diff --git a/benchmarks/bench_ec_g1.nim b/benchmarks/bench_ec_g1.nim index 252a7b2..b1cf4a3 100644 --- a/benchmarks/bench_ec_g1.nim +++ b/benchmarks/bench_ec_g1.nim @@ -45,32 +45,32 @@ proc main() = separator() staticFor i, 0, AvailableCurves.len: const curve = AvailableCurves[i] - addBench(ECP_ShortW_Prj[Fp[curve], NotOnTwist], Iters) - addBench(ECP_ShortW_Jac[Fp[curve], NotOnTwist], Iters) - mixedAddBench(ECP_ShortW_Prj[Fp[curve], NotOnTwist], Iters) - mixedAddBench(ECP_ShortW_Jac[Fp[curve], NotOnTwist], Iters) - doublingBench(ECP_ShortW_Prj[Fp[curve], NotOnTwist], Iters) - doublingBench(ECP_ShortW_Jac[Fp[curve], NotOnTwist], Iters) + addBench(ECP_ShortW_Prj[Fp[curve], G1], Iters) + addBench(ECP_ShortW_Jac[Fp[curve], G1], Iters) + mixedAddBench(ECP_ShortW_Prj[Fp[curve], G1], Iters) + mixedAddBench(ECP_ShortW_Jac[Fp[curve], G1], Iters) + doublingBench(ECP_ShortW_Prj[Fp[curve], G1], Iters) + doublingBench(ECP_ShortW_Jac[Fp[curve], G1], Iters) separator() - affFromProjBench(ECP_ShortW_Prj[Fp[curve], NotOnTwist], MulIters) - affFromJacBench(ECP_ShortW_Jac[Fp[curve], NotOnTwist], MulIters) + affFromProjBench(ECP_ShortW_Prj[Fp[curve], G1], MulIters) + affFromJacBench(ECP_ShortW_Jac[Fp[curve], G1], MulIters) separator() - scalarMulUnsafeDoubleAddBench(ECP_ShortW_Prj[Fp[curve], NotOnTwist], MulIters) - scalarMulUnsafeDoubleAddBench(ECP_ShortW_Jac[Fp[curve], NotOnTwist], MulIters) + scalarMulUnsafeDoubleAddBench(ECP_ShortW_Prj[Fp[curve], G1], MulIters) + scalarMulUnsafeDoubleAddBench(ECP_ShortW_Jac[Fp[curve], G1], MulIters) separator() - scalarMulGenericBench(ECP_ShortW_Prj[Fp[curve], NotOnTwist], window = 2, MulIters) - scalarMulGenericBench(ECP_ShortW_Prj[Fp[curve], NotOnTwist], window = 3, MulIters) - scalarMulGenericBench(ECP_ShortW_Prj[Fp[curve], NotOnTwist], window = 4, MulIters) - scalarMulGenericBench(ECP_ShortW_Prj[Fp[curve], NotOnTwist], window = 5, MulIters) - scalarMulGenericBench(ECP_ShortW_Jac[Fp[curve], NotOnTwist], window = 2, MulIters) - scalarMulGenericBench(ECP_ShortW_Jac[Fp[curve], NotOnTwist], window = 3, MulIters) - scalarMulGenericBench(ECP_ShortW_Jac[Fp[curve], NotOnTwist], window = 4, MulIters) - scalarMulGenericBench(ECP_ShortW_Jac[Fp[curve], NotOnTwist], window = 5, MulIters) + scalarMulGenericBench(ECP_ShortW_Prj[Fp[curve], G1], window = 2, MulIters) + scalarMulGenericBench(ECP_ShortW_Prj[Fp[curve], G1], window = 3, MulIters) + scalarMulGenericBench(ECP_ShortW_Prj[Fp[curve], G1], window = 4, MulIters) + scalarMulGenericBench(ECP_ShortW_Prj[Fp[curve], G1], window = 5, MulIters) + scalarMulGenericBench(ECP_ShortW_Jac[Fp[curve], G1], window = 2, MulIters) + scalarMulGenericBench(ECP_ShortW_Jac[Fp[curve], G1], window = 3, MulIters) + scalarMulGenericBench(ECP_ShortW_Jac[Fp[curve], G1], window = 4, MulIters) + scalarMulGenericBench(ECP_ShortW_Jac[Fp[curve], G1], window = 5, MulIters) separator() - scalarMulEndo(ECP_ShortW_Prj[Fp[curve], NotOnTwist], MulIters) - scalarMulEndoWindow(ECP_ShortW_Prj[Fp[curve], NotOnTwist], MulIters) - scalarMulEndo(ECP_ShortW_Jac[Fp[curve], NotOnTwist], MulIters) - scalarMulEndoWindow(ECP_ShortW_Jac[Fp[curve], NotOnTwist], MulIters) + scalarMulEndo(ECP_ShortW_Prj[Fp[curve], G1], MulIters) + scalarMulEndoWindow(ECP_ShortW_Prj[Fp[curve], G1], MulIters) + scalarMulEndo(ECP_ShortW_Jac[Fp[curve], G1], MulIters) + scalarMulEndoWindow(ECP_ShortW_Jac[Fp[curve], G1], MulIters) separator() separator() diff --git a/benchmarks/bench_ec_g2.nim b/benchmarks/bench_ec_g2.nim index 929b2df..b332747 100644 --- a/benchmarks/bench_ec_g2.nim +++ b/benchmarks/bench_ec_g2.nim @@ -46,30 +46,30 @@ proc main() = separator() staticFor i, 0, AvailableCurves.len: const curve = AvailableCurves[i] - addBench(ECP_ShortW_Prj[Fp2[curve], OnTwist], Iters) - addBench(ECP_ShortW_Jac[Fp2[curve], OnTwist], Iters) - mixedAddBench(ECP_ShortW_Prj[Fp2[curve], OnTwist], Iters) - mixedAddBench(ECP_ShortW_Jac[Fp2[curve], OnTwist], Iters) - doublingBench(ECP_ShortW_Prj[Fp2[curve], OnTwist], Iters) - doublingBench(ECP_ShortW_Jac[Fp2[curve], OnTwist], Iters) + addBench(ECP_ShortW_Prj[Fp2[curve], G2], Iters) + addBench(ECP_ShortW_Jac[Fp2[curve], G2], Iters) + mixedAddBench(ECP_ShortW_Prj[Fp2[curve], G2], Iters) + mixedAddBench(ECP_ShortW_Jac[Fp2[curve], G2], Iters) + doublingBench(ECP_ShortW_Prj[Fp2[curve], G2], Iters) + doublingBench(ECP_ShortW_Jac[Fp2[curve], G2], Iters) separator() - affFromProjBench(ECP_ShortW_Prj[Fp2[curve], OnTwist], MulIters) - affFromJacBench(ECP_ShortW_Jac[Fp2[curve], OnTwist], MulIters) + affFromProjBench(ECP_ShortW_Prj[Fp2[curve], G2], MulIters) + affFromJacBench(ECP_ShortW_Jac[Fp2[curve], G2], MulIters) separator() - scalarMulUnsafeDoubleAddBench(ECP_ShortW_Prj[Fp2[curve], OnTwist], MulIters) - scalarMulUnsafeDoubleAddBench(ECP_ShortW_Jac[Fp2[curve], OnTwist], MulIters) + scalarMulUnsafeDoubleAddBench(ECP_ShortW_Prj[Fp2[curve], G2], MulIters) + scalarMulUnsafeDoubleAddBench(ECP_ShortW_Jac[Fp2[curve], G2], MulIters) separator() - scalarMulGenericBench(ECP_ShortW_Prj[Fp2[curve], OnTwist], window = 2, MulIters) - scalarMulGenericBench(ECP_ShortW_Prj[Fp2[curve], OnTwist], window = 3, MulIters) - scalarMulGenericBench(ECP_ShortW_Prj[Fp2[curve], OnTwist], window = 4, MulIters) - scalarMulGenericBench(ECP_ShortW_Prj[Fp2[curve], OnTwist], window = 5, MulIters) - scalarMulGenericBench(ECP_ShortW_Jac[Fp2[curve], OnTwist], window = 2, MulIters) - scalarMulGenericBench(ECP_ShortW_Jac[Fp2[curve], OnTwist], window = 3, MulIters) - scalarMulGenericBench(ECP_ShortW_Jac[Fp2[curve], OnTwist], window = 4, MulIters) - scalarMulGenericBench(ECP_ShortW_Jac[Fp2[curve], OnTwist], window = 5, MulIters) + scalarMulGenericBench(ECP_ShortW_Prj[Fp2[curve], G2], window = 2, MulIters) + scalarMulGenericBench(ECP_ShortW_Prj[Fp2[curve], G2], window = 3, MulIters) + scalarMulGenericBench(ECP_ShortW_Prj[Fp2[curve], G2], window = 4, MulIters) + scalarMulGenericBench(ECP_ShortW_Prj[Fp2[curve], G2], window = 5, MulIters) + scalarMulGenericBench(ECP_ShortW_Jac[Fp2[curve], G2], window = 2, MulIters) + scalarMulGenericBench(ECP_ShortW_Jac[Fp2[curve], G2], window = 3, MulIters) + scalarMulGenericBench(ECP_ShortW_Jac[Fp2[curve], G2], window = 4, MulIters) + scalarMulGenericBench(ECP_ShortW_Jac[Fp2[curve], G2], window = 5, MulIters) separator() - scalarMulEndo(ECP_ShortW_Prj[Fp2[curve], OnTwist], MulIters) - scalarMulEndo(ECP_ShortW_Jac[Fp2[curve], OnTwist], MulIters) + scalarMulEndo(ECP_ShortW_Prj[Fp2[curve], G2], MulIters) + scalarMulEndo(ECP_ShortW_Jac[Fp2[curve], G2], MulIters) separator() separator() diff --git a/benchmarks/bench_elliptic_template.nim b/benchmarks/bench_elliptic_template.nim index 9fef4ec..835b028 100644 --- a/benchmarks/bench_elliptic_template.nim +++ b/benchmarks/bench_elliptic_template.nim @@ -67,7 +67,7 @@ proc mixedAddBench*(T: typedesc, iters: int) = var r {.noInit.}: T let P = rng.random_unsafe(T) let Q = rng.random_unsafe(T) - var Qaff: ECP_ShortW_Aff[T.F, T.Tw] + var Qaff: ECP_ShortW_Aff[T.F, T.G] when Q is ECP_ShortW_Prj: Qaff.affineFromProjective(Q) else: @@ -84,14 +84,14 @@ proc doublingBench*(T: typedesc, iters: int) = proc affFromProjBench*(T: typedesc, iters: int) = const G1_or_G2 = when T.F is Fp: "G1" else: "G2" - var r {.noInit.}: ECP_ShortW_Aff[T.F, T.Tw] + var r {.noInit.}: ECP_ShortW_Aff[T.F, T.G] let P = rng.random_unsafe(T) bench("EC Projective to Affine " & G1_or_G2, T, iters): r.affineFromProjective(P) proc affFromJacBench*(T: typedesc, iters: int) = const G1_or_G2 = when T.F is Fp: "G1" else: "G2" - var r {.noInit.}: ECP_ShortW_Aff[T.F, T.Tw] + var r {.noInit.}: ECP_ShortW_Aff[T.F, T.G] let P = rng.random_unsafe(T) bench("EC Jacobian to Affine " & G1_or_G2, T, iters): r.affineFromJacobian(P) diff --git a/benchmarks/bench_hash_to_curve.nim b/benchmarks/bench_hash_to_curve.nim index bd67256..ffa429b 100644 --- a/benchmarks/bench_hash_to_curve.nim +++ b/benchmarks/bench_hash_to_curve.nim @@ -37,7 +37,7 @@ proc bench_BLS12_381_hash_to_G2(iters: int) = const dst = "BLS_SIG_BLS12381G2-SHA256-SSWU-RO_POP_" let msg = "Mr F was here" - var P: ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist] + var P: ECP_ShortW_Prj[Fp2[BLS12_381], G2] bench("Hash to G2 (Draft #11)", BLS12_381, iters): sha256.hashToCurve( @@ -52,8 +52,8 @@ proc bench_BLS12_381_proj_aff_conversion(iters: int) = const dst = "BLS_SIG_BLS12381G2-SHA256-SSWU-RO_POP_" let msg = "Mr F was here" - var P: ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist] - var Paff: ECP_ShortW_Aff[Fp2[BLS12_381], OnTwist] + var P: ECP_ShortW_Prj[Fp2[BLS12_381], G2] + var Paff: ECP_ShortW_Aff[Fp2[BLS12_381], G2] sha256.hashToCurve( k = 128, diff --git a/benchmarks/bench_pairing_template.nim b/benchmarks/bench_pairing_template.nim index 65c6715..2f66548 100644 --- a/benchmarks/bench_pairing_template.nim +++ b/benchmarks/bench_pairing_template.nim @@ -48,10 +48,10 @@ template bench(op: string, C: static Curve, iters: int, body: untyped): untyped measure(iters, startTime, stopTime, startClk, stopClk, body) report(op, $C, startTime, stopTime, startClk, stopClk, iters) -func clearCofactorReference[F; Tw: static Twisted]( - ec: var ECP_ShortW_Aff[F, Tw]) = +func clearCofactorReference[F; G: static Subgroup]( + ec: var ECP_ShortW_Aff[F, G]) = # For now we don't have any affine operation defined - var t {.noInit.}: ECP_ShortW_Prj[F, Tw] + var t {.noInit.}: ECP_ShortW_Prj[F, G] t.projectiveFromAffine(ec) t.clearCofactorReference() ec.affineFromProjective(t) @@ -62,24 +62,24 @@ func random_point*(rng: var RngState, EC: typedesc): EC {.noInit.} = proc lineDoubleBench*(C: static Curve, iters: int) = var line: Line[Fp2[C]] - var T = rng.random_point(ECP_ShortW_Prj[Fp2[C], OnTwist]) - let P = rng.random_point(ECP_ShortW_Aff[Fp[C], NotOnTwist]) + var T = rng.random_point(ECP_ShortW_Prj[Fp2[C], G2]) + let P = rng.random_point(ECP_ShortW_Aff[Fp[C], G1]) bench("Line double", C, iters): line.line_double(T, P) proc lineAddBench*(C: static Curve, iters: int) = var line: Line[Fp2[C]] - var T = rng.random_point(ECP_ShortW_Prj[Fp2[C], OnTwist]) + var T = rng.random_point(ECP_ShortW_Prj[Fp2[C], G2]) let - P = rng.random_point(ECP_ShortW_Aff[Fp[C], NotOnTwist]) - Q = rng.random_point(ECP_ShortW_Aff[Fp2[C], OnTwist]) + P = rng.random_point(ECP_ShortW_Aff[Fp[C], G1]) + Q = rng.random_point(ECP_ShortW_Aff[Fp2[C], G2]) bench("Line add", C, iters): line.line_add(T, Q, P) proc mulFp12byLine_xyz000_Bench*(C: static Curve, iters: int) = var line: Line[Fp2[C]] - var T = rng.random_point(ECP_ShortW_Prj[Fp2[C], OnTwist]) - let P = rng.random_point(ECP_ShortW_Aff[Fp[C], NotOnTwist]) + var T = rng.random_point(ECP_ShortW_Prj[Fp2[C], G2]) + let P = rng.random_point(ECP_ShortW_Aff[Fp[C], G1]) line.line_double(T, P) var f = rng.random_unsafe(Fp12[C]) @@ -88,8 +88,8 @@ proc mulFp12byLine_xyz000_Bench*(C: static Curve, iters: int) = proc mulFp12byLine_xy000z_Bench*(C: static Curve, iters: int) = var line: Line[Fp2[C]] - var T = rng.random_point(ECP_ShortW_Prj[Fp2[C], OnTwist]) - let P = rng.random_point(ECP_ShortW_Aff[Fp[C], NotOnTwist]) + var T = rng.random_point(ECP_ShortW_Prj[Fp2[C], G2]) + let P = rng.random_point(ECP_ShortW_Aff[Fp[C], G1]) line.line_double(T, P) var f = rng.random_unsafe(Fp12[C]) @@ -98,8 +98,8 @@ proc mulFp12byLine_xy000z_Bench*(C: static Curve, iters: int) = proc mulLinebyLine_xyz000_Bench*(C: static Curve, iters: int) = var l0, l1: Line[Fp2[C]] - var T = rng.random_point(ECP_ShortW_Prj[Fp2[C], OnTwist]) - let P = rng.random_point(ECP_ShortW_Aff[Fp[C], NotOnTwist]) + var T = rng.random_point(ECP_ShortW_Prj[Fp2[C], G2]) + let P = rng.random_point(ECP_ShortW_Aff[Fp[C], G1]) l0.line_double(T, P) l1.line_double(T, P) var f = rng.random_unsafe(Fp12[C]) @@ -109,8 +109,8 @@ proc mulLinebyLine_xyz000_Bench*(C: static Curve, iters: int) = proc mulLinebyLine_xy000z_Bench*(C: static Curve, iters: int) = var l0, l1: Line[Fp2[C]] - var T = rng.random_point(ECP_ShortW_Prj[Fp2[C], OnTwist]) - let P = rng.random_point(ECP_ShortW_Aff[Fp[C], NotOnTwist]) + var T = rng.random_point(ECP_ShortW_Prj[Fp2[C], G2]) + let P = rng.random_point(ECP_ShortW_Aff[Fp[C], G1]) l0.line_double(T, P) l1.line_double(T, P) var f = rng.random_unsafe(Fp12[C]) @@ -134,8 +134,8 @@ proc mulFp12by_abcd00efghij_Bench*(C: static Curve, iters: int) = proc mulFp12_by_2lines_v1_xyz000_Bench*(C: static Curve, iters: int) = var l0, l1: Line[Fp2[C]] - var T = rng.random_point(ECP_ShortW_Prj[Fp2[C], OnTwist]) - let P = rng.random_point(ECP_ShortW_Aff[Fp[C], NotOnTwist]) + var T = rng.random_point(ECP_ShortW_Prj[Fp2[C], G2]) + let P = rng.random_point(ECP_ShortW_Aff[Fp[C], G1]) l0.line_double(T, P) l1.line_double(T, P) var f = rng.random_unsafe(Fp12[C]) @@ -146,8 +146,8 @@ proc mulFp12_by_2lines_v1_xyz000_Bench*(C: static Curve, iters: int) = proc mulFp12_by_2lines_v2_xyz000_Bench*(C: static Curve, iters: int) = var l0, l1: Line[Fp2[C]] - var T = rng.random_point(ECP_ShortW_Prj[Fp2[C], OnTwist]) - let P = rng.random_point(ECP_ShortW_Aff[Fp[C], NotOnTwist]) + var T = rng.random_point(ECP_ShortW_Prj[Fp2[C], G2]) + let P = rng.random_point(ECP_ShortW_Aff[Fp[C], G1]) l0.line_double(T, P) l1.line_double(T, P) var f = rng.random_unsafe(Fp12[C]) @@ -159,8 +159,8 @@ proc mulFp12_by_2lines_v2_xyz000_Bench*(C: static Curve, iters: int) = proc mulFp12_by_2lines_v1_xy000z_Bench*(C: static Curve, iters: int) = var l0, l1: Line[Fp2[C]] - var T = rng.random_point(ECP_ShortW_Prj[Fp2[C], OnTwist]) - let P = rng.random_point(ECP_ShortW_Aff[Fp[C], NotOnTwist]) + var T = rng.random_point(ECP_ShortW_Prj[Fp2[C], G2]) + let P = rng.random_point(ECP_ShortW_Aff[Fp[C], G1]) l0.line_double(T, P) l1.line_double(T, P) var f = rng.random_unsafe(Fp12[C]) @@ -171,8 +171,8 @@ proc mulFp12_by_2lines_v1_xy000z_Bench*(C: static Curve, iters: int) = proc mulFp12_by_2lines_v2_xy000z_Bench*(C: static Curve, iters: int) = var l0, l1: Line[Fp2[C]] - var T = rng.random_point(ECP_ShortW_Prj[Fp2[C], OnTwist]) - let P = rng.random_point(ECP_ShortW_Aff[Fp[C], NotOnTwist]) + var T = rng.random_point(ECP_ShortW_Prj[Fp2[C], G2]) + let P = rng.random_point(ECP_ShortW_Aff[Fp[C], G1]) l0.line_double(T, P) l1.line_double(T, P) var f = rng.random_unsafe(Fp12[C]) @@ -184,8 +184,8 @@ proc mulFp12_by_2lines_v2_xy000z_Bench*(C: static Curve, iters: int) = proc millerLoopBLS12Bench*(C: static Curve, iters: int) = let - P = rng.random_point(ECP_ShortW_Aff[Fp[C], NotOnTwist]) - Q = rng.random_point(ECP_ShortW_Aff[Fp2[C], OnTwist]) + P = rng.random_point(ECP_ShortW_Aff[Fp[C], G1]) + Q = rng.random_point(ECP_ShortW_Aff[Fp2[C], G2]) var f: Fp12[C] bench("Miller Loop BLS12", C, iters): @@ -193,8 +193,8 @@ proc millerLoopBLS12Bench*(C: static Curve, iters: int) = proc millerLoopBNBench*(C: static Curve, iters: int) = let - P = rng.random_point(ECP_ShortW_Aff[Fp[C], NotOnTwist]) - Q = rng.random_point(ECP_ShortW_Aff[Fp2[C], OnTwist]) + P = rng.random_point(ECP_ShortW_Aff[Fp[C], G1]) + Q = rng.random_point(ECP_ShortW_Aff[Fp2[C], G2]) var f: Fp12[C] bench("Miller Loop BN", C, iters): @@ -231,8 +231,8 @@ proc finalExpBNBench*(C: static Curve, iters: int) = proc pairingBLS12Bench*(C: static Curve, iters: int) = let - P = rng.random_point(ECP_ShortW_Aff[Fp[C], NotOnTwist]) - Q = rng.random_point(ECP_ShortW_Aff[Fp2[C], OnTwist]) + P = rng.random_point(ECP_ShortW_Aff[Fp[C], G1]) + Q = rng.random_point(ECP_ShortW_Aff[Fp2[C], G2]) var f: Fp12[C] bench("Pairing BLS12", C, iters): @@ -240,12 +240,12 @@ proc pairingBLS12Bench*(C: static Curve, iters: int) = proc pairing_multisingle_BLS12Bench*(C: static Curve, N: static int, iters: int) = let - P = rng.random_point(ECP_ShortW_Aff[Fp[C], NotOnTwist]) - Q = rng.random_point(ECP_ShortW_Aff[Fp2[C], OnTwist]) + P = rng.random_point(ECP_ShortW_Aff[Fp[C], G1]) + Q = rng.random_point(ECP_ShortW_Aff[Fp2[C], G2]) var - Ps {.noInit.}: array[N, ECP_ShortW_Aff[Fp[C], NotOnTwist]] - Qs {.noInit.}: array[N, ECP_ShortW_Aff[Fp2[C], OnTwist]] + Ps {.noInit.}: array[N, ECP_ShortW_Aff[Fp[C], G1]] + Qs {.noInit.}: array[N, ECP_ShortW_Aff[Fp2[C], G2]] GTs {.noInit.}: array[N, Fp12[C]] @@ -264,8 +264,8 @@ proc pairing_multisingle_BLS12Bench*(C: static Curve, N: static int, iters: int) proc pairing_multipairing_BLS12Bench*(C: static Curve, N: static int, iters: int) = var - Ps {.noInit.}: array[N, ECP_ShortW_Aff[Fp[C], NotOnTwist]] - Qs {.noInit.}: array[N, ECP_ShortW_Aff[Fp2[C], OnTwist]] + Ps {.noInit.}: array[N, ECP_ShortW_Aff[Fp[C], G1]] + Qs {.noInit.}: array[N, ECP_ShortW_Aff[Fp2[C], G2]] for i in 0 ..