diff --git a/benchmarks/bench_fp.nim b/benchmarks/bench_fp.nim index 5e2f06b..3633fe7 100644 --- a/benchmarks/bench_fp.nim +++ b/benchmarks/bench_fp.nim @@ -27,7 +27,8 @@ const Iters = 1_000_000 const InvIters = 1000 const AvailableCurves = [ P224, - BN254, + BN254_Nogami, + BN254_Snarks, Curve25519, P256, Secp256k1, diff --git a/benchmarks/bench_fp12.nim b/benchmarks/bench_fp12.nim index 79622b6..9742673 100644 --- a/benchmarks/bench_fp12.nim +++ b/benchmarks/bench_fp12.nim @@ -27,7 +27,8 @@ const Iters = 10_000 const InvIters = 1000 const AvailableCurves = [ # Pairing-Friendly curves - BN254, + BN254_Nogami, + BN254_Snarks, BLS12_377, BLS12_381, BN446, diff --git a/benchmarks/bench_fp2.nim b/benchmarks/bench_fp2.nim index 629abfd..2002e34 100644 --- a/benchmarks/bench_fp2.nim +++ b/benchmarks/bench_fp2.nim @@ -27,7 +27,8 @@ const Iters = 1_000_000 const InvIters = 1000 const AvailableCurves = [ # Pairing-Friendly curves - BN254, + BN254_Nogami, + BN254_Snarks, BLS12_377, BLS12_381, BN446, diff --git a/benchmarks/bench_fp6.nim b/benchmarks/bench_fp6.nim index f62cb99..1b130e5 100644 --- a/benchmarks/bench_fp6.nim +++ b/benchmarks/bench_fp6.nim @@ -27,7 +27,8 @@ const Iters = 1_000_000 const InvIters = 1000 const AvailableCurves = [ # Pairing-Friendly curves - BN254, + BN254_Nogami, + BN254_Snarks, BLS12_377, BLS12_381, BN446, diff --git a/constantine/config/curves.nim b/constantine/config/curves.nim index f58b584..e43820e 100644 --- a/constantine/config/curves.nim +++ b/constantine/config/curves.nim @@ -71,11 +71,16 @@ declareCurves: curve P224: # NIST P-224 bitsize: 224 modulus: "0xffffffff_ffffffff_ffffffff_ffffffff_00000000_00000000_00000001" - curve BN254: # Zero-Knowledge proofs curve (SNARKS, STARKS) + curve BN254_Nogami: # Integer Variable χ–Based Ate Pairing, 2008, Nogami et al + bitsize: 254 + modulus: "0x2523648240000001ba344d80000000086121000000000013a700000000000013" + # Equation: Y^2 = X^3 + 2 + # u: -(2^62 + 2^55 + 1) + curve BN254_Snarks: # Zero-Knowledge proofs curve (SNARKS, STARKS, Ethereum) bitsize: 254 modulus: "0x30644e72e131a029b85045b68181585d97816a916871ca8d3c208c16d87cfd47" # Equation: Y^2 = X^3 + 3 - # u: -(2^62 + 2^55 + 1) + # u: 4965661367192848881 curve Curve25519: # Bernstein curve bitsize: 255 modulus: "0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffed" diff --git a/sage/non_residues.sage b/sage/non_residues.sage index b04a444..246d000 100644 --- a/sage/non_residues.sage +++ b/sage/non_residues.sage @@ -18,7 +18,8 @@ # trigger "carry" code-paths that are not triggered by pairing-friendly moduli. Curves = { 'P224': Integer('0xffffffffffffffffffffffffffffffff000000000000000000000001'), - 'BN254': Integer('0x30644e72e131a029b85045b68181585d97816a916871ca8d3c208c16d87cfd47'), + 'BN254_Nogami': Integer('0x2523648240000001ba344d80000000086121000000000013a700000000000013'), + 'BN254_Snarks': Integer('0x30644e72e131a029b85045b68181585d97816a916871ca8d3c208c16d87cfd47'), 'Curve25519': Integer('0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffed'), 'P256': Integer('0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff'), 