├── .cargo └── config ├── .github └── workflows │ └── ci.yml ├── .gitignore ├── .hooks └── pre-commit ├── AUTHORS ├── Cargo.toml ├── LICENSE-APACHE ├── LICENSE-MIT ├── README.md ├── algebra-benches ├── Cargo.toml ├── build.rs └── src │ ├── curves │ ├── bls12_377.rs │ ├── bls12_381.rs │ ├── bn254.rs │ ├── bw6_761.rs │ ├── cp6_782.rs │ ├── mnt4_298.rs │ ├── mnt4_753.rs │ ├── mnt6_298.rs │ ├── mnt6_753.rs │ └── mod.rs │ ├── lib.rs │ └── macros │ ├── batch_arith.rs │ ├── ec.rs │ ├── field.rs │ ├── mod.rs │ ├── pairing.rs │ └── utils.rs ├── algebra-core ├── .gitignore ├── Cargo.toml ├── LICENSE-APACHE ├── LICENSE-MIT ├── algebra-core-derive │ ├── Cargo.toml │ ├── LICENSE-APACHE │ ├── LICENSE-MIT │ └── src │ │ └── lib.rs ├── build.rs ├── bw6-assembly │ ├── modadd768-armv8.S │ ├── modadd768-x86_64.S │ ├── modadd768.S │ ├── modmul768-armv8.S │ ├── modmul768-x86_64.S │ ├── modmul768.S │ ├── modsqr768-armv8.S │ ├── modsqr768-x86_64.S │ ├── modsqr768.S │ ├── modsub768-armv8.S │ ├── modsub768-x86_64.S │ └── modsub768.S ├── field-assembly │ ├── Cargo.toml │ └── src │ │ ├── context.rs │ │ ├── lib.rs │ │ └── utils.rs ├── mince │ ├── Cargo.toml │ └── src │ │ ├── arithmetic.rs │ │ ├── intrinsics.rs │ │ └── lib.rs ├── spec │ ├── algorithmic-optimisations.md │ └── algorithmic-optimisations.pdf └── src │ ├── biginteger │ ├── macros.rs │ ├── mod.rs │ └── tests.rs │ ├── bytes.rs │ ├── curves │ ├── batch_arith.rs │ ├── batch_verify.rs │ ├── bucketed_add.rs │ ├── cuda │ │ ├── accel_dummy.rs │ │ ├── mod.rs │ │ └── scalar_mul │ │ │ ├── cpu_gpu_macros.rs │ │ │ ├── kernel_macros.rs │ │ │ ├── mod.rs │ │ │ └── run_kernel_macros.rs │ ├── glv.rs │ ├── mod.rs │ └── models │ │ ├── bls12 │ │ ├── g1.rs │ │ ├── g2.rs │ │ └── mod.rs │ │ ├── bn │ │ ├── g1.rs │ │ ├── g2.rs │ │ └── mod.rs │ │ ├── bw6 │ │ ├── g1.rs │ │ ├── g2.rs │ │ └── mod.rs │ │ ├── mnt4 │ │ ├── g1.rs │ │ ├── g2.rs │ │ └── mod.rs │ │ ├── mnt6 │ │ ├── g1.rs │ │ ├── g2.rs │ │ └── mod.rs │ │ ├── mod.rs │ │ ├── short_weierstrass_affine.rs │ │ ├── short_weierstrass_jacobian.rs │ │ ├── sw_batch_affine.rs │ │ └── twisted_edwards_extended.rs │ ├── error.rs │ ├── fields │ ├── arithmetic.rs │ ├── macros.rs │ ├── mod.rs │ ├── models │ │ ├── cubic_extension.rs │ │ ├── fp12_2over3over2.rs │ │ ├── fp2.rs │ │ ├── fp3.rs │ │ ├── fp4.rs │ │ ├── fp6_2over3.rs │ │ ├── fp6_3over2.rs │ │ ├── mod.rs │ │ └── quadratic_extension.rs │ └── utils.rs │ ├── groups.rs │ ├── io.rs │ ├── lib.rs │ ├── msm │ ├── fixed_base.rs │ ├── mod.rs │ └── variable_base.rs │ ├── rand.rs │ ├── serialize │ ├── error.rs │ ├── flags.rs │ └── mod.rs │ ├── timing.rs │ └── to_field_vec.rs ├── algebra ├── Cargo.toml ├── LICENSE-APACHE ├── LICENSE-MIT ├── chunk_num_script.py └── src │ ├── bls12_377 │ ├── curves │ │ ├── g1.rs │ │ ├── g2.rs │ │ ├── mod.rs │ │ └── tests.rs │ ├── fields │ │ ├── fq.rs │ │ ├── fq12.rs │ │ ├── fq2.rs │ │ ├── fq6.rs │ │ ├── fr.rs │ │ ├── mod.rs │ │ └── tests.rs │ └── mod.rs │ ├── bls12_381 │ ├── curves │ │ ├── g1.rs │ │ ├── g2.rs │ │ ├── mod.rs │ │ └── tests.rs │ ├── fields │ │ ├── fq.rs │ │ ├── fq12.rs │ │ ├── fq2.rs │ │ ├── fq6.rs │ │ ├── fr.rs │ │ ├── mod.rs │ │ └── tests.rs │ └── mod.rs │ ├── bn254 │ ├── curves │ │ ├── g1.rs │ │ ├── g2.rs │ │ ├── mod.rs │ │ └── tests.rs │ ├── fields │ │ ├── fq.rs │ │ ├── fq12.rs │ │ ├── fq2.rs │ │ ├── fq6.rs │ │ ├── fr.rs │ │ ├── mod.rs │ │ └── tests.rs │ └── mod.rs │ ├── bw6_761 │ ├── curves │ │ ├── g1.rs │ │ ├── g2.rs │ │ ├── mod.rs │ │ └── tests.rs │ ├── fields │ │ ├── fq.rs │ │ ├── fq3.rs │ │ ├── fq6.rs │ │ ├── fr.rs │ │ ├── mod.rs │ │ └── tests.rs │ └── mod.rs │ ├── cp6_782 │ ├── curves │ │ ├── g1.rs │ │ ├── g2.rs │ │ ├── mod.rs │ │ └── tests.rs │ ├── fields │ │ ├── fq.rs │ │ ├── fq3.rs │ │ ├── fq6.rs │ │ ├── fr.rs │ │ ├── mod.rs │ │ └── tests.rs │ └── mod.rs │ ├── ed_on_bls12_377 │ ├── curves │ │ ├── mod.rs │ │ └── tests.rs │ ├── fields │ │ ├── fq.rs │ │ ├── fr.rs │ │ ├── mod.rs │ │ └── tests.rs │ └── mod.rs │ ├── ed_on_bls12_381 │ ├── curves │ │ ├── mod.rs │ │ └── tests.rs │ ├── fields │ │ ├── fq.rs │ │ ├── fr.rs │ │ ├── mod.rs │ │ └── tests.rs │ └── mod.rs │ ├── ed_on_bn254 │ ├── curves │ │ ├── mod.rs │ │ └── tests.rs │ ├── fields │ │ ├── fq.rs │ │ ├── fr.rs │ │ ├── mod.rs │ │ └── tests.rs │ └── mod.rs │ ├── ed_on_bw6_761 │ └── mod.rs │ ├── ed_on_cp6_782 │ ├── curves │ │ ├── mod.rs │ │ └── tests.rs │ ├── fields │ │ ├── fq.rs │ │ ├── fr.rs │ │ ├── mod.rs │ │ └── tests.rs │ └── mod.rs │ ├── ed_on_mnt4_298 │ ├── curves │ │ ├── mod.rs │ │ └── tests.rs │ ├── fields │ │ ├── fq.rs │ │ ├── fr.rs │ │ ├── mod.rs │ │ └── tests.rs │ └── mod.rs │ ├── ed_on_mnt4_753 │ ├── curves │ │ ├── mod.rs │ │ └── tests.rs │ ├── fields │ │ ├── fq.rs │ │ ├── fr.rs │ │ ├── mod.rs │ │ └── tests.rs │ └── mod.rs │ ├── lib.rs │ ├── mnt4_298 │ ├── curves │ │ ├── g1.rs │ │ ├── g2.rs │ │ ├── mod.rs │ │ └── tests.rs │ ├── fields │ │ ├── fq.rs │ │ ├── fq2.rs │ │ ├── fq4.rs │ │ ├── fr.rs │ │ ├── mod.rs │ │ └── tests.rs │ └── mod.rs │ ├── mnt4_753 │ ├── curves │ │ ├── g1.rs │ │ ├── g2.rs │ │ ├── mod.rs │ │ └── tests.rs │ ├── fields │ │ ├── fq.rs │ │ ├── fq2.rs │ │ ├── fq4.rs │ │ ├── fr.rs │ │ ├── mod.rs │ │ └── tests.rs │ └── mod.rs │ ├── mnt6_298 │ ├── curves │ │ ├── g1.rs │ │ ├── g2.rs │ │ ├── mod.rs │ │ └── tests.rs │ ├── fields │ │ ├── fq.rs │ │ ├── fq3.rs │ │ ├── fq6.rs │ │ ├── fr.rs │ │ ├── mod.rs │ │ └── tests.rs │ └── mod.rs │ ├── mnt6_753 │ ├── curves │ │ ├── g1.rs │ │ ├── g2.rs │ │ ├── mod.rs │ │ └── tests.rs │ ├── fields │ │ ├── fq.rs │ │ ├── fq3.rs │ │ ├── fq6.rs │ │ ├── fr.rs │ │ ├── mod.rs │ │ └── tests.rs │ └── mod.rs │ └── tests │ ├── cuda.rs │ ├── curves.rs │ ├── fields.rs │ ├── groups.rs │ ├── helpers.rs │ ├── macros.rs │ ├── mod.rs │ └── msm.rs ├── bench-utils ├── Cargo.toml ├── LICENSE-APACHE ├── LICENSE-MIT └── src │ └── lib.rs ├── cp-benches ├── Cargo.toml └── benches │ └── crypto_primitives │ ├── comm.rs │ ├── crh.rs │ ├── prf.rs │ └── signature.rs ├── crypto-primitives ├── Cargo.toml ├── LICENSE-APACHE ├── LICENSE-MIT └── src │ ├── commitment │ ├── blake2s │ │ ├── constraints.rs │ │ └── mod.rs │ ├── constraints.rs │ ├── injective_map │ │ ├── constraints.rs │ │ └── mod.rs │ ├── mod.rs │ └── pedersen │ │ ├── constraints.rs │ │ └── mod.rs │ ├── crh │ ├── bowe_hopwood │ │ ├── constraints.rs │ │ └── mod.rs │ ├── constraints.rs │ ├── injective_map │ │ ├── constraints.rs │ │ └── mod.rs │ ├── mod.rs │ └── pedersen │ │ ├── constraints.rs │ │ └── mod.rs │ ├── lib.rs │ ├── merkle_tree │ ├── constraints.rs │ └── mod.rs │ ├── nizk │ ├── constraints.rs │ ├── gm17 │ │ ├── constraints.rs │ │ └── mod.rs │ ├── groth16 │ │ ├── constraints.rs │ │ └── mod.rs │ └── mod.rs │ ├── prf │ ├── blake2s │ │ ├── constraints.rs │ │ └── mod.rs │ ├── constraints.rs │ └── mod.rs │ └── signature │ ├── constraints.rs │ ├── mod.rs │ └── schnorr │ ├── constraints.rs │ └── mod.rs ├── dpc ├── Cargo.toml ├── LICENSE-APACHE ├── LICENSE-MIT ├── src │ ├── constraints │ │ ├── delegable_dpc.rs │ │ ├── mod.rs │ │ └── plain_dpc.rs │ ├── dpc │ │ ├── delegable_dpc │ │ │ ├── address.rs │ │ │ ├── core_checks_circuit.rs │ │ │ ├── mod.rs │ │ │ ├── parameters.rs │ │ │ ├── predicate.rs │ │ │ ├── predicate_circuit.rs │ │ │ ├── proof_check_circuit.rs │ │ │ ├── record.rs │ │ │ ├── test.rs │ │ │ └── transaction.rs │ │ ├── mod.rs │ │ └── plain_dpc │ │ │ ├── address.rs │ │ │ ├── core_checks_circuit.rs │ │ │ ├── instantiated.rs │ │ │ ├── mod.rs │ │ │ ├── parameters.rs │ │ │ ├── predicate.rs │ │ │ ├── predicate_circuit.rs │ │ │ ├── proof_check_circuit.rs │ │ │ ├── record.rs │ │ │ ├── test.rs │ │ │ └── transaction.rs │ ├── ledger │ │ ├── ideal_ledger.rs │ │ └── mod.rs │ ├── lib.rs │ └── predicates │ │ ├── mod.rs │ │ └── plain_dpc │ │ └── predicate_circuit.rs └── tests │ └── plain_dpc.rs ├── ff-fft-benches ├── Cargo.toml ├── LICENSE-APACHE ├── LICENSE-MIT └── benches │ └── fft.rs ├── ff-fft ├── Cargo.toml ├── LICENSE-APACHE ├── LICENSE-MIT └── src │ ├── domain │ ├── general.rs │ ├── mixed_radix.rs │ ├── mod.rs │ ├── radix2.rs │ └── utils.rs │ ├── evaluations.rs │ ├── lib.rs │ ├── polynomial │ ├── dense.rs │ ├── mod.rs │ └── sparse.rs │ └── test.rs ├── gm17 ├── Cargo.toml ├── LICENSE-APACHE ├── LICENSE-MIT ├── examples │ ├── recursive-snark │ │ ├── constraints.rs │ │ └── gm17.rs │ └── snark-scalability │ │ ├── constraints.rs │ │ └── gm17.rs ├── src │ ├── generator │ │ ├── generic.rs │ │ └── mod.rs │ ├── lib.rs │ ├── prover │ │ ├── generic.rs │ │ └── mod.rs │ ├── r1cs_to_sap.rs │ ├── test.rs │ └── verifier.rs └── tests │ └── mimc.rs ├── groth16 ├── Cargo.toml ├── LICENSE-APACHE ├── LICENSE-MIT ├── examples │ ├── recursive-snark │ │ ├── constraints.rs │ │ └── groth16.rs │ └── snark-scalability │ │ ├── constraints.rs │ │ └── groth16.rs ├── src │ ├── generator │ │ ├── generic.rs │ │ └── mod.rs │ ├── lib.rs │ ├── prover │ │ ├── generic.rs │ │ └── mod.rs │ ├── r1cs_to_qap.rs │ ├── test.rs │ └── verifier.rs └── tests │ └── mimc.rs ├── r1cs-core ├── Cargo.toml ├── LICENSE-APACHE ├── LICENSE-MIT └── src │ ├── constraint_system.rs │ ├── error.rs │ ├── impl_lc.rs │ ├── lib.rs │ └── trace.rs ├── r1cs-std ├── Cargo.toml ├── LICENSE-APACHE ├── LICENSE-MIT └── src │ ├── alloc.rs │ ├── bits │ ├── boolean.rs │ ├── mod.rs │ ├── uint.rs │ └── uint8.rs │ ├── eq.rs │ ├── fields │ ├── cubic_extension.rs │ ├── fp │ │ ├── cmp.rs │ │ └── mod.rs │ ├── fp12.rs │ ├── fp2.rs │ ├── fp3.rs │ ├── fp4.rs │ ├── fp6_2over3.rs │ ├── fp6_3over2.rs │ ├── mod.rs │ └── quadratic_extension.rs │ ├── groups │ ├── curves │ │ ├── mod.rs │ │ ├── short_weierstrass │ │ │ ├── bls12 │ │ │ │ └── mod.rs │ │ │ ├── mnt4 │ │ │ │ └── mod.rs │ │ │ ├── mnt6 │ │ │ │ └── mod.rs │ │ │ └── mod.rs │ │ └── twisted_edwards │ │ │ └── mod.rs │ └── mod.rs │ ├── instantiated │ ├── bls12_377 │ │ ├── curves.rs │ │ ├── fields.rs │ │ ├── mod.rs │ │ └── pairing.rs │ ├── ed_on_bls12_377 │ │ ├── curves.rs │ │ ├── fields.rs │ │ └── mod.rs │ ├── ed_on_bls12_381 │ │ ├── curves.rs │ │ ├── fields.rs │ │ └── mod.rs │ ├── ed_on_bn254 │ │ ├── curves.rs │ │ ├── fields.rs │ │ └── mod.rs │ ├── ed_on_bw6_761 │ │ └── mod.rs │ ├── ed_on_cp6_782 │ │ ├── curves.rs │ │ ├── fields.rs │ │ └── mod.rs │ ├── ed_on_mnt4_298 │ │ ├── curves.rs │ │ ├── fields.rs │ │ └── mod.rs │ ├── ed_on_mnt4_753 │ │ ├── curves.rs │ │ ├── fields.rs │ │ └── mod.rs │ ├── mnt4_298 │ │ ├── curves.rs │ │ ├── fields.rs │ │ ├── mod.rs │ │ └── pairing.rs │ ├── mnt4_753 │ │ ├── curves.rs │ │ ├── fields.rs │ │ ├── mod.rs │ │ └── pairing.rs │ ├── mnt6_298 │ │ ├── curves.rs │ │ ├── fields.rs │ │ ├── mod.rs │ │ └── pairing.rs │ ├── mnt6_753 │ │ ├── curves.rs │ │ ├── fields.rs │ │ ├── mod.rs │ │ └── pairing.rs │ └── mod.rs │ ├── lib.rs │ ├── macros.rs │ ├── pairing │ ├── bls12 │ │ └── mod.rs │ ├── mnt4 │ │ └── mod.rs │ ├── mnt6 │ │ └── mod.rs │ └── mod.rs │ └── select.rs ├── rustfmt.toml └── scripts ├── glv_lattice_basis ├── Cargo.toml ├── LICENSE-APACHE ├── LICENSE-MIT ├── examples │ └── main.rs └── src │ ├── arithmetic.rs │ └── lib.rs └── install-hook.sh /.cargo/config: -------------------------------------------------------------------------------- 1 | [build] 2 | rustflags = ["-C", "target-cpu=native"] 3 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | target 2 | Cargo.lock 3 | .DS_Store 4 | .idea 5 | *.iml 6 | *.ipynb_checkpoints 7 | *.pyc 8 | *.sage.py 9 | params 10 | *.swp 11 | *.swo 12 | -------------------------------------------------------------------------------- /.hooks/pre-commit: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | rustfmt --version &>/dev/null 4 | if [ $? != 0 ]; then 5 | printf "[pre_commit] \033[0;31merror\033[0m: \"rustfmt\" not available. \n" 6 | printf "[pre_commit] \033[0;31merror\033[0m: rustfmt can be installed via - \n" 7 | printf "[pre_commit] $ rustup component add rustfmt \n" 8 | exit 1 9 | fi 10 | 11 | problem_files=() 12 | 13 | # collect ill-formatted files 14 | for file in $(git diff --name-only --cached); do 15 | if [ ${file: -3} == ".rs" ]; then 16 | rustfmt +stable --check $file &>/dev/null 17 | if [ $? != 0 ]; then 18 | problem_files+=($file) 19 | fi 20 | fi 21 | done 22 | 23 | if [ ${#problem_files[@]} == 0 ]; then 24 | # done 25 | printf "[pre_commit] rustfmt \033[0;32mok\033[0m \n" 26 | else 27 | # reformat the files that need it and re-stage them. 28 | printf "[pre_commit] the following files were rustfmt'd before commit: \n" 29 | for file in ${problem_files[@]}; do 30 | rustfmt +stable $file 31 | git add $file 32 | printf "\033[0;32m $file\033[0m \n" 33 | done 34 | fi 35 | 36 | exit 0 37 | -------------------------------------------------------------------------------- /AUTHORS: -------------------------------------------------------------------------------- 1 | Sean Bowe 2 | Alessandro Chiesa 3 | Matthew Green 4 | Ian Miers 5 | Pratyush Mishra 6 | Howard Wu 7 | -------------------------------------------------------------------------------- /Cargo.toml: -------------------------------------------------------------------------------- 1 | [workspace] 2 | 3 | members = [ 4 | "algebra-core", 5 | "algebra", 6 | "algebra-benches", 7 | "bench-utils", 8 | "cp-benches", 9 | "crypto-primitives", 10 | "dpc", 11 | "ff-fft", 12 | "ff-fft-benches", 13 | "gm17", 14 | "groth16", 15 | "r1cs-core", 16 | "r1cs-std", 17 | "algebra-core/algebra-core-derive", 18 | "scripts/glv_lattice_basis", 19 | ] 20 | 21 | [profile.release] 22 | opt-level = 3 23 | lto = "thin" 24 | incremental = true 25 | 26 | [profile.bench] 27 | opt-level = 3 28 | debug = false 29 | rpath = false 30 | lto = "thin" 31 | incremental = true 32 | debug-assertions = false 33 | 34 | [profile.dev] 35 | opt-level = 0 36 | 37 | [profile.test] 38 | opt-level = 3 39 | lto = "thin" 40 | incremental = true 41 | debug-assertions = true 42 | debug = true 43 | -------------------------------------------------------------------------------- /LICENSE-MIT: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Permission is hereby granted, free of charge, to any person obtaining a copy 4 | of this software and associated documentation files (the "Software"), to deal 5 | in the Software without restriction, including without limitation the rights 6 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 7 | copies of the Software, and to permit persons to whom the Software is 8 | furnished to do so, subject to the following conditions: 9 | 10 | The above copyright notice and this permission notice shall be included in 11 | all copies or substantial portions of the Software. 12 | 13 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 14 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 15 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 16 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 17 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 18 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 19 | THE SOFTWARE. 20 | -------------------------------------------------------------------------------- /algebra-benches/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "algebra-benches" 3 | version = "0.1.1-alpha.0" 4 | authors = [ 5 | "Sean Bowe", 6 | "Alessandro Chiesa", 7 | "Matthew Green", 8 | "Ian Miers", 9 | "Pratyush Mishra", 10 | "Howard Wu" 11 | ] 12 | description = "A benchmark library for finite fields and elliptic curves" 13 | homepage = "https://libzexe.org" 14 | repository = "https://github.com/scipr/zexe" 15 | documentation = "https://docs.rs/algebra/" 16 | keywords = ["cryptography", "finite fields", "elliptic curves", "pairing"] 17 | categories = ["cryptography"] 18 | include = ["Cargo.toml", "src", "README.md", "LICENSE-APACHE", "LICENSE-MIT"] 19 | license = "MIT/Apache-2.0" 20 | edition = "2018" 21 | publish = false 22 | build = "build.rs" 23 | 24 | ################################# Dependencies ################################ 25 | 26 | [dev-dependencies] 27 | algebra = { path = "../algebra" } 28 | blake2 = "0.8.1" 29 | rand = "0.7" 30 | rand_xorshift = { version = "0.2" } 31 | paste = "1.0" 32 | 33 | [features] 34 | bw6_asm = [ "algebra/bw6_asm"] 35 | asm = [ "algebra/asm"] 36 | prefetch = [ "algebra/prefetch"] 37 | cuda = [ "algebra/cuda" ] 38 | force_bw6_asm = [ "bw6_asm", "algebra/force_bw6_asm" ] 39 | n_fold = [] 40 | mnt4_298 = [ "algebra/mnt4_298"] 41 | mnt6_298 = [ "algebra/mnt6_298"] 42 | mnt4_753 = [ "algebra/mnt4_753"] 43 | mnt6_753 = [ "algebra/mnt6_753"] 44 | bn254 = [ "algebra/bn254"] 45 | bls12_381 = [ "algebra/bls12_381"] 46 | bls12_377 = [ "algebra/bls12_377"] 47 | cp6_782 = [ "algebra/cp6_782" ] 48 | bw6_761 = [ "algebra/bw6_761" ] 49 | timing = [ "algebra/timing"] 50 | timing_detailed = [ "algebra/timing_detailed" ] 51 | timing_thread_id = [ "algebra/timing_thread_id" ] 52 | 53 | [build-dependencies] 54 | rustc_version = "0.2" 55 | -------------------------------------------------------------------------------- /algebra-benches/build.rs: -------------------------------------------------------------------------------- 1 | extern crate rustc_version; 2 | 3 | use rustc_version::{version_meta, Channel}; 4 | 5 | fn main() { 6 | if version_meta().expect("nightly check failed").channel == Channel::Nightly { 7 | println!("cargo:rustc-cfg=nightly"); 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /algebra-benches/src/curves/bls12_377.rs: -------------------------------------------------------------------------------- 1 | use rand::SeedableRng; 2 | use rand_xorshift::XorShiftRng; 3 | use std::ops::{AddAssign, MulAssign, SubAssign}; 4 | 5 | use algebra::{ 6 | biginteger::{BigInteger256 as FrRepr, BigInteger384 as FqRepr}, 7 | bls12::{G1Prepared, G2Prepared}, 8 | bls12_377::{ 9 | fq::Fq, fq2::Fq2, fr::Fr, Bls12_377, Fq12, G1Affine, G1Projective as G1, G2Affine, 10 | G2Projective as G2, Parameters, 11 | }, 12 | BigInteger, Field, PairingEngine, PrimeField, ProjectiveCurve, SquareRootField, UniformRand, 13 | }; 14 | 15 | ec_bench!(); 16 | f_bench!(1, Fq2, Fq2, fq2); 17 | f_bench!(2, Fq12, Fq12, fq12); 18 | f_bench!(Fq, Fq, FqRepr, FqRepr, fq); 19 | f_bench!(Fr, Fr, FrRepr, FrRepr, fr); 20 | pairing_bench!(Bls12_377, Fq12, prepared_v); 21 | -------------------------------------------------------------------------------- /algebra-benches/src/curves/bls12_381.rs: -------------------------------------------------------------------------------- 1 | use rand::SeedableRng; 2 | use rand_xorshift::XorShiftRng; 3 | use std::ops::{AddAssign, MulAssign, SubAssign}; 4 | 5 | use algebra::{ 6 | biginteger::{BigInteger256 as FrRepr, BigInteger384 as FqRepr}, 7 | bls12::{G1Prepared, G2Prepared}, 8 | bls12_381::{ 9 | fq::Fq, fq2::Fq2, fr::Fr, Bls12_381, Fq12, G1Affine, G1Projective as G1, G2Affine, 10 | G2Projective as G2, Parameters, 11 | }, 12 | BigInteger, Field, PairingEngine, PrimeField, ProjectiveCurve, SquareRootField, UniformRand, 13 | }; 14 | 15 | ec_bench!(); 16 | f_bench!(1, Fq2, Fq2, fq2); 17 | f_bench!(2, Fq12, Fq12, fq12); 18 | f_bench!(Fq, Fq, FqRepr, FqRepr, fq); 19 | f_bench!(Fr, Fr, FrRepr, FrRepr, fr); 20 | pairing_bench!(Bls12_381, Fq12, prepared_v); 21 | -------------------------------------------------------------------------------- /algebra-benches/src/curves/bn254.rs: -------------------------------------------------------------------------------- 1 | use rand::SeedableRng; 2 | use rand_xorshift::XorShiftRng; 3 | use std::ops::{AddAssign, MulAssign, SubAssign}; 4 | 5 | use algebra::{ 6 | biginteger::{BigInteger256 as FrRepr, BigInteger256 as FqRepr}, 7 | bn::{G1Prepared, G2Prepared}, 8 | bn254::{ 9 | fq::Fq, fq2::Fq2, fr::Fr, Bn254, Fq12, G1Affine, G1Projective as G1, G2Affine, 10 | G2Projective as G2, Parameters, 11 | }, 12 | BigInteger, Field, PairingEngine, PrimeField, ProjectiveCurve, SquareRootField, UniformRand, 13 | }; 14 | 15 | ec_bench!(); 16 | f_bench!(1, Fq2, Fq2, fq2); 17 | f_bench!(2, Fq12, Fq12, fq12); 18 | f_bench!(Fq, Fq, FqRepr, FqRepr, fq); 19 | f_bench!(Fr, Fr, FrRepr, FrRepr, fr); 20 | pairing_bench!(Bn254, Fq12, prepared_v); 21 | -------------------------------------------------------------------------------- /algebra-benches/src/curves/bw6_761.rs: -------------------------------------------------------------------------------- 1 | use rand::SeedableRng; 2 | use rand_xorshift::XorShiftRng; 3 | use std::ops::{AddAssign, MulAssign, SubAssign}; 4 | 5 | use algebra::{ 6 | biginteger::{BigInteger384 as FrRepr, BigInteger768 as FqRepr}, 7 | bw6::{G1Prepared, G2Prepared}, 8 | bw6_761::{ 9 | fq::Fq, fq3::Fq3, fr::Fr, Fq6, G1Affine, G1Projective as G1, G2Affine, G2Projective as G2, 10 | Parameters, BW6_761, 11 | }, 12 | curves::BatchGroupArithmeticSlice, 13 | BigInteger, Field, PairingEngine, PrimeField, ProjectiveCurve, SquareRootField, UniformRand, 14 | }; 15 | 16 | batch_arith!(); 17 | ec_bench!(); 18 | f_bench!(1, Fq3, Fq3, fq3); 19 | f_bench!(2, Fq6, Fq6, fq6); 20 | f_bench!(Fq, Fq, FqRepr, FqRepr, fq); 21 | f_bench!(Fr, Fr, FrRepr, FrRepr, fr); 22 | pairing_bench!(BW6_761, Fq6, prepared_v); 23 | -------------------------------------------------------------------------------- /algebra-benches/src/curves/cp6_782.rs: -------------------------------------------------------------------------------- 1 | use rand::SeedableRng; 2 | use rand_xorshift::XorShiftRng; 3 | use std::ops::{AddAssign, MulAssign, SubAssign}; 4 | 5 | use algebra::{ 6 | biginteger::{BigInteger384 as FrRepr, BigInteger832 as FqRepr}, 7 | cp6_782::{ 8 | fq::Fq, fq3::Fq3, fr::Fr, Fq6, G1Affine, G1Projective as G1, G2Affine, G2Projective as G2, 9 | CP6_782, 10 | }, 11 | BigInteger, Field, PairingEngine, PrimeField, ProjectiveCurve, SquareRootField, UniformRand, 12 | }; 13 | 14 | ec_bench!(); 15 | f_bench!(1, Fq3, Fq3, fq3); 16 | f_bench!(2, Fq6, Fq6, fq6); 17 | f_bench!(Fq, Fq, FqRepr, FqRepr, fq); 18 | f_bench!(Fr, Fr, FrRepr, FrRepr, fr); 19 | pairing_bench!(CP6_782, Fq6, affine_v); 20 | -------------------------------------------------------------------------------- /algebra-benches/src/curves/mnt4_298.rs: -------------------------------------------------------------------------------- 1 | use rand::SeedableRng; 2 | use rand_xorshift::XorShiftRng; 3 | use std::ops::{AddAssign, MulAssign, SubAssign}; 4 | 5 | use algebra::{ 6 | biginteger::BigInteger320 as FqRepr, 7 | mnt4::{G1Prepared, G2Prepared}, 8 | mnt4_298::{ 9 | fq::Fq, fq2::Fq2, fr::Fr, Fq4, G1Affine, G1Projective as G1, G2Affine, G2Projective as G2, 10 | Parameters, MNT4_298, 11 | }, 12 | BigInteger, Field, PairingEngine, PrimeField, ProjectiveCurve, SquareRootField, UniformRand, 13 | }; 14 | 15 | ec_bench!(); 16 | f_bench!(1, Fq2, Fq2, fq2); 17 | f_bench!(2, Fq4, Fq4, fq4); 18 | f_bench!(Fq, Fq, FqRepr, FqRepr, fq); 19 | pairing_bench!(MNT4_298, Fq4, prepared_v); 20 | -------------------------------------------------------------------------------- /algebra-benches/src/curves/mnt4_753.rs: -------------------------------------------------------------------------------- 1 | use rand::SeedableRng; 2 | use rand_xorshift::XorShiftRng; 3 | use std::ops::{AddAssign, MulAssign, SubAssign}; 4 | 5 | use algebra::{ 6 | biginteger::BigInteger768 as FqRepr, 7 | mnt4::{G1Prepared, G2Prepared}, 8 | mnt4_753::{ 9 | fq::Fq, fq2::Fq2, fr::Fr, Fq4, G1Affine, G1Projective as G1, G2Affine, G2Projective as G2, 10 | Parameters, MNT4_753, 11 | }, 12 | BigInteger, Field, PairingEngine, PrimeField, ProjectiveCurve, SquareRootField, UniformRand, 13 | }; 14 | 15 | ec_bench!(); 16 | f_bench!(1, Fq2, Fq2, fq2); 17 | f_bench!(2, Fq4, Fq4, fq4); 18 | f_bench!(Fq, Fq, FqRepr, FqRepr, fq); 19 | pairing_bench!(MNT4_753, Fq4, prepared_v); 20 | -------------------------------------------------------------------------------- /algebra-benches/src/curves/mnt6_298.rs: -------------------------------------------------------------------------------- 1 | use rand::SeedableRng; 2 | use rand_xorshift::XorShiftRng; 3 | use std::ops::{AddAssign, MulAssign, SubAssign}; 4 | 5 | use algebra::{ 6 | biginteger::BigInteger320 as FqRepr, 7 | mnt6::{G1Prepared, G2Prepared}, 8 | mnt6_298::{ 9 | fq::Fq, fq3::Fq3, fr::Fr, Fq6, G1Affine, G1Projective as G1, G2Affine, G2Projective as G2, 10 | Parameters, MNT6_298, 11 | }, 12 | BigInteger, Field, PairingEngine, PrimeField, ProjectiveCurve, SquareRootField, UniformRand, 13 | }; 14 | 15 | ec_bench!(); 16 | f_bench!(1, Fq3, Fq3, fq3); 17 | f_bench!(2, Fq6, Fq6, fq6); 18 | f_bench!(Fq, Fq, FqRepr, FqRepr, fq); 19 | pairing_bench!(MNT6_298, Fq6, prepared_v); 20 | -------------------------------------------------------------------------------- /algebra-benches/src/curves/mnt6_753.rs: -------------------------------------------------------------------------------- 1 | use rand::SeedableRng; 2 | use rand_xorshift::XorShiftRng; 3 | use std::ops::{AddAssign, MulAssign, SubAssign}; 4 | 5 | use algebra::{ 6 | biginteger::BigInteger768 as FqRepr, 7 | mnt6::{G1Prepared, G2Prepared}, 8 | mnt6_753::{ 9 | fq::Fq, fq3::Fq3, fr::Fr, Fq6, G1Affine, G1Projective as G1, G2Affine, G2Projective as G2, 10 | Parameters, MNT6_753, 11 | }, 12 | BigInteger, Field, PairingEngine, PrimeField, ProjectiveCurve, SquareRootField, UniformRand, 13 | }; 14 | 15 | ec_bench!(); 16 | f_bench!(1, Fq3, Fq3, fq3); 17 | f_bench!(2, Fq6, Fq6, fq6); 18 | f_bench!(Fq, Fq, FqRepr, FqRepr, fq); 19 | pairing_bench!(MNT6_753, Fq6, prepared_v); 20 | -------------------------------------------------------------------------------- /algebra-benches/src/curves/mod.rs: -------------------------------------------------------------------------------- 1 | #[cfg(feature = "bls12_377")] 2 | mod bls12_377; 3 | #[cfg(feature = "bls12_381")] 4 | mod bls12_381; 5 | #[cfg(feature = "bn254")] 6 | mod bn254; 7 | #[cfg(feature = "bw6_761")] 8 | mod bw6_761; 9 | #[cfg(feature = "cp6_782")] 10 | mod cp6_782; 11 | #[cfg(feature = "mnt4_298")] 12 | mod mnt4_298; 13 | #[cfg(feature = "mnt4_753")] 14 | mod mnt4_753; 15 | #[cfg(feature = "mnt6_298")] 16 | mod mnt6_298; 17 | #[cfg(feature = "mnt6_753")] 18 | mod mnt6_753; 19 | -------------------------------------------------------------------------------- /algebra-benches/src/lib.rs: -------------------------------------------------------------------------------- 1 | #![cfg_attr(nightly, feature(test))] 2 | #![allow(unused_macros)] 3 | 4 | #[cfg(nightly)] 5 | extern crate test; 6 | 7 | #[cfg(all(nightly, test))] 8 | #[macro_use] 9 | pub mod macros; 10 | 11 | #[cfg(all(nightly, test))] 12 | mod curves; 13 | -------------------------------------------------------------------------------- /algebra-benches/src/macros/mod.rs: -------------------------------------------------------------------------------- 1 | #[macro_use] 2 | mod ec; 3 | 4 | #[macro_use] 5 | mod field; 6 | 7 | #[macro_use] 8 | mod pairing; 9 | 10 | #[macro_use] 11 | mod utils; 12 | 13 | #[macro_use] 14 | mod batch_arith; 15 | -------------------------------------------------------------------------------- /algebra-benches/src/macros/pairing.rs: -------------------------------------------------------------------------------- 1 | macro_rules! pairing_bench { 2 | ($curve:ident, $pairing_field:ident, $pairing_type:ident) => { 3 | #[bench] 4 | fn bench_pairing_miller_loop(b: &mut ::test::Bencher) { 5 | const SAMPLES: usize = 1000; 6 | 7 | let mut rng = XorShiftRng::seed_from_u64(1231275789u64); 8 | 9 | $pairing_type!(v, rng); 10 | 11 | let mut count = 0; 12 | b.iter(|| { 13 | let tmp = $curve::miller_loop(&[(v[count].0.clone(), v[count].1.clone())]); 14 | count = (count + 1) % SAMPLES; 15 | tmp 16 | }); 17 | } 18 | 19 | #[bench] 20 | fn bench_pairing_final_exponentiation(b: &mut ::test::Bencher) { 21 | const SAMPLES: usize = 1000; 22 | 23 | let mut rng = XorShiftRng::seed_from_u64(1231275789u64); 24 | 25 | let v: Vec<$pairing_field> = (0..SAMPLES) 26 | .map(|_| { 27 | ( 28 | G1Affine::from(G1::rand(&mut rng)).into(), 29 | G2Affine::from(G2::rand(&mut rng)).into(), 30 | ) 31 | }) 32 | .map(|(p, q)| $curve::miller_loop(&[(p, q)])) 33 | .collect(); 34 | 35 | let mut count = 0; 36 | b.iter(|| { 37 | let tmp = $curve::final_exponentiation(&v[count]); 38 | count = (count + 1) % SAMPLES; 39 | tmp 40 | }); 41 | } 42 | 43 | #[bench] 44 | fn bench_pairing_full(b: &mut ::test::Bencher) { 45 | const SAMPLES: usize = 1000; 46 | 47 | let mut rng = XorShiftRng::seed_from_u64(1231275789u64); 48 | 49 | let v: Vec<(G1, G2)> = (0..SAMPLES) 50 | .map(|_| (G1::rand(&mut rng), G2::rand(&mut rng))) 51 | .collect(); 52 | 53 | let mut count = 0; 54 | b.iter(|| { 55 | let tmp = $curve::pairing(v[count].0, v[count].1); 56 | count = (count + 1) % SAMPLES; 57 | tmp 58 | }); 59 | } 60 | }; 61 | } 62 | -------------------------------------------------------------------------------- /algebra-benches/src/macros/utils.rs: -------------------------------------------------------------------------------- 1 | macro_rules! n_fold { 2 | ($tmp:ident, $v:ident, $func:ident, $count:ident) => { 3 | const ITERS: usize = 1000; 4 | 5 | #[cfg(not(feature = "n_fold"))] 6 | $tmp.$func(&$v[$count].1); 7 | #[cfg(feature = "n_fold")] 8 | for _ in 0..ITERS { 9 | $tmp.$func(&$v[$count].1); 10 | } 11 | }; 12 | 13 | ($tmp:ident, $func:ident) => { 14 | const ITERS: usize = 1000; 15 | 16 | #[cfg(not(feature = "n_fold"))] 17 | $tmp.$func(); 18 | #[cfg(feature = "n_fold")] 19 | for _ in 0..ITERS { 20 | $tmp.$func(); 21 | } 22 | }; 23 | } 24 | 25 | macro_rules! prepared_v { 26 | ($v:ident, $rng:ident) => { 27 | let $v: Vec<(G1Prepared, G2Prepared)> = (0..SAMPLES) 28 | .map(|_| { 29 | ( 30 | G1Affine::from(G1::rand(&mut $rng)).into(), 31 | G2Affine::from(G2::rand(&mut $rng)).into(), 32 | ) 33 | }) 34 | .collect(); 35 | }; 36 | } 37 | 38 | macro_rules! affine_v { 39 | ($v:ident, $rng:ident) => { 40 | let $v: Vec<(G1Affine, G2Affine)> = (0..SAMPLES) 41 | .map(|_| { 42 | ( 43 | G1Affine::from(G1::rand(&mut $rng)).into(), 44 | G2Affine::from(G2::rand(&mut $rng)).into(), 45 | ) 46 | }) 47 | .collect(); 48 | }; 49 | } 50 | -------------------------------------------------------------------------------- /algebra-core/.gitignore: -------------------------------------------------------------------------------- 1 | *.SCE.S 2 | *.SCR.S 3 | -------------------------------------------------------------------------------- /algebra-core/LICENSE-APACHE: -------------------------------------------------------------------------------- 1 | ../LICENSE-APACHE -------------------------------------------------------------------------------- /algebra-core/LICENSE-MIT: -------------------------------------------------------------------------------- 1 | ../LICENSE-MIT -------------------------------------------------------------------------------- /algebra-core/algebra-core-derive/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "algebra-core-derive" 3 | version = "0.1.1-alpha.0" 4 | authors = [ 5 | "Sean Bowe", 6 | "Alessandro Chiesa", 7 | "Matthew Green", 8 | "Ian Miers", 9 | "Pratyush Mishra", 10 | "Howard Wu" 11 | ] 12 | description = "A library for deriving serialization traits" 13 | homepage = "https://libzexe.org" 14 | repository = "https://github.com/scipr/zexe" 15 | documentation = "https://docs.rs/algebra/" 16 | keywords = ["cryptography", "finite fields", "elliptic curves", "pairing", "serialization"] 17 | categories = ["cryptography"] 18 | include = ["Cargo.toml", "src", "README.md", "LICENSE-APACHE", "LICENSE-MIT"] 19 | license = "MIT/Apache-2.0" 20 | edition = "2018" 21 | 22 | ################################# Dependencies ################################ 23 | 24 | [lib] 25 | proc-macro = true 26 | 27 | [dependencies] 28 | proc-macro2 = "1.0" 29 | syn = "1.0" 30 | quote = "1.0.7" 31 | -------------------------------------------------------------------------------- /algebra-core/algebra-core-derive/LICENSE-APACHE: -------------------------------------------------------------------------------- 1 | ../../LICENSE-APACHE -------------------------------------------------------------------------------- /algebra-core/algebra-core-derive/LICENSE-MIT: -------------------------------------------------------------------------------- 1 | ../../LICENSE-MIT -------------------------------------------------------------------------------- /algebra-core/bw6-assembly/modadd768.S: -------------------------------------------------------------------------------- 1 | #if defined(__arm64) || defined(__arm64__) || defined(__ARM64_ARCH_8__) || defined(__ARM_ARCH_8A) || (__ARM_ARCH==8) || defined(__ARM_ARCH_ISA_A64) || defined(__ARM_PCS_AAPCS64) 2 | #include "modadd768-armv8.SCR.S" 3 | 4 | #elif defined(__x86_64) || defined(__x86_64__) || defined(__amd64) || defined(__amd64__) 5 | #include "modadd768-x86_64.SCR.S" 6 | 7 | #endif 8 | -------------------------------------------------------------------------------- /algebra-core/bw6-assembly/modmul768.S: -------------------------------------------------------------------------------- 1 | #if defined(__arm64) || defined(__arm64__) || defined(__ARM64_ARCH_8__) || defined(__ARM_ARCH_8A) || (__ARM_ARCH==8) || defined(__ARM_ARCH_ISA_A64) || defined(__ARM_PCS_AAPCS64) 2 | #include "modmul768-armv8.SCR.S" 3 | 4 | #elif defined(__x86_64) || defined(__x86_64__) || defined(__amd64) || defined(__amd64__) 5 | #include "modmul768-x86_64.SCR.S" 6 | 7 | #endif 8 | -------------------------------------------------------------------------------- /algebra-core/bw6-assembly/modsqr768.S: -------------------------------------------------------------------------------- 1 | #if defined(__arm64) || defined(__arm64__) || defined(__ARM64_ARCH_8__) || defined(__ARM_ARCH_8A) || (__ARM_ARCH==8) || defined(__ARM_ARCH_ISA_A64) || defined(__ARM_PCS_AAPCS64) 2 | #include "modsqr768-armv8.SCR.S" 3 | 4 | #elif defined(__x86_64) || defined(__x86_64__) || defined(__amd64) || defined(__amd64__) 5 | #include "modsqr768-x86_64.SCR.S" 6 | 7 | #endif 8 | -------------------------------------------------------------------------------- /algebra-core/bw6-assembly/modsub768.S: -------------------------------------------------------------------------------- 1 | #if defined(__arm64) || defined(__arm64__) || defined(__ARM64_ARCH_8__) || defined(__ARM_ARCH_8A) || (__ARM_ARCH==8) || defined(__ARM_ARCH_ISA_A64) || defined(__ARM_PCS_AAPCS64) 2 | #include "modsub768-armv8.SCR.S" 3 | 4 | #elif defined(__x86_64) || defined(__x86_64__) || defined(__amd64) || defined(__amd64__) 5 | #include "modsub768-x86_64.SCR.S" 6 | 7 | #endif 8 | -------------------------------------------------------------------------------- /algebra-core/field-assembly/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "field-assembly" 3 | version = "0.1.1-alpha.0" 4 | authors = ["jon-chuang <9093549+jon-chuang@users.noreply.github.com>"] 5 | edition = "2018" 6 | 7 | # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html 8 | 9 | [dependencies] 10 | mince = { path = "../mince" } 11 | paste = "0.1" 12 | -------------------------------------------------------------------------------- /algebra-core/field-assembly/src/utils.rs: -------------------------------------------------------------------------------- 1 | pub const RAX: &'static str = "%rax"; 2 | pub const RBX: &'static str = "%rbx"; 3 | pub const RCX: &'static str = "%rcx"; 4 | pub const RDX: &'static str = "%rdx"; 5 | pub const RDI: &'static str = "%rdi"; 6 | pub const RSI: &'static str = "%rsi"; 7 | pub const R: [&'static str; 8] = ["%r8", "%r9", "%r10", "%r11", "%r12", "%r13", "%r14", "%r15"]; 8 | 9 | macro_rules! reg { 10 | ($a_reg:ident, $a:ident, $range:expr) => { 11 | paste::item! { 12 | let mut $a_reg = Vec::new(); 13 | let mut [<$a_reg _1>] = Vec::new(); 14 | for i in 0..$range { 15 | [<$a_reg _1>].push(format!("{}({})", i * 8, $a)); 16 | } 17 | for i in 0..$range { 18 | $a_reg.push(&*[<$a_reg _1>][i]); 19 | } 20 | } 21 | }; 22 | } 23 | -------------------------------------------------------------------------------- /algebra-core/mince/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "mince" 3 | version = "0.1.1-alpha.0" 4 | authors = ["jon-chuang <9093549+jon-chuang@users.noreply.github.com>"] 5 | edition = "2018" 6 | 7 | # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html 8 | 9 | [dependencies] 10 | quote = "1.0.7" 11 | syn = {version = "1.0.17", features = ["full"]} 12 | 13 | [lib] 14 | proc-macro = true 15 | -------------------------------------------------------------------------------- /algebra-core/mince/src/intrinsics.rs: -------------------------------------------------------------------------------- 1 | use proc_macro::TokenStream; 2 | use quote::quote; 3 | 4 | pub fn define_intrinsics() -> TokenStream { 5 | (quote! { 6 | { 7 | let mut begin = || { 8 | llvm_asm_string.borrow_mut().push_str("\""); 9 | }; 10 | 11 | let mut end = || { 12 | llvm_asm_string.borrow_mut().push_str(" 13 | \""); 14 | }; 15 | 16 | let mut comment = | comment: &str | { 17 | llvm_asm_string.borrow_mut().push_str(&format!(" // {}", comment)); 18 | }; 19 | 20 | let mut mulxq = | a: &str, b: &str, c: &str | { 21 | llvm_asm_string.borrow_mut().push_str(&format!(" 22 | mulxq {}, {}, {}", a, b, c)); 23 | }; 24 | 25 | let mut adcxq = | a: &str, b: &str| { 26 | llvm_asm_string.borrow_mut().push_str(&format!(" 27 | adcxq {}, {}", a, b)); 28 | }; 29 | 30 | let mut adoxq = | a: &str, b: &str | { 31 | llvm_asm_string.borrow_mut().push_str(&format!(" 32 | adoxq {}, {}", a, b)); 33 | }; 34 | 35 | let mut movq = | a: &str, b: &str | { 36 | llvm_asm_string.borrow_mut().push_str(&format!(" 37 | movq {}, {}", a, b)); 38 | }; 39 | 40 | let mut xorq = | a: &str, b: &str | { 41 | llvm_asm_string.borrow_mut().push_str(&format!(" 42 | xorq {}, {}", a, b)); 43 | }; 44 | } 45 | }) 46 | .into() 47 | } 48 | -------------------------------------------------------------------------------- /algebra-core/mince/src/lib.rs: -------------------------------------------------------------------------------- 1 | #![recursion_limit = "256"] 2 | 3 | extern crate proc_macro; 4 | 5 | mod intrinsics; 6 | use intrinsics::*; 7 | 8 | mod arithmetic; 9 | use arithmetic::*; 10 | 11 | use proc_macro::TokenStream; 12 | use quote::quote; 13 | use syn; 14 | 15 | #[proc_macro_attribute] 16 | pub fn assemble(_meta: TokenStream, input: TokenStream) -> TokenStream { 17 | let ast: syn::ItemFn = syn::parse(input).unwrap(); 18 | let sig = ast.sig; 19 | let block = ast.block; 20 | let attrs = ast.attrs; 21 | 22 | let arithmetic: syn::Block = syn::parse(define_arithmetic()).unwrap(); 23 | let intrinsics: syn::Block = syn::parse(define_intrinsics()).unwrap(); 24 | 25 | let begin: syn::Stmt = syn::parse((quote! { begin(); }).into()).unwrap(); 26 | let end: syn::Stmt = syn::parse((quote! { end(); }).into()).unwrap(); 27 | let ret: syn::Stmt = 28 | syn::parse((quote! { return llvm_asm_string.into_inner(); }).into()).unwrap(); 29 | 30 | let mut new_stmts = Vec::new(); 31 | for stmt in &intrinsics.stmts { 32 | new_stmts.push(stmt.clone()); 33 | } 34 | for stmt in &arithmetic.stmts { 35 | new_stmts.push(stmt.clone()); 36 | } 37 | 38 | new_stmts.push(begin); 39 | 40 | for stmt in block.stmts { 41 | new_stmts.push(stmt); 42 | } 43 | 44 | new_stmts.push(end); 45 | new_stmts.push(ret); 46 | 47 | let new_block = syn::Block { 48 | brace_token: block.brace_token, 49 | stmts: new_stmts, 50 | }; 51 | 52 | let gen = quote! { 53 | #(#attrs) 54 | * 55 | #sig { 56 | let mut llvm_asm_string = RefCell::new(String::new()); 57 | 58 | #new_block 59 | } 60 | }; 61 | gen.into() 62 | } 63 | -------------------------------------------------------------------------------- /algebra-core/spec/algorithmic-optimisations.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/celo-org/zexe/06c95b482451e8965927a308ed7598da8753d567/algebra-core/spec/algorithmic-optimisations.pdf -------------------------------------------------------------------------------- /algebra-core/src/curves/cuda/accel_dummy.rs: -------------------------------------------------------------------------------- 1 | #[cfg(not(feature = "std"))] 2 | use alloc::vec::Vec; 3 | pub mod error { 4 | pub type Result = T; 5 | } 6 | 7 | pub struct Context {} 8 | 9 | pub type DeviceMemory = Vec; 10 | -------------------------------------------------------------------------------- /algebra-core/src/curves/cuda/mod.rs: -------------------------------------------------------------------------------- 1 | #[macro_use] 2 | pub mod scalar_mul; 3 | pub use scalar_mul::*; 4 | 5 | #[cfg(not(feature = "cuda"))] 6 | pub mod accel_dummy; 7 | -------------------------------------------------------------------------------- /algebra-core/src/curves/models/bls12/g1.rs: -------------------------------------------------------------------------------- 1 | use crate::{ 2 | bytes::ToBytes, 3 | curves::{ 4 | bls12::Bls12Parameters, 5 | short_weierstrass_jacobian::{GroupAffine, GroupProjective}, 6 | AffineCurve, 7 | }, 8 | io::{Result as IoResult, Write}, 9 | }; 10 | use num_traits::Zero; 11 | 12 | pub type G1Affine

