├── .circleci └── config.yml ├── .credo.exs ├── .formatter.exs ├── .github └── dependabot.yml ├── .gitignore ├── .tool-versions ├── CHANGELOG.md ├── LICENSE-APACHE ├── LICENSE-MIT ├── README.md ├── lib ├── bn.ex └── bn │ ├── bn128_arithmetic.ex │ ├── fq.ex │ ├── fq │ └── extended_euclidean_algorithm.ex │ ├── fq12.ex │ ├── fq2.ex │ ├── fqp.ex │ └── pairing.ex ├── mix.exs ├── mix.lock └── test ├── bn ├── bn128_arithmetic_test.exs ├── fq │ └── extended_euclidean_algorithm_test.exs ├── fq12_test.exs ├── fq2_test.exs ├── fq_test.exs ├── fqp_test.exs └── pairing_test.exs ├── bn_test.exs └── test_helper.exs /.circleci/config.yml: -------------------------------------------------------------------------------- 1 | version: 2 2 | jobs: 3 | build: 4 | working_directory: ~/bn 5 | docker: 6 | - image: elixir:latest 7 | environment: 8 | MIX_ENV: test 9 | steps: 10 | - checkout 11 | 12 | - restore_cache: 13 | keys: 14 | - v1-dependency-cache-{{ arch }}-{{ checksum "mix.lock" }} 15 | - v1-dependency-cache-{{ arch }} 16 | - v1-dependency-cache 17 | 18 | - run: mix local.hex --force 19 | - run: mix local.rebar --force 20 | - run: mix deps.get 21 | 22 | - run: mix credo 23 | - run: mix format --check-formatted 24 | - run: mix test 25 | 26 | - save_cache: 27 | key: v1-dependency-cache-{{ arch }}-{{ checksum "mix.lock" }} 28 | paths: 29 | - _build 30 | - deps 31 | - ~/.mix 32 | 33 | - restore_cache: 34 | keys: 35 | - v1-plt-cache-{{ arch }}-{{ checksum "mix.lock" }} 36 | - v1-plt-cache-{{ arch }}-{{ checksum "mix.exs" }} 37 | - v1-plt-cache-{{ arch }} 38 | 39 | - run: 40 | name: Unpack PLT cache 41 | command: | 42 | mkdir -p _build/test 43 | cp plts/dialyxir*.plt _build/test/ || true 44 | mkdir -p ~/.mix 45 | cp plts/dialyxir*.plt ~/.mix/ || true 46 | 47 | - run: mix dialyzer --plt 48 | 49 | - run: 50 | name: Pack PLT cache 51 | command: | 52 | mkdir -p plts 53 | cp _build/test/dialyxir*.plt plts/ 54 | cp ~/.mix/dialyxir*.plt plts/ 55 | 56 | - save_cache: 57 | key: v1-plt-cache-{{ arch }}-{{ checksum "mix.lock" }} 58 | paths: 59 | - plts 60 | 61 | - save_cache: 62 | key: v1-plt-cache-{{ arch }}-{{ checksum "mix.exs" }} 63 | paths: 64 | - plts 65 | 66 | - save_cache: 67 | key: v1-plt-cache-{{ arch }} 68 | paths: 69 | - plts 70 | 71 | - run: mix dialyzer --halt-exit-status 72 | -------------------------------------------------------------------------------- /.credo.exs: -------------------------------------------------------------------------------- 1 | # This file contains the configuration for Credo and you are probably reading 2 | # this after creating it with `mix credo.gen.config`. 3 | # 4 | # If you find anything wrong or unclear in this file, please report an 5 | # issue on GitHub: https://github.com/rrrene/credo/issues 6 | # 7 | %{ 8 | # 9 | # You can have as many configs as you like in the `configs:` field. 10 | configs: [ 11 | %{ 12 | # 13 | # Run any config using `mix credo -C `. If no config name is given 14 | # "default" is used. 15 | # 16 | name: "default", 17 | # 18 | # These are the files included in the analysis: 19 | files: %{ 20 | # 21 | # You can give explicit globs or simply directories. 22 | # In the latter case `**/*.{ex,exs}` will be used. 23 | # 24 | included: [ 25 | "lib/", 26 | "src/", 27 | "test/", 28 | "web/", 29 | "apps/*/lib/", 30 | "apps/*/src/", 31 | "apps/*/test/", 32 | "apps/*/web/" 33 | ], 34 | excluded: [~r"/_build/", ~r"/deps/", ~r"/node_modules/"] 35 | }, 36 | # 37 | # Load and configure plugins here: 38 | # 39 | plugins: [], 40 | # 41 | # If you create your own checks, you must specify the source files for 42 | # them here, so they can be loaded by Credo before running the analysis. 43 | # 44 | requires: [], 45 | # 46 | # If you want to enforce a style guide and need a more traditional linting 47 | # experience, you can change `strict` to `true` below: 48 | # 49 | strict: false, 50 | # 51 | # To modify the timeout for parsing files, change this value: 52 | # 53 | parse_timeout: 5000, 54 | # 55 | # If you want to use uncolored output by default, you can change `color` 56 | # to `false` below: 57 | # 58 | color: true, 59 | # 60 | # You can customize the parameters of any check by adding a second element 61 | # to the tuple. 62 | # 63 | # To disable a check put `false` as second element: 64 | # 65 | # {Credo.Check.Design.DuplicatedCode, false} 66 | # 67 | checks: %{ 68 | enabled: [ 69 | # 70 | ## Consistency Checks 71 | # 72 | {Credo.Check.Consistency.ExceptionNames, []}, 73 | {Credo.Check.Consistency.LineEndings, []}, 74 | {Credo.Check.Consistency.ParameterPatternMatching, []}, 75 | {Credo.Check.Consistency.SpaceAroundOperators, []}, 76 | {Credo.Check.Consistency.SpaceInParentheses, []}, 77 | {Credo.Check.Consistency.TabsOrSpaces, []}, 78 | 79 | # 80 | ## Design Checks 81 | # 82 | # You can customize the priority of any check 83 | # Priority values are: `low, normal, high, higher` 84 | # 85 | {Credo.Check.Design.AliasUsage, 86 | [priority: :low, if_nested_deeper_than: 2, if_called_more_often_than: 0]}, 87 | # You can also customize the exit_status of each check. 88 | # If you don't want TODO comments to cause `mix credo` to fail, just 89 | # set this value to 0 (zero). 90 | # 91 | {Credo.Check.Design.TagTODO, [exit_status: 2]}, 92 | {Credo.Check.Design.TagFIXME, []}, 93 | 94 | # 95 | ## Readability Checks 96 | # 97 | {Credo.Check.Readability.AliasOrder, []}, 98 | {Credo.Check.Readability.FunctionNames, []}, 99 | {Credo.Check.Readability.LargeNumbers, []}, 100 | {Credo.Check.Readability.MaxLineLength, [priority: :low, max_length: 120]}, 101 | {Credo.Check.Readability.ModuleAttributeNames, []}, 102 | {Credo.Check.Readability.ModuleNames, []}, 103 | {Credo.Check.Readability.ParenthesesInCondition, []}, 104 | {Credo.Check.Readability.ParenthesesOnZeroArityDefs, []}, 105 | {Credo.Check.Readability.PipeIntoAnonymousFunctions, []}, 106 | {Credo.Check.Readability.PredicateFunctionNames, []}, 107 | {Credo.Check.Readability.PreferImplicitTry, []}, 108 | {Credo.Check.Readability.RedundantBlankLines, []}, 109 | {Credo.Check.Readability.Semicolons, []}, 110 | {Credo.Check.Readability.SpaceAfterCommas, []}, 111 | {Credo.Check.Readability.StringSigils, []}, 112 | {Credo.Check.Readability.TrailingBlankLine, []}, 113 | {Credo.Check.Readability.TrailingWhiteSpace, []}, 114 | {Credo.Check.Readability.UnnecessaryAliasExpansion, []}, 115 | {Credo.Check.Readability.VariableNames, []}, 116 | {Credo.Check.Readability.WithSingleClause, []}, 117 | 118 | # 119 | ## Refactoring Opportunities 120 | # 121 | {Credo.Check.Refactor.Apply, []}, 122 | {Credo.Check.Refactor.CondStatements, []}, 123 | {Credo.Check.Refactor.CyclomaticComplexity, []}, 124 | {Credo.Check.Refactor.FunctionArity, []}, 125 | {Credo.Check.Refactor.LongQuoteBlocks, []}, 126 | {Credo.Check.Refactor.MatchInCondition, []}, 127 | {Credo.Check.Refactor.MapJoin, []}, 128 | {Credo.Check.Refactor.NegatedConditionsInUnless, []}, 129 | {Credo.Check.Refactor.NegatedConditionsWithElse, []}, 130 | {Credo.Check.Refactor.Nesting, []}, 131 | {Credo.Check.Refactor.UnlessWithElse, []}, 132 | {Credo.Check.Refactor.WithClauses, []}, 133 | {Credo.Check.Refactor.FilterFilter, []}, 134 | {Credo.Check.Refactor.RejectReject, []}, 135 | {Credo.Check.Refactor.RedundantWithClauseResult, []}, 136 | 137 | # 138 | ## Warnings 139 | # 140 | {Credo.Check.Warning.ApplicationConfigInModuleAttribute, []}, 141 | {Credo.Check.Warning.BoolOperationOnSameValues, []}, 142 | {Credo.Check.Warning.ExpensiveEmptyEnumCheck, []}, 143 | {Credo.Check.Warning.IExPry, []}, 144 | {Credo.Check.Warning.IoInspect, []}, 145 | {Credo.Check.Warning.OperationOnSameValues, []}, 146 | {Credo.Check.Warning.OperationWithConstantResult, []}, 147 | {Credo.Check.Warning.RaiseInsideRescue, []}, 148 | {Credo.Check.Warning.SpecWithStruct, []}, 149 | {Credo.Check.Warning.WrongTestFileExtension, []}, 150 | {Credo.Check.Warning.UnusedEnumOperation, []}, 151 | {Credo.Check.Warning.UnusedFileOperation, []}, 152 | {Credo.Check.Warning.UnusedKeywordOperation, []}, 153 | {Credo.Check.Warning.UnusedListOperation, []}, 154 | {Credo.Check.Warning.UnusedPathOperation, []}, 155 | {Credo.Check.Warning.UnusedRegexOperation, []}, 156 | {Credo.Check.Warning.UnusedStringOperation, []}, 157 | {Credo.Check.Warning.UnusedTupleOperation, []}, 158 | {Credo.Check.Warning.UnsafeExec, []} 159 | ], 160 | disabled: [ 161 | # 162 | # Checks scheduled for next check update (opt-in for now, just replace `false` with `[]`) 163 | 164 | # 165 | # Controversial and experimental checks (opt-in, just move the check to `:enabled` 166 | # and be sure to use `mix credo --strict` to see low priority checks) 167 | # 168 | {Credo.Check.Consistency.MultiAliasImportRequireUse, []}, 169 | {Credo.Check.Consistency.UnusedVariableNames, []}, 170 | {Credo.Check.Design.DuplicatedCode, []}, 171 | {Credo.Check.Design.SkipTestWithoutComment, []}, 172 | {Credo.Check.Readability.AliasAs, []}, 173 | {Credo.Check.Readability.BlockPipe, []}, 174 | {Credo.Check.Readability.ImplTrue, []}, 175 | {Credo.Check.Readability.MultiAlias, []}, 176 | {Credo.Check.Readability.NestedFunctionCalls, []}, 177 | {Credo.Check.Readability.SeparateAliasRequire, []}, 178 | {Credo.Check.Readability.SingleFunctionToBlockPipe, []}, 179 | {Credo.Check.Readability.SinglePipe, []}, 180 | {Credo.Check.Readability.Specs, []}, 181 | {Credo.Check.Readability.StrictModuleLayout, []}, 182 | {Credo.Check.Readability.WithCustomTaggedTuple, []}, 183 | {Credo.Check.Refactor.ABCSize, []}, 184 | {Credo.Check.Refactor.AppendSingleItem, []}, 185 | {Credo.Check.Refactor.DoubleBooleanNegation, []}, 186 | {Credo.Check.Refactor.FilterReject, []}, 187 | {Credo.Check.Refactor.IoPuts, []}, 188 | {Credo.Check.Refactor.MapMap, []}, 189 | {Credo.Check.Refactor.ModuleDependencies, []}, 190 | {Credo.Check.Refactor.NegatedIsNil, []}, 191 | {Credo.Check.Refactor.PipeChainStart, []}, 192 | {Credo.Check.Refactor.RejectFilter, []}, 193 | {Credo.Check.Refactor.VariableRebinding, []}, 194 | {Credo.Check.Warning.LazyLogging, []}, 195 | {Credo.Check.Warning.LeakyEnvironment, []}, 196 | {Credo.Check.Warning.MapGetUnsafePass, []}, 197 | {Credo.Check.Warning.MixEnv, []}, 198 | {Credo.Check.Warning.UnsafeToAtom, []} 199 | 200 | # {Credo.Check.Refactor.MapInto, []}, 201 | 202 | # 203 | # Custom checks can be created using `mix credo.gen.check`. 204 | # 205 | ] 206 | } 207 | } 208 | ] 209 | } 210 | -------------------------------------------------------------------------------- /.formatter.exs: -------------------------------------------------------------------------------- 1 | # Used by "mix format" 2 | [ 3 | inputs: ["mix.exs", "{config,lib,test}/**/*.{ex,exs}"] 4 | ] 5 | -------------------------------------------------------------------------------- /.github/dependabot.yml: -------------------------------------------------------------------------------- 1 | version: 2 2 | updates: 3 | - package-ecosystem: mix 4 | directory: "/" 5 | schedule: 6 | interval: weekly 7 | open-pull-requests-limit: 10 8 | - package-ecosystem: github-actions 9 | directory: "/" 10 | schedule: 11 | interval: monthly 12 | open-pull-requests-limit: 10 13 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # The directory Mix will write compiled artifacts to. 2 | /_build/ 3 | 4 | # If you run "mix test --cover", coverage assets end up here. 5 | /cover/ 6 | 7 | # The directory Mix downloads your dependencies sources to. 8 | /deps/ 9 | 10 | # Where 3rd-party dependencies like ExDoc output generated docs. 11 | /doc/ 12 | 13 | # Ignore .fetch files in case you like to edit your project deps locally. 