codex-storage/constantine
1
0
Fork 0
mirror of https://github.com/codex-storage/constantine.git synced 2025-01-13 20:44:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

Rename NotOnTwist/OnTwist => subgroup G1 and G2

Browse Source
This commit is contained in:
Mamy Ratsimbazafy 2022-01-01 19:17:04 +01:00
parent 86a67013dd
commit c42e2a0251
No known key found for this signature in database
GPG Key ID: 6227262F49BE273A
104 changed files with 580 additions and 580 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
benchmarks/bench_ec_g1.nim
View File

@ -45,32 +45,32 @@ proc main() =
separator()
staticFor i, 0, AvailableCurves.len:
const curve = AvailableCurves[i]
addBench(ECP_ShortW_Prj[Fp[curve], NotOnTwist], Iters)
addBench(ECP_ShortW_Jac[Fp[curve], NotOnTwist], Iters)
mixedAddBench(ECP_ShortW_Prj[Fp[curve], NotOnTwist], Iters)
mixedAddBench(ECP_ShortW_Jac[Fp[curve], NotOnTwist], Iters)
doublingBench(ECP_ShortW_Prj[Fp[curve], NotOnTwist], Iters)
doublingBench(ECP_ShortW_Jac[Fp[curve], NotOnTwist], Iters)
addBench(ECP_ShortW_Prj[Fp[curve], G1], Iters)
addBench(ECP_ShortW_Jac[Fp[curve], G1], Iters)
mixedAddBench(ECP_ShortW_Prj[Fp[curve], G1], Iters)
mixedAddBench(ECP_ShortW_Jac[Fp[curve], G1], Iters)
doublingBench(ECP_ShortW_Prj[Fp[curve], G1], Iters)
doublingBench(ECP_ShortW_Jac[Fp[curve], G1], Iters)
separator()
affFromProjBench(ECP_ShortW_Prj[Fp[curve], NotOnTwist], MulIters)
affFromJacBench(ECP_ShortW_Jac[Fp[curve], NotOnTwist], MulIters)
affFromProjBench(ECP_ShortW_Prj[Fp[curve], G1], MulIters)
affFromJacBench(ECP_ShortW_Jac[Fp[curve], G1], MulIters)
separator()
scalarMulUnsafeDoubleAddBench(ECP_ShortW_Prj[Fp[curve], NotOnTwist], MulIters)
scalarMulUnsafeDoubleAddBench(ECP_ShortW_Jac[Fp[curve], NotOnTwist], MulIters)
scalarMulUnsafeDoubleAddBench(ECP_ShortW_Prj[Fp[curve], G1], MulIters)
scalarMulUnsafeDoubleAddBench(ECP_ShortW_Jac[Fp[curve], G1], MulIters)
separator()
scalarMulGenericBench(ECP_ShortW_Prj[Fp[curve], NotOnTwist], window = 2, MulIters)
scalarMulGenericBench(ECP_ShortW_Prj[Fp[curve], NotOnTwist], window = 3, MulIters)
scalarMulGenericBench(ECP_ShortW_Prj[Fp[curve], NotOnTwist], window = 4, MulIters)
scalarMulGenericBench(ECP_ShortW_Prj[Fp[curve], NotOnTwist], window = 5, MulIters)
scalarMulGenericBench(ECP_ShortW_Jac[Fp[curve], NotOnTwist], window = 2, MulIters)
scalarMulGenericBench(ECP_ShortW_Jac[Fp[curve], NotOnTwist], window = 3, MulIters)
scalarMulGenericBench(ECP_ShortW_Jac[Fp[curve], NotOnTwist], window = 4, MulIters)
scalarMulGenericBench(ECP_ShortW_Jac[Fp[curve], NotOnTwist], window = 5, MulIters)
scalarMulGenericBench(ECP_ShortW_Prj[Fp[curve], G1], window = 2, MulIters)
scalarMulGenericBench(ECP_ShortW_Prj[Fp[curve], G1], window = 3, MulIters)
scalarMulGenericBench(ECP_ShortW_Prj[Fp[curve], G1], window = 4, MulIters)
scalarMulGenericBench(ECP_ShortW_Prj[Fp[curve], G1], window = 5, MulIters)
scalarMulGenericBench(ECP_ShortW_Jac[Fp[curve], G1], window = 2, MulIters)
scalarMulGenericBench(ECP_ShortW_Jac[Fp[curve], G1], window = 3, MulIters)
scalarMulGenericBench(ECP_ShortW_Jac[Fp[curve], G1], window = 4, MulIters)
scalarMulGenericBench(ECP_ShortW_Jac[Fp[curve], G1], window = 5, MulIters)
separator()
scalarMulEndo(ECP_ShortW_Prj[Fp[curve], NotOnTwist], MulIters)
scalarMulEndoWindow(ECP_ShortW_Prj[Fp[curve], NotOnTwist], MulIters)
scalarMulEndo(ECP_ShortW_Jac[Fp[curve], NotOnTwist], MulIters)
scalarMulEndoWindow(ECP_ShortW_Jac[Fp[curve], NotOnTwist], MulIters)
scalarMulEndo(ECP_ShortW_Prj[Fp[curve], G1], MulIters)
scalarMulEndoWindow(ECP_ShortW_Prj[Fp[curve], G1], MulIters)
scalarMulEndo(ECP_ShortW_Jac[Fp[curve], G1], MulIters)
scalarMulEndoWindow(ECP_ShortW_Jac[Fp[curve], G1], MulIters)
separator()
separator()

40
benchmarks/bench_ec_g2.nim
View File

@ -46,30 +46,30 @@ proc main() =
separator()
staticFor i, 0, AvailableCurves.len:
const curve = AvailableCurves[i]
addBench(ECP_ShortW_Prj[Fp2[curve], OnTwist], Iters)
addBench(ECP_ShortW_Jac[Fp2[curve], OnTwist], Iters)
mixedAddBench(ECP_ShortW_Prj[Fp2[curve], OnTwist], Iters)
mixedAddBench(ECP_ShortW_Jac[Fp2[curve], OnTwist], Iters)
doublingBench(ECP_ShortW_Prj[Fp2[curve], OnTwist], Iters)
doublingBench(ECP_ShortW_Jac[Fp2[curve], OnTwist], Iters)
addBench(ECP_ShortW_Prj[Fp2[curve], G2], Iters)
addBench(ECP_ShortW_Jac[Fp2[curve], G2], Iters)
mixedAddBench(ECP_ShortW_Prj[Fp2[curve], G2], Iters)
mixedAddBench(ECP_ShortW_Jac[Fp2[curve], G2], Iters)
doublingBench(ECP_ShortW_Prj[Fp2[curve], G2], Iters)
doublingBench(ECP_ShortW_Jac[Fp2[curve], G2], Iters)
separator()
affFromProjBench(ECP_ShortW_Prj[Fp2[curve], OnTwist], MulIters)
affFromJacBench(ECP_ShortW_Jac[Fp2[curve], OnTwist], MulIters)
affFromProjBench(ECP_ShortW_Prj[Fp2[curve], G2], MulIters)
affFromJacBench(ECP_ShortW_Jac[Fp2[curve], G2], MulIters)
separator()
scalarMulUnsafeDoubleAddBench(ECP_ShortW_Prj[Fp2[curve], OnTwist], MulIters)
scalarMulUnsafeDoubleAddBench(ECP_ShortW_Jac[Fp2[curve], OnTwist], MulIters)
scalarMulUnsafeDoubleAddBench(ECP_ShortW_Prj[Fp2[curve], G2], MulIters)
scalarMulUnsafeDoubleAddBench(ECP_ShortW_Jac[Fp2[curve], G2], MulIters)
separator()
scalarMulGenericBench(ECP_ShortW_Prj[Fp2[curve], OnTwist], window = 2, MulIters)
scalarMulGenericBench(ECP_ShortW_Prj[Fp2[curve], OnTwist], window = 3, MulIters)
scalarMulGenericBench(ECP_ShortW_Prj[Fp2[curve], OnTwist], window = 4, MulIters)
scalarMulGenericBench(ECP_ShortW_Prj[Fp2[curve], OnTwist], window = 5, MulIters)
scalarMulGenericBench(ECP_ShortW_Jac[Fp2[curve], OnTwist], window = 2, MulIters)
scalarMulGenericBench(ECP_ShortW_Jac[Fp2[curve], OnTwist], window = 3, MulIters)
scalarMulGenericBench(ECP_ShortW_Jac[Fp2[curve], OnTwist], window = 4, MulIters)
scalarMulGenericBench(ECP_ShortW_Jac[Fp2[curve], OnTwist], window = 5, MulIters)
scalarMulGenericBench(ECP_ShortW_Prj[Fp2[curve], G2], window = 2, MulIters)
scalarMulGenericBench(ECP_ShortW_Prj[Fp2[curve], G2], window = 3, MulIters)
scalarMulGenericBench(ECP_ShortW_Prj[Fp2[curve], G2], window = 4, MulIters)
scalarMulGenericBench(ECP_ShortW_Prj[Fp2[curve], G2], window = 5, MulIters)
scalarMulGenericBench(ECP_ShortW_Jac[Fp2[curve], G2], window = 2, MulIters)
scalarMulGenericBench(ECP_ShortW_Jac[Fp2[curve], G2], window = 3, MulIters)
scalarMulGenericBench(ECP_ShortW_Jac[Fp2[curve], G2], window = 4, MulIters)
scalarMulGenericBench(ECP_ShortW_Jac[Fp2[curve], G2], window = 5, MulIters)
separator()
scalarMulEndo(ECP_ShortW_Prj[Fp2[curve], OnTwist], MulIters)
scalarMulEndo(ECP_ShortW_Jac[Fp2[curve], OnTwist], MulIters)
scalarMulEndo(ECP_ShortW_Prj[Fp2[curve], G2], MulIters)
scalarMulEndo(ECP_ShortW_Jac[Fp2[curve], G2], MulIters)
separator()
separator()

6
benchmarks/bench_elliptic_template.nim
View File

@ -67,7 +67,7 @@ proc mixedAddBench*(T: typedesc, iters: int) =
var r {.noInit.}: T
let P = rng.random_unsafe(T)
let Q = rng.random_unsafe(T)
var Qaff: ECP_ShortW_Aff[T.F, T.Tw]
var Qaff: ECP_ShortW_Aff[T.F, T.G]
when Q is ECP_ShortW_Prj:
Qaff.affineFromProjective(Q)
else:
@ -84,14 +84,14 @@ proc doublingBench*(T: typedesc, iters: int) =
proc affFromProjBench*(T: typedesc, iters: int) =
const G1_or_G2 = when T.F is Fp: "G1" else: "G2"
var r {.noInit.}: ECP_ShortW_Aff[T.F, T.Tw]
var r {.noInit.}: ECP_ShortW_Aff[T.F, T.G]
let P = rng.random_unsafe(T)
bench("EC Projective to Affine " & G1_or_G2, T, iters):
r.affineFromProjective(P)
proc affFromJacBench*(T: typedesc, iters: int) =
const G1_or_G2 = when T.F is Fp: "G1" else: "G2"
var r {.noInit.}: ECP_ShortW_Aff[T.F, T.Tw]
var r {.noInit.}: ECP_ShortW_Aff[T.F, T.G]
let P = rng.random_unsafe(T)
bench("EC Jacobian to Affine " & G1_or_G2, T, iters):
r.affineFromJacobian(P)

6
benchmarks/bench_hash_to_curve.nim
View File

@ -37,7 +37,7 @@ proc bench_BLS12_381_hash_to_G2(iters: int) =
const dst = "BLS_SIG_BLS12381G2-SHA256-SSWU-RO_POP_"
let msg = "Mr F was here"
var P: ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist]
var P: ECP_ShortW_Prj[Fp2[BLS12_381], G2]
bench("Hash to G2 (Draft #11)", BLS12_381, iters):
sha256.hashToCurve(
@ -52,8 +52,8 @@ proc bench_BLS12_381_proj_aff_conversion(iters: int) =
const dst = "BLS_SIG_BLS12381G2-SHA256-SSWU-RO_POP_"
let msg = "Mr F was here"
var P: ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist]
var Paff: ECP_ShortW_Aff[Fp2[BLS12_381], OnTwist]
var P: ECP_ShortW_Prj[Fp2[BLS12_381], G2]
var Paff: ECP_ShortW_Aff[Fp2[BLS12_381], G2]
sha256.hashToCurve(
k = 128,

76
benchmarks/bench_pairing_template.nim
View File

@ -48,10 +48,10 @@ template bench(op: string, C: static Curve, iters: int, body: untyped): untyped
measure(iters, startTime, stopTime, startClk, stopClk, body)
report(op, $C, startTime, stopTime, startClk, stopClk, iters)
func clearCofactorReference[F; Tw: static Twisted](
ec: var ECP_ShortW_Aff[F, Tw]) =
func clearCofactorReference[F; G: static Subgroup](
ec: var ECP_ShortW_Aff[F, G]) =
# For now we don't have any affine operation defined
var t {.noInit.}: ECP_ShortW_Prj[F, Tw]
var t {.noInit.}: ECP_ShortW_Prj[F, G]
t.projectiveFromAffine(ec)
t.clearCofactorReference()
ec.affineFromProjective(t)
@ -62,24 +62,24 @@ func random_point*(rng: var RngState, EC: typedesc): EC {.noInit.} =
proc lineDoubleBench*(C: static Curve, iters: int) =
var line: Line[Fp2[C]]
var T = rng.random_point(ECP_ShortW_Prj[Fp2[C], OnTwist])
let P = rng.random_point(ECP_ShortW_Aff[Fp[C], NotOnTwist])
var T = rng.random_point(ECP_ShortW_Prj[Fp2[C], G2])
let P = rng.random_point(ECP_ShortW_Aff[Fp[C], G1])
bench("Line double", C, iters):
line.line_double(T, P)
proc lineAddBench*(C: static Curve, iters: int) =
var line: Line[Fp2[C]]
var T = rng.random_point(ECP_ShortW_Prj[Fp2[C], OnTwist])
var T = rng.random_point(ECP_ShortW_Prj[Fp2[C], G2])
let
P = rng.random_point(ECP_ShortW_Aff[Fp[C], NotOnTwist])
Q = rng.random_point(ECP_ShortW_Aff[Fp2[C], OnTwist])
P = rng.random_point(ECP_ShortW_Aff[Fp[C], G1])
Q = rng.random_point(ECP_ShortW_Aff[Fp2[C], G2])
bench("Line add", C, iters):
line.line_add(T, Q, P)
proc mulFp12byLine_xyz000_Bench*(C: static Curve, iters: int) =
var line: Line[Fp2[C]]
var T = rng.random_point(ECP_ShortW_Prj[Fp2[C], OnTwist])
let P = rng.random_point(ECP_ShortW_Aff[Fp[C], NotOnTwist])
var T = rng.random_point(ECP_ShortW_Prj[Fp2[C], G2])
let P = rng.random_point(ECP_ShortW_Aff[Fp[C], G1])
line.line_double(T, P)
var f = rng.random_unsafe(Fp12[C])
@ -88,8 +88,8 @@ proc mulFp12byLine_xyz000_Bench*(C: static Curve, iters: int) =
proc mulFp12byLine_xy000z_Bench*(C: static Curve, iters: int) =
var line: Line[Fp2[C]]
var T = rng.random_point(ECP_ShortW_Prj[Fp2[C], OnTwist])
let P = rng.random_point(ECP_ShortW_Aff[Fp[C], NotOnTwist])
var T = rng.random_point(ECP_ShortW_Prj[Fp2[C], G2])
let P = rng.random_point(ECP_ShortW_Aff[Fp[C], G1])
line.line_double(T, P)
var f = rng.random_unsafe(Fp12[C])
@ -98,8 +98,8 @@ proc mulFp12byLine_xy000z_Bench*(C: static Curve, iters: int) =
proc mulLinebyLine_xyz000_Bench*(C: static Curve, iters: int) =
var l0, l1: Line[Fp2[C]]
var T = rng.random_point(ECP_ShortW_Prj[Fp2[C], OnTwist])
let P = rng.random_point(ECP_ShortW_Aff[Fp[C], NotOnTwist])
var T = rng.random_point(ECP_ShortW_Prj[Fp2[C], G2])
let P = rng.random_point(ECP_ShortW_Aff[Fp[C], G1])
l0.line_double(T, P)
l1.line_double(T, P)
var f = rng.random_unsafe(Fp12[C])
@ -109,8 +109,8 @@ proc mulLinebyLine_xyz000_Bench*(C: static Curve, iters: int) =
proc mulLinebyLine_xy000z_Bench*(C: static Curve, iters: int) =
var l0, l1: Line[Fp2[C]]
var T = rng.random_point(ECP_ShortW_Prj[Fp2[C], OnTwist])
let P = rng.random_point(ECP_ShortW_Aff[Fp[C], NotOnTwist])
var T = rng.random_point(ECP_ShortW_Prj[Fp2[C], G2])
let P = rng.random_point(ECP_ShortW_Aff[Fp[C], G1])
l0.line_double(T, P)
l1.line_double(T, P)
var f = rng.random_unsafe(Fp12[C])
@ -134,8 +134,8 @@ proc mulFp12by_abcd00efghij_Bench*(C: static Curve, iters: int) =
proc mulFp12_by_2lines_v1_xyz000_Bench*(C: static Curve, iters: int) =
var l0, l1: Line[Fp2[C]]
var T = rng.random_point(ECP_ShortW_Prj[Fp2[C], OnTwist])
let P = rng.random_point(ECP_ShortW_Aff[Fp[C], NotOnTwist])
var T = rng.random_point(ECP_ShortW_Prj[Fp2[C], G2])
let P = rng.random_point(ECP_ShortW_Aff[Fp[C], G1])
l0.line_double(T, P)
l1.line_double(T, P)
var f = rng.random_unsafe(Fp12[C])
@ -146,8 +146,8 @@ proc mulFp12_by_2lines_v1_xyz000_Bench*(C: static Curve, iters: int) =
proc mulFp12_by_2lines_v2_xyz000_Bench*(C: static Curve, iters: int) =
var l0, l1: Line[Fp2[C]]
var T = rng.random_point(ECP_ShortW_Prj[Fp2[C], OnTwist])
let P = rng.random_point(ECP_ShortW_Aff[Fp[C], NotOnTwist])
var T = rng.random_point(ECP_ShortW_Prj[Fp2[C], G2])
let P = rng.random_point(ECP_ShortW_Aff[Fp[C], G1])
l0.line_double(T, P)
l1.line_double(T, P)
var f = rng.random_unsafe(Fp12[C])
@ -159,8 +159,8 @@ proc mulFp12_by_2lines_v2_xyz000_Bench*(C: static Curve, iters: int) =
proc mulFp12_by_2lines_v1_xy000z_Bench*(C: static Curve, iters: int) =
var l0, l1: Line[Fp2[C]]
var T = rng.random_point(ECP_ShortW_Prj[Fp2[C], OnTwist])
let P = rng.random_point(ECP_ShortW_Aff[Fp[C], NotOnTwist])
var T = rng.random_point(ECP_ShortW_Prj[Fp2[C], G2])
let P = rng.random_point(ECP_ShortW_Aff[Fp[C], G1])
l0.line_double(T, P)
l1.line_double(T, P)
var f = rng.random_unsafe(Fp12[C])
@ -171,8 +171,8 @@ proc mulFp12_by_2lines_v1_xy000z_Bench*(C: static Curve, iters: int) =
proc mulFp12_by_2lines_v2_xy000z_Bench*(C: static Curve, iters: int) =
var l0, l1: Line[Fp2[C]]
var T = rng.random_point(ECP_ShortW_Prj[Fp2[C], OnTwist])
let P = rng.random_point(ECP_ShortW_Aff[Fp[C], NotOnTwist])
var T = rng.random_point(ECP_ShortW_Prj[Fp2[C], G2])
let P = rng.random_point(ECP_ShortW_Aff[Fp[C], G1])
l0.line_double(T, P)
l1.line_double(T, P)
var f = rng.random_unsafe(Fp12[C])
@ -184,8 +184,8 @@ proc mulFp12_by_2lines_v2_xy000z_Bench*(C: static Curve, iters: int) =
proc millerLoopBLS12Bench*(C: static Curve, iters: int) =
let
P = rng.random_point(ECP_ShortW_Aff[Fp[C], NotOnTwist])
Q = rng.random_point(ECP_ShortW_Aff[Fp2[C], OnTwist])
P = rng.random_point(ECP_ShortW_Aff[Fp[C], G1])
Q = rng.random_point(ECP_ShortW_Aff[Fp2[C], G2])
var f: Fp12[C]
bench("Miller Loop BLS12", C, iters):
@ -193,8 +193,8 @@ proc millerLoopBLS12Bench*(C: static Curve, iters: int) =
proc millerLoopBNBench*(C: static Curve, iters: int) =
let
P = rng.random_point(ECP_ShortW_Aff[Fp[C], NotOnTwist])
Q = rng.random_point(ECP_ShortW_Aff[Fp2[C], OnTwist])
P = rng.random_point(ECP_ShortW_Aff[Fp[C], G1])
Q = rng.random_point(ECP_ShortW_Aff[Fp2[C], G2])
var f: Fp12[C]
bench("Miller Loop BN", C, iters):
@ -231,8 +231,8 @@ proc finalExpBNBench*(C: static Curve, iters: int) =
proc pairingBLS12Bench*(C: static Curve, iters: int) =
let
P = rng.random_point(ECP_ShortW_Aff[Fp[C], NotOnTwist])
Q = rng.random_point(ECP_ShortW_Aff[Fp2[C], OnTwist])
P = rng.random_point(ECP_ShortW_Aff[Fp[C], G1])
Q = rng.random_point(ECP_ShortW_Aff[Fp2[C], G2])
var f: Fp12[C]
bench("Pairing BLS12", C, iters):
@ -240,12 +240,12 @@ proc pairingBLS12Bench*(C: static Curve, iters: int) =
proc pairing_multisingle_BLS12Bench*(C: static Curve, N: static int, iters: int) =
let
P = rng.random_point(ECP_ShortW_Aff[Fp[C], NotOnTwist])
Q = rng.random_point(ECP_ShortW_Aff[Fp2[C], OnTwist])
P = rng.random_point(ECP_ShortW_Aff[Fp[C], G1])
Q = rng.random_point(ECP_ShortW_Aff[Fp2[C], G2])
var
Ps {.noInit.}: array[N, ECP_ShortW_Aff[Fp[C], NotOnTwist]]
Qs {.noInit.}: array[N, ECP_ShortW_Aff[Fp2[C], OnTwist]]
Ps {.noInit.}: array[N, ECP_ShortW_Aff[Fp[C], G1]]
Qs {.noInit.}: array[N, ECP_ShortW_Aff[Fp2[C], G2]]
GTs {.noInit.}: array[N, Fp12[C]]
@ -264,8 +264,8 @@ proc pairing_multisingle_BLS12Bench*(C: static Curve, N: static int, iters: int)
proc pairing_multipairing_BLS12Bench*(C: static Curve, N: static int, iters: int) =
var
Ps {.noInit.}: array[N, ECP_ShortW_Aff[Fp[C], NotOnTwist]]
Qs {.noInit.}: array[N, ECP_ShortW_Aff[Fp2[C], OnTwist]]
Ps {.noInit.}: array[N, ECP_ShortW_Aff[Fp[C], G1]]
Qs {.noInit.}: array[N, ECP_ShortW_Aff[Fp2[C], G2]]
for i in 0 ..< N:
Ps[i] = rng.random_unsafe(typeof(Ps[0]))
@ -277,8 +277,8 @@ proc pairing_multipairing_BLS12Bench*(C: static Curve, N: static int, iters: int
proc pairingBNBench*(C: static Curve, iters: int) =
let
P = rng.random_point(ECP_ShortW_Aff[Fp[C], NotOnTwist])
Q = rng.random_point(ECP_ShortW_Aff[Fp2[C], OnTwist])
P = rng.random_point(ECP_ShortW_Aff[Fp[C], G1])
Q = rng.random_point(ECP_ShortW_Aff[Fp2[C], G2])
var f: Fp12[C]
bench("Pairing BN", C, iters):

