arnaucube
/
go-snark-study
mirror of https://github.com/arnaucube/go-snark-study.git
1
1
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
38 Commits
1 Branch
4 Tags
109 MiB
Tree: 54a265e73b
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '54a265e73b'
${ noResults }
go-snark-study/fields/fq12.go

171 lines
3.9 KiB
Raw Normal View History

r1cs to qap over finite field
6 years ago
bn128 pairing, r1cs to qap
6 years ago
refactoring: - avoid code duplication on cmd - interface for proof system
5 years ago
bn128 pairing, r1cs to qap
6 years ago
refactoring: - avoid code duplication on cmd - interface for proof system
5 years ago
bn128 pairing, r1cs to qap
6 years ago
cli
5 years ago
bn128 pairing, r1cs to qap
6 years ago
cli
5 years ago
bn128 pairing, r1cs to qap
6 years ago
cli
5 years ago
bn128 pairing, r1cs to qap
6 years ago
refactoring: - avoid code duplication on cmd - interface for proof system
5 years ago
bn128 pairing, r1cs to qap
6 years ago
refactoring: - avoid code duplication on cmd - interface for proof system
5 years ago
bn128 pairing, r1cs to qap
6 years ago
  1. package fields
  3. import (
  4. "bytes"
  5. "math/big"
  6. )
  8. // Fq12 uses the same algorithms than Fq2, but with [2][3][2]*big.Int data structure
  10. // Fq12 is Field 12
  11. type Fq12 struct {
  12. F Fq6
  13. Fq2 Fq2
  14. NonResidue [2]*big.Int
  15. }
  17. // NewFq12 generates a new Fq12
  18. func NewFq12(f Fq6, fq2 Fq2, nonResidue [2]*big.Int) Fq12 {
  19. fq12 := Fq12{
  20. f,
  21. fq2,
  22. nonResidue,
  23. }
  24. return fq12
  25. }
  27. // Zero returns a Zero value on the Fq12
  28. func (fq12 Fq12) Zero() [2][3][2]*big.Int {
  29. return [2][3][2]*big.Int{fq12.F.Zero(), fq12.F.Zero()}
  30. }
  32. // One returns a One value on the Fq12
  33. func (fq12 Fq12) One() [2][3][2]*big.Int {
  34. return [2][3][2]*big.Int{fq12.F.One(), fq12.F.Zero()}
  35. }
  37. func (fq12 Fq12) mulByNonResidue(a [3][2]*big.Int) [3][2]*big.Int {
  38. return [3][2]*big.Int{
  39. fq12.Fq2.Mul(fq12.NonResidue, a[2]),
  40. a[0],
  41. a[1],
  42. }
  43. }
  45. // Add performs an addition on the Fq12
  46. func (fq12 Fq12) Add(a, b [2][3][2]*big.Int) [2][3][2]*big.Int {
  47. return [2][3][2]*big.Int{
  48. fq12.F.Add(a[0], b[0]),
  49. fq12.F.Add(a[1], b[1]),
  50. }
  51. }
  53. // Double performs a doubling on the Fq12
  54. func (fq12 Fq12) Double(a [2][3][2]*big.Int) [2][3][2]*big.Int {
  55. return fq12.Add(a, a)
  56. }
  58. // Sub performs a subtraction on the Fq12
  59. func (fq12 Fq12) Sub(a, b [2][3][2]*big.Int) [2][3][2]*big.Int {
  60. return [2][3][2]*big.Int{
  61. fq12.F.Sub(a[0], b[0]),
  62. fq12.F.Sub(a[1], b[1]),
  63. }
  64. }
  66. // Neg performs a negation on the Fq12
  67. func (fq12 Fq12) Neg(a [2][3][2]*big.Int) [2][3][2]*big.Int {
  68. return fq12.Sub(fq12.Zero(), a)
  69. }
  71. // Mul performs a multiplication on the Fq12
  72. func (fq12 Fq12) Mul(a, b [2][3][2]*big.Int) [2][3][2]*big.Int {
  73. // Multiplication and Squaring on Pairing-Friendly .pdf; Section 3 (Karatsuba)
  74. v0 := fq12.F.Mul(a[0], b[0])
  75. v1 := fq12.F.Mul(a[1], b[1])
  76. return [2][3][2]*big.Int{
  77. fq12.F.Add(v0, fq12.mulByNonResidue(v1)),
  78. fq12.F.Sub(
  79. fq12.F.Mul(
  80. fq12.F.Add(a[0], a[1]),
  81. fq12.F.Add(b[0], b[1])),
  82. fq12.F.Add(v0, v1)),
  83. }
  84. }
  86. // MulScalar is ...