< N: Ps[i] = rng.random_unsafe(typeof(Ps[0])) @@ -277,8 +277,8 @@ proc pairing_multipairing_BLS12Bench*(C: static Curve, N: static int, iters: int proc pairingBNBench*(C: static Curve, iters: int) = let - P = rng.random_point(ECP_ShortW_Aff[Fp[C], NotOnTwist]) - Q = rng.random_point(ECP_ShortW_Aff[Fp2[C], OnTwist]) + P = rng.random_point(ECP_ShortW_Aff[Fp[C], G1]) + Q = rng.random_point(ECP_ShortW_Aff[Fp2[C], G2]) var f: Fp12[C] bench("Pairing BN", C, iters): diff --git a/benchmarks/bench_summary_bls12_377.nim b/benchmarks/bench_summary_bls12_377.nim index bd40c92..a06fb49 100644 --- a/benchmarks/bench_summary_bls12_377.nim +++ b/benchmarks/bench_summary_bls12_377.nim @@ -49,25 +49,25 @@ proc main() = invBench(Fp2[curve], Iters) sqrtBench(Fp2[curve], Iters) separator() - addBench(ECP_ShortW_Prj[Fp[curve], NotOnTwist], Iters) - mixedAddBench(ECP_ShortW_Prj[Fp[curve], NotOnTwist], Iters) - doublingBench(ECP_ShortW_Prj[Fp[curve], NotOnTwist], Iters) - scalarMulBench(ECP_ShortW_Prj[Fp[curve], NotOnTwist], Iters) + addBench(ECP_ShortW_Prj[Fp[curve], G1], Iters) + mixedAddBench(ECP_ShortW_Prj[Fp[curve], G1], Iters) + doublingBench(ECP_ShortW_Prj[Fp[curve], G1], Iters) + scalarMulBench(ECP_ShortW_Prj[Fp[curve], G1], Iters) separator() - addBench(ECP_ShortW_Jac[Fp[curve], NotOnTwist], Iters) - mixedAddBench(ECP_ShortW_Jac[Fp[curve], NotOnTwist], Iters) - doublingBench(ECP_ShortW_Jac[Fp[curve], NotOnTwist], Iters) - scalarMulBench(ECP_ShortW_Jac[Fp[curve], NotOnTwist], Iters) + addBench(ECP_ShortW_Jac[Fp[curve], G1], Iters) + mixedAddBench(ECP_ShortW_Jac[Fp[curve], G1], Iters) + doublingBench(ECP_ShortW_Jac[Fp[curve], G1], Iters) + scalarMulBench(ECP_ShortW_Jac[Fp[curve], G1], Iters) separator() - addBench(ECP_ShortW_Prj[Fp2[curve], OnTwist], Iters) - mixedAddBench(ECP_ShortW_Prj[Fp2[curve], OnTwist], Iters) - doublingBench(ECP_ShortW_Prj[Fp2[curve], OnTwist], Iters) - scalarMulBench(ECP_ShortW_Prj[Fp2[curve], OnTwist], Iters) + addBench(ECP_ShortW_Prj[Fp2[curve], G2], Iters) + mixedAddBench(ECP_ShortW_Prj[Fp2[curve], G2], Iters) + doublingBench(ECP_ShortW_Prj[Fp2[curve], G2], Iters) + scalarMulBench(ECP_ShortW_Prj[Fp2[curve], G2], Iters) separator() - addBench(ECP_ShortW_Jac[Fp2[curve], OnTwist], Iters) - mixedAddBench(ECP_ShortW_Jac[Fp2[curve], OnTwist], Iters) - doublingBench(ECP_ShortW_Jac[Fp2[curve], OnTwist], Iters) - scalarMulBench(ECP_ShortW_Jac[Fp2[curve], OnTwist], Iters) + addBench(ECP_ShortW_Jac[Fp2[curve], G2], Iters) + mixedAddBench(ECP_ShortW_Jac[Fp2[curve], G2], Iters) + doublingBench(ECP_ShortW_Jac[Fp2[curve], G2], Iters) + scalarMulBench(ECP_ShortW_Jac[Fp2[curve], G2], Iters) separator() mulBench(Fp12[curve], Iters) sqrBench(Fp12[curve], Iters) diff --git a/benchmarks/bench_summary_bls12_381.nim b/benchmarks/bench_summary_bls12_381.nim index a200b90..09de80e 100644 --- a/benchmarks/bench_summary_bls12_381.nim +++ b/benchmarks/bench_summary_bls12_381.nim @@ -49,25 +49,25 @@ proc main() = invBench(Fp2[curve], Iters) sqrtBench(Fp2[curve], Iters) separator() - addBench(ECP_ShortW_Prj[Fp[curve], NotOnTwist], Iters) - mixedAddBench(ECP_ShortW_Prj[Fp[curve], NotOnTwist], Iters) - doublingBench(ECP_ShortW_Prj[Fp[curve], NotOnTwist], Iters) - scalarMulBench(ECP_ShortW_Prj[Fp[curve], NotOnTwist], Iters) + addBench(ECP_ShortW_Prj[Fp[curve], G1], Iters) + mixedAddBench(ECP_ShortW_Prj[Fp[curve], G1], Iters) + doublingBench(ECP_ShortW_Prj[Fp[curve], G1], Iters) + scalarMulBench(ECP_ShortW_Prj[Fp[curve], G1], Iters) separator() - addBench(ECP_ShortW_Jac[Fp[curve], NotOnTwist], Iters) - mixedAddBench(ECP_ShortW_Jac[Fp[curve], NotOnTwist], Iters) - doublingBench(ECP_ShortW_Jac[Fp[curve], NotOnTwist], Iters) - scalarMulBench(ECP_ShortW_Jac[Fp[curve], NotOnTwist], Iters) + addBench(ECP_ShortW_Jac[Fp[curve], G1], Iters) + mixedAddBench(ECP_ShortW_Jac[Fp[curve], G1], Iters) + doublingBench(ECP_ShortW_Jac[Fp[curve], G1], Iters) + scalarMulBench(ECP_ShortW_Jac[Fp[curve], G1], Iters) separator() - addBench(ECP_ShortW_Prj[Fp2[curve], OnTwist], Iters) - mixedAddBench(ECP_ShortW_Prj[Fp2[curve], OnTwist], Iters) - doublingBench(ECP_ShortW_Prj[Fp2[curve], OnTwist], Iters) - scalarMulBench(ECP_ShortW_Prj[Fp2[curve], OnTwist], Iters) + addBench(ECP_ShortW_Prj[Fp2[curve], G2], Iters) + mixedAddBench(ECP_ShortW_Prj[Fp2[curve], G2], Iters) + doublingBench(ECP_ShortW_Prj[Fp2[curve], G2], Iters) + scalarMulBench(ECP_ShortW_Prj[Fp2[curve], G2], Iters) separator() - addBench(ECP_ShortW_Jac[Fp2[curve], OnTwist], Iters) - mixedAddBench(ECP_ShortW_Jac[Fp2[curve], OnTwist], Iters) - doublingBench(ECP_ShortW_Jac[Fp2[curve], OnTwist], Iters) - scalarMulBench(ECP_ShortW_Jac[Fp2[curve], OnTwist], Iters) + addBench(ECP_ShortW_Jac[Fp2[curve], G2], Iters) + mixedAddBench(ECP_ShortW_Jac[Fp2[curve], G2], Iters) + doublingBench(ECP_ShortW_Jac[Fp2[curve], G2], Iters) + scalarMulBench(ECP_ShortW_Jac[Fp2[curve], G2], Iters) separator() mulBench(Fp12[curve], Iters) sqrBench(Fp12[curve], Iters) diff --git a/benchmarks/bench_summary_bn254_nogami.nim b/benchmarks/bench_summary_bn254_nogami.nim index 0f70852..1f85d02 100644 --- a/benchmarks/bench_summary_bn254_nogami.nim +++ b/benchmarks/bench_summary_bn254_nogami.nim @@ -49,25 +49,25 @@ proc main() = invBench(Fp2[curve], Iters) sqrtBench(Fp2[curve], Iters) separator() - addBench(ECP_ShortW_Prj[Fp[curve], NotOnTwist], Iters) - mixedAddBench(ECP_ShortW_Prj[Fp[curve], NotOnTwist], Iters) - doublingBench(ECP_ShortW_Prj[Fp[curve], NotOnTwist], Iters) - scalarMulBench(ECP_ShortW_Prj[Fp[curve], NotOnTwist], Iters) + addBench(ECP_ShortW_Prj[Fp[curve], G1], Iters) + mixedAddBench(ECP_ShortW_Prj[Fp[curve], G1], Iters) + doublingBench(ECP_ShortW_Prj[Fp[curve], G1], Iters) + scalarMulBench(ECP_ShortW_Prj[Fp[curve], G1], Iters) separator() - addBench(ECP_ShortW_Jac[Fp[curve], NotOnTwist], Iters) - mixedAddBench(ECP_ShortW_Jac[Fp[curve], NotOnTwist], Iters) - doublingBench(ECP_ShortW_Jac[Fp[curve], NotOnTwist], Iters) - scalarMulBench(ECP_ShortW_Jac[Fp[curve], NotOnTwist], Iters) + addBench(ECP_ShortW_Jac[Fp[curve], G1], Iters) + mixedAddBench(ECP_ShortW_Jac[Fp[curve], G1], Iters) + doublingBench(ECP_ShortW_Jac[Fp[curve], G1], Iters) + scalarMulBench(ECP_ShortW_Jac[Fp[curve], G1], Iters) separator() - addBench(ECP_ShortW_Prj[Fp2[curve], OnTwist], Iters) - mixedAddBench(ECP_ShortW_Prj[Fp2[curve], OnTwist], Iters) - doublingBench(ECP_ShortW_Prj[Fp2[curve], OnTwist], Iters) - scalarMulBench(ECP_ShortW_Prj[Fp2[curve], OnTwist], Iters) + addBench(ECP_ShortW_Prj[Fp2[curve], G2], Iters) + mixedAddBench(ECP_ShortW_Prj[Fp2[curve], G2], Iters) + doublingBench(ECP_ShortW_Prj[Fp2[curve], G2], Iters) + scalarMulBench(ECP_ShortW_Prj[Fp2[curve], G2], Iters) separator() - addBench(ECP_ShortW_Jac[Fp2[curve], OnTwist], Iters) - mixedAddBench(ECP_ShortW_Jac[Fp2[curve], OnTwist], Iters) - doublingBench(ECP_ShortW_Jac[Fp2[curve], OnTwist], Iters) - scalarMulBench(ECP_ShortW_Jac[Fp2[curve], OnTwist], Iters) + addBench(ECP_ShortW_Jac[Fp2[curve], G2], Iters) + mixedAddBench(ECP_ShortW_Jac[Fp2[curve], G2], Iters) + doublingBench(ECP_ShortW_Jac[Fp2[curve], G2], Iters) + scalarMulBench(ECP_ShortW_Jac[Fp2[curve], G2], Iters) separator() mulBench(Fp12[curve], Iters) sqrBench(Fp12[curve], Iters) diff --git a/benchmarks/bench_summary_bn254_snarks.nim b/benchmarks/bench_summary_bn254_snarks.nim index fc6a800..ae7741c 100644 --- a/benchmarks/bench_summary_bn254_snarks.nim +++ b/benchmarks/bench_summary_bn254_snarks.nim @@ -49,25 +49,25 @@ proc main() = invBench(Fp2[curve], Iters) sqrtBench(Fp2[curve], Iters) separator() - addBench(ECP_ShortW_Prj[Fp[curve], NotOnTwist], Iters) - mixedAddBench(ECP_ShortW_Prj[Fp[curve], NotOnTwist], Iters) - doublingBench(ECP_ShortW_Prj[Fp[curve], NotOnTwist], Iters) - scalarMulBench(ECP_ShortW_Prj[Fp[curve], NotOnTwist], Iters) + addBench(ECP_ShortW_Prj[Fp[curve], G1], Iters) + mixedAddBench(ECP_ShortW_Prj[Fp[curve], G1], Iters) + doublingBench(ECP_ShortW_Prj[Fp[curve], G1], Iters) + scalarMulBench(ECP_ShortW_Prj[Fp[curve], G1], Iters) separator() - addBench(ECP_ShortW_Jac[Fp[curve], NotOnTwist], Iters) - mixedAddBench(ECP_ShortW_Jac[Fp[curve], NotOnTwist], Iters) - doublingBench(ECP_ShortW_Jac[Fp[curve], NotOnTwist], Iters) - scalarMulBench(ECP_ShortW_Jac[Fp[curve], NotOnTwist], Iters) + addBench(ECP_ShortW_Jac[Fp[curve], G1], Iters) + mixedAddBench(ECP_ShortW_Jac[Fp[curve], G1], Iters) + doublingBench(ECP_ShortW_Jac[Fp[curve], G1], Iters) + scalarMulBench(ECP_ShortW_Jac[Fp[curve], G1], Iters) separator() - addBench(ECP_ShortW_Prj[Fp2[curve], OnTwist], Iters) - mixedAddBench(ECP_ShortW_Prj[Fp2[curve], OnTwist], Iters) - doublingBench(ECP_ShortW_Prj[Fp2[curve], OnTwist], Iters) - scalarMulBench(ECP_ShortW_Prj[Fp2[curve], OnTwist], Iters) + addBench(ECP_ShortW_Prj[Fp2[curve], G2], Iters) + mixedAddBench(ECP_ShortW_Prj[Fp2[curve], G2], Iters) + doublingBench(ECP_ShortW_Prj[Fp2[curve], G2], Iters) + scalarMulBench(ECP_ShortW_Prj[Fp2[curve], G2], Iters) separator() - addBench(ECP_ShortW_Jac[Fp2[curve], OnTwist], Iters) - mixedAddBench(ECP_ShortW_Jac[Fp2[curve], OnTwist], Iters) - doublingBench(ECP_ShortW_Jac[Fp2[curve], OnTwist], Iters) - scalarMulBench(ECP_ShortW_Jac[Fp2[curve], OnTwist], Iters) + addBench(ECP_ShortW_Jac[Fp2[curve], G2], Iters) + mixedAddBench(ECP_ShortW_Jac[Fp2[curve], G2], Iters) + doublingBench(ECP_ShortW_Jac[Fp2[curve], G2], Iters) + scalarMulBench(ECP_ShortW_Jac[Fp2[curve], G2], Iters) separator() mulBench(Fp12[curve], Iters) sqrBench(Fp12[curve], Iters) diff --git a/benchmarks/bench_summary_template.nim b/benchmarks/bench_summary_template.nim index d33a72a..e1392a2 100644 --- a/benchmarks/bench_summary_template.nim +++ b/benchmarks/bench_summary_template.nim @@ -81,10 +81,10 @@ template bench(op: string, T: typed, iters: int, body: untyped): untyped = measure(iters, startTime, stopTime, startClk, stopClk, body) report(op, fixDisplay(T), startTime, stopTime, startClk, stopClk, iters) -func clearCofactorReference[F; Tw: static Twisted]( - ec: var ECP_ShortW_Aff[F, Tw]) = +func clearCofactorReference[F; G: static Subgroup]( + ec: var ECP_ShortW_Aff[F, G]) = # For now we don't have any affine operation defined - var t {.noInit.}: ECP_ShortW_Prj[F, Tw] + var t {.noInit.}: ECP_ShortW_Prj[F, G] t.projectiveFromAffine(ec) t.clearCofactorReference() ec.affineFromProjective(t) @@ -134,7 +134,7 @@ proc mixedAddBench*(T: typedesc, iters: int) = var r {.noInit.}: T let P = rng.random_unsafe(T) let Q = rng.random_unsafe(T) - var Qaff: ECP_ShortW_Aff[T.F, T.Tw] + var Qaff: ECP_ShortW_Aff[T.F, T.G] when Q is ECP_ShortW_Prj: Qaff.affineFromProjective(Q) else: @@ -166,8 +166,8 @@ proc scalarMulBench*(T: typedesc, iters: int) = proc millerLoopBLS12Bench*(C: static Curve, iters: int) = let - P = rng.random_point(ECP_ShortW_Aff[Fp[C], NotOnTwist]) - Q = rng.random_point(ECP_ShortW_Aff[Fp2[C], OnTwist]) + P = rng.random_point(ECP_ShortW_Aff[Fp[C], G1]) + Q = rng.random_point(ECP_ShortW_Aff[Fp2[C], G2]) var f: Fp12[C] bench("Miller Loop BLS12", C, iters): @@ -175,8 +175,8 @@ proc millerLoopBLS12Bench*(C: static Curve, iters: int) = proc millerLoopBNBench*(C: static Curve, iters: int) = let - P = rng.random_point(ECP_ShortW_Aff[Fp[C], NotOnTwist]) - Q = rng.random_point(ECP_ShortW_Aff[Fp2[C], OnTwist]) + P = rng.random_point(ECP_ShortW_Aff[Fp[C], G1]) + Q = rng.random_point(ECP_ShortW_Aff[Fp2[C], G2]) var f: Fp12[C] bench("Miller Loop BN", C, iters): @@ -196,8 +196,8 @@ proc finalExpBNBench*(C: static Curve, iters: int) = proc pairingBLS12Bench*(C: static Curve, iters: int) = let - P = rng.random_point(ECP_ShortW_Aff[Fp[C], NotOnTwist]) - Q = rng.random_point(ECP_ShortW_Aff[Fp2[C], OnTwist]) + P = rng.random_point(ECP_ShortW_Aff[Fp[C], G1]) + Q = rng.random_point(ECP_ShortW_Aff[Fp2[C], G2]) var f: Fp12[C] bench("Pairing BLS12", C, iters): @@ -205,8 +205,8 @@ proc pairingBLS12Bench*(C: static Curve, iters: int) = proc pairingBNBench*(C: static Curve, iters: int) = let - P = rng.random_point(ECP_ShortW_Aff[Fp[C], NotOnTwist]) - Q = rng.random_point(ECP_ShortW_Aff[Fp2[C], OnTwist]) + P = rng.random_point(ECP_ShortW_Aff[Fp[C], G1]) + Q = rng.random_point(ECP_ShortW_Aff[Fp2[C], G2]) var f: Fp12[C] bench("Pairing BN", C, iters): @@ -218,7 +218,7 @@ proc hashToCurveBLS12_381G2Bench*(iters: int) = # 'CryptoHash' resolution issue const dst = "BLS_SIG_BLS12381G2-SHA256-SSWU-RO_POP_" let msg = "Mr F was here" - var P: ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist] + var P: ECP_ShortW_Prj[Fp2[BLS12_381], G2] bench("Hash to G2 (Draft #11)", BLS12_381, iters): sha256.hashToCurve( diff --git a/constantine/curves/bls12_377_pairing.nim b/constantine/curves/bls12_377_pairing.nim index 16fd06a..cc4be02 100644 --- a/constantine/curves/bls12_377_pairing.nim +++ b/constantine/curves/bls12_377_pairing.nim @@ -42,13 +42,13 @@ const BLS12_377_pairing_finalexponent* = block: func millerLoopAddchain*( f: var Fp12[BLS12_377], - Q: ECP_ShortW_Aff[Fp2[BLS12_377], OnTwist], - P: ECP_ShortW_Aff[Fp[BLS12_377], NotOnTwist] + Q: ECP_ShortW_Aff[Fp2[BLS12_377], G2], + P: ECP_ShortW_Aff[Fp[BLS12_377], G1] ) = ## Miller Loop for BLS12-377 curve ## Computes f{u,Q}(P) with u the BLS curve parameter - var T {.noInit.}: ECP_ShortW_Prj[Fp2[BLS12_377], OnTwist] + var T {.noInit.}: ECP_ShortW_Prj[Fp2[BLS12_377], G2] f.miller_init_double_then_add(T, Q, P, 5) # 0b100001 f.miller_accum_double_then_add(T, Q, P, 2) # 0b10000101 diff --git a/constantine/curves/bls12_381_pairing.nim b/constantine/curves/bls12_381_pairing.nim index 998e2ff..2a8de04 100644 --- a/constantine/curves/bls12_381_pairing.nim +++ b/constantine/curves/bls12_381_pairing.nim @@ -40,13 +40,13 @@ const BLS12_381_pairing_finalexponent* = block: func millerLoopAddchain*( f: var Fp12[BLS12_381], - Q: ECP_ShortW_Aff[Fp2[BLS12_381], OnTwist], - P: ECP_ShortW_Aff[Fp[BLS12_381], NotOnTwist] + Q: ECP_ShortW_Aff[Fp2[BLS12_381], G2], + P: ECP_ShortW_Aff[Fp[BLS12_381], G1] ) = ## Miller Loop for BLS12-381 curve ## Computes f{u,Q}(P) with u the BLS curve parameter - var T {.noInit.}: ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist] + var T {.noInit.}: ECP_ShortW_Prj[Fp2[BLS12_381], G2] f.miller_init_double_then_add(T, Q, P, 1) # 0b11 f.miller_accum_double_then_add(T, Q, P, 2) # 0b1101 @@ -60,13 +60,13 @@ func millerLoopAddchain*( func millerLoopAddchain*[N: static int]( f: var Fp12[BLS12_381], - Qs: array[N, ECP_ShortW_Aff[Fp2[BLS12_381], OnTwist]], - Ps: array[N, ECP_ShortW_Aff[Fp[BLS12_381], NotOnTwist]] + Qs: array[N, ECP_ShortW_Aff[Fp2[BLS12_381], G2]], + Ps: array[N, ECP_ShortW_Aff[Fp[BLS12_381], G1]] ) = ## Generic Miller Loop for BLS12 curve ## Computes f{u,Q}(P) with u the BLS curve parameter - var Ts {.noInit.}: array[N, ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist]] + var Ts {.noInit.}: array[N, ECP_ShortW_Prj[Fp2[BLS12_381], G2]] # Ate param addition chain # Hex: 0xd201000000010000 diff --git a/constantine/curves/bn254_nogami_pairing.nim b/constantine/curves/bn254_nogami_pairing.nim index 289eca0..b2bab48 100644 --- a/constantine/curves/bn254_nogami_pairing.nim +++ b/constantine/curves/bn254_nogami_pairing.nim @@ -38,12 +38,12 @@ const BN254_Nogami_pairing_finalexponent* = block: func millerLoopAddchain*( f: var Fp12[BN254_Nogami], - Q: ECP_ShortW_Aff[Fp2[BN254_Nogami], OnTwist], - P: ECP_ShortW_Aff[Fp[BN254_Nogami], NotOnTwist] + Q: ECP_ShortW_Aff[Fp2[BN254_Nogami], G2], + P: ECP_ShortW_Aff[Fp[BN254_Nogami], G1] ) = ## Miller Loop for BN254-Nogami curve ## Computes f{6u+2,Q}(P) with u the BLS curve parameter - var T {.noInit.}: ECP_ShortW_Prj[Fp2[BN254_Nogami], OnTwist] + var T {.noInit.}: ECP_ShortW_Prj[Fp2[BN254_Nogami], G2] f.miller_init_double_then_add(T, Q, P, 1) # 0b11 f.miller_accum_double_then_add(T, Q, P, 6) # 0b11000001 diff --git a/constantine/ec_shortweierstrass.nim b/constantine/ec_shortweierstrass.nim index cc5ac92..4b53648 100644 --- a/constantine/ec_shortweierstrass.nim +++ b/constantine/ec_shortweierstrass.nim @@ -22,9 +22,9 @@ import export ec_shortweierstrass_affine, ec_shortweierstrass_jacobian, ec_shortweierstrass_projective, ec_scalar_mul -func projectiveFromJacobian*[F; Tw]( - prj: var ECP_ShortW_Prj[F, Tw], - jac: ECP_ShortW_Jac[F, Tw]) {.inline.} = +func projectiveFromJacobian*[F; G]( + prj: var ECP_ShortW_Prj[F, G], + jac: ECP_ShortW_Jac[F, G]) {.inline.} = prj.x.prod(jac.x, jac.z) prj.y = jac.y prj.z.square(jac.z) diff --git a/constantine/elliptic/ec_endomorphism_accel.nim b/constantine/elliptic/ec_endomorphism_accel.nim index 5fd6a85..5ecc557 100644 --- a/constantine/elliptic/ec_endomorphism_accel.nim +++ b/constantine/elliptic/ec_endomorphism_accel.nim @@ -292,7 +292,7 @@ func scalarMulEndo*[scalBits; EC]( const M = 2 # 1. Compute endomorphisms var endomorphisms {.noInit.}: array[M-1, typeof(P)] - when P.Tw == NotOnTwist: + when P.G == G1: endomorphisms[0] = P endomorphisms[0].x *= C.getCubicRootOfUnity_mod_p() else: @@ -481,7 +481,7 @@ func scalarMulGLV_m2w2*[scalBits; EC]( static: doAssert: scalBits == C.getCurveOrderBitwidth() # 1. Compute endomorphisms - when P0.Tw == NotOnTwist: + when P0.G == G1: var P1 = P0 P1.x *= C.getCubicRootOfUnity_mod_p() else: diff --git a/constantine/elliptic/ec_shortweierstrass_affine.nim b/constantine/elliptic/ec_shortweierstrass_affine.nim index d939144..bbc8357 100644 --- a/constantine/elliptic/ec_shortweierstrass_affine.nim +++ b/constantine/elliptic/ec_shortweierstrass_affine.nim @@ -22,11 +22,11 @@ import # ############################################################ type - Twisted* = enum - NotOnTwist - OnTwist + Subgroup* = enum + G1 + G2 - ECP_ShortW_Aff*[F; Tw: static Twisted] = object + ECP_ShortW_Aff*[F; G: static Subgroup] = object ## Elliptic curve point for a curve in Short Weierstrass form ## y² = x³ + a x + b ## @@ -45,7 +45,7 @@ func isInf*(P: ECP_ShortW_Aff): SecretBool = ## and false otherwise result = P.x.isZero() and P.y.isZero() -func curve_eq_rhs*[F](y2: var F, x: F, Tw: static Twisted) = +func curve_eq_rhs*[F](y2: var F, x: F, G: static Subgroup) = ## Compute the curve equation right-hand-side from field element `x` ## i.e. `y²` in `y² = x³ + a x + b` ## or on sextic twists for pairing curves `y² = x³ + b/µ` or `y² = x³ + µ b` @@ -55,7 +55,7 @@ func curve_eq_rhs*[F](y2: var F, x: F, Tw: static Twisted) = t.square(x) t *= x - when Tw == NotOnTwist: + when G == G1: when F.C.getCoefB() >= 0: y2.fromUint uint F.C.getCoefB() y2 += t @@ -70,18 +70,18 @@ func curve_eq_rhs*[F](y2: var F, x: F, Tw: static Twisted) = t *= F.C.getCoefA() y2 += t -func isOnCurve*[F](x, y: F, Tw: static Twisted): SecretBool = +func isOnCurve*[F](x, y: F, G: static Subgroup): SecretBool = ## Returns true if the (x, y) coordinates ## represents a point of the elliptic curve var y2, rhs {.noInit.