'Secp256k1': Integer('0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F'), diff --git a/tests/test_finite_fields_sqrt.nim b/tests/test_finite_fields_sqrt.nim index 7dbff2c..0d29595 100644 --- a/tests/test_finite_fields_sqrt.nim +++ b/tests/test_finite_fields_sqrt.nim @@ -109,7 +109,8 @@ proc main() = exhaustiveCheck_p3mod4 Fake65519, 65519 randomSqrtCheck_p3mod4 Mersenne61 randomSqrtCheck_p3mod4 Mersenne127 - randomSqrtCheck_p3mod4 BN254 + randomSqrtCheck_p3mod4 BN254_Nogami + randomSqrtCheck_p3mod4 BN254_Snarks randomSqrtCheck_p3mod4 P256 randomSqrtCheck_p3mod4 Secp256k1 randomSqrtCheck_p3mod4 BLS12_381 diff --git a/tests/test_finite_fields_vs_gmp.nim b/tests/test_finite_fields_vs_gmp.nim index f12f09a..f343582 100644 --- a/tests/test_finite_fields_vs_gmp.nim +++ b/tests/test_finite_fields_vs_gmp.nim @@ -20,7 +20,8 @@ import var RNG {.compileTime.} = initRand(1234) const CurveParams = [ P224, - BN254, + BN254_Nogami, + BN254_Snarks, Curve25519, P256, Secp256k1, @@ -32,7 +33,7 @@ const CurveParams = [ BN462 ] -const AvailableCurves = [P224, BN254, P256, Secp256k1, BLS12_381] +const AvailableCurves = [P224, BN254_Nogami, BN254_Snarks, P256, Secp256k1, BLS12_381] const # https://gmplib.org/manual/Integer-Import-and-Export.html GMP_WordLittleEndian = -1'i32 diff --git a/tests/test_fp12.nim b/tests/test_fp12.nim index 584cf81..a85d7a5 100644 --- a/tests/test_fp12.nim +++ b/tests/test_fp12.nim @@ -50,7 +50,8 @@ suite "𝔽p12 = 𝔽p6[√∛(1+𝑖)]": testInstance() - test(BN254) + test(BN254_Nogami) + test(BN254_Snarks) test(BLS12_377) test(BLS12_381) test(BN446) @@ -86,7 +87,8 @@ suite "𝔽p12 = 𝔽p6[√∛(1+𝑖)]": testInstance() - test(BN254) + test(BN254_Nogami) + test(BN254_Snarks) test(BLS12_377) test(BLS12_381) test(BN446) @@ -124,7 +126,8 @@ suite "𝔽p12 = 𝔽p6[√∛(1+𝑖)]": testInstance() - test(BN254) + test(BN254_Nogami) + test(BN254_Snarks) test(BLS12_377) test(BLS12_381) test(BN446) @@ -162,7 +165,8 @@ suite "𝔽p12 = 𝔽p6[√∛(1+𝑖)]": testInstance() - test(BN254) + test(BN254_Nogami) + test(BN254_Snarks) test(BLS12_377) test(BLS12_381) test(BN446) @@ -190,16 +194,28 @@ suite "𝔽p12 = 𝔽p6[√∛(1+𝑖)]": testInstance() - test(BN254): + test(BN254_Nogami): r.prod(x, Zero) check: bool(r == Zero) - test(BN254): + test(BN254_Nogami): r.prod(Zero, x) check: bool(r == Zero) - test(BN254): + test(BN254_Nogami): r.prod(x, One) check: bool(r == x) - test(BN254): + test(BN254_Nogami): + r.prod(One, x) + check: bool(r == x) + test(BN254_Snarks): + r.prod(x, Zero) + check: bool(r == Zero) + test(BN254_Snarks): + r.prod(Zero, x) + check: bool(r == Zero) + test(BN254_Snarks): + r.prod(x, One) + check: bool(r == x) + test(BN254_Snarks): r.prod(One, x) check: bool(r == x) test(BLS12_381): @@ -242,7 +258,8 @@ suite "𝔽p12 = 𝔽p6[√∛(1+𝑖)]": testInstance() - test(BN254) + test(BN254_Nogami) + test(BN254_Snarks) test(BLS12_377) test(BLS12_381) test(BN446) @@ -268,7 +285,8 @@ suite "𝔽p12 = 𝔽p6[√∛(1+𝑖)]": testInstance() - test(BN254) + test(BN254_Nogami) + test(BN254_Snarks) test(BLS12_377) test(BLS12_381) test(BN446) @@ -311,7 +329,8 @@ suite "𝔽p12 = 