14 | /.fetch 15 | 16 | # If the VM crashes, it generates a dump, let's ignore it too. 17 | erl_crash.dump 18 | 19 | # Also ignore archive artifacts (built via "mix archive.build"). 20 | *.ez 21 | 22 | # Ignore package tarball (built via "mix hex.build"). 23 | bn-*.tar 24 | 25 | -------------------------------------------------------------------------------- /.tool-versions: -------------------------------------------------------------------------------- 1 | elixir 1.13.1-otp-24 2 | erlang 24.1.4 3 | -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- 1 | # 0.2.2 2 | * remove deprecated config file (https://github.com/mana-ethereum/bn/pull/5) 3 | 4 | # 0.2.1 5 | * fix dialyzer issues (https://github.com/poanetwork/bn/pull/4) 6 | 7 | # 0.2.0 8 | * implement elliptic curve pairing (https://github.com/poanetwork/bn/pull/4) 9 | * rename IntegerModP to FQ (https://github.com/poanetwork/bn/pull/4) 10 | -------------------------------------------------------------------------------- /LICENSE-APACHE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright [yyyy] [name of copyright owner] 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. -------------------------------------------------------------------------------- /LICENSE-MIT: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2018 Ayrat Badykov 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # BN [![CircleCI](https://circleci.com/gh/mana-ethereum/bn.svg?style=svg)](https://circleci.com/gh/mana-ethereum/bn) 2 | 3 | BN128 elliptic curve operations for Elixir 4 | 5 | ## Installation 6 | 7 | If [available in Hex](https://hex.pm/docs/publish), the package can be installed 8 | by adding `bn` to your list of dependencies in `mix.exs`: 9 | 10 | ```elixir 11 | def deps do 12 | [ 13 | {:bn, "~> 0.2.2"} 14 | ] 15 | end 16 | ``` 17 | 18 | Documentation can be generated with [ExDoc](https://github.com/elixir-lang/ex_doc) 19 | and published on [HexDocs](https://hexdocs.pm). Once published, the docs can 20 | be found at [https://hexdocs.pm/bn](https://hexdocs.pm/bn). 21 | -------------------------------------------------------------------------------- /lib/bn.ex: -------------------------------------------------------------------------------- 1 | defmodule BN do 2 | end 3 | -------------------------------------------------------------------------------- /lib/bn/bn128_arithmetic.ex: -------------------------------------------------------------------------------- 1 | defmodule BN.BN128Arithmetic do 2 | require Integer 3 | alias BN.{FQ, FQP, FQ2, FQ12} 4 | 5 | # y^2 = x^3 + 3 6 | @y_power 2 7 | @x_power 3 8 | @b FQ.new(3) 9 | @b2 FQ2.divide(FQ2.new([3, 0]), FQ2.new([9, 1])) 10 | @b12 FQ12.new([3] ++ List.duplicate(0, 11)) 11 | 12 | @type point :: {FQP.t(), FQP.t()} | {FQ.t(), FQ.t()} 13 | 14 | @spec on_curve?(point()) :: boolean() | no_return 15 | def on_curve?(point = {x, y} = {%FQ{}, %FQ{}}) do 16 | if infinity?(point) do 17 | true 18 | else 19 | minuend = FQ.pow(y, @y_power) 20 | substrahend = FQ.pow(x, @x_power) 21 | 22 | remainder = FQ.sub(minuend, substrahend) 23 | 24 | remainder == @b 25 | end 26 | end 27 | 28 | def on_curve?(point = {x, y} = {%FQP{}, %FQP{}}) do 29 | if infinity?(point) do 30 | true 31 | else 32 | minuend = FQP.pow(y, @y_power) 33 | substrahend = FQP.pow(x, @x_power) 34 | 35 | remainder = FQP.sub(minuend, substrahend) 36 | 37 | if x.dim == 2 do 38 | remainder == @b2 39 | else 40 | remainder == @b12 41 | end 42 | end 43 | end 44 | 45 | @spec add(point(), point()) :: {:ok, point()} | {:error, String.t()} 46 | def add(point1, point2) do 47 | cond do 48 | !on_curve?(point1) -> 49 | {:error, "point1 is not on the curve"} 50 | 51 | !on_curve?(point2) -> 52 | {:error, "point2 is not on the curve"} 53 | 54 | true -> 55 | {:ok, add_points(point1, point2)} 56 | end 57 | end 58 | 59 | @spec mult(point(), integer()) :: {:ok, point()} | {:error, String.t()} 60 | def mult(point, scalar) do 61 | if on_curve?(point) do 62 | {:ok, mult_point(point, scalar)} 63 | else 64 | {:error, "point is not on the curve"} 65 | end 66 | end 67 | 68 | @spec mult_point(point(), integer()) :: point() 69 | defp mult_point(point, scalar) do 70 | cond do 71 | scalar == 0 -> 72 | case point do 73 | {%FQ{}, %FQ{}} -> 74 | {FQ.new(0), FQ.new(0)} 75 | 76 | _ -> 77 | {FQ12.zero(), FQ12.zero()} 78 | end 79 | 80 | scalar == 1 -> 81 | point 82 | 83 | Integer.is_even(scalar) -> 84 | point 85 | |> mult_point(div(scalar, 2)) 86 | |> double() 87 | 88 | true -> 89 | point 90 | |> mult_point(div(scalar, 2)) 91 | |> double() 92 | |> calculate_points_addition(point) 93 | end 94 | end 95 | 96 | @spec add_points(point(), point()) :: point() 97 | def add_points(point1, point2) do 98 | cond do 99 | point1 == point2 -> 100 | double(point1) 101 | 102 | infinity?(point1) -> 103 | point2 104 | 105 | infinity?(point2) -> 106 | point1 107 | 108 | true -> 109 | calculate_points_addition(point1, point2) 110 | end 111 | end 112 | 113 | @spec double(point()) :: point() 114 | def double({x, y} = {%FQ{}, %FQ{}}) do 115 | if y.value == 0 do 116 | {FQ.new(0), FQ.new(0)} 117 | else 118 | double_y = FQ.mult(y, 2) 119 | 120 | lambda = 121 | x 122 | |> FQ.pow(2) 123 | |> FQ.mult(3) 124 | |> FQ.divide(double_y) 125 | 126 | double_x = FQ.mult(x, 2) 127 | 128 | new_x = lambda |> FQ.pow(2) |> FQ.sub(double_x) 129 | 130 | new_y = 131 | x 132 | |> FQ.sub(new_x) 133 | |> FQ.mult(lambda) 134 | |> FQ.sub(y) 135 | 136 | {new_x, new_y} 137 | end 138 | end 139 | 140 | def double({x, y} = {%FQP{}, %FQP{}}) do 141 | if y == FQ12.zero() do 142 | {FQ12.zero(), FQ12.zero()} 143 | else 144 | double_y = FQ12.mult(y, 2) 145 | 146 | lambda = 147 | x 148 | |> FQ12.pow(2) 149 | |> FQ12.mult(3) 150 | |> FQ12.divide(double_y) 151 | 152 | double_x = FQ12.mult(x, 2) 153 | 154 | new_x = lambda |> FQ12.pow(2) |> FQ12.sub(double_x) 155 | 156 | new_y = 157 | x 158 | |> FQ12.sub(new_x) 159 | |> FQ12.mult(lambda) 160 | |> FQ12.sub(y) 161 | 162 | {new_x, new_y} 163 | end 164 | end 165 | 166 | @spec calculate_points_addition(point(), point()) :: point() 167 | defp calculate_points_addition({x1, y1} = {%FQ{}, %FQ{}}, {x2, y2}) do 168 | if x1 == x2 do 169 | {FQ.new(0), FQ.new(0)} 170 | else 171 | y_remainder = FQ.sub(y2, y1) 172 | x_remainder = FQ.sub(x2, x1) 173 | lambda = FQ.divide(y_remainder, x_remainder) 174 | 175 | x = 176 | lambda 177 | |> FQ.pow(2) 178 | |> FQ.sub(x1) 179 | |> FQ.sub(x2) 180 | 181 | y = 182 | x1 183 | |> FQ.sub(x) 184 | |> FQ.mult(lambda) 185 | |> FQ.sub(y1) 186 | 187 | {x, y} 188 | end 189 | end 190 | 191 | defp calculate_points_addition({x1, y1} = {%FQP{}, %FQP{}}, {x2, y2}) do 192 | if x1 == x2 do 193 | {FQ12.zero(), FQ12.zero()} 194 | else 195 | y_remainder = FQ12.sub(y2, y1) 196 | x_remainder = FQ12.sub(x2, x1) 197 | lambda = FQ12.divide(y_remainder, x_remainder) 198 | 199 | x = 200 | lambda 201 | |> FQ12.pow(2) 202 | |> FQ12.sub(x1) 203 | |> FQ12.sub(x2) 204 | 205 | y = 206 | x1 207 | |> FQ12.sub(x) 208 | |> FQ12.mult(lambda) 209 | |> FQ12.sub(y1) 210 | 211 | {x, y} 212 | end 213 | end 214 | 215 | def infinity?({x, y} = {%FQ{}, %FQ{}}) do 216 | x.value == 0 && y.value == 0 217 | end 218 | 219 | def infinity?({x, y} = {%FQP{}, %FQP{}}) do 220 | FQP.zero?(x) && FQP.zero?(y) 221 | end 222 | end 223 | -------------------------------------------------------------------------------- /lib/bn/fq.ex: -------------------------------------------------------------------------------- 1 | defmodule BN.FQ do 2 | defstruct [:value, :modulus] 3 | 4 | @type t :: %__MODULE__{ 5 | value: integer(), 6 | modulus: integer() 7 | } 8 | 9 | @default_modulus 21_888_242_871_839_275_222_246_405_745_257_275_088_696_311_157_297_823_662_689_037_894_645_226_208_583 10 | 11 | alias BN.FQ.ExtendedEuclideanAlgorithm 12 | 13 | @spec new(integer() | t(), keyword()) :: t() 14 | def new(number, params \\ []) 15 | 16 | def new(number = %__MODULE__{}, _), do: number 17 | 18 | def new(number, params) do 19 | modulus = Keyword.get(params, :modulus, @default_modulus) 20 | 21 | value = 22 | number 23 | |> rem(modulus) 24 | |> make_positive(modulus) 25 | 26 | %__MODULE__{value: value, modulus: modulus} 27 | end 28 | 29 | @spec one() :: t() 30 | def one do 31 | new(1) 32 | end 33 | 34 | @spec zero() :: t() 35 | def zero do 36 | new(0) 37 | end 38 | 39 | @spec add(t(), t()) :: t() | no_return 40 | def add(%__MODULE__{modulus: modulus1}, %__MODULE__{modulus: modulus2}) 41 | when modulus1 != modulus2 do 42 | raise(ArgumentError, message: "Numbers calculated with different modulus") 43 | end 44 | 45 | def add(number1 = %__MODULE__{}, number2 = %__MODULE__{}) do 46 | new(number1.value + number2.value, modulus: number1.modulus) 47 | end 48 | 49 | def add(_, _) do 50 | raise ArgumentError, message: "#{__MODULE__}.add/2 can only add #{__MODULE__} structs" 51 | end 52 | 53 | @spec sub(t(), t()) :: t() | no_return 54 | def sub(%__MODULE__{modulus: modulus1}, %__MODULE__{modulus: modulus2}) 55 | when modulus1 != modulus2 do 56 | raise(ArgumentError, message: "Numbers calculated with different modulus") 57 | end 58 | 59 | def sub(number1 = %__MODULE__{}, number2 = %__MODULE__{}) do 60 | new(number1.value - number2.value, modulus: number1.modulus) 61 | end 62 | 63 | def sub(_, _) do 64 | raise ArgumentError, message: "#{__MODULE__}.sub/2 can only substract #{__MODULE__} structs" 65 | end 66 | 67 | @spec mult(t(), t() | integer()) :: t() | no_return 68 | def mult(%__MODULE__{modulus: modulus1}, %__MODULE__{modulus: modulus2}) 69 | when modulus1 != modulus2 do 70 | raise(ArgumentError, message: "Numbers calculated with different modulus") 71 | end 72 | 73 | def mult(number1 = %__MODULE__{}, number2 = %__MODULE__{}) do 74 | new(number1.value * number2.value, modulus: number1.modulus) 75 | end 76 | 77 | def mult(number1 = %__MODULE__{}, number2) do 78 | new(number1.value * number2, modulus: number1.modulus) 79 | end 80 | 81 | def mult(_, _) do 82 | raise ArgumentError, 83 | message: "#{__MODULE__}.sub/2 can only multiplicate #{__MODULE__} structs" 84 | end 85 | 86 | @spec divide(t(), t()) :: t() | no_return 87 | def divide(%__MODULE__{modulus: modulus1}, %__MODULE__{modulus: modulus2}) 88 | when modulus1 != modulus2 do 89 | raise(ArgumentError, message: "Numbers calculated with different modulus") 90 | end 91 | 92 | def divide(number1 = %__MODULE__{}, number2 = %__MODULE__{}) do 93 | divide(number1, number2.value) 94 | end 95 | 96 | def divide(number1 = %__MODULE__{}, number2) when is_integer(number2) do 97 | {1, inverse} = ExtendedEuclideanAlgorithm.extended_gcd(number2, number1.modulus) 98 | 99 | mult(number1, inverse) 100 | end 101 | 102 | def divide(number1, number2) when is_integer(number2) and