}: F y2.square(y) - rhs.curve_eq_rhs(x, Tw) + rhs.curve_eq_rhs(x, G) return y2 == rhs -func trySetFromCoordX*[F, Tw]( - P: var ECP_ShortW_Aff[F, Tw], +func trySetFromCoordX*[F, G]( + P: var ECP_ShortW_Aff[F, G], x: F): SecretBool = ## Try to create a point the elliptic curve ## y² = x³ + a x + b (affine coordinate) @@ -101,7 +101,7 @@ func trySetFromCoordX*[F, Tw]( ## - scalar multiplication works ## - a generator point is defined ## i.e. you can't test unless everything is already working - P.y.curve_eq_rhs(x, Tw) + P.y.curve_eq_rhs(x, G) result = sqrt_if_square(P.y) P.x = x diff --git a/constantine/elliptic/ec_shortweierstrass_jacobian.nim b/constantine/elliptic/ec_shortweierstrass_jacobian.nim index af63fcb..ee93521 100644 --- a/constantine/elliptic/ec_shortweierstrass_jacobian.nim +++ b/constantine/elliptic/ec_shortweierstrass_jacobian.nim @@ -13,7 +13,7 @@ import ../towers, ./ec_shortweierstrass_affine -export Twisted +export Subgroup # ############################################################ # @@ -22,7 +22,7 @@ export Twisted # # ############################################################ -type ECP_ShortW_Jac*[F; Tw: static Twisted] = object +type ECP_ShortW_Jac*[F; G: static Subgroup] = object ## Elliptic curve point for a curve in Short Weierstrass form ## y² = x³ + a x + b ## @@ -80,8 +80,8 @@ func ccopy*(P: var ECP_ShortW_Jac, Q: ECP_ShortW_Jac, ctl: SecretBool) {.inline. for fP, fQ in fields(P, Q): ccopy(fP, fQ, ctl) -func trySetFromCoordsXandZ*[F; Tw]( - P: var ECP_ShortW_Jac[F, Tw], +func trySetFromCoordsXandZ*[F; G]( + P: var ECP_ShortW_Jac[F, G], x, z: F): SecretBool = ## Try to create a point the elliptic curve ## Y² = X³ + aXZ⁴ + bZ⁶ (Jacobian coordinates) @@ -100,7 +100,7 @@ func trySetFromCoordsXandZ*[F; Tw]( ## - scalar multiplication works ## - a generator point is defined ## i.e. you can't test unless everything is already working - P.y.curve_eq_rhs(x, Tw) + P.y.curve_eq_rhs(x, G) result = sqrt_if_square(P.y) var z2 {.noInit.}: F @@ -110,8 +110,8 @@ func trySetFromCoordsXandZ*[F; Tw]( P.y *= z P.z = z -func trySetFromCoordX*[F; Tw]( - P: var ECP_ShortW_Jac[F, Tw], +func trySetFromCoordX*[F; G]( + P: var ECP_ShortW_Jac[F, G], x: F): SecretBool = ## Try to create a point the elliptic curve ## y² = x³ + a x + b (affine coordinate) @@ -132,7 +132,7 @@ func trySetFromCoordX*[F; Tw]( ## - scalar multiplication works ## - a generator point is defined ## i.e. you can't test unless everything is already working - P.y.curve_eq_rhs(x, Tw) + P.y.curve_eq_rhs(x, G) result = sqrt_if_square(P.y) P.x = x P.z.setOne() @@ -152,9 +152,9 @@ func cneg*(P: var ECP_ShortW_Jac, ctl: CTBool) {.inline.} = ## Negate if ``ctl`` is true P.y.cneg(ctl) -template sumImpl[F; Tw: static Twisted]( - r: var ECP_ShortW_Jac[F, Tw], - P, Q: ECP_ShortW_Jac[F, Tw], +template sumImpl[F; G: static Subgroup]( + r: var ECP_ShortW_Jac[F, G], + P, Q: ECP_ShortW_Jac[F, G], CoefA: untyped ) = ## Elliptic curve point addition for Short Weierstrass curves in Jacobian coordinates @@ -324,9 +324,9 @@ template sumImpl[F; Tw: static Twisted]( r.ccopy(Q, P.isInf()) r.ccopy(P, Q.isInf()) -func sum*[F; Tw: static Twisted]( - r: var ECP_ShortW_Jac[F, Tw], - P, Q: ECP_ShortW_Jac[F, Tw], +func sum*[F; G: static Subgroup]( + r: var ECP_ShortW_Jac[F, G], + P, Q: ECP_ShortW_Jac[F, G], CoefA: static F ) = ## Elliptic curve point addition for Short Weierstrass curves in Jacobian coordinates @@ -349,9 +349,9 @@ func sum*[F; Tw: static Twisted]( ## This is done by using a "complete" or "exception-free" addition law. r.sumImpl(P, Q, CoefA) -func sum*[F; Tw: static Twisted]( - r: var ECP_ShortW_Jac[F, Tw], - P, Q: ECP_ShortW_Jac[F, Tw] +func sum*[F; G: static Subgroup]( + r: var ECP_ShortW_Jac[F, G], + P, Q: ECP_ShortW_Jac[F, G] ) = ## Elliptic curve point addition for Short Weierstrass curves in Jacobian coordinates ## @@ -370,10 +370,10 @@ func sum*[F; Tw: static Twisted]( ## This is done by using a "complete" or "exception-free" addition law. r.sumImpl(P, Q, F.C.getCoefA()) -func madd*[F; Tw: static Twisted]( - r: var ECP_ShortW_Jac[F, Tw], - P: ECP_ShortW_Jac[F, Tw], - Q: ECP_ShortW_Aff[F, Tw] +func madd*[F; G: static Subgroup]( + r: var ECP_ShortW_Jac[F, G], + P: ECP_ShortW_Jac[F, G], + Q: ECP_ShortW_Aff[F, G] ) = ## Elliptic curve mixed addition for Short Weierstrass curves ## with p in Jacobian coordinates and Q in affine coordinates @@ -449,9 +449,9 @@ func madd*[F; Tw: static Twisted]( r.ccopy(P, qIsInf) -func double*[F; Tw: static Twisted]( - r: var ECP_ShortW_Jac[F, Tw], - P: ECP_ShortW_Jac[F, Tw] +func double*[F; G: static Subgroup]( + r: var ECP_ShortW_Jac[F, G], + P: ECP_ShortW_Jac[F, G] ) = ## Elliptic curve point doubling for Short Weierstrass curves in projective coordinate ## @@ -528,9 +528,9 @@ func diff*(r: var ECP_ShortW_Jac, nQ.neg(Q) r.sum(P, nQ) -func affineFromJacobian*[F; Tw]( - aff: var ECP_ShortW_Aff[F, Tw], - jac: ECP_ShortW_Jac[F, Tw]) = +func affineFromJacobian*[F; G]( + aff: var ECP_ShortW_Aff[F, G], + jac: ECP_ShortW_Jac[F, G]) = var invZ {.noInit.}, invZ2{.noInit.}: F invZ.inv(jac.z) invZ2.square(invZ) @@ -539,9 +539,9 @@ func affineFromJacobian*[F; Tw]( aff.y.prod(jac.y, invZ) aff.y *= invZ2 -func jacobianFromAffine*[F; Tw]( - jac: var ECP_ShortW_Jac[F, Tw], - aff: ECP_ShortW_Aff[F, Tw]) {.inline.} = +func jacobianFromAffine*[F; G]( + jac: var ECP_ShortW_Jac[F, G], + aff: ECP_ShortW_Aff[F, G]) {.inline.} = jac.x = aff.x jac.y = aff.y jac.z.setOne() diff --git a/constantine/elliptic/ec_shortweierstrass_projective.nim b/constantine/elliptic/ec_shortweierstrass_projective.nim index a5c0d43..1730347 100644 --- a/constantine/elliptic/ec_shortweierstrass_projective.nim +++ b/constantine/elliptic/ec_shortweierstrass_projective.nim @@ -13,7 +13,7 @@ import ../towers, ./ec_shortweierstrass_affine -export Twisted +export Subgroup # ############################################################ # @@ -22,7 +22,7 @@ export Twisted # # ############################################################ -type ECP_ShortW_Prj*[F; Tw: static Twisted] = object +type ECP_ShortW_Prj*[F; G: static Subgroup] = object ## Elliptic curve point for a curve in Short Weierstrass form ## y² = x³ + a x + b ## @@ -74,8 +74,8 @@ func ccopy*(P: var ECP_ShortW_Prj, Q: ECP_ShortW_Prj, ctl: SecretBool) {.inline. for fP, fQ in fields(P, Q): ccopy(fP, fQ, ctl) -func trySetFromCoordsXandZ*[F; Tw]( - P: var ECP_ShortW_Prj[F, Tw], +func trySetFromCoordsXandZ*[F; G]( + P: var ECP_ShortW_Prj[F, G], x, z: F): SecretBool = ## Try to create a point the elliptic curve ## Y²Z = X³ + aXZ² + bZ³ (projective coordinates) @@ -94,15 +94,15 @@ func trySetFromCoordsXandZ*[F; Tw]( ## - scalar multiplication works ## - a generator point is defined ## i.e. you can't test unless everything is already working - P.y.curve_eq_rhs(x, Tw) + P.y.curve_eq_rhs(x, G) result = sqrt_if_square(P.y) P.x.prod(x, z) P.y *= z P.z = z -func trySetFromCoordX*[F; Tw]( - P: var ECP_ShortW_Prj[F, Tw], +func trySetFromCoordX*[F; G]( + P: var ECP_ShortW_Prj[F, G], x: F): SecretBool = ## Try to create a point the elliptic curve ## y² = x³ + a x + b (affine coordinate) @@ -123,7 +123,7 @@ func trySetFromCoordX*[F; Tw]( ## - scalar multiplication works ## - a generator point is defined ## i.e. you can't test unless everything is already working - P.y.curve_eq_rhs(x, Tw) + P.y.curve_eq_rhs(x, G) result = sqrt_if_square(P.y) P.x = x P.z.setOne() @@ -143,9 +143,9 @@ func cneg*(P: var ECP_ShortW_Prj, ctl: CTBool) {.inline.} = ## Negate if ``ctl`` is true P.y.cneg(ctl) -func sum*[F; Tw: static Twisted]( - r: var ECP_ShortW_Prj[F, Tw], - P, Q: ECP_ShortW_Prj[F, Tw] +func sum*[F; G: static Subgroup]( + r: var ECP_ShortW_Prj[F, G], + P, Q: ECP_ShortW_Prj[F, G] ) = ## Elliptic curve point addition for Short Weierstrass curves in projective coordinates ## @@ -205,32 +205,32 @@ func sum*[F; Tw: static Twisted]( t3 *= t4 # 6. t₃ <- t₃ * t₄ t4.sum(t0, t1) # 7. t₄ <- t₀ + t₁ t3 -= t4 # 8. t₃ <- t₃ - t₄ t₃ = (X₁ + Y₁)(X₂ + Y₂) - (X₁X₂ + Y₁Y₂) = X₁Y₂ + X₂Y₁ - when Tw == OnTwist and F.C.getSexticTwist() == D_Twist: + when G == G2 and F.C.getSexticTwist() == D_Twist: t3 *= SexticNonResidue t4.sum(P.y, P.z) # 9. t₄ <- Y₁ + Z₁ x3.sum(Q.y, Q.z) # 10. X₃ <- Y₂ + Z₂ t4 *= x3 # 11. t₄ <- t₄ X₃ x3.sum(t1, t2) # 12. X₃ <- t₁ + t₂ X₃ = Y₁Y₂ + Z₁Z₂ t4 -= x3 # 13. t₄ <- t₄ - X₃ t₄ = (Y₁ + Z₁)(Y₂ + Z₂) - (Y₁Y₂ + Z₁Z₂) = Y₁Z₂ + Y₂Z₁ - when Tw == OnTwist and F.C.getSexticTwist() == D_Twist: + when G == G2 and F.C.getSexticTwist() == D_Twist: t4 *= SexticNonResidue x3.sum(P.x, P.z) # 14. X₃ <- X₁ + Z₁ y3.sum(Q.x, Q.z) # 15. Y₃ <- X₂ + Z₂ x3 *= y3 # 16. X₃ <- X₃ Y₃ X₃ = (X₁Z₁)(X₂Z₂) y3.sum(t0, t2) # 17. Y₃ <- t₀ + t₂ Y₃ = X₁ X₂ + Z₁ Z₂ y3.diff(x3, y3) # 18. Y₃ <- X₃ - Y₃ Y₃ = (X₁ + Z₁)(X₂ + Z₂) - (X₁ X₂ + Z₁ Z₂) = X₁Z₂ + X₂Z₁ - when Tw == OnTwist and F.C.getSexticTwist() == D_Twist: + when G == G2 and F.C.getSexticTwist() == D_Twist: t0 *= SexticNonResidue t1 *= SexticNonResidue x3.double(t0) # 19. X₃ <- t₀ + t₀ X₃ = 2 X₁X₂ t0 += x3 # 20. t₀ <- X₃ + t₀ t₀ = 3 X₁X₂ t2 *= b3 # 21. t₂ <- 3b t₂ t₂ = 3bZ₁Z₂ - when Tw == OnTwist and F.C.getSexticTwist() == M_Twist: + when G == G2 and F.C.getSexticTwist() == M_Twist: t2 *= SexticNonResidue z3.sum(t1, t2) # 22. Z₃ <- t₁ + t₂ Z₃ = Y₁Y₂ + 3bZ₁Z₂ t1 -= t2 # 23. t₁ <- t₁ - t₂ t₁ = Y₁Y₂ - 3bZ₁Z₂ y3 *= b3 # 24. Y₃ <- 3b Y₃ Y₃ = 3b(X₁Z₂ + X₂Z₁) - when Tw == OnTwist and F.C.getSexticTwist() == M_Twist: + when G == G2 and F.C.getSexticTwist() == M_Twist: y3 *= SexticNonResidue x3.prod(t4, y3) # 25. X₃ <- t₄ Y₃ X₃ = 3b(Y₁Z₂ + Y₂Z₁)(X₁Z₂ + X₂Z₁) t2.prod(t3, t1) # 26. t₂ <- t₃ t₁ t₂ = (X₁Y₂ + X₂Y₁) (Y₁Y₂ - 3bZ₁Z₂) @@ -244,10 +244,10 @@ func sum*[F; Tw: static Twisted]( else: {.error: "Not implemented.".} -func madd*[F; Tw: static Twisted]( - r: var ECP_ShortW_Prj[F, Tw], - P: ECP_ShortW_Prj[F, Tw], - Q: ECP_ShortW_Aff[F, Tw] +func madd*[F; G: static Subgroup]( + r: var ECP_ShortW_Prj[F, G], + P: ECP_ShortW_Prj[F, G], + Q: ECP_ShortW_Aff[F, G] ) = ## Elliptic curve mixed addition for Short Weierstrass curves ## with p in Projective coordinates and Q in affine coordinates @@ -276,27 +276,27 @@ func madd*[F; Tw: static Twisted]( t3 *= t4 # 5. t₃ <- t₃ * t₄ t4.sum(t0, t1) # 6. t₄ <- t₀ + t₁ t3 -= t4 # 7. t₃ <- t₃ - t₄, t₃ = (X₁ + Y₁)(X₂ + Y₂) - (X₁ X₂ + Y₁ Y₂) = X₁Y₂ + X₂Y₁ - when Tw == OnTwist and F.C.getSexticTwist() == D_Twist: + when G == G2 and F.C.getSexticTwist() == D_Twist: t3 *= SexticNonResidue t4.prod(Q.y, P.z) # 8. t₄ <- Y₂ Z₁ t4 += P.y # 9. t₄ <- t₄ + Y₁, t₄ = Y₁+Y₂Z₁ - when Tw == OnTwist and F.C.getSexticTwist() == D_Twist: + when G == G2 and F.C.getSexticTwist() == D_Twist: t4 *= SexticNonResidue y3.prod(Q.x, P.z) # 10. Y₃ <- X₂ Z₁ y3 += P.x # 11. Y₃ <- Y₃ + X₁, Y₃ = X₁ + X₂Z₁ - when Tw == OnTwist and F.C.getSexticTwist() == D_Twist: + when G == G2 and F.C.getSexticTwist() == D_Twist: t0 *= SexticNonResidue t1 *= SexticNonResidue x3.double(t0) # 12. X₃ <- t₀ + t₀ t0 += x3 # 13. t₀ <- X₃ + t₀, t₀ = 3X₁X₂ t2 = P.z t2 *= b3 # 14. t₂ <- 3bZ₁ - when Tw == OnTwist and F.C.getSexticTwist() == M_Twist: + when G == G2 and F.C.getSexticTwist() == M_Twist: t2 *= SexticNonResidue z3.sum(t1, t2) # 15. Z₃ <- t₁ + t₂, Z₃ = Y₁Y₂ + 3bZ₁ t1 -= t2 # 16. t₁ <- t₁ - t₂, t₁ = Y₁Y₂ - 3bZ₁ y3 *= b3 # 17. Y₃ <- 3bY₃, Y₃ = 3b(X₁ + X₂Z₁) - when Tw == OnTwist and F.C.getSexticTwist() == M_Twist: + when G == G2 and F.C.getSexticTwist() == M_Twist: y3 *= SexticNonResidue x3.prod(t4, y3) # 18. X₃ <- t₄ Y₃, X₃ = (Y₁ + Y₂Z₁) 3b(X₁ + X₂Z₁) t2.prod(t3, t1) # 19. t₂ <- t₃ t₁, t₂ = (X₁Y₂ + X₂Y₁)(Y₁Y₂ - 3bZ₁) @@ -310,9 +310,9 @@ func madd*[F; Tw: static Twisted]( else: {.error: "Not implemented.".} -func double*[F; Tw: static Twisted]( - r: var ECP_ShortW_Prj[F, Tw], - P: ECP_ShortW_Prj[F, Tw] +func double*[F; G: static Subgroup]( + r: var ECP_ShortW_Prj[F, G], + P: ECP_ShortW_Prj[F, G] ) = ## Elliptic curve point doubling for Short Weierstrass curves in projective coordinate ## @@ -357,7 +357,7 @@ func double*[F; Tw: static Twisted]( # X₃ = 2XY(Y² - 9bZ²) # Y₃ = (Y² - 9bZ²)(Y² + 3bZ²) + 24bY²Z² # Z₃ = 8Y³Z - when Tw == OnTwist and F.C.getSexticTwist() == D_Twist: + when G == G2 and F.C.getSexticTwist() == D_Twist: var snrY {.noInit.}: F snrY.prod(P.y, SexticNonResidue) t0.square(P.y) @@ -371,7 +371,7 @@ func double*[F; Tw: static Twisted]( t1.prod(snrY, P.z) # 5. t₁ <- Y Z t2.square(P.z) # 6. t₂ <- Z Z t2 *= b3 # 7. t₂ <- 3b t₂ - when Tw == OnTwist and F.C.getSexticTwist() == M_Twist: + when G == G2 and F.C.getSexticTwist() == M_Twist: t2 *= SexticNonResidue x3.prod(t2, z3) # 8. X₃ <- t₂ Z₃ y3.sum(t0, t2) # 9. Y₃ <- t₀ + t₂ @@ -409,18 +409,18 @@ func diff*(r: var ECP_ShortW_Prj, nQ.neg(Q) r.sum(P, nQ) -func affineFromProjective*[F, Tw]( - aff: var ECP_ShortW_Aff[F, Tw], - proj: ECP_ShortW_Prj[F, Tw]) = +func affineFromProjective*[F, G]( + aff: var ECP_ShortW_Aff[F, G], + proj: ECP_ShortW_Prj[F, G]) = var invZ {.noInit.}: F invZ.inv(proj.z) aff.x.prod(proj.x, invZ) aff.y.prod(proj.y, invZ) -func projectiveFromAffine*[F, Tw]( - proj: var ECP_ShortW_Prj[F, Tw], - aff: ECP_ShortW_Aff[F, Tw]) {.inline.} = +func projectiveFromAffine*[F, G]( + proj: var ECP_ShortW_Prj[F, G], + aff: ECP_ShortW_Aff[F, G]) {.inline.} = proj.x = aff.x proj.y = aff.y proj.z.setOne() diff --git a/constantine/hash_to_curve/cofactors.nim b/constantine/hash_to_curve/cofactors.nim index 5f8a452..20f6da2 100644 --- a/constantine/hash_to_curve/cofactors.nim +++ b/constantine/hash_to_curve/cofactors.nim @@ -51,49 +51,49 @@ const Cofactor_Eff_BW6_761_G1 = BigInt[384].fromHex"0xad1972339049ce762c77d5ac34 const Cofactor_Eff_BW6_761_G2 = BigInt[384].fromHex"0xad1972339049ce762c77d5ac34cb12efc856a0853c9db94cc61c554757551c0c832ba4061000003b3de580000000007c" ## P -> (103([u³]P) − 83([u²]P) − 143([u]P) + 27P) + ψ(7([u²]P) − 117([u]P) − 109P) -func clearCofactorReference*(P: var ECP_ShortW_Prj[Fp[BN254_Nogami], NotOnTwist]) {.inline.} = +func clearCofactorReference*(P: var ECP_ShortW_Prj[Fp[BN254_Nogami], G1]) {.inline.} = ## Clear the cofactor of BN254_Nogami G1 ## BN curve have a G1 cofactor of 1 so this is a no-op discard -func clearCofactorReference*(P: var ECP_ShortW_Prj[Fp2[BN254_Nogami], OnTwist]) {.inline.} = +func clearCofactorReference*(P: var ECP_ShortW_Prj[Fp2[BN254_Nogami], G2]) {.inline.} = ## Clear the cofactor of BN254_Snarks G2 # Endomorphism acceleration cannot be used if cofactor is not cleared P.scalarMulGeneric(Cofactor_Eff_BN254_Nogami_G2) -func clearCofactorReference*(P: var ECP_ShortW_Prj[Fp[BN254_Snarks], NotOnTwist]) {.inline.} = +func clearCofactorReference*(P: var ECP_ShortW_Prj[Fp[BN254_Snarks], G1]) {.inline.} = ## Clear the cofactor of BN254_Snarks G1 ## BN curve have a G1 cofactor of 1 so this is a no-op discard -func clearCofactorReference*(P: var ECP_ShortW_Prj[Fp2[BN254_Snarks], OnTwist]) {.inline.} = +func clearCofactorReference*(P: var ECP_ShortW_Prj[Fp2[BN254_Snarks], G2]) {.inline.} = ## Clear the cofactor of BN254_Snarks G2 # Endomorphism acceleration cannot be used if cofactor is not cleared P.scalarMulGeneric(Cofactor_Eff_BN254_Snarks_G2) -func clearCofactorReference*(P: var ECP_ShortW_Prj[Fp[BLS12_377], NotOnTwist]) {.inline.} = +func clearCofactorReference*(P: var ECP_ShortW_Prj[Fp[BLS12_377], G1]) {.inline.} = ## Clear the cofactor of BLS12_377 G1 P.scalarMulGeneric(Cofactor_Eff_BLS12_377_G1) -func clearCofactorReference*(P: var ECP_ShortW_Prj[Fp2[BLS12_377], OnTwist]) {.inline.} = +func clearCofactorReference*(P: var ECP_ShortW_Prj[Fp2[BLS12_377], G2]) {.inline.} = ## Clear the cofactor of BLS12_377 G2 # Endomorphism acceleration cannot be used if cofactor is not cleared P.scalarMulGeneric(Cofactor_Eff_BLS12_377_G2) -func clearCofactorReference*(P: var ECP_ShortW_Prj[Fp[BLS12_381], NotOnTwist]) {.inline.} = +func clearCofactorReference*(P: var ECP_ShortW_Prj[Fp[BLS12_381], G1]) {.inline.} = ## Clear the cofactor of BLS12_381 G1 P.scalarMulGeneric(Cofactor_Eff_BLS12_381_G1) -func clearCofactorReference*(P: var ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist]) {.inline.} = +func clearCofactorReference*(P: var ECP_ShortW_Prj[Fp2[BLS12_381], G2]) {.inline.} = ## Clear the cofactor of BLS12_381 G2 # Endomorphism acceleration cannot be used if cofactor is not cleared P.scalarMulGeneric(Cofactor_Eff_BLS12_381_G2) -func clearCofactorReference*(P: var ECP_ShortW_Prj[Fp[BW6_761], NotOnTwist]) {.inline.} = +func clearCofactorReference*(P: var ECP_ShortW_Prj[Fp[BW6_761], G1]) {.inline.} = ## Clear the cofactor of BW6_761 G1 P.scalarMulGeneric(Cofactor_Eff_BW6_761_G1) -func clearCofactorReference*(P: var ECP_ShortW_Prj[Fp[BW6_761], OnTwist]) {.inline.} = +func clearCofactorReference*(P: var ECP_ShortW_Prj[Fp[BW6_761], G2]) {.inline.} = ## Clear the cofactor of BW6_761 G2 # Endomorphism acceleration cannot be used if cofactor is not cleared P.scalarMulGeneric(Cofactor_Eff_BW6_761_G2) @@ -139,8 +139,8 @@ func double_repeated*[EC](P: var EC, num: int) {.inline.} = P.double() func pow_x( - r{.noalias.}: var ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist], - P{.noalias.}: ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist], + r{.noalias.}: var ECP_ShortW_Prj[Fp2[BLS12_381], G2], + P{.noalias.}: ECP_ShortW_Prj[Fp2[BLS12_381], G2], ) = ## Does the scalar multiplication [x]P ## with x the BLS12 curve parameter @@ -170,7 +170,7 @@ func pow_x( r.neg(r) -func clearCofactorFast*(P: var ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist]) = +func clearCofactorFast*(P: var ECP_ShortW_Prj[Fp2[BLS12_381], G2]) = ## Clear the cofactor of BLS12_381 G2 ## Optimized using endomorphisms ## P -> [x²-x-1]P + [x-1] ψ(P) + ψ²([2]P) diff --git a/constantine/hash_to_curve/hash_to_curve.nim b/constantine/hash_to_curve/hash_to_curve.nim index 0fd6c88..4af440a 100644 --- a/constantine/hash_to_curve/hash_to_curve.nim +++ b/constantine/hash_to_curve/hash_to_curve.nim @@ -34,8 +34,8 @@ import # Map to curve # ---------------------------------------------------------------- -func mapToIsoCurve_sswuG2_opt9mod16[F; Tw: static Twisted]( - r: var ECP_ShortW_Jac[F, Tw], +func mapToIsoCurve_sswuG2_opt9mod16[F; G: static Subgroup]( + r: var ECP_ShortW_Jac[F, G], u: F) = var xn{.noInit.