= GroupAffine<

::G1Parameters>; 13 | pub type G1Projective

= GroupProjective<

::G1Parameters>; 14 | 15 | #[derive(Derivative)] 16 | #[derivative( 17 | Clone(bound = "P: Bls12Parameters"), 18 | Debug(bound = "P: Bls12Parameters"), 19 | PartialEq(bound = "P: Bls12Parameters"), 20 | Eq(bound = "P: Bls12Parameters") 21 | )] 22 | pub struct G1Prepared(pub G1Affine

); 23 | 24 | impl From> for G1Prepared

{ 25 | fn from(other: G1Affine

) -> Self { 26 | G1Prepared(other) 27 | } 28 | } 29 | 30 | impl G1Prepared

{ 31 | pub fn is_zero(&self) -> bool { 32 | self.0.is_zero() 33 | } 34 | } 35 | 36 | impl Default for G1Prepared

{ 37 | fn default() -> Self { 38 | G1Prepared(G1Affine::

::prime_subgroup_generator()) 39 | } 40 | } 41 | 42 | impl ToBytes for G1Prepared

{ 43 | fn write(&self, writer: W) -> IoResult<()> { 44 | self.0.write(writer) 45 | } 46 | } 47 | -------------------------------------------------------------------------------- /algebra-core/src/curves/models/bn/g1.rs: -------------------------------------------------------------------------------- 1 | use crate::{ 2 | bytes::ToBytes, 3 | curves::{ 4 | bn::BnParameters, 5 | short_weierstrass_jacobian::{GroupAffine, GroupProjective}, 6 | AffineCurve, 7 | }, 8 | io::{Result as IoResult, Write}, 9 | }; 10 | use num_traits::Zero; 11 | 12 | pub type G1Affine

= GroupAffine<

::G1Parameters>; 13 | pub type G1Projective

= GroupProjective<

::G1Parameters>; 14 | 15 | #[derive(Derivative)] 16 | #[derivative( 17 | Clone(bound = "P: BnParameters"), 18 | Debug(bound = "P: BnParameters"), 19 | PartialEq(bound = "P: BnParameters"), 20 | Eq(bound = "P: BnParameters") 21 | )] 22 | pub struct G1Prepared(pub G1Affine

); 23 | 24 | impl From> for G1Prepared

{ 25 | fn from(other: G1Affine

) -> Self { 26 | G1Prepared(other) 27 | } 28 | } 29 | 30 | impl G1Prepared

{ 31 | pub fn is_zero(&self) -> bool { 32 | self.0.is_zero() 33 | } 34 | } 35 | 36 | impl Default for G1Prepared

{ 37 | fn default() -> Self { 38 | G1Prepared(G1Affine::

::prime_subgroup_generator()) 39 | } 40 | } 41 | 42 | impl ToBytes for G1Prepared

{ 43 | fn write(&self, writer: W) -> IoResult<()> { 44 | self.0.write(writer) 45 | } 46 | } 47 | -------------------------------------------------------------------------------- /algebra-core/src/curves/models/bw6/g1.rs: -------------------------------------------------------------------------------- 1 | use crate::{ 2 | bytes::ToBytes, 3 | curves::{ 4 | bw6::BW6Parameters, 5 | short_weierstrass_jacobian::{GroupAffine, GroupProjective}, 6 | AffineCurve, 7 | }, 8 | io::{Result as IoResult, Write}, 9 | }; 10 | use num_traits::Zero; 11 | 12 | pub type G1Affine

= GroupAffine<

::G1Parameters>; 13 | pub type G1Projective

= GroupProjective<

::G1Parameters>; 14 | 15 | #[derive(Derivative)] 16 | #[derivative( 17 | Clone(bound = "P: BW6Parameters"), 18 | Debug(bound = "P: BW6Parameters"), 19 | PartialEq(bound = "P: BW6Parameters"), 20 | Eq(bound = "P: BW6Parameters") 21 | )] 22 | pub struct G1Prepared(pub G1Affine

); 23 | 24 | impl From> for G1Prepared

{ 25 | fn from(other: G1Affine

) -> Self { 26 | G1Prepared(other) 27 | } 28 | } 29 | 30 | impl G1Prepared

{ 31 | pub fn is_zero(&self) -> bool { 32 | self.0.is_zero() 33 | } 34 | } 35 | 36 | impl Default for G1Prepared

{ 37 | fn default() -> Self { 38 | G1Prepared(G1Affine::

::prime_subgroup_generator()) 39 | } 40 | } 41 | 42 | impl ToBytes for G1Prepared

{ 43 | fn write(&self, writer: W) -> IoResult<()> { 44 | self.0.write(writer) 45 | } 46 | } 47 | -------------------------------------------------------------------------------- /algebra-core/src/curves/models/mnt4/g1.rs: -------------------------------------------------------------------------------- 1 | use crate::{ 2 | bytes::ToBytes, 3 | curves::{ 4 | mnt4::MNT4Parameters, 5 | short_weierstrass_jacobian::{GroupAffine, GroupProjective}, 6 | AffineCurve, 7 | }, 8 | io::{Result as IoResult, Write}, 9 | Fp2, 10 | }; 11 | 12 | pub type G1Affine

= GroupAffine<

::G1Parameters>; 13 | pub type G1Projective

= GroupProjective<

::G1Parameters>; 14 | 15 | #[derive(Derivative)] 16 | #[derivative( 17 | Copy(bound = "P: MNT4Parameters"), 18 | Clone(bound = "P: MNT4Parameters"), 19 | Debug(bound = "P: MNT4Parameters"), 20 | PartialEq(bound = "P: MNT4Parameters"), 21 | Eq(bound = "P: MNT4Parameters") 22 | )] 23 | pub struct G1Prepared { 24 | pub x: P::Fp, 25 | pub y: P::Fp, 26 | pub x_twist: Fp2, 27 | pub y_twist: Fp2, 28 | } 29 | 30 | impl From> for G1Prepared

{ 31 | fn from(g1: G1Affine

) -> Self { 32 | let mut x_twist = P::TWIST.clone(); 33 | x_twist.mul_assign_by_fp(&g1.x); 34 | 35 | let mut y_twist = P::TWIST.clone(); 36 | y_twist.mul_assign_by_fp(&g1.y); 37 | 38 | Self { 39 | x: g1.x, 40 | y: g1.y, 41 | x_twist, 42 | y_twist, 43 | } 44 | } 45 | } 46 | 47 | impl Default for G1Prepared

{ 48 | fn default() -> Self { 49 | Self::from(G1Affine::

::prime_subgroup_generator()) 50 | } 51 | } 52 | 53 | impl ToBytes for G1Prepared

{ 54 | fn write(&self, mut writer: W) -> IoResult<()> { 55 | self.x.write(&mut writer)?; 56 | self.y.write(&mut writer)?; 57 | self.x_twist.write(&mut writer)?; 58 | self.y_twist.write(&mut writer) 59 | } 60 | } 61 | -------------------------------------------------------------------------------- /algebra-core/src/curves/models/mnt6/g1.rs: -------------------------------------------------------------------------------- 1 | use crate::{ 2 | bytes::ToBytes, 3 | curves::{ 4 | mnt6::MNT6Parameters, 5 | short_weierstrass_jacobian::{GroupAffine, GroupProjective}, 6 | AffineCurve, 7 | }, 8 | io::{Result as IoResult, Write}, 9 | Fp3, 10 | }; 11 | 12 | pub type G1Affine

= GroupAffine<

::G1Parameters>; 13 | pub type G1Projective

= GroupProjective<

::G1Parameters>; 14 | 15 | #[derive(Derivative)] 16 | #[derivative( 17 | Copy(bound = "P: MNT6Parameters"), 18 | Clone(bound = "P: MNT6Parameters"), 19 | Debug(bound = "P: MNT6Parameters"), 20 | PartialEq(bound = "P: MNT6Parameters"), 21 | Eq(bound = "P: MNT6Parameters") 22 | )] 23 | pub struct G1Prepared { 24 | pub x: P::Fp, 25 | pub y: P::Fp, 26 | pub x_twist: Fp3, 27 | pub y_twist: Fp3, 28 | } 29 | 30 | impl From> for G1Prepared

{ 31 | fn from(g1: G1Affine

) -> Self { 32 | let mut x_twist = P::TWIST.clone(); 33 | x_twist.mul_assign_by_fp(&g1.x); 34 | 35 | let mut y_twist = P::TWIST.clone(); 36 | y_twist.mul_assign_by_fp(&g1.y); 37 | 38 | Self { 39 | x: g1.x, 40 | y: g1.y, 41 | x_twist, 42 | y_twist, 43 | } 44 | } 45 | } 46 | 47 | impl Default for G1Prepared

{ 48 | fn default() -> Self { 49 | Self::from(G1Affine::

::prime_subgroup_generator()) 50 | } 51 | } 52 | 53 | impl ToBytes for G1Prepared

{ 54 | fn write(&self, mut writer: W) -> IoResult<()> { 55 | self.x.write(&mut writer)?; 56 | self.y.write(&mut writer)?; 57 | self.x_twist.write(&mut writer)?; 58 | self.y_twist.write(&mut writer) 59 | } 60 | } 61 | -------------------------------------------------------------------------------- /algebra-core/src/curves/models/mod.rs: -------------------------------------------------------------------------------- 1 | use crate::fields::{Field, PrimeField, SquareRootField}; 2 | 3 | pub mod bls12; 4 | pub mod bn; 5 | pub mod bw6; 6 | pub mod mnt4; 7 | pub mod mnt6; 8 | 9 | #[macro_use] 10 | pub(crate) mod sw_batch_affine; 11 | #[macro_use] 12 | pub mod short_weierstrass_affine; 13 | #[macro_use] 14 | pub mod short_weierstrass_jacobian; 15 | pub mod twisted_edwards_extended; 16 | 17 | pub use short_weierstrass_jacobian::SWModelParameters; 18 | pub use twisted_edwards_extended::TEModelParameters; 19 | 20 | pub trait ModelParameters: Send + Sync + 'static { 21 | type BaseField: Field + SquareRootField; 22 | type ScalarField: PrimeField 23 | + SquareRootField 24 | + Into<::BigInt> 25 | + From<::BigInt>; 26 | } 27 | 28 | pub trait MontgomeryModelParameters: ModelParameters { 29 | const COEFF_A: Self::BaseField; 30 | const COEFF_B: Self::BaseField; 31 | 32 | type TEModelParameters: TEModelParameters; 33 | } 34 | -------------------------------------------------------------------------------- /algebra-core/src/error.rs: -------------------------------------------------------------------------------- 1 | #[cfg(feature = "std")] 2 | pub use std::error::Error; 3 | 4 | #[cfg(not(feature = "std"))] 5 | pub trait Error: core::fmt::Debug + core::fmt::Display { 6 | fn source(&self) -> Option<&(dyn Error + 'static)> { 7 | None 8 | } 9 | } 10 | 11 | #[cfg(not(feature = "std"))] 12 | impl<'a, E: Error + 'a> From for crate::Box { 13 | fn from(err: E) -> crate::Box { 14 | crate::Box::new(err) 15 | } 16 | } 17 | 18 | #[cfg(not(feature = "std"))] 19 | impl Error for crate::Box {} 20 | 21 | #[cfg(not(feature = "std"))] 22 | impl Error for crate::String {} 23 | 24 | #[cfg(not(feature = "std"))] 25 | impl Error for crate::io::Error {} 26 | -------------------------------------------------------------------------------- /algebra-core/src/fields/models/fp2.rs: -------------------------------------------------------------------------------- 1 | use super::quadratic_extension::*; 2 | use crate::fields::PrimeField; 3 | use core::marker::PhantomData; 4 | 5 | pub trait Fp2Parameters: 'static + Send + Sync { 6 | type Fp: PrimeField; 7 | 8 | const NONRESIDUE: Self::Fp; 9 | 10 | const QUADRATIC_NONRESIDUE: (Self::Fp, Self::Fp); 11 | 12 | /// Coefficients for the Frobenius automorphism. 13 | const FROBENIUS_COEFF_FP2_C1: &'static [Self::Fp]; 14 | 15 | #[inline(always)] 16 | fn mul_fp_by_nonresidue(fe: &Self::Fp) -> Self::Fp { 17 | Self::NONRESIDUE * fe 18 | } 19 | } 20 | 21 | pub struct Fp2ParamsWrapper(PhantomData

); 22 | 23 | impl QuadExtParameters for Fp2ParamsWrapper

{ 24 | type BasePrimeField = P::Fp; 25 | type BaseField = P::Fp; 26 | type FrobCoeff = P::Fp; 27 | 28 | const DEGREE_OVER_BASE_PRIME_FIELD: usize = 2; 29 | 30 | const NONRESIDUE: Self::BaseField = P::NONRESIDUE; 31 | 32 | const FROBENIUS_COEFF_C1: &'static [Self::FrobCoeff] = P::FROBENIUS_COEFF_FP2_C1; 33 | 34 | #[inline(always)] 35 | fn mul_base_field_by_nonresidue(fe: &Self::BaseField) -> Self::BaseField { 36 | P::mul_fp_by_nonresidue(fe) 37 | } 38 | 39 | fn mul_base_field_by_frob_coeff(fe: &mut Self::BaseField, power: usize) { 40 | *fe *= &Self::FROBENIUS_COEFF_C1[power % Self::DEGREE_OVER_BASE_PRIME_FIELD]; 41 | } 42 | } 43 | 44 | pub type Fp2

= QuadExtField>; 45 | 46 | impl Fp2

{ 47 | pub fn mul_assign_by_fp(&mut self, other: &P::Fp) { 48 | self.c0 *= other; 49 | self.c1 *= other; 50 | } 51 | } 52 | -------------------------------------------------------------------------------- /algebra-core/src/fields/models/fp4.rs: -------------------------------------------------------------------------------- 1 | use super::quadratic_extension::*; 2 | use core::marker::PhantomData; 3 | 4 | use crate::fields::{Fp2, Fp2Parameters}; 5 | 6 | pub trait Fp4Parameters: 'static + Send + Sync { 7 | type Fp2Params: Fp2Parameters; 8 | 9 | /// This *must* equal (0, 1); 10 | /// see [[DESD06, Section 5.1]](https://eprint.iacr.org/2006/471.pdf). 11 | const NONRESIDUE: Fp2; 12 | 13 | /// Coefficients for the Frobenius automorphism. 14 | /// non_residue^((modulus^i-1)/4) for i=0,1,2,3 15 | const FROBENIUS_COEFF_FP4_C1: &'static [::Fp]; 16 | 17 | #[inline(always)] 18 | fn mul_fp2_by_nonresidue(fe: &Fp2) -> Fp2 { 19 | // see [[DESD06, Section 5.1]](https://eprint.iacr.org/2006/471.pdf). 20 | Fp2::new( 21 | ::NONRESIDUE * &fe.c1, 22 | fe.c0, 23 | ) 24 | } 25 | } 26 | 27 | pub struct Fp4ParamsWrapper(PhantomData

); 28 | 29 | impl QuadExtParameters for Fp4ParamsWrapper

{ 30 | type BasePrimeField = ::Fp; 31 | type BaseField = Fp2; 32 | type FrobCoeff = Self::BasePrimeField; 33 | 34 | const DEGREE_OVER_BASE_PRIME_FIELD: usize = 4; 35 | 36 | const NONRESIDUE: Self::BaseField = P::NONRESIDUE; 37 | 38 | const FROBENIUS_COEFF_C1: &'static [Self::FrobCoeff] = P::FROBENIUS_COEFF_FP4_C1; 39 | 40 | #[inline(always)] 41 | fn mul_base_field_by_nonresidue(fe: &Self::BaseField) -> Self::BaseField { 42 | P::mul_fp2_by_nonresidue(fe) 43 | } 44 | 45 | fn mul_base_field_by_frob_coeff(fe: &mut Self::BaseField, power: usize) { 46 | fe.mul_assign_by_fp(&Self::FROBENIUS_COEFF_C1[power % Self::DEGREE_OVER_BASE_PRIME_FIELD]); 47 | } 48 | } 49 | 50 | pub type Fp4

