: FieldWithVar<Var = FpVar<P::Fq>>,
P::Fqe: FieldWithVar,
P::Fqk: FieldWithVar<Var = P::GTVar>,
P::G1Projective: CurveWithVar<P::Fq, Var = P::G1Var>,
P::G2Projective: CurveWithVar<P::Fq, Var = P::G2Var>,
for<'a> &'a P::G1Var: GroupOpsBounds<'a, E::G1Projective, P::G1Var>,
for<'a> &'a P::G2Var: GroupOpsBounds<'a, E::G2Projective, P::G2Var>,
for<'a> &'a P::GTVar: FieldOpsBounds<'a, E::Fqk, P::GTVar>,
{
let modes = [
AllocationMode::Input,
@@ -553,12 +544,12 @@ pub mod pairing {
AllocationMode::Constant,
];
for &mode in &modes {
let cs = ConstraintSystem::<P::Fq>::new_ref();
let cs = ConstraintSystem::<E::Fq>::new_ref();
let mut rng = test_rng();
let a = P::G1Projective::rand(&mut rng);
let b = P::G2Projective::rand(&mut rng);
let s = P::Fr::rand(&mut rng);
let a = E::G1Projective::rand(&mut rng);
let b = E::G2Projective::rand(&mut rng);
let s = E::Fr::rand(&mut rng);
let mut sa = a;
sa *= s;
@@ -580,16 +571,16 @@ pub mod pairing {
let (ans1_g, ans1_n) = {
let _ml_constraints = cs.num_constraints();
let ml_g = P::miller_loop_gadget(&[sa_prep_g], &[b_prep_g.clone()])?;
let ml_g = P::miller_loop(&[sa_prep_g], &[b_prep_g.clone()])?;
let _fe_constraints = cs.num_constraints();
let ans_g = P::final_exponentiation_gadget(&ml_g)?;
let ans_n = <P as PairingEngine>::pairing(sa, b);
let ans_g = P::final_exponentiation(&ml_g)?;
let ans_n = E::pairing(sa, b);
(ans_g, ans_n)
};
let (ans2_g, ans2_n) = {
let ans_g = P::pairing_gadget(a_prep_g.clone(), sb_prep_g)?;
let ans_n = <P as PairingEngine>::pairing(a, sb);
let ans_g = P::pairing(a_prep_g.clone(), sb_prep_g)?;
let ans_n = E::pairing(a, sb);
(ans_g, ans_n)
};
@@ -598,8 +589,8 @@ pub mod pairing {
.map(Boolean::constant)
.collect::<Vec<_>>();
let mut ans_g = P::pairing_gadget(a_prep_g, b_prep_g)?;
let mut ans_n = <P as PairingEngine>::pairing(a, b);
let mut ans_g = P::pairing(a_prep_g, b_prep_g)?;
let mut ans_n = E::pairing(a, b);
ans_n = ans_n.pow(s.into_repr());
ans_g = ans_g.pow_le(&s_iter)?;

24
ed_on_bls12_377/Cargo.toml
View File

@@ -1,29 +1,31 @@
[package]
name = "ark-ed-on-bls12-377"
version = "0.3.0"
version = "0.1.0"
authors = [ "arkworks contributors" ]
description = "A Twisted Edwards curve defined over the scalar field of the BLS12-377 curve"
homepage = "https://arkworks.rs"
repository = "https://github.com/arkworks-rs/curves"
repository = "https://github.com/arkworks-rs/algebra"
documentation = "https://docs.rs/ark-ed-on-bls12-377/"
keywords = ["cryptography", "finite-fields", "elliptic-curves" ]
keywords = ["cryptography", "finite fields", "elliptic curves" ]
categories = ["cryptography"]
include = ["Cargo.toml", "src", "README.md", "LICENSE-APACHE", "LICENSE-MIT"]
license = "MIT/Apache-2.0"
edition = "2018"
[dependencies]
ark-ff = { version = "^0.3.0", default-features = false }
ark-ec = { version = "^0.3.0", default-features = false }
ark-std = { version = "^0.3.0", default-features = false }
ark-r1cs-std = { version = "^0.3.0", default-features = false, optional = true }
ark-bls12-377 = { version = "^0.3.0", path = "../bls12_377", default-features = false, features = [ "scalar_field" ] }
ark-ff = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-ec = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-std = { git = "https://github.com/arkworks-rs/utils", default-features = false }
ark-r1cs-std = { git = "https://github.com/arkworks-rs/r1cs-std", default-features = false, optional = true }
ark-bls12-377 = { path = "../bls12_377", default-features = false, features = [ "scalar_field" ] }
[dev-dependencies]
ark-relations = { version = "^0.3.0", default-features = false }
ark-serialize = { version = "^0.3.0", default-features = false }
ark-algebra-test-templates = { version = "^0.3.0", default-features = false }
ark-relations = { git = "https://github.com/arkworks-rs/snark", default-features = false }
ark-serialize = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-algebra-test-templates = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-curve-constraint-tests = { path = "../curve-constraint-tests", default-features = false }
rand = { version = "0.7", default-features = false }
rand_xorshift = "0.2"
[features]
default = []

6
ed_on_bls12_377/src/constraints/curves.rs
View File

@@ -1,10 +1,12 @@
use crate::*;
use ark_r1cs_std::groups::curves::twisted_edwards::AffineVar;
use crate::constraints::FqVar;
/// A variable that is the R1CS equivalent of `crate::EdwardsAffine`.
pub type EdwardsVar = AffineVar<EdwardsParameters>;
pub type EdwardsVar = AffineVar<EdwardsParameters, FqVar>;
#[test]
fn test() {
ark_curve_constraint_tests::curves::te_test::<EdwardsParameters>().unwrap();
ark_curve_constraint_tests::curves::te_test::<EdwardsParameters, EdwardsVar>().unwrap();
}

2
ed_on_bls12_377/src/lib.rs
View File

@@ -11,7 +11,7 @@
//! This library implements a twisted Edwards curve whose base field is the scalar field of the
//! curve BLS12-377. This allows defining cryptographic primitives that use elliptic curves over
//! the scalar field of the latter curve. This curve was generated as part of the paper
//! [\[BCGMMW20, “Zexe”\]](https://eprint.iacr.org/2018/962).
//! [[BCGMMW20, “Zexe”]](https://eprint.iacr.org/2018/962).
//!
//! Curve information:
//! * Base field: q = 8444461749428370424248824938781546531375899335154063827935233455917409239041

22
ed_on_bls12_381/Cargo.toml
View File

@@ -1,28 +1,28 @@
[package]
name = "ark-ed-on-bls12-381"
version = "0.3.0"
version = "0.1.0"
authors = [ "arkworks contributors" ]
description = "A Twisted Edwards curve defined over the scalar field of the BLS12-381 curve"
homepage = "https://arkworks.rs"
repository = "https://github.com/arkworks-rs/curves"
repository = "https://github.com/arkworks-rs/algebra"
documentation = "https://docs.rs/ark-ed-on-bls12-381/"
keywords = ["cryptography", "finite-fields", "elliptic-curves" ]
keywords = ["cryptography", "finite fields", "elliptic curves" ]
categories = ["cryptography"]
include = ["Cargo.toml", "src", "README.md", "LICENSE-APACHE", "LICENSE-MIT"]
license = "MIT/Apache-2.0"
edition = "2018"
[dependencies]
ark-ff = { version = "^0.3.0", default-features = false }
ark-ec = { version = "^0.3.0", default-features = false }
ark-std = { version = "^0.3.0", default-features = false }
ark-r1cs-std = { version = "^0.3.0", default-features = false, optional = true }
ark-bls12-381 = { version = "^0.3.0", path = "../bls12_381", default-features = false, features = [ "scalar_field" ] }
ark-ff = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-ec = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-std = { git = "https://github.com/arkworks-rs/utils", default-features = false }
ark-r1cs-std = { git = "https://github.com/arkworks-rs/r1cs-std", default-features = false, optional = true }
ark-bls12-381 = { path = "../bls12_381", default-features = false, features = [ "scalar_field" ] }
[dev-dependencies]
ark-relations = { version = "^0.3.0", default-features = false }
ark-serialize = { version = "^0.3.0", default-features = false }
ark-algebra-test-templates = { version = "^0.3.0", default-features = false }
ark-relations = { git = "https://github.com/arkworks-rs/snark", default-features = false }
ark-serialize = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-algebra-test-templates = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-curve-constraint-tests = { path = "../curve-constraint-tests", default-features = false }
[features]

6
ed_on_bls12_381/src/constraints/curves.rs
View File

@@ -1,10 +1,12 @@
use crate::*;
use ark_r1cs_std::groups::curves::twisted_edwards::AffineVar;
use crate::constraints::FqVar;
/// A variable that is the R1CS equivalent of `crate::EdwardsAffine`.
pub type EdwardsVar = AffineVar<EdwardsParameters>;
pub type EdwardsVar = AffineVar<EdwardsParameters, FqVar>;
#[test]
fn test() {
ark_curve_constraint_tests::curves::te_test::<EdwardsParameters>().unwrap();
ark_curve_constraint_tests::curves::te_test::<_, EdwardsVar>().unwrap();
}

2
ed_on_bls12_381/src/lib.rs
View File

@@ -9,7 +9,7 @@
#![forbid(unsafe_code)]
//! This library implements a twisted Edwards curve whose base field is the scalar field of the
//! curve BLS12-381. This allows defining cryptographic primitives that use elliptic curves over
//! curve BLS12-377. This allows defining cryptographic primitives that use elliptic curves over
//! the scalar field of the latter curve. This curve was generated by Sean Bowe, and is also known
//! as [Jubjub](https://github.com/zkcrypto/jubjub).
//!

34
ed_on_bls12_381_bandersnatch/Cargo.toml
View File

@@ -1,34 +0,0 @@
[package]
name = "ark-ed-on-bls12-381-bandersnatch"
version = "0.1.0"
authors = [ "zhenfei zhang", "arkworks contributors" ]
description = "Bandersnatch: a curve defined over the scalar field of the BLS12-381 curve"
repository = "https://github.com/zhenfeizhang/bandersnatch-rust"
keywords = ["cryptography", "finite-fields", "elliptic-curves" ]
categories = ["cryptography"]
include = ["Cargo.toml", "src", "README.md", "LICENSE-APACHE", "LICENSE-MIT"]
license = "MIT/Apache-2.0"
edition = "2018"
[dependencies]
ark-ff = { version = "^0.3.0", default-features = false }
ark-ec = { version = "^0.3.0", default-features = false }
ark-std = { version = "^0.3.0", default-features = false }
ark-r1cs-std = { version = "^0.3.0", default-features = false, optional = true }
ark-bls12-381 = { version = "^0.3.0", default-features = false, features = [ "scalar_field" ] }
[dev-dependencies]
ark-relations = { version = "^0.3.0", default-features = false }
ark-serialize = { version = "^0.3.0", default-features = false }
ark-algebra-test-templates = { version = "^0.3.0", default-features = false }
ark-curve-constraint-tests = { path = "../curve-constraint-tests", default-features = false }
[features]
default = []
std = [
"ark-std/std",
"ark-ff/std",
"ark-ec/std",
"ark-bls12-381/std"
]
r1cs = ["ark-r1cs-std"]

10
ed_on_bls12_381_bandersnatch/src/constraints/curves.rs
View File

@@ -1,10 +0,0 @@
use crate::*;
use ark_r1cs_std::groups::curves::twisted_edwards::AffineVar;
/// A variable that is the R1CS equivalent of `crate::EdwardsAffine`.
pub type EdwardsVar = AffineVar<EdwardsParameters>;
#[test]
fn test() {
ark_curve_constraint_tests::curves::te_test::<EdwardsParameters>().unwrap();
}

9
ed_on_bls12_381_bandersnatch/src/constraints/fields.rs
View File

@@ -1,9 +0,0 @@
use ark_r1cs_std::fields::fp::FpVar;
/// A variable that is the R1CS equivalent of `crate::Fq`.
pub type FqVar = FpVar<crate::Fq>;
#[test]
fn test() {
ark_curve_constraint_tests::fields::field_test::<_, _, FqVar>().unwrap();
}