32
benchmarks/bench_summary_bls12_377.nim
View File

@ -49,25 +49,25 @@ proc main() =
invBench(Fp2[curve], Iters)
sqrtBench(Fp2[curve], Iters)
separator()
addBench(ECP_ShortW_Prj[Fp[curve], NotOnTwist], Iters)
mixedAddBench(ECP_ShortW_Prj[Fp[curve], NotOnTwist], Iters)
doublingBench(ECP_ShortW_Prj[Fp[curve], NotOnTwist], Iters)
scalarMulBench(ECP_ShortW_Prj[Fp[curve], NotOnTwist], Iters)
addBench(ECP_ShortW_Prj[Fp[curve], G1], Iters)
mixedAddBench(ECP_ShortW_Prj[Fp[curve], G1], Iters)
doublingBench(ECP_ShortW_Prj[Fp[curve], G1], Iters)
scalarMulBench(ECP_ShortW_Prj[Fp[curve], G1], Iters)
separator()
addBench(ECP_ShortW_Jac[Fp[curve], NotOnTwist], Iters)
mixedAddBench(ECP_ShortW_Jac[Fp[curve], NotOnTwist], Iters)
doublingBench(ECP_ShortW_Jac[Fp[curve], NotOnTwist], Iters)
scalarMulBench(ECP_ShortW_Jac[Fp[curve], NotOnTwist], Iters)
addBench(ECP_ShortW_Jac[Fp[curve], G1], Iters)
mixedAddBench(ECP_ShortW_Jac[Fp[curve], G1], Iters)
doublingBench(ECP_ShortW_Jac[Fp[curve], G1], Iters)
scalarMulBench(ECP_ShortW_Jac[Fp[curve], G1], Iters)
separator()
addBench(ECP_ShortW_Prj[Fp2[curve], OnTwist], Iters)
mixedAddBench(ECP_ShortW_Prj[Fp2[curve], OnTwist], Iters)
doublingBench(ECP_ShortW_Prj[Fp2[curve], OnTwist], Iters)
scalarMulBench(ECP_ShortW_Prj[Fp2[curve], OnTwist], Iters)
addBench(ECP_ShortW_Prj[Fp2[curve], G2], Iters)
mixedAddBench(ECP_ShortW_Prj[Fp2[curve], G2], Iters)
doublingBench(ECP_ShortW_Prj[Fp2[curve], G2], Iters)
scalarMulBench(ECP_ShortW_Prj[Fp2[curve], G2], Iters)
separator()
addBench(ECP_ShortW_Jac[Fp2[curve], OnTwist], Iters)
mixedAddBench(ECP_ShortW_Jac[Fp2[curve], OnTwist], Iters)
doublingBench(ECP_ShortW_Jac[Fp2[curve], OnTwist], Iters)
scalarMulBench(ECP_ShortW_Jac[Fp2[curve], OnTwist], Iters)
addBench(ECP_ShortW_Jac[Fp2[curve], G2], Iters)
mixedAddBench(ECP_ShortW_Jac[Fp2[curve], G2], Iters)
doublingBench(ECP_ShortW_Jac[Fp2[curve], G2], Iters)
scalarMulBench(ECP_ShortW_Jac[Fp2[curve], G2], Iters)
separator()
mulBench(Fp12[curve], Iters)
sqrBench(Fp12[curve], Iters)

32
benchmarks/bench_summary_bls12_381.nim
View File

@ -49,25 +49,25 @@ proc main() =
invBench(Fp2[curve], Iters)
sqrtBench(Fp2[curve], Iters)
separator()
addBench(ECP_ShortW_Prj[Fp[curve], NotOnTwist], Iters)
mixedAddBench(ECP_ShortW_Prj[Fp[curve], NotOnTwist], Iters)
doublingBench(ECP_ShortW_Prj[Fp[curve], NotOnTwist], Iters)
scalarMulBench(ECP_ShortW_Prj[Fp[curve], NotOnTwist], Iters)
addBench(ECP_ShortW_Prj[Fp[curve], G1], Iters)
mixedAddBench(ECP_ShortW_Prj[Fp[curve], G1], Iters)
doublingBench(ECP_ShortW_Prj[Fp[curve], G1], Iters)
scalarMulBench(ECP_ShortW_Prj[Fp[curve], G1], Iters)
separator()
addBench(ECP_ShortW_Jac[Fp[curve], NotOnTwist], Iters)
mixedAddBench(ECP_ShortW_Jac[Fp[curve], NotOnTwist], Iters)
doublingBench(ECP_ShortW_Jac[Fp[curve], NotOnTwist], Iters)
scalarMulBench(ECP_ShortW_Jac[Fp[curve], NotOnTwist], Iters)
addBench(ECP_ShortW_Jac[Fp[curve], G1], Iters)
mixedAddBench(ECP_ShortW_Jac[Fp[curve], G1], Iters)
doublingBench(ECP_ShortW_Jac[Fp[curve], G1], Iters)
scalarMulBench(ECP_ShortW_Jac[Fp[curve], G1], Iters)
separator()
addBench(ECP_ShortW_Prj[Fp2[curve], OnTwist], Iters)
mixedAddBench(ECP_ShortW_Prj[Fp2[curve], OnTwist], Iters)
doublingBench(ECP_ShortW_Prj[Fp2[curve], OnTwist], Iters)
scalarMulBench(ECP_ShortW_Prj[Fp2[curve], OnTwist], Iters)
addBench(ECP_ShortW_Prj[Fp2[curve], G2], Iters)
mixedAddBench(ECP_ShortW_Prj[Fp2[curve], G2], Iters)
doublingBench(ECP_ShortW_Prj[Fp2[curve], G2], Iters)
scalarMulBench(ECP_ShortW_Prj[Fp2[curve], G2], Iters)
separator()
addBench(ECP_ShortW_Jac[Fp2[curve], OnTwist], Iters)
mixedAddBench(ECP_ShortW_Jac[Fp2[curve], OnTwist], Iters)
doublingBench(ECP_ShortW_Jac[Fp2[curve], OnTwist], Iters)
scalarMulBench(ECP_ShortW_Jac[Fp2[curve], OnTwist], Iters)
addBench(ECP_ShortW_Jac[Fp2[curve], G2], Iters)
mixedAddBench(ECP_ShortW_Jac[Fp2[curve], G2], Iters)
doublingBench(ECP_ShortW_Jac[Fp2[curve], G2], Iters)
scalarMulBench(ECP_ShortW_Jac[Fp2[curve], G2], Iters)
separator()
mulBench(Fp12[curve], Iters)
sqrBench(Fp12[curve], Iters)

32
benchmarks/bench_summary_bn254_nogami.nim
View File

@ -49,25 +49,25 @@ proc main() =
invBench(Fp2[curve], Iters)
sqrtBench(Fp2[curve], Iters)
separator()
addBench(ECP_ShortW_Prj[Fp[curve], NotOnTwist], Iters)
mixedAddBench(ECP_ShortW_Prj[Fp[curve], NotOnTwist], Iters)
doublingBench(ECP_ShortW_Prj[Fp[curve], NotOnTwist], Iters)
scalarMulBench(ECP_ShortW_Prj[Fp[curve], NotOnTwist], Iters)
addBench(ECP_ShortW_Prj[Fp[curve], G1], Iters)
mixedAddBench(ECP_ShortW_Prj[Fp[curve], G1], Iters)
doublingBench(ECP_ShortW_Prj[Fp[curve], G1], Iters)
scalarMulBench(ECP_ShortW_Prj[Fp[curve], G1], Iters)
separator()
addBench(ECP_ShortW_Jac[Fp[curve], NotOnTwist], Iters)
mixedAddBench(ECP_ShortW_Jac[Fp[curve], NotOnTwist], Iters)
doublingBench(ECP_ShortW_Jac[Fp[curve], NotOnTwist], Iters)
scalarMulBench(ECP_ShortW_Jac[Fp[curve], NotOnTwist], Iters)
addBench(ECP_ShortW_Jac[Fp[curve], G1], Iters)
mixedAddBench(ECP_ShortW_Jac[Fp[curve], G1], Iters)
doublingBench(ECP_ShortW_Jac[Fp[curve], G1], Iters)
scalarMulBench(ECP_ShortW_Jac[Fp[curve], G1], Iters)
separator()
addBench(ECP_ShortW_Prj[Fp2[curve], OnTwist], Iters)
mixedAddBench(ECP_ShortW_Prj[Fp2[curve], OnTwist], Iters)
doublingBench(ECP_ShortW_Prj[Fp2[curve], OnTwist], Iters)
scalarMulBench(ECP_ShortW_Prj[Fp2[curve], OnTwist], Iters)
addBench(ECP_ShortW_Prj[Fp2[curve], G2], Iters)
mixedAddBench(ECP_ShortW_Prj[Fp2[curve], G2], Iters)
doublingBench(ECP_ShortW_Prj[Fp2[curve], G2], Iters)
scalarMulBench(ECP_ShortW_Prj[Fp2[curve], G2], Iters)
separator()
addBench(ECP_ShortW_Jac[Fp2[curve], OnTwist], Iters)
mixedAddBench(ECP_ShortW_Jac[Fp2[curve], OnTwist], Iters)
doublingBench(ECP_ShortW_Jac[Fp2[curve], OnTwist], Iters)
scalarMulBench(ECP_ShortW_Jac[Fp2[curve], OnTwist], Iters)
addBench(ECP_ShortW_Jac[Fp2[curve], G2], Iters)
mixedAddBench(ECP_ShortW_Jac[Fp2[curve], G2], Iters)
doublingBench(ECP_ShortW_Jac[Fp2[curve], G2], Iters)
scalarMulBench(ECP_ShortW_Jac[Fp2[curve], G2], Iters)
separator()
mulBench(Fp12[curve], Iters)
sqrBench(Fp12[curve], Iters)

32
benchmarks/bench_summary_bn254_snarks.nim
View File

@ -49,25 +49,25 @@ proc main() =
invBench(Fp2[curve], Iters)
sqrtBench(Fp2[curve], Iters)
separator()
addBench(ECP_ShortW_Prj[Fp[curve], NotOnTwist], Iters)
mixedAddBench(ECP_ShortW_Prj[Fp[curve], NotOnTwist], Iters)
doublingBench(ECP_ShortW_Prj[Fp[curve], NotOnTwist], Iters)
scalarMulBench(ECP_ShortW_Prj[Fp[curve], NotOnTwist], Iters)
addBench(ECP_ShortW_Prj[Fp[curve], G1], Iters)
mixedAddBench(ECP_ShortW_Prj[Fp[curve], G1], Iters)
doublingBench(ECP_ShortW_Prj[Fp[curve], G1], Iters)
scalarMulBench(ECP_ShortW_Prj[Fp[curve], G1], Iters)
separator()
addBench(ECP_ShortW_Jac[Fp[curve], NotOnTwist], Iters)
mixedAddBench(ECP_ShortW_Jac[Fp[curve], NotOnTwist], Iters)
doublingBench(ECP_ShortW_Jac[Fp[curve], NotOnTwist], Iters)
scalarMulBench(ECP_ShortW_Jac[Fp[curve], NotOnTwist], Iters)
addBench(ECP_ShortW_Jac[Fp[curve], G1], Iters)
mixedAddBench(ECP_ShortW_Jac[Fp[curve], G1], Iters)
doublingBench(ECP_ShortW_Jac[Fp[curve], G1], Iters)
scalarMulBench(ECP_ShortW_Jac[Fp[curve], G1], Iters)
separator()
addBench(ECP_ShortW_Prj[Fp2[curve], OnTwist], Iters)
mixedAddBench(ECP_ShortW_Prj[Fp2[curve], OnTwist], Iters)
doublingBench(ECP_ShortW_Prj[Fp2[curve], OnTwist], Iters)
scalarMulBench(ECP_ShortW_Prj[Fp2[curve], OnTwist], Iters)
addBench(ECP_ShortW_Prj[Fp2[curve], G2], Iters)
mixedAddBench(ECP_ShortW_Prj[Fp2[curve], G2], Iters)
doublingBench(ECP_ShortW_Prj[Fp2[curve], G2], Iters)
scalarMulBench(ECP_ShortW_Prj[Fp2[curve], G2], Iters)
separator()
addBench(ECP_ShortW_Jac[Fp2[curve], OnTwist], Iters)
mixedAddBench(ECP_ShortW_Jac[Fp2[curve], OnTwist], Iters)
doublingBench(ECP_ShortW_Jac[Fp2[curve], OnTwist], Iters)
scalarMulBench(ECP_ShortW_Jac[Fp2[curve], OnTwist], Iters)
addBench(ECP_ShortW_Jac[Fp2[curve], G2], Iters)
mixedAddBench(ECP_ShortW_Jac[Fp2[curve], G2], Iters)
doublingBench(ECP_ShortW_Jac[Fp2[curve], G2], Iters)
scalarMulBench(ECP_ShortW_Jac[Fp2[curve], G2], Iters)
separator()
mulBench(Fp12[curve], Iters)
sqrBench(Fp12[curve], Iters)

26
benchmarks/bench_summary_template.nim
View File

@ -81,10 +81,10 @@ template bench(op: string, T: typed, iters: int, body: untyped): untyped =
measure(iters, startTime, stopTime, startClk, stopClk, body)
report(op, fixDisplay(T), startTime, stopTime, startClk, stopClk, iters)
func clearCofactorReference[F; Tw: static Twisted](
ec: var ECP_ShortW_Aff[F, Tw]) =
func clearCofactorReference[F; G: static Subgroup](
ec: var ECP_ShortW_Aff[F, G]) =
# For now we don't have any affine operation defined
var t {.noInit.}: ECP_ShortW_Prj[F, Tw]
var t {.noInit.}: ECP_ShortW_Prj[F, G]
t.projectiveFromAffine(ec)
t.clearCofactorReference()
ec.affineFromProjective(t)
@ -134,7 +134,7 @@ proc mixedAddBench*(T: typedesc, iters: int) =
var r {.noInit.}: T
let P = rng.random_unsafe(T)
let Q = rng.random_unsafe(T)
var Qaff: ECP_ShortW_Aff[T.F, T.Tw]
var Qaff: ECP_ShortW_Aff[T.F, T.G]
when Q is ECP_ShortW_Prj:
Qaff.affineFromProjective(Q)
else:
@ -166,8 +166,8 @@ proc scalarMulBench*(T: typedesc, iters: int) =
proc millerLoopBLS12Bench*(C: static Curve, iters: int) =
let
P = rng.random_point(ECP_ShortW_Aff[Fp[C], NotOnTwist])
Q = rng.random_point(ECP_ShortW_Aff[Fp2[C], OnTwist])
P = rng.random_point(ECP_ShortW_Aff[Fp[C], G1])
Q = rng.random_point(ECP_ShortW_Aff[Fp2[C], G2])
var f: Fp12[C]
bench("Miller Loop BLS12", C, iters):
@ -175,8 +175,8 @@ proc millerLoopBLS12Bench*(C: static Curve, iters: int) =
proc millerLoopBNBench*(C: static Curve, iters: int) =
let
P = rng.random_point(ECP_ShortW_Aff[Fp[C], NotOnTwist])
Q = rng.random_point(ECP_ShortW_Aff[Fp2[C], OnTwist])
P = rng.random_point(ECP_ShortW_Aff[Fp[C], G1])
Q = rng.random_point(ECP_ShortW_Aff[Fp2[C], G2])
var f: Fp12[C]
bench("Miller Loop BN", C, iters):
@ -196,8 +196,8 @@ proc finalExpBNBench*(C: static Curve, iters: int) =
proc pairingBLS12Bench*(C: static Curve, iters: int) =
let
P = rng.random_point(ECP_ShortW_Aff[Fp[C], NotOnTwist])
Q = rng.random_point(ECP_ShortW_Aff[Fp2[C], OnTwist])
P = rng.random_point(ECP_ShortW_Aff[Fp[C], G1])
Q = rng.random_point(ECP_ShortW_Aff[Fp2[C], G2])
var f: Fp12[C]
bench("Pairing BLS12", C, iters):
@ -205,8 +205,8 @@ proc pairingBLS12Bench*(C: static Curve, iters: int) =
proc pairingBNBench*(C: static Curve, iters: int) =
let
P = rng.random_point(ECP_ShortW_Aff[Fp[C], NotOnTwist])
Q = rng.random_point(ECP_ShortW_Aff[Fp2[C], OnTwist])
P = rng.random_point(ECP_ShortW_Aff[Fp[C], G1])
Q = rng.random_point(ECP_ShortW_Aff[Fp2[C], G2])
var f: Fp12[C]
bench("Pairing BN", C, iters):
@ -218,7 +218,7 @@ proc hashToCurveBLS12_381G2Bench*(iters: int) =
# 'CryptoHash' resolution issue
const dst = "BLS_SIG_BLS12381G2-SHA256-SSWU-RO_POP_"
let msg = "Mr F was here"
var P: ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist]
var P: ECP_ShortW_Prj[Fp2[BLS12_381], G2]
bench("Hash to G2 (Draft #11)", BLS12_381, iters):
sha256.hashToCurve(

6
constantine/curves/bls12_377_pairing.nim
View File

@ -42,13 +42,13 @@ const BLS12_377_pairing_finalexponent* = block:
func millerLoopAddchain*(
f: var Fp12[BLS12_377],
Q: ECP_ShortW_Aff[Fp2[BLS12_377], OnTwist],
P: ECP_ShortW_Aff[Fp[BLS12_377], NotOnTwist]
Q: ECP_ShortW_Aff[Fp2[BLS12_377], G2],
P: ECP_ShortW_Aff[Fp[BLS12_377], G1]
) =
## Miller Loop for BLS12-377 curve
## Computes f{u,Q}(P) with u the BLS curve parameter
var T {.noInit.}: ECP_ShortW_Prj[Fp2[BLS12_377], OnTwist]
var T {.noInit.}: ECP_ShortW_Prj[Fp2[BLS12_377], G2]
f.miller_init_double_then_add(T, Q, P, 5) # 0b100001
f.miller_accum_double_then_add(T, Q, P, 2) # 0b10000101

12
constantine/curves/bls12_381_pairing.nim
View File

@ -40,13 +40,13 @@ const BLS12_381_pairing_finalexponent* = block:
func millerLoopAddchain*(
f: var Fp12[BLS12_381],
Q: ECP_ShortW_Aff[Fp2[BLS12_381], OnTwist],
P: ECP_ShortW_Aff[Fp[BLS12_381], NotOnTwist]
Q: ECP_ShortW_Aff[Fp2[BLS12_381], G2],
P: ECP_ShortW_Aff[Fp[BLS12_381], G1]
) =
## Miller Loop for BLS12-381 curve
## Computes f{u,Q}(P) with u the BLS curve parameter
var T {.noInit.}: ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist]
var T {.noInit.}: ECP_ShortW_Prj[Fp2[BLS12_381], G2]
f.miller_init_double_then_add(T, Q, P, 1) # 0b11
f.miller_accum_double_then_add(T, Q, P, 2) # 0b1101
@ -60,13 +60,13 @@ func millerLoopAddchain*(
func millerLoopAddchain*[N: static int](
f: var Fp12[BLS12_381],
Qs: array[N, ECP_ShortW_Aff[Fp2[BLS12_381], OnTwist]],
Ps: array[N, ECP_ShortW_Aff[Fp[BLS12_381], NotOnTwist]]
Qs: array[N, ECP_ShortW_Aff[Fp2[BLS12_381], G2]],
Ps: array[N, ECP_ShortW_Aff[Fp[BLS12_381], G1]]
) =
## Generic Miller Loop for BLS12 curve
## Computes f{u,Q}(P) with u the BLS curve parameter
var Ts {.noInit.}: array[N, ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist]]
var Ts {.noInit.}: array[N, ECP_ShortW_Prj[Fp2[BLS12_381], G2]]
# Ate param addition chain
# Hex: 0xd201000000010000

