codex-storage/constantine
1
0
Fork 0
mirror of https://github.com/codex-storage/constantine.git synced 2025-01-23 09:08:55 +00:00
Code Issues Packages Projects Releases Wiki Activity
constantine/tests/math/t_pairing_mul_fp12_by_lines.nim

596 lines
20 KiB
Nim
Raw Normal View History

Naive pairings + Naive cofactor clearing (#82) * Pairing - initial commit - line functions - sparse Fp12 functions * Small fixes: - Line parametrized by twist for generic algorithm - Add a conjugate operator for quadratic extensions - Have frobenius use it - Create an Affine coordinate type for elliptic curve * Implement (failing) pairing test * Stash pairing debug session, temp switch Fp12 over Fp4 * Proper naive pairing on BLS12-381 * Frobenius map * Implement naive pairing for BN curves * Add pairing tests to CI + reduce time spent on lower-level tests * Test without assembler in Github Actions + less base layers test iterations
2020-09-21 23:24:00 +02:00
# Constantine
# Copyright (c) 2018-2019 Status Research & Development GmbH
# Copyright (c) 2020-Present Mamy André-Ratsimbazafy
# Licensed and distributed under either of
# * MIT license (license terms in the root directory or at http://opensource.org/licenses/MIT).
# * Apache v2 license (license terms in the root directory or at http://www.apache.org/licenses/LICENSE-2.0).
# at your option. This file may not be copied, modified, or distributed except according to those terms.
import
# Standard library
std/[tables, unittest, times],
# Internals
Don't dump all in "backend" (#184) * backend -> math * towers -> extension fields * move ISA and compiler specific code out of math/ * fix export
2022-02-27 01:49:08 +01:00
../../constantine/platforms/abstractions,
../../constantine/math/arithmetic,
../../constantine/math/extension_fields,
../../constantine/math/config/curves,
../../constantine/math/io/io_extfields,
../../constantine/math/pairing/lines_eval,
Naive pairings + Naive cofactor clearing (#82) * Pairing - initial commit - line functions - sparse Fp12 functions * Small fixes: - Line parametrized by twist for generic algorithm - Add a conjugate operator for quadratic extensions - Have frobenius use it - Create an Affine coordinate type for elliptic curve * Implement (failing) pairing test * Stash pairing debug session, temp switch Fp12 over Fp4 * Proper naive pairing on BLS12-381 * Frobenius map * Implement naive pairing for BN curves * Add pairing tests to CI + reduce time spent on lower-level tests * Test without assembler in Github Actions + less base layers test iterations
2020-09-21 23:24:00 +02:00
# Test utilities
Productionize: move protocols top-level vs backend (#179) * Productionize: move protocols top-level vs backend * fix path * import fix * the last one * benches as well
2022-02-21 01:04:53 +01:00
../../helpers/[prng_unsafe, static_for]
Naive pairings + Naive cofactor clearing (#82) * Pairing - initial commit - line functions - sparse Fp12 functions * Small fixes: - Line parametrized by twist for generic algorithm - Add a conjugate operator for quadratic extensions - Have frobenius use it - Create an Affine coordinate type for elliptic curve * Implement (failing) pairing test * Stash pairing debug session, temp switch Fp12 over Fp4 * Proper naive pairing on BLS12-381 * Frobenius map * Implement naive pairing for BN curves * Add pairing tests to CI + reduce time spent on lower-level tests * Test without assembler in Github Actions + less base layers test iterations
2020-09-21 23:24:00 +02:00
const
Iters = 8
TestCurves = [
Pairings for BN254-Nogami and BN254-Snarks (#86) * Implement optimized final exponentiation for BN254-Nogami * And BN254 Snarks support * Optimize D-Twist sparse Fp12 x line multiplication * Move quadruple/octuple and add to Github issues: https://github.com/mratsim/constantine/issues/88 [skip ci]
2020-09-25 21:58:20 +02:00
BN254_Nogami,
BN254_Snarks,
BLS12-377 (#91) * add Sage for constant time tonelli shanks * Fused sqrt and invsqrt via Tonelli Shanks * isolate sqrt in their own folder * Implement constant-time Tonelli Shanks for any prime * Implement Fp2 sqrt for any non-residue * Add tests for BLS12_377 * Lattice decomposition script for BLS12_377 G1 * BLS12-377 G1 GLV ok, G2 GLV issue * Proper endomorphism acceleration support for BLS12-377 * Add naive pairing support for BLS12-377 * Activate more bench for BLS12-377 * Fix MSB computation * Optimize final exponentiation + add benches
2020-09-27 09:15:14 +02:00
BLS12_377,
Naive pairings + Naive cofactor clearing (#82) * Pairing - initial commit - line functions - sparse Fp12 functions * Small fixes: - Line parametrized by twist for generic algorithm - Add a conjugate operator for quadratic extensions - Have frobenius use it - Create an Affine coordinate type for elliptic curve * Implement (failing) pairing test * Stash pairing debug session, temp switch Fp12 over Fp4 * Proper naive pairing on BLS12-381 * Frobenius map * Implement naive pairing for BN curves * Add pairing tests to CI + reduce time spent on lower-level tests * Test without assembler in Github Actions + less base layers test iterations
2020-09-21 23:24:00 +02:00
BLS12_381
]
type
RandomGen = enum
Uniform
HighHammingWeight
Long01Sequence
var rng: RngState
let seed = uint32(getTime().toUnix() and (1'i64 shl 32 - 1)) # unixTime mod 2^32
rng.seed(seed)
echo "\n------------------------------------------------------\n"
echo "test_pairing_fp12_sparse xoshiro512** seed: ", seed
func random_elem(rng: var RngState, F: typedesc, gen: RandomGen): F {.inline, noInit.} =
if gen == Uniform:
result = rng.random_unsafe(F)
elif gen == HighHammingWeight:
result = rng.random_highHammingWeight(F)
else:
result = rng.random_long01Seq(F)
suite "Pairing - Sparse 𝔽p12 multiplication by line function is consistent with dense 𝔽p12 mul":
Pairing optim (#85) * Fix fp12 Frobenius map * Implement cyclotomic subgroup acceleration * make cyclotomic squaring in-place * Add back out-place cycl squaring and add cyclotomic inverse * Implement state-of-the-art BLS12-381 final exponentiation * save a cyclotomic squaring * Accelerate sparse line multiplication in Miller loop * Add pairing bench * fix comments
2020-09-24 17:18:23 +02:00
test "Dense 𝔽p4 by Sparse 0y":
proc test_fp4_0y(C: static Curve, gen: static RandomGen) =
for _ in 0 ..< Iters:
let a = rng.random_elem(Fp4[C], gen)
let y = rng.random_elem(Fp2[C], gen)
Optimize Miller Loop and prepare Multi-pairing (#159) * Pairing with affine: align API to BLST and Gurvy and common use-case. * Implement multi-pairing / aggregate verif for BLS12-381 (+2% pairing perf) * Generalize the optimized miller loop for single pairing * Immplement the miller loop addchain for BLS12-377 * Miller addition chain for BN254-Nogami * no Miller adchain for BN254-Snarks * Update the line test with new tower https://github.com/mratsim/constantine/pull/153 * Somewhat sparse for Fp2 M-Twist * Implement line by line multiplication for Fp12 D-Twist * Somewhat sparse Mul for Fp12 D-Twist * Finish the sparse and somewhat sparse multiplications
2021-02-14 13:06:57 +01:00
let b = Fp4[C](coords: [Fp2[C](), y])
Pairing optim (#85) * Fix fp12 Frobenius map * Implement cyclotomic subgroup acceleration * make cyclotomic squaring in-place * Add back out-place cycl squaring and add cyclotomic inverse * Implement state-of-the-art BLS12-381 final exponentiation * save a cyclotomic squaring * Accelerate sparse line multiplication in Miller loop * Add pairing bench * fix comments
2020-09-24 17:18:23 +02:00
Fp12 over fp6 (#201) * introduce sumprod for direct fp6_mul * change curves -> constants * forgotten constants * Full pairing using Fp2->Fp6->Fp12 towering
2022-08-14 09:48:10 +02:00
var r, r2: Fp4[C]
Pairing optim (#85) * Fix fp12 Frobenius map * Implement cyclotomic subgroup acceleration * make cyclotomic squaring in-place * Add back out-place cycl squaring and add cyclotomic inverse * Implement state-of-the-art BLS12-381 final exponentiation * save a cyclotomic squaring * Accelerate sparse line multiplication in Miller loop * Add pairing bench * fix comments
2020-09-24 17:18:23 +02:00
r.prod(a, b)
r2.mul_sparse_by_0y(a, y)
check: bool(r == r2)
staticFor(curve, TestCurves):
test_fp4_0y(curve, gen = Uniform)
test_fp4_0y(curve, gen = HighHammingWeight)
test_fp4_0y(curve, gen = Long01Sequence)
Naive pairings + Naive cofactor clearing (#82) * Pairing - initial commit - line functions - sparse Fp12 functions * Small fixes: - Line parametrized by twist for generic algorithm - Add a conjugate operator for quadratic extensions - Have frobenius use it - Create an Affine coordinate type for elliptic curve * Implement (failing) pairing test * Stash pairing debug session, temp switch Fp12 over Fp4 * Proper naive pairing on BLS12-381 * Frobenius map * Implement naive pairing for BN curves * Add pairing tests to CI + reduce time spent on lower-level tests * Test without assembler in Github Actions + less base layers test iterations
2020-09-21 23:24:00 +02:00
test "Dense 𝔽p6 by Sparse 0y0":
proc test_fp6_0y0(C: static Curve, gen: static RandomGen) =
for _ in 0 ..< Iters:
let a = rng.random_elem(Fp6[C], gen)
let y = rng.random_elem(Fp2[C], gen)
Optimize Miller Loop and prepare Multi-pairing (#159) * Pairing with affine: align API to BLST and Gurvy and common use-case. * Implement multi-pairing / aggregate verif for BLS12-381 (+2% pairing perf) * Generalize the optimized miller loop for single pairing * Immplement the miller loop addchain for BLS12-377 * Miller addition chain for BN254-Nogami * no Miller adchain for BN254-Snarks * Update the line test with new tower https://github.com/mratsim/constantine/pull/153 * Somewhat sparse for Fp2 M-Twist * Implement line by line multiplication for Fp12 D-Twist * Somewhat sparse Mul for Fp12 D-Twist * Finish the sparse and somewhat sparse multiplications
2021-02-14 13:06:57 +01:00
let b = Fp6[C](coords: [Fp2[C](), y, Fp2[C]()])