107
ed_on_bls12_381_bandersnatch/src/constraints/mod.rs
View File

@@ -1,107 +0,0 @@
//! This module implements the R1CS equivalent of `ark_bandersnatch`.
//!
//! It implements field variables for `crate::Fq`,
//! and group variables for `crate::GroupProjective`.
//!
//! The field underlying these constraints is `crate::Fq`.
//!
//! # Examples
//!
//! One can perform standard algebraic operations on `FqVar`:
//!
//! ```
//! # fn main() -> Result<(), ark_relations::r1cs::SynthesisError> {
//! use ark_std::UniformRand;
//! use ark_relations::r1cs::*;
//! use ark_r1cs_std::prelude::*;
//! use ark_ed_on_bls12_381_bandersnatch::{*, constraints::*};
//!
//! let cs = ConstraintSystem::<Fq>::new_ref();
//! // This rng is just for test purposes; do not use it
//! // in real applications.
//! let mut rng = ark_std::test_rng();
//!
//! // Generate some random `Fq` elements.
//! let a_native = Fq::rand(&mut rng);
//! let b_native = Fq::rand(&mut rng);
//!
//! // Allocate `a_native` and `b_native` as witness variables in `cs`.
//! let a = FqVar::new_witness(ark_relations::ns!(cs, "generate_a"), || Ok(a_native))?;
//! let b = FqVar::new_witness(ark_relations::ns!(cs, "generate_b"), || Ok(b_native))?;
//!
//! // Allocate `a_native` and `b_native` as constants in `cs`. This does not add any
//! // constraints or variables.
//! let a_const = FqVar::new_constant(ark_relations::ns!(cs, "a_as_constant"), a_native)?;
//! let b_const = FqVar::new_constant(ark_relations::ns!(cs, "b_as_constant"), b_native)?;
//!
//! let one = FqVar::one();
//! let zero = FqVar::zero();
//!
//! // Sanity check one + one = two
//! let two = &one + &one + &zero;
//! two.enforce_equal(&one.double()?)?;
//!
//! assert!(cs.is_satisfied()?);
//!
//! // Check that the value of &a + &b is correct.
//! assert_eq!((&a + &b).value()?, a_native + &b_native);
//!
//! // Check that the value of &a * &b is correct.
//! assert_eq!((&a * &b).value()?, a_native * &b_native);
//!
//! // Check that operations on variables and constants are equivalent.
//! (&a + &b).enforce_equal(&(&a_const + &b_const))?;
//! assert!(cs.is_satisfied()?);
//! # Ok(())
//! # }
//! ```
//!
//! One can also perform standard algebraic operations on `EdwardsVar`:
//!
//! ```
//! # fn main() -> Result<(), ark_relations::r1cs::SynthesisError> {
//! # use ark_std::UniformRand;
//! # use ark_relations::r1cs::*;
//! # use ark_r1cs_std::prelude::*;
//! # use ark_ed_on_bls12_381_bandersnatch::{*, constraints::*};
//!
//! # let cs = ConstraintSystem::<Fq>::new_ref();
//! # let mut rng = ark_std::test_rng();
//!
//! // Generate some random `Edwards` elements.
//! let a_native = EdwardsProjective::rand(&mut rng);
//! let b_native = EdwardsProjective::rand(&mut rng);
//!
//! // Allocate `a_native` and `b_native` as witness variables in `cs`.
//! let a = EdwardsVar::new_witness(ark_relations::ns!(cs, "a"), || Ok(a_native))?;
//! let b = EdwardsVar::new_witness(ark_relations::ns!(cs, "b"), || Ok(b_native))?;
//!
//! // Allocate `a_native` and `b_native` as constants in `cs`. This does not add any
//! // constraints or variables.
//! let a_const = EdwardsVar::new_constant(ark_relations::ns!(cs, "a_as_constant"), a_native)?;
//! let b_const = EdwardsVar::new_constant(ark_relations::ns!(cs, "b_as_constant"), b_native)?;
//!
//! // This returns the identity of `Edwards`.
//! let zero = EdwardsVar::zero();
//!
//! // Sanity check one + one = two
//! let two_a = &a + &a + &zero;
//! two_a.enforce_equal(&a.double()?)?;
//!
//! assert!(cs.is_satisfied()?);
//!
//! // Check that the value of &a + &b is correct.
//! assert_eq!((&a + &b).value()?, a_native + &b_native);
//!
//! // Check that operations on variables and constants are equivalent.
//! (&a + &b).enforce_equal(&(&a_const + &b_const))?;
//! assert!(cs.is_satisfied()?);
//! # Ok(())
//! # }
//! ```
mod curves;
mod fields;
pub use curves::*;
pub use fields::*;

94
ed_on_bls12_381_bandersnatch/src/curves/mod.rs
View File

@@ -1,94 +0,0 @@
use crate::{Fq, Fr};
use ark_ec::{
models::{ModelParameters, MontgomeryModelParameters, TEModelParameters},
twisted_edwards_extended::{GroupAffine, GroupProjective},
};
use ark_ff::{field_new, Field};
#[cfg(test)]
mod tests;
pub type EdwardsAffine = GroupAffine<EdwardsParameters>;
pub type EdwardsProjective = GroupProjective<EdwardsParameters>;
/// `banersnatch` is a twisted Edwards curve. These curves have equations of the
/// form: ax² + y² = 1 - dx²y².
/// over some base finite field Fq.
///
/// banersnatch's curve equation: -5x² + y² = 1 - dx²y²
///
/// q = 52435875175126190479447740508185965837690552500527637822603658699938581184513.
///
/// a = 52435875175126190479447740508185965837690552500527637822603658699938581184508.
/// d = (138827208126141220649022263972958607803/
/// 171449701953573178309673572579671231137) mod q
/// = 45022363124591815672509500913686876175488063829319466900776701791074614335719.
///
/// Sage script to calculate these:
///
/// ```text
/// q = 52435875175126190479447740508185965837690552500527637822603658699938581184513
/// Fq = GF(q)
/// d = (Fq(138827208126141220649022263972958607803)/Fq(171449701953573178309673572579671231137))
/// ```
/// These parameters and the sage script obtained from:
/// <https://github.com/asanso/Bandersnatch/>
#[derive(Clone, Default, PartialEq, Eq)]
pub struct EdwardsParameters;
impl ModelParameters for EdwardsParameters {
type BaseField = Fq;
type ScalarField = Fr;
}
impl TEModelParameters for EdwardsParameters {
/// COEFF_A = -5
#[rustfmt::skip]
const COEFF_A: Fq = field_new!(Fq, "-5");
/// COEFF_D = (138827208126141220649022263972958607803/
/// 171449701953573178309673572579671231137) mod q
#[rustfmt::skip]
const COEFF_D: Fq = field_new!(Fq, "45022363124591815672509500913686876175488063829319466900776701791074614335719");
/// COFACTOR = 4
const COFACTOR: &'static [u64] = &[4];
/// COFACTOR^(-1) mod r =
/// 9831726595336160714896451345284868594481866920080427688839802480047265754601
#[rustfmt::skip]
const COFACTOR_INV: Fr = field_new!(Fr, "9831726595336160714896451345284868594481866920080427688839802480047265754601");
/// AFFINE_GENERATOR_COEFFS = (GENERATOR_X, GENERATOR_Y)
const AFFINE_GENERATOR_COEFFS: (Self::BaseField, Self::BaseField) = (GENERATOR_X, GENERATOR_Y);
type MontgomeryModelParameters = EdwardsParameters;
/// Multiplication by `a` is multiply by `-5`.
#[inline(always)]
fn mul_by_a(elem: &Self::BaseField) -> Self::BaseField {
let t = (*elem).double().double();
-(t + *elem)
}
}
impl MontgomeryModelParameters for EdwardsParameters {
/// COEFF_A = 29978822694968839326280996386011761570173833766074948509196803838190355340952
#[rustfmt::skip]
const COEFF_A: Fq = field_new!(Fq, "29978822694968839326280996386011761570173833766074948509196803838190355340952");
/// COEFF_B = 25465760566081946422412445027709227188579564747101592991722834452325077642517
#[rustfmt::skip]
const COEFF_B: Fq = field_new!(Fq, "25465760566081946422412445027709227188579564747101592991722834452325077642517");
type TEModelParameters = EdwardsParameters;
}
// using the generator from bench.py (in affine form)
// P = BandersnatchPoint(
// 13738737789055671334382939318077718462576533426798874551591468520593954805549,
// 11575885077368931610486103676191793534029821920164915325066801506752632626968,
// 14458123306641001284399433086015669988340559992755622870694102351476334505845,
// C)
#[rustfmt::skip]
const GENERATOR_X: Fq = field_new!(Fq, "29627151942733444043031429156003786749302466371339015363120350521834195802525");
#[rustfmt::skip]
const GENERATOR_Y: Fq = field_new!(Fq, "27488387519748396681411951718153463804682561779047093991696427532072116857978");

103
ed_on_bls12_381_bandersnatch/src/curves/tests.rs
View File

@@ -1,103 +0,0 @@
use crate::*;
use ark_algebra_test_templates::{curves::*, groups::*};
use ark_ec::{AffineCurve, ProjectiveCurve};
use ark_ff::{bytes::FromBytes, Zero};
use ark_std::{rand::Rng, str::FromStr, test_rng};
#[test]
fn test_projective_curve() {
curve_tests::<EdwardsProjective>();
edwards_tests::<EdwardsParameters>();
}
#[test]
fn test_projective_group() {
let mut rng = test_rng();
let a = rng.gen();
let b = rng.gen();
for _i in 0..100 {
group_test::<EdwardsProjective>(a, b);
}
}
#[test]
fn test_affine_group() {
let mut rng = test_rng();
let a: EdwardsAffine = rng.gen();
let b: EdwardsAffine = rng.gen();
for _i in 0..100 {
group_test::<EdwardsAffine>(a, b);
}
}
#[test]
fn test_generator() {
let generator = EdwardsAffine::prime_subgroup_generator();
assert!(generator.is_on_curve());
assert!(generator.is_in_correct_subgroup_assuming_on_curve());
}
#[test]
fn test_conversion() {
let mut rng = test_rng();
let a: EdwardsAffine = rng.gen();
let b: EdwardsAffine = rng.gen();
let a_b = {
use ark_ec::group::Group;
(a + &b).double().double()
};
let a_b2 = (a.into_projective() + &b.into_projective())
.double()
.double();
assert_eq!(a_b, a_b2.into_affine());
assert_eq!(a_b.into_projective(), a_b2);
}
#[test]
fn test_scalar_multiplication() {
let f1 = Fr::from_str(
"4257185345094557079734489188109952172285839137338142340240392707284963971010",
)
.unwrap();
let f2 = Fr::from_str(
"1617998875791656082457755819308421023664764572929977389209373068350490665160",
)
.unwrap();
let g = EdwardsAffine::from_str(
"(29627151942733444043031429156003786749302466371339015363120350521834195802525, \
27488387519748396681411951718153463804682561779047093991696427532072116857978)",
)
.unwrap();
let f1f2g = EdwardsAffine::from_str(
"(16530491029447613915334753043669938793793987372416328257719459807614119987301, \
42481140308370805476764840229335460092474682686441442216596889726548353970772)",
)
.unwrap();
assert!(!g.is_zero());
assert!(!f1f2g.is_zero());
let f1g = g.mul(f1).into_affine();
assert_eq!(g.mul(f1 * &f2).into_affine(), f1f2g);
assert_eq!(f1g.mul(f2).into_affine(), f1f2g);
}
#[test]
fn test_bytes() {
let g_from_repr = EdwardsAffine::from_str(
"(29627151942733444043031429156003786749302466371339015363120350521834195802525, \
27488387519748396681411951718153463804682561779047093991696427532072116857978)",
)
.unwrap();
let g_bytes = ark_ff::to_bytes![g_from_repr].unwrap();
let g = EdwardsAffine::read(g_bytes.as_slice()).unwrap();
assert_eq!(g_from_repr, g);
}
#[test]
fn test_montgomery_conversion() {
montgomery_conversion_test::<EdwardsParameters>();
}

1
ed_on_bls12_381_bandersnatch/src/fields/fq.rs
View File

@@ -1 +0,0 @@
pub use ark_bls12_381::{Fr as Fq, FrParameters as FqParameters};