  87. func (fq12 Fq12) MulScalar(base [2][3][2]*big.Int, e *big.Int) [2][3][2]*big.Int {
  88. // for more possible implementations see g2.go file, at the function g2.MulScalar()
  90. res := fq12.Zero()
  91. rem := e
  92. exp := base
  94. for !bytes.Equal(rem.Bytes(), big.NewInt(int64(0)).Bytes()) {
  95. // if rem % 2 == 1
  96. if bytes.Equal(new(big.Int).Rem(rem, big.NewInt(int64(2))).Bytes(), big.NewInt(int64(1)).Bytes()) {
  97. res = fq12.Add(res, exp)
  98. }
  99. exp = fq12.Double(exp)
  100. rem = rem.Rsh(rem, 1) // rem = rem >> 1
  101. }
  102. return res
  103. }
  105. // Inverse returns the inverse on the Fq12
  106. func (fq12 Fq12) Inverse(a [2][3][2]*big.Int) [2][3][2]*big.Int {
  107. t0 := fq12.F.Square(a[0])
  108. t1 := fq12.F.Square(a[1])
  109. t2 := fq12.F.Sub(t0, fq12.mulByNonResidue(t1))
  110. t3 := fq12.F.Inverse(t2)
  111. return [2][3][2]*big.Int{
  112. fq12.F.Mul(a[0], t3),
  113. fq12.F.Neg(fq12.F.Mul(a[1], t3)),
  114. }
  115. }
  117. // Div performs a division on the Fq12
  118. func (fq12 Fq12) Div(a, b [2][3][2]*big.Int) [2][3][2]*big.Int {
  119. return fq12.Mul(a, fq12.Inverse(b))
  120. }
  122. // Square performs a square operation on the Fq12
  123. func (fq12 Fq12) Square(a [2][3][2]*big.Int) [2][3][2]*big.Int {
  124. ab := fq12.F.Mul(a[0], a[1])
  126. return [2][3][2]*big.Int{
  127. fq12.F.Sub(
  128. fq12.F.Mul(
  129. fq12.F.Add(a[0], a[1]),
  130. fq12.F.Add(
  131. a[0],
  132. fq12.mulByNonResidue(a[1]))),
  133. fq12.F.Add(
  134. ab,
  135. fq12.mulByNonResidue(ab))),
  136. fq12.F.Add(ab, ab),
  137. }
  138. }
  140. // Exp is ...
  141. func (fq12 Fq12) Exp(base [2][3][2]*big.Int, e *big.Int) [2][3][2]*big.Int {
  142. // TODO fix bottleneck
  144. res := fq12.One()
  145. rem := fq12.Fq2.F.Copy(e)
  146. exp := base
  148. // before := time.Now()
  149. for !bytes.Equal(rem.Bytes(), big.NewInt(int64(0)).Bytes()) {
  150. if BigIsOdd(rem) {
  151. res = fq12.Mul(res, exp)
  152. }
  153. exp = fq12.Square(exp)
  154. rem = new(big.Int).Rsh(rem, 1)
  155. }
  156. // fmt.Println("time elapsed:", time.Since(before))
  157. return res
  158. }
  160. // Affine is ...
  161. func (fq12 Fq12) Affine(a [2][3][2]*big.Int) [2][3][2]*big.Int {
  162. return [2][3][2]*big.Int{
  163. fq12.F.Affine(a[0]),
  164. fq12.F.Affine(a[1]),
  165. }
  166. }
  168. // Equal is ...
  169. func (fq12 Fq12) Equal(a, b [2][3][2]*big.Int) bool {
  170. return fq12.F.Equal(a[0], b[0]) && fq12.F.Equal(a[1], b[1])
  171. }