Naive pairings + Naive cofactor clearing (#82) * Pairing - initial commit - line functions - sparse Fp12 functions * Small fixes: - Line parametrized by twist for generic algorithm - Add a conjugate operator for quadratic extensions - Have frobenius use it - Create an Affine coordinate type for elliptic curve * Implement (failing) pairing test * Stash pairing debug session, temp switch Fp12 over Fp4 * Proper naive pairing on BLS12-381 * Frobenius map * Implement naive pairing for BN curves * Add pairing tests to CI + reduce time spent on lower-level tests * Test without assembler in Github Actions + less base layers test iterations
2020-09-21 23:24:00 +02:00
Fp12 over fp6 (#201) * introduce sumprod for direct fp6_mul * change curves -> constants * forgotten constants * Full pairing using Fp2->Fp6->Fp12 towering
2022-08-14 09:48:10 +02:00
var r, r2: Fp6[C]
Naive pairings + Naive cofactor clearing (#82) * Pairing - initial commit - line functions - sparse Fp12 functions * Small fixes: - Line parametrized by twist for generic algorithm - Add a conjugate operator for quadratic extensions - Have frobenius use it - Create an Affine coordinate type for elliptic curve * Implement (failing) pairing test * Stash pairing debug session, temp switch Fp12 over Fp4 * Proper naive pairing on BLS12-381 * Frobenius map * Implement naive pairing for BN curves * Add pairing tests to CI + reduce time spent on lower-level tests * Test without assembler in Github Actions + less base layers test iterations
2020-09-21 23:24:00 +02:00
r.prod(a, b)
r2.mul_sparse_by_0y0(a, y)
check: bool(r == r2)
staticFor(curve, TestCurves):
test_fp6_0y0(curve, gen = Uniform)
test_fp6_0y0(curve, gen = HighHammingWeight)
test_fp6_0y0(curve, gen = Long01Sequence)
test "Dense 𝔽p6 by Sparse xy0":
Optimize Miller Loop and prepare Multi-pairing (#159) * Pairing with affine: align API to BLST and Gurvy and common use-case. * Implement multi-pairing / aggregate verif for BLS12-381 (+2% pairing perf) * Generalize the optimized miller loop for single pairing * Immplement the miller loop addchain for BLS12-377 * Miller addition chain for BN254-Nogami * no Miller adchain for BN254-Snarks * Update the line test with new tower https://github.com/mratsim/constantine/pull/153 * Somewhat sparse for Fp2 M-Twist * Implement line by line multiplication for Fp12 D-Twist * Somewhat sparse Mul for Fp12 D-Twist * Finish the sparse and somewhat sparse multiplications
2021-02-14 13:06:57 +01:00
proc test_fp6_xy0(C: static Curve, gen: static RandomGen) =
Naive pairings + Naive cofactor clearing (#82) * Pairing - initial commit - line functions - sparse Fp12 functions * Small fixes: - Line parametrized by twist for generic algorithm - Add a conjugate operator for quadratic extensions - Have frobenius use it - Create an Affine coordinate type for elliptic curve * Implement (failing) pairing test * Stash pairing debug session, temp switch Fp12 over Fp4 * Proper naive pairing on BLS12-381 * Frobenius map * Implement naive pairing for BN curves * Add pairing tests to CI + reduce time spent on lower-level tests * Test without assembler in Github Actions + less base layers test iterations
2020-09-21 23:24:00 +02:00
for _ in 0 ..< Iters:
let a = rng.random_elem(Fp6[C], gen)
let x = rng.random_elem(Fp2[C], gen)
let y = rng.random_elem(Fp2[C], gen)
Optimize Miller Loop and prepare Multi-pairing (#159) * Pairing with affine: align API to BLST and Gurvy and common use-case. * Implement multi-pairing / aggregate verif for BLS12-381 (+2% pairing perf) * Generalize the optimized miller loop for single pairing * Immplement the miller loop addchain for BLS12-377 * Miller addition chain for BN254-Nogami * no Miller adchain for BN254-Snarks * Update the line test with new tower https://github.com/mratsim/constantine/pull/153 * Somewhat sparse for Fp2 M-Twist * Implement line by line multiplication for Fp12 D-Twist * Somewhat sparse Mul for Fp12 D-Twist * Finish the sparse and somewhat sparse multiplications
2021-02-14 13:06:57 +01:00
let b = Fp6[C](coords: [x, y, Fp2[C]()])
Naive pairings + Naive cofactor clearing (#82) * Pairing - initial commit - line functions - sparse Fp12 functions * Small fixes: - Line parametrized by twist for generic algorithm - Add a conjugate operator for quadratic extensions - Have frobenius use it - Create an Affine coordinate type for elliptic curve * Implement (failing) pairing test * Stash pairing debug session, temp switch Fp12 over Fp4 * Proper naive pairing on BLS12-381 * Frobenius map * Implement naive pairing for BN curves * Add pairing tests to CI + reduce time spent on lower-level tests * Test without assembler in Github Actions + less base layers test iterations
2020-09-21 23:24:00 +02:00
Fp12 over fp6 (#201) * introduce sumprod for direct fp6_mul * change curves -> constants * forgotten constants * Full pairing using Fp2->Fp6->Fp12 towering
2022-08-14 09:48:10 +02:00
var r, r2: Fp6[C]
Naive pairings + Naive cofactor clearing (#82) * Pairing - initial commit - line functions - sparse Fp12 functions * Small fixes: - Line parametrized by twist for generic algorithm - Add a conjugate operator for quadratic extensions - Have frobenius use it - Create an Affine coordinate type for elliptic curve * Implement (failing) pairing test * Stash pairing debug session, temp switch Fp12 over Fp4 * Proper naive pairing on BLS12-381 * Frobenius map * Implement naive pairing for BN curves * Add pairing tests to CI + reduce time spent on lower-level tests * Test without assembler in Github Actions + less base layers test iterations
2020-09-21 23:24:00 +02:00
r.prod(a, b)
Fp12 over fp6 (#201) * introduce sumprod for direct fp6_mul * change curves -> constants * forgotten constants * Full pairing using Fp2->Fp6->Fp12 towering
2022-08-14 09:48:10 +02:00
r2.mul_sparse_by_xy0(a, x, y)
Naive pairings + Naive cofactor clearing (#82) * Pairing - initial commit - line functions - sparse Fp12 functions * Small fixes: - Line parametrized by twist for generic algorithm - Add a conjugate operator for quadratic extensions - Have frobenius use it - Create an Affine coordinate type for elliptic curve * Implement (failing) pairing test * Stash pairing debug session, temp switch Fp12 over Fp4 * Proper naive pairing on BLS12-381 * Frobenius map * Implement naive pairing for BN curves * Add pairing tests to CI + reduce time spent on lower-level tests * Test without assembler in Github Actions + less base layers test iterations
2020-09-21 23:24:00 +02:00
check: bool(r == r2)
staticFor(curve, TestCurves):
Optimize Miller Loop and prepare Multi-pairing (#159) * Pairing with affine: align API to BLST and Gurvy and common use-case. * Implement multi-pairing / aggregate verif for BLS12-381 (+2% pairing perf) * Generalize the optimized miller loop for single pairing * Immplement the miller loop addchain for BLS12-377 * Miller addition chain for BN254-Nogami * no Miller adchain for BN254-Snarks * Update the line test with new tower https://github.com/mratsim/constantine/pull/153 * Somewhat sparse for Fp2 M-Twist * Implement line by line multiplication for Fp12 D-Twist * Somewhat sparse Mul for Fp12 D-Twist * Finish the sparse and somewhat sparse multiplications
2021-02-14 13:06:57 +01:00
test_fp6_xy0(curve, gen = Uniform)
test_fp6_xy0(curve, gen = HighHammingWeight)
test_fp6_xy0(curve, gen = Long01Sequence)
Naive pairings + Naive cofactor clearing (#82) * Pairing - initial commit - line functions - sparse Fp12 functions * Small fixes: - Line parametrized by twist for generic algorithm - Add a conjugate operator for quadratic extensions - Have frobenius use it - Create an Affine coordinate type for elliptic curve * Implement (failing) pairing test * Stash pairing debug session, temp switch Fp12 over Fp4 * Proper naive pairing on BLS12-381 * Frobenius map * Implement naive pairing for BN curves * Add pairing tests to CI + reduce time spent on lower-level tests * Test without assembler in Github Actions + less base layers test iterations
2020-09-21 23:24:00 +02:00
Fp12 over fp6 (#201) * introduce sumprod for direct fp6_mul * change curves -> constants * forgotten constants * Full pairing using Fp2->Fp6->Fp12 towering
2022-08-14 09:48:10 +02:00
test "Dense 𝔽p6 by Sparse 0yz":
proc test_fp6_0yz(C: static Curve, gen: static RandomGen) =
for _ in 0 ..< Iters:
let a = rng.random_elem(Fp6[C], gen)
let y = rng.random_elem(Fp2[C], gen)
let z = rng.random_elem(Fp2[C], gen)
let b = Fp6[C](coords: [Fp2[C](), y, z])
var r, r2: Fp6[C]
r.prod(a, b)
r2.mul_sparse_by_0yz(a, y, z)
check: bool(r == r2)
staticFor(curve, TestCurves):
test_fp6_0yz(curve, gen = Uniform)
test_fp6_0yz(curve, gen = HighHammingWeight)
test_fp6_0yz(curve, gen = Long01Sequence)
Naive pairings + Naive cofactor clearing (#82) * Pairing - initial commit - line functions - sparse Fp12 functions * Small fixes: - Line parametrized by twist for generic algorithm - Add a conjugate operator for quadratic extensions - Have frobenius use it - Create an Affine coordinate type for elliptic curve * Implement (failing) pairing test * Stash pairing debug session, temp switch Fp12 over Fp4 * Proper naive pairing on BLS12-381 * Frobenius map * Implement naive pairing for BN curves * Add pairing tests to CI + reduce time spent on lower-level tests * Test without assembler in Github Actions + less base layers test iterations
2020-09-21 23:24:00 +02:00
when Fp12[BN254_Snarks]().c0.typeof is Fp6:
Fp12 over fp6 (#201) * introduce sumprod for direct fp6_mul * change curves -> constants * forgotten constants * Full pairing using Fp2->Fp6->Fp12 towering
2022-08-14 09:48:10 +02:00
# =========== Towering 𝔽p12/𝔽p6 ======================================
test "Sparse 𝔽p12/𝔽p6 resulting from a00bc0 line function":
proc test_fp12_a00bc0(C: static Curve, gen: static RandomGen) =
when C.getSexticTwist() == D_Twist:
for _ in 0 ..< Iters:
var a = rng.random_elem(Fp12[C], gen)
var a2 = a
var x = rng.random_elem(Fp2[C], gen)
var y = rng.random_elem(Fp2[C], gen)
var z = rng.random_elem(Fp2[C], gen)
let line = Line[Fp2[C]](a: x, b: y, c: z)
let b = Fp12[C]( coords: [
Fp6[C](coords: [ x, Fp2[C](), Fp2[C]()]),
Fp6[C](coords: [ y, z, Fp2[C]()])
])
a *= b
a2.mul_sparse_by_line_a00bc0(line)