6
constantine/curves/bn254_nogami_pairing.nim
View File

@ -38,12 +38,12 @@ const BN254_Nogami_pairing_finalexponent* = block:
func millerLoopAddchain*(
f: var Fp12[BN254_Nogami],
Q: ECP_ShortW_Aff[Fp2[BN254_Nogami], OnTwist],
P: ECP_ShortW_Aff[Fp[BN254_Nogami], NotOnTwist]
Q: ECP_ShortW_Aff[Fp2[BN254_Nogami], G2],
P: ECP_ShortW_Aff[Fp[BN254_Nogami], G1]
) =
## Miller Loop for BN254-Nogami curve
## Computes f{6u+2,Q}(P) with u the BLS curve parameter
var T {.noInit.}: ECP_ShortW_Prj[Fp2[BN254_Nogami], OnTwist]
var T {.noInit.}: ECP_ShortW_Prj[Fp2[BN254_Nogami], G2]
f.miller_init_double_then_add(T, Q, P, 1) # 0b11
f.miller_accum_double_then_add(T, Q, P, 6) # 0b11000001

6
constantine/ec_shortweierstrass.nim
View File

@ -22,9 +22,9 @@ import
export ec_shortweierstrass_affine, ec_shortweierstrass_jacobian, ec_shortweierstrass_projective, ec_scalar_mul
func projectiveFromJacobian*[F; Tw](
prj: var ECP_ShortW_Prj[F, Tw],
jac: ECP_ShortW_Jac[F, Tw]) {.inline.} =
func projectiveFromJacobian*[F; G](
prj: var ECP_ShortW_Prj[F, G],
jac: ECP_ShortW_Jac[F, G]) {.inline.} =
prj.x.prod(jac.x, jac.z)
prj.y = jac.y
prj.z.square(jac.z)

4
constantine/elliptic/ec_endomorphism_accel.nim
View File

@ -292,7 +292,7 @@ func scalarMulEndo*[scalBits; EC](
const M = 2
# 1. Compute endomorphisms
var endomorphisms {.noInit.}: array[M-1, typeof(P)]
when P.Tw == NotOnTwist:
when P.G == G1:
endomorphisms[0] = P
endomorphisms[0].x *= C.getCubicRootOfUnity_mod_p()
else:
@ -481,7 +481,7 @@ func scalarMulGLV_m2w2*[scalBits; EC](
static: doAssert: scalBits == C.getCurveOrderBitwidth()
# 1. Compute endomorphisms
when P0.Tw == NotOnTwist:
when P0.G == G1:
var P1 = P0
P1.x *= C.getCubicRootOfUnity_mod_p()
else:

22
constantine/elliptic/ec_shortweierstrass_affine.nim
View File

@ -22,11 +22,11 @@ import
# ############################################################
type
Twisted* = enum
NotOnTwist
OnTwist
Subgroup* = enum
G1
G2
ECP_ShortW_Aff*[F; Tw: static Twisted] = object
ECP_ShortW_Aff*[F; G: static Subgroup] = object
## Elliptic curve point for a curve in Short Weierstrass form
## y² = x³ + a x + b
##
@ -45,7 +45,7 @@ func isInf*(P: ECP_ShortW_Aff): SecretBool =
## and false otherwise
result = P.x.isZero() and P.y.isZero()
func curve_eq_rhs*[F](y2: var F, x: F, Tw: static Twisted) =
func curve_eq_rhs*[F](y2: var F, x: F, G: static Subgroup) =
## Compute the curve equation right-hand-side from field element `x`
## i.e. `y²` in `y² = x³ + a x + b`
## or on sextic twists for pairing curves `y² = x³ + b/µ` or `y² = x³ + µ b`
@ -55,7 +55,7 @@ func curve_eq_rhs*[F](y2: var F, x: F, Tw: static Twisted) =
t.square(x)
t *= x
when Tw == NotOnTwist:
when G == G1:
when F.C.getCoefB() >= 0:
y2.fromUint uint F.C.getCoefB()
y2 += t
@ -70,18 +70,18 @@ func curve_eq_rhs*[F](y2: var F, x: F, Tw: static Twisted) =
t *= F.C.getCoefA()
y2 += t
func isOnCurve*[F](x, y: F, Tw: static Twisted): SecretBool =
func isOnCurve*[F](x, y: F, G: static Subgroup): SecretBool =
## Returns true if the (x, y) coordinates
## represents a point of the elliptic curve
var y2, rhs {.noInit.}: F
y2.square(y)
rhs.curve_eq_rhs(x, Tw)
rhs.curve_eq_rhs(x, G)
return y2 == rhs
func trySetFromCoordX*[F, Tw](
P: var ECP_ShortW_Aff[F, Tw],
func trySetFromCoordX*[F, G](
P: var ECP_ShortW_Aff[F, G],
x: F): SecretBool =
## Try to create a point the elliptic curve
## y² = x³ + a x + b (affine coordinate)
@ -101,7 +101,7 @@ func trySetFromCoordX*[F, Tw](
## - scalar multiplication works
## - a generator point is defined
## i.e. you can't test unless everything is already working
P.y.curve_eq_rhs(x, Tw)
P.y.curve_eq_rhs(x, G)
result = sqrt_if_square(P.y)
P.x = x

60
constantine/elliptic/ec_shortweierstrass_jacobian.nim
View File

@ -13,7 +13,7 @@ import
../towers,
./ec_shortweierstrass_affine
export Twisted
export Subgroup
# ############################################################
#
@ -22,7 +22,7 @@ export Twisted
#
# ############################################################
type ECP_ShortW_Jac*[F; Tw: static Twisted] = object
type ECP_ShortW_Jac*[F; G: static Subgroup] = object
## Elliptic curve point for a curve in Short Weierstrass form
## y² = x³ + a x + b
##
@ -80,8 +80,8 @@ func ccopy*(P: var ECP_ShortW_Jac, Q: ECP_ShortW_Jac, ctl: SecretBool) {.inline.
for fP, fQ in fields(P, Q):
ccopy(fP, fQ, ctl)
func trySetFromCoordsXandZ*[F; Tw](
P: var ECP_ShortW_Jac[F, Tw],
func trySetFromCoordsXandZ*[F; G](
P: var ECP_ShortW_Jac[F, G],
x, z: F): SecretBool =
## Try to create a point the elliptic curve
## Y² = X³ + aXZ⁴ + bZ⁶ (Jacobian coordinates)
@ -100,7 +100,7 @@ func trySetFromCoordsXandZ*[F; Tw](
## - scalar multiplication works
## - a generator point is defined
## i.e. you can't test unless everything is already working
P.y.curve_eq_rhs(x, Tw)
P.y.curve_eq_rhs(x, G)
result = sqrt_if_square(P.y)
var z2 {.noInit.}: F
@ -110,8 +110,8 @@ func trySetFromCoordsXandZ*[F; Tw](
P.y *= z
P.z = z
func trySetFromCoordX*[F; Tw](
P: var ECP_ShortW_Jac[F, Tw],
func trySetFromCoordX*[F; G](
P: var ECP_ShortW_Jac[F, G],
x: F): SecretBool =
## Try to create a point the elliptic curve
## y² = x³ + a x + b (affine coordinate)
@ -132,7 +132,7 @@ func trySetFromCoordX*[F; Tw](
## - scalar multiplication works
## - a generator point is defined
## i.e. you can't test unless everything is already working
P.y.curve_eq_rhs(x, Tw)
P.y.curve_eq_rhs(x, G)
result = sqrt_if_square(P.y)
P.x = x
P.z.setOne()
@ -152,9 +152,9 @@ func cneg*(P: var ECP_ShortW_Jac, ctl: CTBool) {.inline.} =
## Negate if ``ctl`` is true
P.y.cneg(ctl)
template sumImpl[F; Tw: static Twisted](
r: var ECP_ShortW_Jac[F, Tw],
P, Q: ECP_ShortW_Jac[F, Tw],
template sumImpl[F; G: static Subgroup](
r: var ECP_ShortW_Jac[F, G],
P, Q: ECP_ShortW_Jac[F, G],
CoefA: untyped
) =
## Elliptic curve point addition for Short Weierstrass curves in Jacobian coordinates
@ -324,9 +324,9 @@ template sumImpl[F; Tw: static Twisted](
r.ccopy(Q, P.isInf())
r.ccopy(P, Q.isInf())
func sum*[F; Tw: static Twisted](
r: var ECP_ShortW_Jac[F, Tw],
P, Q: ECP_ShortW_Jac[F, Tw],
func sum*[F; G: static Subgroup](
r: var ECP_ShortW_Jac[F, G],
P, Q: ECP_ShortW_Jac[F, G],
CoefA: static F
) =
## Elliptic curve point addition for Short Weierstrass curves in Jacobian coordinates
@ -349,9 +349,9 @@ func sum*[F; Tw: static Twisted](
## This is done by using a "complete" or "exception-free" addition law.
r.sumImpl(P, Q, CoefA)
func sum*[F; Tw: static Twisted](
r: var ECP_ShortW_Jac[F, Tw],
P, Q: ECP_ShortW_Jac[F, Tw]
func sum*[F; G: static Subgroup](
r: var ECP_ShortW_Jac[F, G],
P, Q: ECP_ShortW_Jac[F, G]
) =
## Elliptic curve point addition for Short Weierstrass curves in Jacobian coordinates
##
@ -370,10 +370,10 @@ func sum*[F; Tw: static Twisted](
## This is done by using a "complete" or "exception-free" addition law.
r.sumImpl(P, Q, F.C.getCoefA())
func madd*[F; Tw: static Twisted](
r: var ECP_ShortW_Jac[F, Tw],
P: ECP_ShortW_Jac[F, Tw],
Q: ECP_ShortW_Aff[F, Tw]
func madd*[F; G: static Subgroup](
r: var ECP_ShortW_Jac[F, G],
P: ECP_ShortW_Jac[F, G],
Q: ECP_ShortW_Aff[F, G]
) =
## Elliptic curve mixed addition for Short Weierstrass curves
## with p in Jacobian coordinates and Q in affine coordinates
@ -449,9 +449,9 @@ func madd*[F; Tw: static Twisted](
r.ccopy(P, qIsInf)
func double*[F; Tw: static Twisted](
r: var ECP_ShortW_Jac[F, Tw],
P: ECP_ShortW_Jac[F, Tw]
func double*[F; G: static Subgroup](
r: var ECP_ShortW_Jac[F, G],
P: ECP_ShortW_Jac[F, G]
) =
## Elliptic curve point doubling for Short Weierstrass curves in projective coordinate
##
@ -528,9 +528,9 @@ func diff*(r: var ECP_ShortW_Jac,
nQ.neg(Q)
r.sum(P, nQ)
func affineFromJacobian*[F; Tw](
aff: var ECP_ShortW_Aff[F, Tw],
jac: ECP_ShortW_Jac[F, Tw]) =
func affineFromJacobian*[F; G](
aff: var ECP_ShortW_Aff[F, G],
jac: ECP_ShortW_Jac[F, G]) =
var invZ {.noInit.}, invZ2{.noInit.}: F
invZ.inv(jac.z)
invZ2.square(invZ)
@ -539,9 +539,9 @@ func affineFromJacobian*[F; Tw](
aff.y.prod(jac.y, invZ)
aff.y *= invZ2
func jacobianFromAffine*[F; Tw](
jac: var ECP_ShortW_Jac[F, Tw],
aff: ECP_ShortW_Aff[F, Tw]) {.inline.} =
func jacobianFromAffine*[F; G](
jac: var ECP_ShortW_Jac[F, G],
aff: ECP_ShortW_Aff[F, G]) {.inline.} =
jac.x = aff.x
jac.y = aff.y
jac.z.setOne()

72
constantine/elliptic/ec_shortweierstrass_projective.nim
View File

@ -13,7 +13,7 @@ import
../towers,
./ec_shortweierstrass_affine
export Twisted
export Subgroup
# ############################################################
#
@ -22,7 +22,7 @@ export Twisted
#
# ############################################################
type ECP_ShortW_Prj*[F; Tw: static Twisted] = object
type ECP_ShortW_Prj*[F; G: static Subgroup] = object
## Elliptic curve point for a curve in Short Weierstrass form
## y² = x³ + a x + b
##
@ -74,8 +74,8 @@ func ccopy*(P: var ECP_ShortW_Prj, Q: ECP_ShortW_Prj, ctl: SecretBool) {.inline.
for fP, fQ in fields(P, Q):
ccopy(fP, fQ, ctl)
func trySetFromCoordsXandZ*[F; Tw](
P: var ECP_ShortW_Prj[F, Tw],
func trySetFromCoordsXandZ*[F; G](
P: var ECP_ShortW_Prj[F, G],
x, z: F): SecretBool =
## Try to create a point the elliptic curve
## Y²Z = X³ + aXZ² + bZ³ (projective coordinates)
@ -94,15 +94,15 @@ func trySetFromCoordsXandZ*[F; Tw](
## - scalar multiplication works
## - a generator point is defined
## i.e. you can't test unless everything is already working
P.y.curve_eq_rhs(x, Tw)
P.y.curve_eq_rhs(x, G)
result = sqrt_if_square(P.y)
P.x.prod(x, z)
P.y *= z
P.z = z
func trySetFromCoordX*[F; Tw](
P: var ECP_ShortW_Prj[F, Tw],
func trySetFromCoordX*[F; G](
P: var ECP_ShortW_Prj[F, G],
x: F): SecretBool =
## Try to create a point the elliptic curve
## y² = x³ + a x + b (affine coordinate)
@ -123,7 +123,7 @@ func trySetFromCoordX*[F; Tw](
## - scalar multiplication works
## - a generator point is defined
## i.e. you can't test unless everything is already working
P.y.curve_eq_rhs(x, Tw)
P.y.curve_eq_rhs(x, G)
result = sqrt_if_square(P.y)
P.x = x
P.z.setOne()
@ -143,9 +143,9 @@ func cneg*(P: var ECP_ShortW_Prj, ctl: CTBool) {.inline.} =
## Negate if ``ctl`` is true
P.y.cneg(ctl)
func sum*[F; Tw: static Twisted](
r: var ECP_ShortW_Prj[F, Tw],
P, Q: ECP_ShortW_Prj[F, Tw]
func sum*[F; G: static Subgroup](
r: var ECP_ShortW_Prj[F, G],
P, Q: ECP_ShortW_Prj[F, G]
) =
## Elliptic curve point addition for Short Weierstrass curves in projective coordinates
##
@ -205,32 +205,32 @@ func sum*[F; Tw: static Twisted](
t3 *= t4 # 6. t₃ <- t₃ * t₄
t4.sum(t0, t1) # 7. t₄ <- t₀ + t₁
t3 -= t4 # 8. t₃ <- t₃ - t₄ t₃ = (X₁ + Y₁)(X₂ + Y₂) - (X₁X₂ + Y₁Y₂) = X₁Y₂ + X₂Y₁
when Tw == OnTwist and F.C.getSexticTwist() == D_Twist:
when G == G2 and F.C.getSexticTwist() == D_Twist:
t3 *= SexticNonResidue
t4.sum(P.y, P.z) # 9. t₄ <- Y₁ + Z₁
x3.sum(Q.y, Q.z) # 10. X₃ <- Y₂ + Z₂
t4 *= x3 # 11. t₄ <- t₄ X₃
x3.sum(t1, t2) # 12. X₃ <- t₁ + t₂ X₃ = Y₁Y₂ + Z₁Z₂
t4 -= x3 # 13. t₄ <- t₄ - X₃ t₄ = (Y₁ + Z₁)(Y₂ + Z₂) - (Y₁Y₂ + Z₁Z₂) = Y₁Z₂ + Y₂Z₁
when Tw == OnTwist and F.C.getSexticTwist() == D_Twist:
when G == G2 and F.C.getSexticTwist() == D_Twist:
t4 *= SexticNonResidue
x3.sum(P.x, P.z) # 14. X₃ <- X₁ + Z₁
y3.sum(Q.x, Q.z) # 15. Y₃ <- X₂ + Z₂
x3 *= y3 # 16. X₃ <- X₃ Y₃ X₃ = (X₁Z₁)(X₂Z₂)
y3.sum(t0, t2) # 17. Y₃ <- t₀ + t₂ Y₃ = X₁ X₂ + Z₁ Z₂
y3.diff(x3, y3) # 18. Y₃ <- X₃ - Y₃ Y₃ = (X₁ + Z₁)(X₂ + Z₂) - (X₁ X₂ + Z₁ Z₂) = X₁Z₂ + X₂Z₁
when Tw == OnTwist and F.C.getSexticTwist() == D_Twist:
when G == G2 and F.C.getSexticTwist() == D_Twist:
t0 *= SexticNonResidue
t1 *= SexticNonResidue
x3.double(t0) # 19. X₃ <- t₀ + t₀ X₃ = 2 X₁X₂
t0 += x3 # 20. t₀ <- X₃ + t₀ t₀ = 3 X₁X₂
t2 *= b3 # 21. t₂ <- 3b t₂ t₂ = 3bZ₁Z₂
when Tw == OnTwist and F.C.getSexticTwist() == M_Twist:
when G == G2 and F.C.getSexticTwist() == M_Twist:
t2 *= SexticNonResidue
z3.sum(t1, t2) # 22. Z₃ <- t₁ + t₂ Z₃ = Y₁Y₂ + 3bZ₁Z₂
t1 -= t2 # 23. t₁ <- t₁ - t₂ t₁ = Y₁Y₂ - 3bZ₁Z₂
y3 *= b3 # 24. Y₃ <- 3b Y₃ Y₃ = 3b(X₁Z₂ + X₂Z₁)
when Tw == OnTwist and F.C.getSexticTwist() == M_Twist:
when G == G2 and F.C.getSexticTwist() == M_Twist:
y3 *= SexticNonResidue
x3.prod(t4, y3) # 25. X₃ <- t₄ Y₃ X₃ = 3b(Y₁Z₂ + Y₂Z₁)(X₁Z₂ + X₂Z₁)
t2.prod(t3, t1) # 26. t₂ <- t₃ t₁ t₂ = (X₁Y₂ + X₂Y₁) (Y₁Y₂ - 3bZ₁Z₂)
@ -244,10 +244,10 @@ func sum*[F; Tw: static Twisted](
else:
{.error: "Not implemented.".}
func madd*[F; Tw: static Twisted](
r: var ECP_ShortW_Prj[F, Tw],
P: ECP_ShortW_Prj[F, Tw],
Q: ECP_ShortW_Aff[F, Tw]
func madd*[F; G: static Subgroup](
r: var ECP_ShortW_Prj[F, G],
P: ECP_ShortW_Prj[F, G],
Q: ECP_ShortW_Aff[F, G]
) =
## Elliptic curve mixed addition for Short Weierstrass curves
## with p in Projective coordinates and Q in affine coordinates
@ -276,27 +276,27 @@ func madd*[F; Tw: static Twisted](
t3 *= t4 # 5. t₃ <- t₃ * t₄
t4.sum(t0, t1) # 6. t₄ <- t₀ + t₁
t3 -= t4 # 7. t₃ <- t₃ - t₄, t₃ = (X₁ + Y₁)(X₂ + Y₂) - (X₁ X₂ + Y₁ Y₂) = X₁Y₂ + X₂Y₁
when Tw == OnTwist and F.C.getSexticTwist() == D_Twist:
when G == G2 and F.C.getSexticTwist() == D_Twist:
t3 *= SexticNonResidue
t4.prod(Q.y, P.z) # 8. t₄ <- Y₂ Z₁
t4 += P.y # 9. t₄ <- t₄ + Y₁, t₄ = Y₁+Y₂Z₁
when Tw == OnTwist and F.C.getSexticTwist() == D_Twist:
when G == G2 and F.C.getSexticTwist() == D_Twist:
t4 *= SexticNonResidue
y3.prod(Q.x, P.z) # 10. Y₃ <- X₂ Z₁
y3 += P.x # 11. Y₃ <- Y₃ + X₁, Y₃ = X₁ + X₂Z₁
when Tw == OnTwist and F.C.getSexticTwist() == D_Twist:
when G == G2 and F.C.getSexticTwist() == D_Twist:
t0 *= SexticNonResidue
t1 *= SexticNonResidue
x3.double(t0) # 12. X₃ <- t₀ + t₀
t0 += x3 # 13. t₀ <- X₃ + t₀, t₀ = 3X₁X₂
t2 = P.z
t2 *= b3 # 14. t₂ <- 3bZ₁
when Tw == OnTwist and F.C.getSexticTwist() == M_Twist:
when G == G2 and F.C.getSexticTwist() == M_Twist:
t2 *= SexticNonResidue
z3.sum(t1, t2) # 15. Z₃ <- t₁ + t₂, Z₃ = Y₁Y₂ + 3bZ₁
t1 -= t2 # 16. t₁ <- t₁ - t₂, t₁ = Y₁Y₂ - 3bZ₁
y3 *= b3 # 17. Y₃ <- 3bY₃, Y₃ = 3b(X₁ + X₂Z₁)
when Tw == OnTwist and F.C.getSexticTwist() == M_Twist:
when G == G2 and F.C.getSexticTwist() == M_Twist:
y3 *= SexticNonResidue
x3.prod(t4, y3) # 18. X₃ <- t₄ Y₃, X₃ = (Y₁ + Y₂Z₁) 3b(X₁ + X₂Z₁)
t2.prod(t3, t1) # 19. t₂ <- t₃ t₁, t₂ = (X₁Y₂ + X₂Y₁)(Y₁Y₂ - 3bZ₁)
@ -310,9 +310,9 @@ func madd*[F; Tw: static Twisted](
else:
{.error: "Not implemented.".}
func double*[F; Tw: static Twisted](
r: var ECP_ShortW_Prj[F, Tw],
P: ECP_ShortW_Prj[F, Tw]
func double*[F; G: static Subgroup](
r: var ECP_ShortW_Prj[F, G],
P: ECP_ShortW_Prj[F, G]
) =
## Elliptic curve point doubling for Short Weierstrass curves in projective coordinate
##
@ -357,7 +357,7 @@ func double*[F; Tw: static Twisted](
# X₃ = 2XY(Y² - 9bZ²)
# Y₃ = (Y² - 9bZ²)(Y² + 3bZ²) + 24bY²Z²
# Z₃ = 8Y³Z
when Tw == OnTwist and F.C.getSexticTwist() == D_Twist:
when G == G2 and F.C.getSexticTwist() == D_Twist:
var snrY {.noInit.}: F
snrY.prod(P.y, SexticNonResidue)
t0.square(P.y)
@ -371,7 +371,7 @@ func double*[F; Tw: static Twisted](
t1.prod(snrY, P.z) # 5. t₁ <- Y Z
t2.square(P.z) # 6. t₂ <- Z Z
t2 *= b3 # 7. t₂ <- 3b t₂
when Tw == OnTwist and F.C.getSexticTwist() == M_Twist:
when G == G2 and F.C.getSexticTwist() == M_Twist:
t2 *= SexticNonResidue
x3.prod(t2, z3) # 8. X₃ <- t₂ Z₃
y3.sum(t0, t2) # 9. Y₃ <- t₀ + t₂
@ -409,18 +409,18 @@ func diff*(r: var ECP_ShortW_Prj,
nQ.neg(Q)
r.sum(P, nQ)
func affineFromProjective*[F, Tw](
aff: var ECP_ShortW_Aff[F, Tw],
proj: ECP_ShortW_Prj[F, Tw]) =
func affineFromProjective*[F, G](
aff: var ECP_ShortW_Aff[F, G],
proj: ECP_ShortW_Prj[F, G]) =
var invZ {.noInit.}: F
invZ.inv(proj.z)
aff.x.prod(proj.x, invZ)
aff.y.prod(proj.y, invZ)
func projectiveFromAffine*[F, Tw](
proj: var ECP_ShortW_Prj[F, Tw],
aff: ECP_ShortW_Aff[F, Tw]) {.inline.} =
func projectiveFromAffine*[F, G](
proj: var ECP_ShortW_Prj[F, G],
aff: ECP_ShortW_Aff[F, G]) {.inline.} =
proj.x = aff.x
proj.y = aff.y
proj.z.setOne()