115
ed_on_bls12_381_bandersnatch/src/fields/fr.rs
View File

@@ -1,115 +0,0 @@
use ark_ff::{
biginteger::BigInteger256 as BigInteger,
fields::{FftParameters, Fp256, Fp256Parameters, FpParameters},
};
pub type Fr = Fp256<FrParameters>;
pub struct FrParameters;
impl Fp256Parameters for FrParameters {}
impl FftParameters for FrParameters {
type BigInt = BigInteger;
/// Let `N` be the size of the multiplicative group defined by the field.
/// Then `TWO_ADICITY` is the two-adicity of `N`, i.e. the integer `s`
/// such that `N = 2^s * t` for some odd integer `t`.
const TWO_ADICITY: u32 = 5;
/// 2^s root of unity computed by GENERATOR^t
/// 4740934665446857387895054948191089665295030226009829406950782728666658007874
#[rustfmt::skip]
const TWO_ADIC_ROOT_OF_UNITY: BigInteger = BigInteger([
0xa4dcdba087826b42,
0x6e4ab162f57f862a,
0xabc5492749348d6a,
0xa7b462035f8c169,
]);
}
impl FpParameters for FrParameters {
/// The modulus of the field.
/// MODULUS = 13108968793781547619861935127046491459309155893440570251786403306729687672801.
#[rustfmt::skip]
const MODULUS: BigInteger = BigInteger([
0x74fd06b52876e7e1,
0xff8f870074190471,
0x0cce760202687600,
0x1cfb69d4ca675f52,
]);
/// The number of bits needed to represent the `Self::MODULUS`.
const MODULUS_BITS: u32 = 253;
/// The number of bits that can be reliably stored.
/// (Should equal `SELF::MODULUS_BITS - 1`)
const CAPACITY: u32 = Self::MODULUS_BITS - 1;
/// The number of bits that must be shaved from the beginning of
/// the representation when randomly sampling.
const REPR_SHAVE_BITS: u32 = 4;
/// Let `M` be the power of 2^64 nearest to `Self::MODULUS_BITS`. Then
/// `R = M % Self::MODULUS`.
/// R = 10920338887063814464675503992315976178796737518116002025166357554075628257528
#[rustfmt::skip]
const R: BigInteger = BigInteger([
0x5817ca56bc48c0f8,
0x0383c7fc5f37dc74,
0x998c4fefecbc4ff8,
0x1824b159acc5056f,
]);
/// R2 = R^2 % Self::MODULUS
/// R2 = 4932290691328759802879919559207542894238895193980447506221046538067943049163
#[rustfmt::skip]
const R2: BigInteger = BigInteger([
0xdbb4f5d658db47cb,
0x40fa7ca27fecb938,
0xaa9e6daec0055cea,
0xae793ddb14aec7d
]);
/// INV = -MODULUS^{-1} mod 2^64
/// INV = 17410672245482742751
const INV: u64 = 0xf19f22295cc063df;
/// A multiplicative generator of the field.
/// `Self::GENERATOR` is an element having multiplicative order
/// `Self::MODULUS - 1`.
/// n = 9962557815892774795293348142308860067333132192265356416788884706064406244838
#[rustfmt::skip]
const GENERATOR: BigInteger = BigInteger([
0x56b6f3ab7b616de6,
0x114f419d6c9083e5,
0xbf518d217780c4b9,
0x16069b9f45dbce7f,
]);
/// (Self::MODULUS - 1) / 2
/// 6554484396890773809930967563523245729654577946720285125893201653364843836400
const MODULUS_MINUS_ONE_DIV_TWO: BigInteger = BigInteger([
0xba7e835a943b73f0,
0x7fc7c3803a0c8238,
0x06673b0101343b00,
0xe7db4ea6533afa9,
]);
/// t for 2^s * t = MODULUS - 1, and t coprime to 2.
/// t = 409655274805673363120685472720202858103411121670017820368325103335302739775
/// = (modulus-1)/2^5
const T: BigInteger = BigInteger([
0x8ba7e835a943b73f,
0x07fc7c3803a0c823,
0x906673b0101343b0,
0xe7db4ea6533afa,
]);
/// (t - 1) / 2
/// = 204827637402836681560342736360101429051705560835008910184162551667651369887
const T_MINUS_ONE_DIV_TWO: BigInteger = BigInteger([
0xc5d3f41ad4a1db9f,
0x03fe3e1c01d06411,
0x483339d80809a1d8,
0x73eda753299d7d,
]);
}

8
ed_on_bls12_381_bandersnatch/src/fields/mod.rs
View File

@@ -1,8 +0,0 @@
pub mod fq;
pub mod fr;
pub use fq::*;
pub use fr::*;
#[cfg(all(feature = "ed_on_bls12_381_bandersnatch", test))]
mod tests;

423
ed_on_bls12_381_bandersnatch/src/fields/tests.rs
View File

@@ -1,423 +0,0 @@
use crate::{Fq, Fr};
use ark_algebra_test_templates::fields::*;
use ark_ff::{
biginteger::BigInteger256 as BigInteger,
bytes::{FromBytes, ToBytes},
fields::{Field, LegendreSymbol::*, SquareRootField},
One, Zero,
};
use ark_std::{rand::Rng, str::FromStr, test_rng};
#[test]
fn test_fr() {
let mut rng = test_rng();
let a: Fr = rng.gen();
let b: Fr = rng.gen();
field_test(a, b);
primefield_test::<Fr>();
}
#[test]
fn test_fq() {
let mut rng = test_rng();
let a: Fq = rng.gen();
let b: Fq = rng.gen();
field_test(a, b);
primefield_test::<Fq>();
}
#[test]
fn test_fq_add() {
let f1 = Fq::from_str(
"18386742314266644595564329008376577163854043021652781768352795308532764650733",
)
.unwrap();
let f2 = Fq::from_str(
"39786307610986038981023499868190793548353538256264351797285876981647142458383",
)
.unwrap();
let f3 = Fq::from_str(
"5737174750126493097140088368381404874517028777389495743035013590241325924603",
)
.unwrap();
assert!(!f1.is_zero());
assert!(!f2.is_zero());
assert!(!f3.is_zero());
assert_eq!(f1 + &f2, f3);
}
#[test]
fn test_fq_add_one() {
let f1 = Fq::from_str(
"4946875394261337176810256604189376311946643975348516311606738923340201185904",
)
.unwrap();
let f2 = Fq::from_str(
"4946875394261337176810256604189376311946643975348516311606738923340201185905",
)
.unwrap();
assert!(!f1.is_zero());
assert!(!f2.is_zero());
assert_eq!(f1 + &Fq::one(), f2);
}
#[test]
fn test_fq_mul() {
let f1 = Fq::from_str(
"24703123148064348394273033316595937198355721297494556079070134653139656190956",
)
.unwrap();
let f2 = Fq::from_str(
"38196797080882758914424853878212529985425118523754343117256179679117054302131",
)
.unwrap();
let f3 = Fq::from_str(
"38057113854472161555556064369220825628027487067886761874351491955834635348140",
)
.unwrap();
assert!(!f1.is_zero());
assert!(!f2.is_zero());
assert!(!f3.is_zero());
assert_eq!(f1 * &f2, f3);
}
#[test]
fn test_fq_triple_mul() {
let f1 = Fq::from_str(
"23834398828139479510988224171342199299644042568628082836691700490363123893905",
)
.unwrap();
let f2 = Fq::from_str(
"48343809612844640454129919255697536258606705076971130519928764925719046689317",
)
.unwrap();
let f3 = Fq::from_str(
"22704845471524346880579660022678666462201713488283356385810726260959369106033",
)
.unwrap();
let f4 = Fq::from_str(
"18897508522635316277030308074760673440128491438505204942623624791502972539393",
)
.unwrap();
assert!(!f1.is_zero());
assert!(!f2.is_zero());
assert!(!f3.is_zero());
assert_eq!(f1 * &f2 * &f3, f4);
}
#[test]
fn test_fq_div() {
let f1 = Fq::from_str(
"31892744363926593013886463524057935370302352424137349660481695792871889573091",
)
.unwrap();
let f2 = Fq::from_str(
"47695868328933459965610498875668250916462767196500056002116961816137113470902",
)
.unwrap();
let f3 = Fq::from_str(
"29049672724678710659792141917402891276693777283079976086581207190825261000580",
)
.unwrap();
assert!(!f1.is_zero());
assert!(!f2.is_zero());
assert!(!f3.is_zero());
assert_eq!(f1 / &f2, f3);
}
#[test]
fn test_fq_sub() {
let f1 = Fq::from_str(
"18695869713129401390241150743745601908470616448391638969502807001833388904079",
)
.unwrap();
let f2 = Fq::from_str(
"10105476028534616828778879109836101003805485072436929139123765141153277007373",
)
.unwrap();
let f3 = Fq::from_str(
"8590393684594784561462271633909500904665131375954709830379041860680111896706",
)
.unwrap();
assert!(!f1.is_zero());
assert!(!f2.is_zero());
assert!(!f3.is_zero());
assert_eq!(f1 - &f2, f3);
}
#[test]
fn test_fq_double_in_place() {
let mut f1 = Fq::from_str(
"29729289787452206300641229002276778748586801323231253291984198106063944136114",
)
.unwrap();
let f3 = Fq::from_str(
"7022704399778222121834717496367591659483050145934868761364737512189307087715",
)
.unwrap();
assert!(!f1.is_zero());
assert!(!f3.is_zero());
f1.double_in_place();
assert_eq!(f1, f3);
}
#[test]
fn test_fq_double_in_place_thrice() {
let mut f1 = Fq::from_str(
"32768907806651393940832831055386272949401004221411141755415956893066040832473",
)
.unwrap();
let f3 = Fq::from_str(
"52407761752706389608871686410346320244445823769178582752913020344774001921732",
)
.unwrap();
assert!(!f1.is_zero());
assert!(!f3.is_zero());
f1.double_in_place();
f1.double_in_place();
f1.double_in_place();
assert_eq!(f1, f3);
}
#[test]
fn test_fq_generate_random_ed_on_bls12_381_point() {
let d = Fq::from_str(
"19257038036680949359750312669786877991949435402254120286184196891950884077233",
)
.unwrap();
let y = Fq::from_str(
"20269054604167148422407276086932743904275456233139568486008667107872965128512",
)
.unwrap();
let x2 = Fq::from_str(
"35041048504708632193693740149219726446678304552734087046982753200179718192840",
)
.unwrap();
let computed_y2 = y.square();
let y2 = Fq::from_str(
"22730681238307918419349440108285755984465605552827817317611903495170775437833",
)
.unwrap();
assert_eq!(y2, computed_y2);
let computed_dy2 = d * &computed_y2;
let dy2 = Fq::from_str(
"24720347560552809545835752815204882739669031262711919770503096707526812943411",
)
.unwrap();
assert_eq!(dy2, computed_dy2);
let computed_divisor = computed_dy2 + &Fq::one();
let divisor = Fq::from_str(
"24720347560552809545835752815204882739669031262711919770503096707526812943412",
)
.unwrap();
assert_eq!(divisor, computed_divisor);
let computed_x2 = (computed_y2 - &Fq::one()) / &computed_divisor;
assert_eq!(x2, computed_x2);
let x = Fq::from_str(
"15337652609730546173818014678723269532482775720866471265774032070871608223361",
)
.unwrap();
let computed_x = computed_x2.sqrt().unwrap();
assert_eq!(computed_x.square(), x2);
assert_eq!(x, computed_x);
fn add<'a>(curr: (Fq, Fq), other: &'a (Fq, Fq)) -> (Fq, Fq) {
let y1y2 = curr.1 * &other.1;
let x1x2 = curr.0 * &other.0;
let d = Fq::from_str(
"19257038036680949359750312669786877991949435402254120286184196891950884077233",
)
.unwrap();
let dx1x2y1y2 = d * &y1y2 * &x1x2;
let d1 = Fq::one() + &dx1x2y1y2;
let d2 = Fq::one() - &dx1x2y1y2;
let x1y2 = curr.0 * &other.1;
let y1x2 = curr.1 * &other.0;
let x = (x1y2 + &y1x2) / &d1;
let y = (y1y2 + &x1x2) / &d2;
(x, y)
}
let result = add((x, y), &(x, y));
let result = add(result, &result);
let result = add(result, &result);
let point_x = Fq::from_str(
"47259664076168047050113154262636619161204477920503059672059915868534495873964",
)
.unwrap();
let point_y = Fq::from_str(
"19016409245280491801573912449420132838852726543024859389273314249842195919690",
)
.unwrap();
assert_eq!((point_x, point_y), result);
}
#[test]
fn test_fq_square_in_place() {
let mut f1 = Fq::from_str(
"34864651240005695523200639428464570946052769938774601449735727714436878540682",
)
.unwrap();
let f3 =
Fq::from_str("213133100629336594719108316042277780359104840987226496279264105585804377948")
.unwrap();
assert!(!f1.is_zero());
assert!(!f3.is_zero());
f1.square_in_place();
assert_eq!(f1, f3);
}
#[test]
fn test_fq_sqrt() {
let f1 = Fq::from_str(
"10875927553327821418567659853801220899541454800710193788767706167237535308235",
)
.unwrap();
let f3 = Fq::from_str(
"10816221372957505053219354782681292880545918527618367765651802809826238616708",
)
.unwrap();
assert_eq!(f1.sqrt().unwrap(), f3);
}
#[test]
fn test_fq_from_str() {
let f1_from_repr = Fq::from(BigInteger([
0xab8a2535947d1a77,
0x9ba74cbfda0bbcda,
0xe928b59724d60baf,
0x1cccaaeb9bb1680a,
]));
let f1 = Fq::from_str(
"13026376210409056429264774981357153555336288129100724591327877625017068755575",
)
.unwrap();
let f2_from_repr = Fq::from(BigInteger([
0x97e9103775d2f35c,
0xbe6756b6c587544b,
0x6ee38c3afd88ef4b,
0x2bacd150f540c677,
]));
let f2 = Fq::from_str(
"19754794831832707859764530223239420866832328728734160755396495950822165902172",
)
.unwrap();
assert_eq!(f1_from_repr, f1);
assert_eq!(f2_from_repr, f2);
}
#[test]
fn test_fq_legendre() {
assert_eq!(QuadraticResidue, Fq::one().legendre());
assert_eq!(Zero, Fq::zero().legendre());
let e = BigInteger([
0x0dbc5349cd5664da,
0x8ac5b6296e3ae29d,
0x127cb819feceaa3b,
0x3a6b21fb03867191,
]);
assert_eq!(QuadraticResidue, Fq::from(e).legendre());
let e = BigInteger([
0x96341aefd047c045,
0x9b5f4254500a4d65,
0x1ee08223b68ac240,
0x31d9cd545c0ec7c6,
]);
assert_eq!(QuadraticNonResidue, Fq::from(e).legendre());
}
#[test]
fn test_fq_bytes() {
let f1_from_repr = Fq::from(BigInteger([
0xab8a2535947d1a77,
0x9ba74cbfda0bbcda,
0xe928b59724d60baf,
0x1cccaaeb9bb1680a,
]));
let mut f1_bytes = [0u8; 32];
f1_from_repr.write(f1_bytes.as_mut()).unwrap();
let f1 = Fq::read(f1_bytes.as_ref()).unwrap();
assert_eq!(f1_from_repr, f1);
}
#[test]
fn test_fr_add() {
let f1 = Fr::from(BigInteger([
0xc81265fb4130fe0c,
0xb308836c14e22279,
0x699e887f96bff372,
0x84ecc7e76c11ad,
]));
let f2 = Fr::from(BigInteger([
0x71875719b422efb8,
0x0043658e68a93612,
0x9fa756be2011e833,
0xaa2b2cb08dac497,
]));
let f3 = Fr::from(BigInteger([
0x3999bd14f553edc4,
0xb34be8fa7d8b588c,
0x0945df3db6d1dba5,
0xb279f92f046d645,
]));
assert_eq!(f1 + &f2, f3);
}
#[test]
fn test_fr_mul() {
let f1 = Fr::from(BigInteger([
0xc81265fb4130fe0c,
0xb308836c14e22279,
0x699e887f96bff372,
0x84ecc7e76c11ad,
]));
let f2 = Fr::from(BigInteger([
0x71875719b422efb8,
0x43658e68a93612,
0x9fa756be2011e833,
0xaa2b2cb08dac497,
]));
let f3 = Fr::from(BigInteger([
0xbe3e50c164fe3381,
0x5ac45bc180974585,
0x1c234ad6dcdc70c9,
0x15a75fba99bc8ad,
]));
assert_eq!(f1 * &f2, f3);
}
#[test]
fn test_fr_bytes() {
let f1_from_repr = Fr::from(BigInteger([
0xc81265fb4130fe0c,
0xb308836c14e22279,
0x699e887f96bff372,
0x84ecc7e76c11ad,
]));
let mut f1_bytes = [0u8; 32];
f1_from_repr.write(f1_bytes.as_mut()).unwrap();
let f1 = Fr::read(f1_bytes.as_ref()).unwrap();
assert_eq!(f1_from_repr, f1);
}
#[test]
fn test_fr_from_str() {
let f100_from_repr = Fr::from(BigInteger([0x64, 0, 0, 0]));
let f100 = Fr::from_str("100").unwrap();
assert_eq!(f100_from_repr, f100);
}