Naive pairings + Naive cofactor clearing (#82) * Pairing - initial commit - line functions - sparse Fp12 functions * Small fixes: - Line parametrized by twist for generic algorithm - Add a conjugate operator for quadratic extensions - Have frobenius use it - Create an Affine coordinate type for elliptic curve * Implement (failing) pairing test * Stash pairing debug session, temp switch Fp12 over Fp4 * Proper naive pairing on BLS12-381 * Frobenius map * Implement naive pairing for BN curves * Add pairing tests to CI + reduce time spent on lower-level tests * Test without assembler in Github Actions + less base layers test iterations
2020-09-21 23:24:00 +02:00
Fp12 over fp6 (#201) * introduce sumprod for direct fp6_mul * change curves -> constants * forgotten constants * Full pairing using Fp2->Fp6->Fp12 towering
2022-08-14 09:48:10 +02:00
check: bool(a == a2)
Naive pairings + Naive cofactor clearing (#82) * Pairing - initial commit - line functions - sparse Fp12 functions * Small fixes: - Line parametrized by twist for generic algorithm - Add a conjugate operator for quadratic extensions - Have frobenius use it - Create an Affine coordinate type for elliptic curve * Implement (failing) pairing test * Stash pairing debug session, temp switch Fp12 over Fp4 * Proper naive pairing on BLS12-381 * Frobenius map * Implement naive pairing for BN curves * Add pairing tests to CI + reduce time spent on lower-level tests * Test without assembler in Github Actions + less base layers test iterations
2020-09-21 23:24:00 +02:00
Fp12 over fp6 (#201) * introduce sumprod for direct fp6_mul * change curves -> constants * forgotten constants * Full pairing using Fp2->Fp6->Fp12 towering
2022-08-14 09:48:10 +02:00
staticFor(curve, TestCurves):
test_fp12_a00bc0(curve, gen = Uniform)
test_fp12_a00bc0(curve, gen = HighHammingWeight)
test_fp12_a00bc0(curve, gen = Long01Sequence)
Naive pairings + Naive cofactor clearing (#82) * Pairing - initial commit - line functions - sparse Fp12 functions * Small fixes: - Line parametrized by twist for generic algorithm - Add a conjugate operator for quadratic extensions - Have frobenius use it - Create an Affine coordinate type for elliptic curve * Implement (failing) pairing test * Stash pairing debug session, temp switch Fp12 over Fp4 * Proper naive pairing on BLS12-381 * Frobenius map * Implement naive pairing for BN curves * Add pairing tests to CI + reduce time spent on lower-level tests * Test without assembler in Github Actions + less base layers test iterations
2020-09-21 23:24:00 +02:00
Fp12 over fp6 (#201) * introduce sumprod for direct fp6_mul * change curves -> constants * forgotten constants * Full pairing using Fp2->Fp6->Fp12 towering
2022-08-14 09:48:10 +02:00
test "Sparse 𝔽p12/𝔽p6 resulting from cb00a0 line function":
proc test_fp12_cb00a0(C: static Curve, gen: static RandomGen) =
when C.getSexticTwist() == M_Twist:
for _ in 0 ..< Iters:
var a = rng.random_elem(Fp12[C], gen)
var a2 = a
Naive pairings + Naive cofactor clearing (#82) * Pairing - initial commit - line functions - sparse Fp12 functions * Small fixes: - Line parametrized by twist for generic algorithm - Add a conjugate operator for quadratic extensions - Have frobenius use it - Create an Affine coordinate type for elliptic curve * Implement (failing) pairing test * Stash pairing debug session, temp switch Fp12 over Fp4 * Proper naive pairing on BLS12-381 * Frobenius map * Implement naive pairing for BN curves * Add pairing tests to CI + reduce time spent on lower-level tests * Test without assembler in Github Actions + less base layers test iterations
2020-09-21 23:24:00 +02:00
Fp12 over fp6 (#201) * introduce sumprod for direct fp6_mul * change curves -> constants * forgotten constants * Full pairing using Fp2->Fp6->Fp12 towering
2022-08-14 09:48:10 +02:00
var x = rng.random_elem(Fp2[C], gen)
var y = rng.random_elem(Fp2[C], gen)
var z = rng.random_elem(Fp2[C], gen)
let line = Line[Fp2[C]](a: x, b: y, c: z)
let b = Fp12[C](coords: [
Fp6[C](coords: [ z, y, Fp2[C]()]),
Fp6[C](coords: [Fp2[C](), x, Fp2[C]()])
])
a *= b
a2.mul_sparse_by_line_cb00a0(line)
check: bool(a == a2)
staticFor(curve, TestCurves):
test_fp12_cb00a0(curve, gen = Uniform)
test_fp12_cb00a0(curve, gen = HighHammingWeight)
test_fp12_cb00a0(curve, gen = Long01Sequence)
test "Somewhat-sparse 𝔽p12/𝔽p6 resulting from a00bc0*a00bc0 line functions (D-twist only)":
proc test_fp12_a00bc0_a00bc0(C: static Curve, gen: static RandomGen) =
when C.getSexticTwist() == D_Twist:
for _ in 0 ..< Iters:
var x0 = rng.random_elem(Fp2[C], gen)
var y0 = rng.random_elem(Fp2[C], gen)
var z0 = rng.random_elem(Fp2[C], gen)
let line0 = Line[Fp2[C]](a: x0, b: y0, c: z0)
let f0 = Fp12[C]( coords: [
Fp6[C](coords: [ x0, Fp2[C](), Fp2[C]()]),
Fp6[C](coords: [ y0, z0, Fp2[C]()])
])
var x1 = rng.random_elem(Fp2[C], gen)
var y1 = rng.random_elem(Fp2[C], gen)
var z1 = rng.random_elem(Fp2[C], gen)
let line1 = Line[Fp2[C]](a: x1, b: y1, c: z1)
let f1 = Fp12[C]( coords: [
Fp6[C](coords: [ x1, Fp2[C](), Fp2[C]()]),
Fp6[C](coords: [ y1, z1, Fp2[C]()])
])
var r: Fp12[C]
r.prod(f0, f1)
var rl: Fp12[C]
rl.prod_x00yz0_x00yz0_into_abcdefghij00(line0, line1)
check: bool(r == rl)
Naive pairings + Naive cofactor clearing (#82) * Pairing - initial commit - line functions - sparse Fp12 functions * Small fixes: - Line parametrized by twist for generic algorithm - Add a conjugate operator for quadratic extensions - Have frobenius use it - Create an Affine coordinate type for elliptic curve * Implement (failing) pairing test * Stash pairing debug session, temp switch Fp12 over Fp4 * Proper naive pairing on BLS12-381 * Frobenius map * Implement naive pairing for BN curves * Add pairing tests to CI + reduce time spent on lower-level tests * Test without assembler in Github Actions + less base layers test iterations
2020-09-21 23:24:00 +02:00
staticFor(curve, TestCurves):
Fp12 over fp6 (#201) * introduce sumprod for direct fp6_mul * change curves -> constants * forgotten constants * Full pairing using Fp2->Fp6->Fp12 towering
2022-08-14 09:48:10 +02:00
test_fp12_a00bc0_a00bc0(curve, gen = Uniform)
test_fp12_a00bc0_a00bc0(curve, gen = HighHammingWeight)
test_fp12_a00bc0_a00bc0(curve, gen = Long01Sequence)
Naive pairings + Naive cofactor clearing (#82) * Pairing - initial commit - line functions - sparse Fp12 functions * Small fixes: - Line parametrized by twist for generic algorithm - Add a conjugate operator for quadratic extensions - Have frobenius use it - Create an Affine coordinate type for elliptic curve * Implement (failing) pairing test * Stash pairing debug session, temp switch Fp12 over Fp4 * Proper naive pairing on BLS12-381 * Frobenius map * Implement naive pairing for BN curves * Add pairing tests to CI + reduce time spent on lower-level tests * Test without assembler in Github Actions + less base layers test iterations
2020-09-21 23:24:00 +02:00
Fp12 over fp6 (#201) * introduce sumprod for direct fp6_mul * change curves -> constants * forgotten constants * Full pairing using Fp2->Fp6->Fp12 towering
2022-08-14 09:48:10 +02:00
test "Somewhat-sparse 𝔽p12/𝔽p6 resulting from cb00a0*cb00a0 line functions (M-twist only)":
proc test_fp12_cb00a0_cb00a0(C: static Curve, gen: static RandomGen) =
when C.getSexticTwist() == M_Twist:
for _ in 0 ..< Iters:
var x0 = rng.random_elem(Fp2[C], gen)
var y0 = rng.random_elem(Fp2[C], gen)
var z0 = rng.random_elem(Fp2[C], gen)
Naive pairings + Naive cofactor clearing (#82) * Pairing - initial commit - line functions - sparse Fp12 functions * Small fixes: - Line parametrized by twist for generic algorithm - Add a conjugate operator for quadratic extensions - Have frobenius use it - Create an Affine coordinate type for elliptic curve * Implement (failing) pairing test * Stash pairing debug session, temp switch Fp12 over Fp4 * Proper naive pairing on BLS12-381 * Frobenius map * Implement naive pairing for BN curves * Add pairing tests to CI + reduce time spent on lower-level tests * Test without assembler in Github Actions + less base layers test iterations
2020-09-21 23:24:00 +02:00
Fp12 over fp6 (#201) * introduce sumprod for direct fp6_mul * change curves -> constants * forgotten constants * Full pairing using Fp2->Fp6->Fp12 towering
2022-08-14 09:48:10 +02:00
let line0 = Line[Fp2[C]](a: x0, b: y0, c: z0)
let f0 = Fp12[C](coords: [
Fp6[C](coords: [ z0, y0, Fp2[C]()]),
Fp6[C](coords: [Fp2[C](), x0, Fp2[C]()])
])
Naive pairings + Naive cofactor clearing (#82) * Pairing - initial commit - line functions - sparse Fp12 functions * Small fixes: - Line parametrized by twist for generic algorithm - Add a conjugate operator for quadratic extensions - Have frobenius use it - Create an Affine coordinate type for elliptic curve * Implement (failing) pairing test * Stash pairing debug session, temp switch Fp12 over Fp4 * Proper naive pairing on BLS12-381 * Frobenius map * Implement naive pairing for BN curves * Add pairing tests to CI + reduce time spent on lower-level tests * Test without assembler in Github Actions + less base layers test iterations
2020-09-21 23:24:00 +02:00
Fp12 over fp6 (#201) * introduce sumprod for direct fp6_mul * change curves -> constants * forgotten constants * Full pairing using Fp2->Fp6->Fp12 towering
2022-08-14 09:48:10 +02:00
var x1 = rng.random_elem(Fp2[C], gen)
var y1 = rng.random_elem(Fp2[C], gen)
var z1 = rng.random_elem(Fp2[C], gen)
Naive pairings + Naive cofactor clearing (#82) * Pairing - initial commit - line functions - sparse Fp12 functions * Small fixes: - Line parametrized by twist for generic algorithm - Add a conjugate operator for quadratic extensions - Have frobenius use it - Create an Affine coordinate type for elliptic curve * Implement (failing) pairing test * Stash pairing debug session, temp switch Fp12 over Fp4 * Proper naive pairing on BLS12-381 * Frobenius map * Implement naive pairing for BN curves * Add pairing tests to CI + reduce time spent on lower-level tests * Test without assembler in Github Actions + less base layers test iterations
2020-09-21 23:24:00 +02:00
Fp12 over fp6 (#201) * introduce sumprod for direct fp6_mul * change curves -> constants * forgotten constants * Full pairing using Fp2->Fp6->Fp12 towering