}, xd{.noInit.}: F @@ -53,8 +53,8 @@ func mapToIsoCurve_sswuG2_opt9mod16[F; Tw: static Twisted]( r.x.prod(xn, xd) # X = xZ² = xn/xd * xd² = xn*xd r.y.prod(yn, xd3) # Y = yZ³ = yn * xd³ -func mapToCurve[F; Tw: static Twisted]( - r: var (ECP_ShortW_Prj[F, Tw] or ECP_ShortW_Jac[F, Tw]), +func mapToCurve[F; G: static Subgroup]( + r: var (ECP_ShortW_Prj[F, G] or ECP_ShortW_Jac[F, G]), u: F) = ## Map an element of the ## finite or extension field F @@ -85,8 +85,8 @@ func mapToCurve[F; Tw: static Twisted]( else: {.error: "Not implemented".} -func mapToCurve_fusedAdd[F; Tw: static Twisted]( - r: var ECP_ShortW_Jac[F, Tw], +func mapToCurve_fusedAdd[F; G: static Subgroup]( + r: var ECP_ShortW_Jac[F, G], u0, u1: F) = ## Map 2 elements of the ## finite or extension field F @@ -105,7 +105,7 @@ func mapToCurve_fusedAdd[F; Tw: static Twisted]( # unlike the complete projective formulae which heavily depends on it # So we use jacobian coordinates for computation on isogenies. - var P0{.noInit.}, P1{.noInit.}: ECP_ShortW_Jac[F, Tw] + var P0{.noInit.}, P1{.noInit.}: ECP_ShortW_Jac[F, G] when F.C == BLS12_381 and F is Fp2: # 1. Map to E'2 isogenous to E2 P0.mapToIsoCurve_sswuG2_opt9mod16(u0) @@ -122,11 +122,11 @@ func mapToCurve_fusedAdd[F; Tw: static Twisted]( # ---------------------------------------------------------------- func hashToCurve*[ - F; Tw: static Twisted; + F; G: static Subgroup; B1, B2, B3: byte|char]( H: type CryptoHash, k: static int, - output: var ECP_ShortW_Prj[F, Tw], + output: var ECP_ShortW_Prj[F, G], augmentation: openarray[B1], message: openarray[B2], domainSepTag: openarray[B3] @@ -157,12 +157,12 @@ func hashToCurve*[ H.hashToField(k, u, augmentation, message, domainSepTag) when false: - var P{.noInit.}: array[2, ECP_ShortW_Prj[F, Tw]] + var P{.noInit.}: array[2, ECP_ShortW_Prj[F, G]] P[0].mapToCurve(u[0]) P[1].mapToCurve(u[1]) output.sum(P[0], P[1]) else: - var Pjac{.noInit.}: ECP_ShortW_Jac[F, Tw] + var Pjac{.noInit.}: ECP_ShortW_Jac[F, G] Pjac.mapToCurve_fusedAdd(u[0], u[1]) output.projectiveFromJacobian(Pjac) diff --git a/constantine/io/io_ec.nim b/constantine/io/io_ec.nim index e662efb..44e0cd3 100644 --- a/constantine/io/io_ec.nim +++ b/constantine/io/io_ec.nim @@ -38,7 +38,7 @@ func toHex*[EC: ECP_ShortW_Prj or ECP_ShortW_Jac or ECP_ShortW_Aff](P: EC): stri ## ## This proc output may change format in the future - var aff {.noInit.}: ECP_ShortW_Aff[EC.F, EC.Tw] + var aff {.noInit.}: ECP_ShortW_Aff[EC.F, EC.G] when EC is ECP_ShortW_Prj: aff.affineFromProjective(P) elif EC is ECP_ShortW_Jac: @@ -61,7 +61,7 @@ func fromHex*(dst: var (ECP_ShortW_Prj or ECP_ShortW_Jac), x, y: string): bool { dst.x.fromHex(x) dst.y.fromHex(y) dst.z.setOne() - return bool(isOnCurve(dst.x, dst.y, dst.Tw)) + return bool(isOnCurve(dst.x, dst.y, dst.G)) func fromHex*(dst: var (ECP_ShortW_Prj or ECP_ShortW_Jac), x0, x1, y0, y1: string): bool {.raises: [ValueError].}= ## Convert hex strings to a G2 curve point @@ -72,7 +72,7 @@ func fromHex*(dst: var (ECP_ShortW_Prj or ECP_ShortW_Jac), x0, x1, y0, y1: strin dst.x.fromHex(x0, x1) dst.y.fromHex(y0, y1) dst.z.setOne() - return bool(isOnCurve(dst.x, dst.y, dst.Tw)) + return bool(isOnCurve(dst.x, dst.y, dst.G)) func fromHex*(dst: var ECP_ShortW_Aff, x, y: string): bool {.raises: [ValueError].}= ## Convert hex strings to a G1 curve point @@ -82,7 +82,7 @@ func fromHex*(dst: var ECP_ShortW_Aff, x, y: string): bool {.raises: [ValueError static: doAssert dst.F is Fp, "dst must be on G1, an elliptic curve over 𝔽p" dst.x.fromHex(x) dst.y.fromHex(y) - return bool(isOnCurve(dst.x, dst.y, dst.Tw)) + return bool(isOnCurve(dst.x, dst.y, dst.G)) func fromHex*(dst: var ECP_ShortW_Aff, x0, x1, y0, y1: string): bool {.raises: [ValueError].}= ## Convert hex strings to a G2 curve point @@ -92,4 +92,4 @@ func fromHex*(dst: var ECP_ShortW_Aff, x0, x1, y0, y1: string): bool {.raises: [ static: doAssert dst.F is Fp2, "dst must be on G2, an elliptic curve over 𝔽p2" dst.x.fromHex(x0, x1) dst.y.fromHex(y0, y1) - return bool(isOnCurve(dst.x, dst.y, dst.Tw)) + return bool(isOnCurve(dst.x, dst.y, dst.G)) diff --git a/constantine/isogeny/h2c_isogeny_maps.nim b/constantine/isogeny/h2c_isogeny_maps.nim index 4e97bea..83c1522 100644 --- a/constantine/isogeny/h2c_isogeny_maps.nim +++ b/constantine/isogeny/h2c_isogeny_maps.nim @@ -126,8 +126,8 @@ func h2c_isogeny_map[F]( # y coordinate is y' * poly_yNum(x) ryn *= yn -func h2c_isogeny_map*[F; Tw: static Twisted]( - r: var ECP_ShortW_Prj[F, Tw], +func h2c_isogeny_map*[F; G: static Subgroup]( + r: var ECP_ShortW_Prj[F, G], xn, xd, yn: F, isodegree: static int) = ## Given G2, the target prime order subgroup of E2, ## this function maps an element of @@ -160,8 +160,8 @@ func h2c_isogeny_map*[F; Tw: static Twisted]( r.x *= t r.z *= t -func h2c_isogeny_map*[F; Tw: static Twisted]( - r: var ECP_ShortW_Jac[F, Tw], +func h2c_isogeny_map*[F; G: static Subgroup]( + r: var ECP_ShortW_Jac[F, G], xn, xd, yn: F, isodegree: static int) = ## Given G2, the target prime order subgroup of E2, ## this function maps an element of @@ -197,9 +197,9 @@ func h2c_isogeny_map*[F; Tw: static Twisted]( r.y *= rdx # Y = yd² * xd³ r.y *= ryn # Y = yn * yd² * xd³ -func h2c_isogeny_map*[F; Tw: static Twisted]( - r: var ECP_ShortW_Jac[F, Tw], - P: ECP_ShortW_Jac[F, Tw], +func h2c_isogeny_map*[F; G: static Subgroup]( + r: var ECP_ShortW_Jac[F, G], + P: ECP_ShortW_Jac[F, G], isodegree: static int) = ## Map P in isogenous curve E'2 ## to r in E2 diff --git a/constantine/pairing/lines_common.nim b/constantine/pairing/lines_common.nim index 1ad4fdc..dce8a4b 100644 --- a/constantine/pairing/lines_common.nim +++ b/constantine/pairing/lines_common.nim @@ -65,7 +65,7 @@ func toHex*(line: Line, order: static Endianness = bigEndian): string = # Line evaluation # -------------------------------------------------- -func line_update*[F1, F2](line: var Line[F2], P: ECP_ShortW_Aff[F1, NotOnTwist]) = +func line_update*[F1, F2](line: var Line[F2], P: ECP_ShortW_Aff[F1, G1]) = ## Update the line evaluation with P ## after addition or doubling ## P in G1 diff --git a/constantine/pairing/lines_projective.nim b/constantine/pairing/lines_projective.nim index ee8340e..52ed4e9 100644 --- a/constantine/pairing/lines_projective.nim +++ b/constantine/pairing/lines_projective.nim @@ -49,7 +49,7 @@ export lines_common func line_eval_double[F]( line: var Line[F], - T: ECP_ShortW_Prj[F, OnTwist]) = + T: ECP_ShortW_Prj[F, G2]) = ## Evaluate the line function for doubling ## i.e. the tangent at T ## @@ -119,8 +119,8 @@ func line_eval_double[F]( func line_eval_add[F]( line: var Line[F], - T: ECP_ShortW_Prj[F, OnTwist], - Q: ECP_ShortW_Aff[F, OnTwist]) = + T: ECP_ShortW_Prj[F, G2], + Q: ECP_ShortW_Aff[F, G2]) = ## Evaluate the line function for addition ## i.e. the line between T and Q ## @@ -163,7 +163,7 @@ func line_eval_add[F]( func line_eval_fused_double[Field]( line: var Line[Field], - T: var ECP_ShortW_Prj[Field, OnTwist]) = + T: var ECP_ShortW_Prj[Field, G2]) = ## Fused line evaluation and elliptic point doubling # Grewal et al, 2012 adapted to Scott 2019 line notation var A {.noInit.}, B {.noInit.}, C {.noInit.}: Field @@ -230,8 +230,8 @@ func line_eval_fused_double[Field]( func line_eval_fused_add[Field]( line: var Line[Field], - T: var ECP_ShortW_Prj[Field, OnTwist], - Q: ECP_ShortW_Aff[Field, OnTwist]) = + T: var ECP_ShortW_Prj[Field, G2], + Q: ECP_ShortW_Aff[Field, G2]) = ## Fused line evaluation and elliptic point addition # Grewal et al, 2012 adapted to Scott 2019 line notation var @@ -286,8 +286,8 @@ func line_eval_fused_add[Field]( func line_double*[F1, F2]( line: var Line[F2], - T: var ECP_ShortW_Prj[F2, OnTwist], - P: ECP_ShortW_Aff[F1, NotOnTwist]) = + T: var ECP_ShortW_Prj[F2, G2], + P: ECP_ShortW_Aff[F1, G1]) = ## Doubling step of the Miller loop ## T in G2, P in G1 ## @@ -303,9 +303,9 @@ func line_double*[F1, F2]( func line_add*[F1, F2]( line: var Line[F2], - T: var ECP_ShortW_Prj[F2, OnTwist], - Q: ECP_ShortW_Aff[F2, OnTwist], - P: ECP_ShortW_Aff[F1, NotOnTwist]) = + T: var ECP_ShortW_Prj[F2, G2], + Q: ECP_ShortW_Aff[F2, G2], + P: ECP_ShortW_Aff[F1, G1]) = ## Addition step of the Miller loop ## T and Q in G2, P in G1 ## diff --git a/constantine/pairing/miller_loops.nim b/constantine/pairing/miller_loops.nim index 12f6372..1c7f385 100644 --- a/constantine/pairing/miller_loops.nim +++ b/constantine/pairing/miller_loops.nim @@ -26,10 +26,10 @@ import template basicMillerLoop*[FT, F1, F2]( f: var FT, - T: var ECP_ShortW_Prj[F2, OnTwist], + T: var ECP_ShortW_Prj[F2, G2], line: var Line[F2], - P: ECP_ShortW_Aff[F1, NotOnTwist], - Q, nQ: ECP_ShortW_Aff[F2, OnTwist], + P: ECP_ShortW_Aff[F1, G1], + Q, nQ: ECP_ShortW_Aff[F2, G2], ate_param: untyped, ate_param_isNeg: untyped ) = @@ -65,9 +65,9 @@ template basicMillerLoop*[FT, F1, F2]( func millerCorrectionBN*[FT, F1, F2]( f: var FT, - T: var ECP_ShortW_Prj[F2, OnTwist], - Q: ECP_ShortW_Aff[F2, OnTwist], - P: ECP_ShortW_Aff[F1, NotOnTwist], + T: var ECP_ShortW_Prj[F2, G2], + Q: ECP_ShortW_Aff[F2, G2], + P: ECP_ShortW_Aff[F1, G1], ate_param_isNeg: static bool ) = ## Ate pairing for BN curves need adjustment after basic Miller loop @@ -119,9 +119,9 @@ func millerCorrectionBN*[FT, F1, F2]( func miller_init_double_then_add*[FT, F1, F2]( f: var FT, - T: var ECP_ShortW_Prj[F2, OnTwist], - Q: ECP_ShortW_Aff[F2, OnTwist], - P: ECP_ShortW_Aff[F1, NotOnTwist], + T: var ECP_ShortW_Prj[F2, G2], + Q: ECP_ShortW_Aff[F2, G2], + P: ECP_ShortW_Aff[F1, G1], numDoublings: static int ) = ## Start a Miller Loop with @@ -181,9 +181,9 @@ func miller_init_double_then_add*[FT, F1, F2]( func miller_accum_double_then_add*[FT, F1, F2]( f: var FT, - T: var ECP_ShortW_Prj[F2, OnTwist], - Q: ECP_ShortW_Aff[F2, OnTwist], - P: ECP_ShortW_Aff[F1, NotOnTwist], + T: var ECP_ShortW_Prj[F2, G2], + Q: ECP_ShortW_Aff[F2, G2], + P: ECP_ShortW_Aff[F1, G1], numDoublings: int, add = true ) = @@ -222,8 +222,8 @@ func double_jToN[N: static int, FT, F1, F2]( f: var FT, j: static int, line0, line1: var Line[F2], - Ts: var array[N, ECP_ShortW_Prj[F2, OnTwist]], - Ps: array[N, ECP_ShortW_Aff[F1, NotOnTwist]]) = + Ts: var array[N, ECP_ShortW_Prj[F2, G2]], + Ps: array[N, ECP_ShortW_Aff[F1, G1]]) = ## Doubling steps for pairings j to N {.push checks: off.} # No OverflowError or IndexError allowed @@ -246,9 +246,9 @@ func add_jToN[N: static int, FT, F1, F2]( f: var FT, j: static int, line0, line1: var Line[F2], - Ts: var array[N, ECP_ShortW_Prj[F2, OnTwist]], - Qs: array[N, ECP_ShortW_Aff[F2, OnTwist]], - Ps: array[N, ECP_ShortW_Aff[F1, NotOnTwist]])= + Ts: var array[N, ECP_ShortW_Prj[F2, G2]], + Qs: array[N, ECP_ShortW_Aff[F2, G2]], + Ps: array[N, ECP_ShortW_Aff[F1, G1]])= ## Addition steps for pairings 0 to N {.push checks: off.} # No OverflowError or IndexError allowed @@ -269,9 +269,9 @@ func add_jToN[N: static int, FT, F1, F2]( func miller_init_double_then_add*[N: static int, FT, F1, F2]( f: var FT, - Ts: var array[N, ECP_ShortW_Prj[F2, OnTwist]], - Qs: array[N, ECP_ShortW_Aff[F2, OnTwist]], - Ps: array[N, ECP_ShortW_Aff[F1, NotOnTwist]], + Ts: var array[N, ECP_ShortW_Prj[F2, G2]], + Qs: array[N, ECP_ShortW_Aff[F2, G2]], + Ps: array[N, ECP_ShortW_Aff[F1, G1]], numDoublings: static int ) = ## Start a Miller Loop @@ -328,9 +328,9 @@ func miller_init_double_then_add*[N: static int, FT, F1, F2]( func miller_accum_double_then_add*[N: static int, FT, F1, F2]( f: var FT, - Ts: var array[N, ECP_ShortW_Prj[F2, OnTwist]], - Qs: array[N, ECP_ShortW_Aff[F2, OnTwist]], - Ps: array[N, ECP_ShortW_Aff[F1, NotOnTwist]], + Ts: var array[N, ECP_ShortW_Prj[F2, G2]], + Qs: array[N, ECP_ShortW_Aff[F2, G2]], + Ps: array[N, ECP_ShortW_Aff[F1, G1]], numDoublings: int, add = true ) = diff --git a/constantine/pairing/pairing_bls12.nim b/constantine/pairing/pairing_bls12.nim index f08704a..515d935 100644 --- a/constantine/pairing/pairing_bls12.nim +++ b/constantine/pairing/pairing_bls12.nim @@ -52,14 +52,14 @@ export zoo_pairings # generic sandwich https://github.com/nim-lang/Nim/issues/11 func millerLoopGenericBLS12*[C]( f: var Fp12[C], - P: ECP_ShortW_Aff[Fp[C], NotOnTwist], - Q: ECP_ShortW_Aff[Fp2[C], OnTwist] + P: ECP_ShortW_Aff[Fp[C], G1], + Q: ECP_ShortW_Aff[Fp2[C], G2] ) {.meter.} = ## Generic Miller Loop for BLS12 curve ## Computes f{u,Q}(P) with u the BLS curve parameter var - T {.noInit.}: ECP_ShortW_Prj[Fp2[C], OnTwist] + T {.noInit.}: ECP_ShortW_Prj[Fp2[C], G2] line {.noInit.}: Line[Fp2[C]] nQ{.noInit.}: typeof(Q) @@ -79,8 +79,8 @@ func finalExpGeneric[C: static Curve](f: var Fp12[C]) = func pairing_bls12_reference*[C]( gt: var Fp12[C], - P: ECP_ShortW_Aff[Fp[C], NotOnTwist], - Q: ECP_ShortW_Aff[Fp2[C], OnTwist]) = + P: ECP_ShortW_Aff[Fp[C], G1], + Q: ECP_ShortW_Aff[Fp2[C], G2]) = ## Compute the optimal Ate Pairing for BLS12 curves ## Input: P ∈ G1, Q ∈ G2 ## Output: e(P, Q) ∈ Gt @@ -149,8 +149,8 @@ func finalExpHard_BLS12*[C](f: var Fp12[C]) {.meter.} = func pairing_bls12*[C]( gt: var Fp12[C], - P: ECP_ShortW_Aff[Fp[C], NotOnTwist], - Q: ECP_ShortW_Aff[Fp2[C], OnTwist]) {.meter.} = + P: ECP_ShortW_Aff[Fp[C], G1], + Q: ECP_ShortW_Aff[Fp2[C], G2]) {.meter.} = ## Compute the optimal Ate Pairing for BLS12 curves ## Input: P ∈ G1, Q ∈ G2 ## Output: e(P, Q) ∈ Gt @@ -160,8 +160,8 @@ func pairing_bls12*[C]( func pairing_bls12*[N: static int, C]( gt: var Fp12[C], - Ps: array[N, ECP_ShortW_Aff[Fp[C], NotOnTwist]], - Qs: array[N, ECP_ShortW_Aff[Fp2[C], OnTwist]]) {.meter.} = + Ps: array[N, ECP_ShortW_Aff[Fp[C], G1]], + Qs: array[N, ECP_ShortW_Aff[Fp2[C], G2]]) {.meter.} = ## Compute the optimal Ate Pairing for BLS12 curves ## Input: an array of Ps ∈ G1 and Qs ∈ G2 ## Output: diff --git a/constantine/pairing/pairing_bn.nim b/constantine/pairing/pairing_bn.nim index 233fd41..4230219 100644 --- a/constantine/pairing/pairing_bn.nim +++ b/constantine/pairing/pairing_bn.nim @@ -50,14 +50,14 @@ export zoo_pairings # generic sandwich https://github.com/nim-lang/Nim/issues/11 func millerLoopGenericBN*[C]( f: var Fp12[C], - P: ECP_ShortW_Aff[Fp[C], NotOnTwist], - Q: ECP_ShortW_Aff[Fp2[C], OnTwist] + P: ECP_ShortW_Aff[Fp[C], G1], + Q: ECP_ShortW_Aff[Fp2[C], G2] ) = ## Generic Miller Loop for BN curves ## Computes f{6u+2,Q}(P) with u the BN curve parameter var - T {.noInit.}: ECP_ShortW_Prj[Fp2[C], OnTwist] + T {.noInit.}: ECP_ShortW_Prj[Fp2[C], G2] line {.noInit.}: Line[Fp2[C]] nQ{.noInit.}: typeof(Q) @@ -83,8 +83,8 @@ func finalExpGeneric[C: static Curve](f: var Fp12[C]) = func pairing_bn_reference*[C]( gt: var Fp12[C], - P: ECP_ShortW_Aff[Fp[C], NotOnTwist], - Q: ECP_ShortW_Aff[Fp2[C], OnTwist]) = + P: ECP_ShortW_Aff[Fp[C], G1], + Q: ECP_ShortW_Aff[Fp2[C], G2]) = ## Compute the optimal Ate Pairing for BN curves ## Input: P ∈ G1, Q ∈ G2 ## Output: e(P, Q) ∈ Gt @@ -150,8 +150,8 @@ func finalExpHard_BN*[C: static Curve](f: var Fp12[C]) = func pairing_bn*[C]( gt: var Fp12[C], - P: ECP_ShortW_Aff[Fp[C], NotOnTwist], - Q: ECP_ShortW_Aff[Fp2[C], OnTwist]) = + P: ECP_ShortW_Aff[Fp[C], G1], + Q: ECP_ShortW_Aff[Fp2[C], G2]) = ## Compute the optimal Ate Pairing for BLS12 curves ## Input: P ∈ G1, Q ∈ G2 ## Output: e(P, Q) ∈ Gt diff --git a/constantine/protocols/ethereum_evm_precompiles.nim b/constantine/protocols/ethereum_evm_precompiles.nim index 329eab8..6acf275 100644 --- a/constantine/protocols/ethereum_evm_precompiles.nim +++ b/constantine/protocols/ethereum_evm_precompiles.nim @@ -50,7 +50,7 @@ func parseRawUint( return cttEVM_Success func fromRawCoords( - dst: var ECP_ShortW_Prj[Fp[BN254_Snarks], NotOnTwist], + dst: var ECP_ShortW_Prj[Fp[BN254_Snarks], G1], x, y: openarray[byte]): CttEVMStatus = # Deserialization @@ -76,7 +76,7 @@ func fromRawCoords( # ---------------------- # Point on curve - if not bool(isOnCurve(dst.x, dst.y, NotOnTwist)): + if not bool(isOnCurve(dst.x, dst.y, G1)): return cttEVM_PointNotOnCurve # BN254_Snarks is a curve with cofactor 1, @@ -115,7 +115,7 @@ func eth_evm_ecadd*( let lastIdx = min(inputs.len, 128) - 1 padded[0 .. lastIdx] = inputs.toOpenArray(0, lastIdx) - var P{.noInit.}, Q{.noInit.}, R{.noInit.}: ECP_ShortW_Prj[Fp[BN254_Snarks], NotOnTwist] + var P{.noInit.}, Q{.noInit.}, R{.noInit.}: ECP_ShortW_Prj[Fp[BN254_Snarks], G1] let statusP = P.fromRawCoords( x = padded.toOpenArray(0, 31), @@ -131,7 +131,7 @@ func eth_evm_ecadd*( return statusQ R.sum(P, Q) - var aff{.noInit.}: ECP_ShortW_Aff[Fp[BN254_Snarks], NotOnTwist] + var aff{.noInit.}: ECP_ShortW_Aff[Fp[BN254_Snarks], G1] aff.affineFromProjective(R) r.toOpenArray(0, 31).exportRawUint( @@ -172,7 +172,7 @@ func eth_evm_ecmul*( let lastIdx = min(inputs.len, 128) - 1 padded[0 .. lastIdx] = inputs.toOpenArray(0, lastIdx) - var P{.noInit.}: ECP_ShortW_Prj[Fp[BN254_Snarks], NotOnTwist] + var P{.noInit.}: ECP_ShortW_Prj[Fp[BN254_Snarks], G1] let statusP = P.fromRawCoords( x = padded.toOpenArray(0, 31), @@ -205,7 +205,7 @@ func eth_evm_ecmul*( else: P.scalarMul(s) - var aff{.noInit.}: ECP_ShortW_Aff[Fp[BN254_Snarks], NotOnTwist] + var aff{.noInit.}: ECP_ShortW_Aff[Fp[BN254_Snarks], G1] aff.affineFromProjective(P) r.toOpenArray(0, 31).exportRawUint( @@ -215,14 +215,14 @@ func eth_evm_ecmul*( aff.y, bigEndian ) -func subgroupCheck(P: ECP_ShortW_Aff[Fp2[BN254_Snarks], OnTwist]): bool = +func subgroupCheck(P: ECP_ShortW_Aff[Fp2[BN254_Snarks], G2]): bool = ## A point may be on a curve but in case the curve has a cofactor != 1 ## that point may not be in the correct cyclic subgroup. ## If we are on the subgroup of order r then [r]P = 0 # TODO: Generic for any curve - var Q{.noInit.}: ECP_ShortW_Prj[Fp2[BN254_Snarks], OnTwist] + var Q{.noInit.