= QuadExtField>; 51 | 52 | impl Fp4

{ 53 | pub fn mul_by_fp(&mut self, element: &::Fp) { 54 | self.c0.mul_assign_by_fp(element); 55 | self.c1.mul_assign_by_fp(element); 56 | } 57 | 58 | pub fn mul_by_fp2(&mut self, element: &Fp2) { 59 | self.c0 *= element; 60 | self.c1 *= element; 61 | } 62 | } 63 | -------------------------------------------------------------------------------- /algebra-core/src/fields/models/mod.rs: -------------------------------------------------------------------------------- 1 | use core::{ 2 | cmp::{Ord, Ordering, PartialOrd}, 3 | fmt::{Display, Formatter, Result as FmtResult}, 4 | marker::PhantomData, 5 | ops::{Add, AddAssign, Div, DivAssign, Mul, MulAssign, Neg, Sub, SubAssign}, 6 | str::FromStr, 7 | }; 8 | use num_traits::{One, Zero}; 9 | use unroll::unroll_for_loops; 10 | 11 | use crate::{ 12 | biginteger::{ 13 | arithmetic as fa, BigInteger as _BigInteger, BigInteger256, BigInteger320, BigInteger384, 14 | BigInteger768, BigInteger832, 15 | }, 16 | bytes::{FromBytes, ToBytes}, 17 | fields::{FftField, Field, FpParameters, LegendreSymbol, PrimeField, SquareRootField}, 18 | io::{Read, Result as IoResult, Write}, 19 | serialize::CanonicalDeserialize, 20 | }; 21 | 22 | #[cfg(use_asm)] 23 | use std::mem::MaybeUninit; 24 | 25 | #[cfg(use_asm)] 26 | include!(concat!(env!("OUT_DIR"), "/field_assembly.rs")); 27 | 28 | impl_Fp!(Fp256, Fp256Parameters, BigInteger256, BigInteger256, 4); 29 | impl_Fp!(Fp320, Fp320Parameters, BigInteger320, BigInteger320, 5); 30 | impl_Fp!(Fp384, Fp384Parameters, BigInteger384, BigInteger384, 6); 31 | impl_Fp!(Fp768, Fp768Parameters, BigInteger768, BigInteger768, 12); 32 | impl_Fp!(Fp832, Fp832Parameters, BigInteger832, BigInteger832, 13); 33 | 34 | pub mod fp2; 35 | pub use self::fp2::*; 36 | 37 | pub mod fp3; 38 | pub use self::fp3::*; 39 | 40 | pub mod fp4; 41 | pub use self::fp4::*; 42 | 43 | pub mod fp6_2over3; 44 | 45 | pub mod fp6_3over2; 46 | pub use self::fp6_3over2::*; 47 | 48 | pub mod fp12_2over3over2; 49 | pub use self::fp12_2over3over2::*; 50 | 51 | pub mod quadratic_extension; 52 | pub use quadratic_extension::*; 53 | 54 | pub mod cubic_extension; 55 | pub use cubic_extension::*; 56 | -------------------------------------------------------------------------------- /algebra-core/src/fields/utils.rs: -------------------------------------------------------------------------------- 1 | /// Calculates the k-adicity of n, i.e., the number of trailing 0s in a base-k 2 | /// representation. 3 | pub fn k_adicity(k: usize, mut n: usize) -> u32 { 4 | let mut r = 0; 5 | while n > 1 { 6 | if n % k == 0 { 7 | r += 1; 8 | n /= k; 9 | } else { 10 | return r; 11 | } 12 | } 13 | r 14 | } 15 | -------------------------------------------------------------------------------- /algebra-core/src/groups.rs: -------------------------------------------------------------------------------- 1 | use core::{ 2 | fmt::{Debug, Display}, 3 | hash::Hash, 4 | ops::{Add, AddAssign, MulAssign, Neg, Sub, SubAssign}, 5 | }; 6 | use num_traits::Zero; 7 | 8 | use crate::{ 9 | bytes::{FromBytes, ToBytes}, 10 | fields::PrimeField, 11 | UniformRand, 12 | }; 13 | 14 | pub trait Group: 15 | ToBytes 16 | + 'static 17 | + FromBytes 18 | + Copy 19 | + Clone 20 | + Debug 21 | + Display 22 | + Default 23 | + Send 24 | + Sync 25 | + Eq 26 | + Hash 27 | + Neg 28 | + UniformRand 29 | + Zero 30 | + Add 31 | + Sub 32 | + AddAssign 33 | + SubAssign 34 | + MulAssign<::ScalarField> 35 | + for<'a> Add<&'a Self, Output = Self> 36 | + for<'a> Sub<&'a Self, Output = Self> 37 | + for<'a> AddAssign<&'a Self> 38 | + for<'a> SubAssign<&'a Self> 39 | + core::iter::Sum 40 | + for<'a> core::iter::Sum<&'a Self> 41 | { 42 | type ScalarField: PrimeField + Into<::BigInt>; 43 | 44 | /// Returns `self + self`. 45 | #[must_use] 46 | fn double(&self) -> Self; 47 | 48 | /// Sets `self := self + self`. 49 | fn double_in_place(&mut self) -> &mut Self; 50 | 51 | #[must_use] 52 | fn mul<'a>(&self, other: &'a Self::ScalarField) -> Self { 53 | let mut copy = *self; 54 | copy *= *other; 55 | copy 56 | } 57 | } 58 | -------------------------------------------------------------------------------- /algebra-core/src/msm/mod.rs: -------------------------------------------------------------------------------- 1 | mod fixed_base; 2 | mod variable_base; 3 | pub use fixed_base::*; 4 | pub use variable_base::*; 5 | 6 | /// The result of this function is only approximately `ln(a)` 7 | /// [`Explanation of usage`] 8 | /// 9 | /// [`Explanation of usage`]: https://github.com/scipr-lab/zexe/issues/79#issue-556220473 10 | fn ln_without_floats(a: usize) -> usize { 11 | // log2(a) * ln(2) 12 | (crate::log2(a) * 69 / 100) as usize 13 | } 14 | -------------------------------------------------------------------------------- /algebra-core/src/rand.rs: -------------------------------------------------------------------------------- 1 | use rand::{ 2 | distributions::{Distribution, Standard}, 3 | Rng, 4 | }; 5 | 6 | pub trait UniformRand: Sized { 7 | fn rand(rng: &mut R) -> Self; 8 | } 9 | 10 | impl UniformRand for T 11 | where 12 | Standard: Distribution, 13 | { 14 | #[inline] 15 | fn rand(rng: &mut R) -> Self { 16 | rng.sample(Standard) 17 | } 18 | } 19 | 20 | /// Should be used only for tests, not for any real world usage. 21 | pub fn test_rng() -> rand::rngs::StdRng { 22 | use rand::SeedableRng; 23 | 24 | // arbitrary seed 25 | let seed = [ 26 | 1, 0, 0, 0, 23, 0, 0, 0, 200, 1, 0, 0, 210, 30, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 27 | 0, 0, 0, 0, 28 | ]; 29 | rand::rngs::StdRng::from_seed(seed) 30 | } 31 | -------------------------------------------------------------------------------- /algebra-core/src/serialize/error.rs: -------------------------------------------------------------------------------- 1 | use crate::io; 2 | use core::fmt; 3 | 4 | /// This is an error that could occur during serialization 5 | #[derive(Debug)] 6 | pub enum SerializationError { 7 | /// During serialization, we didn't have enough space to write extra info. 8 | NotEnoughSpace, 9 | /// During serialization, the data was invalid. 10 | InvalidData, 11 | /// During serialization, non-empty flags were given where none were 12 | /// expected. 13 | UnexpectedFlags, 14 | /// During serialization, we countered an I/O error. 15 | IoError(io::Error), 16 | } 17 | 18 | #[cfg(feature = "std")] 19 | impl crate::Error for SerializationError {} 20 | 21 | #[cfg(not(feature = "std"))] 22 | impl crate::Error for SerializationError {} 23 | 24 | impl From for SerializationError { 25 | fn from(e: io::Error) -> SerializationError { 26 | SerializationError::IoError(e) 27 | } 28 | } 29 | 30 | impl fmt::Display for SerializationError { 31 | fn fmt(&self, f: &mut fmt::Formatter<'_>) -> Result<(), fmt::Error> { 32 | match self { 33 | SerializationError::NotEnoughSpace => write!( 34 | f, 35 | "the last byte does not have enough space to encode the extra info bits" 36 | ), 37 | SerializationError::InvalidData => write!(f, "the input buffer contained invalid data"), 38 | SerializationError::UnexpectedFlags => write!(f, "the call expects empty flags"), 39 | SerializationError::IoError(err) => write!(f, "I/O error: {:?}", err), 40 | } 41 | } 42 | } 43 | -------------------------------------------------------------------------------- /algebra/LICENSE-APACHE: -------------------------------------------------------------------------------- 1 | ../LICENSE-APACHE -------------------------------------------------------------------------------- /algebra/LICENSE-MIT: -------------------------------------------------------------------------------- 1 | ../LICENSE-MIT -------------------------------------------------------------------------------- /algebra/chunk_num_script.py: -------------------------------------------------------------------------------- 1 | # Python script to chunk numbers into 64-bit hexadecimal numbers: 2 | lst = list("cfca638f1500e327035cdf02acb2744d06e68545f7e64c256ab7ae14297a1a823132b971cdefc65870636cb60d217ff87fa59308c07a8fab8579e02ed3cddca5b093ed79b1c57b5fe3f89c11811c1e214983de300000535e7bc00000000060") 3 | def get(lst, n): 4 | return ['0x' + ''.join(lst[-n:])] + ["0x" + ''.join(lst[(-i-n):-i]) for i in range(n, len(lst), n)] 5 | [print("{},".format(x)) for x in get(lst, 16)] 6 | -------------------------------------------------------------------------------- /algebra/src/bls12_377/curves/mod.rs: -------------------------------------------------------------------------------- 1 | use crate::bls12_377::*; 2 | use algebra_core::curves::bls12::{Bls12, Bls12Parameters, TwistType}; 3 | 4 | pub mod g1; 5 | pub use self::g1::{G1Affine, G1Projective}; 6 | 7 | pub mod g2; 8 | pub use self::g2::{G2Affine, G2Projective}; 9 | 10 | #[cfg(test)] 11 | mod tests; 12 | 13 | pub struct Parameters; 14 | 15 | impl Bls12Parameters for Parameters { 16 | const X: &'static [u64] = &[0x8508c00000000001]; 17 | /// `x` is positive. 18 | const X_IS_NEGATIVE: bool = false; 19 | const TWIST_TYPE: TwistType = TwistType::D; 20 | type Fp = Fq; 21 | type Fp2Params = Fq2Parameters; 22 | type Fp6Params = Fq6Parameters; 23 | type Fp12Params = Fq12Parameters; 24 | type G1Parameters = g1::Parameters; 25 | type G2Parameters = g2::Parameters; 26 | } 27 | 28 | pub type Bls12_377 = Bls12; 29 | -------------------------------------------------------------------------------- /algebra/src/bls12_377/curves/tests.rs: -------------------------------------------------------------------------------- 1 | #![allow(unused_imports)] 2 | use algebra_core::{curves::models::SWModelParameters, fields::SquareRootField, Zero}; 3 | use core::ops::{AddAssign, MulAssign}; 4 | 5 | use crate::bls12_377::*; 6 | std_curve_tests!(Bls12_377, Fq12); 7 | 8 | #[test] 9 | #[cfg(feature = "all_tests")] 10 | fn test_g1_generator_raw() { 11 | let mut x = Fq::zero(); 12 | let mut i = 0; 13 | loop { 14 | // y^2 = x^3 + b 15 | let mut rhs = x; 16 | rhs.square_in_place(); 17 | rhs.mul_assign(&x); 18 | rhs.add_assign(&g1::Parameters::COEFF_B); 19 | 20 | if let Some(y) = rhs.sqrt() { 21 | let p = G1Affine::new(x, if y < -y { y } else { -y }, false); 22 | assert!(!p.is_in_correct_subgroup_assuming_on_curve()); 23 | 24 | let g1 = p.scale_by_cofactor(); 25 | if !g1.is_zero() { 26 | assert_eq!(i, 1); 27 | let g1 = G1Affine::from(g1); 28 | 29 | assert!(g1.is_in_correct_subgroup_assuming_on_curve()); 30 | 31 | assert_eq!(g1, G1Affine::prime_subgroup_generator()); 32 | break; 33 | } 34 | } 35 | 36 | i += 1; 37 | x.add_assign(&Fq::one()); 38 | } 39 | } 40 | -------------------------------------------------------------------------------- /algebra/src/bls12_377/fields/fq2.rs: -------------------------------------------------------------------------------- 1 | use super::*; 2 | use algebra_core::{biginteger::BigInteger384 as BigInteger, field_new, fields::*}; 3 | 4 | pub type Fq2 = Fp2; 5 | 6 | pub struct Fq2Parameters; 7 | 8 | impl Fp2Parameters for Fq2Parameters { 9 | type Fp = Fq; 10 | 11 | /// NONRESIDUE = -5 12 | #[rustfmt::skip] 13 | const NONRESIDUE: Fq = field_new!(Fq, BigInteger([ 14 | 0xfc0b8000000002fa, 15 | 0x97d39cf6e000018b, 16 | 0x2072420fbfa05044, 17 | 0xcbbcbd50d97c3802, 18 | 0xbaf1ec35813f9eb, 19 | 0x9974a2c0945ad2, 20 | ])); 21 | 22 | /// QUADRATIC_NONRESIDUE = U 23 | #[rustfmt::skip] 24 | const QUADRATIC_NONRESIDUE: (Fq, Fq) = ( 25 | field_new!(Fq, BigInteger([0, 0, 0, 0, 0, 0])), 26 | field_new!(Fq, BigInteger([ 27 | 202099033278250856u64, 28 | 5854854902718660529u64, 29 | 11492539364873682930u64, 30 | 8885205928937022213u64, 31 | 5545221690922665192u64, 32 | 39800542322357402u64, 33 | ])), 34 | ); 35 | 36 | /// Coefficients for the Frobenius automorphism. 37 | #[rustfmt::skip] 38 | const FROBENIUS_COEFF_FP2_C1: &'static [Fq] = &[ 39 | // NONRESIDUE**(((q^0) - 1) / 2) 40 | field_new!(Fq, BigInteger([ 41 | 0x2cdffffffffff68, 42 | 0x51409f837fffffb1, 43 | 0x9f7db3a98a7d3ff2, 44 | 0x7b4e97b76e7c6305, 45 | 0x4cf495bf803c84e8, 46 | 0x8d6661e2fdf49a, 47 | ])), 48 | // NONRESIDUE**(((q^1) - 1) / 2) 49 | field_new!(Fq, BigInteger([ 50 | 0x823ac00000000099, 51 | 0xc5cabdc0b000004f, 52 | 0x7f75ae862f8c080d, 53 | 0x9ed4423b9278b089, 54 | 0x79467000ec64c452, 55 | 0x120d3e434c71c50, 56 | ])), 57 | ]; 58 | 59 | #[inline(always)] 60 | fn mul_fp_by_nonresidue(fe: &Self::Fp) -> Self::Fp { 61 | let original = fe; 62 | let mut fe = -fe.double(); 63 | fe.double_in_place(); 64 | fe - original 65 | } 66 | } 67 | 68 | pub const FQ2_ZERO: Fq2 = field_new!(Fq2, FQ_ZERO, FQ_ZERO); 69 | pub const FQ2_ONE: Fq2 = field_new!(Fq2, FQ_ONE, FQ_ZERO); 70 | -------------------------------------------------------------------------------- /algebra/src/bls12_377/fields/mod.rs: -------------------------------------------------------------------------------- 1 | #[cfg(any(feature = "bls12_377", feature = "ed_on_bls12_377"))] 2 | pub mod fr; 3 | #[cfg(any(feature = "bls12_377", feature = "ed_on_bls12_377"))] 4 | pub use self::fr::*; 5 | 6 | #[cfg(any( 7 | feature = "bls12_377", 8 | feature = "cp6_782", 9 | feature = "ed_on_cp6_782", 10 | feature = "ed_on_bw6_761", 11 | feature = "bw6_761" 12 | ))] 13 | pub mod fq; 14 | #[cfg(any( 15 | feature = "bls12_377", 16 | feature = "cp6_782", 17 | feature = "ed_on_cp6_782", 18 | feature = "ed_on_bw6_761", 19 | feature = "bw6_761" 20 | ))] 21 | pub use self::fq::*; 22 | 23 | #[cfg(feature = "bls12_377")] 24 | pub mod fq2; 25 | #[cfg(feature = "bls12_377")] 26 | pub use self::fq2::*; 27 | 28 | #[cfg(feature = "bls12_377")] 29 | pub mod fq6; 30 | #[cfg(feature = "bls12_377")] 31 | pub use self::fq6::*; 32 | 33 | #[cfg(feature = "bls12_377")] 34 | pub mod fq12; 35 | #[cfg(feature = "bls12_377")] 36 | pub use self::fq12::*; 37 | 38 | #[cfg(all(feature = "bls12_377", test))] 39 | #[macro_use] 40 | mod tests; 41 | -------------------------------------------------------------------------------- /algebra/src/bls12_377/mod.rs: -------------------------------------------------------------------------------- 1 | //! This module implements the BLS12_377 curve generated in [[BCGMMW20, “Zexe”]](https://eprint.iacr.org/2018/962). 2 | //! The name denotes that it is a Barreto--Lynn--Scott curve of embedding degree 3 | //! 12, defined over a 377-bit (prime) field. The main feature of this curve is 4 | //! that both the scalar field and the base field are highly 2-adic. 5 | //! (This is in contrast to the BLS12_381 curve for which only the scalar field 6 | //! is highly 2-adic.) 7 | //! 8 | //! 9 | //! Curve information: 10 | //! * Base field: q = 258664426012969094010652733694893533536393512754914660539884262666720468348340822774968888139573360124440321458177 11 | //! * Scalar field: r = 12 | //! 8444461749428370424248824938781546531375899335154063827935233455917409239041 13 | //! * valuation(q - 1, 2) = 46 14 | //! * valuation(r - 1, 2) = 47 15 | //! * G1 curve equation: y^2 = x^3 + 1 16 | //! * G2 curve equation: y^2 = x^3 + B, where 17 | //! * B = Fq2(0, 155198655607781456406391640216936120121836107652948796323930557600032281009004493664981332883744016074664192874906) 18 | 19 | #[cfg(feature = "bls12_377")] 20 | mod curves; 21 | 22 | #[macro_use] 23 | mod fields; 24 | 25 | #[cfg(feature = "bls12_377")] 26 | pub use curves::*; 27 | 28 | pub use fields::*; 29 | -------------------------------------------------------------------------------- /algebra/src/bls12_381/curves/mod.rs: -------------------------------------------------------------------------------- 1 | use algebra_core::curves::bls12::{Bls12, Bls12Parameters, TwistType}; 2 | 3 | use crate::bls12_381::{Fq, Fq12Parameters, Fq2Parameters, Fq6Parameters}; 4 | 5 | pub mod g1; 6 | pub mod g2; 7 | 8 | #[cfg(test)] 9 | mod tests; 10 | 11 | pub use self::{ 12 | g1::{G1Affine, G1Projective}, 13 | g2::{G2Affine, G2Projective}, 14 | }; 15 | 16 | pub type Bls12_381 = Bls12; 17 | 18 | pub struct Parameters; 19 | 20 | impl Bls12Parameters for Parameters { 21 | const X: &'static [u64] = &[0xd201000000010000]; 22 | const X_IS_NEGATIVE: bool = true; 23 | const TWIST_TYPE: TwistType = TwistType::M; 24 | type Fp = Fq; 25 | type Fp2Params = Fq2Parameters; 26 | type Fp6Params = Fq6Parameters; 27 | type Fp12Params = Fq12Parameters; 28 | type G1Parameters = self::g1::Parameters; 29 | type G2Parameters = self::g2::Parameters; 30 | } 31 | -------------------------------------------------------------------------------- /algebra/src/bls12_381/curves/tests.rs: -------------------------------------------------------------------------------- 1 | #![allow(unused_imports)] 2 | use algebra_core::{curves::models::SWModelParameters, fields::SquareRootField, Zero}; 3 | use core::ops::{AddAssign, MulAssign}; 4 | 5 | use crate::bls12_381::*; 6 | std_curve_tests!(Bls12_381, Fq12); 7 | 8 | #[test] 9 | #[cfg(feature = "all_tests")] 10 | fn test_g1_generator_raw() { 11 | let mut x = Fq::zero(); 12 | let mut i = 0; 13 | loop { 14 | // y^2 = x^3 + b 15 | let mut rhs = x; 16 | rhs.square_in_place(); 17 | rhs.mul_assign(&x); 18 | rhs.add_assign(&g1::Parameters::COEFF_B); 19 | 20 | if let Some(y) = rhs.sqrt() { 21 | let p = G1Affine::new(x, if y < -y { y } else { -y }, false); 22 | assert!(!p.is_in_correct_subgroup_assuming_on_curve()); 23 | 24 | let g1 = p.scale_by_cofactor(); 25 | if !g1.is_zero() { 26 | assert_eq!(i, 4); 27 | let g1 = G1Affine::from(g1); 28 | 29 | assert!(g1.is_in_correct_subgroup_assuming_on_curve()); 30 | 31 | assert_eq!(g1, G1Affine::prime_subgroup_generator()); 32 | break; 33 | } 34 | } 35 | 36 | i += 1; 37 | x.add_assign(&Fq::one()); 38 | } 39 | } 40 | -------------------------------------------------------------------------------- /algebra/src/bls12_381/fields/fq2.rs: -------------------------------------------------------------------------------- 1 | use crate::bls12_381::*; 2 | use algebra_core::{biginteger::BigInteger384 as BigInteger, field_new, fields::*}; 3 | 4 | pub type Fq2 = Fp2; 5 | 6 | pub struct Fq2Parameters; 7 | 8 | impl Fp2Parameters for Fq2Parameters { 9 | type Fp = Fq; 10 | 11 | /// NONRESIDUE = -1 12 | #[rustfmt::skip] 13 | const NONRESIDUE: Fq = field_new!(Fq, BigInteger([ 14 | 0x43f5fffffffcaaae, 15 | 0x32b7fff2ed47fffd, 16 | 0x7e83a49a2e99d69, 17 | 0xeca8f3318332bb7a, 18 | 0xef148d1ea0f4c069, 19 | 0x40ab3263eff0206, 20 | ])); 21 | 22 | /// QUADRATIC_NONRESIDUE = (U + 1) 23 | #[rustfmt::skip] 24 | const QUADRATIC_NONRESIDUE: (Fq, Fq) = ( 25 | field_new!(Fq, BigInteger([ 26 | 0x760900000002fffd, 27 | 0xebf4000bc40c0002, 28 | 0x5f48985753c758ba, 29 | 0x77ce585370525745, 30 | 0x5c071a97a256ec6d, 31 | 0x15f65ec3fa80e493, 32 | ])), 33 | field_new!(Fq, BigInteger([ 34 | 0x760900000002fffd, 35 | 0xebf4000bc40c0002, 36 | 0x5f48985753c758ba, 37 | 0x77ce585370525745, 38 | 0x5c071a97a256ec6d, 39 | 0x15f65ec3fa80e493, 40 | ])), 41 | ); 42 | 43 | /// Coefficients for the Frobenius automorphism. 44 | #[rustfmt::skip] 45 | const FROBENIUS_COEFF_FP2_C1: &'static [Fq] = &[ 46 | // Fq(-1)**(((q^0) - 1) / 2) 47 | field_new!(Fq, BigInteger([ 48 | 0x760900000002fffd, 49 | 0xebf4000bc40c0002, 50 | 0x5f48985753c758ba, 51 | 0x77ce585370525745, 52 | 0x5c071a97a256ec6d, 53 | 0x15f65ec3fa80e493, 54 | ])), 55 | // Fq(-1)**(((q^1) - 1) / 2) 56 | field_new!(Fq, BigInteger([ 57 | 0x43f5fffffffcaaae, 58 | 0x32b7fff2ed47fffd, 59 | 0x7e83a49a2e99d69, 60 | 0xeca8f3318332bb7a, 61 | 0xef148d1ea0f4c069, 62 | 0x40ab3263eff0206, 63 | ])), 64 | ]; 65 | 66 | #[inline(always)] 67 | fn mul_fp_by_nonresidue(fp: &Self::Fp) -> Self::Fp { 68 | -(*fp) 69 | } 70 | } 71 | 72 | pub const FQ2_ZERO: Fq2 = field_new!(Fq2, FQ_ZERO, FQ_ZERO); 73 | pub const FQ2_ONE: Fq2 = field_new!(Fq2, FQ_ONE, FQ_ZERO); 74 | -------------------------------------------------------------------------------- /algebra/src/bls12_381/fields/mod.rs: -------------------------------------------------------------------------------- 1 | #[cfg(any(feature = "bls12_381", feature = "ed_on_bls12_381"))] 2 | pub mod fr; 3 | #[cfg(any(feature = "bls12_381", feature = "ed_on_bls12_381"))] 4 | pub use self::fr::*; 5 | 6 | #[cfg(feature = "bls12_381")] 7 | pub mod fq; 8 | #[cfg(feature = "bls12_381")] 9 | pub use self::fq::*; 10 | 11 | #[cfg(feature = "bls12_381")] 12 | pub mod fq2; 13 | #[cfg(feature = "bls12_381")] 14 | pub use self::fq2::*; 15 | 16 | #[cfg(feature = "bls12_381")] 17 | pub mod fq6; 18 | #[cfg(feature = "bls12_381")] 19 | pub use self::fq6::*; 20 | 21 | #[cfg(feature = "bls12_381")] 22 | pub mod fq12; 23 | #[cfg(feature = "bls12_381")] 24 | pub use self::fq12::*; 25 | 26 | #[cfg(all(feature = "bls12_381", test))] 27 | #[macro_use] 28 | mod tests; 29 | -------------------------------------------------------------------------------- /algebra/src/bls12_381/mod.rs: -------------------------------------------------------------------------------- 1 | //! This module implements the BLS12_381 curve generated by [Sean Bowe](https://electriccoin.co/blog/new-snark-curve/). 2 | //! The name denotes that it is a Barreto--Lynn--Scott curve of embedding degree 3 | //! 12, defined over a 381-bit (prime) field. 4 | //! This curve was intended to replace the BN254 curve to provide a higher 5 | //! security level without incurring a large performance overhead. 6 | //! 7 | //! 8 | //! Curve information: 9 | //! * Base field: q = 4002409555221667393417789825735904156556882819939007885332058136124031650490837864442687629129015664037894272559787 10 | //! * Scalar field: r = 11 | //! 52435875175126190479447740508185965837690552500527637822603658699938581184513 12 | //! * valuation(q - 1, 2) = 1 13 | //! * valuation(r - 1, 2) = 32 14 | //! * G1 curve equation: y^2 = x^3 + 4 15 | //! * G2 curve equation: y^2 = x^3 + Fq2(4, 4) 16 | 17 | #[cfg(feature = "bls12_381")] 18 | mod curves; 19 | #[macro_use] 20 | mod fields; 21 | 22 | #[cfg(feature = "bls12_381")] 23 | pub use curves::*; 24 | pub use fields::*; 25 | -------------------------------------------------------------------------------- /algebra/src/bn254/curves/tests.rs: -------------------------------------------------------------------------------- 1 | #![allow(unused_imports)] 2 | use crate::bn254::*; 3 | std_curve_tests!(Bn254, Fq12); 4 | -------------------------------------------------------------------------------- /algebra/src/bn254/fields/fq2.rs: -------------------------------------------------------------------------------- 1 | use super::*; 2 | use algebra_core::{biginteger::BigInteger256 as BigInteger, field_new, fields::*}; 3 | 4 | pub type Fq2 = Fp2; 5 | 6 | pub struct Fq2Parameters; 7 | 8 | impl Fp2Parameters for Fq2Parameters { 9 | type Fp = Fq; 10 | 11 | /// NONRESIDUE = -1 12 | #[rustfmt::skip] 13 | const NONRESIDUE: Fq = field_new!(Fq, BigInteger([ 14 | 0x68c3488912edefaa, 15 | 0x8d087f6872aabf4f, 16 | 0x51e1a24709081231, 17 | 0x2259d6b14729c0fa, 18 | ])); 19 | 20 | /// QUADRATIC_NONRESIDUE = U+2 21 | #[rustfmt::skip] 22 | const QUADRATIC_NONRESIDUE: (Fq, Fq) = ( 23 | field_new!(Fq, BigInteger([ 24 | 12014063508332092218u64, 25 | 1509222997478479483u64, 26 | 14762033076929465432u64, 27 | 2023505479389396574u64, 28 | ])), 29 | field_new!(Fq, BigInteger([ 30 | 202099033278250856u64, 31 | 8885205928937022213u64, 32 | 5545221690922665192u64, 33 | 39800542322357402u64, 34 | ])), 35 | ); 36 | 37 | /// Coefficients for the Frobenius automorphism. 38 | #[rustfmt::skip] 39 | const FROBENIUS_COEFF_FP2_C1: &'static [Fq] = &[ 40 | // NONRESIDUE**(((q^0) - 1) / 2) 41 | field_new!(Fq, BigInteger([ 42 | 0xd35d438dc58f0d9d, 43 | 0x0a78eb28f5c70b3d, 44 | 0x666ea36f7879462c, 45 | 0xe0a77c19a07df2f, 46 | ])), 47 | // NONRESIDUE**(((q^1) - 1) / 2) 48 | field_new!(Fq, BigInteger([ 49 | 0x68c3488912edefaa, 50 | 0x8d087f6872aabf4f, 51 | 0x51e1a24709081231, 52 | 0x2259d6b14729c0fa, 53 | ])), 54 | ]; 55 | 56 | #[inline(always)] 57 | fn mul_fp_by_nonresidue(fe: &Self::Fp) -> Self::Fp { 58 | -(*fe) 59 | } 60 | } 61 | 62 | pub const FQ2_ZERO: Fq2 = field_new!(Fq2, FQ_ZERO, FQ_ZERO); 63 | pub const FQ2_ONE: Fq2 = field_new!(Fq2, FQ_ONE, FQ_ZERO); 64 | -------------------------------------------------------------------------------- /algebra/src/bn254/fields/mod.rs: -------------------------------------------------------------------------------- 1 | #[cfg(any(feature = "bn254", feature = "ed_on_bn254"))] 2 | pub mod fr; 3 | #[cfg(any(feature = "bn254", feature = "ed_on_bn254"))] 4 | pub use self::fr::*; 5 | 6 | #[cfg(feature = "bn254")] 7 | pub mod fq; 8 | #[cfg(feature = "bn254")] 9 | pub use self::fq::*; 10 | 11 | #[cfg(feature = "bn254")] 12 | pub mod fq2; 13 | #[cfg(feature = "bn254")] 14 | pub use self::fq2::*; 15 | 16 | #[cfg(feature = "bn254")] 17 | pub mod fq6; 18 | #[cfg(feature = "bn254")] 19 | pub use self::fq6::*; 20 | 21 | #[cfg(feature = "bn254")] 22 | pub mod fq12; 23 | #[cfg(feature = "bn254")] 24 | pub use self::fq12::*; 25 | 26 | #[macro_use] 27 | #[cfg(all(feature = "bn254", test))] 28 | mod tests; 29 | -------------------------------------------------------------------------------- /algebra/src/bn254/mod.rs: -------------------------------------------------------------------------------- 1 | //! This module implements the BN254 curve that was sampled as part of the [[BCTV14]][https://eprint.iacr.org/2013/879.pdf] paper . 2 | //! The name denotes that it is a Barreto--Naehrig curve of embedding degree 12, 3 | //! defined over a 254-bit (prime) field. The scalar field is highly 2-adic. 4 | //! 5 | //! This curve is also implemented in [libff](https://github.com/scipr-lab/libff/tree/master/libff/algebra/curves/alt_bn128) under the name `bn128`. 6 | //! It is the same as the `bn256` curve used in Ethereum (eg: [go-ethereum](https://github.com/ethereum/go-ethereum/tree/master/crypto/bn254/cloudflare)). 7 | //! 8 | //! #CAUTION 9 | //! **This curve does not satisfy the 128-bit security level anymore.** 10 | //! 11 | //! 12 | //! Curve information: 13 | //! * Base field: q = 14 | //! 21888242871839275222246405745257275088696311157297823662689037894645226208583 15 | //! * Scalar field: r = 16 | //! 21888242871839275222246405745257275088548364400416034343698204186575808495617 17 | //! * valuation(q - 1, 2) = 1 18 | //! * valuation(r - 1, 2) = 28 19 | //! * G1 curve equation: y^2 = x^3 + 3 20 | //! * G2 curve equation: y^2 = x^3 + B, where 21 | //! * B = 3/(u+9) where Fq2[u]=Fq/u+1 = 22 | //! Fq2(19485874751759354771024239261021720505790618469301721065564631296452457478373, 23 | //! 