37
ed_on_bls12_381_bandersnatch/src/lib.rs
View File

@@ -1,37 +0,0 @@
#![cfg_attr(not(feature = "std"), no_std)]
#![deny(
warnings,
unused,
future_incompatible,
nonstandard_style,
rust_2018_idioms
)]
#![forbid(unsafe_code)]
//! This library implements the Bendersnatch curve, a twisted Edwards curve
//! whose base field is the scalar field of the curve BLS12-381. This allows
//! defining cryptographic primitives that use elliptic curves over the scalar
//! field of the latter curve. This curve was generated by Simon Masson from Anoma,
//! and Antonio Sanso from Ethereum Foundation, and is also known as [bandersnatch](https://ethresear.ch/t/introducing-bandersnatch-a-fast-elliptic-curve-built-over-the-bls12-381-scalar-field/9957).
//!
//! See [here](https://github.com/asanso/Bandersnatch/blob/main/README.md) for the specification of the curve.
//! There was also a Python implementation [here](https://github.com/asanso/Bandersnatch/).
//!
//! Curve information:
//! * Base field: q =
//! 52435875175126190479447740508185965837690552500527637822603658699938581184513
//! * Scalar field: r =
//! 13108968793781547619861935127046491459309155893440570251786403306729687672801
//! * Valuation(q - 1, 2) = 32
//! * Valuation(r - 1, 2) = 5
//! * Curve equation: ax^2 + y^2 =1 + dx^2y^2, where
//! * a = -5
//! * d = 45022363124591815672509500913686876175488063829319466900776701791074614335719
#[cfg(feature = "r1cs")]
pub mod constraints;
mod curves;
mod fields;
pub use curves::*;
pub use fields::*;

24
ed_on_bn254/Cargo.toml
View File

@@ -1,31 +1,31 @@
[package]
name = "ark-ed-on-bn254"
version = "0.3.0"
version = "0.1.0"
authors = [ "arkworks contributors" ]
description = "A Twisted Edwards curve defined over the scalar field of the BN254 curve"
homepage = "https://arkworks.rs"
repository = "https://github.com/arkworks-rs/curves"
repository = "https://github.com/arkworks-rs/algebra"
documentation = "https://docs.rs/ark-ed-on-bn254/"
keywords = ["cryptography", "finite-fields", "elliptic-curves" ]
keywords = ["cryptography", "finite fields", "elliptic curves" ]
categories = ["cryptography"]
include = ["Cargo.toml", "src", "README.md", "LICENSE-APACHE", "LICENSE-MIT"]
license = "MIT/Apache-2.0"
edition = "2018"
[dependencies]
ark-ff = { version = "^0.3.0", default-features = false }
ark-ec = { version = "^0.3.0", default-features = false }
ark-std = { version = "^0.3.0", default-features = false }
ark-r1cs-std = { version = "^0.3.0", default-features = false, optional = true }
ark-bn254 = { version = "^0.3.0", path = "../bn254", default-features = false, features = [ "scalar_field" ] }
ark-ff = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-ec = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-std = { git = "https://github.com/arkworks-rs/utils", default-features = false }
ark-r1cs-std = { git = "https://github.com/arkworks-rs/r1cs-std", default-features = false, optional = true }
ark-bn254 = { path = "../bn254", default-features = false, features = [ "scalar_field" ] }
[dev-dependencies]
ark-relations = { version = "^0.3.0", default-features = false }
ark-serialize = { version = "^0.3.0", default-features = false }
ark-algebra-test-templates = { version = "^0.3.0", default-features = false }
ark-relations = { git = "https://github.com/arkworks-rs/snark", default-features = false }
ark-serialize = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-algebra-test-templates = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-curve-constraint-tests = { path = "../curve-constraint-tests", default-features = false }
[features]
default = []
std = [ "ark-std/std", "ark-ff/std", "ark-ec/std", "ark-bn254/std" ]
r1cs = ["ark-r1cs-std"]
r1cs = ["ark-r1cs-std"]

6
ed_on_bn254/src/constraints/curves.rs
View File

@@ -1,10 +1,12 @@
use crate::*;
use ark_r1cs_std::groups::curves::twisted_edwards::AffineVar;
use crate::constraints::FqVar;
/// A variable that is the R1CS equivalent of `crate::EdwardsAffine`.
pub type EdwardsVar = AffineVar<EdwardsParameters>;
pub type EdwardsVar = AffineVar<EdwardsParameters, FqVar>;
#[test]
fn test() {
ark_curve_constraint_tests::curves::te_test::<EdwardsParameters>().unwrap();
ark_curve_constraint_tests::curves::te_test::<_, EdwardsVar>().unwrap();
}

16
ed_on_bw6_761/Cargo.toml
View File

@@ -1,25 +1,25 @@
[package]
name = "ark-ed-on-bw6-761"
version = "0.3.0"
version = "0.1.0"
authors = [ "arkworks contributors" ]
description = "A Twisted Edwards curve defined over the scalar field of the BW6-761 curve"
homepage = "https://arkworks.rs"
repository = "https://github.com/arkworks-rs/curves"
repository = "https://github.com/arkworks-rs/algebra"
documentation = "https://docs.rs/ark-ed-on-bw6-761/"
keywords = ["cryptography", "finite-fields", "elliptic-curves" ]
keywords = ["cryptography", "finite fields", "elliptic curves" ]
categories = ["cryptography"]
include = ["Cargo.toml", "src", "README.md", "LICENSE-APACHE", "LICENSE-MIT"]
license = "MIT/Apache-2.0"
edition = "2018"
[dependencies]
ark-ed-on-cp6-782 = { version = "^0.3.0", path = "../ed_on_cp6_782", default-features = false }
ark-ed-on-cp6-782 = { path = "../ed_on_cp6_782", default-features = false }
[dev-dependencies]
ark-relations = { version = "^0.3.0", default-features = false }
ark-r1cs-std = { version = "^0.3.0", default-features = false }
ark-ff = { version = "^0.3.0", default-features = false }
ark-std = { version = "^0.3.0", default-features = false }
ark-relations = { git = "https://github.com/arkworks-rs/snark", default-features = false }
ark-r1cs-std = { git = "https://github.com/arkworks-rs/r1cs-std", default-features = false }
ark-ff = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-std = { git = "https://github.com/arkworks-rs/utils", default-features = false }
[features]
default = []

2
ed_on_bw6_761/src/lib.rs
View File

@@ -4,7 +4,7 @@
//! curve BW6_761. *It is the same curve as that in `ark-ed_on_cp6_782`.*
//! This allows defining cryptographic primitives that use elliptic curves over the scalar field of
//! the latter curve. This curve was generated as part of the paper
//! [\[BCGMMW20, “Zexe”\]](https://eprint.iacr.org/2018/962).
//! [[BCGMMW20, “Zexe”]](https://eprint.iacr.org/2018/962).
//!
//! Curve information:
//! * Base field: q = 258664426012969094010652733694893533536393512754914660539884262666720468348340822774968888139573360124440321458177