is_integer(number1) do 103 | {1, inverse} = ExtendedEuclideanAlgorithm.extended_gcd(number2, default_modulus()) 104 | 105 | number1 106 | |> new() 107 | |> mult(inverse) 108 | end 109 | 110 | def divide(_, _) do 111 | raise ArgumentError, 112 | message: "#{__MODULE__}.div/2 can only divide #{__MODULE__} structs" 113 | end 114 | 115 | @spec pow(t(), integer()) :: t() | no_return 116 | def pow(base = %__MODULE__{}, exponent) do 117 | case exponent do 118 | 0 -> 119 | new(1, modulus: base.modulus) 120 | 121 | 1 -> 122 | base 123 | 124 | _ -> 125 | base.value 126 | |> :crypto.mod_pow(exponent, base.modulus) 127 | |> :binary.decode_unsigned() 128 | |> new(modulus: base.modulus) 129 | end 130 | end 131 | 132 | def pow(_, _) do 133 | raise ArgumentError, 134 | message: "#{__MODULE__}.pow/2 can only exponent #{__MODULE__} structs" 135 | end 136 | 137 | @spec default_modulus() :: integer() 138 | def default_modulus, do: @default_modulus 139 | 140 | @spec make_positive(integer(), integer()) :: integer() 141 | defp make_positive(number, _) when number >= 0, do: number 142 | 143 | defp make_positive(number, modulus) do 144 | updated_number = number + modulus 145 | 146 | make_positive(updated_number, modulus) 147 | end 148 | end 149 | -------------------------------------------------------------------------------- /lib/bn/fq/extended_euclidean_algorithm.ex: -------------------------------------------------------------------------------- 1 | defmodule BN.FQ.ExtendedEuclideanAlgorithm do 2 | @spec common_greatest_divisor(integer(), integer()) :: integer() 3 | def common_greatest_divisor(number1, number2) do 4 | if number1 >= number2, do: gcd(number1, number2), else: gcd(number2, number1) 5 | end 6 | 7 | @spec extended_gcd(integer(), integer()) :: {integer(), integer()} 8 | def extended_gcd(a, b) do 9 | {last_remainder, last_x} = extended_gcd(abs(a), abs(b), 1, 0, 0, 1) 10 | {last_remainder, last_x * if(a < 0, do: -1, else: 1)} 11 | end 12 | 13 | defp extended_gcd(last_remainder, 0, last_x, _, _, _), do: {last_remainder, last_x} 14 | 15 | defp extended_gcd(last_remainder, remainder, last_x, x, last_y, y) do 16 | quotient = div(last_remainder, remainder) 17 | remainder2 = rem(last_remainder, remainder) 18 | extended_gcd(remainder, remainder2, x, last_x - quotient * x, y, last_y - quotient * y) 19 | end 20 | 21 | @spec gcd(integer(), integer()) :: integer() 22 | defp gcd(number1, number2) do 23 | remain = rem(number1, number2) 24 | 25 | if remain == 0, do: number2, else: gcd(number2, remain) 26 | end 27 | end 28 | -------------------------------------------------------------------------------- /lib/bn/fq12.ex: -------------------------------------------------------------------------------- 1 | defmodule BN.FQ12 do 2 | alias BN.FQP 3 | 4 | @modulus_coef [82, 0, 0, 0, 0, 0, -18, 0, 0, 0, 0, 0] 5 | 6 | @spec new([integer()]) :: FQP.t() | no_return 7 | def new(coef) do 8 | if Enum.count(coef) != 12, 9 | do: raise(ArgumentError, message: "FQ12 should have dimension of 12") 10 | 11 | FQP.new(coef, @modulus_coef) 12 | end 13 | 14 | @spec one() :: FQP.t() 15 | def one do 16 | coef = [1] ++ List.duplicate(0, 11) 17 | 18 | new(coef) 19 | end 20 | 21 | @spec zero() :: FQP.t() 22 | def zero do 23 | coef = List.duplicate(0, 12) 24 | 25 | new(coef) 26 | end 27 | 28 | defdelegate add(fq12_1, fq12_2), to: FQP 29 | defdelegate sub(fq12_1, fq12_2), to: FQP 30 | defdelegate mult(fq12_1, fq12_2), to: FQP 31 | defdelegate divide(fq12_1, fq12_2), to: FQP 32 | defdelegate pow(fq12_1, fq12_2), to: FQP 33 | end 34 | -------------------------------------------------------------------------------- /lib/bn/fq2.ex: -------------------------------------------------------------------------------- 1 | defmodule BN.FQ2 do 2 | alias BN.FQP 3 | 4 | @modulus_coef [1, 0] 5 | 6 | @spec new([integer()]) :: FQP.t() | no_return 7 | def new(coef) do 8 | if Enum.count(coef) != 2, do: raise(ArgumentError, message: "FQ2 should have dimension of 2") 9 | 10 | FQP.new(coef, @modulus_coef) 11 | end 12 | 13 | defdelegate add(fq2_1, fq2_2), to: FQP 14 | defdelegate sub(fq2_1, fq2_2), to: FQP 15 | defdelegate mult(fq2_1, fq2_2), to: FQP 16 | defdelegate divide(fq2_1, fq2_2), to: FQP 17 | defdelegate pow(fq2_1, fq2_2), to: FQP 18 | end 19 | -------------------------------------------------------------------------------- /lib/bn/fqp.ex: -------------------------------------------------------------------------------- 1 | defmodule BN.FQP do 2 | defstruct [:coef, :modulus_coef, :dim] 3 | 4 | alias BN.FQ 5 | 6 | @type t :: %__MODULE__{ 7 | coef: [FQ.t()], 8 | modulus_coef: [integer()] 9 | } 10 | 11 | @spec new([integer()], [integer()], keyword()) :: t() | no_return 12 | def new(coef, modulus_coef, params \\ []) do 13 | modulus = Keyword.get(params, :modulus, FQ.default_modulus()) 14 | coef_size = Enum.count(coef) 15 | modulus_coef_size = Enum.count(modulus_coef) 16 | 17 | if coef_size != modulus_coef_size, 18 | do: 19 | raise(ArgumentError, 20 | message: "Coefficients and modulus coefficients have different dimensions" 21 | ) 22 | 23 | fq_coef = 24 | Enum.map(coef, fn coef_el -> 25 | FQ.new(coef_el, modulus: modulus) 26 | end) 27 | 28 | %__MODULE__{ 29 | coef: fq_coef, 30 | modulus_coef: modulus_coef, 31 | dim: coef_size 32 | } 33 | end 34 | 35 | @spec add(t(), t()) :: t() | no_return 36 | def add( 37 | fqp1 = %__MODULE__{dim: dim1, modulus_coef: modulus_coef1}, 38 | fqp2 = %__MODULE__{dim: dim2, modulus_coef: modulus_coef2} 39 | ) 40 | when dim1 == dim2 and modulus_coef1 == modulus_coef2 do 41 | coef = 42 | fqp1.coef 43 | |> Enum.zip(fqp2.coef) 44 | |> Enum.map(fn {coef1, coef2} -> 45 | FQ.add(coef1, coef2) 46 | end) 47 | 48 | %__MODULE__{modulus_coef: modulus_coef1, dim: dim1, coef: coef} 49 | end 50 | 51 | def add(_, _), do: raise(ArgumentError, message: "Can't add elements of different fields") 52 | 53 | @spec sub(t(), t()) :: t() | no_return 54 | def sub( 55 | fqp1 = %__MODULE__{dim: dim1, modulus_coef: modulus_coef1}, 56 | fqp2 = %__MODULE__{dim: dim2, modulus_coef: modulus_coef2} 57 | ) 58 | when dim1 == dim2 and modulus_coef1 == modulus_coef2 do 59 | coef = 60 | fqp1.coef 61 | |> Enum.zip(fqp2.coef) 62 | |> Enum.map(fn {coef1, coef2} -> 63 | FQ.sub(coef1, coef2) 64 | end) 65 | 66 | %__MODULE__{modulus_coef: modulus_coef1, dim: dim1, coef: coef} 67 | end 68 | 69 | def sub(_, _), do: raise(ArgumentError, message: "Can't substact elements of different fields") 70 | 71 | @spec mult(t(), t() | FQ.t() | integer()) :: t() | no_return 72 | def mult( 73 | fqp = %__MODULE__{dim: dim, modulus_coef: modulus_coef}, 74 | fq = %FQ{} 75 | ) do 76 | coef = 77 | Enum.map(fqp.coef, fn coef -> 78 | FQ.mult(coef, fq) 79 | end) 80 | 81 | %__MODULE__{modulus_coef: modulus_coef, dim: dim, coef: coef} 82 | end 83 | 84 | def mult( 85 | fqp = %__MODULE__{dim: dim, modulus_coef: modulus_coef}, 86 | number 87 | ) 88 | when is_integer(number) do 89 | coef = 90 | Enum.map(fqp.coef, fn coef -> 91 | FQ.mult(coef, number) 92 | end) 93 | 94 | %__MODULE__{modulus_coef: modulus_coef, dim: dim, coef: coef} 95 | end 96 | 97 | def mult( 98 | fqp1 = %__MODULE__{dim: dim1, modulus_coef: modulus_coef1}, 99 | fqp2 = %__MODULE__{dim: dim2, modulus_coef: modulus_coef2} 100 | ) 101 | when dim1 == dim2 and modulus_coef1 == modulus_coef2 do 102 | pol_coef = List.duplicate(FQ.new(0), dim1 * 2 - 1) 103 | 104 | intermediate_result = 105 | Enum.reduce(0..(dim1 - 1), pol_coef, fn i, acc1 -> 106 | Enum.reduce(0..(dim1 - 1), acc1, fn j, acc2 -> 107 | cur_acc = Enum.at(acc2, i + j) 108 | 109 | summand = FQ.mult(Enum.at(fqp1.coef, i), Enum.at(fqp2.coef, j)) 110 | 111 | List.replace_at(acc2, i + j, FQ.add(cur_acc, summand)) 112 | end) 113 | end) 114 | 115 | coef = 116 | mult_modulus_coef( 117 | Enum.reverse(intermediate_result), 118 | modulus_coef1, 119 | dim1 120 | ) 121 | 122 | %__MODULE__{modulus_coef: modulus_coef1, dim: dim1, coef: coef} 123 | end 124 | 125 | def mult(_, _), do: raise(ArgumentError, message: "Can't multiply elements of different fields") 126 | 127 | @spec divide(t(), t()) :: t() | no_return 128 | def divide(fqp1, fqp2) do 129 | inverse = inverse(fqp2) 130 | 131 | mult(fqp1, inverse) 132 | end 133 | 134 | @spec inverse(t()) :: t() | no_return 135 | def inverse(fqp) do 136 | lm = [FQ.new(1)] ++ List.duplicate(FQ.new(0), fqp.dim) 137 | hm = List.duplicate(FQ.new(0), fqp.dim + 1) 138 | low = fqp.coef ++ [FQ.new(0)] 139 | high = fqp.modulus_coef ++ [1] 140 | 141 | deg_low = deg(low) 142 | 143 | calculate_inverse({high, low}, {hm, lm}, fqp, deg_low) 144 | end 145 | 146 | @spec pow(t(), integer()) :: t() | no_return 147 | def pow(base, exp) do 148 | cond do 149 | exp == 0 -> 150 | coef = [1] ++ List.duplicate([0], base.dim - 1) 151 | new(coef, base.modulus_coef) 152 | 153 | exp == 1 -> 154 | base 155 | 156 | rem(exp, 2) == 0 -> 157 | base 158 | |> mult(base) 159 | |> pow(div(exp, 2)) 160 | 161 | true -> 162 | base 163 | |> mult(base) 164 | |> pow(div(exp, 2)) 165 | |> mult(base) 166 | end 167 | end 168 | 169 | @spec zero?(t()) :: boolean() 170 | def zero?(fqp) do 171 | Enum.all?(fqp.coef, fn cur_coef -> 172 | cur_coef.value == 0 173 | end) 174 | end 175 | 176 | @spec negate(t()) :: t() 177 | def negate(fqp) do 178 | neg_coef = Enum.map(fqp.coef, fn coef -> FQ.new(-coef.value) end) 179 | 180 | %{fqp | coef: neg_coef} 181 | end 182 | 183 | defp calculate_inverse({_, low}, {_, lm}, fqp, deg_low) when deg_low == 0 do 184 | coef = 185 | lm 186 | |> Enum.take(fqp.dim) 187 | |> Enum.map(fn el -> 188 | FQ.divide(el, Enum.at(low, 0)) 189 | end) 190 | 191 | new(coef, fqp.modulus_coef) 192 | end 193 | 194 | defp calculate_inverse({high, low}, {hm, lm}, fqp, _deg_low) do 195 | r = poly_rounded_div(high, low) 196 | r = r ++ List.duplicate(FQ.new(0), fqp.dim + 1 - Enum.count(r)) 197 | 198 | nm = hm 199 | 200 | new = high 201 | 202 | {nm, new} = 203 | 0..fqp.dim 204 | |> Enum.reduce({nm, new}, fn i, {nm, new} -> 205 | 0..(fqp.dim - i) 206 | |> Enum.reduce({nm, new}, fn j, {nm, new} -> 207 | nmmult = lm |> Enum.at(i) |> FQ.new() |> FQ.mult(Enum.at(r, j)) 208 | new_nm_val = nm |> Enum.at(i + j) |> FQ.new() |> FQ.sub(nmmult) 209 | nm = List.replace_at(nm, i + j, new_nm_val) 210 | 211 | newmult = low |> Enum.at(i) |> FQ.new() |> FQ.mult(Enum.at(r, j)) 212 | new_val = new |> Enum.at(i + j) |> FQ.new() |> FQ.sub(newmult) 213 | new = List.replace_at(new, i + j, new_val) 214 | 215 | {nm, new} 216 | end) 217 | end) 218 | 219 | deg_low = deg(new) 220 | 221 | calculate_inverse({low, new}, {lm, nm}, fqp, deg_low) 222 | end 223 | 224 | defp poly_rounded_div(a, b) do 225 | dega = deg(a) 226 | degb = deg(b) 227 | temp = a 228 | 229 | output = List.duplicate(FQ.new(0), Enum.count(a)) 230 | 231 | output = 232 | if dega - degb >= 0 do 233 | {output, _} = 234 | 0..