26
constantine/hash_to_curve/cofactors.nim
View File

@ -51,49 +51,49 @@ const Cofactor_Eff_BW6_761_G1 = BigInt[384].fromHex"0xad1972339049ce762c77d5ac34
const Cofactor_Eff_BW6_761_G2 = BigInt[384].fromHex"0xad1972339049ce762c77d5ac34cb12efc856a0853c9db94cc61c554757551c0c832ba4061000003b3de580000000007c"
## P -> (103([u³]P) 83([u²]P) 143([u]P) + 27P) + ψ(7([u²]P) 117([u]P) 109P)
func clearCofactorReference*(P: var ECP_ShortW_Prj[Fp[BN254_Nogami], NotOnTwist]) {.inline.} =
func clearCofactorReference*(P: var ECP_ShortW_Prj[Fp[BN254_Nogami], G1]) {.inline.} =
## Clear the cofactor of BN254_Nogami G1
## BN curve have a G1 cofactor of 1 so this is a no-op
discard
func clearCofactorReference*(P: var ECP_ShortW_Prj[Fp2[BN254_Nogami], OnTwist]) {.inline.} =
func clearCofactorReference*(P: var ECP_ShortW_Prj[Fp2[BN254_Nogami], G2]) {.inline.} =
## Clear the cofactor of BN254_Snarks G2
# Endomorphism acceleration cannot be used if cofactor is not cleared
P.scalarMulGeneric(Cofactor_Eff_BN254_Nogami_G2)
func clearCofactorReference*(P: var ECP_ShortW_Prj[Fp[BN254_Snarks], NotOnTwist]) {.inline.} =
func clearCofactorReference*(P: var ECP_ShortW_Prj[Fp[BN254_Snarks], G1]) {.inline.} =
## Clear the cofactor of BN254_Snarks G1
## BN curve have a G1 cofactor of 1 so this is a no-op
discard
func clearCofactorReference*(P: var ECP_ShortW_Prj[Fp2[BN254_Snarks], OnTwist]) {.inline.} =
func clearCofactorReference*(P: var ECP_ShortW_Prj[Fp2[BN254_Snarks], G2]) {.inline.} =
## Clear the cofactor of BN254_Snarks G2
# Endomorphism acceleration cannot be used if cofactor is not cleared
P.scalarMulGeneric(Cofactor_Eff_BN254_Snarks_G2)
func clearCofactorReference*(P: var ECP_ShortW_Prj[Fp[BLS12_377], NotOnTwist]) {.inline.} =
func clearCofactorReference*(P: var ECP_ShortW_Prj[Fp[BLS12_377], G1]) {.inline.} =
## Clear the cofactor of BLS12_377 G1
P.scalarMulGeneric(Cofactor_Eff_BLS12_377_G1)
func clearCofactorReference*(P: var ECP_ShortW_Prj[Fp2[BLS12_377], OnTwist]) {.inline.} =
func clearCofactorReference*(P: var ECP_ShortW_Prj[Fp2[BLS12_377], G2]) {.inline.} =
## Clear the cofactor of BLS12_377 G2
# Endomorphism acceleration cannot be used if cofactor is not cleared
P.scalarMulGeneric(Cofactor_Eff_BLS12_377_G2)
func clearCofactorReference*(P: var ECP_ShortW_Prj[Fp[BLS12_381], NotOnTwist]) {.inline.} =
func clearCofactorReference*(P: var ECP_ShortW_Prj[Fp[BLS12_381], G1]) {.inline.} =
## Clear the cofactor of BLS12_381 G1
P.scalarMulGeneric(Cofactor_Eff_BLS12_381_G1)
func clearCofactorReference*(P: var ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist]) {.inline.} =
func clearCofactorReference*(P: var ECP_ShortW_Prj[Fp2[BLS12_381], G2]) {.inline.} =
## Clear the cofactor of BLS12_381 G2
# Endomorphism acceleration cannot be used if cofactor is not cleared
P.scalarMulGeneric(Cofactor_Eff_BLS12_381_G2)
func clearCofactorReference*(P: var ECP_ShortW_Prj[Fp[BW6_761], NotOnTwist]) {.inline.} =
func clearCofactorReference*(P: var ECP_ShortW_Prj[Fp[BW6_761], G1]) {.inline.} =
## Clear the cofactor of BW6_761 G1
P.scalarMulGeneric(Cofactor_Eff_BW6_761_G1)
func clearCofactorReference*(P: var ECP_ShortW_Prj[Fp[BW6_761], OnTwist]) {.inline.} =
func clearCofactorReference*(P: var ECP_ShortW_Prj[Fp[BW6_761], G2]) {.inline.} =
## Clear the cofactor of BW6_761 G2
# Endomorphism acceleration cannot be used if cofactor is not cleared
P.scalarMulGeneric(Cofactor_Eff_BW6_761_G2)
@ -139,8 +139,8 @@ func double_repeated*[EC](P: var EC, num: int) {.inline.} =
P.double()
func pow_x(
r{.noalias.}: var ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist],
P{.noalias.}: ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist],
r{.noalias.}: var ECP_ShortW_Prj[Fp2[BLS12_381], G2],
P{.noalias.}: ECP_ShortW_Prj[Fp2[BLS12_381], G2],
) =
## Does the scalar multiplication [x]P
## with x the BLS12 curve parameter
@ -170,7 +170,7 @@ func pow_x(
r.neg(r)
func clearCofactorFast*(P: var ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist]) =
func clearCofactorFast*(P: var ECP_ShortW_Prj[Fp2[BLS12_381], G2]) =
## Clear the cofactor of BLS12_381 G2
## Optimized using endomorphisms
## P -> [x²-x-1]P + [x-1] ψ(P) + ψ²([2]P)

22
constantine/hash_to_curve/hash_to_curve.nim
View File

@ -34,8 +34,8 @@ import
# Map to curve
# ----------------------------------------------------------------
func mapToIsoCurve_sswuG2_opt9mod16[F; Tw: static Twisted](
r: var ECP_ShortW_Jac[F, Tw],
func mapToIsoCurve_sswuG2_opt9mod16[F; G: static Subgroup](
r: var ECP_ShortW_Jac[F, G],
u: F) =
var
xn{.noInit.}, xd{.noInit.}: F
@ -53,8 +53,8 @@ func mapToIsoCurve_sswuG2_opt9mod16[F; Tw: static Twisted](
r.x.prod(xn, xd) # X = xZ² = xn/xd * xd² = xn*xd
r.y.prod(yn, xd3) # Y = yZ³ = yn * xd³
func mapToCurve[F; Tw: static Twisted](
r: var (ECP_ShortW_Prj[F, Tw] or ECP_ShortW_Jac[F, Tw]),
func mapToCurve[F; G: static Subgroup](
r: var (ECP_ShortW_Prj[F, G] or ECP_ShortW_Jac[F, G]),
u: F) =
## Map an element of the
## finite or extension field F
@ -85,8 +85,8 @@ func mapToCurve[F; Tw: static Twisted](
else:
{.error: "Not implemented".}
func mapToCurve_fusedAdd[F; Tw: static Twisted](
r: var ECP_ShortW_Jac[F, Tw],
func mapToCurve_fusedAdd[F; G: static Subgroup](
r: var ECP_ShortW_Jac[F, G],
u0, u1: F) =
## Map 2 elements of the
## finite or extension field F
@ -105,7 +105,7 @@ func mapToCurve_fusedAdd[F; Tw: static Twisted](
# unlike the complete projective formulae which heavily depends on it
# So we use jacobian coordinates for computation on isogenies.
var P0{.noInit.}, P1{.noInit.}: ECP_ShortW_Jac[F, Tw]
var P0{.noInit.}, P1{.noInit.}: ECP_ShortW_Jac[F, G]
when F.C == BLS12_381 and F is Fp2:
# 1. Map to E'2 isogenous to E2
P0.mapToIsoCurve_sswuG2_opt9mod16(u0)
@ -122,11 +122,11 @@ func mapToCurve_fusedAdd[F; Tw: static Twisted](
# ----------------------------------------------------------------
func hashToCurve*[
F; Tw: static Twisted;
F; G: static Subgroup;
B1, B2, B3: byte|char](
H: type CryptoHash,
k: static int,
output: var ECP_ShortW_Prj[F, Tw],
output: var ECP_ShortW_Prj[F, G],
augmentation: openarray[B1],
message: openarray[B2],
domainSepTag: openarray[B3]
@ -157,12 +157,12 @@ func hashToCurve*[
H.hashToField(k, u, augmentation, message, domainSepTag)
when false:
var P{.noInit.}: array[2, ECP_ShortW_Prj[F, Tw]]
var P{.noInit.}: array[2, ECP_ShortW_Prj[F, G]]
P[0].mapToCurve(u[0])
P[1].mapToCurve(u[1])
output.sum(P[0], P[1])
else:
var Pjac{.noInit.}: ECP_ShortW_Jac[F, Tw]
var Pjac{.noInit.}: ECP_ShortW_Jac[F, G]
Pjac.mapToCurve_fusedAdd(u[0], u[1])
output.projectiveFromJacobian(Pjac)

10
constantine/io/io_ec.nim
View File

@ -38,7 +38,7 @@ func toHex*[EC: ECP_ShortW_Prj or ECP_ShortW_Jac or ECP_ShortW_Aff](P: EC): stri
##
## This proc output may change format in the future
var aff {.noInit.}: ECP_ShortW_Aff[EC.F, EC.Tw]
var aff {.noInit.}: ECP_ShortW_Aff[EC.F, EC.G]
when EC is ECP_ShortW_Prj:
aff.affineFromProjective(P)
elif EC is ECP_ShortW_Jac:
@ -61,7 +61,7 @@ func fromHex*(dst: var (ECP_ShortW_Prj or ECP_ShortW_Jac), x, y: string): bool {
dst.x.fromHex(x)
dst.y.fromHex(y)
dst.z.setOne()
return bool(isOnCurve(dst.x, dst.y, dst.Tw))
return bool(isOnCurve(dst.x, dst.y, dst.G))
func fromHex*(dst: var (ECP_ShortW_Prj or ECP_ShortW_Jac), x0, x1, y0, y1: string): bool {.raises: [ValueError].}=
## Convert hex strings to a G2 curve point
@ -72,7 +72,7 @@ func fromHex*(dst: var (ECP_ShortW_Prj or ECP_ShortW_Jac), x0, x1, y0, y1: strin
dst.x.fromHex(x0, x1)
dst.y.fromHex(y0, y1)
dst.z.setOne()
return bool(isOnCurve(dst.x, dst.y, dst.Tw))
return bool(isOnCurve(dst.x, dst.y, dst.G))
func fromHex*(dst: var ECP_ShortW_Aff, x, y: string): bool {.raises: [ValueError].}=
## Convert hex strings to a G1 curve point
@ -82,7 +82,7 @@ func fromHex*(dst: var ECP_ShortW_Aff, x, y: string): bool {.raises: [ValueError
static: doAssert dst.F is Fp, "dst must be on G1, an elliptic curve over 𝔽p"
dst.x.fromHex(x)
dst.y.fromHex(y)
return bool(isOnCurve(dst.x, dst.y, dst.Tw))
return bool(isOnCurve(dst.x, dst.y, dst.G))
func fromHex*(dst: var ECP_ShortW_Aff, x0, x1, y0, y1: string): bool {.raises: [ValueError].}=
## Convert hex strings to a G2 curve point
@ -92,4 +92,4 @@ func fromHex*(dst: var ECP_ShortW_Aff, x0, x1, y0, y1: string): bool {.raises: [
static: doAssert dst.F is Fp2, "dst must be on G2, an elliptic curve over 𝔽p2"
dst.x.fromHex(x0, x1)
dst.y.fromHex(y0, y1)
return bool(isOnCurve(dst.x, dst.y, dst.Tw))
return bool(isOnCurve(dst.x, dst.y, dst.G))

14
constantine/isogeny/h2c_isogeny_maps.nim
View File

@ -126,8 +126,8 @@ func h2c_isogeny_map[F](
# y coordinate is y' * poly_yNum(x)
ryn *= yn
func h2c_isogeny_map*[F; Tw: static Twisted](
r: var ECP_ShortW_Prj[F, Tw],
func h2c_isogeny_map*[F; G: static Subgroup](
r: var ECP_ShortW_Prj[F, G],
xn, xd, yn: F, isodegree: static int) =
## Given G2, the target prime order subgroup of E2,
## this function maps an element of
@ -160,8 +160,8 @@ func h2c_isogeny_map*[F; Tw: static Twisted](
r.x *= t
r.z *= t
func h2c_isogeny_map*[F; Tw: static Twisted](
r: var ECP_ShortW_Jac[F, Tw],
func h2c_isogeny_map*[F; G: static Subgroup](
r: var ECP_ShortW_Jac[F, G],
xn, xd, yn: F, isodegree: static int) =
## Given G2, the target prime order subgroup of E2,
## this function maps an element of
@ -197,9 +197,9 @@ func h2c_isogeny_map*[F; Tw: static Twisted](
r.y *= rdx # Y = yd² * xd³
r.y *= ryn # Y = yn * yd² * xd³
func h2c_isogeny_map*[F; Tw: static Twisted](
r: var ECP_ShortW_Jac[F, Tw],
P: ECP_ShortW_Jac[F, Tw],
func h2c_isogeny_map*[F; G: static Subgroup](
r: var ECP_ShortW_Jac[F, G],
P: ECP_ShortW_Jac[F, G],
isodegree: static int) =
## Map P in isogenous curve E'2
## to r in E2

2
constantine/pairing/lines_common.nim
View File

@ -65,7 +65,7 @@ func toHex*(line: Line, order: static Endianness = bigEndian): string =
# Line evaluation
# --------------------------------------------------
func line_update*[F1, F2](line: var Line[F2], P: ECP_ShortW_Aff[F1, NotOnTwist]) =
func line_update*[F1, F2](line: var Line[F2], P: ECP_ShortW_Aff[F1, G1]) =
## Update the line evaluation with P
## after addition or doubling
## P in G1

22
constantine/pairing/lines_projective.nim
View File

@ -49,7 +49,7 @@ export lines_common
func line_eval_double[F](
line: var Line[F],
T: ECP_ShortW_Prj[F, OnTwist]) =
T: ECP_ShortW_Prj[F, G2]) =
## Evaluate the line function for doubling
## i.e. the tangent at T
##
@ -119,8 +119,8 @@ func line_eval_double[F](
func line_eval_add[F](
line: var Line[F],
T: ECP_ShortW_Prj[F, OnTwist],
Q: ECP_ShortW_Aff[F, OnTwist]) =
T: ECP_ShortW_Prj[F, G2],
Q: ECP_ShortW_Aff[F, G2]) =
## Evaluate the line function for addition
## i.e. the line between T and Q
##
@ -163,7 +163,7 @@ func line_eval_add[F](
func line_eval_fused_double[Field](
line: var Line[Field],
T: var ECP_ShortW_Prj[Field, OnTwist]) =
T: var ECP_ShortW_Prj[Field, G2]) =
## Fused line evaluation and elliptic point doubling
# Grewal et al, 2012 adapted to Scott 2019 line notation
var A {.noInit.}, B {.noInit.}, C {.noInit.}: Field
@ -230,8 +230,8 @@ func line_eval_fused_double[Field](
func line_eval_fused_add[Field](
line: var Line[Field],
T: var ECP_ShortW_Prj[Field, OnTwist],
Q: ECP_ShortW_Aff[Field, OnTwist]) =
T: var ECP_ShortW_Prj[Field, G2],
Q: ECP_ShortW_Aff[Field, G2]) =
## Fused line evaluation and elliptic point addition
# Grewal et al, 2012 adapted to Scott 2019 line notation
var
@ -286,8 +286,8 @@ func line_eval_fused_add[Field](
func line_double*[F1, F2](
line: var Line[F2],
T: var ECP_ShortW_Prj[F2, OnTwist],
P: ECP_ShortW_Aff[F1, NotOnTwist]) =
T: var ECP_ShortW_Prj[F2, G2],
P: ECP_ShortW_Aff[F1, G1]) =
## Doubling step of the Miller loop
## T in G2, P in G1
##
@ -303,9 +303,9 @@ func line_double*[F1, F2](
func line_add*[F1, F2](
line: var Line[F2],
T: var ECP_ShortW_Prj[F2, OnTwist],
Q: ECP_ShortW_Aff[F2, OnTwist],
P: ECP_ShortW_Aff[F1, NotOnTwist]) =
T: var ECP_ShortW_Prj[F2, G2],
Q: ECP_ShortW_Aff[F2, G2],
P: ECP_ShortW_Aff[F1, G1]) =
## Addition step of the Miller loop
## T and Q in G2, P in G1
##

46
constantine/pairing/miller_loops.nim
View File

@ -26,10 +26,10 @@ import
template basicMillerLoop*[FT, F1, F2](
f: var FT,
T: var ECP_ShortW_Prj[F2, OnTwist],
T: var ECP_ShortW_Prj[F2, G2],
line: var Line[F2],
P: ECP_ShortW_Aff[F1, NotOnTwist],
Q, nQ: ECP_ShortW_Aff[F2, OnTwist],
P: ECP_ShortW_Aff[F1, G1],
Q, nQ: ECP_ShortW_Aff[F2, G2],
ate_param: untyped,
ate_param_isNeg: untyped
) =
@ -65,9 +65,9 @@ template basicMillerLoop*[FT, F1, F2](
func millerCorrectionBN*[FT, F1, F2](
f: var FT,
T: var ECP_ShortW_Prj[F2, OnTwist],
Q: ECP_ShortW_Aff[F2, OnTwist],
P: ECP_ShortW_Aff[F1, NotOnTwist],
T: var ECP_ShortW_Prj[F2, G2],
Q: ECP_ShortW_Aff[F2, G2],
P: ECP_ShortW_Aff[F1, G1],
ate_param_isNeg: static bool
) =
## Ate pairing for BN curves need adjustment after basic Miller loop
@ -119,9 +119,9 @@ func millerCorrectionBN*[FT, F1, F2](
func miller_init_double_then_add*[FT, F1, F2](
f: var FT,
T: var ECP_ShortW_Prj[F2, OnTwist],
Q: ECP_ShortW_Aff[F2, OnTwist],
P: ECP_ShortW_Aff[F1, NotOnTwist],
T: var ECP_ShortW_Prj[F2, G2],
Q: ECP_ShortW_Aff[F2, G2],
P: ECP_ShortW_Aff[F1, G1],
numDoublings: static int
) =
## Start a Miller Loop with
@ -181,9 +181,9 @@ func miller_init_double_then_add*[FT, F1, F2](
func miller_accum_double_then_add*[FT, F1, F2](
f: var FT,
T: var ECP_ShortW_Prj[F2, OnTwist],
Q: ECP_ShortW_Aff[F2, OnTwist],
P: ECP_ShortW_Aff[F1, NotOnTwist],
T: var ECP_ShortW_Prj[F2, G2],
Q: ECP_ShortW_Aff[F2, G2],
P: ECP_ShortW_Aff[F1, G1],
numDoublings: int,
add = true
) =
@ -222,8 +222,8 @@ func double_jToN[N: static int, FT, F1, F2](
f: var FT,
j: static int,
line0, line1: var Line[F2],
Ts: var array[N, ECP_ShortW_Prj[F2, OnTwist]],
Ps: array[N, ECP_ShortW_Aff[F1, NotOnTwist]]) =
Ts: var array[N, ECP_ShortW_Prj[F2, G2]],
Ps: array[N, ECP_ShortW_Aff[F1, G1]]) =
## Doubling steps for pairings j to N
{.push checks: off.} # No OverflowError or IndexError allowed
@ -246,9 +246,9 @@ func add_jToN[N: static int, FT, F1, F2](
f: var FT,
j: static int,
line0, line1: var Line[F2],
Ts: var array[N, ECP_ShortW_Prj[F2, OnTwist]],
Qs: array[N, ECP_ShortW_Aff[F2, OnTwist]],
Ps: array[N, ECP_ShortW_Aff[F1, NotOnTwist]])=
Ts: var array[N, ECP_ShortW_Prj[F2, G2]],
Qs: array[N, ECP_ShortW_Aff[F2, G2]],
Ps: array[N, ECP_ShortW_Aff[F1, G1]])=
## Addition steps for pairings 0 to N
{.push checks: off.} # No OverflowError or IndexError allowed
@ -269,9 +269,9 @@ func add_jToN[N: static int, FT, F1, F2](
func miller_init_double_then_add*[N: static int, FT, F1, F2](
f: var FT,
Ts: var array[N, ECP_ShortW_Prj[F2, OnTwist]],
Qs: array[N, ECP_ShortW_Aff[F2, OnTwist]],
Ps: array[N, ECP_ShortW_Aff[F1, NotOnTwist]],
Ts: var array[N, ECP_ShortW_Prj[F2, G2]],
Qs: array[N, ECP_ShortW_Aff[F2, G2]],
Ps: array[N, ECP_ShortW_Aff[F1, G1]],
numDoublings: static int
) =
## Start a Miller Loop
@ -328,9 +328,9 @@ func miller_init_double_then_add*[N: static int, FT, F1, F2](
func miller_accum_double_then_add*[N: static int, FT, F1, F2](
f: var FT,
Ts: var array[N, ECP_ShortW_Prj[F2, OnTwist]],
Qs: array[N, ECP_ShortW_Aff[F2, OnTwist]],
Ps: array[N, ECP_ShortW_Aff[F1, NotOnTwist]],
Ts: var array[N, ECP_ShortW_Prj[F2, G2]],
Qs: array[N, ECP_ShortW_Aff[F2, G2]],
Ps: array[N, ECP_ShortW_Aff[F1, G1]],
numDoublings: int,
add = true
) =