2022-08-14 09:48:10 +02:00
let line1 = Line[Fp2[C]](a: x1, b: y1, c: z1)
let f1 = Fp12[C](coords: [
Fp6[C](coords: [ z1, y1, Fp2[C]()]),
Fp6[C](coords: [Fp2[C](), x1, Fp2[C]()])
])
Naive pairings + Naive cofactor clearing (#82) * Pairing - initial commit - line functions - sparse Fp12 functions * Small fixes: - Line parametrized by twist for generic algorithm - Add a conjugate operator for quadratic extensions - Have frobenius use it - Create an Affine coordinate type for elliptic curve * Implement (failing) pairing test * Stash pairing debug session, temp switch Fp12 over Fp4 * Proper naive pairing on BLS12-381 * Frobenius map * Implement naive pairing for BN curves * Add pairing tests to CI + reduce time spent on lower-level tests * Test without assembler in Github Actions + less base layers test iterations
2020-09-21 23:24:00 +02:00
Fp12 over fp6 (#201) * introduce sumprod for direct fp6_mul * change curves -> constants * forgotten constants * Full pairing using Fp2->Fp6->Fp12 towering
2022-08-14 09:48:10 +02:00
var r: Fp12[C]
r.prod(f0, f1)
var rl: Fp12[C]
rl.prod_zy00x0_zy00x0_into_abcdef00ghij(line0, line1)
check: bool(r == rl)
Naive pairings + Naive cofactor clearing (#82) * Pairing - initial commit - line functions - sparse Fp12 functions * Small fixes: - Line parametrized by twist for generic algorithm - Add a conjugate operator for quadratic extensions - Have frobenius use it - Create an Affine coordinate type for elliptic curve * Implement (failing) pairing test * Stash pairing debug session, temp switch Fp12 over Fp4 * Proper naive pairing on BLS12-381 * Frobenius map * Implement naive pairing for BN curves * Add pairing tests to CI + reduce time spent on lower-level tests * Test without assembler in Github Actions + less base layers test iterations
2020-09-21 23:24:00 +02:00
staticFor(curve, TestCurves):
Fp12 over fp6 (#201) * introduce sumprod for direct fp6_mul * change curves -> constants * forgotten constants * Full pairing using Fp2->Fp6->Fp12 towering
2022-08-14 09:48:10 +02:00
test_fp12_cb00a0_cb00a0(curve, gen = Uniform)
test_fp12_cb00a0_cb00a0(curve, gen = HighHammingWeight)
test_fp12_cb00a0_cb00a0(curve, gen = Long01Sequence)
test "Somewhat-sparse 𝔽p12/𝔽p6 mul by the product a00bc0*a00bc0 of line functions (D-twist only)":
proc test_fp12_abcdefghij00(C: static Curve, gen: static RandomGen) =
when C.getSexticTwist() == D_Twist:
for _ in 0 ..< Iters:
var x0 = rng.random_elem(Fp2[C], gen)
var y0 = rng.random_elem(Fp2[C], gen)
var z0 = rng.random_elem(Fp2[C], gen)
let line0 = Line[Fp2[C]](a: x0, b: y0, c: z0)
let f0 = Fp12[C]( coords: [
Fp6[C](coords: [ x0, Fp2[C](), Fp2[C]()]),
Fp6[C](coords: [ y0, z0, Fp2[C]()])
])
var x1 = rng.random_elem(Fp2[C], gen)
var y1 = rng.random_elem(Fp2[C], gen)
var z1 = rng.random_elem(Fp2[C], gen)
let line1 = Line[Fp2[C]](a: x1, b: y1, c: z1)
let f1 = Fp12[C]( coords: [
Fp6[C](coords: [ x1, Fp2[C](), Fp2[C]()]),
Fp6[C](coords: [ y1, z1, Fp2[C]()])
])
var r: Fp12[C]
r.prod(f0, f1)
var rl: Fp12[C]
rl.prod_x00yz0_x00yz0_into_abcdefghij00(line0, line1)
var f = rng.random_elem(Fp12[C], gen)
var f2 = f
f *= rl
f2.mul_sparse_by_abcdefghij00_quad_over_cube(rl)
check: bool(f == f2)
staticFor(curve, TestCurves):
test_fp12_abcdefghij00(curve, gen = Uniform)
test_fp12_abcdefghij00(curve, gen = HighHammingWeight)
test_fp12_abcdefghij00(curve, gen = Long01Sequence)
test "Somewhat-sparse 𝔽p12/𝔽p6 mul by the product (cb00a0*cb00a0) of line functions (M-twist only)":
proc test_fp12_abcdef00ghij(C: static Curve, gen: static RandomGen) =
when C.getSexticTwist() == M_Twist:
for _ in 0 ..< Iters:
var x0 = rng.random_elem(Fp2[C], gen)
var y0 = rng.random_elem(Fp2[C], gen)
var z0 = rng.random_elem(Fp2[C], gen)
let line0 = Line[Fp2[C]](a: x0, b: y0, c: z0)
let f0 = Fp12[C](coords: [
Fp6[C](coords: [ z0, y0, Fp2[C]()]),
Fp6[C](coords: [Fp2[C](), x0, Fp2[C]()])
])
var x1 = rng.random_elem(Fp2[C], gen)
var y1 = rng.random_elem(Fp2[C], gen)
var z1 = rng.random_elem(Fp2[C], gen)
let line1 = Line[Fp2[C]](a: x1, b: y1, c: z1)
let f1 = Fp12[C](coords: [
Fp6[C](coords: [ z1, y1, Fp2[C]()]),
Fp6[C](coords: [Fp2[C](), x1, Fp2[C]()])
])
var r: Fp12[C]
r.prod(f0, f1)
var rl: Fp12[C]
rl.prod_zy00x0_zy00x0_into_abcdef00ghij(line0, line1)
var f = rng.random_elem(Fp12[C], gen)
var f2 = f
f *= rl
f2.mul_sparse_by_abcdef00ghij_quad_over_cube(rl)
check: bool(f == f2)
staticFor(curve, TestCurves):
test_fp12_abcdef00ghij(curve, gen = Uniform)
test_fp12_abcdef00ghij(curve, gen = HighHammingWeight)
test_fp12_abcdef00ghij(curve, gen = Long01Sequence)
else: # =========== Towering 𝔽p12/𝔽p4 ======================================
Pairing optim (#85) * Fix fp12 Frobenius map * Implement cyclotomic subgroup acceleration * make cyclotomic squaring in-place * Add back out-place cycl squaring and add cyclotomic inverse * Implement state-of-the-art BLS12-381 final exponentiation * save a cyclotomic squaring * Accelerate sparse line multiplication in Miller loop * Add pairing bench * fix comments
2020-09-24 17:18:23 +02:00
static: doAssert Fp12[BN254_Snarks]().c0.typeof is Fp4
Line refactor (#188) * Align line evaluations to papers notations * Adjust line fusion op * precompute G2 b' for costly D-Twists
2022-04-04 10:10:36 +02:00
test "Sparse 𝔽p12/𝔽p4 resulting from ca00b0 line function (M-twist only)":
proc test_fp12_ca00b0(C: static Curve, gen: static RandomGen) =
BW6-761 part 1 (#100) * Add Fp, Fp2, Fp6 support for BW6-761 * Add G1 for BW6-761 * Prepare to support G2 twists on the same field as G1 * Remove a useless dependent type for lines * Implement G2 for BW6-761 * Fix Line leftover
2020-10-09 07:51:47 +02:00
when C.getSexticTwist() == M_Twist:
for _ in 0 ..< Iters:
var a = rng.random_elem(Fp12[C], gen)
var a2 = a
Pairing optim (#85) * Fix fp12 Frobenius map * Implement cyclotomic subgroup acceleration * make cyclotomic squaring in-place * Add back out-place cycl squaring and add cyclotomic inverse * Implement state-of-the-art BLS12-381 final exponentiation * save a cyclotomic squaring * Accelerate sparse line multiplication in Miller loop * Add pairing bench * fix comments
2020-09-24 17:18:23 +02:00
BW6-761 part 1 (#100) * Add Fp, Fp2, Fp6 support for BW6-761 * Add G1 for BW6-761 * Prepare to support G2 twists on the same field as G1 * Remove a useless dependent type for lines * Implement G2 for BW6-761 * Fix Line leftover
2020-10-09 07:51:47 +02:00
var x = rng.random_elem(Fp2[C], gen)
var y = rng.random_elem(Fp2[C], gen)
var z = rng.random_elem(Fp2[C], gen)
Pairing optim (#85) * Fix fp12 Frobenius map * Implement cyclotomic subgroup acceleration * make cyclotomic squaring in-place * Add back out-place cycl squaring and add cyclotomic inverse * Implement state-of-the-art BLS12-381 final exponentiation * save a cyclotomic squaring * Accelerate sparse line multiplication in Miller loop * Add pairing bench * fix comments
2020-09-24 17:18:23 +02:00
Line refactor (#188) * Align line evaluations to papers notations * Adjust line fusion op * precompute G2 b' for costly D-Twists
2022-04-04 10:10:36 +02:00
let line = Line[Fp2[C]](a: x, b: y, c: z)
BW6-761 part 1 (#100) * Add Fp, Fp2, Fp6 support for BW6-761 * Add G1 for BW6-761 * Prepare to support G2 twists on the same field as G1 * Remove a useless dependent type for lines * Implement G2 for BW6-761 * Fix Line leftover
2020-10-09 07:51:47 +02:00
let b = Fp12[C](
Optimize Miller Loop and prepare Multi-pairing (#159) * Pairing with affine: align API to BLST and Gurvy and common use-case. * Implement multi-pairing / aggregate verif for BLS12-381 (+2% pairing perf) * Generalize the optimized miller loop for single pairing * Immplement the miller loop addchain for BLS12-377 * Miller addition chain for BN254-Nogami * no Miller adchain for BN254-Snarks * Update the line test with new tower https://github.com/mratsim/constantine/pull/153 * Somewhat sparse for Fp2 M-Twist * Implement line by line multiplication for Fp12 D-Twist * Somewhat sparse Mul for Fp12 D-Twist * Finish the sparse and somewhat sparse multiplications
2021-02-14 13:06:57 +01:00
coords: [
Line refactor (#188) * Align line evaluations to papers notations * Adjust line fusion op * precompute G2 b' for costly D-Twists
2022-04-04 10:10:36 +02:00
Fp4[C](coords: [z, x]),
Optimize Miller Loop and prepare Multi-pairing (#159) * Pairing with affine: align API to BLST and Gurvy and common use-case. * Implement multi-pairing / aggregate verif for BLS12-381 (+2% pairing perf) * Generalize the optimized miller loop for single pairing * Immplement the miller loop addchain for BLS12-377 * Miller addition chain for BN254-Nogami * no Miller adchain for BN254-Snarks * Update the line test with new tower https://github.com/mratsim/constantine/pull/153 * Somewhat sparse for Fp2 M-Twist * Implement line by line multiplication for Fp12 D-Twist * Somewhat sparse Mul for Fp12 D-Twist * Finish the sparse and somewhat sparse multiplications
2021-02-14 13:06:57 +01:00
Fp4[C](),
Line refactor (#188) * Align line evaluations to papers notations * Adjust line fusion op * precompute G2 b' for costly D-Twists
2022-04-04 10:10:36 +02:00
Fp4[C](coords: [y, Fp2[C]()])
Optimize Miller Loop and prepare Multi-pairing (#159) * Pairing with affine: align API to BLST and Gurvy and common use-case. * Implement multi-pairing / aggregate verif for BLS12-381 (+2% pairing perf) * Generalize the optimized miller loop for single pairing * Immplement the miller loop addchain for BLS12-377 * Miller addition chain for BN254-Nogami * no Miller adchain for BN254-Snarks * Update the line test with new tower https://github.com/mratsim/constantine/pull/153 * Somewhat sparse for Fp2 M-Twist * Implement line by line multiplication for Fp12 D-Twist * Somewhat sparse Mul for Fp12 D-Twist * Finish the sparse and somewhat sparse multiplications
2021-02-14 13:06:57 +01:00
]
BW6-761 part 1 (#100) * Add Fp, Fp2, Fp6 support for BW6-761 * Add G1 for BW6-761 * Prepare to support G2 twists on the same field as G1 * Remove a useless dependent type for lines * Implement G2 for BW6-761 * Fix Line leftover