(dega - degb) 235 | |> Enum.to_list() 236 | |> Enum.reverse() 237 | |> Enum.reduce({output, temp}, fn i, {out_acc, temp_acc} -> 238 | new_val = 239 | temp_acc 240 | |> Enum.at(degb + i) 241 | |> FQ.new() 242 | |> FQ.divide(Enum.at(b, degb)) 243 | |> FQ.add(Enum.at(out_acc, i)) 244 | 245 | new_out_acc = List.replace_at(out_acc, i, new_val) 246 | 247 | new_temp_acc = 248 | 0..degb 249 | |> Enum.reduce(temp_acc, fn j, acc -> 250 | updated_value = 251 | acc |> Enum.at(i + j) |> FQ.new() |> FQ.sub(Enum.at(new_out_acc, j)) 252 | 253 | List.replace_at( 254 | acc, 255 | i + j, 256 | updated_value 257 | ) 258 | end) 259 | 260 | {new_out_acc, new_temp_acc} 261 | end) 262 | 263 | output 264 | else 265 | output 266 | end 267 | 268 | dego = deg(output) 269 | 270 | Enum.take(output, dego + 1) 271 | end 272 | 273 | defp deg(list) do 274 | idx = 275 | list 276 | |> Enum.reverse() 277 | |> Enum.find_index(fn el -> 278 | if is_integer(el) do 279 | el != 0 280 | else 281 | el.value != 0 282 | end 283 | end) 284 | 285 | if is_nil(idx), do: 0, else: Enum.count(list) - idx - 1 286 | end 287 | 288 | defp mult_modulus_coef(pol_coef = [cur | tail_pol_coef], modulus_coef, dim) 289 | when length(pol_coef) > dim do 290 | current_idx = Enum.count(pol_coef) - dim - 1 291 | tail_pol_coef = Enum.reverse(tail_pol_coef) 292 | 293 | cur_result = 294 | Enum.reduce(0..(dim - 1), tail_pol_coef, fn i, acc -> 295 | current_acc_el = acc |> Enum.at(i + current_idx) 296 | subtrahend = modulus_coef |> Enum.at(i) |> FQ.new() |> FQ.mult(cur) 297 | updated_acc_el = FQ.sub(current_acc_el, subtrahend) 298 | 299 | List.replace_at(acc, current_idx + i, updated_acc_el) 300 | end) 301 | 302 | cur_result 303 | |> Enum.reverse() 304 | |> mult_modulus_coef(modulus_coef, dim) 305 | end 306 | 307 | defp mult_modulus_coef(pol_coef, _, _), do: Enum.reverse(pol_coef) 308 | end 309 | -------------------------------------------------------------------------------- /lib/bn/pairing.ex: -------------------------------------------------------------------------------- 1 | defmodule BN.Pairing do 2 | use Bitwise 3 | alias BN.{FQ12, FQP, FQ, BN128Arithmetic} 4 | 5 | @twist_point FQ12.new([0, 1] ++ List.duplicate(0, 10)) 6 | @power 552_484_233_613_224_096_312_617_126_783_173_147_097_382_103_762_957_654_188_882_734_314_196_910_839_907_541_213_974_502_761_540_629_817_009_608_548_654_680_343_627_701_153_829_446_747_810_907_373_256_841_551_006_201_639_677_726_139_946_029_199_968_412_598_804_882_391_702_273_019_083_653_272_047_566_316_584_365_559_776_493_027_495_458_238_373_902_875_937_659_943_504_873_220_554_161_550_525_926_302_303_331_747_463_515_644_711_876_653_177_129_578_303_191_095_900_909_191_624_817_826_566_688_241_804_408_081_892_785_725_967_931_714_097_716_709_526_092_261_278_071_952_560_171_111_444_072_049_229_123_565_057_483_750_161_460_024_353_346_284_167_282_452_756_217_662_335_528_813_519_139_808_291_170_539_072_125_381_230_815_729_071_544_861_602_750_936_964_829_313_608_137_325_426_383_735_122_175_229_541_155_376_346_436_093_930_287_402_089_517_426_973_178_917_569_713_384_748_081_827_255_472_576_937_471_496_195_752_727_188_261_435_633_271_238_710_131_736_096_299_798_168_852_925_540_549_342_330_775_279_877_006_784_354_801_422_249_722_573_783_561_685_179_618_816_480_037_695_005_515_426_162_362_431_072_245_638_324_744_480 7 | 8 | @dialyzer {:no_return, pairing: 2, twist: 1} 9 | 10 | @spec pairing({FQP.t(), FQP.t()}, {FQ.t(), FQ.t()}) :: FQP.t() | no_return 11 | def pairing(point1, point2) do 12 | point1_fq12 = twist(point1) 13 | point2_fq12 = point_to_fq12(point2) 14 | 15 | miller_loop(point1_fq12, point2_fq12) 16 | end 17 | 18 | @spec twist({FQP.t(), FQP.t()}) :: {FQP.t(), FQP.t()} | no_return 19 | def twist({x, y}) do 20 | x_1 = x.coef |> Enum.at(0) 21 | x_2 = x.coef |> Enum.at(1) 22 | 23 | y_1 = y.coef |> Enum.at(0) 24 | y_2 = y.coef |> Enum.at(1) 25 | 26 | inter_x_1 = x_1.value - x_2.value * 9 27 | inter_y_1 = y_1.value - y_2.value * 9 28 | 29 | inter_x_coef = [inter_x_1] ++ List.duplicate(0, 5) ++ [x_2] ++ List.duplicate(0, 5) 30 | inter_y_coef = [inter_y_1] ++ List.duplicate(0, 5) ++ [y_2] ++ List.duplicate(0, 5) 31 | 32 | inter_x = FQ12.new(inter_x_coef) 33 | inter_y = FQ12.new(inter_y_coef) 34 | 35 | new_x = @twist_point |> FQ12.pow(2) |> FQ12.mult(inter_x) 36 | new_y = @twist_point |> FQ12.pow(3) |> FQ12.mult(inter_y) 37 | 38 | {new_x, new_y} 39 | end 40 | 41 | @spec point_to_fq12({FQ.t(), FQ.t()}) :: {FQP.t(), FQP.t()} | no_return 42 | def point_to_fq12({x, y}) do 43 | new_x = [x.value] ++ List.duplicate(0, 11) 44 | new_y = [y.value] ++ List.duplicate(0, 11) 45 | 46 | {FQ12.new(new_x), FQ12.new(new_y)} 47 | end 48 | 49 | @spec linefunc({FQP.t(), FQP.t()}, {FQP.t(), FQP.t()}, {FQP.t(), FQP.t()}) :: 50 | FQP.t() | no_return 51 | def linefunc({x1, y1}, {x2, y2}, {xt, yt}) do 52 | cond do 53 | x1 != x2 -> 54 | dividend = FQ12.sub(y2, y1) 55 | separator = FQ12.sub(x2, x1) 56 | quotient = FQ12.divide(dividend, separator) 57 | 58 | xt 59 | |> FQ12.sub(x1) 60 | |> FQ12.mult(quotient) 61 | |> FQ12.sub(FQ12.sub(yt, y1)) 62 | 63 | y1 == y2 -> 64 | dividend = x1 |> FQ12.pow(2) |> FQ12.mult(3) 65 | separator = FQ12.mult(y1, 2) 66 | quotient = FQ12.divide(dividend, separator) 67 | 68 | xt 69 | |> FQ12.sub(x1) 70 | |> FQ12.mult(quotient) 71 | |> FQ12.sub(FQ12.sub(yt, y1)) 72 | 73 | true -> 74 | FQ12.sub(xt, x1) 75 | end 76 | end 77 | 78 | @spec miller_loop({FQP.t(), FQP.t()}, {FQP.t(), FQP.t()}) :: FQP.t() | no_return 79 | def miller_loop(point1 = {x1, y1}, point2) do 80 | one = FQ12.one() 81 | 82 | if BN128Arithmetic.infinity?(point1) || BN128Arithmetic.infinity?(point2) do 83 | one 84 | else 85 | r = point1 86 | f = one 87 | 88 | {f, r} = 89 | 0..63 90 | |> Enum.to_list() 91 | |> Enum.reverse() 92 | |> Enum.reduce({f, r}, fn i, {f_acc, r_acc} -> 93 | f_acc = 94 | r_acc 95 | |> linefunc(r_acc, point2) 96 | |> FQP.mult(f_acc) 97 | |> FQP.mult(f_acc) 98 | 99 | r_acc = BN128Arithmetic.double(r_acc) 100 | 101 | if (29_793_968_203_157_093_288 &&& round(:math.pow(2, i))) != 0 do 102 | f_acc = 103 | r_acc 104 | |> linefunc(point1, point2) 105 | |> FQP.mult(f_acc) 106 | 107 | r_acc = BN128Arithmetic.add_points(r_acc, point1) 108 | 109 | {f_acc, r_acc} 110 | else 111 | {f_acc, r_acc} 112 | end 113 | end) 114 | 115 | new_point1 = 116 | {new_point1_x, new_point1_y} = 117 | {FQP.pow(x1, FQ.default_modulus()), FQP.pow(y1, FQ.default_modulus())} 118 | 119 | new_point2 = 120 | {FQP.pow(new_point1_x, FQ.default_modulus()), 121 | new_point1_y |> FQP.pow(FQ.default_modulus()) |> FQP.negate()} 122 | 123 | f = r |> linefunc(new_point1, point2) |> FQP.mult(f) 124 | r = BN128Arithmetic.add_points(r, new_point1) 125 | f = r |> linefunc(new_point2, point2) |> FQP.mult(f) 126 | 127 | FQP.pow(f, @power) 128 | end 129 | end 130 | end 131 | -------------------------------------------------------------------------------- /mix.exs: -------------------------------------------------------------------------------- 1 | defmodule Bn.MixProject do 2 | use Mix.Project 3 | 4 | def project do 5 | [ 6 | app: :bn, 7 | version: "0.2.2", 8 | elixir: "~> 1.7", 9 | description: "BN128 elliptic curve operations for Elixir", 10 | package: [ 11 | maintainers: ["Ayrat Badykov"], 12 | licenses: ["MIT", "Apache-2.0"], 13 | links: %{"GitHub" => "https://github.com/poanetwork/bn"} 14 | ], 15 | start_permanent: Mix.env() == :prod, 16 | deps: deps() 17 | ] 18 | end 19 | 20 | def application do 21 | [ 22 | extra_applications: [:logger] 23 | ] 24 | end 25 | 26 | defp deps do 27 | [ 28 | {:ex_doc, ">= 0.0.0", only: :dev, runtime: false}, 29 | {:credo, "~> 1.6", only: [:dev, :test], runtime: false}, 30 | {:dialyxir, "~> 1.1", only: [:dev, :test], runtime: false} 31 | ] 32 | end 33 | end 34 | -------------------------------------------------------------------------------- /mix.lock: -------------------------------------------------------------------------------- 1 | %{ 2 | "bunt": {:hex, :bunt, "0.2.0", "951c6e801e8b1d2cbe58ebbd3e616a869061ddadcc4863d0a2182541acae9a38", [:mix], [], "hexpm", "7af5c7e09fe1d40f76c8e4f9dd2be7cebd83909f31fee7cd0e9eadc567da8353"}, 3 | "credo": {:hex, :credo, "1.6.3", "0a9f8925dbc8f940031b789f4623fc9a0eea99d3eed600fe831e403eb96c6a83", [:mix], [{:bunt, "~> 0.2.0", [hex: :bunt, repo: "hexpm", optional: false]}, {:file_system, "~> 0.2.8", [hex: :file_system, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}], "hexpm", "1167cde00e6661d740fc54da2ee268e35d3982f027399b64d3e2e83af57a1180"}, 4 | "dialyxir": {:hex, :dialyxir, "1.1.0", "c5aab0d6e71e5522e77beff7ba9e08f8e02bad90dfbeffae60eaf0cb47e29488", [:mix], [{:erlex, ">= 0.2.6", [hex: :erlex, repo: "hexpm", optional: false]}], "hexpm", "07ea8e49c45f15264ebe6d5b93799d4dd56a44036cf42d0ad9c960bc266c0b9a"}, 5 | "earmark_parser": {:hex, :earmark_parser, "1.4.25", "2024618731c55ebfcc5439d756852ec4e85978a39d0d58593763924d9a15916f", [:mix], [], "hexpm", "56749c5e1c59447f7b7a23ddb235e4b3defe276afc220a6227237f3efe83f51e"}, 6 | "erlex": {:hex, :erlex, "0.2.6", "c7987d15e899c7a2f34f5420d2a2ea0d659682c06ac607572df55a43753aa12e", [:mix], [], "hexpm", "2ed2e25711feb44d52b17d2780eabf998452f6efda104877a3881c2f8c0c0c75"}, 7 | "ex_doc": {:hex, :ex_doc, "0.28.4", "001a0ea6beac2f810f1abc3dbf4b123e9593eaa5f00dd13ded024eae7c523298", [:mix], [{:earmark_parser, "~> 1.4.19", [hex: :earmark_parser, repo: "hexpm", optional: false]}, {:makeup_elixir, "~> 0.14", [hex: :makeup_elixir, repo: "hexpm", optional: false]}, {:makeup_erlang, "~> 0.1", [hex: :makeup_erlang, repo: "hexpm", optional: false]}], "hexpm", "bf85d003dd34911d89c8ddb8bda1a958af3471a274a4c2150a9c01c78ac3f8ed"}, 8 | "file_system": {:hex, :file_system, "0.2.10", "fb082005a9cd1711c05b5248710f8826b02d7d1784e7c3451f9c1231d4fc162d", [:mix], [], "hexpm", "41195edbfb562a593726eda3b3e8b103a309b733ad25f3d642ba49696bf715dc"}, 9 | "jason": {:hex, :jason, "1.3.0", "fa6b82a934feb176263ad2df0dbd91bf633d4a46ebfdffea0c8ae82953714946", [:mix], [{:decimal, "~> 1.0 or ~> 2.0", [hex: :decimal, repo: "hexpm", optional: true]}], "hexpm", "53fc1f51255390e0ec7e50f9cb41e751c260d065dcba2bf0d08dc51a4002c2ac"}, 10 | "makeup": {:hex, :makeup, "1.1.0", "6b67c8bc2882a6b6a445859952a602afc1a41c2e08379ca057c0f525366fc3ca", [:mix], [{:nimble_parsec, "~> 1.2.2 or ~> 1.3", [hex: :nimble_parsec, repo: "hexpm", optional: false]}], "hexpm", "0a45ed501f4a8897f580eabf99a2e5234ea3e75a4373c8a52824f6e873be57a6"}, 11 | "makeup_elixir": {:hex, :makeup_elixir, "0.16.0", "f8c570a0d33f8039513fbccaf7108c5d750f47d8defd44088371191b76492b0b", [:mix], [{:makeup, "~> 1.0", [hex: :makeup, repo: "hexpm", optional: false]}, {:nimble_parsec, "~> 1.2.3", [hex: :nimble_parsec, repo: "hexpm", optional: false]}], "hexpm", "28b2cbdc13960a46ae9a8858c4bebdec3c9a6d7b4b9e7f4ed1502f8159f338e7"}, 12 | "makeup_erlang": {:hex, :makeup_erlang, "0.1.1", "3fcb7f09eb9d98dc4d208f49cc955a34218fc41ff6b84df7c75b3e6e533cc65f", [:mix], [{:makeup, "~> 1.0", [hex: :makeup, repo: "hexpm", optional: false]}], "hexpm", "174d0809e98a4ef0b3309256cbf97101c6ec01c4ab0b23e926a9e17df2077cbb"}, 13 | "nimble_parsec": {:hex, :nimble_parsec, "1.2.3", "244836e6e3f1200c7f30cb56733fd808744eca61fd182f731eac4af635cc6d0b", [:mix], [], "hexpm", "c8d789e39b9131acf7b99291e93dae60ab48ef14a7ee9d58c6964f59efb570b0"}, 14 | } 15 | -------------------------------------------------------------------------------- /test/bn/bn128_arithmetic_test.exs: -------------------------------------------------------------------------------- 1 | defmodule BN.BN128ArithmeticTest do 2 | use ExUnit.Case, async: true 3 | 4 | alias BN.