18
constantine/pairing/pairing_bls12.nim
View File

@ -52,14 +52,14 @@ export zoo_pairings # generic sandwich https://github.com/nim-lang/Nim/issues/11
func millerLoopGenericBLS12*[C](
f: var Fp12[C],
P: ECP_ShortW_Aff[Fp[C], NotOnTwist],
Q: ECP_ShortW_Aff[Fp2[C], OnTwist]
P: ECP_ShortW_Aff[Fp[C], G1],
Q: ECP_ShortW_Aff[Fp2[C], G2]
) {.meter.} =
## Generic Miller Loop for BLS12 curve
## Computes f{u,Q}(P) with u the BLS curve parameter
var
T {.noInit.}: ECP_ShortW_Prj[Fp2[C], OnTwist]
T {.noInit.}: ECP_ShortW_Prj[Fp2[C], G2]
line {.noInit.}: Line[Fp2[C]]
nQ{.noInit.}: typeof(Q)
@ -79,8 +79,8 @@ func finalExpGeneric[C: static Curve](f: var Fp12[C]) =
func pairing_bls12_reference*[C](
gt: var Fp12[C],
P: ECP_ShortW_Aff[Fp[C], NotOnTwist],
Q: ECP_ShortW_Aff[Fp2[C], OnTwist]) =
P: ECP_ShortW_Aff[Fp[C], G1],
Q: ECP_ShortW_Aff[Fp2[C], G2]) =
## Compute the optimal Ate Pairing for BLS12 curves
## Input: P ∈ G1, Q ∈ G2
## Output: e(P, Q) ∈ Gt
@ -149,8 +149,8 @@ func finalExpHard_BLS12*[C](f: var Fp12[C]) {.meter.} =
func pairing_bls12*[C](
gt: var Fp12[C],
P: ECP_ShortW_Aff[Fp[C], NotOnTwist],
Q: ECP_ShortW_Aff[Fp2[C], OnTwist]) {.meter.} =
P: ECP_ShortW_Aff[Fp[C], G1],
Q: ECP_ShortW_Aff[Fp2[C], G2]) {.meter.} =
## Compute the optimal Ate Pairing for BLS12 curves
## Input: P ∈ G1, Q ∈ G2
## Output: e(P, Q) ∈ Gt
@ -160,8 +160,8 @@ func pairing_bls12*[C](
func pairing_bls12*[N: static int, C](
gt: var Fp12[C],
Ps: array[N, ECP_ShortW_Aff[Fp[C], NotOnTwist]],
Qs: array[N, ECP_ShortW_Aff[Fp2[C], OnTwist]]) {.meter.} =
Ps: array[N, ECP_ShortW_Aff[Fp[C], G1]],
Qs: array[N, ECP_ShortW_Aff[Fp2[C], G2]]) {.meter.} =
## Compute the optimal Ate Pairing for BLS12 curves
## Input: an array of Ps ∈ G1 and Qs ∈ G2
## Output:

14
constantine/pairing/pairing_bn.nim
View File

@ -50,14 +50,14 @@ export zoo_pairings # generic sandwich https://github.com/nim-lang/Nim/issues/11
func millerLoopGenericBN*[C](
f: var Fp12[C],
P: ECP_ShortW_Aff[Fp[C], NotOnTwist],
Q: ECP_ShortW_Aff[Fp2[C], OnTwist]
P: ECP_ShortW_Aff[Fp[C], G1],
Q: ECP_ShortW_Aff[Fp2[C], G2]
) =
## Generic Miller Loop for BN curves
## Computes f{6u+2,Q}(P) with u the BN curve parameter
var
T {.noInit.}: ECP_ShortW_Prj[Fp2[C], OnTwist]
T {.noInit.}: ECP_ShortW_Prj[Fp2[C], G2]
line {.noInit.}: Line[Fp2[C]]
nQ{.noInit.}: typeof(Q)
@ -83,8 +83,8 @@ func finalExpGeneric[C: static Curve](f: var Fp12[C]) =
func pairing_bn_reference*[C](
gt: var Fp12[C],
P: ECP_ShortW_Aff[Fp[C], NotOnTwist],
Q: ECP_ShortW_Aff[Fp2[C], OnTwist]) =
P: ECP_ShortW_Aff[Fp[C], G1],
Q: ECP_ShortW_Aff[Fp2[C], G2]) =
## Compute the optimal Ate Pairing for BN curves
## Input: P ∈ G1, Q ∈ G2
## Output: e(P, Q) ∈ Gt
@ -150,8 +150,8 @@ func finalExpHard_BN*[C: static Curve](f: var Fp12[C]) =
func pairing_bn*[C](
gt: var Fp12[C],
P: ECP_ShortW_Aff[Fp[C], NotOnTwist],
Q: ECP_ShortW_Aff[Fp2[C], OnTwist]) =
P: ECP_ShortW_Aff[Fp[C], G1],
Q: ECP_ShortW_Aff[Fp2[C], G2]) =
## Compute the optimal Ate Pairing for BLS12 curves
## Input: P ∈ G1, Q ∈ G2
## Output: e(P, Q) ∈ Gt

28
constantine/protocols/ethereum_evm_precompiles.nim
View File

@ -50,7 +50,7 @@ func parseRawUint(
return cttEVM_Success
func fromRawCoords(
dst: var ECP_ShortW_Prj[Fp[BN254_Snarks], NotOnTwist],
dst: var ECP_ShortW_Prj[Fp[BN254_Snarks], G1],
x, y: openarray[byte]): CttEVMStatus =
# Deserialization
@ -76,7 +76,7 @@ func fromRawCoords(
# ----------------------
# Point on curve
if not bool(isOnCurve(dst.x, dst.y, NotOnTwist)):
if not bool(isOnCurve(dst.x, dst.y, G1)):
return cttEVM_PointNotOnCurve
# BN254_Snarks is a curve with cofactor 1,
@ -115,7 +115,7 @@ func eth_evm_ecadd*(
let lastIdx = min(inputs.len, 128) - 1
padded[0 .. lastIdx] = inputs.toOpenArray(0, lastIdx)
var P{.noInit.}, Q{.noInit.}, R{.noInit.}: ECP_ShortW_Prj[Fp[BN254_Snarks], NotOnTwist]
var P{.noInit.}, Q{.noInit.}, R{.noInit.}: ECP_ShortW_Prj[Fp[BN254_Snarks], G1]
let statusP = P.fromRawCoords(
x = padded.toOpenArray(0, 31),
@ -131,7 +131,7 @@ func eth_evm_ecadd*(
return statusQ
R.sum(P, Q)
var aff{.noInit.}: ECP_ShortW_Aff[Fp[BN254_Snarks], NotOnTwist]
var aff{.noInit.}: ECP_ShortW_Aff[Fp[BN254_Snarks], G1]
aff.affineFromProjective(R)
r.toOpenArray(0, 31).exportRawUint(
@ -172,7 +172,7 @@ func eth_evm_ecmul*(
let lastIdx = min(inputs.len, 128) - 1
padded[0 .. lastIdx] = inputs.toOpenArray(0, lastIdx)
var P{.noInit.}: ECP_ShortW_Prj[Fp[BN254_Snarks], NotOnTwist]
var P{.noInit.}: ECP_ShortW_Prj[Fp[BN254_Snarks], G1]
let statusP = P.fromRawCoords(
x = padded.toOpenArray(0, 31),
@ -205,7 +205,7 @@ func eth_evm_ecmul*(
else:
P.scalarMul(s)
var aff{.noInit.}: ECP_ShortW_Aff[Fp[BN254_Snarks], NotOnTwist]
var aff{.noInit.}: ECP_ShortW_Aff[Fp[BN254_Snarks], G1]
aff.affineFromProjective(P)
r.toOpenArray(0, 31).exportRawUint(
@ -215,14 +215,14 @@ func eth_evm_ecmul*(
aff.y, bigEndian
)
func subgroupCheck(P: ECP_ShortW_Aff[Fp2[BN254_Snarks], OnTwist]): bool =
func subgroupCheck(P: ECP_ShortW_Aff[Fp2[BN254_Snarks], G2]): bool =
## A point may be on a curve but in case the curve has a cofactor != 1
## that point may not be in the correct cyclic subgroup.
## If we are on the subgroup of order r then [r]P = 0
# TODO: Generic for any curve
var Q{.noInit.}: ECP_ShortW_Prj[Fp2[BN254_Snarks], OnTwist]
var Q{.noInit.}: ECP_ShortW_Prj[Fp2[BN254_Snarks], G2]
# TODO: precompute up to the endomorphism decomposition
# or implement fixed base scalar mul
@ -242,7 +242,7 @@ func subgroupCheck(P: ECP_ShortW_Aff[Fp2[BN254_Snarks], OnTwist]): bool =
return bool(Q.isInf())
func fromRawCoords(
dst: var ECP_ShortW_Aff[Fp[BN254_Snarks], NotOnTwist],
dst: var ECP_ShortW_Aff[Fp[BN254_Snarks], G1],
x, y: openarray[byte]): CttEVMStatus =
# Deserialization
@ -264,7 +264,7 @@ func fromRawCoords(
# ----------------------
# Point on curve
if not bool(isOnCurve(dst.x, dst.y, NotOnTwist)):
if not bool(isOnCurve(dst.x, dst.y, G1)):
return cttEVM_PointNotOnCurve
# BN254_Snarks is a curve with cofactor 1,
@ -273,7 +273,7 @@ func fromRawCoords(
return cttEVM_Success
func fromRawCoords(
dst: var ECP_ShortW_Aff[Fp2[BN254_Snarks], OnTwist],
dst: var ECP_ShortW_Aff[Fp2[BN254_Snarks], G2],
x0, x1, y0, y1: openarray[byte]): CttEVMStatus =
# Deserialization
@ -302,7 +302,7 @@ func fromRawCoords(
# ----------------------
# Point on curve
if not bool(isOnCurve(dst.x, dst.y, OnTwist)):
if not bool(isOnCurve(dst.x, dst.y, G2)):
return cttEVM_PointNotOnCurve
if not subgroupCheck(dst):
@ -342,8 +342,8 @@ func eth_evm_ecpairing*(
return
var gt0{.noInit.}, gt1{.noInit.}: Fp12[BN254_Snarks]
var P{.noInit.}: ECP_ShortW_Aff[Fp[BN254_Snarks], NotOnTwist]
var Q{.noInit.}: ECP_ShortW_Aff[Fp2[BN254_Snarks], OnTwist]
var P{.noInit.}: ECP_ShortW_Aff[Fp[BN254_Snarks], G1]
var Q{.noInit.}: ECP_ShortW_Aff[Fp2[BN254_Snarks], G2]
for i in 0 ..< N:
let pos = i*192

4
metering/README.md
View File

@ -34,8 +34,8 @@ func random_point*(rng: var RngState, EC: typedesc): EC {.noInit.} =
proc pairingBLS12Meter*(C: static Curve) =
let
P = rng.random_point(ECP_ShortW_Prj[Fp[C], NotOnTwist])
Q = rng.random_point(ECP_ShortW_Prj[Fp2[C], OnTwist])
P = rng.random_point(ECP_ShortW_Prj[Fp[C], G1])
Q = rng.random_point(ECP_ShortW_Prj[Fp2[C], G2])
var f: Fp12[C]

4
metering/m_pairings.nim
View File

@ -28,8 +28,8 @@ func random_point*(rng: var RngState, EC: typedesc): EC {.noInit.} =
proc pairingBLS12Meter*(C: static Curve) =
let
P = rng.random_point(ECP_ShortW_Prj[Fp[C], NotOnTwist])
Q = rng.random_point(ECP_ShortW_Prj[Fp2[C], OnTwist])
P = rng.random_point(ECP_ShortW_Prj[Fp[C], G1])
Q = rng.random_point(ECP_ShortW_Prj[Fp2[C], G2])
var f: Fp12[C]

4
research/kzg_poly_commit/fft_g1.nim
View File

@ -220,8 +220,8 @@ when isMainModule:
std/[times, monotimes, strformat],
../../helpers/prng_unsafe
type G1 = ECP_ShortW_Prj[Fp[BLS12_381], NotOnTwist]
var Generator1: ECP_ShortW_Aff[Fp[BLS12_381], NotOnTwist]
type G1 = ECP_ShortW_Prj[Fp[BLS12_381], G1]
var Generator1: ECP_ShortW_Aff[Fp[BLS12_381], G1]
doAssert Generator1.fromHex(
"0x17f1d3a73197d7942695638c4fa9ac0fc3688c4f9774b905a14e3a3f171bac586c55e83ff97a1aeffb3af00adb22c6bb",
"0x08b3f481e3aaa0f1a09e30ed741d8ae4fcf5e095d5d00af600db18cb2c04b3edd03cc744a2888ae40caa232946c5e7e1"

8
research/kzg_poly_commit/kzg_single_proofs.nim
View File

@ -18,8 +18,8 @@ import
./fft_fr
type
G1 = ECP_ShortW_Prj[Fp[BLS12_381], NotOnTwist]
G2 = ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist]
G1 = ECP_ShortW_Prj[Fp[BLS12_381], G1]
G2 = ECP_ShortW_Prj[Fp2[BLS12_381], G2]
KZGDescriptor = object
fftDesc: FFTDescriptor[Fr[BLS12_381]]
@ -29,13 +29,13 @@ type
# [b.multiply(b.G2, pow(s, i, MODULUS)) for i in range(WIDTH+1)]
secretG2: seq[G2]
var Generator1: ECP_ShortW_Aff[Fp[BLS12_381], NotOnTwist]
var Generator1: ECP_ShortW_Aff[Fp[BLS12_381], G1]
doAssert Generator1.fromHex(
"0x17f1d3a73197d7942695638c4fa9ac0fc3688c4f9774b905a14e3a3f171bac586c55e83ff97a1aeffb3af00adb22c6bb",
"0x08b3f481e3aaa0f1a09e30ed741d8ae4fcf5e095d5d00af600db18cb2c04b3edd03cc744a2888ae40caa232946c5e7e1"
)
var Generator2: ECP_ShortW_Aff[Fp2[BLS12_381], OnTwist]
var Generator2: ECP_ShortW_Aff[Fp2[BLS12_381], G2]
doAssert Generator2.fromHex(
"0x024aa2b2f08f0a91260805272dc51051c6e47ad4fa403b02b4510b647ae3d1770bac0326a805bbefd48056c8c121bdb8",
"0x13e02b6052719f607dacd3a088274f65596bd0d09920b61ab5da61bbdc7f5049334cf11213945d57e5ac7d055d042b7e",

8
research/kzg_poly_commit/polynomials.nim
View File

@ -14,10 +14,10 @@ import
]
type
G1 = ECP_ShortW_Prj[Fp[BLS12_381], NotOnTwist]
G2 = ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist]
G1aff = ECP_ShortW_Aff[Fp[BLS12_381], NotOnTwist]
G2aff = ECP_ShortW_Aff[Fp2[BLS12_381], OnTwist]
G1 = ECP_ShortW_Prj[Fp[BLS12_381], G1]
G2 = ECP_ShortW_Prj[Fp2[BLS12_381], G2]
G1aff = ECP_ShortW_Aff[Fp[BLS12_381], G1]
G2aff = ECP_ShortW_Aff[Fp2[BLS12_381], G2]
GT = Fp12[BLS12_381]
func linear_combination*(