266929791119991161246907387137283842545076965332900288569378510910307636690) 24 | 25 | #[cfg(feature = "bn254")] 26 | mod curves; 27 | 28 | #[macro_use] 29 | mod fields; 30 | 31 | #[cfg(feature = "bn254")] 32 | pub use curves::*; 33 | 34 | pub use fields::*; 35 | -------------------------------------------------------------------------------- /algebra/src/bw6_761/curves/mod.rs: -------------------------------------------------------------------------------- 1 | use crate::{biginteger::BigInteger768 as BigInteger, bw6_761::*}; 2 | use algebra_core::curves::{ 3 | bw6, 4 | bw6::{BW6Parameters, TwistType, BW6}, 5 | }; 6 | 7 | pub mod g1; 8 | pub mod g2; 9 | 10 | #[cfg(test)] 11 | mod tests; 12 | 13 | #[derive(PartialEq, Eq)] 14 | pub struct Parameters; 15 | 16 | impl BW6Parameters for Parameters { 17 | const X: BigInteger = BigInteger([ 18 | 0x8508c00000000001, 19 | 0x0, 20 | 0x0, 21 | 0x0, 22 | 0x0, 23 | 0x0, 24 | 0x0, 25 | 0x0, 26 | 0x0, 27 | 0x0, 28 | 0x0, 29 | 0x0, 30 | ]); 31 | /// `x` is positive. 32 | const X_IS_NEGATIVE: bool = false; 33 | // X+1 34 | const ATE_LOOP_COUNT_1: &'static [u64] = &[0x8508c00000000002]; 35 | const ATE_LOOP_COUNT_1_IS_NEGATIVE: bool = false; 36 | // X^3-X^2-X 37 | const ATE_LOOP_COUNT_2: &'static [i8] = &[ 38 | -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 39 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 40 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 41 | 0, 0, 0, 1, 0, 0, 1, 0, 0, -1, 0, 1, 0, -1, 0, 0, 0, 0, -1, 0, 1, 0, 0, 0, 1, 0, 0, 0, 1, 42 | 0, 0, 1, 0, 1, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1, 0, -1, 0, 0, 0, 0, -1, 0, 0, 43 | 1, 0, 0, 0, -1, 0, 0, -1, 0, 1, 0, -1, 0, 0, 0, 1, 0, 0, 1, 0, -1, 0, 1, 0, 1, 0, 0, 0, 1, 44 | 0, -1, 0, -1, 0, 0, 0, 0, 0, 1, 0, 0, 1, 45 | ]; 46 | const ATE_LOOP_COUNT_2_IS_NEGATIVE: bool = false; 47 | const TWIST_TYPE: TwistType = TwistType::M; 48 | type Fp = Fq; 49 | type Fp3Params = Fq3Parameters; 50 | type Fp6Params = Fq6Parameters; 51 | type G1Parameters = g1::Parameters; 52 | type G2Parameters = g2::Parameters; 53 | } 54 | 55 | pub type BW6_761 = BW6; 56 | 57 | pub type G1Affine = bw6::G1Affine; 58 | pub type G1Projective = bw6::G1Projective; 59 | pub type G2Affine = bw6::G2Affine; 60 | pub type G2Projective = bw6::G2Projective; 61 | -------------------------------------------------------------------------------- /algebra/src/bw6_761/curves/tests.rs: -------------------------------------------------------------------------------- 1 | #![allow(unused_imports)] 2 | use crate::bw6_761::*; 3 | std_curve_tests!(BW6_761, Fq6); 4 | -------------------------------------------------------------------------------- /algebra/src/bw6_761/fields/fr.rs: -------------------------------------------------------------------------------- 1 | pub use crate::bls12_377::{Fq as Fr, FqParameters as FrParameters}; 2 | -------------------------------------------------------------------------------- /algebra/src/bw6_761/fields/mod.rs: -------------------------------------------------------------------------------- 1 | #[cfg(any(feature = "bw6_761", feature = "ed_on_cp6_782"))] 2 | pub mod fr; 3 | #[cfg(any(feature = "bw6_761", feature = "ed_on_cp6_782"))] 4 | pub use self::fr::*; 5 | 6 | #[cfg(feature = "bw6_761")] 7 | pub mod fq; 8 | #[cfg(feature = "bw6_761")] 9 | pub use self::fq::*; 10 | 11 | #[cfg(feature = "bw6_761")] 12 | pub mod fq3; 13 | #[cfg(feature = "bw6_761")] 14 | pub use self::fq3::*; 15 | 16 | #[cfg(feature = "bw6_761")] 17 | pub mod fq6; 18 | #[cfg(feature = "bw6_761")] 19 | pub use self::fq6::*; 20 | 21 | #[cfg(all(feature = "bw6_761", test))] 22 | mod tests; 23 | -------------------------------------------------------------------------------- /algebra/src/bw6_761/fields/tests.rs: -------------------------------------------------------------------------------- 1 | #![allow(unused_imports)] 2 | use algebra_core::{buffer_bit_byte_size, test_rng, CanonicalSerialize, Field, PrimeField}; 3 | use rand::Rng; 4 | 5 | use crate::bw6_761::*; 6 | 7 | use crate::tests::fields::{ 8 | field_serialization_test, field_test, frobenius_test, primefield_test, sqrt_field_test, 9 | }; 10 | 11 | #[test] 12 | #[cfg(feature = "prime_fields")] 13 | fn test_fr() { 14 | let mut rng = test_rng(); 15 | let a: Fr = rng.gen(); 16 | let b: Fr = rng.gen(); 17 | field_test(a, b); 18 | sqrt_field_test(a); 19 | primefield_test::(); 20 | } 21 | 22 | #[test] 23 | #[cfg(feature = "prime_fields")] 24 | fn test_fq() { 25 | let mut rng = test_rng(); 26 | let a: Fq = rng.gen(); 27 | let b: Fq = rng.gen(); 28 | field_test(a, b); 29 | primefield_test::(); 30 | sqrt_field_test(a); 31 | 32 | let byte_size = a.serialized_size(); 33 | let (_, buffer_size) = buffer_bit_byte_size(Fq::size_in_bits()); 34 | assert_eq!(byte_size, buffer_size); 35 | field_serialization_test::(byte_size); 36 | } 37 | 38 | #[test] 39 | #[cfg(feature = "extension_fields")] 40 | fn test_fq3() { 41 | let mut rng = test_rng(); 42 | let a: Fq3 = rng.gen(); 43 | let b: Fq3 = rng.gen(); 44 | field_test(a, b); 45 | sqrt_field_test(a); 46 | frobenius_test::(Fq::characteristic(), 13); 47 | } 48 | 49 | #[test] 50 | #[cfg(feature = "extension_fields")] 51 | fn test_fq6() { 52 | let mut rng = test_rng(); 53 | let a: Fq6 = rng.gen(); 54 | let b: Fq6 = rng.gen(); 55 | field_test(a, b); 56 | frobenius_test::(Fq::characteristic(), 13); 57 | } 58 | -------------------------------------------------------------------------------- /algebra/src/bw6_761/mod.rs: -------------------------------------------------------------------------------- 1 | //! This module implements the BW6_761 curve generated in [[EG20]](https://eprint.iacr.org/2020/351). 2 | //! The name denotes that it is a curve generated using the Brezing--Weng 3 | //! method, and that its embedding degree is 6. 4 | //! The main feature of this curve is that the scalar field equals the base 5 | //! field of the BLS12_377 curve. 6 | //! 7 | //! Curve information: 8 | //! * Base field: q = 6891450384315732539396789682275657542479668912536150109513790160209623422243491736087683183289411687640864567753786613451161759120554247759349511699125301598951605099378508850372543631423596795951899700429969112842764913119068299 9 | //! * Scalar field: r = 258664426012969094010652733694893533536393512754914660539884262666720468348340822774968888139573360124440321458177 10 | //! * valuation(q - 1, 2) = 1 11 | //! * valuation(r - 1, 2) = 46 12 | //! 13 | //! G1 curve equation: y^2 = x^3 + ax + b, where 14 | //! * a = 0, 15 | //! * b = -1, 16 | //! 17 | //! G2 curve equation: y^2 = x^3 + Ax + B 18 | //! * A = 0 19 | //! * B = 4 20 | 21 | #[cfg(feature = "bw6_761")] 22 | mod curves; 23 | mod fields; 24 | 25 | #[cfg(feature = "bw6_761")] 26 | pub use curves::*; 27 | pub use fields::*; 28 | -------------------------------------------------------------------------------- /algebra/src/cp6_782/curves/tests.rs: -------------------------------------------------------------------------------- 1 | #![allow(unused_imports)] 2 | use crate::cp6_782::*; 3 | std_curve_tests!(CP6_782, Fq6); 4 | -------------------------------------------------------------------------------- /algebra/src/cp6_782/fields/fr.rs: -------------------------------------------------------------------------------- 1 | pub use crate::bls12_377::{Fq as Fr, FqParameters as FrParameters}; 2 | -------------------------------------------------------------------------------- /algebra/src/cp6_782/fields/mod.rs: -------------------------------------------------------------------------------- 1 | #[cfg(any( 2 | feature = "cp6_782", 3 | feature = "ed_on_cp6_782", 4 | feature = "ed_on_bw6_761" 5 | ))] 6 | pub mod fr; 7 | #[cfg(any( 8 | feature = "cp6_782", 9 | feature = "ed_on_cp6_782", 10 | feature = "ed_on_bw6_761" 11 | ))] 12 | pub use self::fr::*; 13 | 14 | #[cfg(feature = "cp6_782")] 15 | pub mod fq; 16 | #[cfg(feature = "cp6_782")] 17 | pub use self::fq::*; 18 | 19 | #[cfg(feature = "cp6_782")] 20 | pub mod fq3; 21 | #[cfg(feature = "cp6_782")] 22 | pub use self::fq3::*; 23 | 24 | #[cfg(feature = "cp6_782")] 25 | pub mod fq6; 26 | #[cfg(feature = "cp6_782")] 27 | pub use self::fq6::*; 28 | 29 | #[cfg(all(feature = "cp6_782", test))] 30 | mod tests; 31 | -------------------------------------------------------------------------------- /algebra/src/cp6_782/fields/tests.rs: -------------------------------------------------------------------------------- 1 | #![allow(unused_imports)] 2 | use algebra_core::{buffer_bit_byte_size, test_rng, CanonicalSerialize, Field, PrimeField}; 3 | use rand::Rng; 4 | 5 | use crate::cp6_782::*; 6 | 7 | use crate::tests::fields::{ 8 | field_serialization_test, field_test, frobenius_test, primefield_test, sqrt_field_test, 9 | }; 10 | 11 | #[test] 12 | #[cfg(feature = "prime_fields")] 13 | fn test_fr() { 14 | let mut rng = test_rng(); 15 | let a: Fr = rng.gen(); 16 | let b: Fr = rng.gen(); 17 | field_test(a, b); 18 | sqrt_field_test(a); 19 | primefield_test::(); 20 | } 21 | 22 | #[test] 23 | #[cfg(feature = "prime_fields")] 24 | fn test_fq() { 25 | let mut rng = test_rng(); 26 | let a: Fq = rng.gen(); 27 | let b: Fq = rng.gen(); 28 | field_test(a, b); 29 | primefield_test::(); 30 | sqrt_field_test(a); 31 | 32 | let byte_size = a.serialized_size(); 33 | let (_, buffer_size) = buffer_bit_byte_size(Fq::size_in_bits()); 34 | assert_eq!(byte_size, buffer_size); 35 | field_serialization_test::(byte_size); 36 | } 37 | 38 | #[test] 39 | #[cfg(feature = "extension_fields")] 40 | fn test_fq3() { 41 | let mut rng = test_rng(); 42 | let a: Fq3 = rng.gen(); 43 | let b: Fq3 = rng.gen(); 44 | field_test(a, b); 45 | sqrt_field_test(a); 46 | frobenius_test::(Fq::characteristic(), 13); 47 | } 48 | 49 | #[test] 50 | #[cfg(feature = "extension_fields")] 51 | fn test_fq6() { 52 | let mut rng = test_rng(); 53 | let a: Fq6 = rng.gen(); 54 | let b: Fq6 = rng.gen(); 55 | field_test(a, b); 56 | frobenius_test::(Fq::characteristic(), 13); 57 | } 58 | -------------------------------------------------------------------------------- /algebra/src/cp6_782/mod.rs: -------------------------------------------------------------------------------- 1 | //! This module implements the CP6_782 curve generated in [[BCGMMW20, “Zexe”]](https://eprint.iacr.org/2018/962). 2 | //! The name denotes that it was generated using the Cocks--Pinch method for the 3 | //! embedding degree 6. The main feature of this curve is that the scalar field 4 | //! equals the base field of the BLS12_377 curve. 5 | //! 6 | //! Curve information: 7 | //! * Base field: q = 22369874298875696930346742206501054934775599465297184582183496627646774052458024540232479018147881220178054575403841904557897715222633333372134756426301062487682326574958588001132586331462553235407484089304633076250782629492557320825577 8 | //! * Scalar field: r = 258664426012969094010652733694893533536393512754914660539884262666720468348340822774968888139573360124440321458177 9 | //! * valuation(q - 1, 2) = 3 10 | //! * valuation(r - 1, 2) = 46 11 | //! 12 | //! G1 curve equation: y^2 = x^3 + ax + b, where 13 | //! * a = 5, 14 | //! * b = 17764315118651679038286329069295091506801468118146712649886336045535808055361274148466772191243305528312843236347777260247138934336850548243151534538734724191505953341403463040067571652261229308333392040104884438208594329793895206056414, 15 | //! 16 | //! G2 curve equation: y^2 = x^3 + Ax + B 17 | //! * A = Fq3(0, 0, 5) 18 | //! * B = Fq3(7237353553714858194254855835825640240663090882935418626687402315497764195116318527743248304684159666286416318482685337633828994152723793439622384740540789612754127688659139509552568164770448654259255628317166934203899992395064470477612, 0, 0) 19 | 20 | #[cfg(feature = "cp6_782")] 21 | mod curves; 22 | mod fields; 23 | 24 | #[cfg(feature = "cp6_782")] 25 | pub use curves::*; 26 | pub use fields::*; 27 | -------------------------------------------------------------------------------- /algebra/src/ed_on_bls12_377/curves/tests.rs: -------------------------------------------------------------------------------- 1 | #![allow(unused_imports)] 2 | use crate::ed_on_bls12_377::*; 3 | edwards_curve_tests!(); 4 | -------------------------------------------------------------------------------- /algebra/src/ed_on_bls12_377/fields/fq.rs: -------------------------------------------------------------------------------- 1 | pub use crate::bls12_377::{Fr as Fq, FrParameters as FqParameters}; 2 | -------------------------------------------------------------------------------- /algebra/src/ed_on_bls12_377/fields/mod.rs: -------------------------------------------------------------------------------- 1 | pub mod fq; 2 | pub mod fr; 3 | 4 | pub use fq::*; 5 | pub use fr::*; 6 | 7 | #[cfg(all(feature = "ed_on_bls12_377", test, feature = "prime_fields"))] 8 | mod tests; 9 | -------------------------------------------------------------------------------- /algebra/src/ed_on_bls12_377/fields/tests.rs: -------------------------------------------------------------------------------- 1 | use crate::tests::fields::{field_test, primefield_test}; 2 | use algebra_core::test_rng; 3 | use rand::Rng; 4 | 5 | use crate::ed_on_bls12_377::{Fq, Fr}; 6 | 7 | #[test] 8 | fn test_fr() { 9 | let mut rng = test_rng(); 10 | let a: Fr = rng.gen(); 11 | let b: Fr = rng.gen(); 12 | field_test(a, b); 13 | primefield_test::(); 14 | } 15 | 16 | #[test] 17 | fn test_fq() { 18 | let mut rng = test_rng(); 19 | let a: Fq = rng.gen(); 20 | let b: Fq = rng.gen(); 21 | field_test(a, b); 22 | primefield_test::(); 23 | } 24 | -------------------------------------------------------------------------------- /algebra/src/ed_on_bls12_377/mod.rs: -------------------------------------------------------------------------------- 1 | //! This module implements a twisted Edwards curve whose base field is the 2 | //! scalar field of the curve BLS12-377. This allows defining cryptographic 3 | //! primitives that use elliptic curves over the scalar field of the latter 4 | //! curve. This curve was generated as part of the paper [[BCGMMW20, “Zexe”]](https://eprint.iacr.org/2018/962). 5 | //! 6 | //! Curve information: 7 | //! * Base field: q = 8 | //! 8444461749428370424248824938781546531375899335154063827935233455917409239041 9 | //! * Scalar field: r = 10 | //! 2111115437357092606062206234695386632838870926408408195193685246394721360383 11 | //! * Valuation(q - 1, 2) = 47 12 | //! * Valuation(r - 1, 2) = 1 13 | //! * Curve equation: ax^2 + y^2 =1 + dx^2y^2, where 14 | //! * a = -1 15 | //! * d = 3021 16 | 17 | mod curves; 18 | mod fields; 19 | 20 | pub use curves::*; 21 | pub use fields::*; 22 | -------------------------------------------------------------------------------- /algebra/src/ed_on_bls12_381/curves/tests.rs: -------------------------------------------------------------------------------- 1 | #![allow(unused_imports)] 2 | use crate::ed_on_bls12_381::*; 3 | use algebra_core::{FromBytes, ToBytes, Zero}; 4 | use core::str::FromStr; 5 | edwards_curve_tests!(); 6 | 7 | #[test] 8 | #[cfg(feature = "all_tests")] 9 | fn test_scalar_multiplication() { 10 | println!("Started getting field elements"); 11 | let f1 = Fr::from_str( 12 | "4691331900926794624732159288782398864809513177368446695323460897088210774597", 13 | ) 14 | .unwrap(); 15 | let f2 = Fr::from_str( 16 | "1305028103380024953477151132159456965337646722479526711736847301646466538045", 17 | ) 18 | .unwrap(); 19 | 20 | println!("Finished getting field elements"); 21 | let g = EdwardsAffine::from_str( 22 | "(1158870117176967269192899343636553522971009777237254192973081388797299308391, \ 23 | 36933624999642413792569726058244472742169727126562409632889593958355839948294)", 24 | ) 25 | .unwrap(); 26 | let f1f2g = EdwardsAffine::from_str( 27 | "(12638652891150111215300246576936483137884466359309882317048163368620501191944, \ 28 | 38385045634663742820428406709832518145724237919360177362175527604556651918148)", 29 | ) 30 | .unwrap(); 31 | 32 | println!("Finished getting group elements"); 33 | 34 | assert!(!g.is_zero()); 35 | assert!(!f1f2g.is_zero()); 36 | 37 | let f1g = g.mul(f1).into_affine(); 38 | println!("f1: {:?}", f1); 39 | println!("f2: {:?}", f2); 40 | println!("g: {:?}", g); 41 | println!("f1f2g: {:?}", f1f2g); 42 | assert_eq!(g.mul(f1 * &f2).into_affine(), f1f2g); 43 | assert_eq!(f1g.mul(f2).into_affine(), f1f2g); 44 | } 45 | 46 | #[test] 47 | #[cfg(feature = "all_tests")] 48 | fn test_bytes() { 49 | let g_from_repr = EdwardsAffine::from_str( 50 | "(1158870117176967269192899343636553522971009777237254192973081388797299308391, \ 51 | 36933624999642413792569726058244472742169727126562409632889593958355839948294)", 52 | ) 53 | .unwrap(); 54 | 55 | let g_bytes = algebra_core::to_bytes![g_from_repr].unwrap(); 56 | let g = EdwardsAffine::read(g_bytes.as_slice()).unwrap(); 57 | assert_eq!(g_from_repr, g); 58 | } 59 | -------------------------------------------------------------------------------- /algebra/src/ed_on_bls12_381/fields/fq.rs: -------------------------------------------------------------------------------- 1 | pub use crate::bls12_381::{Fr as Fq, FrParameters as FqParameters}; 2 | -------------------------------------------------------------------------------- /algebra/src/ed_on_bls12_381/fields/fr.rs: -------------------------------------------------------------------------------- 1 | use algebra_core::{ 2 | biginteger::BigInteger256 as BigInteger, 3 | fields::{FftParameters, Fp256, Fp256Parameters, FpParameters}, 4 | }; 5 | 6 | pub type Fr = Fp256; 7 | 8 | pub struct FrParameters; 9 | 10 | impl Fp256Parameters for FrParameters {} 11 | impl FftParameters for FrParameters { 12 | type BigInt = BigInteger; 13 | 14 | const TWO_ADICITY: u32 = 1; 15 | 16 | #[rustfmt::skip] 17 | const TWO_ADIC_ROOT_OF_UNITY: BigInteger = BigInteger([ 18 | 0xaa9f02ab1d6124de, 19 | 0xb3524a6466112932, 20 | 0x7342261215ac260b, 21 | 0x4d6b87b1da259e2, 22 | ]); 23 | } 24 | impl FpParameters for FrParameters { 25 | /// MODULUS = 6554484396890773809930967563523245729705921265872317281365359162392183254199. 26 | #[rustfmt::skip] 27 | const MODULUS: BigInteger = BigInteger([ 28 | 0xd0970e5ed6f72cb7, 29 | 0xa6682093ccc81082, 30 | 0x6673b0101343b00, 31 | 0xe7db4ea6533afa9, 32 | ]); 33 | 34 | const MODULUS_BITS: u32 = 252; 35 | 36 | const CAPACITY: u32 = Self::MODULUS_BITS - 1; 37 | 38 | const REPR_SHAVE_BITS: u32 = 4; 39 | 40 | #[rustfmt::skip] 41 | const R: BigInteger = BigInteger([ 42 | 0x25f80bb3b99607d9, 43 | 0xf315d62f66b6e750, 44 | 0x932514eeeb8814f4, 45 | 0x9a6fc6f479155c6, 46 | ]); 47 | 48 | #[rustfmt::skip] 49 | const R2: BigInteger = BigInteger([ 50 | 0x67719aa495e57731, 51 | 0x51b0cef09ce3fc26, 52 | 0x69dab7fac026e9a5, 53 | 0x4f6547b8d127688, 54 | ]); 55 | 56 | const INV: u64 = 0x1ba3a358ef788ef9; 57 | 58 | #[rustfmt::skip] 59 | const GENERATOR: BigInteger = BigInteger([ 60 | 0x720b1b19d49ea8f1, 61 | 0xbf4aa36101f13a58, 62 | 0x5fa8cc968193ccbb, 63 | 0xe70cbdc7dccf3ac, 64 | ]); 65 | 66 | const MODULUS_MINUS_ONE_DIV_TWO: BigInteger = BigInteger([ 67 | 7515249040934278747, 68 | 5995434913520945217, 69 | 9454073218019761536, 70 | 522094803716528084, 71 | ]); 72 | 73 | const T: BigInteger = Self::MODULUS_MINUS_ONE_DIV_TWO; 74 | 75 | const T_MINUS_ONE_DIV_TWO: BigInteger = BigInteger([ 76 | 12980996557321915181, 77 | 2997717456760472608, 78 | 4727036609009880768, 79 | 261047401858264042, 80 | ]); 81 | } 82 | -------------------------------------------------------------------------------- /algebra/src/ed_on_bls12_381/fields/mod.rs: -------------------------------------------------------------------------------- 1 | pub mod fq; 2 | pub mod fr; 3 | 4 | pub use fq::*; 5 | pub use fr::*; 6 | 7 | #[cfg(all(feature = "ed_on_bls12_381", test, feature = "prime_fields"))] 8 | mod tests; 9 | -------------------------------------------------------------------------------- /algebra/src/ed_on_bls12_381/mod.rs: -------------------------------------------------------------------------------- 1 | //! This module implements a twisted Edwards curve whose base field is the 2 | //! scalar field of the curve BLS12-377. This allows defining cryptographic 3 | //! primitives that use elliptic curves over the scalar field of the latter 4 | //! curve. This curve was generated by Sean Bowe, and is also known as [Jubjub](https://github.com/zkcrypto/jubjub). 5 | //! 6 | //! Curve information: 7 | //! * Base field: q = 8 | //! 52435875175126190479447740508185965837690552500527637822603658699938581184513 9 | //! * Scalar field: r = 10 | //! 6554484396890773809930967563523245729705921265872317281365359162392183254199 11 | //! * Valuation(q - 1, 2) = 32 12 | //! * Valuation(r - 1, 2) = 1 13 | //! * Curve equation: ax^2 + y^2 =1 + dx^2y^2, where 14 | //! * a = -1 15 | //! * d = -(10240/10241) 16 | 17 | mod curves; 18 | mod fields; 19 | 20 | pub use curves::*; 21 | pub use fields::*; 22 | -------------------------------------------------------------------------------- /algebra/src/ed_on_bn254/curves/tests.rs: -------------------------------------------------------------------------------- 1 | #![allow(unused_imports)] 2 | use crate::ed_on_bn254::*; 3 | use algebra_core::{FromBytes, ToBytes, Zero}; 4 | use core::str::FromStr; 5 | edwards_curve_tests!(); 6 | 7 | #[test] 8 | #[cfg(feature = "all_tests")] 9 | fn test_scalar_multiplication() { 10 | println!("Started getting field elements"); 11 | let f1 = Fr::from_str( 12 | "4691331900926794624732159288782398864809513177368446695323460897088210774597", 13 | ) 14 | .unwrap(); 15 | let f2 = Fr::from_str( 16 | "1305028103380024953477151132159456965337646722479526711736847301646466538045", 17 | ) 18 | .unwrap(); 19 | 20 | println!("Finished getting field elements"); 21 | let g = EdwardsAffine::from_str( 22 | "(15863623088992515880085393097393553694825975317405843389771115419751650972659, \ 23 | 16950150798460657717958625567821834550301663161624707787222815936182638968203)", 24 | ) 25 | .unwrap(); 26 | let f1f2g = EdwardsAffine::from_str( 27 | "(20773645713088336957786354488799297695596635653208610804806657050882264237947, \ 28 | 19987327827845206670850937090314462639017692512983955920885166014935289314257)", 29 | ) 30 | .unwrap(); 31 | 32 | println!("Finished getting group elements"); 33 | 34 | assert!(!g.is_zero()); 35 | assert!(!f1f2g.is_zero()); 36 | 37 | let f1g = g.mul(f1).into_affine(); 38 | assert_eq!(g.mul(f1 * &f2).into_affine(), f1f2g); 39 | assert_eq!(f1g.mul(f2).into_affine(), f1f2g); 40 | } 41 | 42 | #[test] 43 | #[cfg(feature = "all_tests")] 44 | fn test_bytes() { 45 | let g_from_repr = EdwardsAffine::from_str( 46 | "(15863623088992515880085393097393553694825975317405843389771115419751650972659, \ 47 | 16950150798460657717958625567821834550301663161624707787222815936182638968203)", 48 | ) 49 | .unwrap(); 50 | 51 | let g_bytes = algebra_core::to_bytes![g_from_repr].unwrap(); 52 | let g = EdwardsAffine::read(g_bytes.as_slice()).unwrap(); 53 | assert_eq!(g_from_repr, g); 54 | } 55 | -------------------------------------------------------------------------------- /algebra/src/ed_on_bn254/fields/fq.rs: -------------------------------------------------------------------------------- 1 | pub use crate::bn254::{Fr as Fq, FrParameters as FqParameters}; 2 | -------------------------------------------------------------------------------- /algebra/src/ed_on_bn254/fields/mod.rs: -------------------------------------------------------------------------------- 1 | pub mod fq; 2 | pub mod fr; 3 | 4 | pub use fq::*; 5 | pub use fr::*; 6 | 7 | #[cfg(all(feature = "ed_on_bn254", test, feature = "prime_fields"))] 8 | mod tests; 9 | -------------------------------------------------------------------------------- /algebra/src/ed_on_bn254/mod.rs: -------------------------------------------------------------------------------- 1 | //! This module implements a twisted Edwards curve whose base field is the 2 | //! scalar field of the curve BN254. This allows defining cryptographic 3 | //! primitives that use elliptic curves over the scalar field of the latter curve. This curve is also known as [Baby-Jubjub](https://github.com/barryWhiteHat/baby_jubjub). 4 | //! 5 | //! Curve information: 6 | //! * Base field: q = 7 | //! 21888242871839275222246405745257275088548364400416034343698204186575808495617 8 | //! * Scalar field: r = 9 | //! 2736030358979909402780800718157159386076813972158567259200215660948447373041 10 | //! * Valuation(q - 1, 2) = 28 11 | //! * Valuation(r - 1, 2) = 4 12 | //! * Curve equation: ax^2 + y^2 =1 + dx^2y^2, where 13 | //! * a = 1 14 | //! * d = 168696/168700 mod q = 15 | //! 9706598848417545097372247223557719406784115219466060233080913168975159366771 16 | 17 | mod curves; 18 | mod fields; 19 | 20 | pub use curves::*; 21 | pub use fields::*; 22 | -------------------------------------------------------------------------------- /algebra/src/ed_on_bw6_761/mod.rs: -------------------------------------------------------------------------------- 1 | //! This module implements a twisted Edwards curve whose base field is the 2 | //! scalar field of the curve BW6_761. *It is the same curve as that in 3 | //! `crate::ed_on_cp6_782`.* This allows defining cryptographic primitives that 4 | //! use elliptic curves over the scalar field of the latter curve. This curve 5 | //! was generated as part of the paper [[BCGMMW20, “Zexe”]](https://eprint.iacr.org/2018/962). 6 | //! 7 | //! Curve information: 8 | //! * Base field: q = 258664426012969094010652733694893533536393512754914660539884262666720468348340822774968888139573360124440321458177 9 | //! * Scalar field: r = 32333053251621136751331591711861691692049189094364332567435817881934511297123972799646723302813083835942624121493 10 | //! * Valuation(q - 1, 2) = 46 11 | //! * Valuation(r - 1, 2) = 2 12 | //! * Curve equation: ax^2 + y^2 =1 + dx^2y^2, where 13 | //! * a = -1 14 | //! * d = 79743 15 | 16 | pub use crate::ed_on_cp6_782::*; 17 | -------------------------------------------------------------------------------- /algebra/src/ed_on_cp6_782/curves/tests.rs: -------------------------------------------------------------------------------- 1 | #![allow(unused_imports)] 2 | use crate::ed_on_cp6_782::*; 3 | edwards_curve_tests!