22
ed_on_cp6_782/Cargo.toml
View File

@@ -1,28 +1,28 @@
[package]
name = "ark-ed-on-cp6-782"
version = "0.3.0"
version = "0.1.0"
authors = [ "arkworks contributors" ]
description = "A Twisted Edwards curve defined over the scalar field of the CP6-782 curve"
homepage = "https://arkworks.rs"
repository = "https://github.com/arkworks-rs/curves"
repository = "https://github.com/arkworks-rs/algebra"
documentation = "https://docs.rs/ark-ed-on-cp6-782/"
keywords = ["cryptography", "finite-fields", "elliptic-curves" ]
keywords = ["cryptography", "finite fields", "elliptic curves" ]
categories = ["cryptography"]
include = ["Cargo.toml", "src", "README.md", "LICENSE-APACHE", "LICENSE-MIT"]
license = "MIT/Apache-2.0"
edition = "2018"
[dependencies]
ark-ff = { version = "^0.3.0", default-features = false }
ark-ec = { version = "^0.3.0", default-features = false }
ark-std = { version = "^0.3.0", default-features = false }
ark-r1cs-std = { version = "^0.3.0", default-features = false, optional = true }
ark-bls12-377 = { version = "^0.3.0", path = "../bls12_377", default-features = false, features = [ "base_field" ] }
ark-ff = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-ec = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-std = { git = "https://github.com/arkworks-rs/utils", default-features = false }
ark-r1cs-std = { git = "https://github.com/arkworks-rs/r1cs-std", default-features = false, optional = true }
ark-bls12-377 = { path = "../bls12_377", default-features = false, features = [ "base_field" ] }
[dev-dependencies]
ark-relations = { version = "^0.3.0", default-features = false }
ark-serialize = { version = "^0.3.0", default-features = false }
ark-algebra-test-templates = { version = "^0.3.0", default-features = false }
ark-relations = { git = "https://github.com/arkworks-rs/snark", default-features = false }
ark-serialize = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-algebra-test-templates = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-curve-constraint-tests = { path = "../curve-constraint-tests", default-features = false }
[features]

6
ed_on_cp6_782/src/constraints/curves.rs
View File

@@ -1,10 +1,12 @@
use crate::*;
use ark_r1cs_std::groups::curves::twisted_edwards::AffineVar;
use crate::constraints::FqVar;
/// A variable that is the R1CS equivalent of `crate::EdwardsAffine`.
pub type EdwardsVar = AffineVar<EdwardsParameters>;
pub type EdwardsVar = AffineVar<EdwardsParameters, FqVar>;
#[test]
fn test() {
ark_curve_constraint_tests::curves::te_test::<EdwardsParameters>().unwrap();
ark_curve_constraint_tests::curves::te_test::<EdwardsParameters, EdwardsVar>().unwrap();
}

2
ed_on_cp6_782/src/lib.rs
View File

@@ -10,7 +10,7 @@
//! This library implements a twisted Edwards curve whose base field is the scalar field of the curve CP6.
//! This allows defining cryptographic primitives that use elliptic curves over the scalar field of the latter curve.
//! This curve was generated as part of the paper [\[BCGMMW20, “Zexe”\]](https://eprint.iacr.org/2018/962).
//! This curve was generated as part of the paper [[BCGMMW20, “Zexe”]](https://eprint.iacr.org/2018/962).
//!
//! Curve information:
//! * Base field: q = 258664426012969094010652733694893533536393512754914660539884262666720468348340822774968888139573360124440321458177

22
ed_on_mnt4_298/Cargo.toml
View File

@@ -1,28 +1,28 @@
[package]
name = "ark-ed-on-mnt4-298"
version = "0.3.0"
version = "0.1.0"
authors = [ "arkworks contributors" ]
description = "A Twisted Edwards curve defined over the scalar field of the MNT4-298 curve"
homepage = "https://arkworks.rs"
repository = "https://github.com/arkworks-rs/curves"
repository = "https://github.com/arkworks-rs/algebra"
documentation = "https://docs.rs/ark-ed-on-mnt4-298/"
keywords = ["cryptography", "finite-fields", "elliptic-curves" ]
keywords = ["cryptography", "finite fields", "elliptic curves" ]
categories = ["cryptography"]
include = ["Cargo.toml", "src", "README.md", "LICENSE-APACHE", "LICENSE-MIT"]
license = "MIT/Apache-2.0"
edition = "2018"
[dependencies]
ark-ff = { version = "^0.3.0", default-features = false }
ark-ec = { version = "^0.3.0", default-features = false }
ark-std = { version = "^0.3.0", default-features = false }
ark-r1cs-std = { version = "^0.3.0", default-features = false, optional = true }
ark-mnt4-298 = { version = "^0.3.0", path = "../mnt4_298", default-features = false, features = [ "scalar_field" ] }
ark-ff = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-ec = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-std = { git = "https://github.com/arkworks-rs/utils", default-features = false }
ark-r1cs-std = { git = "https://github.com/arkworks-rs/r1cs-std", default-features = false, optional = true }
ark-mnt4-298 = { path = "../mnt4_298", default-features = false, features = [ "scalar_field" ] }
[dev-dependencies]
ark-relations = { version = "^0.3.0", default-features = false }
ark-serialize = { version = "^0.3.0", default-features = false }
ark-algebra-test-templates = { version = "^0.3.0", default-features = false }
ark-relations = { git = "https://github.com/arkworks-rs/snark", default-features = false }
ark-serialize = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-algebra-test-templates = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-curve-constraint-tests = { path = "../curve-constraint-tests", default-features = false }
[features]

6
ed_on_mnt4_298/src/constraints/curves.rs
View File

@@ -1,10 +1,12 @@
use crate::*;
use ark_r1cs_std::groups::curves::twisted_edwards::AffineVar;
use crate::constraints::fields::FqVar;
/// A variable that is the R1CS equivalent of `crate::EdwardsAffine`.
pub type EdwardsVar = AffineVar<EdwardsParameters>;
pub type EdwardsVar = AffineVar<EdwardsParameters, FqVar>;
#[test]
fn test() {
ark_curve_constraint_tests::curves::te_test::<EdwardsParameters>().unwrap();
ark_curve_constraint_tests::curves::te_test::<EdwardsParameters, EdwardsVar>().unwrap();
}

24
ed_on_mnt4_753/Cargo.toml
View File

@@ -1,31 +1,31 @@
[package]
name = "ark-ed-on-mnt4-753"
version = "0.3.0"
version = "0.1.0"
authors = [ "arkworks contributors" ]
description = "A Twisted Edwards curve defined over the scalar field of the MNT4-753 curve"
homepage = "https://arkworks.rs"
repository = "https://github.com/arkworks-rs/curves"
repository = "https://github.com/arkworks-rs/algebra"
documentation = "https://docs.rs/ark-ed-on-mnt4-753/"
keywords = ["cryptography", "finite-fields", "elliptic-curves" ]
keywords = ["cryptography", "finite fields", "elliptic curves" ]
categories = ["cryptography"]
include = ["Cargo.toml", "src", "README.md", "LICENSE-APACHE", "LICENSE-MIT"]
license = "MIT/Apache-2.0"
edition = "2018"
[dependencies]
ark-ff = { version = "^0.3.0", default-features = false }
ark-ec = { version = "^0.3.0", default-features = false }
ark-std = { version = "^0.3.0", default-features = false }
ark-r1cs-std = { version = "^0.3.0", default-features = false, optional = true }
ark-mnt4-753 = { version = "^0.3.0", path = "../mnt4_753", default-features = false, features = [ "scalar_field" ] }
ark-ff = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-ec = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-std = { git = "https://github.com/arkworks-rs/utils", default-features = false }
ark-r1cs-std = { git = "https://github.com/arkworks-rs/r1cs-std", default-features = false, optional = true }
ark-mnt4-753 = { path = "../mnt4_753", default-features = false, features = [ "scalar_field" ] }
[dev-dependencies]
ark-relations = { version = "^0.3.0", default-features = false }
ark-serialize = { version = "^0.3.0", default-features = false }
ark-algebra-test-templates = { version = "^0.3.0", default-features = false }
ark-relations = { git = "https://github.com/arkworks-rs/snark", default-features = false }
ark-serialize = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-algebra-test-templates = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-curve-constraint-tests = { path = "../curve-constraint-tests", default-features = false }
[features]
default = []
std = [ "ark-std/std", "ark-ff/std", "ark-ec/std", "ark-mnt4-753/std" ]
r1cs = ["ark-r1cs-std"]
r1cs = ["ark-r1cs-std"]

8
ed_on_mnt4_753/src/constraints/curves.rs
View File

@@ -1,10 +1,12 @@
use crate::*;
use ark_r1cs_std::groups::curves::twisted_edwards::AffineVar;
use crate::*;
use crate::constraints::fields::FqVar;
/// A variable that is the R1CS equivalent of `crate::EdwardsAffine`.
pub type EdwardsVar = AffineVar<EdwardsParameters>;
pub type EdwardsVar = AffineVar<EdwardsParameters, FqVar>;
#[test]
fn test() {
ark_curve_constraint_tests::curves::te_test::<EdwardsParameters>().unwrap();
ark_curve_constraint_tests::curves::te_test::<EdwardsParameters, EdwardsVar>().unwrap();
}

2
ed_on_mnt4_753/src/constraints/fields.rs
View File

@@ -1,5 +1,5 @@
use crate::fq::Fq;
use ark_r1cs_std::fields::fp::FpVar;
use crate::fq::Fq;
/// A variable that is the R1CS equivalent of `crate::Fq`.
pub type FqVar = FpVar<Fq>;