54
tests/t_ec_frobenius.nim
View File

@ -55,7 +55,7 @@ suite "ψ (Psi) - Untwist-Frobenius-Twist Endomorphism on G2 vs SageMath" & " ["
# - sage sage/frobenius_bls12_381.sage
test(
id = 0,
EC = ECP_ShortW_Prj[Fp2[BN254_Snarks], OnTwist],
EC = ECP_ShortW_Prj[Fp2[BN254_Snarks], G2],
Px0 = "598e4c8c14c24c90834f2debedee4db3d31fed98a5134177704bfec14f46cb5",
Px1 = "c6fffa61daeb7caaf96983e70f164931d958c6820b205cdde19f2fa1eaaa7b1",
Py0 = "2f5fa252a27df56f5ca2e9c3382c17e531d317d50396f3fe952704304946a5a",
@ -68,7 +68,7 @@ suite "ψ (Psi) - Untwist-Frobenius-Twist Endomorphism on G2 vs SageMath" & " ["
test(
id = 1,
EC = ECP_ShortW_Prj[Fp2[BN254_Snarks], OnTwist],
EC = ECP_ShortW_Prj[Fp2[BN254_Snarks], G2],
Px0 = "21014830dd88a0e7961e704cea531200866c5df46cb25aa3e2aac8d4fec64c6e",
Px1 = "1db17d8364def10443beab6e4a055c210d3e49c7c3af31e9cfb66d829938dca7",
Py0 = "1394ab8c346ad3eba14fa14789d3bbfc2deed5a7a510da8e9418580515d27bda",
@ -81,7 +81,7 @@ suite "ψ (Psi) - Untwist-Frobenius-Twist Endomorphism on G2 vs SageMath" & " ["
test(
id = 2,
EC = ECP_ShortW_Prj[Fp2[BN254_Snarks], OnTwist],
EC = ECP_ShortW_Prj[Fp2[BN254_Snarks], G2],
Px0 = "46f2a2be9a3e19c1bb484fc37703ff64c3d7379de22249ccf0881037948beec",
Px1 = "10a5aaae14cb028f4ff4b81d41b712038b9f620a99e208c23504887e56831806",
Py0 = "2e6c3ebe0f3dada0063dc59f85fe2264dc3502bf65206336106a8d39d838a7b2",
@ -94,7 +94,7 @@ suite "ψ (Psi) - Untwist-Frobenius-Twist Endomorphism on G2 vs SageMath" & " ["
test(
id = 3,
EC = ECP_ShortW_Prj[Fp2[BN254_Snarks], OnTwist],
EC = ECP_ShortW_Prj[Fp2[BN254_Snarks], G2],
Px0 = "1cf3af1d41e89d8df378aa81463a978c021f27f4a48387e74655ce2cf5c1f298",
Px1 = "36553e80e5c7c7360c7a2ae6bf1b8f68eb48804fc7eba7d2f56f09e87bbb0b1",
Py0 = "25f03e551d74b6be3268bf001905dfbe0bcbe43a2d1aac645a3ca8650b52e551",
@ -109,7 +109,7 @@ suite "ψ (Psi) - Untwist-Frobenius-Twist Endomorphism on G2 vs SageMath" & " ["
test(
id = 0,
EC = ECP_ShortW_Prj[Fp2[BLS12_377], OnTwist],
EC = ECP_ShortW_Prj[Fp2[BLS12_377], G2],
Px0 = "112de13b7cd42bccdb005f2d4dc2726f360243103335ef6cf5e217e777554ae7c1deff5ddb5bcbb581fc9f13728a439",
Px1 = "10d1a8963e5c6854d5e610ece9914f9b5619c27652be1e9ec3e87687d63ed5d45b449bf59c2481e18ac6159f75966ac",
Py0 = "8aaf3a8660cf0edd6e97a2cd7837af1c63ec89e18f9bf4c64638662a661636b928a4f8097e6a2e8dfa11e13c51b075",
@ -122,7 +122,7 @@ suite "ψ (Psi) - Untwist-Frobenius-Twist Endomorphism on G2 vs SageMath" & " ["
test(
id = 1,
EC = ECP_ShortW_Prj[Fp2[BLS12_377], OnTwist],
EC = ECP_ShortW_Prj[Fp2[BLS12_377], G2],
Px0 = "2f9318360b53c2d706061f527571e91679e6086a72ce8203ba1a04850f83bb192b29307e9b2d63feb1d23979e3f632",
Px1 = "3cbab0789968a3a35fa5d2e2326baa40c34d11a4af05a4109350944300ce32eef74dc5e47ba46717bd8bf87604696d",
Py0 = "14ea84922f76f2681fec869dce26141392975dcdb4f21d5fa8aec06b37bf71ba6249c219ecbaef4a266196dafb4ad19",
@ -135,7 +135,7 @@ suite "ψ (Psi) - Untwist-Frobenius-Twist Endomorphism on G2 vs SageMath" & " ["
test(
id = 2,
EC = ECP_ShortW_Prj[Fp2[BLS12_377], OnTwist],
EC = ECP_ShortW_Prj[Fp2[BLS12_377], G2],
Px0 = "833ca23630be463c388ea6cfcff5b0e3b055065702a84310d2c726aee14d9e140cba05be79b5cb0441816d9e8c8370",
Px1 = "264a9755524baac8d9e53b0a45789e9dafcb6b453e965061fcfa20bb12a27d9b9417d5277ae2a499b1cfe567d75e2d",
Py0 = "5b670b9789825e2b48101b5b6e660cf9117e29c521dad54640cb356b674b3946c98cb43909c3495fb6d6d231891b7e",
@ -148,7 +148,7 @@ suite "ψ (Psi) - Untwist-Frobenius-Twist Endomorphism on G2 vs SageMath" & " ["
test(
id = 3,
EC = ECP_ShortW_Prj[Fp2[BLS12_377], OnTwist],
EC = ECP_ShortW_Prj[Fp2[BLS12_377], G2],
Px0 = "14cd89e2e2755ddc086f63fd62e1f9904c3c1497243455c578a963e81b389f04e95ceafc4f47dc777579cdc82eca79b",
Px1 = "ba8801beba0654f20ccb78783efa7a911d182ec0eb99abe10f9a3d26b46fb7f90552e4ff6beb4df4611a9072be648b",
Py0 = "12e23bc97d891f2a047bac9c90e728cb89760c812156f96c95e36c40f1c830cf6ecbb5d407b189070d48a92eb461ea6",
@ -163,7 +163,7 @@ suite "ψ (Psi) - Untwist-Frobenius-Twist Endomorphism on G2 vs SageMath" & " ["
test(
id = 0,
EC = ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist],
EC = ECP_ShortW_Prj[Fp2[BLS12_381], G2],
Px0 = "d6904be428a0310dbd6e15a744a774bcf9800abe27536267a5383f1ddbd7783e1dc20098a8e045e3cca66b83f6d7f0f",
Px1 = "12107f6ef71d0d1e3bcba9e00a0675d3080519dd1b6c086bd660eb2d2bca8f276e283a891b5c0615064d7886af625cf2",
Py0 = "c592a3546d2d61d671070909e97860822db0a389e351c1744bdbb2c472cf52f3ca3e94068b0b6f3b0121923659131f5",
@ -176,7 +176,7 @@ suite "ψ (Psi) - Untwist-Frobenius-Twist Endomorphism on G2 vs SageMath" & " ["
test(
id = 1,
EC = ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist],
EC = ECP_ShortW_Prj[Fp2[BLS12_381], G2],
Px0 = "112de130b7cd42bccdb005f2d4dc2726f360243103335ef6cf5e217e777554ae7c1deff5ddb5bcbb581fc9f13728a439",
Px1 = "10d1a89a63e5c6854d5e610ece9914f9b5619c27652be1e9ec3e87687d63ed5d45b449bf59c2481e18ac6159f75966ac",
Py0 = "11261c8fcb0f4f560479547fe6b2a1c1e8b648d87e54c39f299eba8729294e99b415851d134ca31e8bb861c42e6f1022",
@ -189,7 +189,7 @@ suite "ψ (Psi) - Untwist-Frobenius-Twist Endomorphism on G2 vs SageMath" & " ["
test(
id = 2,
EC = ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist],
EC = ECP_ShortW_Prj[Fp2[BLS12_381], G2],
Px0 = "2f93183360b53c2d706061f527571e91679e6086a72ce8203ba1a04850f83bb192b29307e9b2d63feb1d23979e3f632",
Px1 = "3cbab0c789968a3a35fa5d2e2326baa40c34d11a4af05a4109350944300ce32eef74dc5e47ba46717bd8bf87604696d",
Py0 = "2b8d995b0f2114442b7bbdbe5732fbf94430d6d413e1f388031f3abb956e598cb6764275a75832c1670868c458378b6",
@ -202,7 +202,7 @@ suite "ψ (Psi) - Untwist-Frobenius-Twist Endomorphism on G2 vs SageMath" & " ["
test(
id = 3,
EC = ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist],
EC = ECP_ShortW_Prj[Fp2[BLS12_381], G2],
Px0 = "d7d1c55ddf8bd03b7a15c3ea4f8f69aee37bf282d4aac82b7bd1fd47139250b9c708997a7ff8f603e48f0471c2cfe03",
Px1 = "d145a91934a6ad865d24ab556ae1e6c42decdd05d676b80e53365a6ff7536332859c9682e7200e40515f675415d71a3",
Py0 = "6de67fa12af93813a42612b1e9449c7b1f160c5de004ec26ea61010e48ba38dcf158d2692f347fdc6c6332bbec7106f",
@ -240,11 +240,11 @@ suite "ψ - psi(psi(P)) == psi2(P) - (Untwist-Frobenius-Twist Endomorphism)" & "
test(EC, randZ = false, gen = Long01Sequence)
test(EC, randZ = true, gen = Long01Sequence)
testAll(ECP_ShortW_Prj[Fp2[BN254_Nogami], OnTwist])
testAll(ECP_ShortW_Prj[Fp2[BN254_Snarks], OnTwist])
testAll(ECP_ShortW_Prj[Fp2[BLS12_377], OnTwist])
testAll(ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist])
testAll(ECP_ShortW_Prj[Fp[BW6_761], OnTwist])
testAll(ECP_ShortW_Prj[Fp2[BN254_Nogami], G2])
testAll(ECP_ShortW_Prj[Fp2[BN254_Snarks], G2])
testAll(ECP_ShortW_Prj[Fp2[BLS12_377], G2])
testAll(ECP_ShortW_Prj[Fp2[BLS12_381], G2])
testAll(ECP_ShortW_Prj[Fp[BW6_761], G2])
suite "ψ²(P) - [t]ψ(P) + [p]P = Inf" & " [" & $WordBitwidth & "-bit mode]":
const Iters = 10
@ -307,11 +307,11 @@ suite "ψ²(P) - [t]ψ(P) + [p]P = Inf" & " [" & $WordBitwidth & "-bit mode]":
test(EC, randZ = false, gen = Long01Sequence)
test(EC, randZ = true, gen = Long01Sequence)
testAll(ECP_ShortW_Prj[Fp2[BN254_Nogami], OnTwist])
testAll(ECP_ShortW_Prj[Fp2[BN254_Snarks], OnTwist])
testAll(ECP_ShortW_Prj[Fp2[BLS12_377], OnTwist])
testAll(ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist])
testAll(ECP_ShortW_Prj[Fp[BW6_761], OnTwist])
testAll(ECP_ShortW_Prj[Fp2[BN254_Nogami], G2])
testAll(ECP_ShortW_Prj[Fp2[BN254_Snarks], G2])
testAll(ECP_ShortW_Prj[Fp2[BLS12_377], G2])
testAll(ECP_ShortW_Prj[Fp2[BLS12_381], G2])
testAll(ECP_ShortW_Prj[Fp[BW6_761], G2])
suite "ψ⁴(P) - ψ²(P) + P = Inf (k-th cyclotomic polynomial with embedding degree k=12)" & " [" & $WordBitwidth & "-bit mode]":
const Iters = 10
@ -338,10 +338,10 @@ suite "ψ⁴(P) - ψ²(P) + P = Inf (k-th cyclotomic polynomial with embedding d
test(EC, randZ = false, gen = Long01Sequence)
test(EC, randZ = true, gen = Long01Sequence)
testAll(ECP_ShortW_Prj[Fp2[BN254_Nogami], OnTwist])
testAll(ECP_ShortW_Prj[Fp2[BN254_Snarks], OnTwist])
testAll(ECP_ShortW_Prj[Fp2[BLS12_377], OnTwist])
testAll(ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist])
testAll(ECP_ShortW_Prj[Fp2[BN254_Nogami], G2])
testAll(ECP_ShortW_Prj[Fp2[BN254_Snarks], G2])
testAll(ECP_ShortW_Prj[Fp2[BLS12_377], G2])
testAll(ECP_ShortW_Prj[Fp2[BLS12_381], G2])
suite "ψ²(P) - ψ(P) + P = Inf (k-th cyclotomic polynomial with embedding degree k=6)" & " [" & $WordBitwidth & "-bit mode]":
const Iters = 10
@ -368,4 +368,4 @@ suite "ψ²(P) - ψ(P) + P = Inf (k-th cyclotomic polynomial with embedding degr
test(EC, randZ = false, gen = Long01Sequence)
test(EC, randZ = true, gen = Long01Sequence)
testAll(ECP_ShortW_Prj[Fp[BW6_761], OnTwist])
testAll(ECP_ShortW_Prj[Fp[BW6_761], G2])

8
tests/t_ec_sage_bls12_377.nim
View File

@ -16,21 +16,21 @@ import
./t_ec_sage_template
run_scalar_mul_test_vs_sage(
ECP_ShortW_Prj[Fp[BLS12_377], NotOnTwist],
ECP_ShortW_Prj[Fp[BLS12_377], G1],
"t_ec_sage_bls12_377_g1_projective"
)
run_scalar_mul_test_vs_sage(
ECP_ShortW_Jac[Fp[BLS12_377], NotOnTwist],
ECP_ShortW_Jac[Fp[BLS12_377], G1],
"t_ec_sage_bls12_377_g1_jacobian"
)
run_scalar_mul_test_vs_sage(
ECP_ShortW_Prj[Fp2[BLS12_377], OnTwist],
ECP_ShortW_Prj[Fp2[BLS12_377], G2],
"t_ec_sage_bls12_377_g2_projective"
)
run_scalar_mul_test_vs_sage(
ECP_ShortW_Jac[Fp2[BLS12_377], OnTwist],
ECP_ShortW_Jac[Fp2[BLS12_377], G2],
"t_ec_sage_bls12_377_g2_jacobian"
)

8
tests/t_ec_sage_bls12_381.nim
View File

@ -16,21 +16,21 @@ import
./t_ec_sage_template
run_scalar_mul_test_vs_sage(
ECP_ShortW_Prj[Fp[BLS12_381], NotOnTwist],
ECP_ShortW_Prj[Fp[BLS12_381], G1],
"t_ec_sage_bls12_381_g1_projective"
)
run_scalar_mul_test_vs_sage(
ECP_ShortW_Jac[Fp[BLS12_381], NotOnTwist],
ECP_ShortW_Jac[Fp[BLS12_381], G1],
"t_ec_sage_bls12_381_g1_jacobian"
)
run_scalar_mul_test_vs_sage(
ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist],
ECP_ShortW_Prj[Fp2[BLS12_381], G2],
"t_ec_sage_bls12_381_g2_projective"
)
run_scalar_mul_test_vs_sage(
ECP_ShortW_Jac[Fp2[BLS12_381], OnTwist],
ECP_ShortW_Jac[Fp2[BLS12_381], G2],
"t_ec_sage_bls12_381_g2_jacobian"
)

8
tests/t_ec_sage_bn254_nogami.nim
View File

@ -16,21 +16,21 @@ import
./t_ec_sage_template
run_scalar_mul_test_vs_sage(
ECP_ShortW_Prj[Fp[BN254_Nogami], NotOnTwist],
ECP_ShortW_Prj[Fp[BN254_Nogami], G1],
"t_ec_sage_bn254_nogami_g1_projective"
)
run_scalar_mul_test_vs_sage(
ECP_ShortW_Jac[Fp[BN254_Nogami], NotOnTwist],
ECP_ShortW_Jac[Fp[BN254_Nogami], G1],
"t_ec_sage_bn254_nogami_g1_jacobian"
)
run_scalar_mul_test_vs_sage(
ECP_ShortW_Prj[Fp2[BN254_Nogami], OnTwist],
ECP_ShortW_Prj[Fp2[BN254_Nogami], G2],
"t_ec_sage_bn254_nogami_g2_projective"
)
run_scalar_mul_test_vs_sage(
ECP_ShortW_Jac[Fp2[BN254_Nogami], OnTwist],
ECP_ShortW_Jac[Fp2[BN254_Nogami], G2],
"t_ec_sage_bn254_nogami_g2_jacobian"
)

8
tests/t_ec_sage_bn254_snarks.nim
View File

@ -16,21 +16,21 @@ import
./t_ec_sage_template
run_scalar_mul_test_vs_sage(
ECP_ShortW_Prj[Fp[BN254_Snarks], NotOnTwist],
ECP_ShortW_Prj[Fp[BN254_Snarks], G1],
"t_ec_sage_bn254_snarks_g1_projective"
)
run_scalar_mul_test_vs_sage(
ECP_ShortW_Jac[Fp[BN254_Snarks], NotOnTwist],
ECP_ShortW_Jac[Fp[BN254_Snarks], G1],
"t_ec_sage_bn254_snarks_g1_jacobian"
)
run_scalar_mul_test_vs_sage(
ECP_ShortW_Prj[Fp2[BN254_Snarks], OnTwist],
ECP_ShortW_Prj[Fp2[BN254_Snarks], G2],
"t_ec_sage_bn254_snarks_g2_projective"
)
run_scalar_mul_test_vs_sage(
ECP_ShortW_Jac[Fp2[BN254_Snarks], OnTwist],
ECP_ShortW_Jac[Fp2[BN254_Snarks], G2],
"t_ec_sage_bn254_snarks_g2_jacobian"
)

12
tests/t_ec_sage_bw6_761_g1.nim
View File

@ -14,28 +14,28 @@ import
# Test utilities
./t_ec_sage_template
# When ECP_ShortW_Aff[Fp[Foo], NotOnTwist]
# and ECP_ShortW_Aff[Fp[Foo], OnTwist]
# When ECP_ShortW_Aff[Fp[Foo], G1]
# and ECP_ShortW_Aff[Fp[Foo], G2]
# are generated in the same file (i.e. twists and base curve are both on Fp)
# this creates bad codegen, in the C code, the `value`parameter gets the wrong type
# TODO: upstream
run_scalar_mul_test_vs_sage(
ECP_ShortW_Prj[Fp[BW6_761], NotOnTwist],
ECP_ShortW_Prj[Fp[BW6_761], G1],
"t_ec_sage_bw6_761_g1_projective"
)
run_scalar_mul_test_vs_sage(
ECP_ShortW_Jac[Fp[BW6_761], NotOnTwist],
ECP_ShortW_Jac[Fp[BW6_761], G1],
"t_ec_sage_bw6_761_g1_jacobian"
)
# run_scalar_mul_test_vs_sage(
# ECP_ShortW_Prj[Fp[BW6_761], OnTwist],
# ECP_ShortW_Prj[Fp[BW6_761], G2],
# "t_ec_sage_bw6_761_g2_projective"
# )
# run_scalar_mul_test_vs_sage(
# ECP_ShortW_Jac[Fp[BW6_761], OnTwist],
# ECP_ShortW_Jac[Fp[BW6_761], G2],
# "t_ec_sage_bw6_761_g2_jacobian"
# )

12
tests/t_ec_sage_bw6_761_g2.nim
View File

@ -14,28 +14,28 @@ import
# Test utilities
./t_ec_sage_template
# When ECP_ShortW_Aff[Fp[Foo], NotOnTwist]
# and ECP_ShortW_Aff[Fp[Foo], OnTwist]
# When ECP_ShortW_Aff[Fp[Foo], G1]
# and ECP_ShortW_Aff[Fp[Foo], G2]
# are generated in the same file (i.e. twists and base curve are both on Fp)
# this creates bad codegen, in the C code, the `value`parameter gets the wrong type
# TODO: upstream
# run_scalar_mul_test_vs_sage(
# ECP_ShortW_Prj[Fp[BW6_761], NotOnTwist],
# ECP_ShortW_Prj[Fp[BW6_761], G1],
# "t_ec_sage_bw6_761_g1_projective"
# )
# run_scalar_mul_test_vs_sage(
# ECP_ShortW_Jac[Fp[BW6_761], NotOnTwist],
# ECP_ShortW_Jac[Fp[BW6_761], G1],
# "t_ec_sage_bw6_761_g1_jacobian"
# )
run_scalar_mul_test_vs_sage(
ECP_ShortW_Prj[Fp[BW6_761], OnTwist],
ECP_ShortW_Prj[Fp[BW6_761], G2],
"t_ec_sage_bw6_761_g2_projective"
)
run_scalar_mul_test_vs_sage(
ECP_ShortW_Jac[Fp[BW6_761], OnTwist],
ECP_ShortW_Jac[Fp[BW6_761], G2],
"t_ec_sage_bw6_761_g2_jacobian"
)

12
tests/t_ec_sage_template.nim
View File

@ -140,8 +140,8 @@ proc parseHook*(src: string, pos: var int, value: var BigInt) =
proc parseHook*(src: string, pos: var int, value: var ECP_ShortW_Aff) =
# Note when nim-serialization was used:
# When ECP_ShortW_Aff[Fp[Foo], NotOnTwist]
# and ECP_ShortW_Aff[Fp[Foo], OnTwist]
# When ECP_ShortW_Aff[Fp[Foo], G1]
# and ECP_ShortW_Aff[Fp[Foo], G2]
# are generated in the same file (i.e. twists and base curve are both on Fp)
# this creates bad codegen, in the C code, the `value`parameter gets the wrong type
# TODO: upstream
@ -165,7 +165,7 @@ proc parseHook*(src: string, pos: var int, value: var ECP_ShortW_Aff) =
{.error: "Not Implemented".}
proc loadVectors(TestType: typedesc): TestType =
const group = when TestType.EC.Tw == NotOnTwist: "G1"
const group = when TestType.EC.G == G1: "G1"
else: "G2"
const filename = "tv_" & $TestType.EC.F.C & "_scalar_mul_" & group & ".json"
let content = readFile(TestVectorsDir/filename)
@ -181,12 +181,12 @@ proc run_scalar_mul_test_vs_sage*(
echo "\n------------------------------------------------------\n"
echo moduleName & '\n'
when EC.Tw == NotOnTwist:
when EC.G == G1:
const G1_or_G2 = "G1"
let vec = loadVectors(ScalarMulTestG1[ECP_ShortW_Aff[EC.F, EC.Tw]])
let vec = loadVectors(ScalarMulTestG1[ECP_ShortW_Aff[EC.F, EC.G]])
else:
const G1_or_G2 = "G2"
let vec = loadVectors(ScalarMulTestG2[ECP_ShortW_Aff[EC.F, EC.Tw]])
let vec = loadVectors(ScalarMulTestG2[ECP_ShortW_Aff[EC.F, EC.G]])
const coord = when EC is ECP_ShortW_Prj: " Projective coordinates "
elif EC is ECP_ShortW_Jac: " Jacobian coordinates "

8
tests/t_ec_shortw_jac_g1_add_double.nim
View File

@ -17,25 +17,25 @@ const
Iters = 8
run_EC_addition_tests(
ec = ECP_ShortW_Jac[Fp[BN254_Snarks], NotOnTwist],
ec = ECP_ShortW_Jac[Fp[BN254_Snarks], G1],
Iters = Iters,
moduleName = "test_ec_shortweierstrass_jacobian_g1_add_double_" & $BN254_Snarks
)
run_EC_addition_tests(
ec = ECP_ShortW_Jac[Fp[BLS12_381], NotOnTwist],
ec = ECP_ShortW_Jac[Fp[BLS12_381], G1],
Iters = Iters,
moduleName = "test_ec_shortweierstrass_jacobian_g1_add_double_" & $BLS12_381
)
run_EC_addition_tests(
ec = ECP_ShortW_Jac[Fp[BLS12_377], NotOnTwist],
ec = ECP_ShortW_Jac[Fp[BLS12_377], G1],
Iters = Iters,
moduleName = "test_ec_shortweierstrass_jacobian_g1_add_double_" & $BLS12_377
)
run_EC_addition_tests(
ec = ECP_ShortW_Jac[Fp[BW6_761], NotOnTwist],
ec = ECP_ShortW_Jac[Fp[BW6_761], G1],
Iters = Iters,
moduleName = "test_ec_shortweierstrass_jacobian_g1_add_double_" & $BLS12_377
)

8
tests/t_ec_shortw_jac_g1_mixed_add.nim
View File

@ -18,25 +18,25 @@ const
Iters = 12
run_EC_mixed_add_impl(
ec = ECP_ShortW_Jac[Fp[BN254_Snarks], NotOnTwist],
ec = ECP_ShortW_Jac[Fp[BN254_Snarks], G1],
Iters = Iters,
moduleName = "test_ec_shortweierstrass_jacobian_mixed_add_" & $BN254_Snarks
)
run_EC_mixed_add_impl(
ec = ECP_ShortW_Jac[Fp[BLS12_381], NotOnTwist],
ec = ECP_ShortW_Jac[Fp[BLS12_381], G1],
Iters = Iters,
moduleName = "test_ec_shortweierstrass_jacobian_mixed_add_" & $BLS12_381
)
run_EC_mixed_add_impl(
ec = ECP_ShortW_Jac[Fp[BLS12_377], NotOnTwist],
ec = ECP_ShortW_Jac[Fp[BLS12_377], G1],
Iters = Iters,
moduleName = "test_ec_shortweierstrass_jacobian_mixed_add_" & $BLS12_377
)
run_EC_mixed_add_impl(
ec = ECP_ShortW_Jac[Fp[BW6_761], NotOnTwist],
ec = ECP_ShortW_Jac[Fp[BW6_761], G1],
Iters = Iters,
moduleName = "test_ec_shortweierstrass_jacobian_mixed_add_" & $BW6_761
)