{FQ, FQ2, Pairing} 5 | alias BN.BN128Arithmetic 6 | 7 | describe "on_curve?/2" do 8 | test "returns false if the FQ point is not on the curve" do 9 | x = FQ.new(5) 10 | y = FQ.new(6) 11 | 12 | refute BN128Arithmetic.on_curve?({x, y}) 13 | end 14 | 15 | test "returns true if the FQ point is on the curve" do 16 | x = FQ.new(1) 17 | y = FQ.new(2) 18 | 19 | assert BN128Arithmetic.on_curve?({x, y}) 20 | end 21 | 22 | test "returns true if the FQ point is infinity" do 23 | x = FQ.new(0) 24 | y = FQ.new(0) 25 | 26 | assert BN128Arithmetic.on_curve?({x, y}) 27 | end 28 | 29 | test "returns false if the FQ2 point is not on the curve" do 30 | x = FQ2.new([5, 1]) 31 | y = FQ2.new([6, 2]) 32 | 33 | refute BN128Arithmetic.on_curve?({x, y}) 34 | end 35 | 36 | test "returns true if the FQ2 point is on the curve" do 37 | x = 38 | FQ2.new([ 39 | 10_857_046_999_023_057_135_944_570_762_232_829_481_370_756_359_578_518_086_990_519_993_285_655_852_781, 40 | 11_559_732_032_986_387_107_991_004_021_392_285_783_925_812_861_821_192_530_917_403_151_452_391_805_634 41 | ]) 42 | 43 | y = 44 | FQ2.new([ 45 | 8_495_653_923_123_431_417_604_973_247_489_272_438_418_190_587_263_600_148_770_280_649_306_958_101_930, 46 | 4_082_367_875_863_433_681_332_203_403_145_435_568_316_851_327_593_401_208_105_741_076_214_120_093_531 47 | ]) 48 | 49 | assert BN128Arithmetic.on_curve?({x, y}) 50 | end 51 | 52 | test "returns true if the FQ2 point is infinity" do 53 | x = FQ2.new([0, 0]) 54 | y = FQ2.new([0, 0]) 55 | 56 | assert BN128Arithmetic.on_curve?({x, y}) 57 | end 58 | end 59 | 60 | describe "add_points/2" do 61 | test "fails when point1 is not on the curve" do 62 | point1 = {FQ.new(10), FQ.new(11)} 63 | point2 = {FQ.new(10), FQ.new(110)} 64 | 65 | {:error, "point1 is not on the curve"} = BN128Arithmetic.add(point1, point2) 66 | end 67 | 68 | test "fails when point2 is not on the curve" do 69 | point1 = {FQ.new(1), FQ.new(2)} 70 | point2 = {FQ.new(10), FQ.new(110)} 71 | 72 | {:error, "point2 is not on the curve"} = BN128Arithmetic.add(point1, point2) 73 | end 74 | 75 | test "returns another number when one of the number is infinity" do 76 | point1 = {FQ.new(1), FQ.new(2)} 77 | point2 = {FQ.new(0), FQ.new(0)} 78 | 79 | {:ok, result} = BN128Arithmetic.add(point1, point2) 80 | 81 | assert result == point1 82 | end 83 | 84 | test "doubles number" do 85 | point = {FQ.new(1), FQ.new(2)} 86 | 87 | {:ok, {x, y}} = BN128Arithmetic.add(point, point) 88 | 89 | assert x.value == 90 | 1_368_015_179_489_954_701_390_400_359_078_579_693_043_519_447_331_113_978_918_064_868_415_326_638_035 91 | 92 | assert y.value == 93 | 9_918_110_051_302_171_585_080_402_603_319_702_774_565_515_993_150_576_347_155_970_296_011_118_125_764 94 | end 95 | end 96 | 97 | describe "double/2" do 98 | test "doubles fq12" do 99 | x = 100 | FQ2.new([ 101 | 10_857_046_999_023_057_135_944_570_762_232_829_481_370_756_359_578_518_086_990_519_993_285_655_852_781, 102 | 11_559_732_032_986_387_107_991_004_021_392_285_783_925_812_861_821_192_530_917_403_151_452_391_805_634 103 | ]) 104 | 105 | y = 106 | FQ2.new([ 107 | 8_495_653_923_123_431_417_604_973_247_489_272_438_418_190_587_263_600_148_770_280_649_306_958_101_930, 108 | 4_082_367_875_863_433_681_332_203_403_145_435_568_316_851_327_593_401_208_105_741_076_214_120_093_531 109 | ]) 110 | 111 | {fq12_x, fq12_y} = Pairing.twist({x, y}) 112 | 113 | {result_x, result_y} = BN128Arithmetic.double({fq12_x, fq12_y}) 114 | 115 | expected_x = [ 116 | 0, 117 | 0, 118 | 18_105_141_413_635_662_990_118_814_530_958_692_813_659_961_826_702_827_255_472_554_438_184_121_174_562, 119 | 0, 120 | 0, 121 | 0, 122 | 0, 123 | 0, 124 | 14_583_779_054_894_525_174_450_323_658_765_874_724_019_480_979_794_335_525_732_096_752_006_891_875_705, 125 | 0, 126 | 0, 127 | 0 128 | ] 129 | 130 | expected_y = [ 131 | 0, 132 | 0, 133 | 0, 134 | 8_307_688_249_720_810_073_599_036_112_162_907_370_650_886_140_774_964_402_194_392_543_798_729_073_583, 135 | 0, 136 | 0, 137 | 0, 138 | 0, 139 | 0, 140 | 11_474_861_747_383_700_316_476_719_153_975_578_001_603_231_366_361_248_090_558_603_872_215_261_634_898, 141 | 0, 142 | 0 143 | ] 144 | 145 | result_x.coef 146 | |> Enum.zip(expected_x) 147 | |> Enum.each(fn {result_x, expected_x} -> 148 | assert result_x.value == expected_x 149 | end) 150 | 151 | result_y.coef 152 | |> Enum.zip(expected_y) 153 | |> Enum.each(fn {result_y, expected_y} -> 154 | assert result_y.value == expected_y 155 | end) 156 | end 157 | end 158 | 159 | describe "mult/2" do 160 | test "multiplicates a point on the curve with a scalar when scalar is even" do 161 | scalar = 32 162 | point = {FQ.new(1), FQ.new(2)} 163 | 164 | {:ok, {x, y}} = BN128Arithmetic.mult(point, scalar) 165 | 166 | assert x.value == 167 | 4_873_079_524_557_847_867_653_965_550_062_716_553_062_346_862_158_697_560_012_111_398_864_356_025_363 168 | 169 | assert y.value == 170 | 11_422_470_166_079_944_859_104_614_283_946_245_081_791_188_387_376_113_119_760_245_565_153_108_742_933 171 | end 172 | 173 | test "multiplicates a point on the curve with a scalar when scalar is odd" do 174 | scalar = 129 175 | point = {FQ.new(1), FQ.new(2)} 176 | 177 | {:ok, {x, y}} = BN128Arithmetic.mult(point, scalar) 178 | 179 | assert x.value == 180 | 21_647_570_815_953_321_868_971_961_252_431_263_291_150_719_596_283_258_975_644_850_610_841_440_708_605 181 | 182 | assert y.value == 183 | 653_550_967_422_245_716_267_912_758_477_437_695_534_825_672_172_644_162_691_979_910_407_789_070_686 184 | end 185 | end 186 | end 187 | -------------------------------------------------------------------------------- /test/bn/fq/extended_euclidean_algorithm_test.exs: -------------------------------------------------------------------------------- 1 | defmodule BN.FQ.ExtendedEuclideanAlgorithmTest do 2 | use ExUnit.Case, async: true 3 | 4 | alias BN.FQ.ExtendedEuclideanAlgorithm 5 | 6 | describe "common_greatest_divisor/2" do 7 | test "calculates gcd when it's bigger than 1" do 8 | result = ExtendedEuclideanAlgorithm.common_greatest_divisor(16, 30) 9 | 10 | assert result == 2 11 | end 12 | 13 | test "calculates gcd when it's 1" do 14 | result = ExtendedEuclideanAlgorithm.common_greatest_divisor(5, 7) 15 | 16 | assert result == 1 17 | end 18 | end 19 | 20 | describe "extended_gcd/2" do 21 | test "calculates gcd and modular inverse" do 22 | {gcd, inverse} = ExtendedEuclideanAlgorithm.extended_gcd(15, 26) 23 | 24 | assert gcd == 1 25 | assert inverse == 7 26 | end 27 | end 28 | end 29 | -------------------------------------------------------------------------------- /test/bn/fq12_test.exs: -------------------------------------------------------------------------------- 1 | defmodule BN.FQ12Test do 2 | use ExUnit.Case, async: true 3 | 4 | alias BN.{FQ12, FQ} 5 | 6 | describe "new/1" do 7 | test "creates new fq12" do 8 | coef = [99, 121, 1, 2, 3, 4, 5, 6, 7, 8, 9, 20] 9 | fq12 = FQ12.new(coef) 10 | 11 | assert fq12.dim == 12 12 | 13 | fq12.coef 14 | |> Enum.zip(coef) 15 | |> Enum.each(fn {coef, expected_coef} -> 16 | coef.value == expected_coef 17 | end) 18 | end 19 | end 20 | 21 | describe "add/2" do 22 | test "adds two elements" do 23 | fq2_1 = FQ12.new([75, 898, 1, 2, 3, 4, 5, 6, 7, 8, 9, 20]) 24 | fq2_2 = FQ12.new([981, 121, 1, 2, 3, 4, 5, 6, 7, 8, 9, 50]) 25 | 26 | result = FQ12.add(fq2_1, fq2_2) 27 | 28 | fq2_1.coef 29 | |> Enum.zip(fq2_2.coef) 30 | |> Enum.zip(result.coef) 31 | |> Enum.each(fn {{coef1, coef2}, expected_coef} -> 32 | assert expected_coef.value == coef1.value + coef2.value 33 | end) 34 | end 35 | end 36 | 37 | describe "substact/2" do 38 | test "substacts two elements" do 39 | fq2_1 = FQ12.new([75, 898, 1, 2, 3, 4, 5, 6, 7, 8, 9, 20]) 40 | fq2_2 = FQ12.new([981, 121, 1, 2, 3, 4, 5, 6, 7, 8, 9, 50]) 41 | 42 | result = FQ12.sub(fq2_1, fq2_2) 43 | 44 | fq2_1.coef 45 | |> Enum.zip(fq2_2.coef) 46 | |> Enum.zip(result.coef) 47 | |> Enum.each(fn {{coef1, coef2}, expected_coef} -> 48 | assert expected_coef.value == FQ.sub(coef1, coef2).value 49 | end) 50 | end 51 | end 52 | 53 | describe "mult/2" do 54 | test "multiplies two elements" do 55 | fq2_1 = FQ12.new([75, 898, 1, 2, 3, 4, 5, 6, 7, 8, 9, 20]) 56 | fq2_2 = FQ12.new([981, 121, 1, 2, 3, 4, 5, 6, 7, 8, 9, 50]) 57 | 58 | result = FQ12.mult(fq2_1, fq2_2) 59 | 60 | expected_coef = [ 61 | 21_888_242_871_839_275_222_246_405_745_257_275_088_696_311_157_297_823_662_689_037_894_645_221_488_028, 62 | 21_888_242_871_839_275_222_246_405_745_257_275_088_696_311_157_297_823_662_689_037_894_645_226_140_672, 63 | 21_888_242_871_839_275_222_246_405_745_257_275_088_696_311_157_297_823_662_689_037_894_645_225_342_333, 64 | 21_888_242_871_839_275_222_246_405_745_257_275_088_696_311_157_297_823_662_689_037_894_645_225_245_262, 65 | 21_888_242_871_839_275_222_246_405_745_257_275_088_696_311_157_297_823_662_689_037_894_645_224_695_560, 66 | 21_888_242_871_839_275_222_246_405_745_257_275_088_696_311_157_297_823_662_689_037_894_645_226_169_128, 67 | 1_011_716, 68 | 169_739, 69 | 175_215, 70 | 176_125, 71 | 269_010, 72 | 42_921 73 | ] 74 | 75 | result.coef 76 | |> Enum.zip(expected_coef) 77 | |> Enum.each(fn {coef, expected} -> 78 | coef.value == expected 79 | end) 80 | end 81 | end 82 | 83 | describe "divide/2" do 84 | test "divides two elements" do 85 | fq2_1 = FQ12.new([75, 898, 1, 2, 3, 4, 5, 6, 7, 8, 9, 20]) 86 | fq2_2 = FQ12.new([981, 121, 1, 2, 3, 4, 5, 6, 7, 8, 9, 50]) 87 | 88 | result = FQ12.divide(fq2_1, fq2_2) 89 | 90 | expected_coef = [ 91 | 2_011_881_740_848_420_920_412_253_751_038_762_419_430_102_153_950_850_221_676_466_562_855_973_754_445, 92 | 14_400_486_370_873_772_725_013_789_080_267_577_463_474_983_676_223_443_419_921_924_776_206_449_109_882, 93 | 3_880_172_452_329_649_098_226_867_467_011_399_220_057_958_445_755_754_671_938_611_004_932_934_262_591, 94 | 19_267_038_593_667_322_651_366_954_362_160_470_787_252_885_822_036_059_851_182_156_474_239_910_032_650, 95 | 8_070_019_333_179_895_648_872_912_202_405_855_592_483_534_956_567_238_870_192_387_861_000_658_114_964, 96 | 138_560_801_305_516_396_668_456_098_109_173_790_277_108_206_271_606_001_003_111_242_705_426_330_301, 97 | 16_445_893_878_284_927_596_867_359_394_850_807_920_867_311_194_834_863_906_495_351_152_395_091_436_097, 98 | 7_273_840_868_245_808_549_086_108_720_055_169_460_383_208_083_298_349_344_049_229_629_551_930_514_769, 99 | 13_473_674_523_999_384_748_528_900_303_955_470_136_587_441_314_720_169_383_602_070_545_250_485_703_988, 100 | 258_017_347_001_203_161_848_516_548_147_742_812_565_844_068_859_191_584_520_559_875_454_409_716_147, 101 | 17_652_917_065_625_673_115_435_686_846_464_935_803_096_889_936_457_664_837_470_388_463_098_888_420_037, 102 | 16_667_376_103_103_292_788_101_877_382_733_354_254_284_775_666_180_352_135_985_281_739_652_286_964_120 103 | ] 104 | 105 | result.coef 106 | |> Enum.zip(expected_coef) 107 | |> Enum.each(fn {coef, expected} -> 108 | coef.value == expected 109 | end) 110 | end 111 | end 112 | 113 | describe "pow/2" do 114 | test "calculates pow" do 115 | fq12 = FQ12.new([78_578, 16_935_315, 981, 323_134, 3_456_462, 1, 2, 3, 