2020-10-09 07:51:47 +02:00
)
Pairing optim (#85) * Fix fp12 Frobenius map * Implement cyclotomic subgroup acceleration * make cyclotomic squaring in-place * Add back out-place cycl squaring and add cyclotomic inverse * Implement state-of-the-art BLS12-381 final exponentiation * save a cyclotomic squaring * Accelerate sparse line multiplication in Miller loop * Add pairing bench * fix comments
2020-09-24 17:18:23 +02:00
BW6-761 part 1 (#100) * Add Fp, Fp2, Fp6 support for BW6-761 * Add G1 for BW6-761 * Prepare to support G2 twists on the same field as G1 * Remove a useless dependent type for lines * Implement G2 for BW6-761 * Fix Line leftover
2020-10-09 07:51:47 +02:00
a *= b
Line refactor (#188) * Align line evaluations to papers notations * Adjust line fusion op * precompute G2 b' for costly D-Twists
2022-04-04 10:10:36 +02:00
a2.mul_sparse_by_line_ca00b0(line)
Pairing optim (#85) * Fix fp12 Frobenius map * Implement cyclotomic subgroup acceleration * make cyclotomic squaring in-place * Add back out-place cycl squaring and add cyclotomic inverse * Implement state-of-the-art BLS12-381 final exponentiation * save a cyclotomic squaring * Accelerate sparse line multiplication in Miller loop * Add pairing bench * fix comments
2020-09-24 17:18:23 +02:00
BW6-761 part 1 (#100) * Add Fp, Fp2, Fp6 support for BW6-761 * Add G1 for BW6-761 * Prepare to support G2 twists on the same field as G1 * Remove a useless dependent type for lines * Implement G2 for BW6-761 * Fix Line leftover
2020-10-09 07:51:47 +02:00
check: bool(a == a2)
Pairing optim (#85) * Fix fp12 Frobenius map * Implement cyclotomic subgroup acceleration * make cyclotomic squaring in-place * Add back out-place cycl squaring and add cyclotomic inverse * Implement state-of-the-art BLS12-381 final exponentiation * save a cyclotomic squaring * Accelerate sparse line multiplication in Miller loop * Add pairing bench * fix comments
2020-09-24 17:18:23 +02:00
staticFor(curve, TestCurves):
Line refactor (#188) * Align line evaluations to papers notations * Adjust line fusion op * precompute G2 b' for costly D-Twists
2022-04-04 10:10:36 +02:00
test_fp12_ca00b0(curve, gen = Uniform)
test_fp12_ca00b0(curve, gen = HighHammingWeight)
test_fp12_ca00b0(curve, gen = Long01Sequence)
Pairings for BN254-Nogami and BN254-Snarks (#86) * Implement optimized final exponentiation for BN254-Nogami * And BN254 Snarks support * Optimize D-Twist sparse Fp12 x line multiplication * Move quadruple/octuple and add to Github issues: https://github.com/mratsim/constantine/issues/88 [skip ci]
2020-09-25 21:58:20 +02:00
BW6-761 part 1 (#100) * Add Fp, Fp2, Fp6 support for BW6-761 * Add G1 for BW6-761 * Prepare to support G2 twists on the same field as G1 * Remove a useless dependent type for lines * Implement G2 for BW6-761 * Fix Line leftover
2020-10-09 07:51:47 +02:00
test "Sparse 𝔽p12/𝔽p4 resulting from xyz000 line function (D-twist only)":
Line refactor (#188) * Align line evaluations to papers notations * Adjust line fusion op * precompute G2 b' for costly D-Twists
2022-04-04 10:10:36 +02:00
proc test_fp12_acb000(C: static Curve, gen: static RandomGen) =
BW6-761 part 1 (#100) * Add Fp, Fp2, Fp6 support for BW6-761 * Add G1 for BW6-761 * Prepare to support G2 twists on the same field as G1 * Remove a useless dependent type for lines * Implement G2 for BW6-761 * Fix Line leftover
2020-10-09 07:51:47 +02:00
when C.getSexticTwist() == D_Twist:
for _ in 0 ..< Iters:
var a = rng.random_elem(Fp12[C], gen)
var a2 = a
var x = rng.random_elem(Fp2[C], gen)
var y = rng.random_elem(Fp2[C], gen)
var z = rng.random_elem(Fp2[C], gen)
Line refactor (#188) * Align line evaluations to papers notations * Adjust line fusion op * precompute G2 b' for costly D-Twists
2022-04-04 10:10:36 +02:00
let line = Line[Fp2[C]](a: x, b: y, c: z)
BW6-761 part 1 (#100) * Add Fp, Fp2, Fp6 support for BW6-761 * Add G1 for BW6-761 * Prepare to support G2 twists on the same field as G1 * Remove a useless dependent type for lines * Implement G2 for BW6-761 * Fix Line leftover
2020-10-09 07:51:47 +02:00
let b = Fp12[C](
Optimize Miller Loop and prepare Multi-pairing (#159) * Pairing with affine: align API to BLST and Gurvy and common use-case. * Implement multi-pairing / aggregate verif for BLS12-381 (+2% pairing perf) * Generalize the optimized miller loop for single pairing * Immplement the miller loop addchain for BLS12-377 * Miller addition chain for BN254-Nogami * no Miller adchain for BN254-Snarks * Update the line test with new tower https://github.com/mratsim/constantine/pull/153 * Somewhat sparse for Fp2 M-Twist * Implement line by line multiplication for Fp12 D-Twist * Somewhat sparse Mul for Fp12 D-Twist * Finish the sparse and somewhat sparse multiplications
2021-02-14 13:06:57 +01:00
coords: [
Line refactor (#188) * Align line evaluations to papers notations * Adjust line fusion op * precompute G2 b' for costly D-Twists
2022-04-04 10:10:36 +02:00
Fp4[C](coords: [x, z]),
Fp4[C](coords: [y, Fp2[C]()]),
Optimize Miller Loop and prepare Multi-pairing (#159) * Pairing with affine: align API to BLST and Gurvy and common use-case. * Implement multi-pairing / aggregate verif for BLS12-381 (+2% pairing perf) * Generalize the optimized miller loop for single pairing * Immplement the miller loop addchain for BLS12-377 * Miller addition chain for BN254-Nogami * no Miller adchain for BN254-Snarks * Update the line test with new tower https://github.com/mratsim/constantine/pull/153 * Somewhat sparse for Fp2 M-Twist * Implement line by line multiplication for Fp12 D-Twist * Somewhat sparse Mul for Fp12 D-Twist * Finish the sparse and somewhat sparse multiplications
2021-02-14 13:06:57 +01:00
Fp4[C]()
]
BW6-761 part 1 (#100) * Add Fp, Fp2, Fp6 support for BW6-761 * Add G1 for BW6-761 * Prepare to support G2 twists on the same field as G1 * Remove a useless dependent type for lines * Implement G2 for BW6-761 * Fix Line leftover
2020-10-09 07:51:47 +02:00
)
a *= b
Line refactor (#188) * Align line evaluations to papers notations * Adjust line fusion op * precompute G2 b' for costly D-Twists
2022-04-04 10:10:36 +02:00
a2.mul_sparse_by_line_acb000(line)
BW6-761 part 1 (#100) * Add Fp, Fp2, Fp6 support for BW6-761 * Add G1 for BW6-761 * Prepare to support G2 twists on the same field as G1 * Remove a useless dependent type for lines * Implement G2 for BW6-761 * Fix Line leftover
2020-10-09 07:51:47 +02:00
check: bool(a == a2)
Pairings for BN254-Nogami and BN254-Snarks (#86) * Implement optimized final exponentiation for BN254-Nogami * And BN254 Snarks support * Optimize D-Twist sparse Fp12 x line multiplication * Move quadruple/octuple and add to Github issues: https://github.com/mratsim/constantine/issues/88 [skip ci]
2020-09-25 21:58:20 +02:00
staticFor(curve, TestCurves):
Line refactor (#188) * Align line evaluations to papers notations * Adjust line fusion op * precompute G2 b' for costly D-Twists
2022-04-04 10:10:36 +02:00
test_fp12_acb000(curve, gen = Uniform)
test_fp12_acb000(curve, gen = HighHammingWeight)
test_fp12_acb000(curve, gen = Long01Sequence)
Optimize Miller Loop and prepare Multi-pairing (#159) * Pairing with affine: align API to BLST and Gurvy and common use-case. * Implement multi-pairing / aggregate verif for BLS12-381 (+2% pairing perf) * Generalize the optimized miller loop for single pairing * Immplement the miller loop addchain for BLS12-377 * Miller addition chain for BN254-Nogami * no Miller adchain for BN254-Snarks * Update the line test with new tower https://github.com/mratsim/constantine/pull/153 * Somewhat sparse for Fp2 M-Twist * Implement line by line multiplication for Fp12 D-Twist * Somewhat sparse Mul for Fp12 D-Twist * Finish the sparse and somewhat sparse multiplications
2021-02-14 13:06:57 +01:00
Line refactor (#188) * Align line evaluations to papers notations * Adjust line fusion op * precompute G2 b' for costly D-Twists
2022-04-04 10:10:36 +02:00
test "Somewhat-sparse 𝔽p12/𝔽p4 resulting from ca00b0*ca00b0 line functions (M-twist only)":
proc test_fp12_ca00b0_ca00b0(C: static Curve, gen: static RandomGen) =
Optimize Miller Loop and prepare Multi-pairing (#159) * Pairing with affine: align API to BLST and Gurvy and common use-case. * Implement multi-pairing / aggregate verif for BLS12-381 (+2% pairing perf) * Generalize the optimized miller loop for single pairing * Immplement the miller loop addchain for BLS12-377 * Miller addition chain for BN254-Nogami * no Miller adchain for BN254-Snarks * Update the line test with new tower https://github.com/mratsim/constantine/pull/153 * Somewhat sparse for Fp2 M-Twist * Implement line by line multiplication for Fp12 D-Twist * Somewhat sparse Mul for Fp12 D-Twist * Finish the sparse and somewhat sparse multiplications
2021-02-14 13:06:57 +01:00
when C.getSexticTwist() == M_Twist:
for _ in 0 ..< Iters:
var x0 = rng.random_elem(Fp2[C], gen)
var y0 = rng.random_elem(Fp2[C], gen)
var z0 = rng.random_elem(Fp2[C], gen)
Line refactor (#188) * Align line evaluations to papers notations * Adjust line fusion op * precompute G2 b' for costly D-Twists
2022-04-04 10:10:36 +02:00
let line0 = Line[Fp2[C]](a: x0, b: y0, c: z0)
Optimize Miller Loop and prepare Multi-pairing (#159) * Pairing with affine: align API to BLST and Gurvy and common use-case. * Implement multi-pairing / aggregate verif for BLS12-381 (+2% pairing perf) * Generalize the optimized miller loop for single pairing * Immplement the miller loop addchain for BLS12-377 * Miller addition chain for BN254-Nogami * no Miller adchain for BN254-Snarks * Update the line test with new tower https://github.com/mratsim/constantine/pull/153 * Somewhat sparse for Fp2 M-Twist * Implement line by line multiplication for Fp12 D-Twist * Somewhat sparse Mul for Fp12 D-Twist * Finish the sparse and somewhat sparse multiplications
2021-02-14 13:06:57 +01:00
let f0 = Fp12[C](
coords: [
Line refactor (#188) * Align line evaluations to papers notations * Adjust line fusion op * precompute G2 b' for costly D-Twists
2022-04-04 10:10:36 +02:00
Fp4[C](coords: [z0, x0]),