}: ECP_ShortW_Prj[Fp2[BN254_Snarks], G2] # TODO: precompute up to the endomorphism decomposition # or implement fixed base scalar mul @@ -242,7 +242,7 @@ func subgroupCheck(P: ECP_ShortW_Aff[Fp2[BN254_Snarks], OnTwist]): bool = return bool(Q.isInf()) func fromRawCoords( - dst: var ECP_ShortW_Aff[Fp[BN254_Snarks], NotOnTwist], + dst: var ECP_ShortW_Aff[Fp[BN254_Snarks], G1], x, y: openarray[byte]): CttEVMStatus = # Deserialization @@ -264,7 +264,7 @@ func fromRawCoords( # ---------------------- # Point on curve - if not bool(isOnCurve(dst.x, dst.y, NotOnTwist)): + if not bool(isOnCurve(dst.x, dst.y, G1)): return cttEVM_PointNotOnCurve # BN254_Snarks is a curve with cofactor 1, @@ -273,7 +273,7 @@ func fromRawCoords( return cttEVM_Success func fromRawCoords( - dst: var ECP_ShortW_Aff[Fp2[BN254_Snarks], OnTwist], + dst: var ECP_ShortW_Aff[Fp2[BN254_Snarks], G2], x0, x1, y0, y1: openarray[byte]): CttEVMStatus = # Deserialization @@ -302,7 +302,7 @@ func fromRawCoords( # ---------------------- # Point on curve - if not bool(isOnCurve(dst.x, dst.y, OnTwist)): + if not bool(isOnCurve(dst.x, dst.y, G2)): return cttEVM_PointNotOnCurve if not subgroupCheck(dst): @@ -342,8 +342,8 @@ func eth_evm_ecpairing*( return var gt0{.noInit.}, gt1{.noInit.}: Fp12[BN254_Snarks] - var P{.noInit.}: ECP_ShortW_Aff[Fp[BN254_Snarks], NotOnTwist] - var Q{.noInit.}: ECP_ShortW_Aff[Fp2[BN254_Snarks], OnTwist] + var P{.noInit.}: ECP_ShortW_Aff[Fp[BN254_Snarks], G1] + var Q{.noInit.}: ECP_ShortW_Aff[Fp2[BN254_Snarks], G2] for i in 0 ..< N: let pos = i*192 diff --git a/metering/README.md b/metering/README.md index f31efbd..1d038b5 100644 --- a/metering/README.md +++ b/metering/README.md @@ -34,8 +34,8 @@ func random_point*(rng: var RngState, EC: typedesc): EC {.noInit.} = proc pairingBLS12Meter*(C: static Curve) = let - P = rng.random_point(ECP_ShortW_Prj[Fp[C], NotOnTwist]) - Q = rng.random_point(ECP_ShortW_Prj[Fp2[C], OnTwist]) + P = rng.random_point(ECP_ShortW_Prj[Fp[C], G1]) + Q = rng.random_point(ECP_ShortW_Prj[Fp2[C], G2]) var f: Fp12[C] diff --git a/metering/m_pairings.nim b/metering/m_pairings.nim index 25aae65..dcc6911 100644 --- a/metering/m_pairings.nim +++ b/metering/m_pairings.nim @@ -28,8 +28,8 @@ func random_point*(rng: var RngState, EC: typedesc): EC {.noInit.} = proc pairingBLS12Meter*(C: static Curve) = let - P = rng.random_point(ECP_ShortW_Prj[Fp[C], NotOnTwist]) - Q = rng.random_point(ECP_ShortW_Prj[Fp2[C], OnTwist]) + P = rng.random_point(ECP_ShortW_Prj[Fp[C], G1]) + Q = rng.random_point(ECP_ShortW_Prj[Fp2[C], G2]) var f: Fp12[C] diff --git a/research/kzg_poly_commit/fft_g1.nim b/research/kzg_poly_commit/fft_g1.nim index fe8a062..968bd4f 100644 --- a/research/kzg_poly_commit/fft_g1.nim +++ b/research/kzg_poly_commit/fft_g1.nim @@ -220,8 +220,8 @@ when isMainModule: std/[times, monotimes, strformat], ../../helpers/prng_unsafe - type G1 = ECP_ShortW_Prj[Fp[BLS12_381], NotOnTwist] - var Generator1: ECP_ShortW_Aff[Fp[BLS12_381], NotOnTwist] + type G1 = ECP_ShortW_Prj[Fp[BLS12_381], G1] + var Generator1: ECP_ShortW_Aff[Fp[BLS12_381], G1] doAssert Generator1.fromHex( "0x17f1d3a73197d7942695638c4fa9ac0fc3688c4f9774b905a14e3a3f171bac586c55e83ff97a1aeffb3af00adb22c6bb", "0x08b3f481e3aaa0f1a09e30ed741d8ae4fcf5e095d5d00af600db18cb2c04b3edd03cc744a2888ae40caa232946c5e7e1" diff --git a/research/kzg_poly_commit/kzg_single_proofs.nim b/research/kzg_poly_commit/kzg_single_proofs.nim index 138615a..db64750 100644 --- a/research/kzg_poly_commit/kzg_single_proofs.nim +++ b/research/kzg_poly_commit/kzg_single_proofs.nim @@ -18,8 +18,8 @@ import ./fft_fr type - G1 = ECP_ShortW_Prj[Fp[BLS12_381], NotOnTwist] - G2 = ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist] + G1 = ECP_ShortW_Prj[Fp[BLS12_381], G1] + G2 = ECP_ShortW_Prj[Fp2[BLS12_381], G2] KZGDescriptor = object fftDesc: FFTDescriptor[Fr[BLS12_381]] @@ -29,13 +29,13 @@ type # [b.multiply(b.G2, pow(s, i, MODULUS)) for i in range(WIDTH+1)] secretG2: seq[G2] -var Generator1: ECP_ShortW_Aff[Fp[BLS12_381], NotOnTwist] +var Generator1: ECP_ShortW_Aff[Fp[BLS12_381], G1] doAssert Generator1.fromHex( "0x17f1d3a73197d7942695638c4fa9ac0fc3688c4f9774b905a14e3a3f171bac586c55e83ff97a1aeffb3af00adb22c6bb", "0x08b3f481e3aaa0f1a09e30ed741d8ae4fcf5e095d5d00af600db18cb2c04b3edd03cc744a2888ae40caa232946c5e7e1" ) -var Generator2: ECP_ShortW_Aff[Fp2[BLS12_381], OnTwist] +var Generator2: ECP_ShortW_Aff[Fp2[BLS12_381], G2] doAssert Generator2.fromHex( "0x024aa2b2f08f0a91260805272dc51051c6e47ad4fa403b02b4510b647ae3d1770bac0326a805bbefd48056c8c121bdb8", "0x13e02b6052719f607dacd3a088274f65596bd0d09920b61ab5da61bbdc7f5049334cf11213945d57e5ac7d055d042b7e", diff --git a/research/kzg_poly_commit/polynomials.nim b/research/kzg_poly_commit/polynomials.nim index ae88917..9f39ad4 100644 --- a/research/kzg_poly_commit/polynomials.nim +++ b/research/kzg_poly_commit/polynomials.nim @@ -14,10 +14,10 @@ import ] type - G1 = ECP_ShortW_Prj[Fp[BLS12_381], NotOnTwist] - G2 = ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist] - G1aff = ECP_ShortW_Aff[Fp[BLS12_381], NotOnTwist] - G2aff = ECP_ShortW_Aff[Fp2[BLS12_381], OnTwist] + G1 = ECP_ShortW_Prj[Fp[BLS12_381], G1] + G2 = ECP_ShortW_Prj[Fp2[BLS12_381], G2] + G1aff = ECP_ShortW_Aff[Fp[BLS12_381], G1] + G2aff = ECP_ShortW_Aff[Fp2[BLS12_381], G2] GT = Fp12[BLS12_381] func linear_combination*( diff --git a/tests/t_ec_frobenius.nim b/tests/t_ec_frobenius.nim index ff50f75..bd13335 100644 --- a/tests/t_ec_frobenius.nim +++ b/tests/t_ec_frobenius.nim @@ -55,7 +55,7 @@ suite "ψ (Psi) - Untwist-Frobenius-Twist Endomorphism on G2 vs SageMath" & " [" # - sage sage/frobenius_bls12_381.sage test( id = 0, - EC = ECP_ShortW_Prj[Fp2[BN254_Snarks], OnTwist], + EC = ECP_ShortW_Prj[Fp2[BN254_Snarks], G2], Px0 = "598e4c8c14c24c90834f2debedee4db3d31fed98a5134177704bfec14f46cb5", Px1 = "c6fffa61daeb7caaf96983e70f164931d958c6820b205cdde19f2fa1eaaa7b1", Py0 = "2f5fa252a27df56f5ca2e9c3382c17e531d317d50396f3fe952704304946a5a", @@ -68,7 +68,7 @@ suite "ψ (Psi) - Untwist-Frobenius-Twist Endomorphism on G2 vs SageMath" & " [" test( id = 1, - EC = ECP_ShortW_Prj[Fp2[BN254_Snarks], OnTwist], + EC = ECP_ShortW_Prj[Fp2[BN254_Snarks], G2], Px0 = "21014830dd88a0e7961e704cea531200866c5df46cb25aa3e2aac8d4fec64c6e", Px1 = "1db17d8364def10443beab6e4a055c210d3e49c7c3af31e9cfb66d829938dca7", Py0 = "1394ab8c346ad3eba14fa14789d3bbfc2deed5a7a510da8e9418580515d27bda", @@ -81,7 +81,7 @@ suite "ψ (Psi) - Untwist-Frobenius-Twist Endomorphism on G2 vs SageMath" & " [" test( id = 2, - EC = ECP_ShortW_Prj[Fp2[BN254_Snarks], OnTwist], + EC = ECP_ShortW_Prj[Fp2[BN254_Snarks], G2], Px0 = "46f2a2be9a3e19c1bb484fc37703ff64c3d7379de22249ccf0881037948beec", Px1 = "10a5aaae14cb028f4ff4b81d41b712038b9f620a99e208c23504887e56831806", Py0 = "2e6c3ebe0f3dada0063dc59f85fe2264dc3502bf65206336106a8d39d838a7b2", @@ -94,7 +94,7 @@ suite "ψ (Psi) - Untwist-Frobenius-Twist Endomorphism on G2 vs SageMath" & " [" test( id = 3, - EC = ECP_ShortW_Prj[Fp2[BN254_Snarks], OnTwist], + EC = ECP_ShortW_Prj[Fp2[BN254_Snarks], G2], Px0 = "1cf3af1d41e89d8df378aa81463a978c021f27f4a48387e74655ce2cf5c1f298", Px1 = "36553e80e5c7c7360c7a2ae6bf1b8f68eb48804fc7eba7d2f56f09e87bbb0b1", Py0 = "25f03e551d74b6be3268bf001905dfbe0bcbe43a2d1aac645a3ca8650b52e551", @@ -109,7 +109,7 @@ suite "ψ (Psi) - Untwist-Frobenius-Twist Endomorphism on G2 vs SageMath" & " [" test( id = 0, - EC = ECP_ShortW_Prj[Fp2[BLS12_377], OnTwist], + EC = ECP_ShortW_Prj[Fp2[BLS12_377], G2], Px0 = "112de13b7cd42bccdb005f2d4dc2726f360243103335ef6cf5e217e777554ae7c1deff5ddb5bcbb581fc9f13728a439", Px1 = "10d1a8963e5c6854d5e610ece9914f9b5619c27652be1e9ec3e87687d63ed5d45b449bf59c2481e18ac6159f75966ac", Py0 = "8aaf3a8660cf0edd6e97a2cd7837af1c63ec89e18f9bf4c64638662a661636b928a4f8097e6a2e8dfa11e13c51b075", @@ -122,7 +122,7 @@ suite "ψ (Psi) - Untwist-Frobenius-Twist Endomorphism on G2 vs SageMath" & " [" test( id = 1, - EC = ECP_ShortW_Prj[Fp2[BLS12_377], OnTwist], + EC = ECP_ShortW_Prj[Fp2[BLS12_377], G2], Px0 = "2f9318360b53c2d706061f527571e91679e6086a72ce8203ba1a04850f83bb192b29307e9b2d63feb1d23979e3f632", Px1 = "3cbab0789968a3a35fa5d2e2326baa40c34d11a4af05a4109350944300ce32eef74dc5e47ba46717bd8bf87604696d", Py0 = "14ea84922f76f2681fec869dce26141392975dcdb4f21d5fa8aec06b37bf71ba6249c219ecbaef4a266196dafb4ad19", @@ -135,7 +135,7 @@ suite "ψ (Psi) - Untwist-Frobenius-Twist Endomorphism on G2 vs SageMath" & " [" test( id = 2, - EC = ECP_ShortW_Prj[Fp2[BLS12_377], OnTwist], + EC = ECP_ShortW_Prj[Fp2[BLS12_377], G2], Px0 = "833ca23630be463c388ea6cfcff5b0e3b055065702a84310d2c726aee14d9e140cba05be79b5cb0441816d9e8c8370", Px1 = "264a9755524baac8d9e53b0a45789e9dafcb6b453e965061fcfa20bb12a27d9b9417d5277ae2a499b1cfe567d75e2d", Py0 = "5b670b9789825e2b48101b5b6e660cf9117e29c521dad54640cb356b674b3946c98cb43909c3495fb6d6d231891b7e", @@ -148,7 +148,7 @@ suite "ψ (Psi) - Untwist-Frobenius-Twist Endomorphism on G2 vs SageMath" & " [" test( id = 3, - EC = ECP_ShortW_Prj[Fp2[BLS12_377], OnTwist], + EC = ECP_ShortW_Prj[Fp2[BLS12_377], G2], Px0 = "14cd89e2e2755ddc086f63fd62e1f9904c3c1497243455c578a963e81b389f04e95ceafc4f47dc777579cdc82eca79b", Px1 = "ba8801beba0654f20ccb78783efa7a911d182ec0eb99abe10f9a3d26b46fb7f90552e4ff6beb4df4611a9072be648b", Py0 = "12e23bc97d891f2a047bac9c90e728cb89760c812156f96c95e36c40f1c830cf6ecbb5d407b189070d48a92eb461ea6", @@ -163,7 +163,7 @@ suite "ψ (Psi) - Untwist-Frobenius-Twist Endomorphism on G2 vs SageMath" & " [" test( id = 0, - EC = ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist], + EC = ECP_ShortW_Prj[Fp2[BLS12_381], G2], Px0 = "d6904be428a0310dbd6e15a744a774bcf9800abe27536267a5383f1ddbd7783e1dc20098a8e045e3cca66b83f6d7f0f", Px1 = "12107f6ef71d0d1e3bcba9e00a0675d3080519dd1b6c086bd660eb2d2bca8f276e283a891b5c0615064d7886af625cf2", Py0 = "c592a3546d2d61d671070909e97860822db0a389e351c1744bdbb2c472cf52f3ca3e94068b0b6f3b0121923659131f5", @@ -176,7 +176,7 @@ suite "ψ (Psi) - Untwist-Frobenius-Twist Endomorphism on G2 vs SageMath" & " [" test( id = 1, - EC = ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist], + EC = ECP_ShortW_Prj[Fp2[BLS12_381], G2], Px0 = "112de130b7cd42bccdb005f2d4dc2726f360243103335ef6cf5e217e777554ae7c1deff5ddb5bcbb581fc9f13728a439", Px1 = "10d1a89a63e5c6854d5e610ece9914f9b5619c27652be1e9ec3e87687d63ed5d45b449bf59c2481e18ac6159f75966ac", Py0 = "11261c8fcb0f4f560479547fe6b2a1c1e8b648d87e54c39f299eba8729294e99b415851d134ca31e8bb861c42e6f1022", @@ -189,7 +189,7 @@ suite "ψ (Psi) - Untwist-Frobenius-Twist Endomorphism on G2 vs SageMath" & " [" test( id = 2, - EC = ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist], + EC = ECP_ShortW_Prj[Fp2[BLS12_381], G2], Px0 = "2f93183360b53c2d706061f527571e91679e6086a72ce8203ba1a04850f83bb192b29307e9b2d63feb1d23979e3f632", Px1 = "3cbab0c789968a3a35fa5d2e2326baa40c34d11a4af05a4109350944300ce32eef74dc5e47ba46717bd8bf87604696d", Py0 = "2b8d995b0f2114442b7bbdbe5732fbf94430d6d413e1f388031f3abb956e598cb6764275a75832c1670868c458378b6", @@ -202,7 +202,7 @@ suite "ψ (Psi) - Untwist-Frobenius-Twist Endomorphism on G2 vs SageMath" & " [" test( id = 3, - EC = ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist], + EC = ECP_ShortW_Prj[Fp2[BLS12_381], G2], Px0 = "d7d1c55ddf8bd03b7a15c3ea4f8f69aee37bf282d4aac82b7bd1fd47139250b9c708997a7ff8f603e48f0471c2cfe03", Px1 = "d145a91934a6ad865d24ab556ae1e6c42decdd05d676b80e53365a6ff7536332859c9682e7200e40515f675415d71a3", Py0 = "6de67fa12af93813a42612b1e9449c7b1f160c5de004ec26ea61010e48ba38dcf158d2692f347fdc6c6332bbec7106f", @@ -240,11 +240,11 @@ suite "ψ - psi(psi(P)) == psi2(P) - (Untwist-Frobenius-Twist Endomorphism)" & " test(EC, randZ = false, gen = Long01Sequence) test(EC, randZ = true, gen = Long01Sequence) - testAll(ECP_ShortW_Prj[Fp2[BN254_Nogami], OnTwist]) - testAll(ECP_ShortW_Prj[Fp2[BN254_Snarks], OnTwist]) - testAll(ECP_ShortW_Prj[Fp2[BLS12_377], OnTwist]) - testAll(ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist]) - testAll(ECP_ShortW_Prj[Fp[BW6_761], OnTwist]) + testAll(ECP_ShortW_Prj[Fp2[BN254_Nogami], G2]) + testAll(ECP_ShortW_Prj[Fp2[BN254_Snarks], G2]) + testAll(ECP_ShortW_Prj[Fp2[BLS12_377], G2]) + testAll(ECP_ShortW_Prj[Fp2[BLS12_381], G2]) + testAll(ECP_ShortW_Prj[Fp[BW6_761], G2]) suite "ψ²(P) - [t]ψ(P) + [p]P = Inf" & " [" & $WordBitwidth & "-bit mode]": const Iters = 10 @@ -307,11 +307,11 @@ suite "ψ²(P) - [t]ψ(P) + [p]P = Inf" & " [" & $WordBitwidth & "-bit mode]": test(EC, randZ = false, gen = Long01Sequence) test(EC, randZ = true, gen = Long01Sequence) - testAll(ECP_ShortW_Prj[Fp2[BN254_Nogami], OnTwist]) - testAll(ECP_ShortW_Prj[Fp2[BN254_Snarks], OnTwist]) - testAll(ECP_ShortW_Prj[Fp2[BLS12_377], OnTwist]) - testAll(ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist]) - testAll(ECP_ShortW_Prj[Fp[BW6_761], OnTwist]) + testAll(ECP_ShortW_Prj[Fp2[BN254_Nogami], G2]) + testAll(ECP_ShortW_Prj[Fp2[BN254_Snarks], G2]) + testAll(ECP_ShortW_Prj[Fp2[BLS12_377], G2]) + testAll(ECP_ShortW_Prj[Fp2[BLS12_381], G2]) + testAll(ECP_ShortW_Prj[Fp[BW6_761], G2]) suite "ψ⁴(P) - ψ²(P) + P = Inf (k-th cyclotomic polynomial with embedding degree k=12)" & " [" & $WordBitwidth & "-bit mode]": const Iters = 10 @@ -338,10 +338,10 @@ suite "ψ⁴(P) - ψ²(P) + P = Inf (k-th cyclotomic polynomial with embedding d test(EC, randZ = false, gen = Long01Sequence) test(EC, randZ = true, gen = Long01Sequence) - testAll(ECP_ShortW_Prj[Fp2[BN254_Nogami], OnTwist]) - testAll(ECP_ShortW_Prj[Fp2[BN254_Snarks], OnTwist]) - testAll(ECP_ShortW_Prj[Fp2[BLS12_377], OnTwist]) - testAll(ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist]) + testAll(ECP_ShortW_Prj[Fp2[BN254_Nogami], G2]) + testAll(ECP_ShortW_Prj[Fp2[BN254_Snarks], G2]) + testAll(ECP_ShortW_Prj[Fp2[BLS12_377], G2]) + testAll(ECP_ShortW_Prj[Fp2[BLS12_381], G2]) suite "ψ²(P) - ψ(P) + P = Inf (k-th cyclotomic polynomial with embedding degree k=6)" & " [" & $WordBitwidth & "-bit mode]": const Iters = 10 @@ -368,4 +368,4 @@ suite "ψ²(P) - ψ(P) + P = Inf (k-th cyclotomic polynomial with embedding degr test(EC, randZ = false, gen = Long01Sequence) test(EC, randZ = true, gen = Long01Sequence) - testAll(ECP_ShortW_Prj[Fp[BW6_761], OnTwist]) + testAll(ECP_ShortW_Prj[Fp[BW6_761], G2]) diff --git a/tests/t_ec_sage_bls12_377.nim b/tests/t_ec_sage_bls12_377.nim index af9ba48..fe9c421 100644 --- a/tests/t_ec_sage_bls12_377.nim +++ b/tests/t_ec_sage_bls12_377.nim @@ -16,21 +16,21 @@ import ./t_ec_sage_template run_scalar_mul_test_vs_sage( - ECP_ShortW_Prj[Fp[BLS12_377], NotOnTwist], + ECP_ShortW_Prj[Fp[BLS12_377], G1], "t_ec_sage_bls12_377_g1_projective" ) run_scalar_mul_test_vs_sage( - ECP_ShortW_Jac[Fp[BLS12_377], NotOnTwist], + ECP_ShortW_Jac[Fp[BLS12_377], G1], "t_ec_sage_bls12_377_g1_jacobian" ) run_scalar_mul_test_vs_sage( - ECP_ShortW_Prj[Fp2[BLS12_377], OnTwist], + ECP_ShortW_Prj[Fp2[BLS12_377], G2], "t_ec_sage_bls12_377_g2_projective" ) run_scalar_mul_test_vs_sage( - ECP_ShortW_Jac[Fp2[BLS12_377], OnTwist], + ECP_ShortW_Jac[Fp2[BLS12_377], G2], "t_ec_sage_bls12_377_g2_jacobian" ) diff --git a/tests/t_ec_sage_bls12_381.nim b/tests/t_ec_sage_bls12_381.nim index b1dd06c..72d7d9f 100644 --- a/tests/t_ec_sage_bls12_381.nim +++ b/tests/t_ec_sage_bls12_381.nim @@ -16,21 +16,21 @@ import ./t_ec_sage_template run_scalar_mul_test_vs_sage( - ECP_ShortW_Prj[Fp[BLS12_381], NotOnTwist], + ECP_ShortW_Prj[Fp[BLS12_381], G1], "t_ec_sage_bls12_381_g1_projective" ) run_scalar_mul_test_vs_sage( - ECP_ShortW_Jac[Fp[BLS12_381], NotOnTwist], + ECP_ShortW_Jac[Fp[BLS12_381], G1], "t_ec_sage_bls12_381_g1_jacobian" ) run_scalar_mul_test_vs_sage( - ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist], + ECP_ShortW_Prj[Fp2[BLS12_381], G2], "t_ec_sage_bls12_381_g2_projective" ) run_scalar_mul_test_vs_sage( - ECP_ShortW_Jac[Fp2[BLS12_381], OnTwist], + ECP_ShortW_Jac[Fp2[BLS12_381], G2], "t_ec_sage_bls12_381_g2_jacobian" ) diff --git a/tests/t_ec_sage_bn254_nogami.nim b/tests/t_ec_sage_bn254_nogami.nim index 910502c..65a771b 100644 --- a/tests/t_ec_sage_bn254_nogami.nim +++ b/tests/t_ec_sage_bn254_nogami.nim @@ -16,21 +16,21 @@ import ./t_ec_sage_template run_scalar_mul_test_vs_sage( - ECP_ShortW_Prj[Fp[BN254_Nogami], NotOnTwist], + ECP_ShortW_Prj[Fp[BN254_Nogami], G1], "t_ec_sage_bn254_nogami_g1_projective" ) run_scalar_mul_test_vs_sage( - ECP_ShortW_Jac[Fp[BN254_Nogami], NotOnTwist], + ECP_ShortW_Jac[Fp[BN254_Nogami], G1], "t_ec_sage_bn254_nogami_g1_jacobian" ) run_scalar_mul_test_vs_sage( - ECP_ShortW_Prj[Fp2[BN254_Nogami], OnTwist], + ECP_ShortW_Prj[Fp2[BN254_Nogami], G2], "t_ec_sage_bn254_nogami_g2_projective" ) run_scalar_mul_test_vs_sage( - ECP_ShortW_Jac[Fp2[BN254_Nogami], OnTwist], + ECP_ShortW_Jac[Fp2[BN254_Nogami], G2], "t_ec_sage_bn254_nogami_g2_jacobian" ) diff --git a/tests/t_ec_sage_bn254_snarks.nim b/tests/t_ec_sage_bn254_snarks.nim index a2277da..a971b79 100644 --- a/tests/t_ec_sage_bn254_snarks.nim +++ b/tests/t_ec_sage_bn254_snarks.nim @@ -16,21 +16,21 @@ import ./t_ec_sage_template run_scalar_mul_test_vs_sage( - ECP_ShortW_Prj[Fp[BN254_Snarks], NotOnTwist], + ECP_ShortW_Prj[Fp[BN254_Snarks], G1], "t_ec_sage_bn254_snarks_g1_projective" ) run_scalar_mul_test_vs_sage( - ECP_ShortW_Jac[Fp[BN254_Snarks], NotOnTwist], + ECP_ShortW_Jac[Fp[BN254_Snarks], G1], "t_ec_sage_bn254_snarks_g1_jacobian" ) run_scalar_mul_test_vs_sage( - ECP_ShortW_Prj[Fp2[BN254_Snarks], OnTwist], + ECP_ShortW_Prj[Fp2[BN254_Snarks], G2], "t_ec_sage_bn254_snarks_g2_projective" ) run_scalar_mul_test_vs_sage( - ECP_ShortW_Jac[Fp2[BN254_Snarks], OnTwist], + ECP_ShortW_Jac[Fp2[BN254_Snarks], G2], "t_ec_sage_bn254_snarks_g2_jacobian" ) diff --git a/tests/t_ec_sage_bw6_761_g1.nim b/tests/t_ec_sage_bw6_761_g1.nim index 3e455c7..69ebb0a 100644 --- a/tests/t_ec_sage_bw6_761_g1.nim +++ b/tests/t_ec_sage_bw6_761_g1.nim @@ -14,28 +14,28 @@ import # Test utilities ./t_ec_sage_template -# When ECP_ShortW_Aff[Fp[Foo], NotOnTwist] -# and ECP_ShortW_Aff[Fp[Foo], OnTwist] +# When ECP_ShortW_Aff[Fp[Foo], G1] +# and