4, 5, 11, 12]) 116 | 117 | result = FQ12.pow(fq12, 19) 118 | 119 | expected_coef = [ 120 | 8_840_101_169_779_087_582_674_491_494_374_419_146_510_116_685_920_572_308_835_651_046_426_232_677_452, 121 | 10_042_027_930_515_554_531_665_818_328_966_093_761_114_188_216_806_722_082_069_585_612_612_250_070_108, 122 | 6_025_529_351_052_012_710_236_538_646_073_206_168_380_815_789_296_340_419_621_091_718_890_713_406_224, 123 | 3_513_039_178_211_280_255_388_413_423_823_200_494_952_456_478_251_683_030_740_000_633_242_757_813_705, 124 | 10_898_852_990_727_690_166_049_002_703_535_648_304_346_991_769_757_475_127_957_936_617_412_117_660_256, 125 | 7_498_502_979_416_012_982_838_484_066_967_954_545_978_931_427_098_773_740_232_539_128_779_444_314_555, 126 | 21_451_951_985_252_094_028_813_446_030_653_387_743_570_008_815_386_123_629_799_453_395_296_128_640_695, 127 | 3_968_795_236_540_475_071_355_376_899_443_226_784_999_158_050_244_885_295_837_856_579_561_319_140_934, 128 | 18_572_314_296_584_958_184_149_369_327_434_636_955_775_897_992_611_093_291_987_836_245_126_103_028_311, 129 | 6_895_492_099_243_039_645_070_866_318_233_289_729_475_380_339_356_975_299_775_917_828_910_489_358_501, 130 | 6_393_623_487_386_613_266_195_172_175_788_162_068_007_676_164_184_456_119_601_853_695_918_768_212_541, 131 | 16_883_752_234_240_534_363_843_987_352_760_341_172_278_213_230_623_594_473_673_781_654_831_430_194_971 132 | ] 133 | 134 | result.coef 135 | |> Enum.zip(expected_coef) 136 | |> Enum.each(fn {coef, expected} -> 137 | coef.value == expected 138 | end) 139 | end 140 | end 141 | end 142 | -------------------------------------------------------------------------------- /test/bn/fq2_test.exs: -------------------------------------------------------------------------------- 1 | defmodule BN.FQ2Test do 2 | use ExUnit.Case, async: true 3 | 4 | alias BN.{FQP, FQ2, FQ} 5 | 6 | describe "new/1" do 7 | test "creates new fq2" do 8 | fq2 = FQ2.new([99, 121]) 9 | 10 | expected_result = %FQP{ 11 | coef: [ 12 | %BN.FQ{ 13 | modulus: 14 | 21_888_242_871_839_275_222_246_405_745_257_275_088_696_311_157_297_823_662_689_037_894_645_226_208_583, 15 | value: 99 16 | }, 17 | %BN.FQ{ 18 | modulus: 19 | 21_888_242_871_839_275_222_246_405_745_257_275_088_696_311_157_297_823_662_689_037_894_645_226_208_583, 20 | value: 121 21 | } 22 | ], 23 | dim: 2, 24 | modulus_coef: [1, 0] 25 | } 26 | 27 | assert fq2 == expected_result 28 | end 29 | end 30 | 31 | describe "add/2" do 32 | test "adds two elements" do 33 | fq2_1 = FQ2.new([75, 898]) 34 | fq2_2 = FQ2.new([981, 121]) 35 | 36 | result = FQ2.add(fq2_1, fq2_2) 37 | 38 | fq2_1.coef 39 | |> Enum.zip(fq2_2.coef) 40 | |> Enum.zip(result.coef) 41 | |> Enum.each(fn {{coef1, coef2}, expected_coef} -> 42 | assert expected_coef.value == coef1.value + coef2.value 43 | end) 44 | end 45 | end 46 | 47 | describe "substact/2" do 48 | test "substacts two elements" do 49 | fq2_1 = FQ2.new([75, 898]) 50 | fq2_2 = FQ2.new([981, 121]) 51 | 52 | result = FQ2.sub(fq2_1, fq2_2) 53 | 54 | fq2_1.coef 55 | |> Enum.zip(fq2_2.coef) 56 | |> Enum.zip(result.coef) 57 | |> Enum.each(fn {{coef1, coef2}, expected_coef} -> 58 | assert expected_coef.value == FQ.sub(coef1, coef2).value 59 | end) 60 | end 61 | end 62 | 63 | describe "mult/2" do 64 | test "multiplies two elements" do 65 | fq2_1 = FQ2.new([75, 898]) 66 | fq2_2 = FQ2.new([981, 121]) 67 | 68 | result = FQ2.mult(fq2_1, fq2_2) 69 | 70 | expected_coef = [ 71 | 21_888_242_871_839_275_222_246_405_745_257_275_088_696_311_157_297_823_662_689_037_894_645_226_173_500, 72 | 890_013 73 | ] 74 | 75 | result.coef 76 | |> Enum.zip(expected_coef) 77 | |> Enum.each(fn {coef, expected} -> 78 | coef.value == expected 79 | end) 80 | end 81 | end 82 | 83 | describe "divide/2" do 84 | test "divides two elements" do 85 | fq2_1 = FQ2.new([75, 898]) 86 | fq2_2 = FQ2.new([981, 121]) 87 | 88 | result = FQ2.divide(fq2_1, fq2_2) 89 | 90 | expected_coef = [ 91 | 4_075_707_939_158_380_910_434_915_048_684_075_627_236_074_250_276_961_535_582_708_982_077_358_580_171, 92 | 13_687_830_587_004_704_333_523_026_843_111_981_453_124_657_402_403_571_359_495_127_741_246_690_601_895 93 | ] 94 | 95 | result.coef 96 | |> Enum.zip(expected_coef) 97 | |> Enum.each(fn {coef, expected} -> 98 | coef.value == expected 99 | end) 100 | end 101 | end 102 | 103 | describe "pow/2" do 104 | test "calculates pow" do 105 | fq2 = FQ2.new([78_578, 16_935_315]) 106 | 107 | result = FQ2.pow(fq2, 20) 108 | 109 | expected_coef = [ 110 | 13_054_633_223_646_163_942_309_616_969_537_871_020_816_862_167_935_657_026_659_886_183_170_961_591_649, 111 | 16_377_334_708_053_500_744_071_454_407_667_396_397_316_036_402_006_038_996_934_175_435_754_022_362_587 112 | ] 113 | 114 | result.coef 115 | |> Enum.zip(expected_coef) 116 | |> Enum.each(fn {coef, expected} -> 117 | coef.value == expected 118 | end) 119 | end 120 | end 121 | end 122 | -------------------------------------------------------------------------------- /test/bn/fq_test.exs: -------------------------------------------------------------------------------- 1 | defmodule BN.FQTest do 2 | use ExUnit.Case, async: true 3 | 4 | alias BN.FQ 5 | 6 | describe "new/2" do 7 | test "creates new integer mod p" do 8 | integer = FQ.new(10, modulus: 3) 9 | 10 | assert integer.value == 1 11 | assert integer.modulus == 3 12 | end 13 | 14 | test "create new integer mod p with default modulus" do 15 | integer = 16 | FQ.new( 17 | 21_888_242_871_839_275_222_246_405_745_257_275_088_696_311_157_297_823_662_689_037_894_645_226_208_585 18 | ) 19 | 20 | assert integer.value == 2 21 | 22 | assert integer.modulus == 23 | 21_888_242_871_839_275_222_246_405_745_257_275_088_696_311_157_297_823_662_689_037_894_645_226_208_583 24 | end 25 | 26 | test "always returns postive number" do 27 | integer = FQ.new(-12, modulus: 5) 28 | 29 | assert integer.value == 3 30 | assert integer.modulus == 5 31 | end 32 | end 33 | 34 | describe "add/2" do 35 | test "calculates (a + b) mod p" do 36 | integer1 = FQ.new(11, modulus: 5) 37 | integer2 = FQ.new(40, modulus: 5) 38 | 39 | result = FQ.add(integer1, integer2) 40 | 41 | assert result.value == 1 42 | assert result.modulus == 5 43 | end 44 | 45 | test "raises error on different modulus" do 46 | integer1 = FQ.new(11, modulus: 4) 47 | integer2 = FQ.new(40, modulus: 5) 48 | 49 | assert_raise ArgumentError, fn -> 50 | FQ.add(integer1, integer2) 51 | end 52 | end 53 | 54 | test "raies error on wrong input arguments" do 55 | integer1 = 1 56 | integer2 = 7 57 | 58 | assert_raise ArgumentError, fn -> 59 | FQ.add(integer1, integer2) 60 | end 61 | end 62 | end 63 | 64 | describe "sub/2" do 65 | test "calculates (a - b) mod p" do 66 | integer1 = FQ.new(11, modulus: 7) 67 | integer2 = FQ.new(5, modulus: 7) 68 | 69 | result = FQ.add(integer1, integer2) 70 | 71 | assert result.value == 2 72 | assert result.modulus == 7 73 | end 74 | 75 | test "raises error on different modulus" do 76 | integer1 = FQ.new(11, modulus: 4) 77 | integer2 = FQ.new(40, modulus: 5) 78 | 79 | assert_raise ArgumentError, fn -> 80 | FQ.sub(integer1, integer2) 81 | end 82 | end 83 | 84 | test "raies error on wrong input arguments" do 85 | integer1 = 1 86 | integer2 = 7 87 | 88 | assert_raise ArgumentError, fn -> 89 | FQ.sub(integer1, integer2) 90 | end 91 | end 92 | end 93 | 94 | describe "mult/2" do 95 | test "calculates (a * b) mod p" do 96 | integer1 = FQ.new(17, modulus: 8) 97 | integer2 = FQ.new(28, modulus: 8) 98 | 99 | result = FQ.mult(integer1, integer2) 100 | 101 | assert result.value == 4 102 | assert result.modulus == 8 103 | end 104 | 105 | test "calculates (a * b) mod p when b is a simple integer" do 106 | integer1 = FQ.new(17, modulus: 8) 107 | integer2 = 2 108 | 109 | result = FQ.mult(integer1, integer2) 110 | 111 | assert result.value == 2 112 | assert result.modulus == 8 113 | end 114 | 115 | test "raises error on different modulus" do 116 | integer1 = FQ.new(11, modulus: 4) 117 | integer2 = FQ.new(40, modulus: 5) 118 | 119 | assert_raise ArgumentError, fn -> 120 | FQ.mult(integer1, integer2) 121 | end 122 | end 123 | 124 | test "raies error on wrong input arguments" do 125 | integer1 = 1 126 | integer2 = 7 127 | 128 | assert_raise ArgumentError, fn -> 129 | FQ.mult(integer1, integer2) 130 | end 131 | end 132 | end 133 | 134 | describe "divide/2" do 135 | test "calculates (a / b) mod p" do 136 | integer1 = FQ.new(2, modulus: 3) 137 | integer2 = FQ.new(10, modulus: 3) 138 | 139 | result = FQ.divide(integer1, integer2) 140 | 141 | assert result.value == 2 142 | assert result.modulus == 3 143 | end 144 | 145 | test "raises error on different modulus" do 146 | integer1 = FQ.new(11, modulus: 4) 147 | integer2 = FQ.new(40, modulus: 5) 148 | 149 | assert_raise ArgumentError, fn -> 150 | FQ.divide(integer1, integer2) 151 | end 152 | end 153 | end 154 | 155 | describe "pow/2" do 156 | test "returns 1 when exponent is 0" do 157 | integer1 = FQ.new(11, modulus: 5) 158 | integer2 = 0 159 | 160 | result = FQ.pow(integer1, integer2) 161 | 162 | assert result.value == 1 163 | assert result.modulus == 5 164 | end 165 | 166 | test "returns original number when exponent is 1" do 167 | integer1 = FQ.new(11, modulus: 5) 168 | integer2 = 1 169 | 170 | result = FQ.pow(integer1, integer2) 171 | 172 | assert result.value == integer1.value 173 | assert result.modulus == integer1.modulus 174 | end 175 | 176 | test "calculate mod_pow(a, b)" do 177 | integer1 = FQ.new(11, modulus: 5) 178 | integer2 = 2 179 | 180 | result = FQ.pow(integer1, integer2) 181 | 182 | assert result.value == 1 183 | assert result.modulus == 5 184 | end 185 | 186 | test "raies error on wrong input arguments" do 187 | integer1 = 1 188 | integer2 = 7 189 | 190 | assert_raise ArgumentError, fn -> 191 | FQ.pow(integer1, integer2) 192 | end 193 | end 194 | end 195 | end 196 | -------------------------------------------------------------------------------- /test/bn/fqp_test.exs: -------------------------------------------------------------------------------- 1 | defmodule BN.FQPTest do 2 | use ExUnit.Case, async: true 3 | 4 | alias BN.