134
ed_on_mnt4_753/src/curves/mod.rs
View File

@@ -2,7 +2,7 @@ use ark_ec::{
models::{ModelParameters, MontgomeryModelParameters, TEModelParameters},
twisted_edwards_extended::{GroupAffine, GroupProjective},
};
use ark_ff::field_new;
use ark_ff::{biginteger::BigInteger768, field_new};
use crate::{fq::Fq, fr::Fr};
@@ -20,22 +20,75 @@ impl ModelParameters for EdwardsParameters {
type ScalarField = Fr;
}
// Many parameters need to be written down in the Montgomery residue form,
// discussed below. Some useful numbers:
// R for Fq: 11407975440035778516953587871987109648531742722982233186120790377529569367095961954159305159259556262528904776132787438725571821295685691762729353555475679813615501328617736020411951837995932262333059670631633855898874183380802
// R for Fr: 933352698056040166367534174176950366489065242993745918174914647273231163953185260894581718311971532174387033963715296372791285468903747270837716556902938133611910788060028435531754797383796835009316018259656953442114538695438
impl TEModelParameters for EdwardsParameters {
/// COEFF_A = -1
/// Needs to be in the Montgomery residue form in Fq
/// I.e., -1 * R for Fq
/// = 30490515527883174885390626919253527479638967196971715885662712543495783445475144818899588604530782658889166195755671038597601236195908163306966888299320716352105914996732328421058466299850466207278876048428274308321910292779199
#[rustfmt::skip]
const COEFF_A: Fq = field_new!(Fq, "-1");
const COEFF_A: Fq = field_new!(Fq, BigInteger768([
2265581976117350591u64,
18442012872391748519u64,
3807704300793525789u64,
12280644139289115082u64,
10655371227771325282u64,
1346491763263331896u64,
7477357615964975877u64,
12570239403004322603u64,
2180620924574446161u64,
12129628062772479841u64,
8853285699251153944u64,
362282887012814u64,
]));
/// COEFF_D = 317690
/// Needs to be in the Montgomery residue form in Fq
/// I.e., 317690 * R for Fq
/// = 22147310944926701613095824060993292411108298129020138512675871596899298127988454048404371067902679066037332245471578749765607461010546427833106841035248048771826362113332201923280907352099197626899000000763383579702914883060881
#[rustfmt::skip]
const COEFF_D: Fq = field_new!(Fq, "317690");
const COEFF_D: Fq = field_new!(Fq, BigInteger768([
17599538631181665425u64,
541385733032329781u64,
10984951882154109942u64,
6745898816867096302u64,
8606788232777167026u64,
17697068798460151905u64,
7726746940317276687u64,
16708084840201435716u64,
10141323747759975110u64,
6527904409415579649u64,
18367733563217133340u64,
263150412834478u64,
]));
/// COFACTOR = 8
const COFACTOR: &'static [u64] = &[8];
/// COFACTOR_INV (mod r) =
/// 4582647449616135528381398492791944685893671397494963179726320631987147963874964803303316505414568319530101512550297775574042810022553679071007001162683923594233560231270043634777390699589793776691858866199511300853468155295505
/// Needs to be in the Montgomery residue form in Fr
/// I.e., COFACTOR_INV * R for Fr
/// = 1425996930004472314619198483998388706066467840372779148265098797191196170886995244269913144907444532816113097116978062210611142118628305286285286330379702579339648914584658878663580978127201397716695606910888919424112361707074
#[rustfmt::skip]
const COFACTOR_INV: Fr = field_new!(Fr, "4582647449616135528381398492791944685893671397494963179726320631987147963874964803303316505414568319530101512550297775574042810022553679071007001162683923594233560231270043634777390699589793776691858866199511300853468155295505");
const COFACTOR_INV: Fr = field_new!(Fr, BigInteger768([
18349096995079034434u64,
12232096963923221952u64,
10313403112747203584u64,
7266093872567585103u64,
9102010985112647012u64,
11539789563873699451u64,
5062476400815403157u64,
3112383580531982668u64,
9803941911066678468u64,
11670110706913295633u64,
5956199581925454898u64,
16943442107464u64,
]));
/// Generated randomly
const AFFINE_GENERATOR_COEFFS: (Self::BaseField, Self::BaseField) = (GENERATOR_X, GENERATOR_Y);
@@ -51,22 +104,85 @@ impl TEModelParameters for EdwardsParameters {
impl MontgomeryModelParameters for EdwardsParameters {
/// COEFF_A = 40212480635445336270302172549278415015971955924352275480357619589919378421241453024646804979794897776496091377551124233752850182852486874251193367187677349266115879541798515219680194853352256809837126277708211496794264654247419
/// Needs to be in the Montgomery residue form in Fq
/// I.e., COEFF_A * R for Fq
/// = 30548714567617468394128273134168309733495884043859854416819409495212098575586848195824755026287273763308450716502830186864520759966983420083939453225231731740328282532297868204762840705631404761799649264638732114864775402781225
#[rustfmt::skip]
const COEFF_A: Fq = field_new!(Fq, "40212480635445336270302172549278415015971955924352275480357619589919378421241453024646804979794897776496091377551124233752850182852486874251193367187677349266115879541798515219680194853352256809837126277708211496794264654247419");
const COEFF_A: Fq = field_new!(Fq, BigInteger768([
4717325759818398249u64,
9984799932299155706u64,
1320735555238925850u64,
17027346723122076572u64,
2632519042034336982u64,
15439824589583270152u64,
8351651296737343223u64,
11351622927160584696u64,
3108522085485690820u64,
6958456540352275598u64,
16034686916204205245u64,
362974397660347u64,
]));
/// COEFF_B = 1686010332473617132042042241962222112198753995601673591425883331105974391329653748412088783995441144921979594337334243570322874639106980818502874667119046899605536783551549221790223284494141659774809441351696667426519821912580
/// Needs to be in the Montgomery residue form in Fq
// I.e., COEFF_B * R for Fq
// = 30432316488148881376652980704338745225782050350083577354506015591779468315363441441974422182774291554469881675008511890330681712424832906529994323373409700963883547461166788637354091894069527652758102832217816501779045182777173
#[rustfmt::skip]
const COEFF_B: Fq = field_new!(Fq, "1686010332473617132042042241962222112198753995601673591425883331105974391329653748412088783995441144921979594337334243570322874639106980818502874667119046899605536783551549221790223284494141659774809441351696667426519821912580");
const COEFF_B: Fq = field_new!(Fq, BigInteger768([
18260582266125854549u64,
8452481738774789715u64,
6294673046348125729u64,
7533941555456153592u64,
231479339798761966u64,
5699903010652945257u64,
6603063935192608530u64,
13788855878848060510u64,
1252719763663201502u64,
17300799585192684084u64,
1671884482298102643u64,
361591376365281u64,
]));
type TEModelParameters = EdwardsParameters;
}
/// GENERATOR_X =
/// 41126137307536311801428235632419266329480236393691483739251051053325519918069469184425962602019877935619960143044210127218431046103600632347238890180171944971817510488009355627861577881883236134824745174469522277738875418206826
/// Needs to be in the Montgomery residue form in Fq
/// I.e., GENERATOR_X * R for Fq
/// = 17458296603084005843875564204476809882690765950143935590811069375604430769391871724158635621148427226413334766092842987247361751645959801401160673759590522483750685475882467271029344718076741595831312033991612062403782328664175
#[rustfmt::skip]
const GENERATOR_X: Fq = field_new!(Fq, "41126137307536311801428235632419266329480236393691483739251051053325519918069469184425962602019877935619960143044210127218431046103600632347238890180171944971817510488009355627861577881883236134824745174469522277738875418206826");
const GENERATOR_X: Fq = field_new!(Fq, BigInteger768([
13391543849638641775u64,
1472718285337442467u64,
1704796371472020786u64,
1309193942690519845u64,
11187264906425773918u64,
11963130799714018220u64,
10821241385017749516u64,
4661882526685671286u64,
8328914571224024668u64,
17202160931109725769u64,
4708938015393622850u64,
207436377712515u64,
]));
/// GENERATOR_Y =
/// 18249602579663240810999977712212098844157230095713722119136881953011435881503578209163288529034825612841855863913294174196656077002578342108932925693640046298989762289691399012056048139253937882385653600831389370198228562812681
/// Needs to be in the Montgomery residue form in Fq
/// I.e., GENERATOR_Y * R for Fq
/// = 9017791529346511307345374145466037779022974291216533108328228023141994468888559894991603799439817566592668010556604996318161436165296215592281656017954181737938978992370627048110847574165717052386876801764386102664064737203581
#[rustfmt::skip]
const GENERATOR_Y: Fq = field_new!(Fq, "18249602579663240810999977712212098844157230095713722119136881953011435881503578209163288529034825612841855863913294174196656077002578342108932925693640046298989762289691399012056048139253937882385653600831389370198228562812681");
const GENERATOR_Y: Fq = field_new!(Fq, BigInteger768([
16764059510974436733u64,
10694630934032454957u64,
15899992550979352399u64,
17663221529566141065u64,
3780246386961240559u64,
6062186621379836072u64,
11042203340250178810u64,
1263100291243127914u64,
14407501552666806512u64,
13385165116432280059u64,
11978187531853934313u64,
107147796394053u64,
]));

2
ed_on_mnt4_753/src/curves/tests.rs
View File

@@ -1,6 +1,6 @@
use ark_ec::{AffineCurve, ProjectiveCurve};
use ark_std::rand::Rng;
use ark_std::test_rng;
use ark_std::rand::Rng;
use crate::*;

2
ed_on_mnt4_753/src/fields/tests.rs
View File

@@ -1,5 +1,5 @@
use ark_std::rand::Rng;
use ark_std::test_rng;
use ark_std::rand::Rng;
use crate::{Fq, Fr};
use ark_algebra_test_templates::fields::*;

4
ed_on_mnt4_753/src/lib.rs
View File

@@ -21,10 +21,10 @@
//! * a = -1
//! * d = 317690 mod q
#[cfg(feature = "r1cs")]
pub mod constraints;
mod curves;
mod fields;
#[cfg(feature = "r1cs")]
pub mod constraints;
pub use curves::*;
pub use fields::*;

20
mnt4_298/Cargo.toml
View File

@@ -1,27 +1,27 @@
[package]
name = "ark-mnt4-298"
version = "0.3.0"
version = "0.1.0"
authors = [ "arkworks contributors" ]
description = "The MNT4-298 pairing-friendly elliptic curve"
homepage = "https://arkworks.rs"
repository = "https://github.com/arkworks-rs/curves"
repository = "https://github.com/arkworks-rs/algebra"
documentation = "https://docs.rs/ark-mnt4-298/"
keywords = ["cryptography", "finite-fields" ]
keywords = ["cryptography", "finite fields" ]
categories = ["cryptography"]
include = ["Cargo.toml", "src", "README.md", "LICENSE-APACHE", "LICENSE-MIT"]
license = "MIT/Apache-2.0"
edition = "2018"
[dependencies]
ark-ff = { version = "^0.3.0", default-features = false }
ark-ec = { version = "^0.3.0", default-features = false }
ark-std = { version = "^0.3.0", default-features = false }
ark-r1cs-std = { version = "^0.3.0", default-features = false, optional = true }
ark-ff = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-ec = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-std = { git = "https://github.com/arkworks-rs/utils", default-features = false }
ark-r1cs-std = { git = "https://github.com/arkworks-rs/r1cs-std", default-features = false, optional = true }
[dev-dependencies]
ark-relations = { version = "^0.3.0", default-features = false }
ark-serialize = { version = "^0.3.0", default-features = false }
ark-algebra-test-templates = { version = "^0.3.0", default-features = false }
ark-relations = { git = "https://github.com/arkworks-rs/snark", default-features = false }
ark-serialize = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-algebra-test-templates = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-curve-constraint-tests = { path = "../curve-constraint-tests", default-features = false }
[features]

14
mnt4_298/src/constraints/curves.rs
View File

@@ -16,8 +16,14 @@ pub type G2PreparedVar = mnt4::G2PreparedVar<Parameters>;
#[test]
fn test() {
use ark_ec::models::mnt4::MNT4Parameters;
ark_curve_constraint_tests::curves::sw_test::<<Parameters as MNT4Parameters>::G1Parameters>()
.unwrap();
ark_curve_constraint_tests::curves::sw_test::<<Parameters as MNT4Parameters>::G2Parameters>()
.unwrap();
ark_curve_constraint_tests::curves::sw_test::<
<Parameters as MNT4Parameters>::G1Parameters,
G1Var,
>()
.unwrap();
ark_curve_constraint_tests::curves::sw_test::<
<Parameters as MNT4Parameters>::G2Parameters,
G2Var,
>()
.unwrap();
}

12
mnt4_298/src/constraints/mod.rs
View File

@@ -130,17 +130,17 @@
//! let pairing_result_native = MNT4_298::pairing(a_native, b_native);
//!
//! // Prepare `a` and `b` for pairing.
//! let a_prep = MNT4_298::prepare_g1(&a)?;
//! let b_prep = MNT4_298::prepare_g2(&b)?;
//! let pairing_result = MNT4_298::pairing_gadget(a_prep, b_prep)?;
//! let a_prep = constraints::PairingVar::prepare_g1(&a)?;
//! let b_prep = constraints::PairingVar::prepare_g2(&b)?;
//! let pairing_result = constraints::PairingVar::pairing(a_prep, b_prep)?;
//!
//! // Check that the value of &a + &b is correct.
//! assert_eq!(pairing_result.value()?, pairing_result_native);
//!
//! // Check that operations on variables and constants are equivalent.
//! let a_prep_const = MNT4_298::prepare_g1(&a_const)?;
//! let b_prep_const = MNT4_298::prepare_g2(&b_const)?;
//! let pairing_result_const = MNT4_298::pairing_gadget(a_prep_const, b_prep_const)?;
//! let a_prep_const = constraints::PairingVar::prepare_g1(&a_const)?;
//! let b_prep_const = constraints::PairingVar::prepare_g2(&b_const)?;
//! let pairing_result_const = constraints::PairingVar::pairing(a_prep_const, b_prep_const)?;
//! println!("Done here 3");
//!
//! pairing_result.enforce_equal(&pairing_result_const)?;

6
mnt4_298/src/constraints/pairing.rs
View File

@@ -1,8 +1,10 @@
use crate::Parameters;
/// Specifies the constraints for computing a pairing in the MNT4-298 bilinear group.
pub use crate::MNT4_298;
pub type PairingVar = ark_r1cs_std::pairing::mnt4::PairingVar<Parameters>;
#[test]
fn test() {
use crate::MNT4_298;
ark_curve_constraint_tests::pairing::bilinearity_test::<MNT4_298>().unwrap()
ark_curve_constraint_tests::pairing::bilinearity_test::<MNT4_298, PairingVar>().unwrap()
}