𝔽p6[√∛(1+𝑖)]": testInstance() - test(BN254) + test(BN254_Nogami) + test(BN254_Snarks) test(BLS12_377) test(BLS12_381) test(BN446) @@ -361,7 +380,8 @@ suite "𝔽p12 = 𝔽p6[√∛(1+𝑖)]": bool(r0 == r3) bool(r0 == r4) - abelianGroup(BN254) + abelianGroup(BN254_Nogami) + abelianGroup(BN254_Snarks) abelianGroup(BLS12_377) abelianGroup(BLS12_381) abelianGroup(BN446) @@ -411,7 +431,8 @@ suite "𝔽p12 = 𝔽p6[√∛(1+𝑖)]": bool(r0 == r3) bool(r0 == r4) - commutativeRing(BN254) + commutativeRing(BN254_Nogami) + commutativeRing(BN254_Snarks) commutativeRing(BLS12_377) commutativeRing(BLS12_381) commutativeRing(BN446) @@ -441,7 +462,8 @@ suite "𝔽p12 = 𝔽p6[√∛(1+𝑖)]": r.prod(aInv, a) check: bool(r == one) - mulInvOne(BN254) + mulInvOne(BN254_Nogami) + mulInvOne(BN254_Snarks) mulInvOne(BLS12_377) mulInvOne(BLS12_381) mulInvOne(BN446) diff --git a/tests/test_fp2.nim b/tests/test_fp2.nim index 15303bd..f7b7333 100644 --- a/tests/test_fp2.nim +++ b/tests/test_fp2.nim @@ -51,7 +51,8 @@ suite "𝔽p2 = 𝔽p[𝑖] (irreducible polynomial x²+1)": bool(r == oneBig) bool(oneFp2.c1.mres.isZero()) - test(BN254) + test(BN254_Nogami) + test(BN254_Snarks) test(BLS12_381) test "Squaring 1 returns 1": @@ -73,7 +74,8 @@ suite "𝔽p2 = 𝔽p[𝑖] (irreducible polynomial x²+1)": testInstance() - test(BN254) + test(BN254_Nogami) + test(BN254_Snarks) test(BLS12_377) test(BLS12_381) test(BN446) @@ -101,16 +103,28 @@ suite "𝔽p2 = 𝔽p[𝑖] (irreducible polynomial x²+1)": testInstance() - test(BN254): + test(BN254_Nogami): r.prod(x, Zero) check: bool(r == Zero) - test(BN254): + test(BN254_Nogami): r.prod(Zero, x) check: bool(r == Zero) - test(BN254): + test(BN254_Nogami): r.prod(x, One) check: bool(r == x) - test(BN254): + test(BN254_Nogami): + r.prod(One, x) + check: bool(r == x) + test(BN254_Snarks): + r.prod(x, Zero) + check: bool(r == Zero) + test(BN254_Snarks): + r.prod(Zero, x) + check: bool(r == Zero) + test(BN254_Snarks): + r.prod(x, One) + check: bool(r == x) + test(BN254_Snarks): r.prod(One, x) check: bool(r == x) test(BLS12_381): @@ -141,7 +155,8 @@ suite "𝔽p2 = 𝔽p[𝑖] (irreducible polynomial x²+1)": testInstance() - test(BN254) + test(BN254_Nogami) + test(BN254_Snarks) test(BLS12_377) test(BLS12_381) test(BN446) @@ -167,7 +182,8 @@ suite "𝔽p2 = 𝔽p[𝑖] (irreducible polynomial x²+1)": testInstance() - test(BN254) + test(BN254_Nogami) + test(BN254_Snarks) test(BLS12_377) test(BLS12_381) test(BN446) @@ -210,7 +226,8 @@ suite "𝔽p2 = 𝔽p[𝑖] (irreducible polynomial x²+1)": testInstance() - test(BN254) + test(BN254_Nogami) + test(BN254_Snarks) test(BLS12_377) test(BLS12_381) test(BN446) @@ -260,7 +277,8 @@ suite "𝔽p2 = 𝔽p[𝑖] (irreducible polynomial x²+1)": bool(r0 == r3) bool(r0 == r4) - abelianGroup(BN254) + abelianGroup(BN254_Nogami) + abelianGroup(BN254_Snarks) abelianGroup(BLS12_377) abelianGroup(BLS12_381) abelianGroup(BN446) @@ -310,7 +328,8 @@ suite "𝔽p2 = 𝔽p[𝑖] (irreducible polynomial x²+1)": bool(r0 == r3) bool(r0 == r4) - commutativeRing(BN254) + commutativeRing(BN254_Nogami) + commutativeRing(BN254_Snarks) commutativeRing(BLS12_377) commutativeRing(BLS12_381) commutativeRing(BN446) @@ -333,7 +352,8 @@ suite "𝔽p2 = 𝔽p[𝑖] (irreducible polynomial x²+1)": r.prod(aInv, a) check: bool(r == one) - mulInvOne(BN254) + mulInvOne(BN254_Nogami) + mulInvOne(BN254_Snarks) mulInvOne(BLS12_377) mulInvOne(BLS12_381) mulInvOne(BN446) diff --git a/tests/test_fp6.nim b/tests/test_fp6.nim index d146160..2fce201 100644 --- a/tests/test_fp6.nim +++ b/tests/test_fp6.nim @@ -50,7 +50,8 @@ suite "𝔽p6 = 𝔽p2[∛(1+𝑖)] (irreducible polynomial x³ - (1+𝑖))": testInstance() - test(BN254) + test(BN254_Nogami) + test(BN254_Snarks) test(BLS12_377) test(BLS12_381) test(BN446) @@ -86,7 +87,8 @@ suite "𝔽p6 = 𝔽p2[∛(1+𝑖)] (irreducible polynomial x³ - (1+𝑖))": testInstance() - test(BN254) + test(BN254_Nogami) + test(BN254_Snarks) test(BLS12_377) test(BLS12_381) test(BN446) @@ -124,7 +126,8 @@ suite "𝔽p6 = 𝔽p2[∛(1+𝑖)] (irreducible polynomial x³ - (1+𝑖))": testInstance() - test(BN254) + test(BN254_Nogami) + test(BN254_Snarks) test(BLS12_377) test(BLS12_381) test(BN446) @@ -162,7 +165,8 @@ suite "𝔽p6 = 𝔽p2[∛(1+𝑖)] (irreducible polynomial x³ - (1+𝑖))": testInstance() - test(BN254) + test(BN254_Nogami) + test(BN254_Snarks) test(BLS12_377) test(BLS12_381) test(BN446) @@ -190,16 +194,28 @@ suite "𝔽p6 = 𝔽p2[∛(1+𝑖)] (irreducible polynomial x³ - (1+𝑖))": testInstance() - test(BN254): + test(BN254_Nogami): r.prod(x, Zero) check: bool(r == Zero) - test(BN254): + test(BN254_Nogami): r.prod(Zero, x) check: bool(r == Zero) - test(BN254): + test(BN254_Nogami): r.prod(x, One) check: bool(r == x) - test(BN254): + test(BN254_Nogami): + r.prod(One, x) + check: bool(r == x) + test(BN254_Snarks): + r.prod(x, Zero) + check: bool(r == Zero) + test(BN254_Snarks): + r.prod(Zero, x) + check: bool(r == Zero) + test(BN254_Snarks): + r.prod(x, One) + check: bool(r == x) + test(BN254_Snarks): r.prod(One, x) check: bool(r == x) test(BLS12_381): @@ -242,7 +258,8 @@ suite "𝔽p6 = 𝔽p2[∛(1+𝑖)] (irreducible polynomial x³ - (1+𝑖))": testInstance() - test(BN254) + test(BN254_Nogami) + test(BN254_Snarks) test(BLS12_377) test(BLS12_381) test(BN446) @@ -268,7 +285,8 @@ suite "𝔽p6 = 𝔽p2[∛(1+𝑖)] (irreducible polynomial x³ - (1+𝑖))": testInstance() - test(BN254) + test(BN254_Nogami) + test(BN254_Snarks) test(BLS12_377) test(BLS12_381) test(BN446) @@ -311,7 +329,8 @@ suite "𝔽p6 = 𝔽p2[∛(1+𝑖)] (irreducible polynomial x³ - (1+𝑖))": testInstance() - test(BN254) + test(BN254_Nogami) + test(BN254_Snarks) test(BLS12_377) test(BLS12_381) test(BN446) @@ -361,7 +380,8 @@ suite "𝔽p6 = 𝔽p2[∛(1+𝑖)] (irreducible polynomial x³ - (1+𝑖))": bool(r0 == r3) bool(r0 == r4) - abelianGroup(BN254) + abelianGroup(BN254_Nogami) + abelianGroup(BN254_Snarks) abelianGroup(BLS12_377) abelianGroup(BLS12_381) abelianGroup(BN446) @@ -411,7 +431,8 @@ suite "𝔽p6 = 𝔽p2[∛(1+𝑖)] (irreducible polynomial x³ - (1+𝑖))": bool(r0 == r3) bool(r0 == r4) - commutativeRing(BN254) + commutativeRing(BN254_Nogami) + commutativeRing(BN254_Snarks) commutativeRing(BLS12_377) commutativeRing(BLS12_381) commutativeRing(BN446) @@ -441,7 +462,8 @@ suite "𝔽p6 = 𝔽p2[∛(1+𝑖)] (irreducible polynomial x³ - (1+𝑖))": r.prod(aInv, a) check: bool(r == one) - mulInvOne(BN254) + mulInvOne(BN254_Nogami) + mulInvOne(BN254_Snarks) mulInvOne(BLS12_377) mulInvOne(BLS12_381) mulInvOne(BN446)