Optimize Miller Loop and prepare Multi-pairing (#159) * Pairing with affine: align API to BLST and Gurvy and common use-case. * Implement multi-pairing / aggregate verif for BLS12-381 (+2% pairing perf) * Generalize the optimized miller loop for single pairing * Immplement the miller loop addchain for BLS12-377 * Miller addition chain for BN254-Nogami * no Miller adchain for BN254-Snarks * Update the line test with new tower https://github.com/mratsim/constantine/pull/153 * Somewhat sparse for Fp2 M-Twist * Implement line by line multiplication for Fp12 D-Twist * Somewhat sparse Mul for Fp12 D-Twist * Finish the sparse and somewhat sparse multiplications
2021-02-14 13:06:57 +01:00
Fp4[C](),
Line refactor (#188) * Align line evaluations to papers notations * Adjust line fusion op * precompute G2 b' for costly D-Twists
2022-04-04 10:10:36 +02:00
Fp4[C](coords: [y0, Fp2[C]()])
Optimize Miller Loop and prepare Multi-pairing (#159) * Pairing with affine: align API to BLST and Gurvy and common use-case. * Implement multi-pairing / aggregate verif for BLS12-381 (+2% pairing perf) * Generalize the optimized miller loop for single pairing * Immplement the miller loop addchain for BLS12-377 * Miller addition chain for BN254-Nogami * no Miller adchain for BN254-Snarks * Update the line test with new tower https://github.com/mratsim/constantine/pull/153 * Somewhat sparse for Fp2 M-Twist * Implement line by line multiplication for Fp12 D-Twist * Somewhat sparse Mul for Fp12 D-Twist * Finish the sparse and somewhat sparse multiplications
2021-02-14 13:06:57 +01:00
]
)
var x1 = rng.random_elem(Fp2[C], gen)
var y1 = rng.random_elem(Fp2[C], gen)
var z1 = rng.random_elem(Fp2[C], gen)
Line refactor (#188) * Align line evaluations to papers notations * Adjust line fusion op * precompute G2 b' for costly D-Twists
2022-04-04 10:10:36 +02:00
let line1 = Line[Fp2[C]](a: x1, b: y1, c: z1)
Optimize Miller Loop and prepare Multi-pairing (#159) * Pairing with affine: align API to BLST and Gurvy and common use-case. * Implement multi-pairing / aggregate verif for BLS12-381 (+2% pairing perf) * Generalize the optimized miller loop for single pairing * Immplement the miller loop addchain for BLS12-377 * Miller addition chain for BN254-Nogami * no Miller adchain for BN254-Snarks * Update the line test with new tower https://github.com/mratsim/constantine/pull/153 * Somewhat sparse for Fp2 M-Twist * Implement line by line multiplication for Fp12 D-Twist * Somewhat sparse Mul for Fp12 D-Twist * Finish the sparse and somewhat sparse multiplications
2021-02-14 13:06:57 +01:00
let f1 = Fp12[C](
coords: [
Line refactor (#188) * Align line evaluations to papers notations * Adjust line fusion op * precompute G2 b' for costly D-Twists
2022-04-04 10:10:36 +02:00
Fp4[C](coords: [z1, x1]),
Optimize Miller Loop and prepare Multi-pairing (#159) * Pairing with affine: align API to BLST and Gurvy and common use-case. * Implement multi-pairing / aggregate verif for BLS12-381 (+2% pairing perf) * Generalize the optimized miller loop for single pairing * Immplement the miller loop addchain for BLS12-377 * Miller addition chain for BN254-Nogami * no Miller adchain for BN254-Snarks * Update the line test with new tower https://github.com/mratsim/constantine/pull/153 * Somewhat sparse for Fp2 M-Twist * Implement line by line multiplication for Fp12 D-Twist * Somewhat sparse Mul for Fp12 D-Twist * Finish the sparse and somewhat sparse multiplications
2021-02-14 13:06:57 +01:00
Fp4[C](),
Line refactor (#188) * Align line evaluations to papers notations * Adjust line fusion op * precompute G2 b' for costly D-Twists
2022-04-04 10:10:36 +02:00
Fp4[C](coords: [y1, Fp2[C]()])
Optimize Miller Loop and prepare Multi-pairing (#159) * Pairing with affine: align API to BLST and Gurvy and common use-case. * Implement multi-pairing / aggregate verif for BLS12-381 (+2% pairing perf) * Generalize the optimized miller loop for single pairing * Immplement the miller loop addchain for BLS12-377 * Miller addition chain for BN254-Nogami * no Miller adchain for BN254-Snarks * Update the line test with new tower https://github.com/mratsim/constantine/pull/153 * Somewhat sparse for Fp2 M-Twist * Implement line by line multiplication for Fp12 D-Twist * Somewhat sparse Mul for Fp12 D-Twist * Finish the sparse and somewhat sparse multiplications
2021-02-14 13:06:57 +01:00
]
)
var r: Fp12[C]
r.prod(f0, f1)
var rl: Fp12[C]
Line refactor (#188) * Align line evaluations to papers notations * Adjust line fusion op * precompute G2 b' for costly D-Twists
2022-04-04 10:10:36 +02:00
rl.prod_zx00y0_zx00y0_into_abcd00efghij(line0, line1)
Optimize Miller Loop and prepare Multi-pairing (#159) * Pairing with affine: align API to BLST and Gurvy and common use-case. * Implement multi-pairing / aggregate verif for BLS12-381 (+2% pairing perf) * Generalize the optimized miller loop for single pairing * Immplement the miller loop addchain for BLS12-377 * Miller addition chain for BN254-Nogami * no Miller adchain for BN254-Snarks * Update the line test with new tower https://github.com/mratsim/constantine/pull/153 * Somewhat sparse for Fp2 M-Twist * Implement line by line multiplication for Fp12 D-Twist * Somewhat sparse Mul for Fp12 D-Twist * Finish the sparse and somewhat sparse multiplications
2021-02-14 13:06:57 +01:00
check: bool(r == rl)
Line refactor (#188) * Align line evaluations to papers notations * Adjust line fusion op * precompute G2 b' for costly D-Twists
2022-04-04 10:10:36 +02:00
staticFor(curve, TestCurves):
test_fp12_ca00b0_ca00b0(curve, gen = Uniform)
test_fp12_ca00b0_ca00b0(curve, gen = HighHammingWeight)
test_fp12_ca00b0_ca00b0(curve, gen = Long01Sequence)
test "Somewhat-sparse 𝔽p12/𝔽p4 resulting from acb000*acb000 line functions (D-twist only)":
proc test_fp12_acb000_acb000(C: static Curve, gen: static RandomGen) =
Optimize Miller Loop and prepare Multi-pairing (#159) * Pairing with affine: align API to BLST and Gurvy and common use-case. * Implement multi-pairing / aggregate verif for BLS12-381 (+2% pairing perf) * Generalize the optimized miller loop for single pairing * Immplement the miller loop addchain for BLS12-377 * Miller addition chain for BN254-Nogami * no Miller adchain for BN254-Snarks * Update the line test with new tower https://github.com/mratsim/constantine/pull/153 * Somewhat sparse for Fp2 M-Twist * Implement line by line multiplication for Fp12 D-Twist * Somewhat sparse Mul for Fp12 D-Twist * Finish the sparse and somewhat sparse multiplications
2021-02-14 13:06:57 +01:00
when C.getSexticTwist() == D_Twist:
for _ in 0 ..< Iters:
var x0 = rng.random_elem(Fp2[C], gen)
var y0 = rng.random_elem(Fp2[C], gen)
var z0 = rng.random_elem(Fp2[C], gen)
Line refactor (#188) * Align line evaluations to papers notations * Adjust line fusion op * precompute G2 b' for costly D-Twists
2022-04-04 10:10:36 +02:00
let line0 = Line[Fp2[C]](a: x0, b: y0, c: z0)
Optimize Miller Loop and prepare Multi-pairing (#159) * Pairing with affine: align API to BLST and Gurvy and common use-case. * Implement multi-pairing / aggregate verif for BLS12-381 (+2% pairing perf) * Generalize the optimized miller loop for single pairing * Immplement the miller loop addchain for BLS12-377 * Miller addition chain for BN254-Nogami * no Miller adchain for BN254-Snarks * Update the line test with new tower https://github.com/mratsim/constantine/pull/153 * Somewhat sparse for Fp2 M-Twist * Implement line by line multiplication for Fp12 D-Twist * Somewhat sparse Mul for Fp12 D-Twist * Finish the sparse and somewhat sparse multiplications
2021-02-14 13:06:57 +01:00
let f0 = Fp12[C](
coords: [
Line refactor (#188) * Align line evaluations to papers notations * Adjust line fusion op * precompute G2 b' for costly D-Twists
2022-04-04 10:10:36 +02:00
Fp4[C](coords: [x0, z0]),
Fp4[C](coords: [y0, Fp2[C]()]),
Optimize Miller Loop and prepare Multi-pairing (#159) * Pairing with affine: align API to BLST and Gurvy and common use-case. * Implement multi-pairing / aggregate verif for BLS12-381 (+2% pairing perf) * Generalize the optimized miller loop for single pairing * Immplement the miller loop addchain for BLS12-377 * Miller addition chain for BN254-Nogami * no Miller adchain for BN254-Snarks * Update the line test with new tower https://github.com/mratsim/constantine/pull/153 * Somewhat sparse for Fp2 M-Twist * Implement line by line multiplication for Fp12 D-Twist * Somewhat sparse Mul for Fp12 D-Twist * Finish the sparse and somewhat sparse multiplications
2021-02-14 13:06:57 +01:00
Fp4[C]()
]
)
var x1 = rng.random_elem(Fp2[C], gen)
var y1 = rng.random_elem(Fp2[C], gen)
var z1 = rng.random_elem(Fp2[C], gen)
Line refactor (#188) * Align line evaluations to papers notations * Adjust line fusion op * precompute G2 b' for costly D-Twists
2022-04-04 10:10:36 +02:00
let line1 = Line[Fp2[C]](a: x1, b: y1, c: z1)
Optimize Miller Loop and prepare Multi-pairing (#159) * Pairing with affine: align API to BLST and Gurvy and common use-case. * Implement multi-pairing / aggregate verif for BLS12-381 (+2% pairing perf) * Generalize the optimized miller loop for single pairing * Immplement the miller loop addchain for BLS12-377 * Miller addition chain for BN254-Nogami * no Miller adchain for BN254-Snarks * Update the line test with new tower https://github.com/mratsim/constantine/pull/153 * Somewhat sparse for Fp2 M-Twist * Implement line by line multiplication for Fp12 D-Twist * Somewhat sparse Mul for Fp12 D-Twist * Finish the sparse and somewhat sparse multiplications
2021-02-14 13:06:57 +01:00
let f1 = Fp12[C](
coords: [
Line refactor (#188) * Align line evaluations to papers notations * Adjust line fusion op * precompute G2 b' for costly D-Twists
2022-04-04 10:10:36 +02:00
Fp4[C](coords: [x1, z1]),
Fp4[C](coords: [y1, Fp2[C]()]),