8
mnt4_298/src/curves/g1.rs
View File

@@ -19,12 +19,12 @@ impl ModelParameters for Parameters {
impl SWModelParameters for Parameters {
/// COEFF_A = 2
/// Reference: <https://github.com/scipr-lab/libff/blob/c927821ebe02e0a24b5e0f9170cec5e211a35f08/libff/algebra/curves/mnt/mnt4/mnt4_init.cpp#L116>
/// Reference: https://github.com/scipr-lab/libff/blob/c927821ebe02e0a24b5e0f9170cec5e211a35f08/libff/algebra/curves/mnt/mnt4/mnt4_init.cpp#L116
#[rustfmt::skip]
const COEFF_A: Fq = field_new!(Fq, "2");
/// COEFF_B = 423894536526684178289416011533888240029318103673896002803341544124054745019340795360841685
/// Reference: <https://github.com/scipr-lab/libff/blob/c927821ebe02e0a24b5e0f9170cec5e211a35f08/libff/algebra/curves/mnt/mnt4/mnt4_init.cpp#L117>
/// Reference: https://github.com/scipr-lab/libff/blob/c927821ebe02e0a24b5e0f9170cec5e211a35f08/libff/algebra/curves/mnt/mnt4/mnt4_init.cpp#L117
#[rustfmt::skip]
const COEFF_B: Fq = field_new!(Fq, "423894536526684178289416011533888240029318103673896002803341544124054745019340795360841685");
@@ -45,11 +45,11 @@ impl SWModelParameters for Parameters {
// X = 60760244141852568949126569781626075788424196370144486719385562369396875346601926534016838,
// Y = 363732850702582978263902770815145784459747722357071843971107674179038674942891694705904306,
/// G1_GENERATOR_X
/// Reference: <https://github.com/scipr-lab/libff/blob/c927821ebe02e0a24b5e0f9170cec5e211a35f08/libff/algebra/curves/mnt/mnt4/mnt4_init.cpp#L137>
/// Reference: https://github.com/scipr-lab/libff/blob/c927821ebe02e0a24b5e0f9170cec5e211a35f08/libff/algebra/curves/mnt/mnt4/mnt4_init.cpp#L137
#[rustfmt::skip]
pub const G1_GENERATOR_X: Fq = field_new!(Fq, "60760244141852568949126569781626075788424196370144486719385562369396875346601926534016838");
/// G1_GENERATOR_Y
/// Reference: <https://github.com/scipr-lab/libff/blob/c927821ebe02e0a24b5e0f9170cec5e211a35f08/libff/algebra/curves/mnt/mnt4/mnt4_init.cpp#L138>
/// Reference: https://github.com/scipr-lab/libff/blob/c927821ebe02e0a24b5e0f9170cec5e211a35f08/libff/algebra/curves/mnt/mnt4/mnt4_init.cpp#L138
#[rustfmt::skip]
pub const G1_GENERATOR_Y: Fq = field_new!(Fq, "363732850702582978263902770815145784459747722357071843971107674179038674942891694705904306");

2
mnt4_298/src/lib.rs
View File

@@ -9,7 +9,7 @@
#![forbid(unsafe_code)]
//! This library implements the MNT4_298 curve generated by
//! [\[BCTV14\]](https://eprint.iacr.org/2014/595). The name denotes that it is a
//! [[BCTV14]](https://eprint.iacr.org/2014/595). The name denotes that it is a
//! Miyaji--Nakabayashi--Takano curve of embedding degree 4, defined over a 298-bit (prime) field.
//! The main feature of this curve is that its scalar field and base field respectively equal the
//! base field and scalar field of MNT6_298.

20
mnt4_753/Cargo.toml
View File

@@ -1,27 +1,27 @@
[package]
name = "ark-mnt4-753"
version = "0.3.0"
version = "0.1.0"
authors = [ "arkworks contributors" ]
description = "The MNT4-753 pairing-friendly elliptic curve"
homepage = "https://arkworks.rs"
repository = "https://github.com/arkworks-rs/curves"
repository = "https://github.com/arkworks-rs/algebra"
documentation = "https://docs.rs/ark-mnt4-753/"
keywords = ["cryptography", "finite-fields" ]
keywords = ["cryptography", "finite fields" ]
categories = ["cryptography"]
include = ["Cargo.toml", "src", "README.md", "LICENSE-APACHE", "LICENSE-MIT"]
license = "MIT/Apache-2.0"
edition = "2018"
[dependencies]
ark-ff = { version = "^0.3.0", default-features = false }
ark-ec = { version = "^0.3.0", default-features = false }
ark-std = { version = "^0.3.0", default-features = false }
ark-r1cs-std = { version = "^0.3.0", default-features = false, optional = true }
ark-ff = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-ec = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-std = { git = "https://github.com/arkworks-rs/utils", default-features = false }
ark-r1cs-std = { git = "https://github.com/arkworks-rs/r1cs-std", default-features = false, optional = true }
[dev-dependencies]
ark-relations = { version = "^0.3.0", default-features = false }
ark-serialize = { version = "^0.3.0", default-features = false }
ark-algebra-test-templates = { version = "^0.3.0", default-features = false }
ark-relations = { git = "https://github.com/arkworks-rs/snark", default-features = false }
ark-serialize = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-algebra-test-templates = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-curve-constraint-tests = { path = "../curve-constraint-tests", default-features = false }
[features]

14
mnt4_753/src/constraints/curves.rs
View File

@@ -16,8 +16,14 @@ pub type G2PreparedVar = mnt4::G2PreparedVar<Parameters>;
#[test]
fn test() {
use ark_ec::models::mnt4::MNT4Parameters;
ark_curve_constraint_tests::curves::sw_test::<<Parameters as MNT4Parameters>::G1Parameters>()
.unwrap();
ark_curve_constraint_tests::curves::sw_test::<<Parameters as MNT4Parameters>::G2Parameters>()
.unwrap();
ark_curve_constraint_tests::curves::sw_test::<
<Parameters as MNT4Parameters>::G1Parameters,
G1Var,
>()
.unwrap();
ark_curve_constraint_tests::curves::sw_test::<
<Parameters as MNT4Parameters>::G2Parameters,
G2Var,
>()
.unwrap();
}

12
mnt4_753/src/constraints/mod.rs
View File

@@ -130,17 +130,17 @@
//! let pairing_result_native = MNT4_753::pairing(a_native, b_native);
//!
//! // Prepare `a` and `b` for pairing.
//! let a_prep = MNT4_753::prepare_g1(&a)?;
//! let b_prep = MNT4_753::prepare_g2(&b)?;
//! let pairing_result = MNT4_753::pairing_gadget(a_prep, b_prep)?;
//! let a_prep = constraints::PairingVar::prepare_g1(&a)?;
//! let b_prep = constraints::PairingVar::prepare_g2(&b)?;
//! let pairing_result = constraints::PairingVar::pairing(a_prep, b_prep)?;
//!
//! // Check that the value of &a + &b is correct.
//! assert_eq!(pairing_result.value()?, pairing_result_native);
//!
//! // Check that operations on variables and constants are equivalent.
//! let a_prep_const = MNT4_753::prepare_g1(&a_const)?;
//! let b_prep_const = MNT4_753::prepare_g2(&b_const)?;
//! let pairing_result_const = MNT4_753::pairing_gadget(a_prep_const, b_prep_const)?;
//! let a_prep_const = constraints::PairingVar::prepare_g1(&a_const)?;
//! let b_prep_const = constraints::PairingVar::prepare_g2(&b_const)?;
//! let pairing_result_const = constraints::PairingVar::pairing(a_prep_const, b_prep_const)?;
//! println!("Done here 3");
//!
//! pairing_result.enforce_equal(&pairing_result_const)?;

6
mnt4_753/src/constraints/pairing.rs
View File

@@ -1,8 +1,10 @@
use crate::Parameters;
/// Specifies the constraints for computing a pairing in the MNT4-753 bilinear group.
pub use crate::MNT4_753;
pub type PairingVar = ark_r1cs_std::pairing::mnt4::PairingVar<Parameters>;
#[test]
fn test() {
use crate::MNT4_753;
ark_curve_constraint_tests::pairing::bilinearity_test::<MNT4_753>().unwrap()
ark_curve_constraint_tests::pairing::bilinearity_test::<MNT4_753, PairingVar>().unwrap()
}

2
mnt4_753/src/lib.rs
View File

@@ -9,7 +9,7 @@
#![forbid(unsafe_code)]
//! This library implements the MNT4_753 curve generated in
//! [\[BCTV14\]](https://eprint.iacr.org/2014/595). The name denotes that it is a
//! [[BCTV14]](https://eprint.iacr.org/2014/595). The name denotes that it is a
//! Miyaji--Nakabayashi--Takano curve of embedding degree 4, defined over a 753-bit (prime) field.
//! The main feature of this curve is that its scalar field and base field respectively equal the
//! base field and scalar field of MNT6_753.

22
mnt6_298/Cargo.toml
View File

@@ -1,28 +1,28 @@
[package]
name = "ark-mnt6-298"
version = "0.3.0"
version = "0.1.0"
authors = [ "arkworks contributors" ]
description = "The MNT6-298 pairing-friendly elliptic curve"
homepage = "https://arkworks.rs"
repository = "https://github.com/arkworks-rs/curves"
repository = "https://github.com/arkworks-rs/algebra"
documentation = "https://docs.rs/ark-mnt6-298/"
keywords = ["cryptography", "finite-fields", "elliptic-curves"]
keywords = ["cryptography", "finite fields" ]
categories = ["cryptography"]
include = ["Cargo.toml", "src", "README.md", "LICENSE-APACHE", "LICENSE-MIT"]
license = "MIT/Apache-2.0"
edition = "2018"
[dependencies]
ark-ff = { version = "^0.3.0", default-features = false }
ark-ec = { version = "^0.3.0", default-features = false }
ark-std = { version = "^0.3.0", default-features = false }
ark-r1cs-std = { version = "^0.3.0", default-features = false, optional = true }
ark-mnt4-298 = { version = "^0.3.0", path = "../mnt4_298", default-features = false, features = [ "scalar_field", "base_field" ] }
ark-ff = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-ec = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-std = { git = "https://github.com/arkworks-rs/utils", default-features = false }
ark-r1cs-std = { git = "https://github.com/arkworks-rs/r1cs-std", default-features = false, optional = true }
ark-mnt4-298 = { path = "../mnt4_298", default-features = false, features = [ "scalar_field", "base_field" ] }
[dev-dependencies]
ark-relations = { version = "^0.3.0", default-features = false }
ark-serialize = { version = "^0.3.0", default-features = false }
ark-algebra-test-templates = { version = "^0.3.0", default-features = false }
ark-relations = { git = "https://github.com/arkworks-rs/snark", default-features = false }
ark-serialize = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-algebra-test-templates = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-curve-constraint-tests = { path = "../curve-constraint-tests", default-features = false }
[features]

14
mnt6_298/src/constraints/curves.rs
View File

@@ -16,8 +16,14 @@ pub type G2PreparedVar = mnt6::G2PreparedVar<Parameters>;
#[test]
fn test() {
use ark_ec::models::mnt6::MNT6Parameters;
ark_curve_constraint_tests::curves::sw_test::<<Parameters as MNT6Parameters>::G1Parameters>()
.unwrap();
ark_curve_constraint_tests::curves::sw_test::<<Parameters as MNT6Parameters>::G2Parameters>()
.unwrap();
ark_curve_constraint_tests::curves::sw_test::<
<Parameters as MNT6Parameters>::G1Parameters,
G1Var,
>()
.unwrap();
ark_curve_constraint_tests::curves::sw_test::<
<Parameters as MNT6Parameters>::G2Parameters,
G2Var,
>()
.unwrap();
}

12
mnt6_298/src/constraints/mod.rs
View File

@@ -130,17 +130,17 @@
//! let pairing_result_native = MNT6_298::pairing(a_native, b_native);
//!
//! // Prepare `a` and `b` for pairing.
//! let a_prep = MNT6_298::prepare_g1(&a)?;
//! let b_prep = MNT6_298::prepare_g2(&b)?;
//! let pairing_result = MNT6_298::pairing_gadget(a_prep, b_prep)?;
//! let a_prep = constraints::PairingVar::prepare_g1(&a)?;
//! let b_prep = constraints::PairingVar::prepare_g2(&b)?;
//! let pairing_result = constraints::PairingVar::pairing(a_prep, b_prep)?;
//!
//! // Check that the value of &a + &b is correct.
//! assert_eq!(pairing_result.value()?, pairing_result_native);
//!
//! // Check that operations on variables and constants are equivalent.
//! let a_prep_const = MNT6_298::prepare_g1(&a_const)?;
//! let b_prep_const = MNT6_298::prepare_g2(&b_const)?;
//! let pairing_result_const = MNT6_298::pairing_gadget(a_prep_const, b_prep_const)?;
//! let a_prep_const = constraints::PairingVar::prepare_g1(&a_const)?;
//! let b_prep_const = constraints::PairingVar::prepare_g2(&b_const)?;
//! let pairing_result_const = constraints::PairingVar::pairing(a_prep_const, b_prep_const)?;
//! println!("Done here 3");
//!
//! pairing_result.enforce_equal(&pairing_result_const)?;

6
mnt6_298/src/constraints/pairing.rs
View File

@@ -1,8 +1,10 @@
use crate::Parameters;
/// Specifies the constraints for computing a pairing in the MNT6-298 bilinear group.
pub use crate::MNT6_298;
pub type PairingVar = ark_r1cs_std::pairing::mnt6::PairingVar<Parameters>;
#[test]
fn test() {
use crate::MNT6_298;
ark_curve_constraint_tests::pairing::bilinearity_test::<MNT6_298>().unwrap()
ark_curve_constraint_tests::pairing::bilinearity_test::<MNT6_298, PairingVar>().unwrap()
}

2
mnt6_298/src/lib.rs
View File

@@ -9,7 +9,7 @@
#![forbid(unsafe_code)]
//! This library implements the MNT6_298 curve generated in
//! [\[BCTV14\]](https://eprint.iacr.org/2014/595). The name denotes that it is a
//! [[BCTV14]](https://eprint.iacr.org/2014/595). The name denotes that it is a
//! Miyaji--Nakabayashi--Takano curve of embedding degree 6, defined over a 298-bit (prime) field.
//! The main feature of this curve is that its scalar field and base field respectively equal the
//! base field and scalar field of MNT4_298.