{FQP, FQ} 5 | 6 | describe "new/2" do 7 | test "creates a new fqp12 field element" do 8 | modulus_coef = [82, 0, 0, 0, 0, 0, -18, 0, 0, 0, 0, 0] 9 | coef = [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12] 10 | 11 | result = FQP.new(coef, modulus_coef) 12 | 13 | assert result.modulus_coef == modulus_coef 14 | assert result.dim == 12 15 | 16 | result.coef 17 | |> Enum.zip(coef) 18 | |> Enum.each(fn {fq_coef, coef} -> 19 | assert fq_coef.value == coef 20 | end) 21 | end 22 | end 23 | 24 | describe "add/2" do 25 | test "add two fqp12 field elements" do 26 | modulus_coef = [82, 0, 0, 0, 0, 0, -18, 0, 0, 0, 0, 0] 27 | coef1 = [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12] 28 | coef2 = Enum.reverse(coef1) 29 | 30 | fqp1 = FQP.new(coef1, modulus_coef) 31 | fqp2 = FQP.new(coef2, modulus_coef) 32 | 33 | result = FQP.add(fqp1, fqp2) 34 | 35 | assert result.modulus_coef == modulus_coef 36 | assert result.dim == 12 37 | 38 | result.coef 39 | |> Enum.zip(coef1) 40 | |> Enum.zip(coef2) 41 | |> Enum.each(fn {{fq_coef, coef1}, coef2} -> 42 | assert fq_coef.value == coef1 + coef2 43 | end) 44 | end 45 | end 46 | 47 | describe "sub/2" do 48 | test "substract two fqp12 field elements" do 49 | modulus_coef = [82, 0, 0, 0, 0, 0, -18, 0, 0, 0, 0, 0] 50 | coef1 = [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12] 51 | coef2 = Enum.reverse(coef1) 52 | 53 | fqp1 = FQP.new(coef1, modulus_coef) 54 | fqp2 = FQP.new(coef2, modulus_coef) 55 | 56 | result = FQP.sub(fqp2, fqp1) 57 | 58 | assert result.modulus_coef == modulus_coef 59 | assert result.dim == 12 60 | 61 | result.coef 62 | |> Enum.zip(coef1) 63 | |> Enum.zip(coef2) 64 | |> Enum.each(fn {{fq_coef, coef1}, coef2} -> 65 | fq1 = FQ.new(coef2) 66 | fq2 = FQ.new(coef1) 67 | 68 | assert fq_coef == FQ.sub(fq1, fq2) 69 | end) 70 | end 71 | end 72 | 73 | describe "mult/2" do 74 | test "multiplies fq12 with fq" do 75 | modulus_coef = [82, 0, 0, 0, 0, 0, -18, 0, 0, 0, 0, 0] 76 | coef = [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12] 77 | 78 | fqp = FQP.new(coef, modulus_coef) 79 | fq = FQ.new(2) 80 | 81 | result = FQP.mult(fqp, fq) 82 | 83 | assert result.dim == fqp.dim 84 | assert result.modulus_coef == modulus_coef 85 | 86 | result.coef 87 | |> Enum.zip(fqp.coef) 88 | |> Enum.each(fn {res_coef, fqp_coef} -> 89 | assert res_coef == FQ.mult(fqp_coef, fq) 90 | end) 91 | end 92 | 93 | test "multiplies fq12 with integer" do 94 | modulus_coef = [82, 0, 0, 0, 0, 0, -18, 0, 0, 0, 0, 0] 95 | coef = [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12] 96 | 97 | fqp = FQP.new(coef, modulus_coef) 98 | integer = 2 99 | 100 | result = FQP.mult(fqp, 2) 101 | 102 | assert result.dim == fqp.dim 103 | assert result.modulus_coef == modulus_coef 104 | 105 | result.coef 106 | |> Enum.zip(fqp.coef) 107 | |> Enum.each(fn {res_coef, fqp_coef} -> 108 | assert res_coef == FQ.mult(fqp_coef, integer) 109 | end) 110 | end 111 | 112 | test "multiplies fq12 element to 1" do 113 | modulus_coef = [82, 0, 0, 0, 0, 0, -18, 0, 0, 0, 0, 0] 114 | 115 | coef1 = [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12] 116 | fpq1 = FQP.new(coef1, modulus_coef) 117 | 118 | coef2 = [1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0] 119 | fpq2 = FQP.new(coef2, modulus_coef) 120 | 121 | assert FQP.mult(fpq1, fpq2) == fpq1 122 | end 123 | 124 | test "multiplies two fq12 elements" do 125 | modulus_coef = [82, 0, 0, 0, 0, 0, -18, 0, 0, 0, 0, 0] 126 | coef1 = [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12] 127 | fpq1 = FQP.new(coef1, modulus_coef) 128 | 129 | coef2 = [12, 11, 10, 9, 8, 7, 6, 5, 4, 3, 2, 1] 130 | fpq2 = FQP.new(coef2, modulus_coef) 131 | 132 | expected_coef = [ 133 | 21_888_242_871_839_275_222_246_405_745_257_275_088_696_311_157_297_823_662_689_037_894_645_225_925_531, 134 | 21_888_242_871_839_275_222_246_405_745_257_275_088_696_311_157_297_823_662_689_037_894_645_226_005_668, 135 | 21_888_242_871_839_275_222_246_405_745_257_275_088_696_311_157_297_823_662_689_037_894_645_226_073_843, 136 | 21_888_242_871_839_275_222_246_405_745_257_275_088_696_311_157_297_823_662_689_037_894_645_226_128_497, 137 | 21_888_242_871_839_275_222_246_405_745_257_275_088_696_311_157_297_823_662_689_037_894_645_226_168_071, 138 | 21_888_242_871_839_275_222_246_405_745_257_275_088_696_311_157_297_823_662_689_037_894_645_226_191_006, 139 | 49_296, 140 | 35_878, 141 | 24_436, 142 | 15_229, 143 | 8516, 144 | 4556 145 | ] 146 | 147 | result1 = FQP.mult(fpq1, fpq2) 148 | 149 | result1.coef 150 | |> Enum.zip(expected_coef) 151 | |> Enum.each(fn {fpcoef, coef} -> 152 | assert fpcoef.value == coef 153 | end) 154 | 155 | result2 = FQP.mult(fpq2, fpq1) 156 | 157 | assert result1 == result2 158 | end 159 | end 160 | 161 | describe "inverse/1" do 162 | test "calculates inverse of fqp12 element" do 163 | modulus_coef = [82, 0, 0, 0, 0, 0, -18, 0, 0, 0, 0, 0] 164 | 165 | coef = [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12] 166 | fpq = FQP.new(coef, modulus_coef) 167 | 168 | res = FQP.inverse(fpq) 169 | 170 | expected_result = [ 171 | 15_374_259_089_530_920_486_954_108_410_929_816_790_118_611_324_082_378_089_409_762_753_204_697_760_634, 172 | 15_522_010_041_431_329_291_860_390_278_399_668_584_078_556_069_590_201_987_280_948_002_544_674_244_273, 173 | 68_022_260_863_823_743_347_377_227_287_641_796_538_272_231_388_872_913_831_466_339_891_934_772_537, 174 | 18_379_734_506_036_723_734_667_889_612_980_182_924_577_003_798_278_207_186_085_931_552_493_878_713_931, 175 | 4_142_838_114_924_082_811_005_677_060_202_405_138_285_522_848_420_353_144_132_994_781_449_574_643_173, 176 | 17_109_344_097_949_857_168_631_823_265_500_346_857_012_536_889_224_507_642_359_481_985_842_495_899_252, 177 | 9_948_347_373_262_575_965_554_824_458_897_571_642_512_138_219_001_448_783_255_449_543_931_123_492_015, 178 | 12_921_816_282_347_125_285_315_019_359_583_664_420_260_144_598_209_537_204_134_897_385_571_466_837_799, 179 | 14_579_431_102_900_616_518_386_503_897_964_591_551_805_796_904_912_841_718_065_807_406_261_872_232_914, 180 | 1_847_733_261_220_391_269_213_417_796_051_502_538_790_338_884_054_083_994_265_704_494_469_045_803_163, 181 | 3_655_464_119_449_516_550_553_239_117_844_740_991_949_296_371_600_756_381_424_349_350_509_333_448_623, 182 | 445_123_865_037_066_322_898_963_051_246_736_545_692_599_412_853_025_507_340_755_812_203_195_645_503 183 | ] 184 | 185 | res.coef 186 | |> Enum.zip(expected_result) 187 | |> Enum.each(fn {coef, expected_coef} -> 188 | assert coef.value == expected_coef 189 | end) 190 | end 191 | end 192 | 193 | describe "divide/2" do 194 | test "divides two fqp12 elements" do 195 | modulus_coef = [82, 0, 0, 0, 0, 0, -18, 0, 0, 0, 0, 0] 196 | 197 | coef1 = [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12] 198 | fpq1 = FQP.new(coef1, modulus_coef) 199 | 200 | coef2 = Enum.reverse(coef1) 201 | fpq2 = FQP.new(coef2, modulus_coef) 202 | 203 | result = FQP.divide(fpq1, fpq2) 204 | 205 | expected_result = [ 206 | 2_001_247_856_269_400_534_783_464_798_642_244_941_705_624_433_157_995_071_652_025_834_306_793_838_734, 207 | 18_904_588_598_317_333_438_106_115_287_242_887_735_944_760_612_258_684_573_049_626_722_372_365_857_370, 208 | 11_725_045_245_880_289_105_654_165_921_588_041_216_852_941_697_974_005_748_335_459_146_530_820_202_604, 209 | 17_587_369_617_680_612_996_641_773_727_342_092_746_980_544_475_165_115_214_126_727_977_144_691_649_695, 210 | 4_520_931_156_395_251_407_274_372_724_541_981_472_622_844_479_493_870_509_950_724_511_214_447_261_327, 211 | 3_281_985_365_647_403_453_944_655_277_569_163_543_001_631_339_987_988_712_623_070_731_022_692_501_618, 212 | 18_027_820_706_806_974_979_850_935_502_925_632_344_882_536_958_778_219_925_185_735_142_621_021_404_356, 213 | 10_475_183_300_737_621_962_360_744_127_074_641_787_972_898_622_776_430_310_815_134_556_060_678_848_979, 214 | 21_632_475_233_612_772_848_436_425_569_148_478_204_882_929_409_445_248_191_403_258_102_149_829_060_585, 215 | 12_829_614_577_814_474_401_013_346_181_160_966_310_971_652_158_073_100_894_337_653_197_410_362_513_736, 216 | 16_982_331_859_403_317_778_610_325_431_052_542_446_321_584_841_778_663_337_272_025_129_864_022_968_005, 217 | 13_878_928_846_595_726_697_655_621_091_736_425_420_729_056_610_923_758_236_151_780_512_268_870_253_763 218 | ] 219 | 220 | result.coef 221 | |> Enum.zip(expected_result) 222 | |> Enum.each(fn {coef, expected_coef} -> 223 | assert coef.value == expected_coef 224 | end) 225 | end 226 | end 227 | 228 | describe "pow/2" do 229 | test "involutes fqp element (even power)" do 230 | modulus_coef = [82, 0, 0, 0, 0, 0, -18, 0, 0, 0, 0, 0] 231 | 232 | coef = [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12] 233 | fqp = FQP.new(coef, modulus_coef) 234 | power = 8 235 | 236 | result = FQP.pow(fqp, power) 237 | 238 | expected_coef = [ 239 | 21_888_242_871_839_275_222_246_405_745_257_275_088_696_311_157_297_660_295_583_634_451_385_949_957_088, 240 | 21_888_242_871_839_275_222_246_405_745_257_275_088_696_311_157_297_711_432_598_665_942_820_115_180_983, 241 | 21_888_242_871_839_275_222_246_405_745_257_275_088_696_311_157_297_746_447_454_178_134_223_200_688_543, 242 | 21_888_242_871_839_275_222_246_405_745_257_275_088_696_311_157_297_770_429_414_535_409_486_722_301_783, 243 | 21_888_242_871_839_275_222_246_405_745_257_275_088_696_311_157_297_786_947_397_787_473_957_610_559_653, 244 | 21_888_242_871_839_275_222_246_405_745_257_275_088_696_311_157_297_798_389_750_832_256_535_816_288_023, 245 | 18_516_627_536_911_662_774_034_960, 246 | 12_749_144_010_476_372_130_044_560, 247 | 8_791_147_483_189_204_989_676_246, 248 | 6_073_999_384_122_317_760_562_320, 249 | 4_198_324_318_477_147_984_830_750, 250 | 2_896_291_412_015_444_298_009_360 251 | ] 252 | 253 | result.coef 254 | |> Enum.zip(expected_coef) 255 | |> Enum.map(fn {result_coef, expected_coef} -> 256 | assert result_coef.value == expected_coef 257 | end) 258 | end 259 | 260 | test "involutes fqp element (odd power)" do 261 | modulus_coef = [82, 0, 0, 0, 0, 0, -18, 0, 0, 0, 0, 0] 262 | 263 | coef = [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12] 264 | fqp = FQP.new(coef, modulus_coef) 265 | power = 11 266 | 267 | result = FQP.pow(fqp, power) 268 | 269 | expected_coef = [ 270 | 21_888_242_871_839_275_222_246_405_745_257_275_088_695_337_880_607_355_811_793_777_742_927_760_449_530, 271 | 21_888_242_871_839_275_222_246_405_745_257_275_088_695_634_213_542_390_727_413_383_484_869_685_989_505, 272 | 21_888_242_871_839_275_222_246_405_745_257_275_088_695_840_513_263_209_106_724_595_141_568_846_269_530, 273 | 21_888_242_871_839_275_222_246_405_745_257_275_088_695_984_020_068_398_021_976_245_111_378_968_716_015, 274 | 21_888_242_871_839_275_222_246_405_745_257_275_088_696_083_810_059_887_269_711_784_453_191_276_718_069, 275 | 21_888_242_871_839_275_222_246_405_745_257_275_088_696_153_206_873_769_186_804_702_460_183_429_526_811, 276 | 103_961_062_411_746_805_187_410_995_298_689_660, 277 | 72_468_684_424_844_939_314_846_399_474_219_500, 278 | 50_494_762_044_041_562_592_745_156_405_748_405, 279 | 35_174_631_091_403_462_555_293_024_676_232_138, 280 | 24_497_576_701_533_307_627_008_147_988_801_863, 281 | 17_056_030_620_088_975_091_867_486_549_480_184 282 | ] 283 | 284 | result.coef 285 | |> Enum.zip(expected_coef) 286 | |> Enum.map(fn {result_coef, expected_coef} -> 287 | assert result_coef.value == expected_coef 288 | end) 289 | end 290 | end 291 | end 292 | -------------------------------------------------------------------------------- /test/bn/pairing_test.exs: -------------------------------------------------------------------------------- 1 | defmodule BN.PairingTest do 2 | use ExUnit.Case, async: true 3 | 4 | alias BN.{Pairing, FQ2, BN128Arithmetic, FQ, FQ12} 5 | 6 | describe "twist/1" do 7 | test "twists fq2 point to fq12" do 8 | x = 9 | FQ2.new([ 10 | 10_857_046_999_023_057_135_944_570_762_232_829_481_370_756_359_578_518_086_990_519_993_285_655_852_781, 11 | 11_559_732_032_986_387_107_991_004_021_392_285_783_925_812_861_821_192_530_917_403_151_452_391_805_634 12 | ]) 13 | 14 | y = 15 | FQ2.new([ 16 | 8_495_653_923_123_431_417_604_973_247_489_272_438_418_190_587_263_600_148_770_280_649_306_958_101_930, 17 | 4_082_367_875_863_433_681_332_203_403_145_435_568_316_851_327_593_401_208_105_741_076_214_120_093_531 18 | ]) 19 | 20 | {result_x, result_y} = twisted = Pairing.twist({x, y}) 21 | assert BN128Arithmetic.on_curve?