Optimize Miller Loop and prepare Multi-pairing (#159) * Pairing with affine: align API to BLST and Gurvy and common use-case. * Implement multi-pairing / aggregate verif for BLS12-381 (+2% pairing perf) * Generalize the optimized miller loop for single pairing * Immplement the miller loop addchain for BLS12-377 * Miller addition chain for BN254-Nogami * no Miller adchain for BN254-Snarks * Update the line test with new tower https://github.com/mratsim/constantine/pull/153 * Somewhat sparse for Fp2 M-Twist * Implement line by line multiplication for Fp12 D-Twist * Somewhat sparse Mul for Fp12 D-Twist * Finish the sparse and somewhat sparse multiplications
2021-02-14 13:06:57 +01:00
Fp4[C]()
]
)
var r: Fp12[C]
r.prod(f0, f1)
var rl: Fp12[C]
Line refactor (#188) * Align line evaluations to papers notations * Adjust line fusion op * precompute G2 b' for costly D-Twists
2022-04-04 10:10:36 +02:00
rl.prod_xzy000_xzy000_into_abcdefghij00(line0, line1)
Optimize Miller Loop and prepare Multi-pairing (#159) * Pairing with affine: align API to BLST and Gurvy and common use-case. * Implement multi-pairing / aggregate verif for BLS12-381 (+2% pairing perf) * Generalize the optimized miller loop for single pairing * Immplement the miller loop addchain for BLS12-377 * Miller addition chain for BN254-Nogami * no Miller adchain for BN254-Snarks * Update the line test with new tower https://github.com/mratsim/constantine/pull/153 * Somewhat sparse for Fp2 M-Twist * Implement line by line multiplication for Fp12 D-Twist * Somewhat sparse Mul for Fp12 D-Twist * Finish the sparse and somewhat sparse multiplications
2021-02-14 13:06:57 +01:00
check: bool(r == rl)
staticFor(curve, TestCurves):
Line refactor (#188) * Align line evaluations to papers notations * Adjust line fusion op * precompute G2 b' for costly D-Twists
2022-04-04 10:10:36 +02:00
test_fp12_acb000_acb000(curve, gen = Uniform)
test_fp12_acb000_acb000(curve, gen = HighHammingWeight)
test_fp12_acb000_acb000(curve, gen = Long01Sequence)
Optimize Miller Loop and prepare Multi-pairing (#159) * Pairing with affine: align API to BLST and Gurvy and common use-case. * Implement multi-pairing / aggregate verif for BLS12-381 (+2% pairing perf) * Generalize the optimized miller loop for single pairing * Immplement the miller loop addchain for BLS12-377 * Miller addition chain for BN254-Nogami * no Miller adchain for BN254-Snarks * Update the line test with new tower https://github.com/mratsim/constantine/pull/153 * Somewhat sparse for Fp2 M-Twist * Implement line by line multiplication for Fp12 D-Twist * Somewhat sparse Mul for Fp12 D-Twist * Finish the sparse and somewhat sparse multiplications
2021-02-14 13:06:57 +01:00
Line refactor (#188) * Align line evaluations to papers notations * Adjust line fusion op * precompute G2 b' for costly D-Twists
2022-04-04 10:10:36 +02:00
test "Somewhat-sparse 𝔽p12/𝔽p4 mul by the product (acb000*acb000) of line functions (D-twist only)":
Optimize Miller Loop and prepare Multi-pairing (#159) * Pairing with affine: align API to BLST and Gurvy and common use-case. * Implement multi-pairing / aggregate verif for BLS12-381 (+2% pairing perf) * Generalize the optimized miller loop for single pairing * Immplement the miller loop addchain for BLS12-377 * Miller addition chain for BN254-Nogami * no Miller adchain for BN254-Snarks * Update the line test with new tower https://github.com/mratsim/constantine/pull/153 * Somewhat sparse for Fp2 M-Twist * Implement line by line multiplication for Fp12 D-Twist * Somewhat sparse Mul for Fp12 D-Twist * Finish the sparse and somewhat sparse multiplications
2021-02-14 13:06:57 +01:00
proc test_fp12_abcdefghij00(C: static Curve, gen: static RandomGen) =
when C.getSexticTwist() == D_Twist:
for _ in 0 ..< Iters:
var x0 = rng.random_elem(Fp2[C], gen)
var y0 = rng.random_elem(Fp2[C], gen)
var z0 = rng.random_elem(Fp2[C], gen)
Line refactor (#188) * Align line evaluations to papers notations * Adjust line fusion op * precompute G2 b' for costly D-Twists
2022-04-04 10:10:36 +02:00
let line0 = Line[Fp2[C]](a: x0, b: y0, c: z0)
Optimize Miller Loop and prepare Multi-pairing (#159) * Pairing with affine: align API to BLST and Gurvy and common use-case. * Implement multi-pairing / aggregate verif for BLS12-381 (+2% pairing perf) * Generalize the optimized miller loop for single pairing * Immplement the miller loop addchain for BLS12-377 * Miller addition chain for BN254-Nogami * no Miller adchain for BN254-Snarks * Update the line test with new tower https://github.com/mratsim/constantine/pull/153 * Somewhat sparse for Fp2 M-Twist * Implement line by line multiplication for Fp12 D-Twist * Somewhat sparse Mul for Fp12 D-Twist * Finish the sparse and somewhat sparse multiplications
2021-02-14 13:06:57 +01:00
let f0 = Fp12[C](
coords: [
Line refactor (#188) * Align line evaluations to papers notations * Adjust line fusion op * precompute G2 b' for costly D-Twists
2022-04-04 10:10:36 +02:00
Fp4[C](coords: [x0, z0]),
Fp4[C](coords: [y0, Fp2[C]()]),
Optimize Miller Loop and prepare Multi-pairing (#159) * Pairing with affine: align API to BLST and Gurvy and common use-case. * Implement multi-pairing / aggregate verif for BLS12-381 (+2% pairing perf) * Generalize the optimized miller loop for single pairing * Immplement the miller loop addchain for BLS12-377 * Miller addition chain for BN254-Nogami * no Miller adchain for BN254-Snarks * Update the line test with new tower https://github.com/mratsim/constantine/pull/153 * Somewhat sparse for Fp2 M-Twist * Implement line by line multiplication for Fp12 D-Twist * Somewhat sparse Mul for Fp12 D-Twist * Finish the sparse and somewhat sparse multiplications
2021-02-14 13:06:57 +01:00
Fp4[C]()
]
)
var x1 = rng.random_elem(Fp2[C], gen)
var y1 = rng.random_elem(Fp2[C], gen)
var z1 = rng.random_elem(Fp2[C], gen)
Line refactor (#188) * Align line evaluations to papers notations * Adjust line fusion op * precompute G2 b' for costly D-Twists
2022-04-04 10:10:36 +02:00
let line1 = Line[Fp2[C]](a: x1, b: y1, c: z1)
Optimize Miller Loop and prepare Multi-pairing (#159) * Pairing with affine: align API to BLST and Gurvy and common use-case. * Implement multi-pairing / aggregate verif for BLS12-381 (+2% pairing perf) * Generalize the optimized miller loop for single pairing * Immplement the miller loop addchain for BLS12-377 * Miller addition chain for BN254-Nogami * no Miller adchain for BN254-Snarks * Update the line test with new tower https://github.com/mratsim/constantine/pull/153 * Somewhat sparse for Fp2 M-Twist * Implement line by line multiplication for Fp12 D-Twist * Somewhat sparse Mul for Fp12 D-Twist * Finish the sparse and somewhat sparse multiplications
2021-02-14 13:06:57 +01:00
let f1 = Fp12[C](
coords: [
Line refactor (#188) * Align line evaluations to papers notations * Adjust line fusion op * precompute G2 b' for costly D-Twists
2022-04-04 10:10:36 +02:00
Fp4[C](coords: [x1, z1]),
Fp4[C](coords: [y1, Fp2[C]()]),
Optimize Miller Loop and prepare Multi-pairing (#159) * Pairing with affine: align API to BLST and Gurvy and common use-case. * Implement multi-pairing / aggregate verif for BLS12-381 (+2% pairing perf) * Generalize the optimized miller loop for single pairing * Immplement the miller loop addchain for BLS12-377 * Miller addition chain for BN254-Nogami * no Miller adchain for BN254-Snarks * Update the line test with new tower https://github.com/mratsim/constantine/pull/153 * Somewhat sparse for Fp2 M-Twist * Implement line by line multiplication for Fp12 D-Twist * Somewhat sparse Mul for Fp12 D-Twist * Finish the sparse and somewhat sparse multiplications
2021-02-14 13:06:57 +01:00
Fp4[C]()
]
)
Line refactor (#188) * Align line evaluations to papers notations * Adjust line fusion op * precompute G2 b' for costly D-Twists
2022-04-04 10:10:36 +02:00
var r: Fp12[C]
r.prod(f0, f1)
Optimize Miller Loop and prepare Multi-pairing (#159) * Pairing with affine: align API to BLST and Gurvy and common use-case. * Implement multi-pairing / aggregate verif for BLS12-381 (+2% pairing perf) * Generalize the optimized miller loop for single pairing * Immplement the miller loop addchain for BLS12-377 * Miller addition chain for BN254-Nogami * no Miller adchain for BN254-Snarks * Update the line test with new tower https://github.com/mratsim/constantine/pull/153 * Somewhat sparse for Fp2 M-Twist * Implement line by line multiplication for Fp12 D-Twist * Somewhat sparse Mul for Fp12 D-Twist * Finish the sparse and somewhat sparse multiplications
2021-02-14 13:06:57 +01:00
var rl: Fp12[C]
Line refactor (#188) * Align line evaluations to papers notations * Adjust line fusion op * precompute G2 b' for costly D-Twists
2022-04-04 10:10:36 +02:00
rl.prod_xzy000_xzy000_into_abcdefghij00(line0, line1)
Optimize Miller Loop and prepare Multi-pairing (#159) * Pairing with affine: align API to BLST and Gurvy and common use-case. * Implement multi-pairing / aggregate verif for BLS12-381 (+2% pairing perf) * Generalize the optimized miller loop for single pairing * Immplement the miller loop addchain for BLS12-377 * Miller addition chain for BN254-Nogami * no Miller adchain for BN254-Snarks * Update the line test with new tower https://github.com/mratsim/constantine/pull/153 * Somewhat sparse for Fp2 M-Twist * Implement line by line multiplication for Fp12 D-Twist * Somewhat sparse Mul for Fp12 D-Twist * Finish the sparse and somewhat sparse multiplications
2021-02-14 13:06:57 +01:00
var f = rng.random_elem(Fp12[C], gen)
var f2 = f
f *= rl
Fp12 over fp6 (#201) * introduce sumprod for direct fp6_mul * change curves -> constants * forgotten constants * Full pairing using Fp2->Fp6->Fp12 towering
2022-08-14 09:48:10 +02:00
f2.mul_sparse_by_abcdefghij00_cube_over_quad(rl)
Optimize Miller Loop and prepare Multi-pairing (#159) * Pairing with affine: align API to BLST and Gurvy and common use-case. * Implement multi-pairing / aggregate verif for BLS12-381 (+2% pairing perf) * Generalize the optimized miller loop for single pairing * Immplement the miller loop addchain for BLS12-377 * Miller addition chain for BN254-Nogami * no Miller adchain for BN254-Snarks * Update the line test with new tower https://github.com/mratsim/constantine/pull/153 * Somewhat sparse for Fp2 M-Twist * Implement line by line multiplication for Fp12 D-Twist * Somewhat sparse Mul for Fp12 D-Twist * Finish the sparse and somewhat sparse multiplications