(); 4 | -------------------------------------------------------------------------------- /algebra/src/ed_on_cp6_782/fields/fq.rs: -------------------------------------------------------------------------------- 1 | pub use crate::cp6_782::{Fr as Fq, FrParameters as FqParameters}; 2 | -------------------------------------------------------------------------------- /algebra/src/ed_on_cp6_782/fields/mod.rs: -------------------------------------------------------------------------------- 1 | pub mod fq; 2 | pub mod fr; 3 | 4 | pub use fq::*; 5 | pub use fr::*; 6 | 7 | #[cfg(all(feature = "ed_on_cp6_782", test, feature = "prime_fields"))] 8 | mod tests; 9 | -------------------------------------------------------------------------------- /algebra/src/ed_on_cp6_782/fields/tests.rs: -------------------------------------------------------------------------------- 1 | use crate::tests::fields::{field_test, primefield_test}; 2 | use algebra_core::test_rng; 3 | use rand::Rng; 4 | 5 | use crate::ed_on_cp6_782::{Fq, Fr}; 6 | 7 | #[test] 8 | fn test_fr() { 9 | let mut rng = test_rng(); 10 | let a: Fr = rng.gen(); 11 | let b: Fr = rng.gen(); 12 | field_test(a, b); 13 | primefield_test::(); 14 | } 15 | 16 | #[test] 17 | fn test_fq() { 18 | let mut rng = test_rng(); 19 | let a: Fq = rng.gen(); 20 | let b: Fq = rng.gen(); 21 | field_test(a, b); 22 | primefield_test::(); 23 | } 24 | -------------------------------------------------------------------------------- /algebra/src/ed_on_cp6_782/mod.rs: -------------------------------------------------------------------------------- 1 | //! This module implements a twisted Edwards curve whose base field is the 2 | //! scalar field of the curve CP6. This allows defining cryptographic primitives 3 | //! that use elliptic curves over the scalar field of the latter curve. This curve was generated as part of the paper [[BCGMMW20, “Zexe”]](https://eprint.iacr.org/2018/962). 4 | //! 5 | //! Curve information: 6 | //! * Base field: q = 258664426012969094010652733694893533536393512754914660539884262666720468348340822774968888139573360124440321458177 7 | //! * Scalar field: r = 32333053251621136751331591711861691692049189094364332567435817881934511297123972799646723302813083835942624121493 8 | //! * Valuation(q - 1, 2) = 46 9 | //! * Valuation(r - 1, 2) = 2 10 | //! * Curve equation: ax^2 + y^2 =1 + dx^2y^2, where 11 | //! * a = -1 12 | //! * d = 79743 13 | 14 | mod curves; 15 | mod fields; 16 | 17 | pub use curves::*; 18 | pub use fields::*; 19 | -------------------------------------------------------------------------------- /algebra/src/ed_on_mnt4_298/curves/tests.rs: -------------------------------------------------------------------------------- 1 | #![allow(unused_imports)] 2 | use crate::ed_on_mnt4_298::*; 3 | edwards_curve_tests!(); 4 | -------------------------------------------------------------------------------- /algebra/src/ed_on_mnt4_298/fields/fq.rs: -------------------------------------------------------------------------------- 1 | pub use crate::mnt4_298::{Fr as Fq, FrParameters as FqParameters}; 2 | -------------------------------------------------------------------------------- /algebra/src/ed_on_mnt4_298/fields/mod.rs: -------------------------------------------------------------------------------- 1 | pub mod fq; 2 | pub mod fr; 3 | 4 | pub use fq::*; 5 | pub use fr::*; 6 | 7 | #[cfg(all(feature = "ed_on_mnt4_298", test, feature = "prime_fields"))] 8 | mod tests; 9 | -------------------------------------------------------------------------------- /algebra/src/ed_on_mnt4_298/fields/tests.rs: -------------------------------------------------------------------------------- 1 | #![allow(unused_imports)] 2 | use crate::tests::fields::{field_test, primefield_test}; 3 | use algebra_core::test_rng; 4 | use rand::Rng; 5 | 6 | use crate::ed_on_mnt4_298::{Fq, Fr}; 7 | 8 | #[test] 9 | fn test_fr() { 10 | let mut rng = test_rng(); 11 | let a: Fr = rng.gen(); 12 | let b: Fr = rng.gen(); 13 | field_test(a, b); 14 | primefield_test::(); 15 | } 16 | 17 | #[test] 18 | fn test_fq() { 19 | let mut rng = test_rng(); 20 | let a: Fq = rng.gen(); 21 | let b: Fq = rng.gen(); 22 | field_test(a, b); 23 | primefield_test::(); 24 | } 25 | -------------------------------------------------------------------------------- /algebra/src/ed_on_mnt4_298/mod.rs: -------------------------------------------------------------------------------- 1 | mod curves; 2 | mod fields; 3 | 4 | pub use curves::*; 5 | pub use fields::*; 6 | -------------------------------------------------------------------------------- /algebra/src/ed_on_mnt4_753/curves/tests.rs: -------------------------------------------------------------------------------- 1 | #![allow(unused_imports)] 2 | use crate::ed_on_mnt4_753::*; 3 | edwards_curve_tests!(); 4 | -------------------------------------------------------------------------------- /algebra/src/ed_on_mnt4_753/fields/fq.rs: -------------------------------------------------------------------------------- 1 | pub use crate::mnt4_753::{Fr as Fq, FrParameters as FqParameters}; 2 | -------------------------------------------------------------------------------- /algebra/src/ed_on_mnt4_753/fields/mod.rs: -------------------------------------------------------------------------------- 1 | pub mod fq; 2 | pub mod fr; 3 | 4 | pub use fq::*; 5 | pub use fr::*; 6 | 7 | #[cfg(all(feature = "ed_on_mnt4_753", test, feature = "prime_fields"))] 8 | mod tests; 9 | -------------------------------------------------------------------------------- /algebra/src/ed_on_mnt4_753/fields/tests.rs: -------------------------------------------------------------------------------- 1 | #![allow(unused_imports)] 2 | use crate::tests::fields::{field_test, primefield_test}; 3 | use algebra_core::test_rng; 4 | use rand::Rng; 5 | 6 | use crate::ed_on_mnt4_753::{Fq, Fr}; 7 | 8 | #[test] 9 | fn test_fr() { 10 | let mut rng = test_rng(); 11 | let a: Fr = rng.gen(); 12 | let b: Fr = rng.gen(); 13 | field_test(a, b); 14 | primefield_test::(); 15 | } 16 | 17 | #[test] 18 | fn test_fq() { 19 | let mut rng = test_rng(); 20 | let a: Fq = rng.gen(); 21 | let b: Fq = rng.gen(); 22 | field_test(a, b); 23 | primefield_test::(); 24 | } 25 | -------------------------------------------------------------------------------- /algebra/src/ed_on_mnt4_753/mod.rs: -------------------------------------------------------------------------------- 1 | mod curves; 2 | mod fields; 3 | 4 | pub use curves::*; 5 | pub use fields::*; 6 | -------------------------------------------------------------------------------- /algebra/src/mnt4_298/curves/tests.rs: -------------------------------------------------------------------------------- 1 | #![allow(unused_imports)] 2 | use crate::mnt4_298::*; 3 | std_curve_tests!(MNT4_298, Fq4); 4 | -------------------------------------------------------------------------------- /algebra/src/mnt4_298/fields/fq.rs: -------------------------------------------------------------------------------- 1 | pub use crate::mnt6_298::{Fr as Fq, FrParameters as FqParameters}; 2 | -------------------------------------------------------------------------------- /algebra/src/mnt4_298/fields/fq2.rs: -------------------------------------------------------------------------------- 1 | use crate::mnt4_298::{Fq, FQ_ONE}; 2 | use algebra_core::{ 3 | biginteger::BigInteger320 as BigInteger, 4 | field_new, 5 | fields::fp2::{Fp2, Fp2Parameters}, 6 | }; 7 | 8 | pub type Fq2 = Fp2; 9 | 10 | pub struct Fq2Parameters; 11 | 12 | impl Fp2Parameters for Fq2Parameters { 13 | type Fp = Fq; 14 | 15 | /// The quadratic non-residue (17) used to construct the extension is 16 | /// the same as that used in [`libff`](https://github.com/scipr-lab/libff/blob/c927821ebe02e0a24b5e0f9170cec5e211a35f08/libff/algebra/curves/mnt/mnt4/mnt4_init.cpp#L102). 17 | #[rustfmt::skip] 18 | const NONRESIDUE: Fq = field_new!(Fq, BigInteger([ 19 | 2709730703260633621, 20 | 13556085429182073539, 21 | 10903316137158576359, 22 | 5319113788683590444, 23 | 4022235209932, 24 | ])); 25 | 26 | /// The quadratic non-residue in Fp2 that is used 27 | /// in the computation of square roots is (8, 1), the same as that in 28 | /// [`libff`](https://github.com/scipr-lab/libff/blob/c927821ebe02e0a24b5e0f9170cec5e211a35f08/libff/algebra/curves/mnt/mnt4/mnt4_init.cpp#L103) 29 | const QUADRATIC_NONRESIDUE: (Self::Fp, Self::Fp) = ( 30 | field_new!( 31 | Fq, 32 | BigInteger([ 33 | 7706310747053761245, 34 | 9941175645274129776, 35 | 14857322459377157960, 36 | 7030003475866554129, 37 | 3101682770110 38 | ]) 39 | ), 40 | FQ_ONE, 41 | ); 42 | 43 | /// Precomputed coefficients: 44 | /// `[1, 475922286169261325753349249653048451545124879242694725395555128576210262817955800483758080]` 45 | const FROBENIUS_COEFF_FP2_C1: &'static [Self::Fp] = &[ 46 | FQ_ONE, 47 | field_new!( 48 | Fq, 49 | BigInteger([ 50 | 12702890790846888869, 51 | 6326265861366186013, 52 | 364584707886187945, 53 | 8740893163049517815, 54 | 2181130330288 55 | ]) 56 | ), 57 | ]; 58 | } 59 | -------------------------------------------------------------------------------- /algebra/src/mnt4_298/fields/fq4.rs: -------------------------------------------------------------------------------- 1 | use crate::mnt4_298::{Fq, Fq2, Fq2Parameters, FQ_ONE, FQ_ZERO}; 2 | use algebra_core::{ 3 | biginteger::BigInteger320 as BigInteger, 4 | field_new, 5 | fields::fp4::{Fp4, Fp4Parameters}, 6 | }; 7 | 8 | pub type Fq4 = Fp4; 9 | 10 | pub struct Fq4Parameters; 11 | 12 | impl Fp4Parameters for Fq4Parameters { 13 | type Fp2Params = Fq2Parameters; 14 | 15 | const NONRESIDUE: Fq2 = field_new!(Fq2, FQ_ZERO, FQ_ONE); 16 | 17 | // Coefficients for the Frobenius automorphism. 18 | // c1[0] = 1, 19 | // c1[1] = 7684163245453501615621351552473337069301082060976805004625011694147890954040864167002308 20 | // c1[2] = 475922286169261325753349249653048451545124879242694725395555128576210262817955800483758080 21 | // c1[3] = 468238122923807824137727898100575114475823797181717920390930116882062371863914936316755773 22 | #[rustfmt::skip] 23 | const FROBENIUS_COEFF_FP4_C1: &'static [Fq] = &[ 24 | FQ_ONE, 25 | field_new!( 26 | Fq, 27 | BigInteger([ 28 | 16439849825752526567, 29 | 14772594681319164557, 30 | 16175669228740845684, 31 | 4590896976404796446, 32 | 3810243174413 33 | ]) 34 | ), 35 | field_new!( 36 | Fq, 37 | BigInteger([ 38 | 12702890790846888869, 39 | 6326265861366186013, 40 | 364584707886187945, 41 | 8740893163049517815, 42 | 2181130330288 43 | ]) 44 | ), 45 | field_new!( 46 | Fq, 47 | BigInteger([ 48 | 16494084033238978842, 49 | 8405712270147289988, 50 | 16893921313687769205, 51 | 7111183964905832559, 52 | 299901908070 53 | ]) 54 | ), 55 | ]; 56 | } 57 | -------------------------------------------------------------------------------- /algebra/src/mnt4_298/fields/fr.rs: -------------------------------------------------------------------------------- 1 | pub use crate::mnt6_298::{Fq as Fr, FqParameters as FrParameters}; 2 | -------------------------------------------------------------------------------- /algebra/src/mnt4_298/fields/mod.rs: -------------------------------------------------------------------------------- 1 | pub mod fr; 2 | pub use self::fr::*; 3 | 4 | pub mod fq; 5 | pub use self::fq::*; 6 | 7 | pub mod fq2; 8 | pub use self::fq2::*; 9 | 10 | pub mod fq4; 11 | pub use self::fq4::*; 12 | 13 | #[cfg(all(feature = "mnt4_298", test))] 14 | #[cfg(test)] 15 | mod tests; 16 | -------------------------------------------------------------------------------- /algebra/src/mnt4_298/fields/tests.rs: -------------------------------------------------------------------------------- 1 | #![allow(unused_imports)] 2 | use algebra_core::{test_rng, Field}; 3 | use rand::Rng; 4 | 5 | use crate::mnt4_298::*; 6 | 7 | use crate::tests::fields::{field_test, frobenius_test, primefield_test, sqrt_field_test}; 8 | 9 | #[test] 10 | #[cfg(feature = "prime_fields")] 11 | fn test_fr() { 12 | let mut rng = test_rng(); 13 | let a: Fr = rng.gen(); 14 | let b: Fr = rng.gen(); 15 | field_test(a, b); 16 | sqrt_field_test(a); 17 | primefield_test::(); 18 | } 19 | 20 | #[test] 21 | #[cfg(feature = "prime_fields")] 22 | fn test_fq() { 23 | let mut rng = test_rng(); 24 | let a: Fq = rng.gen(); 25 | let b: Fq = rng.gen(); 26 | field_test(a, b); 27 | sqrt_field_test(a); 28 | primefield_test::(); 29 | } 30 | 31 | #[test] 32 | #[cfg(feature = "extension_fields")] 33 | fn test_fq2() { 34 | let mut rng = test_rng(); 35 | let a: Fq2 = rng.gen(); 36 | let b: Fq2 = rng.gen(); 37 | field_test(a, b); 38 | sqrt_field_test(a); 39 | frobenius_test::(Fq::characteristic(), 13); 40 | } 41 | 42 | #[test] 43 | #[cfg(feature = "extension_fields")] 44 | fn test_fq4() { 45 | let mut rng = test_rng(); 46 | let a: Fq4 = rng.gen(); 47 | let b: Fq4 = rng.gen(); 48 | field_test(a, b); 49 | frobenius_test::(Fq::characteristic(), 13); 50 | } 51 | -------------------------------------------------------------------------------- /algebra/src/mnt4_298/mod.rs: -------------------------------------------------------------------------------- 1 | //! This module implements the MNT4_298 curve generated by 2 | //! [[BCTV14]](https://eprint.iacr.org/2014/595). The name denotes that it is a 3 | //! Miyaji--Nakabayashi--Takano curve of embedding degree 4, defined over a 4 | //! 298-bit (prime) field. The main feature of this curve is that its scalar 5 | //! field and base field respectively equal the base field and scalar field of 6 | //! MNT6_298. 7 | //! 8 | //! 9 | //! Curve information: 10 | //! * Base field: q = 11 | //! 475922286169261325753349249653048451545124879242694725395555128576210262817955800483758081 12 | //! * Scalar field: r = 13 | //! 475922286169261325753349249653048451545124878552823515553267735739164647307408490559963137 14 | //! * valuation(q - 1, 2) = 17 15 | //! * valuation(r - 1, 2) = 34 16 | //! * G1 curve equation: y^2 = x^3 + ax + b, where 17 | //! * a = 2 18 | //! * b = 423894536526684178289416011533888240029318103673896002803341544124054745019340795360841685 19 | //! * G2 curve equation: y^2 = x^3 + Ax + B, where 20 | //! * A = Fq2 = (a * NON_RESIDUE, 0) 21 | //! * B = Fq2(0, b * NON_RESIDUE) 22 | //! * NON_RESIDUE = 17 is the quadratic non-residue used for constructing the 23 | //! extension field Fq2 24 | 25 | mod curves; 26 | mod fields; 27 | 28 | pub use curves::*; 29 | pub use fields::*; 30 | -------------------------------------------------------------------------------- /algebra/src/mnt4_753/curves/tests.rs: -------------------------------------------------------------------------------- 1 | #![allow(unused_imports)] 2 | use crate::mnt4_753::*; 3 | std_curve_tests!(MNT4_753, Fq4); 4 | -------------------------------------------------------------------------------- /algebra/src/mnt4_753/fields/fq.rs: -------------------------------------------------------------------------------- 1 | pub use crate::mnt6_753::{Fr as Fq, FrParameters as FqParameters}; 2 | -------------------------------------------------------------------------------- /algebra/src/mnt4_753/fields/fr.rs: -------------------------------------------------------------------------------- 1 | pub use crate::mnt6_753::{Fq as Fr, FqParameters as FrParameters}; 2 | -------------------------------------------------------------------------------- /algebra/src/mnt4_753/fields/mod.rs: -------------------------------------------------------------------------------- 1 | pub mod fr; 2 | pub use self::fr::*; 3 | 4 | pub mod fq; 5 | pub use self::fq::*; 6 | 7 | pub mod fq2; 8 | pub use self::fq2::*; 9 | 10 | pub mod fq4; 11 | pub use self::fq4::*; 12 | 13 | #[cfg(all(feature = "mnt4_753", test))] 14 | #[cfg(test)] 15 | mod tests; 16 | -------------------------------------------------------------------------------- /algebra/src/mnt4_753/fields/tests.rs: -------------------------------------------------------------------------------- 1 | #![allow(unused_imports)] 2 | use algebra_core::{test_rng, Field}; 3 | use rand::Rng; 4 | 5 | use crate::mnt4_753::*; 6 | 7 | use crate::tests::fields::{field_test, frobenius_test, primefield_test, sqrt_field_test}; 8 | 9 | #[test] 10 | #[cfg(feature = "prime_fields")] 11 | fn test_fr() { 12 | let mut rng = test_rng(); 13 | let a: Fr = rng.gen(); 14 | let b: Fr = rng.gen(); 15 | field_test(a, b); 16 | sqrt_field_test(a); 17 | primefield_test::(); 18 | } 19 | 20 | #[test] 21 | #[cfg(feature = "prime_fields")] 22 | fn test_fq() { 23 | let mut rng = test_rng(); 24 | let a: Fq = rng.gen(); 25 | let b: Fq = rng.gen(); 26 | field_test(a, b); 27 | sqrt_field_test(a); 28 | primefield_test::(); 29 | } 30 | 31 | #[test] 32 | #[cfg(feature = "extension_fields")] 33 | fn test_fq2() { 34 | let mut rng = test_rng(); 35 | let a: Fq2 = rng.gen(); 36 | let b: Fq2 = rng.gen(); 37 | field_test(a, b); 38 | sqrt_field_test(a); 39 | frobenius_test::(Fq::characteristic(), 13); 40 | } 41 | 42 | #[test] 43 | #[cfg(feature = "extension_fields")] 44 | fn test_fq4() { 45 | let mut rng = test_rng(); 46 | let a: Fq4 = rng.gen(); 47 | let b: Fq4 = rng.gen(); 48 | field_test(a, b); 49 | frobenius_test::(Fq::characteristic(), 13); 50 | } 51 | -------------------------------------------------------------------------------- /algebra/src/mnt4_753/mod.rs: -------------------------------------------------------------------------------- 1 | //! This module implements the MNT4_753 curve generated in 2 | //! [[BCTV14]](https://eprint.iacr.org/2014/595). The name denotes that it is a 3 | //! Miyaji--Nakabayashi--Takano curve of embedding degree 4, defined over a 4 | //! 753-bit (prime) field. The main feature of this curve is that its scalar 5 | //! field and base field respectively equal the base field and scalar field of 6 | //! MNT6_753. 7 | //! 8 | //! Curve information: 9 | //! * Base field: q = 0x01C4C62D92C41110229022EEE2CDADB7F997505B8FAFED5EB7E8F96C97D87307FDB925E8A0ED8D99D124D9A15AF79DB117E776F218059DB80F0DA5CB537E38685ACCE9767254A4638810719AC425F0E39D54522CDD119F5E9063DE245E8001 10 | //! * Scalar field: r = 0x01C4C62D92C41110229022EEE2CDADB7F997505B8FAFED5EB7E8F96C97D87307FDB925E8A0ED8D99D124D9A15AF79DB26C5C28C859A99B3EEBCA9429212636B9DFF97634993AA4D6C381BC3F0057974EA099170FA13A4FD90776E240000001 11 | //! * valuation(q - 1, 2) = 15 12 | //! * valuation(r - 1, 2) = 30 13 | //! * G1 curve equation: y^2 = x^3 + ax + b, where 14 | //! * a = 2 15 | //! * b = 0x01373684A8C9DCAE7A016AC5D7748D3313CD8E39051C596560835DF0C9E50A5B59B882A92C78DC537E51A16703EC9855C77FC3D8BB21C8D68BB8CFB9DB4B8C8FBA773111C36C8B1B4E8F1ECE940EF9EAAD265458E06372009C9A0491678EF4 16 | //! * G2 curve equation: y^2 = x^3 + Ax + B, where 17 | //! * A = Fq2 = (a * NON_RESIDUE, 0) 18 | //! * B = Fq2(0, b * NON_RESIDUE) 19 | //! * NON_RESIDUE = 13 is the quadratic non-residue used to construct the 20 | //! extension field Fq2 21 | 22 | mod curves; 23 | mod fields; 24 | 25 | pub use curves::*; 26 | pub use fields::*; 27 | -------------------------------------------------------------------------------- /algebra/src/mnt6_298/curves/mod.rs: -------------------------------------------------------------------------------- 1 | use algebra_core::{ 2 | biginteger::BigInteger320, 3 | curves::models::mnt6::{MNT6Parameters, MNT6}, 4 | field_new, 5 | fields::FpParameters, 6 | Fp3, 7 | }; 8 | 9 | use crate::mnt6_298::{Fq, Fq3, Fq3Parameters, Fq6Parameters, FqParameters, Fr}; 10 | 11 | pub mod g1; 12 | pub mod g2; 13 | 14 | #[cfg(test)] 15 | mod tests; 16 | 17 | pub use self::{ 18 | g1::{G1Affine, G1Prepared, G1Projective}, 19 | g2::{G2Affine, G2Prepared, G2Projective}, 20 | }; 21 | 22 | pub type MNT6_298 = MNT6; 23 | 24 | pub struct Parameters; 25 | 26 | impl MNT6Parameters for Parameters { 27 | const TWIST: Fp3 = field_new!(Fq3, FQ_ZERO, FQ_ONE, FQ_ZERO); 28 | #[rustfmt::skip] 29 | const TWIST_COEFF_A: Fp3 = field_new!(Fq3, 30 | FQ_ZERO, 31 | FQ_ZERO, 32 | field_new!(Fq, BigInteger320([ 33 | 0xb9b2411bfd0eafef, 34 | 0xc61a10fadd9fecbd, 35 | 0x89f128e59811f3fb, 36 | 0x980c0f780adadabb, 37 | 0x9ba1f11320, 38 | ])), 39 | ); 40 | const ATE_LOOP_COUNT: &'static [u64] = &[0xdc9a1b671660000, 0x46609756bec2a33f, 0x1eef55]; 41 | const ATE_IS_LOOP_COUNT_NEG: bool = true; 42 | const FINAL_EXPONENT_LAST_CHUNK_1: BigInteger320 = BigInteger320([0x1, 0x0, 0x0, 0x0, 0x0]); 43 | const FINAL_EXPONENT_LAST_CHUNK_W0_IS_NEG: bool = true; 44 | const FINAL_EXPONENT_LAST_CHUNK_ABS_OF_W0: BigInteger320 = 45 | BigInteger320([0xdc9a1b671660000, 0x46609756bec2a33f, 0x1eef55, 0x0, 0x0]); 46 | type Fp = Fq; 47 | type Fr = Fr; 48 | type Fp3Params = Fq3Parameters; 49 | type Fp6Params = Fq6Parameters; 50 | type G1Parameters = self::g1::Parameters; 51 | type G2Parameters = self::g2::Parameters; 52 | } 53 | 54 | pub const FQ_ZERO: Fq = field_new!(Fq, BigInteger320([0, 0, 0, 0, 0])); 55 | pub const FQ_ONE: Fq = field_new!(Fq, FqParameters::R); 56 | -------------------------------------------------------------------------------- /algebra/src/mnt6_298/curves/tests.rs: -------------------------------------------------------------------------------- 1 | #![allow(unused_imports)] 2 | use crate::mnt6_298::*; 3 | std_curve_tests!(MNT6_298, Fq6); 4 | -------------------------------------------------------------------------------- /algebra/src/mnt6_298/fields/fq6.rs: -------------------------------------------------------------------------------- 1 | use crate::mnt6_298::{Fq, Fq3, Fq3Parameters, FQ_ONE, FQ_ZERO}; 2 | use algebra_core::{ 3 | biginteger::BigInteger320 as BigInteger, 4 | field_new, 5 | fields::fp6_2over3::{Fp6, Fp6Parameters}, 6 | }; 7 | 8 | pub type Fq6 = Fp6; 9 | 10 | pub struct Fq6Parameters; 11 | 12 | impl Fp6Parameters for Fq6Parameters { 13 | type Fp3Params = Fq3Parameters; 14 | 15 | #[rustfmt::skip] 16 | const NONRESIDUE: Fq3 = field_new!(Fq3, FQ_ZERO, FQ_ONE, FQ_ZERO); 17 | 18 | #[rustfmt::skip] 19 | const FROBENIUS_COEFF_FP6_C1: &'static [Fq] = &[ 20 | field_new!(Fq, BigInteger([ 21 | 0xc3177aefffbb845c, 22 | 0x9b80c702f9961788, 23 | 0xc5df8dcdac70a85a, 24 | 0x29184098647b5197, 25 | 0x1c1223d33c3, 26 | ])), 27 | field_new!(Fq, BigInteger([ 28 | 0xdf2f366476c3dfc6, 29 | 0xc1a2299f1c7e5543, 30 | 0xe79fefde1a054632, 31 | 0x32edfa196a9cb651, 32 | 0x245cfad65ca, 33 | ])), 34 | field_new!(Fq, BigInteger([ 35 | 0x1c17bb7477085b6a, 36 | 0x2621629c22e83dbb, 37 | 0x21c062106d949dd8, 38 | 0x9d5b981062164ba, 39 | 0x84ad703207, 40 | ])), 41 | field_new!(Fq, BigInteger([ 42 | 0xf82bb9b400447ba5, 43 | 0x5fc8850498c7534a, 44 | 0x50f3b95b083993a, 45 | 0x794de405433502f7, 46 | 0x1fbd57fa0b0, 47 | ])), 48 | field_new!(Fq, BigInteger([ 49 | 0xdc13fe3f893c203b, 50 | 0x39a7226875df158f, 51 | 0xe34ed98542eefb62, 52 | 0x6f782a843d139e3c, 53 | 0x177280f6ea9, 54 | ])), 55 | field_new!(Fq, BigInteger([ 56 | 0x9f2b792f88f7a497, 57 | 0xd527e96b6f752d18, 58 | 0xa92e6752ef5fa3bc, 59 | 0x98906b1ca18eefd4, 60 | 0x3384a4ca26c, 61 | ])), 62 | ]; 63 | } 64 | -------------------------------------------------------------------------------- /algebra/src/mnt6_298/fields/mod.rs: -------------------------------------------------------------------------------- 1 | #[cfg(any(feature = "mnt6_298", feature = "mnt4_298", feature = "ed_on_mnt4_298"))] 2 | pub mod fr; 3 | #[cfg(any(feature = "mnt6_298", feature = "mnt4_298", feature = "ed_on_mnt4_298"))] 4 | pub use self::fr::*; 5 | 6 | #[cfg(any(feature = "mnt6_298", feature = "mnt4_298", feature = "ed_on_mnt4_298"))] 7 | pub mod fq; 8 | #[cfg(any(feature = "mnt6_298", feature = "mnt4_298", feature = "ed_on_mnt4_298"))] 9 | pub use self::fq::*; 10 | 11 | #[cfg(feature = "mnt6_298")] 12 | pub mod fq3; 13 | #[cfg(feature = "mnt6_298")] 14 | pub use self::fq3::*; 15 | 16 | #[cfg(feature = "mnt6_298")] 17 | pub mod fq6; 18 | #[cfg(feature = "mnt6_298")] 19 | pub use self::fq6::*; 20 | 21 | #[cfg(all(feature = "mnt6_298", test))] 22 | #[cfg(test)] 23 | mod tests; 24 | -------------------------------------------------------------------------------- /algebra/src/mnt6_298/fields/tests.rs: -------------------------------------------------------------------------------- 1 | #![allow(unused_imports)] 2 | use algebra_core::{ 3 | fields::{models::fp6_2over3::*, quadratic_extension::QuadExtParameters}, 4 | test_rng, Field, 5 | }; 6 | use rand::Rng; 7 | 8 | use crate::mnt6_298::*; 9 | 10 | use crate::tests::fields::{field_test, frobenius_test, primefield_test, sqrt_field_test}; 11 | 12 | #[test] 13 | #[cfg(feature = "prime_fields")] 14 | fn test_fr() { 15 | let mut rng = test_rng(); 16 | let a: Fr = rng.gen(); 17 | let b: Fr = rng.gen(); 18 | field_test(a, b); 19 | sqrt_field_test(a); 20 | primefield_test::(); 21 | } 22 | 23 | #[test] 24 | #[cfg(feature = "prime_fields")] 25 | fn test_fq() { 26 | let mut rng = test_rng(); 27 | let a: Fq = rng.gen(); 28 | let b: Fq = rng.gen(); 29 | field_test(a, b); 30 | sqrt_field_test(a); 31 | primefield_test::(); 32 | } 33 | 34 | #[test] 35 | #[cfg(feature = "extension_fields")] 36 | fn test_fq3() { 37 | let mut rng = test_rng(); 38 | let a: Fq3 = rng.gen(); 39 | let b: Fq3 = rng.gen(); 40 | field_test(a, b); 41 | sqrt_field_test(a); 42 | frobenius_test::(Fq::characteristic(), 13); 43 | assert_eq!( 44 | a * Fq6Parameters::NONRESIDUE, 45 | >::mul_base_field_by_nonresidue(&a) 46 | ); 47 | } 48 | 49 | #[test] 50 | #[cfg(feature = "extension_fields")] 51 | fn test_fq6() { 52 | let mut rng = test_rng(); 53 | let a: Fq6 = rng.gen(); 54 | let b: Fq6 = rng.gen(); 55 | field_test(a, b); 56 | frobenius_test::(Fq::characteristic(), 13); 57 | } 58 | -------------------------------------------------------------------------------- /algebra/src/mnt6_298/mod.rs: -------------------------------------------------------------------------------- 1 | //! This module implements the MNT6_298 curve generated in 2 | //! [[BCTV14]](https://eprint.iacr.org/2014/595). The name denotes that it is a 3 | //! Miyaji--Nakabayashi--Takano curve of embedding degree 6, defined over a 4 | //! 298-bit (prime) field. The main feature of this curve is that its scalar 5 | //! field and base field respectively equal the base field and scalar field of 6 | //! MNT4_298. 7 | //! 8 | //! 9 | //! Curve information: 10 | //! * Scalar field: q = 11 | //! 475922286169261325753349249653048451545124878552823515553267735739164647307408490559963137 12 | //! * Base field: r = 13 | //! 475922286169261325753349249653048451545124879242694725395555128576210262817955800483758081 14 | //! * valuation(q - 1, 2) = 34 15 | //! * valuation(r - 1, 2) = 17 16 | //! * G1 curve equation: y^2 = x^3 + ax + b, where 17 | //! * a = 11 18 | //! * b = 106700080510851735677967319632585352256454251201367587890185989362936000262606668469523074 19 | //! * G2 curve equation: y^2 = x^3 + Ax + B, where 20 | //! * A = Fq2 = (0, 0, a) 21 | //! * B = Fq2(b * NON_RESIDUE, 0, 0) 22 | //! * NON_RESIDUE = 5 is the cubic non-residue used to construct the field 23 | //! extension Fq3 24 | 25 | #[cfg(feature = "mnt6_298")] 26 | mod curves; 27 | #[cfg(any(feature = "mnt6_298", feature = "mnt4_298", feature = "ed_on_mnt4_298"))] 28 | mod fields; 29 | 30 | #[cfg(feature = "mnt6_298")] 31 | pub use curves::*; 32 | #[cfg(any(feature = "mnt6_298", feature = "mnt4_298", feature = "ed_on_mnt4_298"))] 33 | pub use fields::*; 34 | -------------------------------------------------------------------------------- /algebra/src/mnt6_753/curves/tests.rs: -------------------------------------------------------------------------------- 1 | #![allow(unused_imports)] 2 | use crate::mnt6_753::*; 3 | std_curve_tests!