arnaucube
/
go-snark
mirror of https://github.com/arnaucube/go-snark.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
39 Commits
1 Branch
4 Tags
91 MiB
Tree: c848b85281
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'c848b85281'
${ noResults }
go-snark/bn128/g1.go

207 lines
3.9 KiB
Raw Normal View History

bn128 pairing, r1cs to qap
6 years ago
r1cs to qap over finite field
6 years ago
bn128 pairing, r1cs to qap
6 years ago
refactoring: - avoid code duplication on cmd - interface for proof system
5 years ago
bn128 pairing, r1cs to qap
6 years ago
r1cs to qap over finite field
6 years ago
bn128 pairing, r1cs to qap
6 years ago
refactoring: - avoid code duplication on cmd - interface for proof system
5 years ago
r1cs to qap over finite field
6 years ago
bn128 pairing, r1cs to qap
6 years ago
refactoring: - avoid code duplication on cmd - interface for proof system
5 years ago
bn128 pairing, r1cs to qap
6 years ago
refactoring: - avoid code duplication on cmd - interface for proof system
5 years ago
bn128 pairing, r1cs to qap
6 years ago
refactoring: - avoid code duplication on cmd - interface for proof system
5 years ago
bn128 pairing, r1cs to qap
6 years ago
refactoring: - avoid code duplication on cmd - interface for proof system
5 years ago
bn128 pairing, r1cs to qap
6 years ago
refactoring: - avoid code duplication on cmd - interface for proof system
5 years ago
bn128 pairing, r1cs to qap
6 years ago
refactoring: - avoid code duplication on cmd - interface for proof system
5 years ago
bn128 pairing, r1cs to qap
6 years ago
refactoring: - avoid code duplication on cmd - interface for proof system
5 years ago
bn128 pairing, r1cs to qap
6 years ago
refactoring: - avoid code duplication on cmd - interface for proof system
5 years ago
bn128 pairing, r1cs to qap
6 years ago
refactoring: - avoid code duplication on cmd - interface for proof system
5 years ago
bn128 pairing, r1cs to qap
6 years ago
  1. package bn128
  3. import (
  4. "math/big"
  6. "github.com/arnaucube/go-snark/fields"
  7. )
  9. // G1 is ...
  10. type G1 struct {
  11. F fields.Fq
  12. G [3]*big.Int
  13. }
  15. // NewG1 is ...
  16. func NewG1(f fields.Fq, g [2]*big.Int) G1 {
  17. var g1 G1
  18. g1.F = f
  19. g1.G = [3]*big.Int{
  20. g[0],
  21. g[1],
  22. g1.F.One(),
  23. }
  24. return g1
  25. }
  27. // Zero is ...
  28. func (g1 G1) Zero() [2]*big.Int {
  29. return [2]*big.Int{g1.F.Zero(), g1.F.Zero()}
  30. }
  32. // IsZero is ...
  33. func (g1 G1) IsZero(p [3]*big.Int) bool {
  34. return g1.F.IsZero(p[2])
  35. }
  37. // Add is ...
  38. func (g1 G1) Add(p1, p2 [3]*big.Int) [3]*big.Int {
  40. // https://en.wikibooks.org/wiki/Cryptography/Prime_Curve/Jacobian_Coordinates
  41. // https://github.com/zcash/zcash/blob/master/src/snark/libsnark/algebra/curves/alt_bn128/alt_bn128_g1.cpp#L208
  42. // http://hyperelliptic.org/EFD/g1p/auto-code/shortw/jacobian-0/addition/add-2007-bl.op3
  44. if g1.IsZero(p1) {
  45. return p2
  46. }
  47. if g1.IsZero(p2) {
  48. return p1
  49. }
  51. x1 := p1[0]
  52. y1 := p1[1]
  53. z1 := p1[2]
  54. x2 := p2[0]
  55. y2 := p2[1]
  56. z2 := p2[2]
  58. z1z1 := g1.F.Square(z1)
  59. z2z2 := g1.F.Square(z2)
  61. u1 := g1.F.Mul(x1, z2z2)
  62. u2 := g1.F.Mul(x2, z1z1)
  64. t0 := g1.F.Mul(z2, z2z2)
  65. s1 := g1.F.Mul(y1, t0)
  67. t1 := g1.F.Mul(z1, z1z1)
  68. s2 := g1.F.Mul(y2, t1)
  70. h := g1.F.Sub(u2, u1)
  71. t2 := g1.F.Add(h, h)
  72. i := g1.F.Square(t2)
  73. j := g1.F.Mul(h, i)
  74. t3 := g1.F.Sub(s2, s1)
  75. r := g1.F.Add(t3, t3)
  76. v := g1.F.Mul(u1, i)
  77. t4 := g1.F.Square(r)
  78. t5 := g1.F.Add(v, v)
  79. t6 := g1.F.Sub(t4, j)
  80. x3 := g1.F.Sub(t6, t5)
  81. t7 := g1.F.Sub(v, x3)
  82. t8 := g1.F.Mul(s1, j)
  83. t9 := g1.F.Add(t8, t8)
  84. t10 := g1.F.Mul(r, t7)
  86. y3 := g1.F.Sub(t10, t9)
  88. t11 := g1.F.Add(z1, z2)
  89. t12 := g1.F.Square(t11)
  90. t13 := g1.F.Sub(t12, z1z1)
  91. t14 := g1.F.Sub(t13, z2z2)
  92. z3 := g1.F.Mul(t14, h)
  94. return [3]*big.Int{x3, y3, z3}
  95. }
  97. // Neg is ...