2021-02-14 13:06:57 +01:00
check: bool(f == f2)
staticFor(curve, TestCurves):
test_fp12_abcdefghij00(curve, gen = Uniform)
test_fp12_abcdefghij00(curve, gen = HighHammingWeight)
test_fp12_abcdefghij00(curve, gen = Long01Sequence)
Line refactor (#188) * Align line evaluations to papers notations * Adjust line fusion op * precompute G2 b' for costly D-Twists
2022-04-04 10:10:36 +02:00
test "Somewhat-sparse 𝔽p12/𝔽p4 mul by the product (ca00b0*ca00b0) of line functions (M-twist only)":
proc test_fp12_abcdef00ghij(C: static Curve, gen: static RandomGen) =
Optimize Miller Loop and prepare Multi-pairing (#159) * Pairing with affine: align API to BLST and Gurvy and common use-case. * Implement multi-pairing / aggregate verif for BLS12-381 (+2% pairing perf) * Generalize the optimized miller loop for single pairing * Immplement the miller loop addchain for BLS12-377 * Miller addition chain for BN254-Nogami * no Miller adchain for BN254-Snarks * Update the line test with new tower https://github.com/mratsim/constantine/pull/153 * Somewhat sparse for Fp2 M-Twist * Implement line by line multiplication for Fp12 D-Twist * Somewhat sparse Mul for Fp12 D-Twist * Finish the sparse and somewhat sparse multiplications
2021-02-14 13:06:57 +01:00
when C.getSexticTwist() == M_Twist:
for _ in 0 ..< Iters:
var x0 = rng.random_elem(Fp2[C], gen)
var y0 = rng.random_elem(Fp2[C], gen)
var z0 = rng.random_elem(Fp2[C], gen)
Line refactor (#188) * Align line evaluations to papers notations * Adjust line fusion op * precompute G2 b' for costly D-Twists
2022-04-04 10:10:36 +02:00
let line0 = Line[Fp2[C]](a: x0, b: y0, c: z0)
Optimize Miller Loop and prepare Multi-pairing (#159) * Pairing with affine: align API to BLST and Gurvy and common use-case. * Implement multi-pairing / aggregate verif for BLS12-381 (+2% pairing perf) * Generalize the optimized miller loop for single pairing * Immplement the miller loop addchain for BLS12-377 * Miller addition chain for BN254-Nogami * no Miller adchain for BN254-Snarks * Update the line test with new tower https://github.com/mratsim/constantine/pull/153 * Somewhat sparse for Fp2 M-Twist * Implement line by line multiplication for Fp12 D-Twist * Somewhat sparse Mul for Fp12 D-Twist * Finish the sparse and somewhat sparse multiplications
2021-02-14 13:06:57 +01:00
let f0 = Fp12[C](
coords: [
Line refactor (#188) * Align line evaluations to papers notations * Adjust line fusion op * precompute G2 b' for costly D-Twists
2022-04-04 10:10:36 +02:00
Fp4[C](coords: [z0, x0]),
Optimize Miller Loop and prepare Multi-pairing (#159) * Pairing with affine: align API to BLST and Gurvy and common use-case. * Implement multi-pairing / aggregate verif for BLS12-381 (+2% pairing perf) * Generalize the optimized miller loop for single pairing * Immplement the miller loop addchain for BLS12-377 * Miller addition chain for BN254-Nogami * no Miller adchain for BN254-Snarks * Update the line test with new tower https://github.com/mratsim/constantine/pull/153 * Somewhat sparse for Fp2 M-Twist * Implement line by line multiplication for Fp12 D-Twist * Somewhat sparse Mul for Fp12 D-Twist * Finish the sparse and somewhat sparse multiplications
2021-02-14 13:06:57 +01:00
Fp4[C](),
Line refactor (#188) * Align line evaluations to papers notations * Adjust line fusion op * precompute G2 b' for costly D-Twists
2022-04-04 10:10:36 +02:00
Fp4[C](coords: [y0, Fp2[C]()])
Optimize Miller Loop and prepare Multi-pairing (#159) * Pairing with affine: align API to BLST and Gurvy and common use-case. * Implement multi-pairing / aggregate verif for BLS12-381 (+2% pairing perf) * Generalize the optimized miller loop for single pairing * Immplement the miller loop addchain for BLS12-377 * Miller addition chain for BN254-Nogami * no Miller adchain for BN254-Snarks * Update the line test with new tower https://github.com/mratsim/constantine/pull/153 * Somewhat sparse for Fp2 M-Twist * Implement line by line multiplication for Fp12 D-Twist * Somewhat sparse Mul for Fp12 D-Twist * Finish the sparse and somewhat sparse multiplications
2021-02-14 13:06:57 +01:00
]
)
var x1 = rng.random_elem(Fp2[C], gen)
var y1 = rng.random_elem(Fp2[C], gen)
var z1 = rng.random_elem(Fp2[C], gen)
Line refactor (#188) * Align line evaluations to papers notations * Adjust line fusion op * precompute G2 b' for costly D-Twists
2022-04-04 10:10:36 +02:00
let line1 = Line[Fp2[C]](a: x1, b: y1, c: z1)
Optimize Miller Loop and prepare Multi-pairing (#159) * Pairing with affine: align API to BLST and Gurvy and common use-case. * Implement multi-pairing / aggregate verif for BLS12-381 (+2% pairing perf) * Generalize the optimized miller loop for single pairing * Immplement the miller loop addchain for BLS12-377 * Miller addition chain for BN254-Nogami * no Miller adchain for BN254-Snarks * Update the line test with new tower https://github.com/mratsim/constantine/pull/153 * Somewhat sparse for Fp2 M-Twist * Implement line by line multiplication for Fp12 D-Twist * Somewhat sparse Mul for Fp12 D-Twist * Finish the sparse and somewhat sparse multiplications
2021-02-14 13:06:57 +01:00
let f1 = Fp12[C](
coords: [
Line refactor (#188) * Align line evaluations to papers notations * Adjust line fusion op * precompute G2 b' for costly D-Twists
2022-04-04 10:10:36 +02:00
Fp4[C](coords: [z1, x1]),
Optimize Miller Loop and prepare Multi-pairing (#159) * Pairing with affine: align API to BLST and Gurvy and common use-case. * Implement multi-pairing / aggregate verif for BLS12-381 (+2% pairing perf) * Generalize the optimized miller loop for single pairing * Immplement the miller loop addchain for BLS12-377 * Miller addition chain for BN254-Nogami * no Miller adchain for BN254-Snarks * Update the line test with new tower https://github.com/mratsim/constantine/pull/153 * Somewhat sparse for Fp2 M-Twist * Implement line by line multiplication for Fp12 D-Twist * Somewhat sparse Mul for Fp12 D-Twist * Finish the sparse and somewhat sparse multiplications
2021-02-14 13:06:57 +01:00
Fp4[C](),
Line refactor (#188) * Align line evaluations to papers notations * Adjust line fusion op * precompute G2 b' for costly D-Twists
2022-04-04 10:10:36 +02:00
Fp4[C](coords: [y1, Fp2[C]()])
Optimize Miller Loop and prepare Multi-pairing (#159) * Pairing with affine: align API to BLST and Gurvy and common use-case. * Implement multi-pairing / aggregate verif for BLS12-381 (+2% pairing perf) * Generalize the optimized miller loop for single pairing * Immplement the miller loop addchain for BLS12-377 * Miller addition chain for BN254-Nogami * no Miller adchain for BN254-Snarks * Update the line test with new tower https://github.com/mratsim/constantine/pull/153 * Somewhat sparse for Fp2 M-Twist * Implement line by line multiplication for Fp12 D-Twist * Somewhat sparse Mul for Fp12 D-Twist * Finish the sparse and somewhat sparse multiplications
2021-02-14 13:06:57 +01:00
]
)
Line refactor (#188) * Align line evaluations to papers notations * Adjust line fusion op * precompute G2 b' for costly D-Twists
2022-04-04 10:10:36 +02:00
var r: Fp12[C]
r.prod(f0, f1)
Optimize Miller Loop and prepare Multi-pairing (#159) * Pairing with affine: align API to BLST and Gurvy and common use-case. * Implement multi-pairing / aggregate verif for BLS12-381 (+2% pairing perf) * Generalize the optimized miller loop for single pairing * Immplement the miller loop addchain for BLS12-377 * Miller addition chain for BN254-Nogami * no Miller adchain for BN254-Snarks * Update the line test with new tower https://github.com/mratsim/constantine/pull/153 * Somewhat sparse for Fp2 M-Twist * Implement line by line multiplication for Fp12 D-Twist * Somewhat sparse Mul for Fp12 D-Twist * Finish the sparse and somewhat sparse multiplications
2021-02-14 13:06:57 +01:00
var rl: Fp12[C]
Line refactor (#188) * Align line evaluations to papers notations * Adjust line fusion op * precompute G2 b' for costly D-Twists
2022-04-04 10:10:36 +02:00
rl.prod_zx00y0_zx00y0_into_abcd00efghij(line0, line1)
Optimize Miller Loop and prepare Multi-pairing (#159) * Pairing with affine: align API to BLST and Gurvy and common use-case. * Implement multi-pairing / aggregate verif for BLS12-381 (+2% pairing perf) * Generalize the optimized miller loop for single pairing * Immplement the miller loop addchain for BLS12-377 * Miller addition chain for BN254-Nogami * no Miller adchain for BN254-Snarks * Update the line test with new tower https://github.com/mratsim/constantine/pull/153 * Somewhat sparse for Fp2 M-Twist * Implement line by line multiplication for Fp12 D-Twist * Somewhat sparse Mul for Fp12 D-Twist * Finish the sparse and somewhat sparse multiplications
2021-02-14 13:06:57 +01:00
var f = rng.random_elem(Fp12[C], gen)
var f2 = f
f *= rl
Fp12 over fp6 (#201) * introduce sumprod for direct fp6_mul * change curves -> constants * forgotten constants * Full pairing using Fp2->Fp6->Fp12 towering
2022-08-14 09:48:10 +02:00
f2.mul_sparse_by_abcd00efghij_cube_over_quad(rl)
Optimize Miller Loop and prepare Multi-pairing (#159) * Pairing with affine: align API to BLST and Gurvy and common use-case. * Implement multi-pairing / aggregate verif for BLS12-381 (+2% pairing perf) * Generalize the optimized miller loop for single pairing * Immplement the miller loop addchain for BLS12-377 * Miller addition chain for BN254-Nogami * no Miller adchain for BN254-Snarks * Update the line test with new tower https://github.com/mratsim/constantine/pull/153 * Somewhat sparse for Fp2 M-Twist * Implement line by line multiplication for Fp12 D-Twist * Somewhat sparse Mul for Fp12 D-Twist * Finish the sparse and somewhat sparse multiplications
2021-02-14 13:06:57 +01:00
check: bool(f == f2)
staticFor(curve, TestCurves):
Line refactor (#188) * Align line evaluations to papers notations * Adjust line fusion op * precompute G2 b' for costly D-Twists
2022-04-04 10:10:36 +02:00
test_fp12_abcdef00ghij(curve, gen = Uniform)
test_fp12_abcdef00ghij(curve, gen = HighHammingWeight)
test_fp12_abcdef00ghij(curve, gen = Long01Sequence)
Reference in New Issue Copy Permalink