(MNT6_753, Fq6); 4 | -------------------------------------------------------------------------------- /algebra/src/mnt6_753/fields/mod.rs: -------------------------------------------------------------------------------- 1 | #[cfg(any(feature = "mnt6_753", feature = "mnt4_753", feature = "ed_on_mnt4_753"))] 2 | pub mod fr; 3 | #[cfg(any(feature = "mnt6_753", feature = "mnt4_753", feature = "ed_on_mnt4_753"))] 4 | pub use self::fr::*; 5 | 6 | #[cfg(any(feature = "mnt6_753", feature = "mnt4_753", feature = "ed_on_mnt4_753"))] 7 | pub mod fq; 8 | #[cfg(any(feature = "mnt6_753", feature = "mnt4_753", feature = "ed_on_mnt4_753"))] 9 | pub use self::fq::*; 10 | 11 | #[cfg(feature = "mnt6_753")] 12 | pub mod fq3; 13 | #[cfg(feature = "mnt6_753")] 14 | pub use self::fq3::*; 15 | 16 | #[cfg(feature = "mnt6_753")] 17 | pub mod fq6; 18 | #[cfg(feature = "mnt6_753")] 19 | pub use self::fq6::*; 20 | 21 | #[cfg(all(feature = "mnt6_753", test))] 22 | #[cfg(test)] 23 | mod tests; 24 | -------------------------------------------------------------------------------- /algebra/src/mnt6_753/fields/tests.rs: -------------------------------------------------------------------------------- 1 | #![allow(unused_imports)] 2 | use algebra_core::{ 3 | fields::{models::fp6_2over3::*, quadratic_extension::QuadExtParameters}, 4 | test_rng, Field, 5 | }; 6 | use rand::Rng; 7 | 8 | use crate::mnt6_753::*; 9 | 10 | use crate::tests::fields::{field_test, frobenius_test, primefield_test, sqrt_field_test}; 11 | 12 | #[test] 13 | #[cfg(feature = "prime_fields")] 14 | fn test_fr() { 15 | let mut rng = test_rng(); 16 | let a: Fr = rng.gen(); 17 | let b: Fr = rng.gen(); 18 | field_test(a, b); 19 | sqrt_field_test(a); 20 | primefield_test::(); 21 | } 22 | 23 | #[test] 24 | #[cfg(feature = "prime_fields")] 25 | fn test_fq() { 26 | let mut rng = test_rng(); 27 | let a: Fq = rng.gen(); 28 | let b: Fq = rng.gen(); 29 | field_test(a, b); 30 | sqrt_field_test(a); 31 | primefield_test::(); 32 | } 33 | 34 | #[test] 35 | #[cfg(feature = "extension_fields")] 36 | fn test_fq3() { 37 | let mut rng = test_rng(); 38 | let a: Fq3 = rng.gen(); 39 | let b: Fq3 = rng.gen(); 40 | field_test(a, b); 41 | sqrt_field_test(a); 42 | frobenius_test::(Fq::characteristic(), 13); 43 | assert_eq!( 44 | a * Fq6Parameters::NONRESIDUE, 45 | >::mul_base_field_by_nonresidue(&a) 46 | ); 47 | } 48 | 49 | #[test] 50 | #[cfg(feature = "extension_fields")] 51 | fn test_fq6() { 52 | let mut rng = test_rng(); 53 | let a: Fq6 = rng.gen(); 54 | let b: Fq6 = rng.gen(); 55 | field_test(a, b); 56 | frobenius_test::(Fq::characteristic(), 13); 57 | } 58 | -------------------------------------------------------------------------------- /algebra/src/mnt6_753/mod.rs: -------------------------------------------------------------------------------- 1 | //! This module implements the MNT6_753 curve generated in 2 | //! [[BCTV14]](https://eprint.iacr.org/2014/595). The name denotes that it is a 3 | //! Miyaji--Nakabayashi--Takano curve of embedding degree 6, defined over a 4 | //! 753-bit (prime) field. The main feature of this curve is that its scalar 5 | //! field and base field respectively equal the base field and scalar field of 6 | //! MNT4_753. 7 | //! 8 | //! Curve information: 9 | //! * Base field: q = 0x01C4C62D92C41110229022EEE2CDADB7F997505B8FAFED5EB7E8F96C97D87307FDB925E8A0ED8D99D124D9A15AF79DB26C5C28C859A99B3EEBCA9429212636B9DFF97634993AA4D6C381BC3F0057974EA099170FA13A4FD90776E240000001 10 | //! * Scalar field: r = 0x01C4C62D92C41110229022EEE2CDADB7F997505B8FAFED5EB7E8F96C97D87307FDB925E8A0ED8D99D124D9A15AF79DB117E776F218059DB80F0DA5CB537E38685ACCE9767254A4638810719AC425F0E39D54522CDD119F5E9063DE245E8001 11 | //! * valuation(q - 1, 2) = 30 12 | //! * valuation(r - 1, 2) = 15 13 | //! * G1 curve equation: y^2 = x^3 + ax + b, where 14 | //! * a = 11 15 | //! * b = 0x7DA285E70863C79D56446237CE2E1468D14AE9BB64B2BB01B10E60A5D5DFE0A25714B7985993F62F03B22A9A3C737A1A1E0FCF2C43D7BF847957C34CCA1E3585F9A80A95F401867C4E80F4747FDE5ABA7505BA6FCF2485540B13DFC8468A 16 | //! * G2 curve equation: y^2 = x^3 + Ax + B, where 17 | //! * A = Fq3(0, 0, a) 18 | //! * B = Fq3(b * NON_RESIDUE, 0, 0) 19 | //! * NON_RESIDUE = 11 is the cubic non-residue used to construct the 20 | //! extension field Fq3 21 | 22 | #[cfg(feature = "mnt6_753")] 23 | mod curves; 24 | #[cfg(any(feature = "mnt6_753", feature = "mnt4_753", feature = "ed_on_mnt4_753"))] 25 | mod fields; 26 | 27 | #[cfg(feature = "mnt6_753")] 28 | pub use curves::*; 29 | #[cfg(any(feature = "mnt6_753", feature = "mnt4_753", feature = "ed_on_mnt4_753"))] 30 | pub use fields::*; 31 | -------------------------------------------------------------------------------- /algebra/src/tests/helpers.rs: -------------------------------------------------------------------------------- 1 | use crate::cfg_chunks_mut_random_gen; 2 | use algebra_core::{ 3 | AffineCurve, BatchGroupArithmeticSlice, BigInteger64, ProjectiveCurve, UniformRand, 4 | }; 5 | use rand::{distributions::Uniform, prelude::Distribution, Rng}; 6 | 7 | #[cfg(feature = "parallel_random_gen")] 8 | use rayon::prelude::*; 9 | 10 | pub fn create_pseudo_uniform_random_elems( 11 | rng: &mut R, 12 | max_logn: usize, 13 | ) -> Vec { 14 | const AFFINE_BATCH_SIZE: usize = 4096; 15 | println!("Starting"); 16 | let now = std::time::Instant::now(); 17 | // Generate pseudorandom group elements 18 | let step = Uniform::new(0, 1 << (max_logn + 5)); 19 | let elem = C::Projective::rand(rng).into_affine(); 20 | let mut random_elems = vec![elem; 1 << max_logn]; 21 | let mut scalars: Vec = (0..1 << max_logn) 22 | .map(|_| BigInteger64::from(step.sample(rng))) 23 | .collect(); 24 | cfg_chunks_mut_random_gen!(random_elems, AFFINE_BATCH_SIZE) 25 | .zip(cfg_chunks_mut_random_gen!(scalars, AFFINE_BATCH_SIZE)) 26 | .for_each(|(e, s)| { 27 | e[..].batch_scalar_mul_in_place::(&mut s[..], 1); 28 | }); 29 | 30 | println!("Initial generation: {:?}", now.elapsed().as_micros()); 31 | random_elems 32 | } 33 | -------------------------------------------------------------------------------- /algebra/src/tests/mod.rs: -------------------------------------------------------------------------------- 1 | pub(crate) mod cuda; 2 | pub(crate) mod curves; 3 | pub(crate) mod fields; 4 | pub(crate) mod groups; 5 | pub(crate) mod helpers; 6 | pub(crate) mod msm; 7 | #[macro_use] 8 | pub(crate) mod macros; 9 | -------------------------------------------------------------------------------- /algebra/src/tests/msm.rs: -------------------------------------------------------------------------------- 1 | use algebra_core::{ 2 | msm::VariableBaseMSM, AffineCurve, PrimeField, ProjectiveCurve, UniformRand, Zero, 3 | }; 4 | use rand::SeedableRng; 5 | use rand_xorshift::XorShiftRng; 6 | 7 | use crate::tests::helpers::create_pseudo_uniform_random_elems; 8 | 9 | fn _naive_var_base_msm( 10 | bases: &[G], 11 | scalars: &[::BigInt], 12 | ) -> G::Projective { 13 | let mut acc = G::Projective::zero(); 14 | 15 | for (base, scalar) in bases.iter().zip(scalars.iter()) { 16 | acc += &base.mul(*scalar); 17 | } 18 | acc 19 | } 20 | 21 | #[allow(unused)] 22 | pub fn test_msm() { 23 | #[cfg(not(feature = "big_n"))] 24 | const MAX_LOGN: usize = 14; 25 | #[cfg(feature = "big_n")] 26 | const MAX_LOGN: usize = 21; 27 | 28 | const SAMPLES: usize = 1 << MAX_LOGN; 29 | 30 | let _lol = G::Projective::zero(); 31 | let mut rng = XorShiftRng::seed_from_u64(234872845u64); 32 | 33 | let v = (0..SAMPLES) 34 | .map(|_| G::ScalarField::rand(&mut rng).into_repr()) 35 | .collect::>(); 36 | let g = create_pseudo_uniform_random_elems::(&mut rng, MAX_LOGN); 37 | 38 | // let naive = naive_var_base_msm(g.as_slice(), v.as_slice()); 39 | 40 | let now = std::time::Instant::now(); 41 | let even_faster = VariableBaseMSM::multi_scalar_mul_batched( 42 | g.as_slice(), 43 | v.as_slice(), 44 | ::size_in_bits(), 45 | ); 46 | println!( 47 | "new MSM for {} elems: {:?}", 48 | SAMPLES, 49 | now.elapsed().as_micros() 50 | ); 51 | 52 | let now = std::time::Instant::now(); 53 | let fast = VariableBaseMSM::multi_scalar_mul(g.as_slice(), v.as_slice()); 54 | println!( 55 | "old MSM for {} elems: {:?}", 56 | SAMPLES, 57 | now.elapsed().as_micros() 58 | ); 59 | 60 | assert_eq!(even_faster.into_affine(), fast.into_affine()); 61 | } 62 | -------------------------------------------------------------------------------- /bench-utils/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "bench-utils" 3 | version = "0.1.1-alpha.0" 4 | authors = [ 5 | "Sean Bowe", 6 | "Alessandro Chiesa", 7 | "Matthew Green", 8 | "Ian Miers", 9 | "Pratyush Mishra", 10 | "Howard Wu" 11 | ] 12 | description = "A helper library for profiling performance in ZEXE" 13 | homepage = "https://libzexe.org" 14 | repository = "https://github.com/scipr/zexe" 15 | documentation = "https://docs.rs/bench-utils/" 16 | keywords = ["profiling"] 17 | categories = ["development-tools::profiling"] 18 | include = ["Cargo.toml", "src", "README.md", "LICENSE-APACHE", "LICENSE-MIT"] 19 | license = "MIT/Apache-2.0" 20 | edition = "2018" 21 | 22 | ################################# Dependencies ################################ 23 | 24 | [dependencies] 25 | colored = { version = "1", optional = true } 26 | 27 | [features] 28 | print-trace = [ "colored" ] 29 | -------------------------------------------------------------------------------- /bench-utils/LICENSE-APACHE: -------------------------------------------------------------------------------- 1 | ../LICENSE-APACHE -------------------------------------------------------------------------------- /bench-utils/LICENSE-MIT: -------------------------------------------------------------------------------- 1 | ../LICENSE-MIT -------------------------------------------------------------------------------- /cp-benches/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "cp-benches" 3 | version = "0.1.1-alpha.0" 4 | authors = [ 5 | "Sean Bowe", 6 | "Alessandro Chiesa", 7 | "Matthew Green", 8 | "Ian Miers", 9 | "Pratyush Mishra", 10 | "Howard Wu" 11 | ] 12 | description = "A library of cryptographic primitives that are used by Zexe" 13 | homepage = "https://libzexe.org" 14 | repository = "https://github.com/scipr/zexe" 15 | documentation = "https://docs.rs/crypto-primitives/" 16 | keywords = ["r1cs", "groth16", "gm17", "pedersen", "blake2s"] 17 | categories = ["cryptography"] 18 | include = ["Cargo.toml", "src", "README.md", "LICENSE-APACHE", "LICENSE-MIT"] 19 | license = "MIT/Apache-2.0" 20 | edition = "2018" 21 | 22 | ################################# Dependencies ################################ 23 | 24 | [dev-dependencies] 25 | algebra = { path = "../algebra", default-features = false, features = [ "ed_on_bls12_377" ] } 26 | blake2 = { version = "0.8", default-features = false } 27 | criterion = "0.3.1" 28 | crypto-primitives = { path = "../crypto-primitives" } 29 | rand = { version = "0.7" } 30 | rand_xorshift = { version = "0.2" } 31 | 32 | ################################# Benchmarks ################################## 33 | 34 | [[bench]] 35 | name = "pedersen_crh" 36 | path = "benches/crypto_primitives/crh.rs" 37 | harness = false 38 | 39 | [[bench]] 40 | name = "pedersen_comm" 41 | path = "benches/crypto_primitives/comm.rs" 42 | harness = false 43 | 44 | [[bench]] 45 | name = "blake2s_prf" 46 | path = "benches/crypto_primitives/prf.rs" 47 | harness = false 48 | 49 | [[bench]] 50 | name = "schnorr_sig" 51 | path = "benches/crypto_primitives/signature.rs" 52 | harness = false -------------------------------------------------------------------------------- /cp-benches/benches/crypto_primitives/comm.rs: -------------------------------------------------------------------------------- 1 | use rand; 2 | 3 | #[macro_use] 4 | extern crate criterion; 5 | 6 | use algebra::{ed_on_bls12_377::EdwardsProjective as Edwards, UniformRand}; 7 | use criterion::Criterion; 8 | use crypto_primitives::commitment::{pedersen::*, CommitmentScheme}; 9 | 10 | #[derive(Clone, PartialEq, Eq, Hash)] 11 | pub struct CommWindow; 12 | 13 | impl Window for CommWindow { 14 | const WINDOW_SIZE: usize = 250; 15 | const NUM_WINDOWS: usize = 8; 16 | } 17 | 18 | fn pedersen_comm_setup(c: &mut Criterion) { 19 | c.bench_function("Pedersen Commitment Setup", move |b| { 20 | b.iter(|| { 21 | let mut rng = &mut rand::thread_rng(); 22 | Commitment::::setup(&mut rng).unwrap() 23 | }) 24 | }); 25 | } 26 | 27 | fn pedersen_comm_eval(c: &mut Criterion) { 28 | let mut rng = &mut rand::thread_rng(); 29 | let parameters = Commitment::::setup(&mut rng).unwrap(); 30 | let input = vec![5u8; 128]; 31 | c.bench_function("Pedersen Commitment Eval", move |b| { 32 | b.iter(|| { 33 | let rng = &mut rand::thread_rng(); 34 | let commitment_randomness = Randomness::rand(rng); 35 | Commitment::::commit(¶meters, &input, &commitment_randomness) 36 | .unwrap() 37 | }) 38 | }); 39 | } 40 | 41 | criterion_group! { 42 | name = comm_setup; 43 | config = Criterion::default().sample_size(10); 44 | targets = pedersen_comm_setup 45 | } 46 | 47 | criterion_group! { 48 | name = comm_eval; 49 | config = Criterion::default().sample_size(10); 50 | targets = pedersen_comm_eval 51 | } 52 | 53 | criterion_main!(comm_setup, comm_eval); 54 | -------------------------------------------------------------------------------- /cp-benches/benches/crypto_primitives/crh.rs: -------------------------------------------------------------------------------- 1 | use rand; 2 | 3 | #[macro_use] 4 | extern crate criterion; 5 | 6 | use algebra::ed_on_bls12_377::EdwardsProjective as Edwards; 7 | use criterion::Criterion; 8 | use crypto_primitives::crh::{pedersen::*, FixedLengthCRH}; 9 | 10 | #[derive(Clone, PartialEq, Eq, Hash)] 11 | pub struct HashWindow; 12 | 13 | impl Window for HashWindow { 14 | const WINDOW_SIZE: usize = 250; 15 | const NUM_WINDOWS: usize = 8; 16 | } 17 | 18 | fn pedersen_crh_setup(c: &mut Criterion) { 19 | c.bench_function("Pedersen CRH Setup", move |b| { 20 | b.iter(|| { 21 | let mut rng = &mut rand::thread_rng(); 22 | CRH::::setup(&mut rng).unwrap() 23 | }) 24 | }); 25 | } 26 | 27 | fn pedersen_crh_eval(c: &mut Criterion) { 28 | let mut rng = &mut rand::thread_rng(); 29 | let parameters = CRH::::setup(&mut rng).unwrap(); 30 | let input = vec![5u8; 128]; 31 | c.bench_function("Pedersen CRH Eval", move |b| { 32 | b.iter(|| CRH::::evaluate(¶meters, &input).unwrap()) 33 | }); 34 | } 35 | 36 | criterion_group! { 37 | name = crh_setup; 38 | config = Criterion::default().sample_size(10); 39 | targets = pedersen_crh_setup 40 | } 41 | 42 | criterion_group! { 43 | name = crh_eval; 44 | config = Criterion::default().sample_size(10); 45 | targets = pedersen_crh_eval 46 | } 47 | 48 | criterion_main!(crh_setup, crh_eval); 49 | -------------------------------------------------------------------------------- /cp-benches/benches/crypto_primitives/prf.rs: -------------------------------------------------------------------------------- 1 | use rand; 2 | 3 | #[macro_use] 4 | extern crate criterion; 5 | 6 | use criterion::Criterion; 7 | use crypto_primitives::prf::*; 8 | use rand::Rng; 9 | 10 | fn blake2s_prf_eval(c: &mut Criterion) { 11 | let rng = &mut rand::thread_rng(); 12 | let input: [u8; 32] = rng.gen(); 13 | let seed: [u8; 32] = rng.gen(); 14 | c.bench_function("Blake2s PRF Eval", move |b| { 15 | b.iter(|| Blake2s::evaluate(&seed, &input).unwrap()) 16 | }); 17 | } 18 | 19 | criterion_group! { 20 | name = prf_eval; 21 | config = Criterion::default().sample_size(50); 22 | targets = blake2s_prf_eval 23 | } 24 | 25 | criterion_main!(prf_eval); 26 | -------------------------------------------------------------------------------- /crypto-primitives/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "crypto-primitives" 3 | version = "0.1.1-alpha.0" 4 | authors = [ 5 | "Sean Bowe", 6 | "Alessandro Chiesa", 7 | "Matthew Green", 8 | "Ian Miers", 9 | "Pratyush Mishra", 10 | "Howard Wu" 11 | ] 12 | description = "A library of cryptographic primitives that are used by Zexe" 13 | homepage = "https://libzexe.org" 14 | repository = "https://github.com/scipr/zexe" 15 | documentation = "https://docs.rs/crypto-primitives/" 16 | keywords = ["r1cs", "groth16", "gm17", "pedersen", "blake2s"] 17 | categories = ["cryptography"] 18 | include = ["Cargo.toml", "src", "README.md", "LICENSE-APACHE", "LICENSE-MIT"] 19 | license = "MIT/Apache-2.0" 20 | edition = "2018" 21 | 22 | ################################# Dependencies ################################ 23 | 24 | [dependencies] 25 | algebra-core = { path = "../algebra-core", default-features = false } 26 | bench-utils = { path = "../bench-utils" } 27 | 28 | blake2 = { version = "0.8", default-features = false } 29 | digest = "0.8" 30 | 31 | ff-fft = { path = "../ff-fft", default-features = false } 32 | gm17 = { path = "../gm17", optional = true, default-features = false } 33 | groth16 = { path = "../groth16", optional = true, default-features = false } 34 | 35 | r1cs-core = { path = "../r1cs-core", optional = true, default-features = false } 36 | r1cs-std = { path = "../r1cs-std", optional = true, default-features = false } 37 | 38 | rand = { version = "0.7", default-features = false } 39 | rayon = { version = "1.0", optional = true } 40 | derivative = { version = "2.0", features = ["use_core"] } 41 | tracing = { version = "0.1", default-features = false, features = [ "attributes" ] } 42 | 43 | [features] 44 | default = ["std", "r1cs"] 45 | r1cs = ["r1cs-core", "r1cs-std"] 46 | std = [ "algebra-core/std", "r1cs-core/std", "r1cs-std/std"] 47 | parallel = ["std", "rayon", "gm17/parallel", "groth16/parallel", "ff-fft/parallel"] 48 | 49 | [dev-dependencies] 50 | algebra = { path = "../algebra", default-features = false, features = [ "ed_on_bls12_381", "bls12_377", "mnt4_298", "mnt6_298" ] } 51 | r1cs-std = { path = "../r1cs-std", default-features = false, features = [ "ed_on_bls12_381", "bls12_377", "mnt4_298", "mnt6_298" ] } 52 | rand_xorshift = { version = "0.2" } 53 | -------------------------------------------------------------------------------- /crypto-primitives/LICENSE-APACHE: -------------------------------------------------------------------------------- 1 | ../LICENSE-APACHE -------------------------------------------------------------------------------- /crypto-primitives/LICENSE-MIT: -------------------------------------------------------------------------------- 1 | ../LICENSE-MIT -------------------------------------------------------------------------------- /crypto-primitives/src/commitment/blake2s/mod.rs: -------------------------------------------------------------------------------- 1 | use super::CommitmentScheme; 2 | use crate::Error; 3 | use blake2::Blake2s as b2s; 4 | use digest::Digest; 5 | use rand::Rng; 6 | 7 | pub struct Commitment; 8 | 9 | #[cfg(feature = "r1cs")] 10 | pub mod constraints; 11 | 12 | impl CommitmentScheme for Commitment { 13 | type Parameters = (); 14 | type Randomness = [u8; 32]; 15 | type Output = [u8; 32]; 16 | 17 | fn setup(_: &mut R) -> Result { 18 | Ok(()) 19 | } 20 | 21 | fn commit( 22 | _: &Self::Parameters, 23 | input: &[u8], 24 | r: &Self::Randomness, 25 | ) -> Result { 26 | let mut h = b2s::new(); 27 | h.input(input); 28 | h.input(r.as_ref()); 29 | let mut result = [0u8; 32]; 30 | result.copy_from_slice(&h.result()); 31 | Ok(result) 32 | } 33 | } 34 | -------------------------------------------------------------------------------- /crypto-primitives/src/commitment/constraints.rs: -------------------------------------------------------------------------------- 1 | use crate::commitment::CommitmentScheme; 2 | use algebra_core::Field; 3 | use core::fmt::Debug; 4 | use r1cs_core::SynthesisError; 5 | use r1cs_std::prelude::*; 6 | 7 | pub trait CommitmentGadget { 8 | type OutputVar: EqGadget 9 | + ToBytesGadget 10 | + AllocVar 11 | + R1CSVar 12 | + Clone 13 | + Sized 14 | + Debug; 15 | type ParametersVar: AllocVar + Clone; 16 | type RandomnessVar: AllocVar + Clone; 17 | 18 | fn commit( 19 | parameters: &Self::ParametersVar, 20 | input: &[UInt8], 21 | r: &Self::RandomnessVar, 22 | ) -> Result; 23 | } 24 | -------------------------------------------------------------------------------- /crypto-primitives/src/commitment/injective_map/constraints.rs: -------------------------------------------------------------------------------- 1 | use crate::commitment::{ 2 | injective_map::{InjectiveMap, PedersenCommCompressor}, 3 | pedersen::{ 4 | constraints::{CommGadget, ParametersVar, RandomnessVar}, 5 | Window, 6 | }, 7 | }; 8 | 9 | pub use crate::crh::injective_map::constraints::InjectiveMapGadget; 10 | use algebra_core::{Field, PrimeField, ProjectiveCurve}; 11 | use r1cs_core::SynthesisError; 12 | use r1cs_std::{ 13 | groups::{CurveVar, GroupOpsBounds}, 14 | uint8::UInt8, 15 | }; 16 | 17 | use core::marker::PhantomData; 18 | 19 | type ConstraintF = <::BaseField as Field>::BasePrimeField; 20 | 21 | pub struct CommitmentCompressorGadget 22 | where 23 | C: ProjectiveCurve, 24 | I: InjectiveMap, 25 | W: Window, 26 | GG: CurveVar>, 27 | IG: InjectiveMapGadget, 28 | for<'a> &'a GG: GroupOpsBounds<'a, C, GG>, 29 | { 30 | _compressor: PhantomData, 31 | _compressor_gadget: PhantomData, 32 | _comm: PhantomData>, 33 | } 34 | 35 | impl 36 | crate::commitment::CommitmentGadget, ConstraintF> 37 | for CommitmentCompressorGadget 38 | where 39 | C: ProjectiveCurve, 40 | I: InjectiveMap, 41 | GG: CurveVar>, 42 | ConstraintF: PrimeField, 43 | IG: InjectiveMapGadget, 44 | W: Window, 45 | for<'a> &'a GG: GroupOpsBounds<'a, C, GG>, 46 | { 47 | type OutputVar = IG::OutputVar; 48 | type ParametersVar = ParametersVar; 49 | type RandomnessVar = RandomnessVar>; 50 | 51 | fn commit( 52 | parameters: &Self::ParametersVar, 53 | input: &[UInt8>], 54 | r: &Self::RandomnessVar, 55 | ) -> Result { 56 | let result = CommGadget::::commit(parameters, input, r)?; 57 | IG::evaluate(&result) 58 | } 59 | } 60 | -------------------------------------------------------------------------------- /crypto-primitives/src/commitment/injective_map/mod.rs: -------------------------------------------------------------------------------- 1 | use crate::Error; 2 | use core::marker::PhantomData; 3 | use rand::Rng; 4 | 5 | use super::{pedersen, CommitmentScheme}; 6 | pub use crate::crh::injective_map::InjectiveMap; 7 | use algebra_core::ProjectiveCurve; 8 | 9 | #[cfg(feature = "r1cs")] 10 | pub mod constraints; 11 | 12 | pub struct PedersenCommCompressor, W: pedersen::Window> { 13 | _group: PhantomData, 14 | _compressor: PhantomData, 15 | _comm: pedersen::Commitment, 16 | } 17 | 18 | impl, W: pedersen::Window> CommitmentScheme 19 | for PedersenCommCompressor 20 | { 21 | type Output = I::Output; 22 | type Parameters = pedersen::Parameters; 23 | type Randomness = pedersen::Randomness; 24 | 25 | fn setup(rng: &mut R) -> Result { 26 | let time = start_timer!(|| format!("PedersenCompressor::Setup")); 27 | let params = pedersen::Commitment::::setup(rng); 28 | end_timer!(time); 29 | params 30 | } 31 | 32 | fn commit( 33 | parameters: &Self::Parameters, 34 | input: &[u8], 35 | randomness: &Self::Randomness, 36 | ) -> Result { 37 | let eval_time = start_timer!(|| "PedersenCompressor::Eval"); 38 | let result = I::injective_map(&pedersen::Commitment::::commit( 39 | parameters, input, randomness, 40 | )?)?; 41 | end_timer!(eval_time); 42 | Ok(result) 43 | } 44 | } 45 | -------------------------------------------------------------------------------- /crypto-primitives/src/commitment/mod.rs: -------------------------------------------------------------------------------- 1 | use algebra_core::UniformRand; 2 | use core::{fmt::Debug, hash::Hash}; 3 | use rand::Rng; 4 | 5 | use algebra_core::bytes::ToBytes; 6 | 7 | pub mod blake2s; 8 | pub mod injective_map; 9 | pub mod pedersen; 10 | 11 | #[cfg(feature = "r1cs")] 12 | pub mod constraints; 13 | #[cfg(feature = "r1cs")] 14 | pub use constraints::*; 15 | 16 | use crate::Error; 17 | 18 | pub trait CommitmentScheme { 19 | type Output: ToBytes + Clone + Default + Eq + Hash + Debug; 20 | type Parameters: Clone; 21 | type Randomness: Clone + ToBytes + Default + Eq + UniformRand + Debug; 22 | 23 | fn setup(r: &mut R) -> Result; 24 | 25 | fn commit( 26 | parameters: &Self::Parameters, 27 | input: &[u8], 28 | r: &Self::Randomness, 29 | ) -> Result; 30 | } 31 | -------------------------------------------------------------------------------- /crypto-primitives/src/crh/constraints.rs: -------------------------------------------------------------------------------- 1 | use algebra_core::Field; 2 | use core::fmt::Debug; 3 | 4 | use crate::crh::FixedLengthCRH; 5 | use r1cs_core::SynthesisError; 6 | 7 | use r1cs_std::prelude::*; 8 | 9 | pub trait FixedLengthCRHGadget: Sized { 10 | type OutputVar: EqGadget 11 | + ToBytesGadget 12 | + CondSelectGadget 13 | + AllocVar 14 | + R1CSVar 15 | + Debug 16 | + Clone 17 | + Sized; 18 | 19 | type ParametersVar: AllocVar + Clone; 20 | 21 | fn evaluate( 22 | parameters: &Self::ParametersVar, 23 | input: &[UInt8], 24 | ) -> Result; 25 | } 26 | -------------------------------------------------------------------------------- /crypto-primitives/src/crh/injective_map/mod.rs: -------------------------------------------------------------------------------- 1 | use crate::{CryptoError, Error}; 2 | use algebra_core::bytes::ToBytes; 3 | use core::{fmt::Debug, hash::Hash, marker::PhantomData}; 4 | use rand::Rng; 5 | 6 | use super::{pedersen, FixedLengthCRH}; 7 | use algebra_core::curves::{ 8 | models::{ModelParameters, TEModelParameters}, 9 | twisted_edwards_extended::{GroupAffine as TEAffine, GroupProjective as TEProjective}, 10 | ProjectiveCurve, 11 | }; 12 | 13 | #[cfg(feature = "r1cs")] 14 | pub mod constraints; 15 | 16 | pub trait InjectiveMap { 17 | type Output: ToBytes + Clone + Eq + Hash + Default + Debug; 18 | 19 | fn injective_map(ge: &C::Affine) -> Result; 20 | } 21 | 22 | pub struct TECompressor; 23 | 24 | impl InjectiveMap> for TECompressor { 25 | type Output =

