arnaucube
/
ark-curves-cherry-picked
mirror of https://github.com/arnaucube/ark-curves-cherry-picked.git


								use ark_ec::{

								    bls12,

								    bls12::Bls12Parameters,

								    models::CurveConfig,

								    short_weierstrass::{Affine, SWCurveConfig},

								    AffineCurve, ProjectiveCurve,

								};

								use ark_ff::{Field, MontFp, Zero};

								use ark_std::ops::Neg;


								use crate::*;


								pub type G1Affine = bls12::G1Affine<crate::Parameters>;

								pub type G1Projective = bls12::G1Projective<crate::Parameters>;


								#[derive(Clone, Default, PartialEq, Eq)]

								pub struct Parameters;


								impl CurveConfig for Parameters {

								    type BaseField = Fq;

								    type ScalarField = Fr;


								    /// COFACTOR = (x - 1)^2 / 3  = 76329603384216526031706109802092473003

								    const COFACTOR: &'static [u64] = &[0x8c00aaab0000aaab, 0x396c8c005555e156];


								    /// COFACTOR_INV = COFACTOR^{-1} mod r

								    /// = 52435875175126190458656871551744051925719901746859129887267498875565241663483

								    const COFACTOR_INV: Fr =

								        MontFp!("52435875175126190458656871551744051925719901746859129887267498875565241663483");

								}


								impl SWCurveConfig for Parameters {

								    /// COEFF_A = 0

								    const COEFF_A: Fq = Fq::ZERO;


								    /// COEFF_B = 4

								    const COEFF_B: Fq = MontFp!("4");


								    /// AFFINE_GENERATOR_COEFFS = (G1_GENERATOR_X, G1_GENERATOR_Y)

								    const GENERATOR: G1Affine = G1Affine::new_unchecked(G1_GENERATOR_X, G1_GENERATOR_Y);


								    #[inline(always)]

								    fn mul_by_a(_: &Self::BaseField) -> Self::BaseField {

								        Self::BaseField::zero()

								    }


								    #[inline]

								    fn is_in_correct_subgroup_assuming_on_curve(p: &G1Affine) -> bool {

								        // Algorithm from Section 6 of https://eprint.iacr.org/2021/1130.

								        //

								        // Check that endomorphism_p(P) == -[X^2]P


								        // An early-out optimization described in Section 6.

								        // If uP == P but P != point of infinity, then the point is not in the right

								        // subgroup.

								        let x_times_p = p.mul_bigint(crate::Parameters::X);

								        if x_times_p.eq(p) && !p.infinity {

								            return false;

								        }


								        let minus_x_squared_times_p = x_times_p.mul_bigint(crate::Parameters::X).neg();

								        let endomorphism_p = endomorphism(p);

								        minus_x_squared_times_p.eq(&endomorphism_p)

								    }

								}


								/// G1_GENERATOR_X =

								/// 3685416753713387016781088315183077757961620795782546409894578378688607592378376318836054947676345821548104185464507

								pub const G1_GENERATOR_X: Fq = MontFp!("3685416753713387016781088315183077757961620795782546409894578378688607592378376318836054947676345821548104185464507");


								/// G1_GENERATOR_Y =

								/// 1339506544944476473020471379941921221584933875938349620426543736416511423956333506472724655353366534992391756441569

								pub const G1_GENERATOR_Y: Fq = MontFp!("1339506544944476473020471379941921221584933875938349620426543736416511423956333506472724655353366534992391756441569");


								/// BETA is a non-trivial cubic root of unity in Fq.

								pub const BETA: Fq = MontFp!("793479390729215512621379701633421447060886740281060493010456487427281649075476305620758731620350");


								pub fn endomorphism(p: &Affine<Parameters>) -> Affine<Parameters> {

								    // Endomorphism of the points on the curve.

								    // endomorphism_p(x,y) = (BETA * x, y)

								    // where BETA is a non-trivial cubic root of unity in Fq.

								    let mut res = (*p).clone();

								    res.x *= BETA;

								    res

								}