8
tests/t_ec_shortw_jac_g1_mul_distri.nim
View File

@ -18,25 +18,25 @@ const
ItersMul = Iters div 4
run_EC_mul_distributive_tests(
ec = ECP_ShortW_Jac[Fp[BN254_Snarks], NotOnTwist],
ec = ECP_ShortW_Jac[Fp[BN254_Snarks], G1],
ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_jacobian_g1_mul_distributive_" & $BN254_Snarks
)
run_EC_mul_distributive_tests(
ec = ECP_ShortW_Jac[Fp[BLS12_381], NotOnTwist],
ec = ECP_ShortW_Jac[Fp[BLS12_381], G1],
ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_jacobian_g1_mul_distributive_" & $BLS12_381
)
run_EC_mul_distributive_tests(
ec = ECP_ShortW_Jac[Fp[BLS12_377], NotOnTwist],
ec = ECP_ShortW_Jac[Fp[BLS12_377], G1],
ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_jacobian_g1_mul_distributive_" & $BLS12_377
)
run_EC_mul_distributive_tests(
ec = ECP_ShortW_Jac[Fp[BW6_761], NotOnTwist],
ec = ECP_ShortW_Jac[Fp[BW6_761], G1],
ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_jacobian_g1_mul_distributive_" & $BLS12_377
)

12
tests/t_ec_shortw_jac_g1_mul_sanity.nim
View File

@ -24,7 +24,7 @@ const
ItersMul = Iters div 4
run_EC_mul_sanity_tests(
ec = ECP_ShortW_Jac[Fp[BN254_Snarks], NotOnTwist],
ec = ECP_ShortW_Jac[Fp[BN254_Snarks], G1],
ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_jacobian_g1_mul_sanity_" & $BN254_Snarks
)
@ -56,8 +56,8 @@ suite "Order checks on BN254_Snarks":
bool(impl.isInf())
bool(reference.isInf())
test(ECP_ShortW_Jac[Fp[BN254_Snarks], NotOnTwist], bits = BN254_Snarks.getCurveOrderBitwidth(), randZ = false)
test(ECP_ShortW_Jac[Fp[BN254_Snarks], NotOnTwist], bits = BN254_Snarks.getCurveOrderBitwidth(), randZ = true)
test(ECP_ShortW_Jac[Fp[BN254_Snarks], G1], bits = BN254_Snarks.getCurveOrderBitwidth(), randZ = false)
test(ECP_ShortW_Jac[Fp[BN254_Snarks], G1], bits = BN254_Snarks.getCurveOrderBitwidth(), randZ = true)
# TODO: BLS12 is using a subgroup of order "r" such as r*h = CurveOrder
# with h the curve cofactor
# instead of the full group
@ -67,20 +67,20 @@ suite "Order checks on BN254_Snarks":
test "Not a point on the curve / not a square - #67":
var ax, ay: Fp[BN254_Snarks]
ax.fromHex"0x2a74c9ca553cd5f3437b41e77ca0c8cc77567a7eca5e7debc55b146b0bee324b"
ay.curve_eq_rhs(ax, NotOnTwist)
ay.curve_eq_rhs(ax, G1)
check:
bool not ay.isSquare()
bool not ay.sqrt_if_square()
run_EC_mul_sanity_tests(
ec = ECP_ShortW_Jac[Fp[BLS12_381], NotOnTwist],
ec = ECP_ShortW_Jac[Fp[BLS12_381], G1],
ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_jacobian_g1_mul_sanity_" & $BLS12_381
)
run_EC_mul_sanity_tests(
ec = ECP_ShortW_Jac[Fp[BLS12_377], NotOnTwist],
ec = ECP_ShortW_Jac[Fp[BLS12_377], G1],
ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_jacobian_g1_mul_sanity_" & $BLS12_377
)

8
tests/t_ec_shortw_jac_g1_mul_vs_ref.nim
View File

@ -18,25 +18,25 @@ const
ItersMul = Iters div 4
run_EC_mul_vs_ref_impl(
ec = ECP_ShortW_Jac[Fp[BN254_Snarks], NotOnTwist],
ec = ECP_ShortW_Jac[Fp[BN254_Snarks], G1],
ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_jacobian_g1_mul_vs_ref_" & $BN254_Snarks
)
run_EC_mul_vs_ref_impl(
ec = ECP_ShortW_Jac[Fp[BLS12_381], NotOnTwist],
ec = ECP_ShortW_Jac[Fp[BLS12_381], G1],
ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_jacobian_g1_mul_vs_ref_" & $BLS12_381
)
run_EC_mul_vs_ref_impl(
ec = ECP_ShortW_Jac[Fp[BLS12_377], NotOnTwist],
ec = ECP_ShortW_Jac[Fp[BLS12_377], G1],
ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_jacobian_g1_mul_vs_ref_" & $BLS12_377
)
run_EC_mul_vs_ref_impl(
ec = ECP_ShortW_Jac[Fp[BW6_761], NotOnTwist],
ec = ECP_ShortW_Jac[Fp[BW6_761], G1],
ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_jacobian_g1_mul_vs_ref_" & $BLS12_377
)

2
tests/t_ec_shortw_jac_g2_add_double_bls12_377.nim
View File

@ -18,7 +18,7 @@ const
Iters = 8
run_EC_addition_tests(
ec = ECP_ShortW_Jac[Fp2[BLS12_377], OnTwist],
ec = ECP_ShortW_Jac[Fp2[BLS12_377], G2],
Iters = Iters,
moduleName = "test_ec_shortweierstrass_jacobian_g2_add_double_" & $BLS12_377
)

2
tests/t_ec_shortw_jac_g2_add_double_bls12_381.nim
View File

@ -18,7 +18,7 @@ const
Iters = 8
run_EC_addition_tests(
ec = ECP_ShortW_Jac[Fp2[BLS12_381], OnTwist],
ec = ECP_ShortW_Jac[Fp2[BLS12_381], G2],
Iters = Iters,
moduleName = "test_ec_shortweierstrass_jacobian_g2_add_double_" & $BLS12_381
)

2
tests/t_ec_shortw_jac_g2_add_double_bn254_snarks.nim
View File

@ -18,7 +18,7 @@ const
Iters = 8
run_EC_addition_tests(
ec = ECP_ShortW_Jac[Fp2[BN254_Snarks], OnTwist],
ec = ECP_ShortW_Jac[Fp2[BN254_Snarks], G2],
Iters = Iters,
moduleName = "test_ec_shortweierstrass_jacobian_g2_add_double_" & $BN254_Snarks
)

2
tests/t_ec_shortw_jac_g2_add_double_bw6_761.nim
View File

@ -17,7 +17,7 @@ const
Iters = 8
run_EC_addition_tests(
ec = ECP_ShortW_Jac[Fp[BW6_761], OnTwist],
ec = ECP_ShortW_Jac[Fp[BW6_761], G2],
Iters = Iters,
moduleName = "test_ec_shortweierstrass_jacobian_g2_add_double_" & $BW6_761
)

2
tests/t_ec_shortw_jac_g2_mixed_add_bls12_377.nim
View File

@ -18,7 +18,7 @@ const
Iters = 12
run_EC_mixed_add_impl(
ec = ECP_ShortW_Jac[Fp2[BLS12_377], OnTwist],
ec = ECP_ShortW_Jac[Fp2[BLS12_377], G2],
Iters = Iters,
moduleName = "test_ec_shortweierstrass_jacobian_mixed_add_" & $BLS12_377
)

2
tests/t_ec_shortw_jac_g2_mixed_add_bls12_381.nim
View File

@ -18,7 +18,7 @@ const
Iters = 12
run_EC_mixed_add_impl(
ec = ECP_ShortW_Jac[Fp2[BLS12_381], OnTwist],
ec = ECP_ShortW_Jac[Fp2[BLS12_381], G2],
Iters = Iters,
moduleName = "test_ec_shortweierstrass_jacobian_mixed_add_" & $BLS12_381
)

2
tests/t_ec_shortw_jac_g2_mixed_add_bn254_snarks.nim
View File

@ -18,7 +18,7 @@ const
Iters = 12
run_EC_mixed_add_impl(
ec = ECP_ShortW_Jac[Fp2[BN254_Snarks], OnTwist],
ec = ECP_ShortW_Jac[Fp2[BN254_Snarks], G2],
Iters = Iters,
moduleName = "test_ec_shortweierstrass_jacobian_mixed_add_" & $BN254_Snarks
)

2
tests/t_ec_shortw_jac_g2_mixed_add_bw6_761.nim
View File

@ -17,7 +17,7 @@ const
Iters = 12
run_EC_mixed_add_impl(
ec = ECP_ShortW_Jac[Fp[BW6_761], OnTwist],
ec = ECP_ShortW_Jac[Fp[BW6_761], G2],
Iters = Iters,
moduleName = "test_ec_shortweierstrass_jacobian_mixed_add_" & $BW6_761
)

2
tests/t_ec_shortw_jac_g2_mul_distri_bls12_377.nim
View File

@ -19,7 +19,7 @@ const
ItersMul = Iters div 4
run_EC_mul_distributive_tests(
ec = ECP_ShortW_Jac[Fp2[BLS12_377], OnTwist],
ec = ECP_ShortW_Jac[Fp2[BLS12_377], G2],
ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_jacobian_g2_mul_distributive_" & $BLS12_377
)

2
tests/t_ec_shortw_jac_g2_mul_distri_bls12_381.nim
View File

@ -19,7 +19,7 @@ const
ItersMul = Iters div 4
run_EC_mul_distributive_tests(
ec = ECP_ShortW_Jac[Fp2[BLS12_381], OnTwist],
ec = ECP_ShortW_Jac[Fp2[BLS12_381], G2],
ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_jacobian_g2_mul_distributive_" & $BLS12_381
)

2
tests/t_ec_shortw_jac_g2_mul_distri_bn254_snarks.nim
View File

@ -19,7 +19,7 @@ const
ItersMul = Iters div 4
run_EC_mul_distributive_tests(
ec = ECP_ShortW_Jac[Fp2[BN254_Snarks], OnTwist],
ec = ECP_ShortW_Jac[Fp2[BN254_Snarks], G2],
ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_jacobian_g2_mul_distributive_" & $BN254_Snarks
)

2
tests/t_ec_shortw_jac_g2_mul_distri_bw6_761.nim
View File

@ -18,7 +18,7 @@ const
ItersMul = Iters div 4
run_EC_mul_distributive_tests(
ec = ECP_ShortW_Jac[Fp[BW6_761], OnTwist],
ec = ECP_ShortW_Jac[Fp[BW6_761], G2],
ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_jacobian_g2_mul_distributive_" & $BW6_761
)

2
tests/t_ec_shortw_jac_g2_mul_sanity_bls12_377.nim
View File

@ -19,7 +19,7 @@ const
ItersMul = Iters div 4
run_EC_mul_sanity_tests(
ec = ECP_ShortW_Jac[Fp2[BLS12_377], OnTwist],
ec = ECP_ShortW_Jac[Fp2[BLS12_377], G2],
ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_jacobian_g2_mul_sanity_" & $BLS12_377
)

2
tests/t_ec_shortw_jac_g2_mul_sanity_bls12_381.nim
View File

@ -19,7 +19,7 @@ const
ItersMul = Iters div 4
run_EC_mul_sanity_tests(
ec = ECP_ShortW_Jac[Fp2[BLS12_381], OnTwist],
ec = ECP_ShortW_Jac[Fp2[BLS12_381], G2],
ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_jacobian_g2_mul_sanity_" & $BLS12_381
)

2
tests/t_ec_shortw_jac_g2_mul_sanity_bn254_snarks.nim
View File

@ -19,7 +19,7 @@ const
ItersMul = Iters div 4
run_EC_mul_sanity_tests(
ec = ECP_ShortW_Jac[Fp2[BN254_Snarks], OnTwist],
ec = ECP_ShortW_Jac[Fp2[BN254_Snarks], G2],
ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_jacobian_g2_mul_sanity_" & $BN254_Snarks
)

2
tests/t_ec_shortw_jac_g2_mul_sanity_bw6_761.nim
View File

@ -18,7 +18,7 @@ const
ItersMul = Iters div 4
run_EC_mul_sanity_tests(
ec = ECP_ShortW_Jac[Fp[BW6_761], OnTwist],
ec = ECP_ShortW_Jac[Fp[BW6_761], G2],
ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_jacobian_g2_mul_sanity_" & $BW6_761
)

2
tests/t_ec_shortw_jac_g2_mul_vs_ref_bls12_377.nim
View File

@ -19,7 +19,7 @@ const
ItersMul = Iters div 4
run_EC_mul_vs_ref_impl(
ec = ECP_ShortW_Jac[Fp2[BLS12_377], OnTwist],
ec = ECP_ShortW_Jac[Fp2[BLS12_377], G2],
ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_jacobian_g2_mul_vs_ref_" & $BLS12_377
)

2
tests/t_ec_shortw_jac_g2_mul_vs_ref_bls12_381.nim
View File

@ -19,7 +19,7 @@ const
ItersMul = Iters div 4
run_EC_mul_vs_ref_impl(
ec = ECP_ShortW_Jac[Fp2[BLS12_381], OnTwist],
ec = ECP_ShortW_Jac[Fp2[BLS12_381], G2],
ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_jacobian_g2_mul_vs_ref_" & $BLS12_381
)

2
tests/t_ec_shortw_jac_g2_mul_vs_ref_bn254_snarks.nim
View File

@ -19,7 +19,7 @@ const
ItersMul = Iters div 4
run_EC_mul_vs_ref_impl(
ec = ECP_ShortW_Jac[Fp2[BN254_Snarks], OnTwist],
ec = ECP_ShortW_Jac[Fp2[BN254_Snarks], G2],
ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_jacobian_g2_mul_vs_ref_" & $BN254_Snarks
)

2
tests/t_ec_shortw_jac_g2_mul_vs_ref_bw6_761.nim
View File

@ -18,7 +18,7 @@ const
ItersMul = Iters div 4
run_EC_mul_vs_ref_impl(
ec = ECP_ShortW_Jac[Fp[BW6_761], OnTwist],
ec = ECP_ShortW_Jac[Fp[BW6_761], G2],
ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_jacobian_g2_mul_vs_ref_" & $BW6_761
)

8
tests/t_ec_shortw_prj_edge_cases.nim
View File

@ -26,7 +26,7 @@ import
./support/ec_reference_scalar_mult
func testAddAssociativity[EC](a, b, c: EC) =
var tmp1{.noInit.}, tmp2{.noInit.}: ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist]
var tmp1{.noInit.}, tmp2{.noInit.}: ECP_ShortW_Prj[Fp2[BLS12_381], G2]
# r0 = (a + b) + c
tmp1.sum(a, b)
@ -63,7 +63,7 @@ func testAddAssociativity[EC](a, b, c: EC) =
suite "Short Weierstrass Elliptic Curve - Edge cases [" & $WordBitwidth & "-bit mode]":
test "EC Add G2 is associative - #60":
var a, b, c: ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist]
var a, b, c: ECP_ShortW_Prj[Fp2[BLS12_381], G2]
var ax, az, bx, bz, cx, cz: Fp2[BLS12_381]
ax.fromHex(
@ -101,7 +101,7 @@ suite "Short Weierstrass Elliptic Curve - Edge cases [" & $WordBitwidth & "-bit
test "EC Add G2 is associative - #65-1":
var a, b, c: ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist]
var a, b, c: ECP_ShortW_Prj[Fp2[BLS12_381], G2]
var ax, az, bx, bz, cx, cz: Fp2[BLS12_381]
ax.fromHex(
@ -139,7 +139,7 @@ suite "Short Weierstrass Elliptic Curve - Edge cases [" & $WordBitwidth & "-bit
test "EC Add G2 is associative - #65-2":
var a, b, c: ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist]
var a, b, c: ECP_ShortW_Prj[Fp2[BLS12_381], G2]
var ax, az, bx, bz, cx, cz: Fp2[BLS12_381]
ax.fromHex(

8
tests/t_ec_shortw_prj_g1_add_double.nim
View File

@ -17,25 +17,25 @@ const
Iters = 8
run_EC_addition_tests(
ec = ECP_ShortW_Prj[Fp[BN254_Snarks], NotOnTwist],
ec = ECP_ShortW_Prj[Fp[BN254_Snarks], G1],
Iters = Iters,
moduleName = "test_ec_shortweierstrass_projective_g1_add_double_" & $BN254_Snarks
)
run_EC_addition_tests(
ec = ECP_ShortW_Prj[Fp[BLS12_381], NotOnTwist],
ec = ECP_ShortW_Prj[Fp[BLS12_381], G1],
Iters = Iters,
moduleName = "test_ec_shortweierstrass_projective_g1_add_double_" & $BLS12_381
)
run_EC_addition_tests(
ec = ECP_ShortW_Prj[Fp[BLS12_377], NotOnTwist],
ec = ECP_ShortW_Prj[Fp[BLS12_377], G1],
Iters = Iters,
moduleName = "test_ec_shortweierstrass_projective_g1_add_double_" & $BLS12_377
)
run_EC_addition_tests(
ec = ECP_ShortW_Prj[Fp[BW6_761], NotOnTwist],
ec = ECP_ShortW_Prj[Fp[BW6_761], G1],
Iters = Iters,
moduleName = "test_ec_shortweierstrass_projective_g1_add_double_" & $BW6_761
)

8
tests/t_ec_shortw_prj_g1_mixed_add.nim
View File

@ -18,25 +18,25 @@ const
Iters = 12
run_EC_mixed_add_impl(
ec = ECP_ShortW_Prj[Fp[BN254_Snarks], NotOnTwist],
ec = ECP_ShortW_Prj[Fp[BN254_Snarks], G1],
Iters = Iters,
moduleName = "test_ec_shortweierstrass_projective_mixed_add_" & $BN254_Snarks
)
run_EC_mixed_add_impl(
ec = ECP_ShortW_Prj[Fp[BLS12_381], NotOnTwist],
ec = ECP_ShortW_Prj[Fp[BLS12_381], G1],
Iters = Iters,
moduleName = "test_ec_shortweierstrass_projective_mixed_add_" & $BLS12_381
)
run_EC_mixed_add_impl(
ec = ECP_ShortW_Prj[Fp[BLS12_377], NotOnTwist],
ec = ECP_ShortW_Prj[Fp[BLS12_377], G1],
Iters = Iters,
moduleName = "test_ec_shortweierstrass_projective_mixed_add_" & $BLS12_377
)
run_EC_mixed_add_impl(
ec = ECP_ShortW_Prj[Fp[BW6_761], NotOnTwist],
ec = ECP_ShortW_Prj[Fp[BW6_761], G1],
Iters = Iters,
moduleName = "test_ec_shortweierstrass_projective_mixed_add_" & $BW6_761
)

8
tests/t_ec_shortw_prj_g1_mul_distri.nim
View File

@ -18,25 +18,25 @@ const
ItersMul = Iters div 4
run_EC_mul_distributive_tests(
ec = ECP_ShortW_Prj[Fp[BN254_Snarks], NotOnTwist],
ec = ECP_ShortW_Prj[Fp[BN254_Snarks], G1],
ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_projective_g1_mul_distributive_" & $BN254_Snarks
)
run_EC_mul_distributive_tests(
ec = ECP_ShortW_Prj[Fp[BLS12_381], NotOnTwist],
ec = ECP_ShortW_Prj[Fp[BLS12_381], G1],
ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_projective_g1_mul_distributive_" & $BLS12_381
)
run_EC_mul_distributive_tests(
ec = ECP_ShortW_Prj[Fp[BLS12_377], NotOnTwist],
ec = ECP_ShortW_Prj[Fp[BLS12_377], G1],
ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_projective_g1_mul_distributive_" & $BLS12_377
)
run_EC_mul_distributive_tests(
ec = ECP_ShortW_Prj[Fp[BW6_761], NotOnTwist],
ec = ECP_ShortW_Prj[Fp[BW6_761], G1],
ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_projective_g1_mul_distributive_" & $BW6_761
)

16
tests/t_ec_shortw_prj_g1_mul_sanity.nim
View File

@ -24,7 +24,7 @@ const
ItersMul = Iters div 4
run_EC_mul_sanity_tests(
ec = ECP_ShortW_Prj[Fp[BN254_Snarks], NotOnTwist],
ec = ECP_ShortW_Prj[Fp[BN254_Snarks], G1],
ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_projective_g1_mul_sanity_" & $BN254_Snarks
)
@ -56,37 +56,37 @@ suite "Order checks on BN254_Snarks":
bool(impl.isInf())
bool(reference.isInf())
test(ECP_ShortW_Prj[Fp[BN254_Snarks], NotOnTwist], bits = BN254_Snarks.getCurveOrderBitwidth(), randZ = false)
test(ECP_ShortW_Prj[Fp[BN254_Snarks], NotOnTwist], bits = BN254_Snarks.getCurveOrderBitwidth(), randZ = true)
test(ECP_ShortW_Prj[Fp[BN254_Snarks], G1], bits = BN254_Snarks.getCurveOrderBitwidth(), randZ = false)
test(ECP_ShortW_Prj[Fp[BN254_Snarks], G1], bits = BN254_Snarks.getCurveOrderBitwidth(), randZ = true)
# TODO: BLS12 is using a subgroup of order "r" such as r*h = CurveOrder
# with h the curve cofactor
# instead of the full group
# test(Fp[BLS12_381], bits = BLS12_381.getCurveOrderBitwidth(), randZ = NotOnTwist)
# test(Fp[BLS12_381], bits = BLS12_381.getCurveOrderBitwidth(), randZ = G1)
# test(Fp[BLS12_381], bits = BLS12_381.getCurveOrderBitwidth(), randZ = true)
test "Not a point on the curve / not a square - #67":
var ax, ay: Fp[BN254_Snarks]
ax.fromHex"0x2a74c9ca553cd5f3437b41e77ca0c8cc77567a7eca5e7debc55b146b0bee324b"
ay.curve_eq_rhs(ax, NotOnTwist)
ay.curve_eq_rhs(ax, G1)
check:
bool not ay.isSquare()
bool not ay.sqrt_if_square()
run_EC_mul_sanity_tests(
ec = ECP_ShortW_Prj[Fp[BLS12_381], NotOnTwist],
ec = ECP_ShortW_Prj[Fp[BLS12_381], G1],
ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_projective_g1_mul_sanity_" & $BLS12_381
)
run_EC_mul_sanity_tests(
ec = ECP_ShortW_Prj[Fp[BLS12_377], NotOnTwist],
ec = ECP_ShortW_Prj[Fp[BLS12_377], G1],
ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_projective_g1_mul_sanity_" & $BLS12_377
)
run_EC_mul_sanity_tests(
ec = ECP_ShortW_Prj[Fp[BW6_761], NotOnTwist],
ec = ECP_ShortW_Prj[Fp[BW6_761], G1],
ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_projective_g1_mul_sanity_" & $BW6_761
)