::BaseField; 26 | 27 | fn injective_map(ge: &TEAffine

) -> Result { 28 | debug_assert!(ge.is_in_correct_subgroup_assuming_on_curve()); 29 | Ok(ge.x) 30 | } 31 | } 32 | 33 | pub struct PedersenCRHCompressor, W: pedersen::Window> { 34 | _group: PhantomData, 35 | _compressor: PhantomData, 36 | _crh: pedersen::CRH, 37 | } 38 | 39 | impl, W: pedersen::Window> FixedLengthCRH 40 | for PedersenCRHCompressor 41 | { 42 | const INPUT_SIZE_BITS: usize = pedersen::CRH::::INPUT_SIZE_BITS; 43 | type Output = I::Output; 44 | type Parameters = pedersen::Parameters; 45 | 46 | fn setup(rng: &mut R) -> Result { 47 | let time = start_timer!(|| format!("PedersenCRHCompressor::Setup")); 48 | let params = pedersen::CRH::::setup(rng); 49 | end_timer!(time); 50 | params 51 | } 52 | 53 | fn evaluate(parameters: &Self::Parameters, input: &[u8]) -> Result { 54 | let eval_time = start_timer!(|| "PedersenCRHCompressor::Eval"); 55 | let result = I::injective_map(&pedersen::CRH::::evaluate(parameters, input)?)?; 56 | end_timer!(eval_time); 57 | Ok(result) 58 | } 59 | } 60 | -------------------------------------------------------------------------------- /crypto-primitives/src/crh/mod.rs: -------------------------------------------------------------------------------- 1 | use algebra_core::bytes::ToBytes; 2 | use core::hash::Hash; 3 | use rand::Rng; 4 | 5 | pub mod bowe_hopwood; 6 | pub mod injective_map; 7 | pub mod pedersen; 8 | 9 | use crate::Error; 10 | 11 | #[cfg(feature = "r1cs")] 12 | pub mod constraints; 13 | #[cfg(feature = "r1cs")] 14 | pub use constraints::*; 15 | 16 | pub trait FixedLengthCRH { 17 | const INPUT_SIZE_BITS: usize; 18 | 19 | type Output: ToBytes + Clone + Eq + core::fmt::Debug + Hash + Default; 20 | type Parameters: Clone + Default; 21 | 22 | fn setup(r: &mut R) -> Result; 23 | fn evaluate(parameters: &Self::Parameters, input: &[u8]) -> Result; 24 | } 25 | -------------------------------------------------------------------------------- /crypto-primitives/src/lib.rs: -------------------------------------------------------------------------------- 1 | #![cfg_attr(not(feature = "std"), no_std)] 2 | 3 | #[macro_use] 4 | extern crate bench_utils; 5 | 6 | #[macro_use] 7 | extern crate derivative; 8 | 9 | #[macro_use] 10 | extern crate alloc; 11 | 12 | #[cfg(not(feature = "std"))] 13 | pub(crate) use alloc::{borrow::ToOwned, boxed::Box, vec::Vec}; 14 | 15 | #[cfg(feature = "std")] 16 | pub(crate) use std::{borrow::ToOwned, boxed::Box, vec::Vec}; 17 | 18 | pub mod commitment; 19 | pub mod crh; 20 | pub mod merkle_tree; 21 | pub mod nizk; 22 | pub mod prf; 23 | pub mod signature; 24 | 25 | pub use self::{ 26 | commitment::CommitmentScheme, 27 | crh::FixedLengthCRH, 28 | merkle_tree::{MerkleTree, Path}, 29 | nizk::NIZK, 30 | prf::PRF, 31 | signature::SignatureScheme, 32 | }; 33 | 34 | #[cfg(feature = "r1cs")] 35 | #[cfg(feature = "r1cs")] 36 | pub use self::{ 37 | commitment::CommitmentGadget, crh::FixedLengthCRHGadget, merkle_tree::constraints::PathVar, 38 | nizk::NIZKVerifierGadget, prf::PRFGadget, signature::SigRandomizePkGadget, 39 | }; 40 | 41 | pub type Error = Box; 42 | 43 | #[derive(Debug)] 44 | pub enum CryptoError { 45 | IncorrectInputLength(usize), 46 | NotPrimeOrder, 47 | } 48 | 49 | impl core::fmt::Display for CryptoError { 50 | fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result { 51 | let msg = match self { 52 | CryptoError::IncorrectInputLength(len) => format!("input length is wrong: {}", len), 53 | CryptoError::NotPrimeOrder => "element is not prime order".to_owned(), 54 | }; 55 | write!(f, "{}", msg) 56 | } 57 | } 58 | 59 | impl algebra_core::Error for CryptoError {} 60 | -------------------------------------------------------------------------------- /crypto-primitives/src/nizk/constraints.rs: -------------------------------------------------------------------------------- 1 | use algebra_core::Field; 2 | use core::borrow::Borrow; 3 | use r1cs_core::{Namespace, SynthesisError}; 4 | use r1cs_std::prelude::*; 5 | 6 | use crate::nizk::NIZK; 7 | 8 | pub trait NIZKVerifierGadget { 9 | type PreparedVerificationKeyVar; 10 | type VerificationKeyVar: AllocVar 11 | + ToBytesGadget; 12 | type ProofVar: AllocVar; 13 | 14 | /// Optionally allocates `N::Proof` in `cs` without performing 15 | /// subgroup checks. 16 | /// 17 | /// The default implementation doesn't omit these checks. 18 | #[tracing::instrument(target = "r1cs", skip(cs, f))] 19 | fn new_proof_unchecked>( 20 | cs: impl Into>, 21 | f: impl FnOnce() -> Result, 22 | mode: AllocationMode, 23 | ) -> Result { 24 | Self::ProofVar::new_variable(cs, f, mode) 25 | } 26 | 27 | /// Optionally allocates `N::VerificationParameters` in `cs` 28 | /// without performing subgroup checks. 29 | /// 30 | /// The default implementation doesn't omit these checks. 31 | #[tracing::instrument(target = "r1cs", skip(cs, f))] 32 | fn new_verification_key_unchecked>( 33 | cs: impl Into>, 34 | f: impl FnOnce() -> Result, 35 | mode: AllocationMode, 36 | ) -> Result { 37 | Self::VerificationKeyVar::new_variable(cs, f, mode) 38 | } 39 | 40 | fn verify<'a, T: 'a + ToBitsGadget + ?Sized>( 41 | verification_key: &Self::VerificationKeyVar, 42 | input: impl IntoIterator, 43 | proof: &Self::ProofVar, 44 | ) -> Result, SynthesisError>; 45 | 46 | fn verify_prepared<'a, T: 'a + ToBitsGadget + ?Sized>( 47 | prepared_verification_key: &Self::PreparedVerificationKeyVar, 48 | input: impl IntoIterator, 49 | proof: &Self::ProofVar, 50 | ) -> Result, SynthesisError>; 51 | } 52 | -------------------------------------------------------------------------------- /crypto-primitives/src/prf/constraints.rs: -------------------------------------------------------------------------------- 1 | use algebra_core::Field; 2 | use core::fmt::Debug; 3 | 4 | use crate::{prf::PRF, Vec}; 5 | use r1cs_core::{Namespace, SynthesisError}; 6 | 7 | use r1cs_std::prelude::*; 8 | 9 | pub trait PRFGadget { 10 | type OutputVar: EqGadget 11 | + ToBytesGadget 12 | + AllocVar 13 | + R1CSVar 14 | + Clone 15 | + Debug; 16 | 17 | fn new_seed(cs: impl Into>, seed: &P::Seed) -> Vec>; 18 | 19 | fn evaluate(seed: &[UInt8], input: &[UInt8]) -> Result; 20 | } 21 | -------------------------------------------------------------------------------- /crypto-primitives/src/prf/mod.rs: -------------------------------------------------------------------------------- 1 | use algebra_core::bytes::{FromBytes, ToBytes}; 2 | use core::{fmt::Debug, hash::Hash}; 3 | 4 | use crate::CryptoError; 5 | 6 | #[cfg(feature = "r1cs")] 7 | pub mod constraints; 8 | #[cfg(feature = "r1cs")] 9 | pub use constraints::*; 10 | 11 | pub mod blake2s; 12 | pub use self::blake2s::*; 13 | 14 | pub trait PRF { 15 | type Input: FromBytes + Default; 16 | type Output: ToBytes + Eq + Clone + Debug + Default + Hash; 17 | type Seed: FromBytes + ToBytes + Clone + Default + Debug; 18 | 19 | fn evaluate(seed: &Self::Seed, input: &Self::Input) -> Result; 20 | } 21 | -------------------------------------------------------------------------------- /crypto-primitives/src/signature/constraints.rs: -------------------------------------------------------------------------------- 1 | use algebra_core::Field; 2 | use r1cs_core::SynthesisError; 3 | use r1cs_std::prelude::*; 4 | 5 | use crate::signature::SignatureScheme; 6 | 7 | pub trait SigRandomizePkGadget { 8 | type ParametersVar: AllocVar + Clone; 9 | 10 | type PublicKeyVar: ToBytesGadget 11 | + EqGadget 12 | + AllocVar 13 | + Clone; 14 | 15 | fn randomize( 16 | parameters: &Self::ParametersVar, 17 | public_key: &Self::PublicKeyVar, 18 | randomness: &[UInt8], 19 | ) -> Result; 20 | } 21 | -------------------------------------------------------------------------------- /dpc/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "dpc" 3 | version = "0.1.1-alpha.0" 4 | authors = [ 5 | "Sean Bowe", 6 | "Alessandro Chiesa", 7 | "Matthew Green", 8 | "Ian Miers", 9 | "Pratyush Mishra", 10 | "Howard Wu" 11 | ] 12 | description = "A library for decentralized private computation" 13 | homepage = "https://libzexe.org" 14 | repository = "https://github.com/scipr/zexe" 15 | documentation = "https://docs.rs/zexe/" 16 | keywords = ["zero knowledge", "cryptography", "smart contracts", "cryptocurrency"] 17 | categories = ["cryptography"] 18 | include = ["Cargo.toml", "src", "README.md", "LICENSE-APACHE", "LICENSE-MIT"] 19 | license = "MIT/Apache-2.0" 20 | edition = "2018" 21 | 22 | ################################# Dependencies ################################ 23 | 24 | [dependencies] 25 | algebra = { path = "../algebra", features = [ "bls12_377", "ed_on_bls12_377", "ed_on_cp6_782", "cp6_782" ] } 26 | r1cs-core = { path = "../r1cs-core" } 27 | r1cs-std = { path = "../r1cs-std", features = [ "bls12_377", "ed_on_bls12_377", "ed_on_cp6_782" ] } 28 | crypto-primitives = { path = "../crypto-primitives", features = [ "groth16", "r1cs" ] } 29 | groth16 = { path = "../groth16" } 30 | bench-utils = { path = "../bench-utils" } 31 | 32 | rand = { version = "0.7" } 33 | derivative = "2" 34 | 35 | [dev-dependencies] 36 | rand_xorshift = { version = "0.2" } 37 | tracing-subscriber = { version = "0.2" } 38 | tracing = { version = "0.1", default-features = false } 39 | 40 | ############################################################################### 41 | 42 | ################################## Features ################################### 43 | 44 | [features] 45 | print-trace = [ "bench-utils/print-trace" ] 46 | 47 | ############################################################################### 48 | -------------------------------------------------------------------------------- /dpc/LICENSE-APACHE: -------------------------------------------------------------------------------- 1 | ../LICENSE-APACHE -------------------------------------------------------------------------------- /dpc/LICENSE-MIT: -------------------------------------------------------------------------------- 1 | ../LICENSE-MIT -------------------------------------------------------------------------------- /dpc/src/constraints/mod.rs: -------------------------------------------------------------------------------- 1 | pub mod delegable_dpc; 2 | pub mod plain_dpc; 3 | 4 | pub trait Assignment { 5 | fn get(&self) -> Result<&T, r1cs_core::SynthesisError>; 6 | } 7 | 8 | impl Assignment for Option { 9 | fn get(&self) -> Result<&T, r1cs_core::SynthesisError> { 10 | match *self { 11 | Some(ref v) => Ok(v), 12 | None => Err(r1cs_core::SynthesisError::AssignmentMissing), 13 | } 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /dpc/src/dpc/delegable_dpc/address.rs: -------------------------------------------------------------------------------- 1 | use crate::dpc::{delegable_dpc::DelegableDPCComponents, AddressKeyPair}; 2 | use algebra::bytes::ToBytes; 3 | use crypto_primitives::{CommitmentScheme, SignatureScheme, PRF}; 4 | use std::io::{Result as IoResult, Write}; 5 | 6 | #[derive(Derivative)] 7 | #[derivative( 8 | Default(bound = "C: DelegableDPCComponents"), 9 | Clone(bound = "C: DelegableDPCComponents") 10 | )] 11 | pub struct AddressPublicKey { 12 | pub public_key: ::Output, 13 | } 14 | 15 | impl ToBytes for AddressPublicKey { 16 | fn write(&self, writer: W) -> IoResult<()> { 17 | self.public_key.write(writer) 18 | } 19 | } 20 | 21 | #[derive(Derivative)] 22 | #[derivative( 23 | Default(bound = "C: DelegableDPCComponents"), 24 | Clone(bound = "C: DelegableDPCComponents") 25 | )] 26 | pub struct AddressSecretKey { 27 | pub pk_sig: ::PublicKey, 28 | pub sk_sig: ::SecretKey, 29 | pub sk_prf: ::Seed, 30 | pub metadata: [u8; 32], 31 | pub r_pk: ::Randomness, 32 | } 33 | 34 | #[derive(Derivative)] 35 | #[derivative(Clone(bound = "C: DelegableDPCComponents"))] 36 | pub struct AddressPair { 37 | pub public_key: AddressPublicKey, 38 | pub secret_key: AddressSecretKey, 39 | } 40 | 41 | impl AddressKeyPair for AddressPair { 42 | type AddressSecretKey = AddressSecretKey; 43 | type AddressPublicKey = AddressPublicKey; 44 | } 45 | -------------------------------------------------------------------------------- /dpc/src/dpc/delegable_dpc/predicate.rs: -------------------------------------------------------------------------------- 1 | use crate::dpc::{delegable_dpc::DelegableDPCComponents, Predicate}; 2 | use crypto_primitives::NIZK; 3 | use std::marker::PhantomData; 4 | 5 | pub struct PrivatePredInput { 6 | pub vk: ::VerificationParameters, 7 | pub proof: ::Proof, 8 | } 9 | 10 | impl Default for PrivatePredInput { 11 | fn default() -> Self { 12 | Self { 13 | vk: ::VerificationParameters::default(), 14 | proof: ::Proof::default(), 15 | } 16 | } 17 | } 18 | 19 | impl Clone for PrivatePredInput { 20 | fn clone(&self) -> Self { 21 | Self { 22 | vk: self.vk.clone(), 23 | proof: self.proof.clone(), 24 | } 25 | } 26 | } 27 | 28 | #[derive(Derivative)] 29 | #[derivative( 30 | Clone(bound = "C: DelegableDPCComponents"), 31 | Default(bound = "C: DelegableDPCComponents") 32 | )] 33 | pub struct DPCPredicate { 34 | #[derivative(Default(value = "vec![0u8; 32]"))] 35 | identity: Vec, 36 | _components: PhantomData, 37 | } 38 | 39 | impl DPCPredicate { 40 | pub fn new(identity: Vec) -> Self { 41 | Self { 42 | identity, 43 | _components: PhantomData, 44 | } 45 | } 46 | } 47 | 48 | impl Predicate for DPCPredicate { 49 | type PublicInput = (); 50 | type PrivateWitness = PrivatePredInput; 51 | 52 | fn evaluate(&self, _p: &Self::PublicInput, _w: &Self::PrivateWitness) -> bool { 53 | unimplemented!() 54 | } 55 | 56 | fn into_compact_repr(&self) -> Vec { 57 | self.identity.clone() 58 | } 59 | } 60 | -------------------------------------------------------------------------------- /dpc/src/dpc/plain_dpc/address.rs: -------------------------------------------------------------------------------- 1 | use crate::dpc::{plain_dpc::PlainDPCComponents, AddressKeyPair}; 2 | use algebra::bytes::ToBytes; 3 | use crypto_primitives::{CommitmentScheme, PRF}; 4 | use std::io::{Result as IoResult, Write}; 5 | 6 | #[derive(Derivative)] 7 | #[derivative( 8 | Default(bound = "C: PlainDPCComponents"), 9 | Clone(bound = "C: PlainDPCComponents"), 10 | Debug(bound = "C: PlainDPCComponents") 11 | )] 12 | pub struct AddressPublicKey { 13 | pub public_key: ::Output, 14 | } 15 | 16 | impl ToBytes for AddressPublicKey { 17 | fn write(&self, writer: W) -> IoResult<()> { 18 | self.public_key.write(writer) 19 | } 20 | } 21 | 22 | #[derive(Derivative)] 23 | #[derivative( 24 | Default(bound = "C: PlainDPCComponents"), 25 | Clone(bound = "C: PlainDPCComponents"), 26 | Debug(bound = "C: PlainDPCComponents") 27 | )] 28 | pub struct AddressSecretKey { 29 | pub sk_prf: ::Seed, 30 | pub metadata: [u8; 32], 31 | pub r_pk: ::Randomness, 32 | } 33 | 34 | #[derive(Derivative)] 35 | #[derivative(Clone(bound = "C: PlainDPCComponents"))] 36 | pub struct AddressPair { 37 | pub public_key: AddressPublicKey, 38 | pub secret_key: AddressSecretKey, 39 | } 40 | 41 | impl AddressKeyPair for AddressPair { 42 | type AddressSecretKey = AddressSecretKey; 43 | type AddressPublicKey = AddressPublicKey; 44 | } 45 | -------------------------------------------------------------------------------- /dpc/src/dpc/plain_dpc/predicate.rs: -------------------------------------------------------------------------------- 1 | use crate::dpc::{plain_dpc::PlainDPCComponents, Predicate}; 2 | use crypto_primitives::NIZK; 3 | use std::marker::PhantomData; 4 | 5 | pub struct PrivatePredInput { 6 | pub vk: ::VerificationParameters, 7 | pub proof: ::Proof, 8 | } 9 | 10 | impl Default for PrivatePredInput { 11 | fn default() -> Self { 12 | Self { 13 | vk: ::VerificationParameters::default(), 14 | proof: ::Proof::default(), 15 | } 16 | } 17 | } 18 | 19 | impl Clone for PrivatePredInput { 20 | fn clone(&self) -> Self { 21 | Self { 22 | vk: self.vk.clone(), 23 | proof: self.proof.clone(), 24 | } 25 | } 26 | } 27 | 28 | #[derive(Derivative)] 29 | #[derivative( 30 | Clone(bound = "C: PlainDPCComponents"), 31 | Default(bound = "C: PlainDPCComponents") 32 | )] 33 | pub struct DPCPredicate { 34 | #[derivative(Default(value = "vec![0u8; 32]"))] 35 | identity: Vec, 36 | _components: PhantomData, 37 | } 38 | 39 | impl DPCPredicate { 40 | pub fn new(identity: Vec) -> Self { 41 | Self { 42 | identity, 43 | _components: PhantomData, 44 | } 45 | } 46 | } 47 | 48 | impl Predicate for DPCPredicate { 49 | type PublicInput = (); 50 | type PrivateWitness = PrivatePredInput; 51 | 52 | fn evaluate(&self, _p: &Self::PublicInput, _w: &Self::PrivateWitness) -> bool { 53 | unimplemented!() 54 | } 55 | 56 | fn into_compact_repr(&self) -> Vec { 57 | self.identity.clone() 58 | } 59 | } 60 | -------------------------------------------------------------------------------- /dpc/src/lib.rs: -------------------------------------------------------------------------------- 1 | #![deny( 2 | unused_import_braces, 3 | unused_qualifications, 4 | trivial_casts, 5 | trivial_numeric_casts 6 | )] 7 | #![deny( 8 | single_use_lifetimes, 9 | unused_qualifications, 10 | variant_size_differences, 11 | stable_features, 12 | unreachable_pub 13 | )] 14 | #![deny( 15 | non_shorthand_field_patterns, 16 | unused_attributes, 17 | unused_imports, 18 | unused_extern_crates 19 | )] 20 | #![deny( 21 | renamed_and_removed_lints, 22 | stable_features, 23 | unused_allocation, 24 | unused_comparisons, 25 | bare_trait_objects 26 | )] 27 | #![deny( 28 | const_err, 29 | unused_must_use, 30 | unused_mut, 31 | unused_unsafe, 32 | private_in_public, 33 | unsafe_code 34 | )] 35 | #![forbid(unsafe_code)] 36 | #![cfg_attr(feature = "clippy", deny(warnings))] 37 | #![cfg_attr(feature = "clippy", feature(plugin))] 38 | #![cfg_attr(feature = "clippy", plugin(clippy))] 39 | #![cfg_attr(feature = "clippy", allow(inline_always))] 40 | #![cfg_attr(feature = "clippy", allow(too_many_arguments))] 41 | #![cfg_attr(feature = "clippy", allow(unreadable_literal))] 42 | #![cfg_attr(feature = "clippy", allow(many_single_char_names))] 43 | #![cfg_attr(feature = "clippy", allow(new_without_default_derive))] 44 | 45 | #[macro_use] 46 | extern crate bench_utils; 47 | 48 | #[macro_use] 49 | extern crate derivative; 50 | 51 | pub mod constraints; 52 | pub(crate) mod dpc; 53 | pub mod ledger; 54 | pub mod predicates; 55 | 56 | pub type Error = Box; 57 | 58 | pub use crate::dpc::*; 59 | -------------------------------------------------------------------------------- /dpc/src/predicates/mod.rs: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /ff-fft-benches/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "ff-fft-benches" 3 | version = "0.1.1-alpha.0" 4 | authors = [ 5 | "Sean Bowe", 6 | "Alessandro Chiesa", 7 | "Matthew Green", 8 | "Ian Miers", 9 | "Pratyush Mishra", 10 | "Howard Wu" 11 | ] 12 | description = "A library for evaluating FFTs over prime finite fields" 13 | homepage = "https://libzexe.org" 14 | repository = "https://github.com/scipr/zexe" 15 | documentation = "https://docs.rs/ff-fft/" 16 | keywords = ["cryptography", "finite fields", "fft"] 17 | categories = ["cryptography"] 18 | include = ["Cargo.toml", "src", "README.md", "LICENSE-APACHE", "LICENSE-MIT"] 19 | license = "MIT/Apache-2.0" 20 | edition = "2018" 21 | 22 | [dev-dependencies] 23 | ff-fft = { path = "../ff-fft" } 24 | algebra = { path = "../algebra", default-features = false, features = [ "bls12_381", "mnt6_753", "mnt4_753" ] } 25 | criterion = "0.3.1" 26 | rand = "0.7" 27 | 28 | [[bench]] 29 | name = "fft" 30 | path = "benches/fft.rs" 31 | harness = false 32 | -------------------------------------------------------------------------------- /ff-fft-benches/LICENSE-APACHE: -------------------------------------------------------------------------------- 1 | ../LICENSE-APACHE -------------------------------------------------------------------------------- /ff-fft-benches/LICENSE-MIT: -------------------------------------------------------------------------------- 1 | ../LICENSE-MIT -------------------------------------------------------------------------------- /ff-fft/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "ff-fft" 3 | version = "0.1.1-alpha.0" 4 | authors = [ 5 | "Sean Bowe", 6 | "Alessandro Chiesa", 7 | "Matthew Green", 8 | "Ian Miers", 9 | "Pratyush Mishra", 10 | "Howard Wu" 11 | ] 12 | description = "A library for evaluating FFTs over prime finite fields" 13 | homepage = "https://libzexe.org" 14 | repository = "https://github.com/scipr/zexe" 15 | documentation = "https://docs.rs/ff-fft/" 16 | keywords = ["cryptography", "finite fields", "fft"] 17 | categories = ["cryptography"] 18 | include = ["Cargo.toml", "src", "README.md", "LICENSE-APACHE", "LICENSE-MIT"] 19 | license = "MIT/Apache-2.0" 20 | edition = "2018" 21 | 22 | [dependencies] 23 | algebra-core = { path = "../algebra-core", default-features = false } 24 | rand = { version = "0.7", default-features = false } 25 | rayon = { version = "1", optional = true } 26 | 27 | [dev-dependencies] 28 | algebra = { path = "../algebra", default-features = false, features = [ "bls12_381", "mnt6_753", "mnt4_753" ] } 29 | 30 | [features] 31 | default = [ "parallel" ] 32 | std = ["algebra-core/std"] 33 | parallel = ["std", "algebra-core/parallel", "rayon"] 34 | -------------------------------------------------------------------------------- /ff-fft/LICENSE-APACHE: -------------------------------------------------------------------------------- 1 | ../LICENSE-APACHE -------------------------------------------------------------------------------- /ff-fft/LICENSE-MIT: -------------------------------------------------------------------------------- 1 | ../LICENSE-MIT -------------------------------------------------------------------------------- /ff-fft/src/test.rs: -------------------------------------------------------------------------------- 1 | use crate::domain::*; 2 | use algebra::{ 3 | bls12_381::{Fr, G1Projective}, 4 | mnt6_753::{Fr as MNT6Fr, G1Projective as MNT6G1Projective}, 5 | }; 6 | use algebra_core::{test_rng, PrimeField, UniformRand}; 7 | 8 | // Test multiplying various (low degree) polynomials together and 9 | // comparing with naive evaluations. 10 | #[test] 11 | fn fft_composition() { 12 | fn test_fft_composition< 13 | F: PrimeField, 14 | T: DomainCoeff + UniformRand + core::fmt::Debug + Eq, 15 | R: rand::Rng, 16 | D: EvaluationDomain, 17 | >( 18 | rng: &mut R, 19 | max_coeffs: usize, 20 | ) { 21 | for coeffs in 0..max_coeffs { 22 | let coeffs = 1 << coeffs; 23 | 24 | let domain = D::new(coeffs).unwrap(); 25 | 26 | let mut v = vec![]; 27 | for _ in 0..coeffs { 28 | v.push(T::rand(rng)); 29 | } 30 | // Fill up with zeros. 31 | v.resize(domain.size(), T::zero()); 32 | let mut v2 = v.clone(); 33 | 34 | domain.ifft_in_place(&mut v2); 35 | domain.fft_in_place(&mut v2); 36 | assert_eq!(v, v2, "ifft(fft(.)) != iden"); 37 | 38 | domain.fft_in_place(&mut v2); 39 | domain.ifft_in_place(&mut v2); 40 | assert_eq!(v, v2, "fft(ifft(.)) != iden"); 41 | 42 | domain.coset_ifft_in_place(&mut v2); 43 | domain.coset_fft_in_place(&mut v2); 44 | assert_eq!(v, v2, "coset_fft(coset_ifft(.)) != iden"); 45 | 46 | domain.coset_fft_in_place(&mut v2); 47 | domain.coset_ifft_in_place(&mut v2); 48 | assert_eq!(v, v2, "coset_ifft(coset_fft(.)) != iden"); 49 | } 50 | } 51 | 52 | let rng = &mut test_rng(); 53 | 54 | test_fft_composition::>(rng, 10); 55 | test_fft_composition::>(rng, 10); 56 | // This will result in a mixed-radix domain being used. 57 | test_fft_composition::>(rng, 17); 58 | test_fft_composition::>(rng, 5); 59 | } 60 | -------------------------------------------------------------------------------- /gm17/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "gm17" 3 | version = "0.1.1-alpha.0" 4 | authors = [ 5 | "Sean Bowe", 6 | "Alessandro Chiesa", 7 | "Matthew Green", 8 | "Ian Miers", 9 | "Pratyush Mishra", 10 | "Howard Wu" 11 | ] 12 | description = "An implementation of the Groth-Maller 2017 zkSNARK proof system" 13 | homepage = "https://libzexe.org" 14 | repository = "https://github.com/scipr/zexe" 15 | documentation = "https://docs.rs/gm17/" 16 | keywords = ["zero knowledge", "cryptography", "zkSNARK", "SNARK", "Groth-Maller"] 17 | categories = ["cryptography"] 18 | include = ["Cargo.toml", "src", "README.md", "LICENSE-APACHE", "LICENSE-MIT"] 19 | license = "MIT/Apache-2.0" 20 | edition = "2018" 21 | 22 | ################################# Dependencies ################################ 23 | 24 | [dependencies] 25 | algebra-core = { path = "../algebra-core", default-features = false, features = [ "derive" ] } 26 | bench-utils = { path = "../bench-utils" } 27 | ff-fft = { path = "../ff-fft", default-features = false } 28 | r1cs-core = { path = "../r1cs-core", default-features = false } 29 | rand = { version = "0.7", default-features = false } 30 | rayon = { version = "1", optional = true } 31 | 32 | [dev-dependencies] 33 | csv = { version = "1" } 34 | algebra = { path = "../algebra", default-features = false, features = [ "bls12_377", "bls12_381", "cp6_782", "mnt6_298", "mnt4_298" ] } 35 | r1cs-std = { path = "../r1cs-std", default-features = false, features = [ "mnt6_298", "mnt4_298" ] } 36 | crypto-primitives = { path = "../crypto-primitives", default-features = false, features = [ "gm17", "r1cs" ] } 37 | 38 | [features] 39 | default = ["parallel"] 40 | std = ["algebra-core/std", "ff-fft/std", "r1cs-core/std"] 41 | parallel = ["std", "algebra-core/parallel", "ff-fft/parallel", "rayon"] 42 | print-trace = [ "bench-utils/print-trace" ] 43 | 44 | [[example]] 45 | name = "gm17" 46 | path = "examples/snark-scalability/gm17.rs" 47 | required-features = ["std"] 48 | 49 | [[example]] 50 | name = "gm17-recursive" 51 | path = "examples/recursive-snark/gm17.rs" 52 | required-features = ["std"] 53 | -------------------------------------------------------------------------------- /gm17/LICENSE-APACHE: -------------------------------------------------------------------------------- 1 | ../LICENSE-APACHE -------------------------------------------------------------------------------- /gm17/LICENSE-MIT: -------------------------------------------------------------------------------- 1 | ../LICENSE-MIT -------------------------------------------------------------------------------- /gm17/src/generator/mod.rs: -------------------------------------------------------------------------------- 1 | use crate::Parameters; 2 | use algebra_core::PairingEngine; 3 | use ff_fft::GeneralEvaluationDomain; 4 | use r1cs_core::{ConstraintSynthesizer, SynthesisError}; 5 | use rand::Rng; 6 | 7 | pub mod generic; 8 | 9 | /// Generates a random common reference string for 10 | /// a circuit. 11 | #[inline] 12 | pub fn generate_random_parameters( 13 | circuit: C, 14 | rng: &mut R, 15 | ) -> Result, SynthesisError> 16 | where 17 | E: PairingEngine, 18 | C: ConstraintSynthesizer, 19 | R: Rng, 20 | { 21 | self::generic::generate_random_parameters::, R>( 22 | circuit, rng, 23 | ) 24 | } 25 | 26 | /// Create parameters for a circuit, given some toxic waste. 27 | #[inline] 28 | pub fn generate_parameters( 29 | circuit: C, 30 | alpha: E::Fr, 31 | beta: E::Fr, 32 | gamma: E::Fr, 33 | g: E::G1Projective, 34 | h: E::G2Projective, 35 | rng: &mut R, 36 | ) -> Result, SynthesisError> 37 | where 38 | E: PairingEngine, 39 | C: ConstraintSynthesizer, 40 | R: Rng, 41 | { 42 | self::generic::generate_parameters::, R>( 43 | circuit, alpha, beta, gamma, g, h, rng, 44 | ) 45 | } 46 | -------------------------------------------------------------------------------- /gm17/src/prover/mod.rs: -------------------------------------------------------------------------------- 1 | use crate::{Parameters, Proof}; 2 | use algebra_core::PairingEngine; 3 | use ff_fft::GeneralEvaluationDomain; 4 | use r1cs_core::{ConstraintSynthesizer, SynthesisError}; 5 | use rand::Rng; 6 | 7 | pub mod generic; 8 | 9 | #[inline] 10 | pub fn create_random_proof( 11 | circuit: C, 12 | params: &Parameters, 13 | rng: &mut R, 14 | ) -> Result, SynthesisError> 15 | where 16 | E: PairingEngine, 17 | C: ConstraintSynthesizer, 18 | R: Rng, 19 | { 20 | self::generic::create_random_proof::, R>( 21 | circuit, params, rng, 22 | ) 23 | } 24 | 25 | #[inline] 26 | pub fn create_proof( 27 | circuit: C, 28 | params: &Parameters, 29 | d1: E::Fr, 30 | d2: E::Fr, 31 | r: E::Fr, 32 | ) -> Result, SynthesisError> 33 | where 34 | E: PairingEngine, 35 | C: ConstraintSynthesizer, 36 | { 37 | self::generic::create_proof::>(circuit, params, d1, d2, r) 38 | } 39 | -------------------------------------------------------------------------------- /groth16/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "groth16" 3 | version = "0.1.1-alpha.0" 4 | authors = [ 5 | "Sean Bowe", 6 | "Alessandro Chiesa", 7 | "Matthew Green", 8 | "Kobi Gurkan", 9 | "Ian Miers", 10 | "Pratyush Mishra", 11 | "Howard Wu" 12 | ] 13 | description = "An implementation of the Groth 2016 zkSNARK proof system" 14 | homepage = "https://libzexe.org" 15 | repository = "https://github.com/scipr/zexe" 16 | documentation = "https://docs.rs/groth16/" 17 | keywords = ["zero knowledge", "cryptography", "zkSNARK", "SNARK", "Groth"] 18 | categories = ["cryptography"] 19 | include = ["Cargo.toml", "src", "README.md", "LICENSE-APACHE", "LICENSE-MIT"] 20 | license = "MIT/Apache-2.0" 21 | edition = "2018" 22 | 23 | ################################# Dependencies ################################ 24 | 25 | [dependencies] 26 | algebra-core = { path = "../algebra-core", default-features = false, features = [ "derive" ] } 27 | bench-utils = { path = "../bench-utils" } 28 | ff-fft = { path = "../ff-fft", default-features = false } 29 | r1cs-core = { path = "../r1cs-core", default-features = false } 30 | rand = { version = "0.7", default-features = false } 31 | rayon = { version = "1", optional = true } 32 | 33 | [dev-dependencies] 34 | csv = { version = "1" } 35 | algebra = { path = "../algebra", default-features = false, features = [ "bls12_377", "bls12_381", "cp6_782", "mnt6_298", "mnt4_298" ] } 36 | r1cs-std = { path = "../r1cs-std", default-features = false, features = [ "mnt6_298", "mnt4_298" ] } 37 | crypto-primitives = { path = "../crypto-primitives", default-features = false, features = [ "groth16", "r1cs" ] } 38 | 39 | [features] 40 | default = ["parallel"] 41 | std = ["algebra-core/std", "ff-fft/std", "r1cs-core/std"] 42 | parallel = ["std", "algebra-core/parallel", "ff-fft/parallel", "rayon"] 43 | print-trace = [ "bench-utils/print-trace" ] 44 | 45 | [[example]] 46 | name = "groth16" 47 | path = "examples/snark-scalability/groth16.rs" 48 | required-features = ["std"] 49 | 50 | [[example]] 51 | name = "groth16-recursive" 52 | path = "examples/recursive-snark/groth16.rs" 53 | required-features = ["std"] 54 | -------------------------------------------------------------------------------- /groth16/LICENSE-APACHE: -------------------------------------------------------------------------------- 1 | ../LICENSE-APACHE -------------------------------------------------------------------------------- /groth16/LICENSE-MIT: -------------------------------------------------------------------------------- 1 | ../LICENSE-MIT -------------------------------------------------------------------------------- /groth16/src/generator/mod.rs: -------------------------------------------------------------------------------- 1 | use crate::Parameters; 2 | use algebra_core::PairingEngine; 3 | use ff_fft::GeneralEvaluationDomain; 4 | use r1cs_core::{ConstraintSynthesizer, SynthesisError}; 5 | use rand::Rng; 6 | 7 | pub mod generic; 8 | 9 | /// Generates a random common reference string for 10 | /// a circuit. 11 | #[inline] 12 | pub fn generate_random_parameters( 13 | circuit: C, 14 | rng: &mut R, 15 | ) -> Result, SynthesisError> 16 | where 17 | E: PairingEngine, 18 | C: ConstraintSynthesizer, 19 | R: Rng, 20 | { 21 | self::generic::generate_random_parameters::, R>( 22 | circuit, rng, 23 | ) 24 | } 25 | 26 | /// Create parameters for a circuit, given some toxic waste. 27 | #[inline] 28 | pub fn generate_parameters( 29 | circuit: C, 30 | alpha: E::Fr, 31 | beta: E::Fr, 32 | gamma: E::Fr, 33 | delta: E::Fr, 34 | rng: &mut R, 35 | ) -> Result, SynthesisError> 36 | where 37 | E: PairingEngine, 38 | C: ConstraintSynthesizer, 39 | R: Rng, 40 | { 41 | self::generic::generate_parameters::, R>( 42 | circuit, alpha, beta, gamma, delta, rng, 43 | ) 44 | } 45 | -------------------------------------------------------------------------------- /groth16/src/prover/mod.rs: -------------------------------------------------------------------------------- 1 | use crate::{Parameters, Proof}; 2 | use algebra_core::PairingEngine; 3 | use ff_fft::GeneralEvaluationDomain; 4 | use r1cs_core::{ConstraintSynthesizer, SynthesisError}; 5 | use rand::Rng; 6 | 7 | pub mod generic; 8 | 9 | #[inline] 10 | pub fn create_random_proof( 11 | circuit: C, 12 | params: &Parameters, 13 | rng: &mut R, 14 | ) -> Result, SynthesisError> 15 | where 16 | E: PairingEngine, 17 | C: ConstraintSynthesizer, 18 | R: Rng, 19 | { 20 | self::generic::create_random_proof::, R>( 21 | circuit, params, rng, 22 | ) 23 | } 24 | 25 | #[inline] 26 | pub fn create_proof_no_zk( 27 | circuit: C, 28 | params: &Parameters, 29 | ) -> Result, SynthesisError> 30 | where 31 | E: PairingEngine, 32 | C: ConstraintSynthesizer, 33 | { 34 | self::generic::create_proof_no_zk::>(circuit, params) 35 | } 36 | 37 | #[inline] 38 | pub fn create_proof( 39 | circuit: C, 40 | params: &Parameters, 41 | r: E::Fr, 42 | s: E::Fr, 43 | ) -> Result, SynthesisError> 44 | where 45 | E: PairingEngine, 46 | C: ConstraintSynthesizer, 47 | { 48 | self::generic::create_proof::>(circuit, params, r, s) 49 | } 50 | -------------------------------------------------------------------------------- /groth16/src/verifier.rs: -------------------------------------------------------------------------------- 1 | use algebra_core::{AffineCurve, PairingEngine, PrimeField, ProjectiveCurve}; 2 | 3 | use super::{PreparedVerifyingKey, Proof, VerifyingKey}; 4 | 5 | use crate::SynthesisError; 6 | 7 | use core::ops::{AddAssign, Neg}; 8 | 9 | pub fn prepare_verifying_key(vk: &VerifyingKey) -> PreparedVerifyingKey { 10 | PreparedVerifyingKey { 11 | vk: vk.clone(), 12 | alpha_g1_beta_g2: E::pairing(vk.alpha_g1, vk.beta_g2), 13 | gamma_g2_neg_pc: vk.gamma_g2.neg().into(), 14 | delta_g2_neg_pc: vk.delta_g2.neg().into(), 15 | gamma_abc_g1: vk.gamma_abc_g1.clone(), 16 | } 17 | } 18 | 19 | pub fn verify_proof( 20 | pvk: &PreparedVerifyingKey, 21 | proof: &Proof, 22 | public_inputs: &[E::Fr], 23 | ) -> Result { 24 | if (public_inputs.len() + 1) != pvk.gamma_abc_g1.len() { 25 | return Err(SynthesisError::MalformedVerifyingKey); 26 | } 27 | 28 | let mut g_ic = pvk.gamma_abc_g1[0].into_projective(); 29 | for (i, b) in public_inputs.iter().zip(pvk.gamma_abc_g1.iter().skip(1)) { 30 | g_ic.add_assign(&b.mul(i.into_repr())); 31 | } 32 | 33 | let qap = E::miller_loop( 34 | [ 35 | (proof.a.into(), proof.b.into()), 36 | (g_ic.into_affine().into(), pvk.gamma_g2_neg_pc.clone()), 37 | (proof.c.into(), pvk.delta_g2_neg_pc.clone()), 38 | ] 39 | .iter(), 40 | ); 41 | 42 | let test = E::final_exponentiation(&qap).ok_or(SynthesisError::UnexpectedIdentity)?; 43 | 44 | Ok(test == pvk.alpha_g1_beta_g2) 45 | } 46 | -------------------------------------------------------------------------------- /r1cs-core/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "r1cs-core" 3 | version = "0.1.1-alpha.0" 4 | authors = [ 5 | "Sean Bowe", 6 | "Alessandro Chiesa", 7 | "Matthew Green", 8 | "Ian Miers", 9 | "Pratyush Mishra", 10 | "Howard Wu" 11 | ] 12 | description = "A library for rank-one constraint systems" 13 | homepage = "https://libzexe.org" 14 | repository = "https://github.com/scipr/zexe" 15 | documentation = "https://docs.rs/r1cs-core/" 16 | keywords = ["zero knowledge", "cryptography", "zkSNARK", "SNARK", "constraint systems"] 17 | categories = ["cryptography"] 18 | include = ["Cargo.toml", "src", "README.md", "LICENSE-APACHE", "LICENSE-MIT"] 19 | license = "MIT/Apache-2.0" 20 | edition = "2018" 21 | 22 | [dependencies] 23 | algebra-core = { path = "../algebra-core", default-features = false } 24 | tracing = { version = "0.1", default-features = false, optional = true } 25 | tracing-subscriber = { version = "0.2", default-features = false, optional = true } 26 | 27 | [dev-dependencies] 28 | algebra = { path = "../algebra", default-features = false, features = [ "bls12_381" ] } 29 | 30 | [features] 31 | default = ["std"] 32 | std = [ "algebra-core/std", "tracing-subscriber", "tracing/std" ] -------------------------------------------------------------------------------- /r1cs-core/LICENSE-APACHE: -------------------------------------------------------------------------------- 1 | ../LICENSE-APACHE -------------------------------------------------------------------------------- /r1cs-core/LICENSE-MIT: -------------------------------------------------------------------------------- 1 | ../LICENSE-MIT -------------------------------------------------------------------------------- /r1cs-core/src/error.rs: -------------------------------------------------------------------------------- 1 | use core::fmt; 2 | 3 | /// This is an error that could occur during circuit synthesis contexts, 4 | /// such as CRS generation, proving or verification. 5 | #[derive(PartialEq, Eq, Clone, Copy, Debug)] 6 | pub enum SynthesisError { 7 | /// During synthesis, we tried to allocate a variable when 8 | /// `ConstraintSystemRef` was `None`. 9 | MissingCS, 10 | /// During synthesis, we lacked knowledge of a variable assignment. 11 | AssignmentMissing, 12 | /// During synthesis, we divided by zero. 13 | DivisionByZero, 14 | /// During synthesis, we constructed an unsatisfiable constraint system. 15 | Unsatisfiable, 16 | /// During synthesis, our polynomials ended up being too high of degree 17 | PolynomialDegreeTooLarge, 18 | /// During proof generation, we encountered an identity in the CRS 19 | UnexpectedIdentity, 20 | /// During verification, our verifying key was malformed. 21 | MalformedVerifyingKey, 22 | /// During CRS generation, we observed an unconstrained auxiliary variable 23 | UnconstrainedVariable, 24 | } 25 | 26 | #[cfg(feature = "std")] 27 | impl std::error::Error for SynthesisError { 28 | fn source(&self) -> Option<&(dyn std::error::Error + 'static)> { 29 | None 30 | } 31 | } 32 | 33 | impl fmt::Display for SynthesisError { 34 | fn fmt(&self, f: &mut fmt::Formatter<'_>) -> Result<(), fmt::Error> { 35 | match self { 36 | SynthesisError::MissingCS => write!(f, "the constraint system was `None`"), 37 | SynthesisError::AssignmentMissing => { 38 | write!(f, "an assignment for a variable could not be computed") 39 | } 40 | SynthesisError::DivisionByZero => write!(f, "division by zero"), 41 | SynthesisError::Unsatisfiable => write!(f, "unsatisfiable constraint system"), 42 | SynthesisError::PolynomialDegreeTooLarge => write!(f, "polynomial degree is too large"), 43 | SynthesisError::UnexpectedIdentity => { 44 | write!(f, "encountered an identity element in the CRS") 45 | } 46 | SynthesisError::MalformedVerifyingKey => write!(f, "malformed verifying key"), 47 | SynthesisError::UnconstrainedVariable => { 48 | write!(f, "auxiliary variable was unconstrained") 49 | } 50 | } 51 | } 52 | } 53 | -------------------------------------------------------------------------------- /r1cs-std/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "r1cs-std" 3 | version = "0.1.1-alpha.0" 4 | authors = [ 5 | "Sean Bowe", 6 | "Alessandro Chiesa", 7 | "Matthew Green", 8 | "Ian Miers", 9 | "Pratyush Mishra", 10 | "Howard Wu" 11 | ] 12 | description = "A standard library for constraint system gadgets" 13 | homepage = "https://libzexe.org" 14 | repository = "https://github.com/scipr/zexe" 15 | documentation = "https://docs.rs/r1cs-std/" 16 | keywords = ["zero knowledge", "cryptography", "zkSNARK", "SNARK"] 17 | categories = ["cryptography"] 18 | include = ["Cargo.toml", "src", "README.md", "LICENSE-APACHE", "LICENSE-MIT"] 19 | license = "MIT/Apache-2.0" 20 | edition = "2018" 21 | 22 | ################################# Dependencies ################################ 23 | 24 | [dependencies] 25 | algebra = { path = "../algebra", default-features = false } 26 | r1cs-core = { path = "../r1cs-core", default-features = false } 27 | derivative = { version = "2", features = ["use_core"] } 28 | tracing = { version = "0.1", default-features = false, features = [ "attributes" ] } 29 | 30 | [dev-dependencies] 31 | rand = { version = "0.7", default-features = false } 32 | rand_xorshift = { version = "0.2" } 33 | # Currently this means that all downstream users of `r1cs-std` will be using 34 | # `algebra` with the `bls12_381` feature. This is because of a cargo bug. 35 | algebra = { path = "../algebra", default-features = false, features = [ "bls12_381" ] } 36 | 37 | [features] 38 | default = ["std"] 39 | full = [ 40 | "bls12_377", "ed_on_bn254", "ed_on_bls12_381", "ed_on_bls12_377", "ed_on_cp6_782", 41 | "ed_on_bw6_761", "ed_on_mnt4_298", "ed_on_mnt4_753", "mnt4_298", "mnt4_753", "mnt6_298", "mnt6_753" 42 | ] 43 | 44 | bls12_377 = [ "algebra/bls12_377" ] 45 | ed_on_bn254 = [ "algebra/ed_on_bn254" ] 46 | ed_on_bls12_381 = [ "algebra/ed_on_bls12_381" ] 47 | ed_on_bls12_377 = [ "algebra/ed_on_bls12_377" ] 48 | ed_on_cp6_782 = [ "algebra/ed_on_cp6_782" ] 49 | ed_on_bw6_761 = [ "algebra/ed_on_bw6_761", "algebra/ed_on_cp6_782" ] 50 | ed_on_mnt4_298 = [ "algebra/ed_on_mnt4_298" ] 51 | ed_on_mnt4_753 = [ "algebra/ed_on_mnt4_753" ] 52 | mnt4_298 = [ "algebra/mnt4_298" ] 53 | mnt4_753 = [ "algebra/mnt4_753" ] 54 | mnt6_298 = [ "algebra/mnt6_298" ] 55 | mnt6_753 = [ "algebra/mnt6_753" ] 56 | 57 | std = [ "algebra/std", "r1cs-core/std" ] 58 | parallel = [ "std", "algebra/parallel" ] 59 | -------------------------------------------------------------------------------- /r1cs-std/LICENSE-APACHE: -------------------------------------------------------------------------------- 1 | ../LICENSE-APACHE -------------------------------------------------------------------------------- /r1cs-std/LICENSE-MIT: -------------------------------------------------------------------------------- 1 | ../LICENSE-MIT -------------------------------------------------------------------------------- /r1cs-std/src/fields/fp2.rs: -------------------------------------------------------------------------------- 1 | use crate::fields::{fp::FpVar, quadratic_extension::*}; 2 | use algebra::fields::{Fp2Parameters, Fp2ParamsWrapper, QuadExtParameters}; 3 | 4 | /// A quadratic extension field constructed over a prime field. 5 | /// This is the R1CS equivalent of `algebra_core::Fp2