ECP_ShortW_Aff[Fp[Foo], G2] # are generated in the same file (i.e. twists and base curve are both on Fp) # this creates bad codegen, in the C code, the `value`parameter gets the wrong type # TODO: upstream run_scalar_mul_test_vs_sage( - ECP_ShortW_Prj[Fp[BW6_761], NotOnTwist], + ECP_ShortW_Prj[Fp[BW6_761], G1], "t_ec_sage_bw6_761_g1_projective" ) run_scalar_mul_test_vs_sage( - ECP_ShortW_Jac[Fp[BW6_761], NotOnTwist], + ECP_ShortW_Jac[Fp[BW6_761], G1], "t_ec_sage_bw6_761_g1_jacobian" ) # run_scalar_mul_test_vs_sage( -# ECP_ShortW_Prj[Fp[BW6_761], OnTwist], +# ECP_ShortW_Prj[Fp[BW6_761], G2], # "t_ec_sage_bw6_761_g2_projective" # ) # run_scalar_mul_test_vs_sage( -# ECP_ShortW_Jac[Fp[BW6_761], OnTwist], +# ECP_ShortW_Jac[Fp[BW6_761], G2], # "t_ec_sage_bw6_761_g2_jacobian" # ) diff --git a/tests/t_ec_sage_bw6_761_g2.nim b/tests/t_ec_sage_bw6_761_g2.nim index a15ad14..d5fa368 100644 --- a/tests/t_ec_sage_bw6_761_g2.nim +++ b/tests/t_ec_sage_bw6_761_g2.nim @@ -14,28 +14,28 @@ import # Test utilities ./t_ec_sage_template -# When ECP_ShortW_Aff[Fp[Foo], NotOnTwist] -# and ECP_ShortW_Aff[Fp[Foo], OnTwist] +# When ECP_ShortW_Aff[Fp[Foo], G1] +# and ECP_ShortW_Aff[Fp[Foo], G2] # are generated in the same file (i.e. twists and base curve are both on Fp) # this creates bad codegen, in the C code, the `value`parameter gets the wrong type # TODO: upstream # run_scalar_mul_test_vs_sage( -# ECP_ShortW_Prj[Fp[BW6_761], NotOnTwist], +# ECP_ShortW_Prj[Fp[BW6_761], G1], # "t_ec_sage_bw6_761_g1_projective" # ) # run_scalar_mul_test_vs_sage( -# ECP_ShortW_Jac[Fp[BW6_761], NotOnTwist], +# ECP_ShortW_Jac[Fp[BW6_761], G1], # "t_ec_sage_bw6_761_g1_jacobian" # ) run_scalar_mul_test_vs_sage( - ECP_ShortW_Prj[Fp[BW6_761], OnTwist], + ECP_ShortW_Prj[Fp[BW6_761], G2], "t_ec_sage_bw6_761_g2_projective" ) run_scalar_mul_test_vs_sage( - ECP_ShortW_Jac[Fp[BW6_761], OnTwist], + ECP_ShortW_Jac[Fp[BW6_761], G2], "t_ec_sage_bw6_761_g2_jacobian" ) diff --git a/tests/t_ec_sage_template.nim b/tests/t_ec_sage_template.nim index 0f43bf8..49b21e3 100644 --- a/tests/t_ec_sage_template.nim +++ b/tests/t_ec_sage_template.nim @@ -140,8 +140,8 @@ proc parseHook*(src: string, pos: var int, value: var BigInt) = proc parseHook*(src: string, pos: var int, value: var ECP_ShortW_Aff) = # Note when nim-serialization was used: - # When ECP_ShortW_Aff[Fp[Foo], NotOnTwist] - # and ECP_ShortW_Aff[Fp[Foo], OnTwist] + # When ECP_ShortW_Aff[Fp[Foo], G1] + # and ECP_ShortW_Aff[Fp[Foo], G2] # are generated in the same file (i.e. twists and base curve are both on Fp) # this creates bad codegen, in the C code, the `value`parameter gets the wrong type # TODO: upstream @@ -165,7 +165,7 @@ proc parseHook*(src: string, pos: var int, value: var ECP_ShortW_Aff) = {.error: "Not Implemented".} proc loadVectors(TestType: typedesc): TestType = - const group = when TestType.EC.Tw == NotOnTwist: "G1" + const group = when TestType.EC.G == G1: "G1" else: "G2" const filename = "tv_" & $TestType.EC.F.C & "_scalar_mul_" & group & ".json" let content = readFile(TestVectorsDir/filename) @@ -181,12 +181,12 @@ proc run_scalar_mul_test_vs_sage*( echo "\n------------------------------------------------------\n" echo moduleName & '\n' - when EC.Tw == NotOnTwist: + when EC.G == G1: const G1_or_G2 = "G1" - let vec = loadVectors(ScalarMulTestG1[ECP_ShortW_Aff[EC.F, EC.Tw]]) + let vec = loadVectors(ScalarMulTestG1[ECP_ShortW_Aff[EC.F, EC.G]]) else: const G1_or_G2 = "G2" - let vec = loadVectors(ScalarMulTestG2[ECP_ShortW_Aff[EC.F, EC.Tw]]) + let vec = loadVectors(ScalarMulTestG2[ECP_ShortW_Aff[EC.F, EC.G]]) const coord = when EC is ECP_ShortW_Prj: " Projective coordinates " elif EC is ECP_ShortW_Jac: " Jacobian coordinates " diff --git a/tests/t_ec_shortw_jac_g1_add_double.nim b/tests/t_ec_shortw_jac_g1_add_double.nim index 469f63f..b94fd0a 100644 --- a/tests/t_ec_shortw_jac_g1_add_double.nim +++ b/tests/t_ec_shortw_jac_g1_add_double.nim @@ -17,25 +17,25 @@ const Iters = 8 run_EC_addition_tests( - ec = ECP_ShortW_Jac[Fp[BN254_Snarks], NotOnTwist], + ec = ECP_ShortW_Jac[Fp[BN254_Snarks], G1], Iters = Iters, moduleName = "test_ec_shortweierstrass_jacobian_g1_add_double_" & $BN254_Snarks ) run_EC_addition_tests( - ec = ECP_ShortW_Jac[Fp[BLS12_381], NotOnTwist], + ec = ECP_ShortW_Jac[Fp[BLS12_381], G1], Iters = Iters, moduleName = "test_ec_shortweierstrass_jacobian_g1_add_double_" & $BLS12_381 ) run_EC_addition_tests( - ec = ECP_ShortW_Jac[Fp[BLS12_377], NotOnTwist], + ec = ECP_ShortW_Jac[Fp[BLS12_377], G1], Iters = Iters, moduleName = "test_ec_shortweierstrass_jacobian_g1_add_double_" & $BLS12_377 ) run_EC_addition_tests( - ec = ECP_ShortW_Jac[Fp[BW6_761], NotOnTwist], + ec = ECP_ShortW_Jac[Fp[BW6_761], G1], Iters = Iters, moduleName = "test_ec_shortweierstrass_jacobian_g1_add_double_" & $BLS12_377 ) diff --git a/tests/t_ec_shortw_jac_g1_mixed_add.nim b/tests/t_ec_shortw_jac_g1_mixed_add.nim index e90356b..c1587af 100644 --- a/tests/t_ec_shortw_jac_g1_mixed_add.nim +++ b/tests/t_ec_shortw_jac_g1_mixed_add.nim @@ -18,25 +18,25 @@ const Iters = 12 run_EC_mixed_add_impl( - ec = ECP_ShortW_Jac[Fp[BN254_Snarks], NotOnTwist], + ec = ECP_ShortW_Jac[Fp[BN254_Snarks], G1], Iters = Iters, moduleName = "test_ec_shortweierstrass_jacobian_mixed_add_" & $BN254_Snarks ) run_EC_mixed_add_impl( - ec = ECP_ShortW_Jac[Fp[BLS12_381], NotOnTwist], + ec = ECP_ShortW_Jac[Fp[BLS12_381], G1], Iters = Iters, moduleName = "test_ec_shortweierstrass_jacobian_mixed_add_" & $BLS12_381 ) run_EC_mixed_add_impl( - ec = ECP_ShortW_Jac[Fp[BLS12_377], NotOnTwist], + ec = ECP_ShortW_Jac[Fp[BLS12_377], G1], Iters = Iters, moduleName = "test_ec_shortweierstrass_jacobian_mixed_add_" & $BLS12_377 ) run_EC_mixed_add_impl( - ec = ECP_ShortW_Jac[Fp[BW6_761], NotOnTwist], + ec = ECP_ShortW_Jac[Fp[BW6_761], G1], Iters = Iters, moduleName = "test_ec_shortweierstrass_jacobian_mixed_add_" & $BW6_761 ) diff --git a/tests/t_ec_shortw_jac_g1_mul_distri.nim b/tests/t_ec_shortw_jac_g1_mul_distri.nim index b0c1144..2f700b5 100644 --- a/tests/t_ec_shortw_jac_g1_mul_distri.nim +++ b/tests/t_ec_shortw_jac_g1_mul_distri.nim @@ -18,25 +18,25 @@ const ItersMul = Iters div 4 run_EC_mul_distributive_tests( - ec = ECP_ShortW_Jac[Fp[BN254_Snarks], NotOnTwist], + ec = ECP_ShortW_Jac[Fp[BN254_Snarks], G1], ItersMul = ItersMul, moduleName = "test_ec_shortweierstrass_jacobian_g1_mul_distributive_" & $BN254_Snarks ) run_EC_mul_distributive_tests( - ec = ECP_ShortW_Jac[Fp[BLS12_381], NotOnTwist], + ec = ECP_ShortW_Jac[Fp[BLS12_381], G1], ItersMul = ItersMul, moduleName = "test_ec_shortweierstrass_jacobian_g1_mul_distributive_" & $BLS12_381 ) run_EC_mul_distributive_tests( - ec = ECP_ShortW_Jac[Fp[BLS12_377], NotOnTwist], + ec = ECP_ShortW_Jac[Fp[BLS12_377], G1], ItersMul = ItersMul, moduleName = "test_ec_shortweierstrass_jacobian_g1_mul_distributive_" & $BLS12_377 ) run_EC_mul_distributive_tests( - ec = ECP_ShortW_Jac[Fp[BW6_761], NotOnTwist], + ec = ECP_ShortW_Jac[Fp[BW6_761], G1], ItersMul = ItersMul, moduleName = "test_ec_shortweierstrass_jacobian_g1_mul_distributive_" & $BLS12_377 ) diff --git a/tests/t_ec_shortw_jac_g1_mul_sanity.nim b/tests/t_ec_shortw_jac_g1_mul_sanity.nim index 75d9e59..88d89ec 100644 --- a/tests/t_ec_shortw_jac_g1_mul_sanity.nim +++ b/tests/t_ec_shortw_jac_g1_mul_sanity.nim @@ -24,7 +24,7 @@ const ItersMul = Iters div 4 run_EC_mul_sanity_tests( - ec = ECP_ShortW_Jac[Fp[BN254_Snarks], NotOnTwist], + ec = ECP_ShortW_Jac[Fp[BN254_Snarks], G1], ItersMul = ItersMul, moduleName = "test_ec_shortweierstrass_jacobian_g1_mul_sanity_" & $BN254_Snarks ) @@ -56,8 +56,8 @@ suite "Order checks on BN254_Snarks": bool(impl.isInf()) bool(reference.isInf()) - test(ECP_ShortW_Jac[Fp[BN254_Snarks], NotOnTwist], bits = BN254_Snarks.getCurveOrderBitwidth(), randZ = false) - test(ECP_ShortW_Jac[Fp[BN254_Snarks], NotOnTwist], bits = BN254_Snarks.getCurveOrderBitwidth(), randZ = true) + test(ECP_ShortW_Jac[Fp[BN254_Snarks], G1], bits = BN254_Snarks.getCurveOrderBitwidth(), randZ = false) + test(ECP_ShortW_Jac[Fp[BN254_Snarks], G1], bits = BN254_Snarks.getCurveOrderBitwidth(), randZ = true) # TODO: BLS12 is using a subgroup of order "r" such as r*h = CurveOrder # with h the curve cofactor # instead of the full group @@ -67,20 +67,20 @@ suite "Order checks on BN254_Snarks": test "Not a point on the curve / not a square - #67": var ax, ay: Fp[BN254_Snarks] ax.fromHex"0x2a74c9ca553cd5f3437b41e77ca0c8cc77567a7eca5e7debc55b146b0bee324b" - ay.curve_eq_rhs(ax, NotOnTwist) + ay.curve_eq_rhs(ax, G1) check: bool not ay.isSquare() bool not ay.sqrt_if_square() run_EC_mul_sanity_tests( - ec = ECP_ShortW_Jac[Fp[BLS12_381], NotOnTwist], + ec = ECP_ShortW_Jac[Fp[BLS12_381], G1], ItersMul = ItersMul, moduleName = "test_ec_shortweierstrass_jacobian_g1_mul_sanity_" & $BLS12_381 ) run_EC_mul_sanity_tests( - ec = ECP_ShortW_Jac[Fp[BLS12_377], NotOnTwist], + ec = ECP_ShortW_Jac[Fp[BLS12_377], G1], ItersMul = ItersMul, moduleName = "test_ec_shortweierstrass_jacobian_g1_mul_sanity_" & $BLS12_377 ) diff --git a/tests/t_ec_shortw_jac_g1_mul_vs_ref.nim b/tests/t_ec_shortw_jac_g1_mul_vs_ref.nim index d06ae60..c1d9b1f 100644 --- a/tests/t_ec_shortw_jac_g1_mul_vs_ref.nim +++ b/tests/t_ec_shortw_jac_g1_mul_vs_ref.nim @@ -18,25 +18,25 @@ const ItersMul = Iters div 4 run_EC_mul_vs_ref_impl( - ec = ECP_ShortW_Jac[Fp[BN254_Snarks], NotOnTwist], + ec = ECP_ShortW_Jac[Fp[BN254_Snarks], G1], ItersMul = ItersMul, moduleName = "test_ec_shortweierstrass_jacobian_g1_mul_vs_ref_" & $BN254_Snarks ) run_EC_mul_vs_ref_impl( - ec = ECP_ShortW_Jac[Fp[BLS12_381], NotOnTwist], + ec = ECP_ShortW_Jac[Fp[BLS12_381], G1], ItersMul = ItersMul, moduleName = "test_ec_shortweierstrass_jacobian_g1_mul_vs_ref_" & $BLS12_381 ) run_EC_mul_vs_ref_impl( - ec = ECP_ShortW_Jac[Fp[BLS12_377], NotOnTwist], + ec = ECP_ShortW_Jac[Fp[BLS12_377], G1], ItersMul = ItersMul, moduleName = "test_ec_shortweierstrass_jacobian_g1_mul_vs_ref_" & $BLS12_377 ) run_EC_mul_vs_ref_impl( - ec = ECP_ShortW_Jac[Fp[BW6_761], NotOnTwist], + ec = ECP_ShortW_Jac[Fp[BW6_761], G1], ItersMul = ItersMul, moduleName = "test_ec_shortweierstrass_jacobian_g1_mul_vs_ref_" & $BLS12_377 ) diff --git a/tests/t_ec_shortw_jac_g2_add_double_bls12_377.nim b/tests/t_ec_shortw_jac_g2_add_double_bls12_377.nim index ed1d32b..d524d54 100644 --- a/tests/t_ec_shortw_jac_g2_add_double_bls12_377.nim +++ b/tests/t_ec_shortw_jac_g2_add_double_bls12_377.nim @@ -18,7 +18,7 @@ const Iters = 8 run_EC_addition_tests( - ec = ECP_ShortW_Jac[Fp2[BLS12_377], OnTwist], + ec = ECP_ShortW_Jac[Fp2[BLS12_377], G2], Iters = Iters, moduleName = "test_ec_shortweierstrass_jacobian_g2_add_double_" & $BLS12_377 ) diff --git a/tests/t_ec_shortw_jac_g2_add_double_bls12_381.nim b/tests/t_ec_shortw_jac_g2_add_double_bls12_381.nim index 471ba14..48143a7 100644 --- a/tests/t_ec_shortw_jac_g2_add_double_bls12_381.nim +++ b/tests/t_ec_shortw_jac_g2_add_double_bls12_381.nim @@ -18,7 +18,7 @@ const Iters = 8 run_EC_addition_tests( - ec = ECP_ShortW_Jac[Fp2[BLS12_381], OnTwist], + ec = ECP_ShortW_Jac[Fp2[BLS12_381], G2], Iters = Iters, moduleName = "test_ec_shortweierstrass_jacobian_g2_add_double_" & $BLS12_381 ) diff --git a/tests/t_ec_shortw_jac_g2_add_double_bn254_snarks.nim b/tests/t_ec_shortw_jac_g2_add_double_bn254_snarks.nim index 50172c7..1421b99 100644 --- a/tests/t_ec_shortw_jac_g2_add_double_bn254_snarks.nim +++ b/tests/t_ec_shortw_jac_g2_add_double_bn254_snarks.nim @@ -18,7 +18,7 @@ const Iters = 8 run_EC_addition_tests( - ec = ECP_ShortW_Jac[Fp2[BN254_Snarks], OnTwist], + ec = ECP_ShortW_Jac[Fp2[BN254_Snarks], G2], Iters = Iters, moduleName = "test_ec_shortweierstrass_jacobian_g2_add_double_" & $BN254_Snarks ) diff --git a/tests/t_ec_shortw_jac_g2_add_double_bw6_761.nim b/tests/t_ec_shortw_jac_g2_add_double_bw6_761.nim index e1eb379..f328104 100644 --- a/tests/t_ec_shortw_jac_g2_add_double_bw6_761.nim +++ b/tests/t_ec_shortw_jac_g2_add_double_bw6_761.nim @@ -17,7 +17,7 @@ const Iters = 8 run_EC_addition_tests( - ec = ECP_ShortW_Jac[Fp[BW6_761], OnTwist], + ec = ECP_ShortW_Jac[Fp[BW6_761], G2], Iters = Iters, moduleName = "test_ec_shortweierstrass_jacobian_g2_add_double_" & $BW6_761 ) diff --git a/tests/t_ec_shortw_jac_g2_mixed_add_bls12_377.nim b/tests/t_ec_shortw_jac_g2_mixed_add_bls12_377.nim index 591a976..f785166 100644 --- a/tests/t_ec_shortw_jac_g2_mixed_add_bls12_377.nim +++ b/tests/t_ec_shortw_jac_g2_mixed_add_bls12_377.nim @@ -18,7 +18,7 @@ const Iters = 12 run_EC_mixed_add_impl( - ec = ECP_ShortW_Jac[Fp2[BLS12_377], OnTwist], + ec = ECP_ShortW_Jac[Fp2[BLS12_377], G2], Iters = Iters, moduleName = "test_ec_shortweierstrass_jacobian_mixed_add_" & $BLS12_377 ) diff --git a/tests/t_ec_shortw_jac_g2_mixed_add_bls12_381.nim b/tests/t_ec_shortw_jac_g2_mixed_add_bls12_381.nim index a6b5687..8e64a55 100644 --- a/tests/t_ec_shortw_jac_g2_mixed_add_bls12_381.nim +++ b/tests/t_ec_shortw_jac_g2_mixed_add_bls12_381.nim @@ -18,7 +18,7 @@ const Iters = 12 run_EC_mixed_add_impl( - ec = ECP_ShortW_Jac[Fp2[BLS12_381], OnTwist], + ec = ECP_ShortW_Jac[Fp2[BLS12_381], G2], Iters = Iters, moduleName = "test_ec_shortweierstrass_jacobian_mixed_add_" & $BLS12_381 ) diff --git a/tests/t_ec_shortw_jac_g2_mixed_add_bn254_snarks.nim b/tests/t_ec_shortw_jac_g2_mixed_add_bn254_snarks.nim index be89f89..b6d7156 100644 --- a/tests/t_ec_shortw_jac_g2_mixed_add_bn254_snarks.nim +++ b/tests/t_ec_shortw_jac_g2_mixed_add_bn254_snarks.nim @@ -18,7 +18,7 @@ const Iters = 12 run_EC_mixed_add_impl( - ec = ECP_ShortW_Jac[Fp2[BN254_Snarks], OnTwist], + ec = ECP_ShortW_Jac[Fp2[BN254_Snarks], G2], Iters = Iters, moduleName = "test_ec_shortweierstrass_jacobian_mixed_add_" & $BN254_Snarks ) diff --git a/tests/t_ec_shortw_jac_g2_mixed_add_bw6_761.nim b/tests/t_ec_shortw_jac_g2_mixed_add_bw6_761.nim index 83050e8..6b54af1 100644 --- a/tests/t_ec_shortw_jac_g2_mixed_add_bw6_761.nim +++ b/tests/t_ec_shortw_jac_g2_mixed_add_bw6_761.nim @@ -17,7 +17,7 @@ const Iters = 12 run_EC_mixed_add_impl( - ec = ECP_ShortW_Jac[Fp[BW6_761], OnTwist], + ec = ECP_ShortW_Jac[Fp[BW6_761], G2], Iters = Iters, moduleName = "test_ec_shortweierstrass_jacobian_mixed_add_" & $BW6_761 ) diff --git a/tests/t_ec_shortw_jac_g2_mul_distri_bls12_377.nim b/tests/t_ec_shortw_jac_g2_mul_distri_bls12_377.nim index c8a290f..84f104f 100644 --- a/tests/t_ec_shortw_jac_g2_mul_distri_bls12_377.nim +++ b/tests/t_ec_shortw_jac_g2_mul_distri_bls12_377.nim @@ -19,7 +19,7 @@ const ItersMul = Iters div 4 run_EC_mul_distributive_tests( - ec = ECP_ShortW_Jac[Fp2[BLS12_377], OnTwist], + ec = ECP_ShortW_Jac[Fp2[BLS12_377], G2], ItersMul = ItersMul, moduleName = "test_ec_shortweierstrass_jacobian_g2_mul_distributive_" & $BLS12_377 ) diff --git a/tests/t_ec_shortw_jac_g2_mul_distri_bls12_381.nim b/tests/t_ec_shortw_jac_g2_mul_distri_bls12_381.nim index daa44e8..05e3b93 100644 --- a/tests/t_ec_shortw_jac_g2_mul_distri_bls12_381.nim +++ b/tests/t_ec_shortw_jac_g2_mul_distri_bls12_381.nim @@ -19,7 +19,7 @@ const ItersMul = Iters div 4 run_EC_mul_distributive_tests( - ec = ECP_ShortW_Jac[Fp2[BLS12_381], OnTwist], + ec = ECP_ShortW_Jac[Fp2[BLS12_381], G2], ItersMul = ItersMul, moduleName = "test_ec_shortweierstrass_jacobian_g2_mul_distributive_" & $BLS12_381 ) diff --git a/tests/t_ec_shortw_jac_g2_mul_distri_bn254_snarks.nim b/tests/t_ec_shortw_jac_g2_mul_distri_bn254_snarks.nim index 8411bc4..18b1304 100644 --- a/tests/t_ec_shortw_jac_g2_mul_distri_bn254_snarks.nim +++ b/tests/t_ec_shortw_jac_g2_mul_distri_bn254_snarks.nim @@ -19,7 +19,7 @@ const ItersMul = Iters div 4 run_EC_mul_distributive_tests( - ec = ECP_ShortW_Jac[Fp2[BN254_Snarks], OnTwist], + ec = ECP_ShortW_Jac[Fp2[BN254_Snarks], G2], ItersMul = ItersMul, moduleName = "test_ec_shortweierstrass_jacobian_g2_mul_distributive_" & $BN254_Snarks ) diff --git a/tests/t_ec_shortw_jac_g2_mul_distri_bw6_761.nim b/tests/t_ec_shortw_jac_g2_mul_distri_bw6_761.nim index dd53fb0..bec1248 100644 --- a/tests/t_ec_shortw_jac_g2_mul_distri_bw6_761.nim +++ b/tests/t_ec_shortw_jac_g2_mul_distri_bw6_761.nim @@ -18,7 +18,7 @@ const ItersMul = Iters div 4 run_EC_mul_distributive_tests( - ec = ECP_ShortW_Jac[Fp[BW6_761], OnTwist], + ec = ECP_ShortW_Jac[Fp[BW6_761], G2], ItersMul = ItersMul, moduleName = "test_ec_shortweierstrass_jacobian_g2_mul_distributive_" & $BW6_761 ) diff --git a/tests/t_ec_shortw_jac_g2_mul_sanity_bls12_377.nim b/tests/t_ec_shortw_jac_g2_mul_sanity_bls12_377.nim index 25fb457..91c4671 100644 --- a/tests/t_ec_shortw_jac_g2_mul_sanity_bls12_377.nim +++ b/tests/t_ec_shortw_jac_g2_mul_sanity_bls12_377.nim @@ -19,7 +19,7 @@ const ItersMul = Iters div 4 run_EC_mul_sanity_tests( - ec = ECP_ShortW_Jac[Fp2[BLS12_377], OnTwist], + ec = ECP_ShortW_Jac[Fp2[BLS12_377], G2], ItersMul = ItersMul, moduleName = "test_ec_shortweierstrass_jacobian_g2_mul_sanity_" & $BLS12_377 ) diff --git a/tests/t_ec_shortw_jac_g2_mul_sanity_bls12_381.nim b/tests/t_ec_shortw_jac_g2_mul_sanity_bls12_381.nim index b392631..9c97cb8 100644 --- a/tests/t_ec_shortw_jac_g2_mul_sanity_bls12_381.nim +++ b/tests/t_ec_shortw_jac_g2_mul_sanity_bls12_381.nim @@ -19,7 +19,7 @@ const ItersMul = Iters div 4 run_EC_mul_sanity_tests( - ec = ECP_ShortW_Jac[Fp2[BLS12_381], OnTwist], + ec = ECP_ShortW_Jac[Fp2[BLS12_381], G2], ItersMul = ItersMul, moduleName = "test_ec_shortweierstrass_jacobian_g2_mul_sanity_" & $BLS12_381 ) diff --git a/tests/t_ec_shortw_jac_g2_mul_sanity_bn254_snarks.nim b/tests/t_ec_shortw_jac_g2_mul_sanity_bn254_snarks.nim index ee467bc..df0f773 100644 --- a/tests/t_ec_shortw_jac_g2_mul_sanity_bn254_snarks.nim +++ b/tests/t_ec_shortw_jac_g2_mul_sanity_bn254_snarks.nim @@ -19,7 +19,7 @@ const ItersMul = Iters div 4 run_EC_mul_sanity_tests( - ec = ECP_ShortW_Jac[Fp2[BN254_Snarks], OnTwist], + ec = ECP_ShortW_Jac[Fp2[BN254_Snarks], G2], ItersMul = ItersMul, moduleName = "test_ec_shortweierstrass_jacobian_g2_mul_sanity_" & $BN254_Snarks ) diff --git a/tests/t_ec_shortw_jac_g2_mul_sanity_bw6_761.nim b/tests/t_ec_shortw_jac_g2_mul_sanity_bw6_761.nim index 6fb2e3a..8a0ab7c 100644 --- a/tests/t_ec_shortw_jac_g2_mul_sanity_bw6_761.nim +++ b/tests/t_ec_shortw_jac_g2_mul_sanity_bw6_761.nim @@ -18,7 +18,7 @@ const ItersMul = Iters div 4 run_EC_mul_sanity_tests( - ec = ECP_ShortW_Jac[Fp[BW6_761], OnTwist], + ec = ECP_ShortW_Jac[Fp[BW6_761], G2], ItersMul = ItersMul, moduleName = "test_ec_shortweierstrass_jacobian_g2_mul_sanity_" & $BW6_761 ) diff --git a/tests/t_ec_shortw_jac_g2_mul_vs_ref_bls12_377.nim b/tests/t_ec_shortw_jac_g2_mul_vs_ref_bls12_377.nim index 9c3068b..cb8f9e2 100644 --- a/tests/t_ec_shortw_jac_g2_mul_vs_ref_bls12_377.nim +++ b/tests/t_ec_shortw_jac_g2_mul_vs_ref_bls12_377.nim @@ -19,7 +19,7 @@ const ItersMul = Iters div 4 run_EC_mul_vs_ref_impl( - ec = ECP_ShortW_Jac[Fp2[BLS12_377], OnTwist], + ec = ECP_ShortW_Jac[Fp2[BLS12_377], G2], ItersMul = ItersMul, moduleName = "test_ec_shortweierstrass_jacobian_g2_mul_vs_ref_" & $BLS12_377 ) diff --git a/tests/t_ec_shortw_jac_g2_mul_vs_ref_bls12_381.nim b/tests/t_ec_shortw_jac_g2_mul_vs_ref_bls12_381.nim index 5f45bce..8f55f02 100644 --- a/tests/t_ec_shortw_jac_g2_mul_vs_ref_bls12_381.nim +++ b/tests/t_ec_shortw_jac_g2_mul_vs_ref_bls12_381.nim @@ -19,7 +19,7 @@ const ItersMul = Iters div 4 run_EC_mul_vs_ref_impl( - ec = ECP_ShortW_Jac[Fp2[BLS12_381], OnTwist], + ec = ECP_ShortW_Jac[Fp2[BLS12_381], G2], ItersMul = ItersMul, moduleName = "test_ec_shortweierstrass_jacobian_g2_mul_vs_ref_" & $BLS12_381 ) diff --git a/tests/t_ec_shortw_jac_g2_mul_vs_ref_bn254_snarks.nim b/tests/t_ec_shortw_jac_g2_mul_vs_ref_bn254_snarks.nim index 8d2fab0..bebd019 100644 --- a/tests/t_ec_shortw_jac_g2_mul_vs_ref_bn254_snarks.nim +++ b/tests/t_ec_shortw_jac_g2_mul_vs_ref_bn254_snarks.nim @@ -19,7 +19,7 @@ const ItersMul = Iters div 4 run_EC_mul_vs_ref_impl( - ec = ECP_ShortW_Jac[Fp2[BN254_Snarks], OnTwist], + ec = ECP_ShortW_Jac[Fp2[BN254_Snarks], G2], ItersMul = ItersMul, moduleName = "test_ec_shortweierstrass_jacobian_g2_mul_vs_ref_" & $BN254_Snarks ) diff --git a/tests/t_ec_shortw_jac_g2_mul_vs_ref_bw6_761.nim b/tests/t_ec_shortw_jac_g2_mul_vs_ref_bw6_761.nim index 029f8ea..f244e1b 100644 --- a/tests/t_ec_shortw_jac_g2_mul_vs_ref_bw6_761.nim +++ b/tests/t_ec_shortw_jac_g2_mul_vs_ref_bw6_761.nim @@ -18,7 +18,7 @@ const ItersMul = Iters div 4 run_EC_mul_vs_ref_impl( - ec = ECP_ShortW_Jac[Fp[BW6_761], OnTwist], + ec = ECP_ShortW_Jac[Fp[BW6_761], G2], ItersMul = ItersMul, moduleName = "test_ec_shortweierstrass_jacobian_g2_mul_vs_ref_" & $BW6_761 ) diff --git a/tests/t_ec_shortw_prj_edge_cases.nim b/tests/t_ec_shortw_prj_edge_cases.nim index f15a722..fe30a33 100644 --- a/tests/t_ec_shortw_prj_edge_cases.nim +++ b/tests/t_ec_shortw_prj_edge_cases.nim @@ -26,7 +26,7 @@ import ./support/ec_reference_scalar_mult func testAddAssociativity[EC](a, b, c: EC) = - var tmp1{.noInit.}, tmp2{.noInit.}: ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist] + var tmp1{.noInit.}, tmp2{.noInit.}: ECP_ShortW_Prj[Fp2[BLS12_381], G2] # r0 = (a + b) + c tmp1.sum(a, b) @@ -63,7 +63,7 @@ func testAddAssociativity[EC](a, b, c: EC) = suite "Short Weierstrass Elliptic Curve - Edge cases [" & $WordBitwidth & "-bit mode]": test "EC Add G2 is associative - #60": - var a, b, c: ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist] + var a, b, c: ECP_ShortW_Prj[Fp2[BLS12_381], G2] var ax, az, bx, bz, cx, cz: Fp2[BLS12_381] ax.fromHex( @@ -101,7 +101,7 @@ suite "Short Weierstrass Elliptic Curve - Edge cases [" & $WordBitwidth & "-bit test "EC Add G2 is associative - #65-1": - var a, b, c: ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist] + var a, b, c: ECP_ShortW_Prj[Fp2[BLS12_381], G2] var ax, az, bx, bz, cx, cz: Fp2[BLS12_381] ax.fromHex( @@ -139,7 +139,7 @@ suite "Short Weierstrass Elliptic Curve - Edge cases [" & $WordBitwidth & "-bit test "EC Add G2 is associative - #65-2": - var a, b, c: ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist] + var a, b, c: ECP_ShortW_Prj[Fp2[BLS12_381], G2] var ax, az, bx, bz, cx, cz: Fp2[BLS12_381] ax.fromHex( diff --git a/tests/t_ec_shortw_prj_g1_add_double.nim b/tests/t_ec_shortw_prj_g1_add_double.nim index 89e4b4b..85396d5 100644 --- a/tests/t_ec_shortw_prj_g1_add_double.nim +++ b/tests/t_ec_shortw_prj_g1_add_double.nim @@ -17,25 +17,25 @@ const Iters = 8 run_EC_addition_tests( - ec = ECP_ShortW_Prj[Fp[BN254_Snarks], NotOnTwist], + ec = ECP_ShortW_Prj[Fp[BN254_Snarks], G1], Iters = Iters, moduleName = "test_ec_shortweierstrass_projective_g1_add_double_" & $BN254_Snarks ) run_EC_addition_tests( - ec = ECP_ShortW_Prj[Fp[BLS12_381], NotOnTwist], + ec = ECP_ShortW_Prj[Fp[BLS12_381], G1], Iters = Iters, moduleName = "test_ec_shortweierstrass_projective_g1_add_double_" & $BLS12_381 ) run_EC_addition_tests( - ec = ECP_ShortW_Prj[Fp[BLS12_377], NotOnTwist], + ec = ECP_ShortW_Prj[Fp[BLS12_377], G1], Iters = Iters, moduleName = "test_ec_shortweierstrass_projective_g1_add_double_" & $BLS12_377 ) run_EC_addition_tests( - ec = ECP_ShortW_Prj[Fp[BW6_761], NotOnTwist], + ec = ECP_ShortW_Prj[Fp[BW6_761], G1], Iters = Iters, moduleName = "test_ec_shortweierstrass_projective_g1_add_double_" & $BW6_761 ) diff --git a/tests/t_ec_shortw_prj_g1_mixed_add.nim b/tests/t_ec_shortw_prj_g1_mixed_add.nim index ba34cc2..b4a27c3 100644 --- a/tests/t_ec_shortw_prj_g1_mixed_add.nim +++ b/tests/t_ec_shortw_prj_g1_mixed_add.nim @@ -18,25 +18,25 @@ const Iters = 12 run_EC_mixed_add_impl( - ec = ECP_ShortW_Prj[Fp[BN254_Snarks], NotOnTwist], + ec = ECP_ShortW_Prj[Fp[BN254_Snarks], G1], Iters = Iters, moduleName = "test_ec_shortweierstrass_projective_mixed_add_" & $BN254_Snarks ) run_EC_mixed_add_impl( - ec = ECP_ShortW_Prj[Fp[BLS12_381], NotOnTwist], + ec = ECP_ShortW_Prj[Fp[BLS12_381], G1], Iters = Iters, moduleName = "test_ec_shortweierstrass_projective_mixed_add_" & $BLS12_381 ) run_EC_mixed_add_impl( - ec = ECP_ShortW_Prj[Fp[BLS12_377], NotOnTwist], + ec = ECP_ShortW_Prj[Fp[BLS12_377], G1], Iters = Iters, moduleName = "test_ec_shortweierstrass_projective_mixed_add_" & $BLS12_377 ) run_EC_mixed_add_impl( - ec = ECP_ShortW_Prj[Fp[BW6_761], NotOnTwist], + ec = ECP_ShortW_Prj[Fp[BW6_761], G1], Iters = Iters, moduleName = "test_ec_shortweierstrass_projective_mixed_add_" & $BW6_761 ) diff --git a/tests/t_ec_shortw_prj_g1_mul_distri.nim b/tests/t_ec_shortw_prj_g1_mul_distri.nim index 04a9f77..ed29ffa 100644 --- a/tests/t_ec_shortw_prj_g1_mul_distri.nim +++ b/tests/t_ec_shortw_prj_g1_mul_distri.nim @@ -18,25 +18,25 @@ const ItersMul = Iters div 4 run_EC_mul_distributive_tests( - ec = ECP_ShortW_Prj[Fp[BN254_Snarks], NotOnTwist], + ec = ECP_ShortW_Prj[Fp[BN254_Snarks], G1], ItersMul = ItersMul, moduleName = "test_ec_shortweierstrass_projective_g1_mul_distributive_" & $BN254_Snarks ) run_EC_mul_distributive_tests( - ec = ECP_ShortW_Prj[Fp[BLS12_381], NotOnTwist], + ec = ECP_ShortW_Prj[Fp[BLS12_381], G1], ItersMul = ItersMul, moduleName = "test_ec_shortweierstrass_projective_g1_mul_distributive_" & $BLS12_381 ) run_EC_mul_distributive_tests( - ec = ECP_ShortW_Prj[Fp[BLS12_377], NotOnTwist], + ec = ECP_ShortW_Prj[Fp[BLS12_377], G1], ItersMul = ItersMul, moduleName = "test_ec_shortweierstrass_projective_g1_mul_distributive_" & $BLS12_377 ) run_EC_mul_distributive_tests( - ec = ECP_ShortW_Prj[Fp[BW6_761], NotOnTwist], + ec = ECP_ShortW_Prj[Fp[BW6_761], G1], ItersMul = ItersMul, moduleName = "test_ec_shortweierstrass_projective_g1_mul_distributive_" & $BW6_761 ) diff --git a/tests/t_ec_shortw_prj_g1_mul_sanity.nim b/tests/t_ec_shortw_prj_g1_mul_sanity.nim index fee19ee..467a48b 100644 --- a/tests/t_ec_shortw_prj_g1_mul_sanity.nim +++ b/tests/t_ec_shortw_prj_g1_mul_sanity.nim @@ -24,7 +24,7 @@ const ItersMul = Iters div 4 run_EC_mul_sanity_tests( - ec = ECP_ShortW_Prj[Fp[BN254_Snarks], NotOnTwist], + ec = ECP_ShortW_Prj[Fp[BN254_Snarks], G1], ItersMul = ItersMul, moduleName = "test_ec_shortweierstrass_projective_g1_mul_sanity_" & $BN254_Snarks ) @@ -56,37 +56,37 @@ suite "Order checks on BN254_Snarks": bool(impl.isInf()) bool(reference.isInf()) - test(ECP_ShortW_Prj[Fp[BN254_Snarks], NotOnTwist], bits = BN254_Snarks.getCurveOrderBitwidth(), randZ = false) - test(ECP_ShortW_Prj[Fp[BN254_Snarks], NotOnTwist], bits = BN254_Snarks.getCurveOrderBitwidth(), randZ = true) + test(ECP_ShortW_Prj[Fp[BN254_Snarks], G1], bits = BN254_Snarks.getCurveOrderBitwidth(), randZ = false) + test(ECP_ShortW_Prj[Fp[BN254_Snarks], G1], bits = BN254_Snarks.getCurveOrderBitwidth(), randZ = true) # TODO: BLS12 is using a subgroup of order "r" such as r*h = CurveOrder # with h the curve cofactor # instead of the full group - # test(Fp[BLS12_381], bits = BLS12_381.getCurveOrderBitwidth(), randZ = NotOnTwist) + # test(Fp[BLS12_381], bits = BLS12_381.getCurveOrderBitwidth(), randZ = G1) # test(Fp[BLS12_381], bits = BLS12_381.getCurveOrderBitwidth(), randZ = true) test "Not a point on the curve / not a square - #67": var ax, ay: Fp[BN254_Snarks] ax.fromHex"0x2a74c9ca553cd5f3437b41e77ca0c8cc77567a7eca5e7debc55b146b0bee324b" - ay.curve_eq_rhs(ax, NotOnTwist) + ay.curve_eq_rhs(ax, G1) check: bool not ay.isSquare() bool not ay.sqrt_if_square() run_EC_mul_sanity_tests( - ec = ECP_ShortW_Prj[Fp[BLS12_381], NotOnTwist], + ec = ECP_ShortW_Prj[Fp[BLS12_381], G1], ItersMul = ItersMul, moduleName = "test_ec_shortweierstrass_projective_g1_mul_sanity_" & $BLS12_381 ) run_EC_mul_sanity_tests( - ec = ECP_ShortW_Prj[Fp[BLS12_377], NotOnTwist], + ec = ECP_ShortW_Prj[Fp[BLS12_377], G1], ItersMul = ItersMul, moduleName = "test_ec_shortweierstrass_projective_g1_mul_sanity_" & $BLS12_377 ) run_EC_mul_sanity_tests( - ec = ECP_ShortW_Prj[Fp[BW6_761], NotOnTwist], + ec = ECP_ShortW_Prj[Fp[BW6_761], G1], ItersMul = ItersMul, moduleName = "test_ec_shortweierstrass_projective_g1_mul_sanity_" & $BW6_761 ) diff --git a/tests/t_ec_shortw_prj_g1_mul_vs_ref.nim b/tests/t_ec_shortw_prj_g1_mul_vs_ref.nim index 2c732d3..7a4c3d6 100644 --- a/tests/t_ec_shortw_prj_g1_mul_vs_ref.nim +++ b/tests/t_ec_shortw_prj_g1_mul_vs_ref.nim @@ -18,25 +18,25 @@ const ItersMul = Iters div 4 run_EC_mul_vs_ref_impl( - ec = ECP_ShortW_Prj[Fp[BN254_Snarks], NotOnTwist], + ec = ECP_ShortW_Prj[Fp[BN254_Snarks], G1], ItersMul = ItersMul, moduleName = "test_ec_shortweierstrass_projective_g1_mul_vs_ref_" & $BN254_Snarks ) run_EC_mul_vs_ref_impl( - ec = ECP_ShortW_Prj[Fp[BLS12_381], NotOnTwist], + ec = ECP_ShortW_Prj[Fp[BLS12_381], G1], ItersMul = ItersMul, moduleName = "test_ec_shortweierstrass_projective_g1_mul_vs_ref_" & $BLS12_381 ) run_EC_mul_vs_ref_impl( - ec = ECP_ShortW_Prj[Fp[BLS12_377], NotOnTwist], + ec = ECP_ShortW_Prj[Fp[BLS12_377], G1], ItersMul = ItersMul, moduleName = "test_ec_shortweierstrass_projective_g1_mul_vs_ref_" & $BLS12_377 ) run_EC_mul_vs_ref_impl( - ec = ECP_ShortW_Prj[Fp[BW6_761], NotOnTwist], + ec = ECP_ShortW_Prj[Fp[BW6_761], G1], ItersMul = ItersMul, moduleName = "test_ec_shortweierstrass_projective_g1_mul_vs_ref_" & $BW6_761 ) diff --git a/tests/t_ec_shortw_prj_g2_add_double_bls12_377.nim b/tests/t_ec_shortw_prj_g2_add_double_bls12_377.nim index 6128e77..1b8398e 100644 --- a/tests/t_ec_shortw_prj_g2_add_double_bls12_377.nim +++ b/tests/t_ec_shortw_prj_g2_add_double_bls12_377.nim @@ -18,7 +18,7 @@ const Iters = 8 run_EC_addition_tests( - ec = ECP_ShortW_Prj[Fp2[BLS12_377], OnTwist], + ec = ECP_ShortW_Prj[Fp2[BLS12_377], G2], Iters = Iters, moduleName = "test_ec_shortweierstrass_projective_g2_add_double_" & $BLS12_377 ) diff --git a/tests/t_ec_shortw_prj_g2_add_double_bls12_381.nim b/tests/t_ec_shortw_prj_g2_add_double_bls12_381.nim index a4ddedc..d792644 100644 --- a/tests/t_ec_shortw_prj_g2_add_double_bls12_381.nim +++ b/tests/t_ec_shortw_prj_g2_add_double_bls12_381.nim @@ -18,7 +18,7 @@ const Iters = 8 run_EC_addition_tests( - ec = ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist], + ec = ECP_ShortW_Prj[Fp2[BLS12_381], G2], Iters = Iters, moduleName = "test_ec_shortweierstrass_projective_g2_add_double_" & $BLS12_381 ) diff --git a/tests/t_ec_shortw_prj_g2_add_double_bn254_snarks.nim b/tests/t_ec_shortw_prj_g2_add_double_bn254_snarks.nim index ac715bf..80c01f2 100644 --- a/tests/t_ec_shortw_prj_g2_add_double_bn254_snarks.nim +++ b/tests/t_ec_shortw_prj_g2_add_double_bn254_snarks.nim @@ -18,7 +18,7 @@ const Iters = 8 run_EC_addition_tests( - ec = ECP_ShortW_Prj[Fp2[BN254_Snarks], OnTwist], + ec = ECP_ShortW_Prj[Fp2[BN254_Snarks], G2], Iters = Iters, moduleName = "test_ec_shortweierstrass_projective_g2_add_double_" & $BN254_Snarks ) diff --git a/tests/t_ec_shortw_prj_g2_add_double_bw6_761.nim b/tests/t_ec_shortw_prj_g2_add_double_bw6_761.nim index 0b63af3..78366c0 100644 --- a/tests/t_ec_shortw_prj_g2_add_double_bw6_761.nim +++ b/tests/t_ec_shortw_prj_g2_add_double_bw6_761.nim @@ -17,7 +17,7 @@ const Iters = 8 run_EC_addition_tests( - ec = ECP_ShortW_Prj[Fp[BW6_761], OnTwist], + ec = ECP_ShortW_Prj[Fp[BW6_761], G2], Iters = Iters, moduleName = "test_ec_shortweierstrass_projective_g2_add_double_" & $BW6_761 ) diff --git a/tests/t_ec_shortw_prj_g2_mixed_add_bls12_377.nim b/tests/t_ec_shortw_prj_g2_mixed_add_bls12_377.nim index ad3e825..914789f 100644 --- a/tests/t_ec_shortw_prj_g2_mixed_add_bls12_377.nim +++ b/tests/t_ec_shortw_prj_g2_mixed_add_bls12_377.nim @@ -18,7 +18,7 @@ const Iters = 12 run_EC_mixed_add_impl( - ec = ECP_ShortW_Prj[Fp2[BLS12_377], OnTwist], + ec = ECP_ShortW_Prj[Fp2[BLS12_377], G2], Iters = Iters, moduleName = "test_ec_shortweierstrass_projective_mixed_add_" & $BLS12_377 ) diff --git a/tests/t_ec_shortw_prj_g2_mixed_add_bls12_381.nim b/tests/t_ec_shortw_prj_g2_mixed_add_bls12_381.nim index b94e42c..35dd080 100644 --- a/tests/t_ec_shortw_prj_g2_mixed_add_bls12_381.nim +++ b/tests/t_ec_shortw_prj_g2_mixed_add_bls12_381.nim @@ -18,7 +18,7 @@ const Iters = 12 run_EC_mixed_add_impl( - ec = ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist], + ec = ECP_ShortW_Prj[Fp2[BLS12_381], G2], Iters = Iters, moduleName = "test_ec_shortweierstrass_projective_mixed_add_" & $BLS12_381 ) diff --git a/tests/t_ec_shortw_prj_g2_mixed_add_bn254_snarks.nim b/tests/t_ec_shortw_prj_g2_mixed_add_bn254_snarks.nim index 6a9697f..943281e 100644 --- a/tests/t_ec_shortw_prj_g2_mixed_add_bn254_snarks.nim +++ b/tests/t_ec_shortw_prj_g2_mixed_add_bn254_snarks.nim @@ -18,7 +18,7 @@ const Iters = 12 run_EC_mixed_add_impl( - ec = ECP_ShortW_Prj[Fp2[BN254_Snarks], OnTwist], + ec = ECP_ShortW_Prj[Fp2[BN254_Snarks], G2], Iters = Iters, moduleName = "test_ec_shortweierstrass_projective_mixed_add_" & $BN254_Snarks ) diff --git a/tests/t_ec_shortw_prj_g2_mixed_add_bw6_761.nim b/tests/t_ec_shortw_prj_g2_mixed_add_bw6_761.nim index fc30cfc..e5157a6 100644 --- a/tests/t_ec_shortw_prj_g2_mixed_add_bw6_761.nim +++ b/tests/t_ec_shortw_prj_g2_mixed_add_bw6_761.nim @@ -17,7 +17,7 @@ const Iters = 12 run_EC_mixed_add_impl( - ec = ECP_ShortW_Prj[Fp[BW6_761], OnTwist], + ec = ECP_ShortW_Prj[Fp[BW6_761], G2], Iters = Iters, moduleName = "test_ec_shortweierstrass_projective_mixed_add_" & $BW6_761 ) diff --git a/tests/t_ec_shortw_prj_g2_mul_distri_bls12_377.nim b/tests/t_ec_shortw_prj_g2_mul_distri_bls12_377.nim index b407647..6aeb899 100644 --- a/tests/t_ec_shortw_prj_g2_mul_distri_bls12_377.nim +++ b/tests/t_ec_shortw_prj_g2_mul_distri_bls12_377.nim @@ -19,7 +19,7 @@ const ItersMul = Iters div 4 run_EC_mul_distributive_tests( - ec = ECP_ShortW_Prj[Fp2[BLS12_377], OnTwist], + ec = ECP_ShortW_Prj[Fp2[BLS12_377], G2], ItersMul = ItersMul, moduleName = "test_ec_shortweierstrass_projective_g2_mul_distributive_" & $BLS12_377 ) diff --git a/tests/t_ec_shortw_prj_g2_mul_distri_bls12_381.nim b/tests/t_ec_shortw_prj_g2_mul_distri_bls12_381.nim index 15184ad..f54d2e3 100644 --- a/tests/t_ec_shortw_prj_g2_mul_distri_bls12_381.nim +++ b/tests/t_ec_shortw_prj_g2_mul_distri_bls12_381.nim @@ -19,7 +19,7 @@ const ItersMul = Iters div 4 run_EC_mul_distributive_tests( - ec = ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist], + ec = ECP_ShortW_Prj[Fp2[BLS12_381], G2], ItersMul = ItersMul, moduleName = "test_ec_shortweierstrass_projective_g2_mul_distributive_" & $BLS12_381 ) diff --git a/tests/t_ec_shortw_prj_g2_mul_distri_bn254_snarks.nim b/tests/t_ec_shortw_prj_g2_mul_distri_bn254_snarks.nim index c29a1a1..aaf7a02 100644 --- a/tests/t_ec_shortw_prj_g2_mul_distri_bn254_snarks.nim +++ b/tests/t_ec_shortw_prj_g2_mul_distri_bn254_snarks.nim @@ -19,7 +19,7 @@ const ItersMul = Iters div 4 run_EC_mul_distributive_tests( - ec = ECP_ShortW_Prj[Fp2[BN254_Snarks], OnTwist], + ec = ECP_ShortW_Prj[Fp2[BN254_Snarks], G2], ItersMul = ItersMul, moduleName = "test_ec_shortweierstrass_projective_g2_mul_distributive_" & $BN254_Snarks ) diff --git a/tests/t_ec_shortw_prj_g2_mul_distri_bw6_761.nim b/tests/t_ec_shortw_prj_g2_mul_distri_bw6_761.nim index 9c98f85..13840de 100644 --- a/tests/t_ec_shortw_prj_g2_mul_distri_bw6_761.nim +++ b/tests/t_ec_shortw_prj_g2_mul_distri_bw6_761.nim @@ -18,7 +18,7 @@ const ItersMul = Iters div 4 run_EC_mul_distributive_tests( - ec = ECP_ShortW_Prj[Fp[BW6_761], OnTwist], + ec = ECP_ShortW_Prj[Fp[BW6_761], G2], ItersMul = ItersMul, moduleName = "test_ec_shortweierstrass_projective_g2_mul_distributive_" & $BW6_761 ) diff --git a/tests/t_ec_shortw_prj_g2_mul_sanity_bls12_377.nim b/tests/t_ec_shortw_prj_g2_mul_sanity_bls12_377.nim index dd461b6..6510c21 100644 --- a/tests/t_ec_shortw_prj_g2_mul_sanity_bls12_377.nim +++ b/tests/t_ec_shortw_prj_g2_mul_sanity_bls12_377.nim @@ -19,7 +19,7 @@ const ItersMul = Iters div 4 run_EC_mul_sanity_tests( - ec = ECP_ShortW_Prj[Fp2[BLS12_377], OnTwist], + ec = ECP_ShortW_Prj[Fp2[BLS12_377], G2], ItersMul = ItersMul, moduleName = "test_ec_shortweierstrass_projective_g2_mul_sanity_" & $BLS12_377 ) diff --git a/tests/t_ec_shortw_prj_g2_mul_sanity_bls12_381.nim b/tests/t_ec_shortw_prj_g2_mul_sanity_bls12_381.nim index 574d5a9..72a9e43 100644 --- a/tests/t_ec_shortw_prj_g2_mul_sanity_bls12_381.nim +++ b/tests/t_ec_shortw_prj_g2_mul_sanity_bls12_381.nim @@ -19,7 +19,7 @@ const ItersMul = Iters div 4 run_EC_mul_sanity_tests( - ec = ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist], + ec = ECP_ShortW_Prj[Fp2[BLS12_381], G2], ItersMul = ItersMul, moduleName = "test_ec_shortweierstrass_projective_g2_mul_sanity_" & $BLS12_381 ) diff --git a/tests/t_ec_shortw_prj_g2_mul_sanity_bn254_snarks.nim b/tests/t_ec_shortw_prj_g2_mul_sanity_bn254_snarks.nim index f06360c..eb22419 100644 --- a/tests/t_ec_shortw_prj_g2_mul_sanity_bn254_snarks.nim +++ b/tests/t_ec_shortw_prj_g2_mul_sanity_bn254_snarks.nim @@ -19,7 +19,7 @@ const ItersMul = Iters div 4 run_EC_mul_sanity_tests( - ec = ECP_ShortW_Prj[Fp2[BN254_Snarks], OnTwist], + ec = ECP_ShortW_Prj[Fp2[BN254_Snarks], G2], ItersMul = ItersMul, moduleName = "test_ec_shortweierstrass_projective_g2_mul_sanity_" & $BN254_Snarks ) diff --git a/tests/t_ec_shortw_prj_g2_mul_sanity_bw6_761.nim b/tests/t_ec_shortw_prj_g2_mul_sanity_bw6_761.nim index 94e56e7..9202547 100644 --- a/tests/t_ec_shortw_prj_g2_mul_sanity_bw6_761.nim +++ b/tests/t_ec_shortw_prj_g2_mul_sanity_bw6_761.nim @@ -18,7 +18,7 @@ const ItersMul = Iters div 4 run_EC_mul_sanity_tests( - ec = ECP_ShortW_Prj[Fp[BW6_761], OnTwist], + ec = ECP_ShortW_Prj[Fp[BW6_761], G2], ItersMul = ItersMul, moduleName = "test_ec_shortweierstrass_projective_g2_mul_sanity_" & $BW6_761 ) diff --git a/tests/t_ec_shortw_prj_g2_mul_vs_ref_bls12_377.nim b/tests/t_ec_shortw_prj_g2_mul_vs_ref_bls12_377.nim index bd4d1c0..61a309f 100644 --- a/tests/t_ec_shortw_prj_g2_mul_vs_ref_bls12_377.nim +++ b/tests/t_ec_shortw_prj_g2_mul_vs_ref_bls12_377.nim @@ -19,7 +19,7 @@ const ItersMul = Iters div 4 run_EC_mul_vs_ref_impl( - ec = ECP_ShortW_Prj[Fp2[BLS12_377], OnTwist], + ec = ECP_ShortW_Prj[Fp2[BLS12_377], G2], ItersMul = ItersMul, moduleName = "test_ec_shortweierstrass_projective_g2_mul_vs_ref_" & $BLS12_377 ) diff --git a/tests/t_ec_shortw_prj_g2_mul_vs_ref_bls12_381.nim b/tests/t_ec_shortw_prj_g2_mul_vs_ref_bls12_381.nim index 811e55c..589f573 100644 --- a/tests/t_ec_shortw_prj_g2_mul_vs_ref_bls12_381.nim +++ b/tests/t_ec_shortw_prj_g2_mul_vs_ref_bls12_381.nim @@ -19,7 +19,7 @@ const ItersMul = Iters div 4 run_EC_mul_vs_ref_impl( - ec = ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist], + ec = ECP_ShortW_Prj[Fp2[BLS12_381], G2], ItersMul = ItersMul, moduleName = "test_ec_shortweierstrass_projective_g2_mul_vs_ref_" & $BLS12_381 ) diff --git a/tests/t_ec_shortw_prj_g2_mul_vs_ref_bn254_snarks.nim b/tests/t_ec_shortw_prj_g2_mul_vs_ref_bn254_snarks.nim index 2595aa9..eaeb7e5 100644 --- a/tests/t_ec_shortw_prj_g2_mul_vs_ref_bn254_snarks.nim +++ b/tests/t_ec_shortw_prj_g2_mul_vs_ref_bn254_snarks.nim @@ -19,7 +19,7 @@ const ItersMul = Iters div 4 run_EC_mul_vs_ref_impl( - ec = ECP_ShortW_Prj[Fp2[BN254_Snarks], OnTwist], + ec = ECP_ShortW_Prj[Fp2[BN254_Snarks], G2], ItersMul = ItersMul, moduleName = "test_ec_shortweierstrass_projective_g2_mul_vs_ref_" & $BN254_Snarks ) diff --git a/tests/t_ec_shortw_prj_g2_mul_vs_ref_bw6_761.nim b/tests/t_ec_shortw_prj_g2_mul_vs_ref_bw6_761.nim index 6c6daf5..3a2ccf9 100644 --- a/tests/t_ec_shortw_prj_g2_mul_vs_ref_bw6_761.nim +++ b/tests/t_ec_shortw_prj_g2_mul_vs_ref_bw6_761.nim @@ -18,7 +18,7 @@ const ItersMul = Iters div 4 run_EC_mul_vs_ref_impl( - ec = ECP_ShortW_Prj[Fp[BW6_761], OnTwist], + ec = ECP_ShortW_Prj[Fp[BW6_761], G2], ItersMul = ItersMul, moduleName = "test_ec_shortweierstrass_projective_g2_mul_vs_ref_" & $BW6_761 ) diff --git a/tests/t_ec_template.nim b/tests/t_ec_template.nim index 8566e7f..bcac647 100644 --- a/tests/t_ec_template.nim +++ b/tests/t_ec_template.nim @@ -55,7 +55,7 @@ func random_point*(rng: var RngState, EC: typedesc, randZ: bool, gen: RandomGen) template pairingGroup(EC: typedesc): string = when EC is (ECP_ShortW_Aff or ECP_ShortW_Prj or ECP_ShortW_Jac): - when EC.Tw == NotOnTwist: + when EC.G == G1: "G1" else: "G2" @@ -426,7 +426,7 @@ proc run_EC_mixed_add_impl*( echo "\n------------------------------------------------------\n" echo moduleName, " xoshiro512** seed: ", seed - when ec.Tw == NotOnTwist: + when ec.G == G1: const G1_or_G2 = "G1" else: const G1_or_G2 = "G2" @@ -439,7 +439,7 @@ proc run_EC_mixed_add_impl*( for _ in 0 ..< Iters: let a = rng.random_point(EC, randZ, gen) let b = rng.random_point(EC, randZ, gen) - var bAff: ECP_ShortW_Aff[EC.F, EC.Tw] + var bAff: ECP_ShortW_Aff[EC.F, EC.G] when b is ECP_ShortW_Prj: bAff.affineFromProjective(b) else: diff --git a/tests/t_hash_to_curve.nim b/tests/t_hash_to_curve.nim index 148543a..7cebf73 100644 --- a/tests/t_hash_to_curve.nim +++ b/tests/t_hash_to_curve.nim @@ -67,8 +67,8 @@ const proc parseHook*(src: string, pos: var int, value: var ECP_ShortW_Aff) = # Note when nim-serialization was used: - # When ECP_ShortW_Aff[Fp[Foo], NotOnTwist] - # and ECP_ShortW_Aff[Fp[Foo], OnTwist] + # When ECP_ShortW_Aff[Fp[Foo], G1] + # and ECP_ShortW_Aff[Fp[Foo], G2] # are generated in the same file (i.e. twists and base curve are both on Fp) # this creates bad codegen, in the C code, the `value`parameter gets the wrong type # TODO: upstream @@ -107,11 +107,11 @@ proc run_hash_to_curve_test( filename: string ) = - when EC.Tw == NotOnTwist: + when EC.G == G1: const G1_or_G2 = "G1" else: const G1_or_G2 = "G2" - let vec = loadVectors(HashToCurveTest[ECP_ShortW_Aff[EC.F, EC.Tw]], filename) + let vec = loadVectors(HashToCurveTest[ECP_ShortW_Aff[EC.F, EC.G]], filename) let testSuiteDesc = "Hash to Curve " & $EC.F.C & " " & G1_or_G2 & " - official specs " & spec_version & " test vectors" @@ -142,7 +142,7 @@ echo "Hash-to-curve" & '\n' # Hash-to-curve v8 to latest # https://github.com/cfrg/draft-irtf-cfrg-hash-to-curve/blob/draft-irtf-cfrg-hash-to-curve-10/poc/vectors/BLS12381G2_XMD:SHA-256_SSWU_RO_.json run_hash_to_curve_test( - ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist], + ECP_ShortW_Prj[Fp2[BLS12_381], G2], "v8", "tv_h2c_v8_BLS12_381_hash_to_G2_SHA256_SSWU_RO.json" ) @@ -150,7 +150,7 @@ run_hash_to_curve_test( # Hash-to-curve v7 (different domain separation tag) # https://github.com/cfrg/draft-irtf-cfrg-hash-to-curve/blob/draft-irtf-cfrg-hash-to-curve-07/poc/vectors/BLS12381G2_XMD:SHA-256_SSWU_RO_.json run_hash_to_curve_test( - ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist], + ECP_ShortW_Prj[Fp2[BLS12_381], G2], "v7", "tv_h2c_v7_BLS12_381_hash_to_G2_SHA256_SSWU_RO.json" ) diff --git a/tests/t_pairing_bls12_377_line_functions.nim b/tests/t_pairing_bls12_377_line_functions.nim index 904817c..c492be6 100644 --- a/tests/t_pairing_bls12_377_line_functions.nim +++ b/tests/t_pairing_bls12_377_line_functions.nim @@ -69,9 +69,9 @@ suite "Pairing - Line Functions on BLS12-377" & " [" & $WordBitwidth & "-bit mod test "Line double - lt,t(P)": proc test_line_double(C: static Curve, randZ: bool, gen: RandomGen) = for _ in 0 ..< Iters: - let P = rng.random_point(ECP_ShortW_Aff[Fp[C], NotOnTwist], gen) - var T = rng.random_point(ECP_ShortW_Prj[Fp2[C], OnTwist], randZ, gen) - let Q = rng.random_point(ECP_ShortW_Prj[Fp2[C], OnTwist], randZ, gen) + let P = rng.random_point(ECP_ShortW_Aff[Fp[C], G1], gen) + var T = rng.random_point(ECP_ShortW_Prj[Fp2[C], G2], randZ, gen) + let Q = rng.random_point(ECP_ShortW_Prj[Fp2[C], G2], randZ, gen) var l: Line[Fp2[C]] var T2: typeof(Q) @@ -91,15 +91,15 @@ suite "Pairing - Line Functions on BLS12-377" & " [" & $WordBitwidth & "-bit mod test "Line add - lt,q(P)": proc test_line_add(C: static Curve, randZ: bool, gen: RandomGen) = for _ in 0 ..< Iters: - let P = rng.random_point(ECP_ShortW_Aff[Fp[C], NotOnTwist], gen) - let Q = rng.random_point(ECP_ShortW_Prj[Fp2[C], OnTwist], randZ, gen) - var T = rng.random_point(ECP_ShortW_Prj[Fp2[C], OnTwist], randZ, gen) + let P = rng.random_point(ECP_ShortW_Aff[Fp[C], G1], gen) + let Q = rng.random_point(ECP_ShortW_Prj[Fp2[C], G2], randZ, gen) + var T = rng.random_point(ECP_ShortW_Prj[Fp2[C], G2], randZ, gen) var l: Line[Fp2[C]] var TQ{.noInit.}: typeof(T) TQ.sum(T, Q) - var Qaff{.noInit.}: ECP_ShortW_Aff[Fp2[C], OnTwist] + var Qaff{.noInit.}: ECP_ShortW_Aff[Fp2[C], G2] Qaff.affineFromProjective(Q) l.line_add(T, Qaff, P) diff --git a/tests/t_pairing_bls12_377_optate.nim b/tests/t_pairing_bls12_377_optate.nim index 4f367e5..4909a60 100644 --- a/tests/t_pairing_bls12_377_optate.nim +++ b/tests/t_pairing_bls12_377_optate.nim @@ -15,7 +15,7 @@ import runPairingTests( 4, BLS12_377, - G1 = ECP_ShortW_Prj[Fp[BLS12_377], NotOnTwist], - G2 = ECP_ShortW_Prj[Fp2[BLS12_377], OnTwist], + G1 = ECP_ShortW_Prj[Fp[BLS12_377], G1], + G2 = ECP_ShortW_Prj[Fp2[BLS12_377], G2], GT = Fp12[BLS12_377], pairing_bls12) diff --git a/tests/t_pairing_bls12_381_line_functions.nim b/tests/t_pairing_bls12_381_line_functions.nim index 808da28..e503708 100644 --- a/tests/t_pairing_bls12_381_line_functions.nim +++ b/tests/t_pairing_bls12_381_line_functions.nim @@ -69,9 +69,9 @@ suite "Pairing - Line Functions on BLS12-381" & " [" & $WordBitwidth & "-bit mod test "Line double - lt,t(P)": proc test_line_double(C: static Curve, randZ: bool, gen: RandomGen) = for _ in 0 ..< Iters: - let P = rng.random_point(ECP_ShortW_Aff[Fp[C], NotOnTwist], gen) - var T = rng.random_point(ECP_ShortW_Prj[Fp2[C], OnTwist], randZ, gen) - let Q = rng.random_point(ECP_ShortW_Prj[Fp2[C], OnTwist], randZ, gen) + let P = rng.random_point(ECP_ShortW_Aff[Fp[C], G1], gen) + var T = rng.random_point(ECP_ShortW_Prj[Fp2[C], G2], randZ, gen) + let Q = rng.random_point(ECP_ShortW_Prj[Fp2[C], G2], randZ, gen) var l: Line[Fp2[C]] var T2: typeof(Q) @@ -91,15 +91,15 @@ suite "Pairing - Line Functions on BLS12-381" & " [" & $WordBitwidth & "-bit mod test "Line add - lt,q(P)": proc test_line_add(C: static Curve, randZ: bool, gen: RandomGen) = for _ in 0 ..< Iters: - let P = rng.random_point(ECP_ShortW_Aff[Fp[C], NotOnTwist], gen) - let Q = rng.random_point(ECP_ShortW_Prj[Fp2[C], OnTwist], randZ, gen) - var T = rng.random_point(ECP_ShortW_Prj[Fp2[C], OnTwist], randZ, gen) + let P = rng.random_point(ECP_ShortW_Aff[Fp[C], G1], gen) + let Q = rng.random_point(ECP_ShortW_Prj[Fp2[C], G2], randZ, gen) + var T = rng.random_point(ECP_ShortW_Prj[Fp2[C], G2], randZ, gen) var l: Line[Fp2[C]] var TQ{.noInit.}: typeof(T) TQ.sum(T, Q) - var Qaff{.noInit.}: ECP_ShortW_Aff[Fp2[C], OnTwist] + var Qaff{.noInit.}: ECP_ShortW_Aff[Fp2[C], G2] Qaff.affineFromProjective(Q) l.line_add(T, Qaff, P) diff --git a/tests/t_pairing_bls12_381_multi.nim b/tests/t_pairing_bls12_381_multi.nim index a384318..8e0557e 100644 --- a/tests/t_pairing_bls12_381_multi.nim +++ b/tests/t_pairing_bls12_381_multi.nim @@ -32,8 +32,8 @@ echo "test_pairing_bls12_381_multi xoshiro512** seed: ", timeseed proc testMultiPairing(rng: var RngState, N: static int) = var - Ps {.noInit.}: array[N, ECP_ShortW_Aff[Fp[BLS12_381], NotOnTwist]] - Qs {.noInit.}: array[N, ECP_ShortW_Aff[Fp2[BLS12_381], OnTwist]] + Ps {.noInit.}: array[N, ECP_ShortW_Aff[Fp[BLS12_381], G1]] + Qs {.noInit.}: array[N, ECP_ShortW_Aff[Fp2[BLS12_381], G2]] GTs {.noInit.}: array[N, Fp12[BLS12_381]] diff --git a/tests/t_pairing_bls12_381_optate.nim b/tests/t_pairing_bls12_381_optate.nim index 5c117b5..49834ef 100644 --- a/tests/t_pairing_bls12_381_optate.nim +++ b/tests/t_pairing_bls12_381_optate.nim @@ -15,7 +15,7 @@ import runPairingTests( 4, BLS12_381, - G1 = ECP_ShortW_Prj[Fp[BLS12_381], NotOnTwist], - G2 = ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist], + G1 = ECP_ShortW_Prj[Fp[BLS12_381], G1], + G2 = ECP_ShortW_Prj[Fp2[BLS12_381], G2], GT = Fp12[BLS12_381], pairing_bls12) diff --git a/tests/t_pairing_bn254_nogami_optate.nim b/tests/t_pairing_bn254_nogami_optate.nim index 4be9a24..4cb399a 100644 --- a/tests/t_pairing_bn254_nogami_optate.nim +++ b/tests/t_pairing_bn254_nogami_optate.nim @@ -15,7 +15,7 @@ import runPairingTests( 4, BN254_Nogami, - G1 = ECP_ShortW_Prj[Fp[BN254_Nogami], NotOnTwist], - G2 = ECP_ShortW_Prj[Fp2[BN254_Nogami], OnTwist], + G1 = ECP_ShortW_Prj[Fp[BN254_Nogami], G1], + G2 = ECP_ShortW_Prj[Fp2[BN254_Nogami], G2], GT = Fp12[BN254_Nogami], pairing_bn) diff --git a/tests/t_pairing_bn254_snarks_optate.nim b/tests/t_pairing_bn254_snarks_optate.nim index 46a5233..dfe11a7 100644 --- a/tests/t_pairing_bn254_snarks_optate.nim +++ b/tests/t_pairing_bn254_snarks_optate.nim @@ -15,7 +15,7 @@ import runPairingTests( 4, BN254_Snarks, - G1 = ECP_ShortW_Prj[Fp[BN254_Snarks], NotOnTwist], - G2 = ECP_ShortW_Prj[Fp2[BN254_Snarks], OnTwist], + G1 = ECP_ShortW_Prj[Fp[BN254_Snarks], G1], + G2 = ECP_ShortW_Prj[Fp2[BN254_Snarks], G2], GT = Fp12[BN254_Snarks], pairing_bn) diff --git a/tests/t_pairing_bw6_761_optate.nim b/tests/t_pairing_bw6_761_optate.nim index 954de38..dfc9dcc 100644 --- a/tests/t_pairing_bw6_761_optate.nim +++ b/tests/t_pairing_bw6_761_optate.nim @@ -15,7 +15,7 @@ import runPairingTests( 4, BW6_761, - G1 = ECP_ShortW_Prj[Fp[BW6_761], NotOnTwist], - G2 = ECP_ShortW_Prj[Fp[BW6_761], OnTwist], + G1 = ECP_ShortW_Prj[Fp[BW6_761], G1], + G2 = ECP_ShortW_Prj[Fp[BW6_761], G2], GT = Fp6[BW6_761], pairing_bw6_761_reference) diff --git a/tests/t_pairing_template.nim b/tests/t_pairing_template.nim index d8f3411..b8051dc 100644 --- a/tests/t_pairing_template.nim +++ b/tests/t_pairing_template.nim @@ -31,14 +31,14 @@ type HighHammingWeight Long01Sequence -template affineType[F; Tw: static Twisted]( - ec: ECP_ShortW_Prj[F, Tw]): type = - ECP_ShortW_Aff[F, Tw] +template affineType[F; G: static Subgroup]( + ec: ECP_ShortW_Prj[F, G]): type = + ECP_ShortW_Aff[F, G] -func clearCofactorReference[F; Tw: static Twisted]( - ec: var ECP_ShortW_Aff[F, Tw]) = +func clearCofactorReference[F; G: static Subgroup]( + ec: var ECP_ShortW_Aff[F, G]) = # For now we don't have any affine operation defined - var t {.noInit.}: ECP_ShortW_Prj[F, Tw] + var t {.noInit.}: ECP_ShortW_Prj[F, G] t.projectiveFromAffine(ec) t.clearCofactorReference() ec.affineFromProjective(t) diff --git a/tests/t_sig_bls_lowlevel.nim b/tests/t_sig_bls_lowlevel.nim index 977b7f5..3b6844e 100644 --- a/tests/t_sig_bls_lowlevel.nim +++ b/tests/t_sig_bls_lowlevel.nim @@ -62,10 +62,10 @@ const BLS12_381_G2_generator_y = Fp2[BLS12_381].fromHex( "3f370d275cec1da1aaa9075ff05f79be" ) -const BLS12_381_G1_generator = ECP_ShortW_Aff[Fp[BLS12_381], NotOnTwist]( +const BLS12_381_G1_generator = ECP_ShortW_Aff[Fp[BLS12_381], G1]( x: BLS12_381_G1_generator_x, y: BLS12_381_G1_generator_y ) -const BLS12_381_G2_generator = ECP_ShortW_Aff[Fp2[BLS12_381], OnTwist]( +const BLS12_381_G2_generator = ECP_ShortW_Aff[Fp2[BLS12_381], G2]( x: BLS12_381_G2_generator_x, y: BLS12_381_G2_generator_y ) @@ -80,22 +80,22 @@ func genSecretKey(rng: var RngState, seckey: var Fr[BLS12_381]) = seckey = rng.random_unsafe(Fr[BLS12_381]) func publicKeyG1( - pubkey: var ECP_ShortW_Aff[Fp[BLS12_381], NotOnTwist], + pubkey: var ECP_ShortW_Aff[Fp[BLS12_381], G1], seckey: Fr[BLS12_381] ) = - var t: ECP_ShortW_Prj[Fp[BLS12_381], NotOnTwist] + var t: ECP_ShortW_Prj[Fp[BLS12_381], G1] t.projectiveFromAffine(BLS12_381_G1_generator) t.scalarMul(seckey.toBig()) pubkey.affineFromprojective(t) doAssert not bool pubkey.isInf() func signG2[T: byte|char]( - signature: var ECP_ShortW_Aff[Fp2[BLS12_381], OnTwist], + signature: var ECP_ShortW_Aff[Fp2[BLS12_381], G2], message: openarray[T], secretKey: Fr[BLS12_381] ) = doAssert not bool secretKey.isZero() - var t: ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist] + var t: ECP_ShortW_Prj[Fp2[BLS12_381], G2] hashToCurve( H = sha256, k = 128, output = t, @@ -108,15 +108,15 @@ func signG2[T: byte|char]( doAssert not bool signature.isInf() func verifyG2[T: byte|char]( - pubkey: ECP_ShortW_Aff[Fp[BLS12_381], NotOnTwist], + pubkey: ECP_ShortW_Aff[Fp[BLS12_381], G1], message: openarray[T], - signature: ECP_ShortW_Aff[Fp2[BLS12_381], OnTwist] + signature: ECP_ShortW_Aff[Fp2[BLS12_381], G2] ): SecretBool = doAssert not pubkey.isInf.bool doAssert not signature.isInf.bool var Q {.noinit.}: typeof(signature) - var Qprj {.noInit.}: ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist] + var Qprj {.noInit.}: ECP_ShortW_Prj[Fp2[BLS12_381], G2] hashToCurve( H = sha256, k = 128, output = Qprj, @@ -133,14 +133,14 @@ func verifyG2[T: byte|char]( return e0 == e1 func verifyG2_multi[T: byte|char]( - pubkey: ECP_ShortW_Aff[Fp[BLS12_381], NotOnTwist], + pubkey: ECP_ShortW_Aff[Fp[BLS12_381], G1], message: openarray[T], - signature: ECP_ShortW_Aff[Fp2[BLS12_381], OnTwist] + signature: ECP_ShortW_Aff[Fp2[BLS12_381], G2] ): SecretBool = doAssert not pubkey.isInf.bool doAssert not signature.isInf.bool - var Qprj {.noInit.}: ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist] + var Qprj {.noInit.}: ECP_ShortW_Prj[Fp2[BLS12_381], G2] hashToCurve( H = sha256, k = 128, output = Qprj, @@ -149,8 +149,8 @@ func verifyG2_multi[T: byte|char]( domainSepTag = DomainSepTag ) - var G2s: array[2, ECP_ShortW_Aff[Fp2[BLS12_381], OnTwist]] - var G1s: array[2, ECP_ShortW_Aff[Fp[BLS12_381], NotOnTwist]] + var G2s: array[2, ECP_ShortW_Aff[Fp2[BLS12_381], G2]] + var G1s: array[2, ECP_ShortW_Aff[Fp[BLS12_381], G1]] G1s[0] = pubkey G2s[0].affineFromprojective(Qprj) @@ -166,9 +166,9 @@ func verifyG2_multi[T: byte|char]( proc bls_signature_test(rng: var RngState, i: int) = var seckey: Fr[BLS12_381] - pubkey: ECP_ShortW_Aff[Fp[BLS12_381], NotOnTwist] + pubkey: ECP_ShortW_Aff[Fp[BLS12_381], G1] message = rng.random_byte_seq(length = i) - signature: ECP_ShortW_Aff[Fp2[BLS12_381], OnTwist] + signature: ECP_ShortW_Aff[Fp2[BLS12_381], G2] rng.genSecretKey(seckey) pubkey.publicKeyG1(seckey)