(twisted) 22 | 23 | expected_x_coordinates = [ 24 | 0, 25 | 0, 26 | 16_260_673_061_341_949_275_257_563_295_988_632_869_519_996_389_676_903_622_179_081_103_440_260_644_990, 27 | 0, 28 | 0, 29 | 0, 30 | 0, 31 | 0, 32 | 11_559_732_032_986_387_107_991_004_021_392_285_783_925_812_861_821_192_530_917_403_151_452_391_805_634, 33 | 0, 34 | 0, 35 | 0 36 | ] 37 | 38 | expected_y_coordinates = [ 39 | 0, 40 | 0, 41 | 0, 42 | 15_530_828_784_031_078_730_107_954_109_694_902_500_959_150_953_518_636_601_196_686_752_670_329_677_317, 43 | 0, 44 | 0, 45 | 0, 46 | 0, 47 | 0, 48 | 4_082_367_875_863_433_681_332_203_403_145_435_568_316_851_327_593_401_208_105_741_076_214_120_093_531, 49 | 0, 50 | 0 51 | ] 52 | 53 | result_x.coef 54 | |> Enum.zip(expected_x_coordinates) 55 | |> Enum.each(fn {result, expected} -> 56 | assert result.value == expected 57 | end) 58 | 59 | result_y.coef 60 | |> Enum.zip(expected_y_coordinates) 61 | |> Enum.each(fn {result, expected} -> 62 | assert result.value == expected 63 | end) 64 | end 65 | end 66 | 67 | describe "point_to_fq12/1" do 68 | test "converts fq point to fq12" do 69 | x = FQ.new(1) 70 | y = FQ.new(2) 71 | 72 | point = {x, y} 73 | 74 | {result_x, result_y} = Pairing.point_to_fq12(point) 75 | 76 | expected_x = [x.value] ++ List.duplicate(0, 11) 77 | expected_y = [y.value] ++ List.duplicate(0, 11) 78 | 79 | result_y.coef 80 | |> Enum.zip(expected_y) 81 | |> Enum.each(fn {result, expected} -> 82 | assert result.value == expected 83 | end) 84 | 85 | result_x.coef 86 | |> Enum.zip(expected_x) 87 | |> Enum.each(fn {result, expected} -> 88 | assert result.value == expected 89 | end) 90 | end 91 | end 92 | 93 | describe "linefunc/3" do 94 | test "calculates linefunc when x1 != x2" do 95 | p1 = FQ12.new([1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12]) 96 | p2 = FQ12.new([12, 11, 10, 9, 8, 7, 6, 5, 4, 3, 2, 1]) 97 | p3 = FQ12.new([13, 11, 14, 9, 15, 7, 16, 5, 17, 3, 18, 1]) 98 | 99 | result = Pairing.linefunc({p1, p2}, {p2, p1}, {p1, p3}) 100 | 101 | expected_coef = [ 102 | 21_888_242_871_839_275_222_246_405_745_257_275_088_696_311_157_297_823_662_689_037_894_645_226_208_582, 103 | 0, 104 | 21_888_242_871_839_275_222_246_405_745_257_275_088_696_311_157_297_823_662_689_037_894_645_226_208_579, 105 | 0, 106 | 21_888_242_871_839_275_222_246_405_745_257_275_088_696_311_157_297_823_662_689_037_894_645_226_208_576, 107 | 0, 108 | 21_888_242_871_839_275_222_246_405_745_257_275_088_696_311_157_297_823_662_689_037_894_645_226_208_573, 109 | 0, 110 | 21_888_242_871_839_275_222_246_405_745_257_275_088_696_311_157_297_823_662_689_037_894_645_226_208_570, 111 | 0, 112 | 21_888_242_871_839_275_222_246_405_745_257_275_088_696_311_157_297_823_662_689_037_894_645_226_208_567, 113 | 0 114 | ] 115 | 116 | result.coef 117 | |> Enum.zip(expected_coef) 118 | |> Enum.each(fn {coef, expected_coef} -> 119 | assert coef.value == expected_coef 120 | end) 121 | end 122 | 123 | test "calculates linefunc y1 == y2 and x1 == x2" do 124 | p1 = FQ12.new([1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12]) 125 | p2 = FQ12.new([12, 11, 10, 9, 8, 7, 6, 5, 4, 3, 2, 1]) 126 | p3 = FQ12.new([13, 11, 14, 9, 15, 7, 16, 5, 17, 3, 18, 1]) 127 | 128 | result = Pairing.linefunc({p1, p2}, {p1, p2}, {p3, p1}) 129 | 130 | expected_coef = [ 131 | 10_439_819_245_746_058_310_313_139_969_226_061_548_970_476_147_158_647_771_098_738_126_702_333_288_275, 132 | 20_209_404_315_088_719_024_841_530_023_757_577_221_442_916_246_032_402_603_258_361_507_763_482_253_162, 133 | 12_346_372_785_895_294_661_265_089_133_498_259_359_206_211_902_853_270_591_222_555_012_989_783_273_409, 134 | 2_225_949_448_694_393_910_323_213_160_885_342_166_609_117_239_857_361_263_817_155_735_873_184_227_290, 135 | 1_008_067_730_844_933_359_113_054_255_808_931_466_124_300_546_394_395_826_984_240_453_108_152_353_012, 136 | 1_516_942_216_910_094_500_825_677_140_438_427_902_429_013_157_462_733_458_399_541_855_718_650_079_595, 137 | 6_647_565_859_822_248_904_845_691_622_828_760_372_493_963_343_068_101_090_943_212_059_771_518_732_195, 138 | 14_348_296_554_621_135_026_490_916_084_855_868_703_774_715_276_346_835_440_457_034_247_597_470_726_033, 139 | 4_131_988_055_083_387_420_506_270_590_737_430_569_941_191_239_276_969_689_261_337_862_956_652_002_638, 140 | 12_981_559_915_505_427_312_266_664_825_518_739_490_323_518_080_894_450_175_819_535_981_262_227_909_672, 141 | 21_620_666_551_060_808_402_579_464_748_019_593_623_087_397_264_480_253_713_385_718_524_557_823_081_709, 142 | 14_538_267_961_174_646_047_764_412_186_200_994_980_531_811_546_992_611_290_073_169_580_161_654_554_253 143 | ] 144 | 145 | result.coef 146 | |> Enum.zip(expected_coef) 147 | |> Enum.each(fn {coef, expected_coef} -> 148 | assert coef.value == expected_coef 149 | end) 150 | end 151 | 152 | test "calculates linefunc when x1 == x2 and y1 != y2" do 153 | p1 = FQ12.new([1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12]) 154 | p2 = FQ12.new([12, 11, 10, 9, 8, 7, 6, 5, 4, 3, 2, 1]) 155 | p3 = FQ12.new([13, 11, 14, 9, 15, 7, 16, 5, 17, 3, 18, 1]) 156 | 157 | result = Pairing.linefunc({p1, p2}, {p1, p3}, {p2, p3}) 158 | 159 | expected_coef = [ 160 | 11, 161 | 9, 162 | 7, 163 | 5, 164 | 3, 165 | 1, 166 | 21_888_242_871_839_275_222_246_405_745_257_275_088_696_311_157_297_823_662_689_037_894_645_226_208_582, 167 | 21_888_242_871_839_275_222_246_405_745_257_275_088_696_311_157_297_823_662_689_037_894_645_226_208_580, 168 | 21_888_242_871_839_275_222_246_405_745_257_275_088_696_311_157_297_823_662_689_037_894_645_226_208_578, 169 | 21_888_242_871_839_275_222_246_405_745_257_275_088_696_311_157_297_823_662_689_037_894_645_226_208_576, 170 | 21_888_242_871_839_275_222_246_405_745_257_275_088_696_311_157_297_823_662_689_037_894_645_226_208_574, 171 | 21_888_242_871_839_275_222_246_405_745_257_275_088_696_311_157_297_823_662_689_037_894_645_226_208_572 172 | ] 173 | 174 | result.coef 175 | |> Enum.zip(expected_coef) 176 | |> Enum.each(fn {coef, expected_coef} -> 177 | assert coef.value == expected_coef 178 | end) 179 | end 180 | end 181 | 182 | describe "miller_loop/2" do 183 | test "calculates result of miller loop" do 184 | p1 = FQ12.new([1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12]) 185 | p2 = FQ12.new([12, 11, 10, 9, 8, 7, 6, 5, 4, 3, 2, 1]) 186 | p3 = FQ12.new([13, 11, 14, 9, 15, 7, 16, 5, 17, 3, 18, 1]) 187 | p4 = FQ12.new([15, 21, 35, 29, 43, 7, 16, 5, 17, 11, 18, 1]) 188 | 189 | point1 = {p1, p4} 190 | point2 = {p2, p3} 191 | 192 | result = Pairing.miller_loop(point1, point2) 193 | 194 | expected_result = [ 195 | 1_012_335_139_722_345_272_338_123_710_341_390_911_023_671_687_282_184_010_688_634_879_214_088_507_391, 196 | 13_938_496_302_835_512_258_220_030_642_599_427_134_339_092_844_036_946_994_286_471_582_871_445_091_227, 197 | 12_693_754_278_262_565_808_015_314_263_131_936_521_749_196_226_848_333_477_201_386_473_166_307_814_969, 198 | 3_686_109_871_274_696_170_585_806_596_175_897_294_472_066_881_961_238_807_004_915_548_899_355_227_195, 199 | 13_844_837_832_013_398_512_634_119_234_610_103_363_572_739_265_035_929_225_415_654_471_674_574_726_815, 200 | 21_338_715_181_163_683_070_166_631_046_495_335_790_694_084_212_206_767_112_173_968_727_780_465_989_805, 201 | 10_922_316_910_825_793_034_738_077_200_513_816_697_885_248_544_620_552_344_189_415_034_632_102_817_894, 202 | 4_937_801_530_440_037_840_052_981_291_487_808_939_016_032_375_030_546_554_710_469_448_707_952_014_993, 203 | 20_176_512_526_894_641_983_987_554_706_433_352_698_824_792_899_238_700_296_859_196_863_806_462_379_469, 204 | 5_175_449_848_872_256_314_485_702_048_544_675_972_423_304_933_364_976_641_223_343_384_536_360_140_960, 205 | 20_241_485_405_010_264_455_232_789_923_488_864_579_892_603_982_247_431_495_624_175_666_954_765_111_951, 206 | 11_313_716_254_294_910_799_735_212_239_819_919_957_621_813_327_924_783_894_698_664_398_423_496_839_594 207 | ] 208 | 209 | result.coef 210 | |> Enum.zip(expected_result) 211 | |> Enum.each(fn {coef, expected_coef} -> 212 | assert coef.value == expected_coef 213 | end) 214 | end 215 | end 216 | 217 | describe "pairing/2" do 218 | test "calculates pairing result" do 219 | x1 = 220 | FQ2.new([ 221 | 10_857_046_999_023_057_135_944_570_762_232_829_481_370_756_359_578_518_086_990_519_993_285_655_852_781, 222 | 11_559_732_032_986_387_107_991_004_021_392_285_783_925_812_861_821_192_530_917_403_151_452_391_805_634 223 | ]) 224 | 225 | y1 = 226 | FQ2.new([ 227 | 8_495_653_923_123_431_417_604_973_247_489_272_438_418_190_587_263_600_148_770_280_649_306_958_101_930, 228 | 4_082_367_875_863_433_681_332_203_403_145_435_568_316_851_327_593_401_208_105_741_076_214_120_093_531 229 | ]) 230 | 231 | point1 = {x1, y1} 232 | point2 = {FQ.new(1), FQ.new(2)} 233 | 234 | result = Pairing.pairing(point1, point2) 235 | 236 | expected_result = [ 237 | 18_443_897_754_565_973_717_256_850_119_554_731_228_214_108_935_025_491_924_036_055_734_000_366_132_575, 238 | 10_734_401_203_193_558_706_037_776_473_742_910_696_504_851_986_739_882_094_082_017_010_340_198_538_454, 239 | 5_985_796_159_921_227_033_560_968_606_339_653_189_163_760_772_067_273_492_369_082_490_994_528_765_680, 240 | 4_093_294_155_816_392_700_623_820_137_842_432_921_872_230_622_290_337_094_591_654_151_434_545_306_688, 241 | 642_121_370_160_833_232_766_181_493_494_955_044_074_321_385_528_883_791_668_868_426_879_070_103_434, 242 | 4_527_449_849_947_601_357_037_044_178_952_942_489_926_487_071_653_896_435_602_814_872_334_098_625_391, 243 | 3_758_435_817_766_288_188_804_561_253_838_670_030_762_970_764_366_672_594_784_247_447_067_868_088_068, 244 | 18_059_168_546_148_152_671_857_026_372_711_724_379_319_778_306_792_011_146_784_665_080_987_064_164_612, 245 | 14_656_606_573_936_501_743_457_633_041_048_024_656_612_227_301_473_084_805_627_390_748_872_617_280_984, 246 | 17_918_828_665_069_491_344_039_743_589_118_342_552_553_375_221_610_735_811_112_289_083_834_142_789_347, 247 | 19_455_424_343_576_886_430_889_849_773_367_397_946_457_449_073_528_455_097_210_946_839_000_147_698_372, 248 | 7_484_542_354_754_424_633_621_663_080_190_936_924_481_536_615_300_815_203_692_506_276_894_207_018_007 249 | ] 250 | 251 | result.coef 252 | |> Enum.zip(expected_result) 253 | |> Enum.each(fn {coef, expected_coef} -> 254 | assert coef.value == expected_coef 255 | end) 256 | end 257 | end 258 | end 259 | -------------------------------------------------------------------------------- /test/bn_test.exs: -------------------------------------------------------------------------------- 1 | defmodule BnTest do 2 | use ExUnit.Case 3 | end 4 | -------------------------------------------------------------------------------- /test/test_helper.exs: -------------------------------------------------------------------------------- 1 | ExUnit.start() 2 | --------------------------------------------------------------------------------