`. 6 | pub type Fp2Var

= QuadExtVar::Fp>, Fp2ParamsWrapper

>; 7 | 8 | impl QuadExtVarParams> for Fp2ParamsWrapper

{ 9 | fn mul_base_field_var_by_frob_coeff(fe: &mut FpVar, power: usize) { 10 | *fe *= Self::FROBENIUS_COEFF_C1[power % Self::DEGREE_OVER_BASE_PRIME_FIELD]; 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /r1cs-std/src/fields/fp3.rs: -------------------------------------------------------------------------------- 1 | use crate::fields::{cubic_extension::*, fp::FpVar}; 2 | use algebra::fields::{CubicExtParameters, Fp3Parameters, Fp3ParamsWrapper}; 3 | 4 | /// A cubic extension field constructed over a prime field. 5 | /// This is the R1CS equivalent of `algebra_core::Fp3

`. 6 | pub type Fp3Var

= CubicExtVar::Fp>, Fp3ParamsWrapper

>; 7 | 8 | impl CubicExtVarParams> for Fp3ParamsWrapper

{ 9 | fn mul_base_field_vars_by_frob_coeff( 10 | c1: &mut FpVar, 11 | c2: &mut FpVar, 12 | power: usize, 13 | ) { 14 | *c1 *= Self::FROBENIUS_COEFF_C1[power % Self::DEGREE_OVER_BASE_PRIME_FIELD]; 15 | *c2 *= Self::FROBENIUS_COEFF_C2[power % Self::DEGREE_OVER_BASE_PRIME_FIELD]; 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /r1cs-std/src/fields/fp4.rs: -------------------------------------------------------------------------------- 1 | use crate::fields::{fp2::Fp2Var, quadratic_extension::*}; 2 | use algebra::fields::{Fp4Parameters, Fp4ParamsWrapper, QuadExtParameters}; 3 | 4 | /// A quartic extension field constructed as the tower of a 5 | /// quadratic extension over a quadratic extension field. 6 | /// This is the R1CS equivalent of `algebra_core::Fp4

`. 7 | pub type Fp4Var

= QuadExtVar::Fp2Params>, Fp4ParamsWrapper

>; 8 | 9 | impl QuadExtVarParams> for Fp4ParamsWrapper

{ 10 | fn mul_base_field_var_by_frob_coeff(fe: &mut Fp2Var, power: usize) { 11 | fe.c0 *= Self::FROBENIUS_COEFF_C1[power % Self::DEGREE_OVER_BASE_PRIME_FIELD]; 12 | fe.c1 *= Self::FROBENIUS_COEFF_C1[power % Self::DEGREE_OVER_BASE_PRIME_FIELD]; 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /r1cs-std/src/fields/fp6_2over3.rs: -------------------------------------------------------------------------------- 1 | use crate::fields::{fp3::Fp3Var, quadratic_extension::*}; 2 | use algebra::fields::{fp6_2over3::*, QuadExtParameters}; 3 | 4 | /// A sextic extension field constructed as the tower of a 5 | /// quadratic extension over a cubic extension field. 6 | /// This is the R1CS equivalent of `algebra_core::fp6_2over3::Fp6

`. 7 | pub type Fp6Var

= QuadExtVar::Fp3Params>, Fp6ParamsWrapper

>; 8 | 9 | impl QuadExtVarParams> for Fp6ParamsWrapper

{ 10 | fn mul_base_field_var_by_frob_coeff(fe: &mut Fp3Var, power: usize) { 11 | fe.c0 *= Self::FROBENIUS_COEFF_C1[power % Self::DEGREE_OVER_BASE_PRIME_FIELD]; 12 | fe.c1 *= Self::FROBENIUS_COEFF_C1[power % Self::DEGREE_OVER_BASE_PRIME_FIELD]; 13 | fe.c2 *= Self::FROBENIUS_COEFF_C1[power % Self::DEGREE_OVER_BASE_PRIME_FIELD]; 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /r1cs-std/src/groups/curves/mod.rs: -------------------------------------------------------------------------------- 1 | /// This module generically implements arithmetic for Short 2 | /// Weierstrass elliptic curves by following the complete formulae of 3 | /// [[Renes, Costello, Batina 2015]](https://eprint.iacr.org/2015/1060). 4 | pub mod short_weierstrass; 5 | 6 | /// This module generically implements arithmetic for Twisted 7 | /// Edwards elliptic curves by following the complete formulae described in the 8 | /// [EFD](https://www.hyperelliptic.org/EFD/g1p/auto-twisted.html). 9 | pub mod twisted_edwards; 10 | -------------------------------------------------------------------------------- /r1cs-std/src/instantiated/bls12_377/curves.rs: -------------------------------------------------------------------------------- 1 | use crate::groups::bls12; 2 | use algebra::bls12_377::Parameters; 3 | 4 | /// An element of G1 in the BLS12-377 bilinear group. 5 | pub type G1Var = bls12::G1Var; 6 | /// An element of G2 in the BLS12-377 bilinear group. 7 | pub type G2Var = bls12::G2Var; 8 | 9 | /// Represents the cached precomputation that can be performed on a G1 element 10 | /// which enables speeding up pairing computation. 11 | pub type G1PreparedVar = bls12::G1PreparedVar; 12 | /// Represents the cached precomputation that can be performed on a G2 element 13 | /// which enables speeding up pairing computation. 14 | pub type G2PreparedVar = bls12::G2PreparedVar; 15 | 16 | #[test] 17 | fn test() { 18 | use algebra::curves::models::bls12::Bls12Parameters; 19 | crate::groups::curves::short_weierstrass::test::< 20 | ::G1Parameters, 21 | G1Var, 22 | >() 23 | .unwrap(); 24 | crate::groups::curves::short_weierstrass::test::< 25 | ::G2Parameters, 26 | G2Var, 27 | >() 28 | .unwrap(); 29 | } 30 | -------------------------------------------------------------------------------- /r1cs-std/src/instantiated/bls12_377/fields.rs: -------------------------------------------------------------------------------- 1 | use algebra::bls12_377::{Fq, Fq12Parameters, Fq2Parameters, Fq6Parameters}; 2 | 3 | use crate::fields::{fp::FpVar, fp12::Fp12Var, fp2::Fp2Var, fp6_3over2::Fp6Var}; 4 | 5 | /// A variable that is the R1CS equivalent of `algebra::bls12_377::Fq`. 6 | pub type FqVar = FpVar; 7 | 8 | /// A variable that is the R1CS equivalent of `algebra::bls12_377::Fq2`. 9 | pub type Fq2Var = Fp2Var; 10 | /// A variable that is the R1CS equivalent of `algebra::bls12_377::Fq6`. 11 | pub type Fq6Var = Fp6Var; 12 | /// A variable that is the R1CS equivalent of `algebra::bls12_377::Fq12`. 13 | pub type Fq12Var = Fp12Var; 14 | 15 | #[test] 16 | fn bls12_377_field_test() { 17 | use super::*; 18 | use crate::fields::tests::*; 19 | use algebra::bls12_377::{Fq, Fq12, Fq2, Fq6}; 20 | 21 | field_test::<_, _, FqVar>().unwrap(); 22 | frobenius_tests::(13).unwrap(); 23 | 24 | field_test::<_, _, Fq2Var>().unwrap(); 25 | frobenius_tests::(13).unwrap(); 26 | 27 | field_test::<_, _, Fq6Var>().unwrap(); 28 | frobenius_tests::(13).unwrap(); 29 | 30 | field_test::<_, _, Fq12Var>().unwrap(); 31 | frobenius_tests::(13).unwrap(); 32 | } 33 | -------------------------------------------------------------------------------- /r1cs-std/src/instantiated/bls12_377/pairing.rs: -------------------------------------------------------------------------------- 1 | use algebra::bls12_377::Parameters; 2 | 3 | /// Specifies the constraints for computing a pairing in the BLS12-377 bilinear 4 | /// group. 5 | pub type PairingVar = crate::pairing::bls12::PairingVar; 6 | 7 | #[test] 8 | fn test() { 9 | crate::pairing::tests::bilinearity_test::().unwrap() 10 | } 11 | -------------------------------------------------------------------------------- /r1cs-std/src/instantiated/ed_on_bls12_377/curves.rs: -------------------------------------------------------------------------------- 1 | use crate::groups::curves::twisted_edwards::AffineVar; 2 | use algebra::ed_on_bls12_377::*; 3 | 4 | use crate::ed_on_bls12_377::FqVar; 5 | 6 | /// A variable that is the R1CS equivalent of 7 | /// `algebra::ed_on_bls12_377::EdwardsAffine`. 8 | pub type EdwardsVar = AffineVar; 9 | 10 | #[test] 11 | fn test() { 12 | crate::groups::curves::twisted_edwards::test::().unwrap(); 13 | } 14 | -------------------------------------------------------------------------------- /r1cs-std/src/instantiated/ed_on_bls12_377/fields.rs: -------------------------------------------------------------------------------- 1 | use crate::fields::fp::FpVar; 2 | use algebra::ed_on_bls12_377::fq::Fq; 3 | 4 | /// A variable that is the R1CS equivalent of `algebra::ed_on_bls12_377::Fq`. 5 | pub type FqVar = FpVar; 6 | 7 | #[test] 8 | fn test() { 9 | crate::fields::tests::field_test::<_, _, FqVar>().unwrap(); 10 | } 11 | -------------------------------------------------------------------------------- /r1cs-std/src/instantiated/ed_on_bls12_381/curves.rs: -------------------------------------------------------------------------------- 1 | use crate::groups::curves::twisted_edwards::AffineVar; 2 | use algebra::ed_on_bls12_381::*; 3 | 4 | use crate::ed_on_bls12_381::FqVar; 5 | 6 | /// A variable that is the R1CS equivalent of 7 | /// `algebra::ed_on_bls12_381::EdwardsAffine`. 8 | pub type EdwardsVar = AffineVar; 9 | 10 | #[test] 11 | fn test() { 12 | crate::groups::curves::twisted_edwards::test::<_, EdwardsVar>().unwrap(); 13 | } 14 | -------------------------------------------------------------------------------- /r1cs-std/src/instantiated/ed_on_bls12_381/fields.rs: -------------------------------------------------------------------------------- 1 | use crate::fields::fp::FpVar; 2 | 3 | /// A variable that is the R1CS equivalent of `algebra::ed_on_bls12_381::Fq`. 4 | pub type FqVar = FpVar; 5 | 6 | #[test] 7 | fn test() { 8 | crate::fields::tests::field_test::<_, _, FqVar>().unwrap(); 9 | } 10 | -------------------------------------------------------------------------------- /r1cs-std/src/instantiated/ed_on_bn254/curves.rs: -------------------------------------------------------------------------------- 1 | use crate::groups::curves::twisted_edwards::AffineVar; 2 | use algebra::ed_on_bn254::*; 3 | 4 | use crate::ed_on_bn254::FqVar; 5 | 6 | /// A variable that is the R1CS equivalent of 7 | /// `algebra::ed_on_bn254::EdwardsAffine`. 8 | pub type EdwardsVar = AffineVar; 9 | 10 | #[test] 11 | fn test() { 12 | crate::groups::curves::twisted_edwards::test::<_, EdwardsVar>().unwrap(); 13 | } 14 | -------------------------------------------------------------------------------- /r1cs-std/src/instantiated/ed_on_bn254/fields.rs: -------------------------------------------------------------------------------- 1 | use crate::fields::fp::FpVar; 2 | 3 | /// A variable that is the R1CS equivalent of `algebra::ed_on_bn254::Fq`. 4 | pub type FqVar = FpVar; 5 | 6 | #[test] 7 | fn test() { 8 | crate::fields::tests::field_test::<_, _, FqVar>().unwrap(); 9 | } 10 | -------------------------------------------------------------------------------- /r1cs-std/src/instantiated/ed_on_cp6_782/curves.rs: -------------------------------------------------------------------------------- 1 | use crate::groups::curves::twisted_edwards::AffineVar; 2 | use algebra::ed_on_cp6_782::*; 3 | 4 | use crate::instantiated::ed_on_cp6_782::FqVar; 5 | 6 | /// A variable that is the R1CS equivalent of 7 | /// `algebra::ed_on_cp6_782::EdwardsAffine`. 8 | pub type EdwardsVar = AffineVar; 9 | 10 | #[test] 11 | fn test() { 12 | crate::groups::curves::twisted_edwards::test::().unwrap(); 13 | } 14 | -------------------------------------------------------------------------------- /r1cs-std/src/instantiated/ed_on_cp6_782/fields.rs: -------------------------------------------------------------------------------- 1 | use crate::fields::fp::FpVar; 2 | use algebra::ed_on_cp6_782::fq::Fq; 3 | 4 | /// A variable that is the R1CS equivalent of `algebra::ed_on_cp6_782::Fq`. 5 | pub type FqVar = FpVar; 6 | 7 | #[test] 8 | fn test() { 9 | crate::fields::tests::field_test::<_, _, FqVar>().unwrap(); 10 | } 11 | -------------------------------------------------------------------------------- /r1cs-std/src/instantiated/ed_on_mnt4_298/curves.rs: -------------------------------------------------------------------------------- 1 | use crate::groups::curves::twisted_edwards::AffineVar; 2 | use algebra::ed_on_mnt4_298::*; 3 | 4 | use crate::instantiated::ed_on_mnt4_298::fields::FqVar; 5 | 6 | /// A variable that is the R1CS equivalent of 7 | /// `algebra::ed_on_mnt4_298::EdwardsAffine`. 8 | pub type EdwardsVar = AffineVar; 9 | 10 | #[test] 11 | fn test() { 12 | crate::groups::curves::twisted_edwards::test::().unwrap(); 13 | } 14 | -------------------------------------------------------------------------------- /r1cs-std/src/instantiated/ed_on_mnt4_298/fields.rs: -------------------------------------------------------------------------------- 1 | use crate::fields::fp::FpVar; 2 | use algebra::ed_on_mnt4_298::fq::Fq; 3 | 4 | /// A variable that is the R1CS equivalent of `algebra::ed_on_mnt4_298::Fq`. 5 | pub type FqVar = FpVar; 6 | 7 | #[test] 8 | fn test() { 9 | crate::fields::tests::field_test::<_, _, FqVar>().unwrap(); 10 | } 11 | -------------------------------------------------------------------------------- /r1cs-std/src/instantiated/ed_on_mnt4_753/curves.rs: -------------------------------------------------------------------------------- 1 | use crate::groups::curves::twisted_edwards::AffineVar; 2 | use algebra::ed_on_mnt4_753::*; 3 | 4 | use crate::instantiated::ed_on_mnt4_753::fields::FqVar; 5 | 6 | /// A variable that is the R1CS equivalent of 7 | /// `algebra::ed_on_mnt4_753::EdwardsAffine`. 8 | pub type EdwardsVar = AffineVar; 9 | 10 | #[test] 11 | fn test() { 12 | crate::groups::curves::twisted_edwards::test::().unwrap(); 13 | } 14 | -------------------------------------------------------------------------------- /r1cs-std/src/instantiated/ed_on_mnt4_753/fields.rs: -------------------------------------------------------------------------------- 1 | use crate::fields::fp::FpVar; 2 | use algebra::ed_on_mnt4_753::fq::Fq; 3 | 4 | /// A variable that is the R1CS equivalent of `algebra::ed_on_mnt4_753::Fq`. 5 | pub type FqVar = FpVar; 6 | 7 | #[test] 8 | fn test() { 9 | crate::fields::tests::field_test::<_, _, FqVar>().unwrap(); 10 | } 11 | -------------------------------------------------------------------------------- /r1cs-std/src/instantiated/mnt4_298/curves.rs: -------------------------------------------------------------------------------- 1 | use crate::groups::mnt4; 2 | use algebra::mnt4_298::Parameters; 3 | 4 | /// An element of G1 in the MNT4-298 bilinear group. 5 | pub type G1Var = mnt4::G1Var; 6 | /// An element of G2 in the MNT4-298 bilinear group. 7 | pub type G2Var = mnt4::G2Var; 8 | 9 | /// Represents the cached precomputation that can be performed on a G1 element 10 | /// which enables speeding up pairing computation. 11 | pub type G1PreparedVar = mnt4::G1PreparedVar; 12 | /// Represents the cached precomputation that can be performed on a G2 element 13 | /// which enables speeding up pairing computation. 14 | pub type G2PreparedVar = mnt4::G2PreparedVar; 15 | 16 | #[test] 17 | fn test() { 18 | use algebra::curves::models::mnt4::MNT4Parameters; 19 | crate::groups::curves::short_weierstrass::test::< 20 | ::G1Parameters, 21 | G1Var, 22 | >() 23 | .unwrap(); 24 | crate::groups::curves::short_weierstrass::test::< 25 | ::G2Parameters, 26 | G2Var, 27 | >() 28 | .unwrap(); 29 | } 30 | -------------------------------------------------------------------------------- /r1cs-std/src/instantiated/mnt4_298/fields.rs: -------------------------------------------------------------------------------- 1 | use algebra::mnt4_298::{Fq, Fq2Parameters, Fq4Parameters}; 2 | 3 | use crate::fields::{fp::FpVar, fp2::Fp2Var, fp4::Fp4Var}; 4 | 5 | /// A variable that is the R1CS equivalent of `algebra::mnt4_298::Fq`. 6 | pub type FqVar = FpVar; 7 | /// A variable that is the R1CS equivalent of `algebra::mnt4_298::Fq2`. 8 | pub type Fq2Var = Fp2Var; 9 | /// A variable that is the R1CS equivalent of `algebra::mnt4_298::Fq4`. 10 | pub type Fq4Var = Fp4Var; 11 | 12 | #[test] 13 | fn mnt4_298_field_gadgets_test() { 14 | use super::*; 15 | use crate::fields::tests::*; 16 | use algebra::mnt4_298::{Fq, Fq2, Fq4}; 17 | 18 | field_test::<_, _, FqVar>().unwrap(); 19 | frobenius_tests::(13).unwrap(); 20 | 21 | field_test::<_, _, Fq2Var>().unwrap(); 22 | frobenius_tests::(13).unwrap(); 23 | 24 | field_test::<_, _, Fq4Var>().unwrap(); 25 | frobenius_tests::(13).unwrap(); 26 | } 27 | -------------------------------------------------------------------------------- /r1cs-std/src/instantiated/mnt4_298/pairing.rs: -------------------------------------------------------------------------------- 1 | use algebra::mnt4_298::Parameters; 2 | 3 | /// Specifies the constraints for computing a pairing in the MNT4-298 bilinear 4 | /// group. 5 | pub type PairingVar = crate::pairing::mnt4::PairingVar; 6 | 7 | #[test] 8 | fn test() { 9 | crate::pairing::tests::bilinearity_test::().unwrap() 10 | } 11 | -------------------------------------------------------------------------------- /r1cs-std/src/instantiated/mnt4_753/curves.rs: -------------------------------------------------------------------------------- 1 | use crate::groups::mnt4; 2 | use algebra::mnt4_753::Parameters; 3 | 4 | /// An element of G1 in the MNT4-753 bilinear group. 5 | pub type G1Var = mnt4::G1Var; 6 | /// An element of G2 in the MNT4-753 bilinear group. 7 | pub type G2Var = mnt4::G2Var; 8 | 9 | /// Represents the cached precomputation that can be performed on a G1 element 10 | /// which enables speeding up pairing computation. 11 | pub type G1PreparedVar = mnt4::G1PreparedVar; 12 | /// Represents the cached precomputation that can be performed on a G2 element 13 | /// which enables speeding up pairing computation. 14 | pub type G2PreparedVar = mnt4::G2PreparedVar; 15 | 16 | #[test] 17 | fn test() { 18 | use algebra::curves::models::mnt4::MNT4Parameters; 19 | crate::groups::curves::short_weierstrass::test::< 20 | ::G1Parameters, 21 | G1Var, 22 | >() 23 | .unwrap(); 24 | crate::groups::curves::short_weierstrass::test::< 25 | ::G2Parameters, 26 | G2Var, 27 | >() 28 | .unwrap(); 29 | } 30 | -------------------------------------------------------------------------------- /r1cs-std/src/instantiated/mnt4_753/fields.rs: -------------------------------------------------------------------------------- 1 | use algebra::mnt4_753::{Fq, Fq2Parameters, Fq4Parameters}; 2 | 3 | use crate::fields::{fp::FpVar, fp2::Fp2Var, fp4::Fp4Var}; 4 | 5 | /// A variable that is the R1CS equivalent of `algebra::mnt4_753::Fq`. 6 | pub type FqVar = FpVar; 7 | /// A variable that is the R1CS equivalent of `algebra::mnt4_753::Fq2`. 8 | pub type Fq2Var = Fp2Var; 9 | /// A variable that is the R1CS equivalent of `algebra::mnt4_753::Fq4`. 10 | pub type Fq4Var = Fp4Var; 11 | 12 | #[test] 13 | fn mnt4_753_field_gadgets_test() { 14 | use super::*; 15 | use crate::fields::tests::*; 16 | use algebra::mnt4_753::{Fq, Fq2, Fq4}; 17 | 18 | field_test::<_, _, FqVar>().unwrap(); 19 | frobenius_tests::(13).unwrap(); 20 | 21 | field_test::<_, _, Fq2Var>().unwrap(); 22 | frobenius_tests::(13).unwrap(); 23 | 24 | field_test::<_, _, Fq4Var>().unwrap(); 25 | frobenius_tests::(13).unwrap(); 26 | } 27 | -------------------------------------------------------------------------------- /r1cs-std/src/instantiated/mnt4_753/pairing.rs: -------------------------------------------------------------------------------- 1 | use algebra::mnt4_753::Parameters; 2 | 3 | /// Specifies the constraints for computing a pairing in the MNT4-753 bilinear 4 | /// group. 5 | pub type PairingVar = crate::pairing::mnt4::PairingVar; 6 | 7 | #[test] 8 | fn test() { 9 | crate::pairing::tests::bilinearity_test::().unwrap() 10 | } 11 | -------------------------------------------------------------------------------- /r1cs-std/src/instantiated/mnt6_298/curves.rs: -------------------------------------------------------------------------------- 1 | use crate::groups::mnt6; 2 | use algebra::mnt6_298::Parameters; 3 | 4 | /// An element of G1 in the MNT6-298 bilinear group. 5 | pub type G1Var = mnt6::G1Var; 6 | /// An element of G2 in the MNT6-298 bilinear group. 7 | pub type G2Var = mnt6::G2Var; 8 | 9 | /// Represents the cached precomputation that can be performed on a G1 element 10 | /// which enables speeding up pairing computation. 11 | pub type G1PreparedVar = mnt6::G1PreparedVar; 12 | /// Represents the cached precomputation that can be performed on a G2 element 13 | /// which enables speeding up pairing computation. 14 | pub type G2PreparedVar = mnt6::G2PreparedVar; 15 | 16 | #[test] 17 | fn test() { 18 | use algebra::curves::models::mnt6::MNT6Parameters; 19 | crate::groups::curves::short_weierstrass::test::< 20 | ::G1Parameters, 21 | G1Var, 22 | >() 23 | .unwrap(); 24 | crate::groups::curves::short_weierstrass::test::< 25 | ::G2Parameters, 26 | G2Var, 27 | >() 28 | .unwrap(); 29 | } 30 | -------------------------------------------------------------------------------- /r1cs-std/src/instantiated/mnt6_298/fields.rs: -------------------------------------------------------------------------------- 1 | use algebra::mnt6_298::{Fq, Fq3Parameters, Fq6Parameters}; 2 | 3 | use crate::fields::{fp::FpVar, fp3::Fp3Var, fp6_2over3::Fp6Var}; 4 | 5 | /// A variable that is the R1CS equivalent of `algebra::mnt4_298::Fq`. 6 | pub type FqVar = FpVar; 7 | /// A variable that is the R1CS equivalent of `algebra::mnt4_298::Fq3`. 8 | pub type Fq3Var = Fp3Var; 9 | /// A variable that is the R1CS equivalent of `algebra::mnt4_298::Fq6`. 10 | pub type Fq6Var = Fp6Var; 11 | 12 | #[test] 13 | fn mnt6_298_field_gadgets_test() { 14 | use super::*; 15 | use crate::fields::tests::*; 16 | use algebra::mnt6_298::{Fq, Fq3, Fq6}; 17 | 18 | field_test::<_, _, FqVar>().unwrap(); 19 | frobenius_tests::(13).unwrap(); 20 | 21 | field_test::<_, _, Fq3Var>().unwrap(); 22 | frobenius_tests::(13).unwrap(); 23 | 24 | field_test::<_, _, Fq6Var>().unwrap(); 25 | frobenius_tests::(13).unwrap(); 26 | } 27 | -------------------------------------------------------------------------------- /r1cs-std/src/instantiated/mnt6_298/pairing.rs: -------------------------------------------------------------------------------- 1 | use algebra::mnt6_298::Parameters; 2 | 3 | /// Specifies the constraints for computing a pairing in the MNT6-298 bilinear 4 | /// group. 5 | pub type PairingVar = crate::pairing::mnt6::PairingVar; 6 | 7 | #[test] 8 | fn test() { 9 | crate::pairing::tests::bilinearity_test::().unwrap() 10 | } 11 | -------------------------------------------------------------------------------- /r1cs-std/src/instantiated/mnt6_753/curves.rs: -------------------------------------------------------------------------------- 1 | use crate::groups::mnt6; 2 | use algebra::mnt6_753::Parameters; 3 | 4 | /// An element of G1 in the MNT6-753 bilinear group. 5 | pub type G1Var = mnt6::G1Var; 6 | /// An element of G2 in the MNT6-753 bilinear group. 7 | pub type G2Var = mnt6::G2Var; 8 | 9 | /// Represents the cached precomputation that can be performed on a G1 element 10 | /// which enables speeding up pairing computation. 11 | pub type G1PreparedVar = mnt6::G1PreparedVar; 12 | /// Represents the cached precomputation that can be performed on a G2 element 13 | /// which enables speeding up pairing computation. 14 | pub type G2PreparedVar = mnt6::G2PreparedVar; 15 | 16 | #[test] 17 | fn test() { 18 | use algebra::curves::models::mnt6::MNT6Parameters; 19 | crate::groups::curves::short_weierstrass::test::< 20 | ::G1Parameters, 21 | G1Var, 22 | >() 23 | .unwrap(); 24 | crate::groups::curves::short_weierstrass::test::< 25 | ::G2Parameters, 26 | G2Var, 27 | >() 28 | .unwrap(); 29 | } 30 | -------------------------------------------------------------------------------- /r1cs-std/src/instantiated/mnt6_753/fields.rs: -------------------------------------------------------------------------------- 1 | use algebra::mnt6_753::{Fq, Fq3Parameters, Fq6Parameters}; 2 | 3 | use crate::fields::{fp::FpVar, fp3::Fp3Var, fp6_2over3::Fp6Var}; 4 | 5 | /// A variable that is the R1CS equivalent of `algebra::mnt4_753::Fq`. 6 | pub type FqVar = FpVar; 7 | /// A variable that is the R1CS equivalent of `algebra::mnt4_753::Fq3`. 8 | pub type Fq3Var = Fp3Var; 9 | /// A variable that is the R1CS equivalent of `algebra::mnt4_753::Fq6`. 10 | pub type Fq6Var = Fp6Var; 11 | 12 | #[test] 13 | fn mnt6_753_field_gadgets_test() { 14 | use super::*; 15 | use crate::fields::tests::*; 16 | use algebra::mnt6_753::{Fq, Fq3, Fq6}; 17 | 18 | field_test::<_, _, FqVar>().unwrap(); 19 | frobenius_tests::(13).unwrap(); 20 | 21 | field_test::<_, _, Fq3Var>().unwrap(); 22 | frobenius_tests::(13).unwrap(); 23 | 24 | field_test::<_, _, Fq6Var>().unwrap(); 25 | frobenius_tests::(13).unwrap(); 26 | } 27 | -------------------------------------------------------------------------------- /r1cs-std/src/instantiated/mnt6_753/pairing.rs: -------------------------------------------------------------------------------- 1 | use algebra::mnt6_753::Parameters; 2 | 3 | /// Specifies the constraints for computing a pairing in the MNT6-753 bilinear 4 | /// group. 5 | pub type PairingVar = crate::pairing::mnt6::PairingVar; 6 | 7 | #[test] 8 | fn test() { 9 | crate::pairing::tests::bilinearity_test::().unwrap() 10 | } 11 | -------------------------------------------------------------------------------- /r1cs-std/src/instantiated/mod.rs: -------------------------------------------------------------------------------- 1 | #[cfg(feature = "bls12_377")] 2 | pub mod bls12_377; 3 | 4 | #[cfg(feature = "ed_on_bls12_377")] 5 | pub mod ed_on_bls12_377; 6 | 7 | #[cfg(feature = "ed_on_cp6_782")] 8 | pub mod ed_on_cp6_782; 9 | 10 | #[cfg(all(not(feature = "ed_on_cp6_782"), feature = "ed_on_bw6_761"))] 11 | pub(crate) mod ed_on_cp6_782; 12 | 13 | #[cfg(feature = "ed_on_bw6_761")] 14 | pub mod ed_on_bw6_761; 15 | 16 | #[cfg(feature = "ed_on_bn254")] 17 | pub mod ed_on_bn254; 18 | 19 | #[cfg(feature = "ed_on_bls12_381")] 20 | pub mod ed_on_bls12_381; 21 | 22 | #[cfg(feature = "ed_on_mnt4_298")] 23 | pub mod ed_on_mnt4_298; 24 | 25 | #[cfg(feature = "ed_on_mnt4_753")] 26 | pub mod ed_on_mnt4_753; 27 | 28 | #[cfg(feature = "mnt4_298")] 29 | pub mod mnt4_298; 30 | 31 | #[cfg(feature = "mnt4_753")] 32 | pub mod mnt4_753; 33 | 34 | #[cfg(feature = "mnt6_298")] 35 | pub mod mnt6_298; 36 | 37 | #[cfg(feature = "mnt6_753")] 38 | pub mod mnt6_753; 39 | -------------------------------------------------------------------------------- /rustfmt.toml: -------------------------------------------------------------------------------- 1 | reorder_imports = true 2 | wrap_comments = true 3 | normalize_comments = true 4 | use_try_shorthand = true 5 | match_block_trailing_comma = true 6 | use_field_init_shorthand = true 7 | edition = "2018" 8 | condense_wildcard_suffixes = true 9 | merge_imports = true 10 | -------------------------------------------------------------------------------- /scripts/glv_lattice_basis/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "glv_lattice_basis" 3 | version = "0.1.0" 4 | authors = ["Jonathan Chuang"] 5 | edition = "2018" 6 | 7 | # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html 8 | 9 | [dependencies] 10 | algebra = { path = "../../algebra", features = ["bw6_761"] } 11 | algebra-core = { path = "../../algebra-core", default-features = false } 12 | num-traits = { version = "0.2", default-features = false } 13 | 14 | [features] 15 | default = [ "std" ] 16 | std = [ "algebra-core/std" ] 17 | -------------------------------------------------------------------------------- /scripts/glv_lattice_basis/LICENSE-MIT: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Permission is hereby granted, free of charge, to any person obtaining a copy 4 | of this software and associated documentation files (the "Software"), to deal 5 | in the Software without restriction, including without limitation the rights 6 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 7 | copies of the Software, and to permit persons to whom the Software is 8 | furnished to do so, subject to the following conditions: 9 | 10 | The above copyright notice and this permission notice shall be included in 11 | all copies or substantial portions of the Software. 12 | 13 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 14 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 15 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 16 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 17 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 18 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 19 | THE SOFTWARE. 20 | -------------------------------------------------------------------------------- /scripts/glv_lattice_basis/examples/main.rs: -------------------------------------------------------------------------------- 1 | extern crate algebra; 2 | extern crate algebra_core; 3 | 4 | use algebra::bw6_761::G1Projective as GroupProjective; 5 | use algebra_core::{BigInteger768 as BaseFieldBigInt, BigInteger768 as FrWideBigInt}; 6 | use glv_lattice_basis::*; 7 | 8 | fn main() { 9 | print_glv_params::(); 10 | } 11 | -------------------------------------------------------------------------------- /scripts/glv_lattice_basis/src/arithmetic.rs: -------------------------------------------------------------------------------- 1 | use algebra_core::biginteger::BigInteger; 2 | 3 | // Naive long division 4 | pub fn div_with_remainder( 5 | numerator: BigInt, 6 | divisor: BigInt, 7 | ) -> (BigInt, BigInt) { 8 | assert!(divisor != BigInt::from(0), "Divisor cannot be zero"); 9 | let mut remainder = numerator; 10 | let mut quotient = BigInt::from(0); 11 | 12 | let div_num_bits = divisor.num_bits(); 13 | 14 | while remainder >= divisor { 15 | let mut current_divisor = divisor; 16 | let mut num_bits = 1 + remainder.num_bits() - div_num_bits; 17 | current_divisor.muln(num_bits); 18 | while current_divisor > remainder { 19 | current_divisor.div2(); 20 | num_bits -= 1; 21 | } 22 | remainder.sub_noborrow(¤t_divisor); 23 | 24 | let mut pow2_quot = BigInt::from(1); 25 | pow2_quot.muln(num_bits); 26 | quotient.add_nocarry(&pow2_quot); 27 | } 28 | 29 | let mut reconstructed_numerator = 30 | BigInt::mul_no_reduce_lo("ient.as_ref(), &divisor.as_ref()); 31 | reconstructed_numerator.add_nocarry(&remainder); 32 | assert_eq!(reconstructed_numerator, numerator); 33 | (quotient, remainder) 34 | } 35 | -------------------------------------------------------------------------------- /scripts/install-hook.sh: -------------------------------------------------------------------------------- 1 | #!/bin/env bash 2 | # This script will install the provided directory ../.hooks as the hook 3 | # directory for the present repo. See there for hooks, including a pre-commit 4 | # hook that runs rustfmt on files before a commit. 5 | 6 | DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" 7 | HOOKS_DIR="${DIR}/../.hooks" 8 | 9 | git config core.hooksPath "$HOOKS_DIR" 10 | --------------------------------------------------------------------------------