  98. func (g1 G1) Neg(p [3]*big.Int) [3]*big.Int {
  99. return [3]*big.Int{
  100. p[0],
  101. g1.F.Neg(p[1]),
  102. p[2],
  103. }
  104. }
  106. // Sub is ...
  107. func (g1 G1) Sub(a, b [3]*big.Int) [3]*big.Int {
  108. return g1.Add(a, g1.Neg(b))
  109. }
  111. // Double is ...
  112. func (g1 G1) Double(p [3]*big.Int) [3]*big.Int {
  114. // https://en.wikibooks.org/wiki/Cryptography/Prime_Curve/Jacobian_Coordinates
  115. // http://hyperelliptic.org/EFD/g1p/auto-code/shortw/jacobian-0/doubling/dbl-2009-l.op3
  116. // https://github.com/zcash/zcash/blob/master/src/snark/libsnark/algebra/curves/alt_bn128/alt_bn128_g1.cpp#L325
  118. if g1.IsZero(p) {
  119. return p
  120. }
  122. a := g1.F.Square(p[0])
  123. b := g1.F.Square(p[1])
  124. c := g1.F.Square(b)
  126. t0 := g1.F.Add(p[0], b)
  127. t1 := g1.F.Square(t0)
  128. t2 := g1.F.Sub(t1, a)
  129. t3 := g1.F.Sub(t2, c)
  131. d := g1.F.Double(t3)
  132. e := g1.F.Add(g1.F.Add(a, a), a)
  133. f := g1.F.Square(e)
  135. t4 := g1.F.Double(d)
  136. x3 := g1.F.Sub(f, t4)
  138. t5 := g1.F.Sub(d, x3)
  139. twoC := g1.F.Add(c, c)
  140. fourC := g1.F.Add(twoC, twoC)
  141. t6 := g1.F.Add(fourC, fourC)
  142. t7 := g1.F.Mul(e, t5)
  143. y3 := g1.F.Sub(t7, t6)
  145. t8 := g1.F.Mul(p[1], p[2])
  146. z3 := g1.F.Double(t8)
  148. return [3]*big.Int{x3, y3, z3}
  149. }
  151. // MulScalar is ...
  152. func (g1 G1) MulScalar(p [3]*big.Int, e *big.Int) [3]*big.Int {
  153. // https://en.wikipedia.org/wiki/Elliptic_curve_point_multiplication#Double-and-add
  154. // for more possible implementations see g2.go file, at the function g2.MulScalar()
  156. q := [3]*big.Int{g1.F.Zero(), g1.F.Zero(), g1.F.Zero()}
  157. d := g1.F.Copy(e)
  158. r := p
  159. for i := d.BitLen() - 1; i >= 0; i-- {
  160. q = g1.Double(q)
  161. if d.Bit(i) == 1 {
  162. q = g1.Add(q, r)
  163. }
  164. }
  166. return q
  167. }
  169. // Affine is ...
  170. func (g1 G1) Affine(p [3]*big.Int) [2]*big.Int {
  171. if g1.IsZero(p) {
  172. return g1.Zero()
  173. }
  175. zinv := g1.F.Inverse(p[2])
  176. zinv2 := g1.F.Square(zinv)
  177. x := g1.F.Mul(p[0], zinv2)
  179. zinv3 := g1.F.Mul(zinv2, zinv)
  180. y := g1.F.Mul(p[1], zinv3)
  182. return [2]*big.Int{x, y}
  183. }
  185. // Equal is ...
  186. func (g1 G1) Equal(p1, p2 [3]*big.Int) bool {
  187. if g1.IsZero(p1) {
  188. return g1.IsZero(p2)
  189. }
  190. if g1.IsZero(p2) {
  191. return g1.IsZero(p1)
  192. }
  194. z1z1 := g1.F.Square(p1[2])
  195. z2z2 := g1.F.Square(p2[2])
  197. u1 := g1.F.Mul(p1[0], z2z2)
  198. u2 := g1.F.Mul(p2[0], z1z1)
  200. z1cub := g1.F.Mul(p1[2], z1z1)
  201. z2cub := g1.F.Mul(p2[2], z2z2)
  203. s1 := g1.F.Mul(p1[1], z2cub)
  204. s2 := g1.F.Mul(p2[1], z1cub)
  206. return g1.F.Equal(u1, u2) && g1.F.Equal(s1, s2)
  207. }