8
tests/t_ec_shortw_prj_g1_mul_vs_ref.nim
View File

@ -18,25 +18,25 @@ const
ItersMul = Iters div 4
run_EC_mul_vs_ref_impl(
ec = ECP_ShortW_Prj[Fp[BN254_Snarks], NotOnTwist],
ec = ECP_ShortW_Prj[Fp[BN254_Snarks], G1],
ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_projective_g1_mul_vs_ref_" & $BN254_Snarks
)
run_EC_mul_vs_ref_impl(
ec = ECP_ShortW_Prj[Fp[BLS12_381], NotOnTwist],
ec = ECP_ShortW_Prj[Fp[BLS12_381], G1],
ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_projective_g1_mul_vs_ref_" & $BLS12_381
)
run_EC_mul_vs_ref_impl(
ec = ECP_ShortW_Prj[Fp[BLS12_377], NotOnTwist],
ec = ECP_ShortW_Prj[Fp[BLS12_377], G1],
ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_projective_g1_mul_vs_ref_" & $BLS12_377
)
run_EC_mul_vs_ref_impl(
ec = ECP_ShortW_Prj[Fp[BW6_761], NotOnTwist],
ec = ECP_ShortW_Prj[Fp[BW6_761], G1],
ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_projective_g1_mul_vs_ref_" & $BW6_761
)

2
tests/t_ec_shortw_prj_g2_add_double_bls12_377.nim
View File

@ -18,7 +18,7 @@ const
Iters = 8
run_EC_addition_tests(
ec = ECP_ShortW_Prj[Fp2[BLS12_377], OnTwist],
ec = ECP_ShortW_Prj[Fp2[BLS12_377], G2],
Iters = Iters,
moduleName = "test_ec_shortweierstrass_projective_g2_add_double_" & $BLS12_377
)

2
tests/t_ec_shortw_prj_g2_add_double_bls12_381.nim
View File

@ -18,7 +18,7 @@ const
Iters = 8
run_EC_addition_tests(
ec = ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist],
ec = ECP_ShortW_Prj[Fp2[BLS12_381], G2],
Iters = Iters,
moduleName = "test_ec_shortweierstrass_projective_g2_add_double_" & $BLS12_381
)

2
tests/t_ec_shortw_prj_g2_add_double_bn254_snarks.nim
View File

@ -18,7 +18,7 @@ const
Iters = 8
run_EC_addition_tests(
ec = ECP_ShortW_Prj[Fp2[BN254_Snarks], OnTwist],
ec = ECP_ShortW_Prj[Fp2[BN254_Snarks], G2],
Iters = Iters,
moduleName = "test_ec_shortweierstrass_projective_g2_add_double_" & $BN254_Snarks
)

2
tests/t_ec_shortw_prj_g2_add_double_bw6_761.nim
View File

@ -17,7 +17,7 @@ const
Iters = 8
run_EC_addition_tests(
ec = ECP_ShortW_Prj[Fp[BW6_761], OnTwist],
ec = ECP_ShortW_Prj[Fp[BW6_761], G2],
Iters = Iters,
moduleName = "test_ec_shortweierstrass_projective_g2_add_double_" & $BW6_761
)

2
tests/t_ec_shortw_prj_g2_mixed_add_bls12_377.nim
View File

@ -18,7 +18,7 @@ const
Iters = 12
run_EC_mixed_add_impl(
ec = ECP_ShortW_Prj[Fp2[BLS12_377], OnTwist],
ec = ECP_ShortW_Prj[Fp2[BLS12_377], G2],
Iters = Iters,
moduleName = "test_ec_shortweierstrass_projective_mixed_add_" & $BLS12_377
)

2
tests/t_ec_shortw_prj_g2_mixed_add_bls12_381.nim
View File

@ -18,7 +18,7 @@ const
Iters = 12
run_EC_mixed_add_impl(
ec = ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist],
ec = ECP_ShortW_Prj[Fp2[BLS12_381], G2],
Iters = Iters,
moduleName = "test_ec_shortweierstrass_projective_mixed_add_" & $BLS12_381
)

2
tests/t_ec_shortw_prj_g2_mixed_add_bn254_snarks.nim
View File

@ -18,7 +18,7 @@ const
Iters = 12
run_EC_mixed_add_impl(
ec = ECP_ShortW_Prj[Fp2[BN254_Snarks], OnTwist],
ec = ECP_ShortW_Prj[Fp2[BN254_Snarks], G2],
Iters = Iters,
moduleName = "test_ec_shortweierstrass_projective_mixed_add_" & $BN254_Snarks
)

2
tests/t_ec_shortw_prj_g2_mixed_add_bw6_761.nim
View File

@ -17,7 +17,7 @@ const
Iters = 12
run_EC_mixed_add_impl(
ec = ECP_ShortW_Prj[Fp[BW6_761], OnTwist],
ec = ECP_ShortW_Prj[Fp[BW6_761], G2],
Iters = Iters,
moduleName = "test_ec_shortweierstrass_projective_mixed_add_" & $BW6_761
)

2
tests/t_ec_shortw_prj_g2_mul_distri_bls12_377.nim
View File

@ -19,7 +19,7 @@ const
ItersMul = Iters div 4
run_EC_mul_distributive_tests(
ec = ECP_ShortW_Prj[Fp2[BLS12_377], OnTwist],
ec = ECP_ShortW_Prj[Fp2[BLS12_377], G2],
ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_projective_g2_mul_distributive_" & $BLS12_377
)

2
tests/t_ec_shortw_prj_g2_mul_distri_bls12_381.nim
View File

@ -19,7 +19,7 @@ const
ItersMul = Iters div 4
run_EC_mul_distributive_tests(
ec = ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist],
ec = ECP_ShortW_Prj[Fp2[BLS12_381], G2],
ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_projective_g2_mul_distributive_" & $BLS12_381
)

2
tests/t_ec_shortw_prj_g2_mul_distri_bn254_snarks.nim
View File

@ -19,7 +19,7 @@ const
ItersMul = Iters div 4
run_EC_mul_distributive_tests(
ec = ECP_ShortW_Prj[Fp2[BN254_Snarks], OnTwist],
ec = ECP_ShortW_Prj[Fp2[BN254_Snarks], G2],
ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_projective_g2_mul_distributive_" & $BN254_Snarks
)

2
tests/t_ec_shortw_prj_g2_mul_distri_bw6_761.nim
View File

@ -18,7 +18,7 @@ const
ItersMul = Iters div 4
run_EC_mul_distributive_tests(
ec = ECP_ShortW_Prj[Fp[BW6_761], OnTwist],
ec = ECP_ShortW_Prj[Fp[BW6_761], G2],
ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_projective_g2_mul_distributive_" & $BW6_761
)

2
tests/t_ec_shortw_prj_g2_mul_sanity_bls12_377.nim
View File

@ -19,7 +19,7 @@ const
ItersMul = Iters div 4
run_EC_mul_sanity_tests(
ec = ECP_ShortW_Prj[Fp2[BLS12_377], OnTwist],
ec = ECP_ShortW_Prj[Fp2[BLS12_377], G2],
ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_projective_g2_mul_sanity_" & $BLS12_377
)

2
tests/t_ec_shortw_prj_g2_mul_sanity_bls12_381.nim
View File

@ -19,7 +19,7 @@ const
ItersMul = Iters div 4
run_EC_mul_sanity_tests(
ec = ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist],
ec = ECP_ShortW_Prj[Fp2[BLS12_381], G2],
ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_projective_g2_mul_sanity_" & $BLS12_381
)

2
tests/t_ec_shortw_prj_g2_mul_sanity_bn254_snarks.nim
View File

@ -19,7 +19,7 @@ const
ItersMul = Iters div 4
run_EC_mul_sanity_tests(
ec = ECP_ShortW_Prj[Fp2[BN254_Snarks], OnTwist],
ec = ECP_ShortW_Prj[Fp2[BN254_Snarks], G2],
ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_projective_g2_mul_sanity_" & $BN254_Snarks
)

2
tests/t_ec_shortw_prj_g2_mul_sanity_bw6_761.nim
View File

@ -18,7 +18,7 @@ const
ItersMul = Iters div 4
run_EC_mul_sanity_tests(
ec = ECP_ShortW_Prj[Fp[BW6_761], OnTwist],
ec = ECP_ShortW_Prj[Fp[BW6_761], G2],
ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_projective_g2_mul_sanity_" & $BW6_761
)

2
tests/t_ec_shortw_prj_g2_mul_vs_ref_bls12_377.nim
View File

@ -19,7 +19,7 @@ const
ItersMul = Iters div 4
run_EC_mul_vs_ref_impl(
ec = ECP_ShortW_Prj[Fp2[BLS12_377], OnTwist],
ec = ECP_ShortW_Prj[Fp2[BLS12_377], G2],
ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_projective_g2_mul_vs_ref_" & $BLS12_377
)

2
tests/t_ec_shortw_prj_g2_mul_vs_ref_bls12_381.nim
View File

@ -19,7 +19,7 @@ const
ItersMul = Iters div 4
run_EC_mul_vs_ref_impl(
ec = ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist],
ec = ECP_ShortW_Prj[Fp2[BLS12_381], G2],
ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_projective_g2_mul_vs_ref_" & $BLS12_381
)

2
tests/t_ec_shortw_prj_g2_mul_vs_ref_bn254_snarks.nim
View File

@ -19,7 +19,7 @@ const
ItersMul = Iters div 4
run_EC_mul_vs_ref_impl(
ec = ECP_ShortW_Prj[Fp2[BN254_Snarks], OnTwist],
ec = ECP_ShortW_Prj[Fp2[BN254_Snarks], G2],
ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_projective_g2_mul_vs_ref_" & $BN254_Snarks
)

2
tests/t_ec_shortw_prj_g2_mul_vs_ref_bw6_761.nim
View File

@ -18,7 +18,7 @@ const
ItersMul = Iters div 4
run_EC_mul_vs_ref_impl(
ec = ECP_ShortW_Prj[Fp[BW6_761], OnTwist],
ec = ECP_ShortW_Prj[Fp[BW6_761], G2],
ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_projective_g2_mul_vs_ref_" & $BW6_761
)

6
tests/t_ec_template.nim
View File

@ -55,7 +55,7 @@ func random_point*(rng: var RngState, EC: typedesc, randZ: bool, gen: RandomGen)
template pairingGroup(EC: typedesc): string =
when EC is (ECP_ShortW_Aff or ECP_ShortW_Prj or ECP_ShortW_Jac):
when EC.Tw == NotOnTwist:
when EC.G == G1:
"G1"
else:
"G2"
@ -426,7 +426,7 @@ proc run_EC_mixed_add_impl*(
echo "\n------------------------------------------------------\n"
echo moduleName, " xoshiro512** seed: ", seed
when ec.Tw == NotOnTwist:
when ec.G == G1:
const G1_or_G2 = "G1"
else:
const G1_or_G2 = "G2"
@ -439,7 +439,7 @@ proc run_EC_mixed_add_impl*(
for _ in 0 ..< Iters:
let a = rng.random_point(EC, randZ, gen)
let b = rng.random_point(EC, randZ, gen)
var bAff: ECP_ShortW_Aff[EC.F, EC.Tw]
var bAff: ECP_ShortW_Aff[EC.F, EC.G]
when b is ECP_ShortW_Prj:
bAff.affineFromProjective(b)
else:

12
tests/t_hash_to_curve.nim
View File

@ -67,8 +67,8 @@ const
proc parseHook*(src: string, pos: var int, value: var ECP_ShortW_Aff) =
# Note when nim-serialization was used:
# When ECP_ShortW_Aff[Fp[Foo], NotOnTwist]
# and ECP_ShortW_Aff[Fp[Foo], OnTwist]
# When ECP_ShortW_Aff[Fp[Foo], G1]
# and ECP_ShortW_Aff[Fp[Foo], G2]
# are generated in the same file (i.e. twists and base curve are both on Fp)
# this creates bad codegen, in the C code, the `value`parameter gets the wrong type
# TODO: upstream
@ -107,11 +107,11 @@ proc run_hash_to_curve_test(
filename: string
) =
when EC.Tw == NotOnTwist:
when EC.G == G1:
const G1_or_G2 = "G1"
else:
const G1_or_G2 = "G2"
let vec = loadVectors(HashToCurveTest[ECP_ShortW_Aff[EC.F, EC.Tw]], filename)
let vec = loadVectors(HashToCurveTest[ECP_ShortW_Aff[EC.F, EC.G]], filename)
let testSuiteDesc = "Hash to Curve " & $EC.F.C & " " & G1_or_G2 & " - official specs " & spec_version & " test vectors"
@ -142,7 +142,7 @@ echo "Hash-to-curve" & '\n'
# Hash-to-curve v8 to latest
# https://github.com/cfrg/draft-irtf-cfrg-hash-to-curve/blob/draft-irtf-cfrg-hash-to-curve-10/poc/vectors/BLS12381G2_XMD:SHA-256_SSWU_RO_.json
run_hash_to_curve_test(
ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist],
ECP_ShortW_Prj[Fp2[BLS12_381], G2],
"v8",
"tv_h2c_v8_BLS12_381_hash_to_G2_SHA256_SSWU_RO.json"
)
@ -150,7 +150,7 @@ run_hash_to_curve_test(
# Hash-to-curve v7 (different domain separation tag)
# https://github.com/cfrg/draft-irtf-cfrg-hash-to-curve/blob/draft-irtf-cfrg-hash-to-curve-07/poc/vectors/BLS12381G2_XMD:SHA-256_SSWU_RO_.json
run_hash_to_curve_test(
ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist],
ECP_ShortW_Prj[Fp2[BLS12_381], G2],
"v7",
"tv_h2c_v7_BLS12_381_hash_to_G2_SHA256_SSWU_RO.json"
)

14
tests/t_pairing_bls12_377_line_functions.nim
View File

@ -69,9 +69,9 @@ suite "Pairing - Line Functions on BLS12-377" & " [" & $WordBitwidth & "-bit mod
test "Line double - lt,t(P)":
proc test_line_double(C: static Curve, randZ: bool, gen: RandomGen) =
for _ in 0 ..< Iters:
let P = rng.random_point(ECP_ShortW_Aff[Fp[C], NotOnTwist], gen)
var T = rng.random_point(ECP_ShortW_Prj[Fp2[C], OnTwist], randZ, gen)
let Q = rng.random_point(ECP_ShortW_Prj[Fp2[C], OnTwist], randZ, gen)
let P = rng.random_point(ECP_ShortW_Aff[Fp[C], G1], gen)
var T = rng.random_point(ECP_ShortW_Prj[Fp2[C], G2], randZ, gen)
let Q = rng.random_point(ECP_ShortW_Prj[Fp2[C], G2], randZ, gen)
var l: Line[Fp2[C]]
var T2: typeof(Q)
@ -91,15 +91,15 @@ suite "Pairing - Line Functions on BLS12-377" & " [" & $WordBitwidth & "-bit mod
test "Line add - lt,q(P)":
proc test_line_add(C: static Curve, randZ: bool, gen: RandomGen) =
for _ in 0 ..< Iters:
let P = rng.random_point(ECP_ShortW_Aff[Fp[C], NotOnTwist], gen)
let Q = rng.random_point(ECP_ShortW_Prj[Fp2[C], OnTwist], randZ, gen)
var T = rng.random_point(ECP_ShortW_Prj[Fp2[C], OnTwist], randZ, gen)
let P = rng.random_point(ECP_ShortW_Aff[Fp[C], G1], gen)
let Q = rng.random_point(ECP_ShortW_Prj[Fp2[C], G2], randZ, gen)
var T = rng.random_point(ECP_ShortW_Prj[Fp2[C], G2], randZ, gen)
var l: Line[Fp2[C]]
var TQ{.noInit.}: typeof(T)
TQ.sum(T, Q)
var Qaff{.noInit.}: ECP_ShortW_Aff[Fp2[C], OnTwist]
var Qaff{.noInit.}: ECP_ShortW_Aff[Fp2[C], G2]
Qaff.affineFromProjective(Q)
l.line_add(T, Qaff, P)

4
tests/t_pairing_bls12_377_optate.nim
View File

@ -15,7 +15,7 @@ import
runPairingTests(
4, BLS12_377,
G1 = ECP_ShortW_Prj[Fp[BLS12_377], NotOnTwist],
G2 = ECP_ShortW_Prj[Fp2[BLS12_377], OnTwist],
G1 = ECP_ShortW_Prj[Fp[BLS12_377], G1],
G2 = ECP_ShortW_Prj[Fp2[BLS12_377], G2],
GT = Fp12[BLS12_377],
pairing_bls12)

14
tests/t_pairing_bls12_381_line_functions.nim
View File

@ -69,9 +69,9 @@ suite "Pairing - Line Functions on BLS12-381" & " [" & $WordBitwidth & "-bit mod
test "Line double - lt,t(P)":
proc test_line_double(C: static Curve, randZ: bool, gen: RandomGen) =
for _ in 0 ..< Iters:
let P = rng.random_point(ECP_ShortW_Aff[Fp[C], NotOnTwist], gen)
var T = rng.random_point(ECP_ShortW_Prj[Fp2[C], OnTwist], randZ, gen)
let Q = rng.random_point(ECP_ShortW_Prj[Fp2[C], OnTwist], randZ, gen)
let P = rng.random_point(ECP_ShortW_Aff[Fp[C], G1], gen)
var T = rng.random_point(ECP_ShortW_Prj[Fp2[C], G2], randZ, gen)
let Q = rng.random_point(ECP_ShortW_Prj[Fp2[C], G2], randZ, gen)
var l: Line[Fp2[C]]
var T2: typeof(Q)
@ -91,15 +91,15 @@ suite "Pairing - Line Functions on BLS12-381" & " [" & $WordBitwidth & "-bit mod
test "Line add - lt,q(P)":
proc test_line_add(C: static Curve, randZ: bool, gen: RandomGen) =
for _ in 0 ..< Iters:
let P = rng.random_point(ECP_ShortW_Aff[Fp[C], NotOnTwist], gen)
let Q = rng.random_point(ECP_ShortW_Prj[Fp2[C], OnTwist], randZ, gen)
var T = rng.random_point(ECP_ShortW_Prj[Fp2[C], OnTwist], randZ, gen)
let P = rng.random_point(ECP_ShortW_Aff[Fp[C], G1], gen)
let Q = rng.random_point(ECP_ShortW_Prj[Fp2[C], G2], randZ, gen)
var T = rng.random_point(ECP_ShortW_Prj[Fp2[C], G2], randZ, gen)
var l: Line[Fp2[C]]
var TQ{.noInit.}: typeof(T)
TQ.sum(T, Q)
var Qaff{.noInit.}: ECP_ShortW_Aff[Fp2[C], OnTwist]
var Qaff{.noInit.}: ECP_ShortW_Aff[Fp2[C], G2]
Qaff.affineFromProjective(Q)
l.line_add(T, Qaff, P)

4
tests/t_pairing_bls12_381_multi.nim
View File

@ -32,8 +32,8 @@ echo "test_pairing_bls12_381_multi xoshiro512** seed: ", timeseed
proc testMultiPairing(rng: var RngState, N: static int) =
var
Ps {.noInit.}: array[N, ECP_ShortW_Aff[Fp[BLS12_381], NotOnTwist]]
Qs {.noInit.}: array[N, ECP_ShortW_Aff[Fp2[BLS12_381], OnTwist]]
Ps {.noInit.}: array[N, ECP_ShortW_Aff[Fp[BLS12_381], G1]]
Qs {.noInit.}: array[N, ECP_ShortW_Aff[Fp2[BLS12_381], G2]]
GTs {.noInit.}: array[N, Fp12[BLS12_381]]

4
tests/t_pairing_bls12_381_optate.nim
View File

@ -15,7 +15,7 @@ import
runPairingTests(
4, BLS12_381,
G1 = ECP_ShortW_Prj[Fp[BLS12_381], NotOnTwist],
G2 = ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist],
G1 = ECP_ShortW_Prj[Fp[BLS12_381], G1],
G2 = ECP_ShortW_Prj[Fp2[BLS12_381], G2],
GT = Fp12[BLS12_381],
pairing_bls12)

4
tests/t_pairing_bn254_nogami_optate.nim
View File

@ -15,7 +15,7 @@ import
runPairingTests(
4, BN254_Nogami,
G1 = ECP_ShortW_Prj[Fp[BN254_Nogami], NotOnTwist],
G2 = ECP_ShortW_Prj[Fp2[BN254_Nogami], OnTwist],
G1 = ECP_ShortW_Prj[Fp[BN254_Nogami], G1],
G2 = ECP_ShortW_Prj[Fp2[BN254_Nogami], G2],
GT = Fp12[BN254_Nogami],
pairing_bn)

Some files were not shown because too many files have changed in this diff Show More