24
mnt6_753/Cargo.toml
View File

@@ -1,31 +1,31 @@
[package]
name = "ark-mnt6-753"
version = "0.3.0"
version = "0.1.0"
authors = [ "arkworks contributors" ]
description = "The MNT6-753 pairing-friendly elliptic curve"
homepage = "https://arkworks.rs"
repository = "https://github.com/arkworks-rs/curves"
repository = "https://github.com/arkworks-rs/algebra"
documentation = "https://docs.rs/ark-mnt6-753/"
keywords = ["cryptography", "finite-fields", "elliptic-curves" ]
keywords = ["cryptography", "finite fields" ]
categories = ["cryptography"]
include = ["Cargo.toml", "src", "README.md", "LICENSE-APACHE", "LICENSE-MIT"]
license = "MIT/Apache-2.0"
edition = "2018"
[dependencies]
ark-ff = { version = "^0.3.0", default-features = false }
ark-ec = { version = "^0.3.0", default-features = false }
ark-std = { version = "^0.3.0", default-features = false }
ark-r1cs-std = { version = "^0.3.0", default-features = false, optional = true }
ark-mnt4-753 = { version = "^0.3.0", path = "../mnt4_753", default-features = false, features = [ "scalar_field", "base_field" ] }
ark-ff = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-ec = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-std = { git = "https://github.com/arkworks-rs/utils", default-features = false }
ark-r1cs-std = { git = "https://github.com/arkworks-rs/r1cs-std", default-features = false, optional = true }
ark-mnt4-753 = { path = "../mnt4_753", default-features = false, features = [ "scalar_field", "base_field" ] }
[dev-dependencies]
ark-relations = { version = "^0.3.0", default-features = false }
ark-serialize = { version = "^0.3.0", default-features = false }
ark-algebra-test-templates = { version = "^0.3.0", default-features = false }
ark-relations = { git = "https://github.com/arkworks-rs/snark", default-features = false }
ark-serialize = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-algebra-test-templates = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-curve-constraint-tests = { path = "../curve-constraint-tests", default-features = false }
[features]
default = []
std = [ "ark-std/std", "ark-ff/std", "ark-ec/std" ]
r1cs = ["ark-r1cs-std"]
r1cs = ["ark-r1cs-std"]

14
mnt6_753/src/constraints/curves.rs
View File

@@ -16,8 +16,14 @@ pub type G2PreparedVar = mnt6::G2PreparedVar<Parameters>;
#[test]
fn test() {
use ark_ec::models::mnt6::MNT6Parameters;
ark_curve_constraint_tests::curves::sw_test::<<Parameters as MNT6Parameters>::G1Parameters>()
.unwrap();
ark_curve_constraint_tests::curves::sw_test::<<Parameters as MNT6Parameters>::G2Parameters>()
.unwrap();
ark_curve_constraint_tests::curves::sw_test::<
<Parameters as MNT6Parameters>::G1Parameters,
G1Var,
>()
.unwrap();
ark_curve_constraint_tests::curves::sw_test::<
<Parameters as MNT6Parameters>::G2Parameters,
G2Var,
>()
.unwrap();
}

12
mnt6_753/src/constraints/mod.rs
View File

@@ -130,17 +130,17 @@
//! let pairing_result_native = MNT6_753::pairing(a_native, b_native);
//!
//! // Prepare `a` and `b` for pairing.
//! let a_prep = MNT6_753::prepare_g1(&a)?;
//! let b_prep = MNT6_753::prepare_g2(&b)?;
//! let pairing_result = MNT6_753::pairing_gadget(a_prep, b_prep)?;
//! let a_prep = constraints::PairingVar::prepare_g1(&a)?;
//! let b_prep = constraints::PairingVar::prepare_g2(&b)?;
//! let pairing_result = constraints::PairingVar::pairing(a_prep, b_prep)?;
//!
//! // Check that the value of &a + &b is correct.
//! assert_eq!(pairing_result.value()?, pairing_result_native);
//!
//! // Check that operations on variables and constants are equivalent.
//! let a_prep_const = MNT6_753::prepare_g1(&a_const)?;
//! let b_prep_const = MNT6_753::prepare_g2(&b_const)?;
//! let pairing_result_const = MNT6_753::pairing_gadget(a_prep_const, b_prep_const)?;
//! let a_prep_const = constraints::PairingVar::prepare_g1(&a_const)?;
//! let b_prep_const = constraints::PairingVar::prepare_g2(&b_const)?;
//! let pairing_result_const = constraints::PairingVar::pairing(a_prep_const, b_prep_const)?;
//! println!("Done here 3");
//!
//! pairing_result.enforce_equal(&pairing_result_const)?;

6
mnt6_753/src/constraints/pairing.rs
View File

@@ -1,8 +1,10 @@
use crate::Parameters;
/// Specifies the constraints for computing a pairing in the MNT6-753 bilinear group.
pub use crate::MNT6_753;
pub type PairingVar = ark_r1cs_std::pairing::mnt6::PairingVar<Parameters>;
#[test]
fn test() {
use crate::MNT6_753;
ark_curve_constraint_tests::pairing::bilinearity_test::<MNT6_753>().unwrap()
ark_curve_constraint_tests::pairing::bilinearity_test::<MNT6_753, PairingVar>().unwrap()
}

2
mnt6_753/src/lib.rs
View File

@@ -9,7 +9,7 @@
#![forbid(unsafe_code)]
//! This library implements the MNT6_753 curve generated in
//! [\[BCTV14\]](https://eprint.iacr.org/2014/595). The name denotes that it is a
//! [[BCTV14]](https://eprint.iacr.org/2014/595). The name denotes that it is a
//! Miyaji--Nakabayashi--Takano curve of embedding degree 6, defined over a 753-bit (prime) field.
//! The main feature of this curve is that its scalar field and base field respectively equal the
//! base field and scalar field of MNT4_753.

18
pallas/Cargo.toml
View File

@@ -1,27 +1,27 @@
[package]
name = "ark-pallas"
version = "0.3.0"
version = "0.1.0"
authors = [ "Ying Tong Lai", "Daira Hopwood", "O(1) Labs", "arkworks contributors" ]
description = "The Pallas prime-order elliptic curve"
homepage = "https://arkworks.rs"
repository = "https://github.com/arkworks-rs/curves"
documentation = "https://docs.rs/ark-pallas/"
keywords = ["cryptography", "finite-fields", "elliptic-curves" ]
keywords = ["cryptography", "finite fields", "elliptic curves" ]
categories = ["cryptography"]
include = ["Cargo.toml", "src"]
license = "MIT/Apache-2.0"
edition = "2018"
[dependencies]
ark-ff = { version = "^0.3.0", default-features = false }
ark-ec = { version = "^0.3.0", default-features = false }
ark-r1cs-std = { version = "^0.3.0", default-features = false, optional = true }
ark-std = { version = "^0.3.0", default-features = false }
ark-ff = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-ec = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-r1cs-std = { git = "https://github.com/arkworks-rs/r1cs-std", default-features = false, optional = true }
ark-std = { git = "https://github.com/arkworks-rs/utils", default-features = false }
[dev-dependencies]
ark-relations = { version = "^0.3.0", default-features = false }
ark-serialize = { version = "^0.3.0", default-features = false }
ark-algebra-test-templates = { version = "^0.3.0", default-features = false }
ark-relations = { git = "https://github.com/arkworks-rs/snark", default-features = false }
ark-serialize = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-algebra-test-templates = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-curve-constraint-tests = { path = "../curve-constraint-tests", default-features = false }
[features]

6
pallas/src/constraints/curves.rs
View File

@@ -1,10 +1,12 @@
use crate::*;
use ark_r1cs_std::groups::curves::short_weierstrass::ProjectiveVar;
use crate::constraints::FBaseVar;
/// A group element in the Pallas prime-order group.
pub type GVar = ProjectiveVar<PallasParameters>;
pub type GVar = ProjectiveVar<PallasParameters, FBaseVar>;
#[test]
fn test() {
ark_curve_constraint_tests::curves::sw_test::<PallasParameters>().unwrap();
ark_curve_constraint_tests::curves::sw_test::<PallasParameters, GVar>().unwrap();
}

31
scripts/linkify_changelog.py
View File

@@ -1,31 +0,0 @@
import re
import sys
import fileinput
import os
# Set this to the name of the repo, if you don't want it to be read from the filesystem.
# It assumes the changelog file is in the root of the repo.
repo_name = ""
# This script goes through the provided file, and replaces any " \#<number>",
# with the valid mark down formatted link to it. e.g.
# " [\#number](https://github.com/arkworks-rs/template/pull/<number>)
# Note that if the number is for a an issue, github will auto-redirect you when you click the link.
# It is safe to run the script multiple times in succession.
#
# Example usage $ python3 linkify_changelog.py ../CHANGELOG.md
if len(sys.argv) < 2:
print("Must include path to changelog as the first argument to the script")
print("Example Usage: python3 linkify_changelog.py ../CHANGELOG.md")
exit()
changelog_path = sys.argv[1]
if repo_name == "":
path = os.path.abspath(changelog_path)
components = path.split(os.path.sep)
repo_name = components[-2]
for line in fileinput.input(inplace=True):
line = re.sub(r"\- #([0-9]*)", r"- [\\#\1](https://github.com/arkworks-rs/" + repo_name + r"/pull/\1)", line.rstrip())
# edits the current file
print(line)

20
vesta/Cargo.toml
View File

@@ -1,28 +1,28 @@
[package]
name = "ark-vesta"
version = "0.3.0"
version = "0.1.0"
authors = [ "Ying Tong Lai", "Daira Hopwood", "O(1) Labs", "arkworks contributors" ]
description = "The Vesta prime-order elliptic curve"
homepage = "https://arkworks.rs"
repository = "https://github.com/arkworks-rs/curves"
documentation = "https://docs.rs/ark-vesta/"
keywords = ["cryptography", "finite-fields", "elliptic-curves" ]
keywords = ["cryptography", "finite fields", "elliptic curves" ]
categories = ["cryptography"]
include = ["Cargo.toml", "src"]
license = "MIT/Apache-2.0"
edition = "2018"
[dependencies]
ark-ff = { version = "^0.3.0", default-features = false }
ark-ec = { version = "^0.3.0", default-features = false }
ark-r1cs-std = { version = "^0.3.0", default-features = false, optional = true }
ark-std = { version = "^0.3.0", default-features = false }
ark-pallas = { version = "^0.3.0", path = "../pallas", default-features = false, features = [ "scalar_field", "base_field" ] }
ark-ff = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-ec = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-r1cs-std = { git = "https://github.com/arkworks-rs/r1cs-std", default-features = false, optional = true }
ark-std = { git = "https://github.com/arkworks-rs/utils", default-features = false }
ark-pallas = { path = "../pallas", default-features = false, features = [ "scalar_field", "base_field" ] }
[dev-dependencies]
ark-relations = { version = "^0.3.0", default-features = false }
ark-serialize = { version = "^0.3.0", default-features = false }
ark-algebra-test-templates = { version = "^0.3.0", default-features = false }
ark-relations = { git = "https://github.com/arkworks-rs/snark", default-features = false }
ark-serialize = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-algebra-test-templates = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
ark-curve-constraint-tests = { path = "../curve-constraint-tests", default-features = false }
[features]

6
vesta/src/constraints/curves.rs
View File

@@ -1,10 +1,12 @@
use crate::*;
use ark_r1cs_std::groups::curves::short_weierstrass::ProjectiveVar;
use crate::constraints::FBaseVar;
/// A group element in the Vesta prime-order group.
pub type GVar = ProjectiveVar<VestaParameters>;
pub type GVar = ProjectiveVar<VestaParameters, FBaseVar>;
#[test]
fn test() {
ark_curve_constraint_tests::curves::sw_test::<VestaParameters>().unwrap();
ark_curve_constraint_tests::curves::sw_test::<VestaParameters, GVar>().unwrap();
}