From d04ccdd578aad32bcf8f62c5359bdd5d8dd33b67 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mamy=20Andr=C3=A9-Ratsimbazafy?= Date: Sun, 27 Sep 2020 16:01:31 +0200 Subject: [PATCH] Move the cubic root to GLV files --- constantine.nimble | 3 +- constantine/config/curves.nim | 10 ------- constantine/config/curves_declaration.nim | 5 ---- constantine/config/curves_derived.nim | 28 ------------------- constantine/config/curves_parser.nim | 21 -------------- constantine/curves/bls12_377_glv.nim | 7 +++-- constantine/curves/bls12_381_glv.nim | 7 +++-- constantine/curves/bn254_snarks_glv.nim | 7 +++-- constantine/curves/constants_glv.nim | 4 +++ ...{t_precomputed.nim => t_fp_cubic_root.nim} | 15 ++-------- 10 files changed, 23 insertions(+), 84 deletions(-) rename tests/{t_precomputed.nim => t_fp_cubic_root.nim} (71%) diff --git a/constantine.nimble b/constantine.nimble index cda47e9..3f4d3e4 100644 --- a/constantine.nimble +++ b/constantine.nimble @@ -33,8 +33,7 @@ const testDesc: seq[tuple[path: string, useGMP: bool]] = @[ ("tests/t_finite_fields_sqrt.nim", false), ("tests/t_finite_fields_powinv.nim", false), ("tests/t_finite_fields_vs_gmp.nim", true), - # Precompute - ("tests/t_precomputed", false), + ("tests/t_fp_cubic_root.nim", false), # Double-width finite fields ("tests/t_finite_fields_double_width.nim", false), # Towers of extension fields diff --git a/constantine/config/curves.nim b/constantine/config/curves.nim index 83629d1..0d62c62 100644 --- a/constantine/config/curves.nim +++ b/constantine/config/curves.nim @@ -175,16 +175,6 @@ macro getBN_param_6u_minus_1_BE*(C: static Curve): untyped = ## of a BN curve in canonical big-endian representation result = bindSym($C & "_BN_6u_minus_1_BE") -# Endomorphism -# ------------------------------------------------------- -macro getCubicRootOfUnity_mod_p*(C: static Curve): untyped = - ## Get a non-trivial cubic root of unity (mod p) with p the prime field - result = bindSym($C & "_cubicRootOfUnity_mod_p") - -macro getCubicRootOfUnity_mod_r*(C: static Curve): untyped = - ## Get a non-trivial cubic root of unity (mod r) with r the curve order - result = bindSym($C & "_cubicRootOfUnity_mod_r") - # ############################################################ # # Debug info printed at compile-time diff --git a/constantine/config/curves_declaration.nim b/constantine/config/curves_declaration.nim index b54539f..68c1a71 100644 --- a/constantine/config/curves_declaration.nim +++ b/constantine/config/curves_declaration.nim @@ -104,9 +104,6 @@ declareCurves: family: BarretoNaehrig bn_u_bitwidth: 63 bn_u: "0x44e992b44a6909f1" # u: 4965661367192848881 - cubicRootOfUnity_modP: "0x30644e72e131a0295e6dd9e7e0acccb0c28f069fbb966e3de4bd44e5607cfd48" - # For sanity checks - cubicRootOfUnity_modR: "0x30644e72e131a029048b6e193fd84104cc37a73fec2bc5e9b8ca0b2d36636f23" # G1 Equation: Y^2 = X^3 + 3 # G2 Equation: Y^2 = X^3 + 3/(9+𝑖) @@ -140,7 +137,6 @@ declareCurves: family: BarretoLynnScott # u: 3 * 2^46 * (7 * 13 * 499) + 1 # u: 0x8508c00000000001 - cubicRootOfUnity_mod_p: "0x9b3af05dd14f6ec619aaf7d34594aabc5ed1347970dec00452217cc900000008508c00000000001" # G1 Equation: y² = x³ + 1 # G2 Equation: y² = x³ + 1/ with 𝑗 = √-5 @@ -160,7 +156,6 @@ declareCurves: modulus: "0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaaab" family: BarretoLynnScott # u: -(2^63 + 2^62 + 2^60 + 2^57 + 2^48 + 2^16) - cubicRootOfUnity_mod_p: "0x1a0111ea397fe699ec02408663d4de85aa0d857d89759ad4897d29650fb85f9b409427eb4f49fffd8bfd00000000aaac" # G1 Equation: y² = x³ + 4 # G2 Equation: y² = x³ + 4 (1+i) diff --git a/constantine/config/curves_derived.nim b/constantine/config/curves_derived.nim index 93805d4..4c1d49e 100644 --- a/constantine/config/curves_derived.nim +++ b/constantine/config/curves_derived.nim @@ -124,34 +124,6 @@ macro genDerivedConstants*(): untyped = ) ) - # const MyCurve_cubicRootOfUnity_mod_p - block: - let cubicHex = ident(curve & "_cubicRootOfUnity_modP_Hex") - let cubic = used(curve & "_cubicRootOfUnity_mod_p") - let M = bindSym(curve & "_Modulus") - let r2modM = ident(curve & "_R2modP") - let m0ninv = ident(curve & "_NegInvModWord") - result.add quote do: - when declared(`cubicHex`): - const `cubic` = block: - var cubic: Fp[Curve(`curveSym`)] - montyResidue_precompute( - cubic.mres, - fromHex(cubic.mres.typeof, `cubicHex`), - `M`, `r2modM`, `m0ninv` - ) - cubic - # const MyCurve_cubicRootOfUnity_mod_r - block: # For scalar decomposition sanity checks - let cubicHex = ident(curve & "_cubicRootOfUnity_modR_Hex") - let cubic = used(curve & "_cubicRootOfUnity_mod_r") - let getCurveOrderBitwidth = ident"getCurveOrderBitwidth" - result.add quote do: - when declared(`cubicHex`): - const `cubic` = fromHex(BigInt[ - `getCurveOrderBitwidth`(Curve(`curveSym`)) - ], `cubicHex`) - if CurveFamilies[curveSym] == BarretoNaehrig: # when declared(MyCurve_BN_param_u): # const MyCurve_BN_u_BE = toCanonicalIntRepr(MyCurve_BN_param_u) diff --git a/constantine/config/curves_parser.nim b/constantine/config/curves_parser.nim index eba05cb..674383e 100644 --- a/constantine/config/curves_parser.nim +++ b/constantine/config/curves_parser.nim @@ -109,10 +109,6 @@ type sexticTwist: SexticTwist sexticNonResidue_fp2: NimNode # nnkPar(nnkIntLit, nnkIntLit) - # Endomorphisms - cubicRootOfUnity_modP: NimNode # nnkStrLit - cubicRootOfUnity_modR: NimNode # nnkStrLit - family: CurveFamily # BN family # ------------------------ @@ -186,10 +182,6 @@ proc parseCurveDecls(defs: var seq[CurveParams], curves: NimNode) = params.bn_u_bitwidth = sectionVal elif sectionId.eqIdent"bn_u": params.bn_u = sectionVal - elif sectionId.eqident"cubicRootOfUnity_modP": - params.cubicRootOfUnity_modP = sectionVal - elif sectionId.eqident"cubicRootOfUnity_modR": - params.cubicRootOfUnity_modR = sectionVal elif sectionId.eqIdent"eq_form": params.eq_form = parseEnum[CurveEquationForm]($sectionVal) elif sectionId.eqIdent"coef_a": @@ -323,19 +315,6 @@ proc genMainConstants(defs: var seq[CurveParams]): NimNode = curveDef.sexticNonResidue_fp2 ) - # Endomorphisms - # ----------------------------------------------- - if not curveDef.cubicRootOfUnity_modP.isNil: - curveExtraStmts.add newConstStmt( - exported($curve & "_cubicRootOfUnity_modP_Hex"), - curveDef.cubicRootOfUnity_modP - ) - if not curveDef.cubicRootOfUnity_modR.isNil: - curveExtraStmts.add newConstStmt( - exported($curve & "_cubicRootOfUnity_modR_Hex"), - curveDef.cubicRootOfUnity_modR - ) - # BN curves # ----------------------------------------------- if family == BarretoNaehrig: diff --git a/constantine/curves/bls12_377_glv.nim b/constantine/curves/bls12_377_glv.nim index e7bc97b..b232fd6 100644 --- a/constantine/curves/bls12_377_glv.nim +++ b/constantine/curves/bls12_377_glv.nim @@ -7,12 +7,15 @@ # at your option. This file may not be copied, modified, or distributed except according to those terms. import - ../config/type_bigint, - ../io/io_bigints + ../config/[curves, type_bigint, type_fp], + ../io/[io_bigints, io_fields] # BLS12-377 G1 # ---------------------------------------------------------------------------------------- +const BLS12_377_cubicRootofUnity_mod_p* = + Fp[BLS12_377].fromHex"0x9b3af05dd14f6ec619aaf7d34594aabc5ed1347970dec00452217cc900000008508c00000000001" + const Lattice_BLS12_377_G1* = ( # (BigInt, isNeg) ((BigInt[127].fromHex"0x452217cc900000010a11800000000000", false), # u² - 1 diff --git a/constantine/curves/bls12_381_glv.nim b/constantine/curves/bls12_381_glv.nim index 0fe92ee..e1b9106 100644 --- a/constantine/curves/bls12_381_glv.nim +++ b/constantine/curves/bls12_381_glv.nim @@ -7,12 +7,15 @@ # at your option. This file may not be copied, modified, or distributed except according to those terms. import - ../config/type_bigint, - ../io/io_bigints + ../config/[curves, type_bigint, type_fp], + ../io/[io_bigints, io_fields] # BLS12-381 G1 # ---------------------------------------------------------------------------------------- +const BLS12_381_cubicRootOfUnity_mod_p* = + Fp[BLS12_381].fromHex"0x1a0111ea397fe699ec02408663d4de85aa0d857d89759ad4897d29650fb85f9b409427eb4f49fffd8bfd00000000aaac" + const Lattice_BLS12_381_G1* = ( # (BigInt, isNeg) ((BigInt[128].fromHex"0xac45a4010001a40200000000ffffffff", false), # u² - 1 diff --git a/constantine/curves/bn254_snarks_glv.nim b/constantine/curves/bn254_snarks_glv.nim index 1e7157c..191f344 100644 --- a/constantine/curves/bn254_snarks_glv.nim +++ b/constantine/curves/bn254_snarks_glv.nim @@ -7,12 +7,15 @@ # at your option. This file may not be copied, modified, or distributed except according to those terms. import - ../config/type_bigint, - ../io/io_bigints + ../config/[curves, type_bigint, type_fp], + ../io/[io_bigints, io_fields] # BN254 Snarks G1 # ---------------------------------------------------------------------------------------- +const BN254_Snarks_cubicRootofUnity_mod_p* = + Fp[BN254_Snarks].fromHex"0x30644e72e131a0295e6dd9e7e0acccb0c28f069fbb966e3de4bd44e5607cfd48" + # Chapter 6.3.1 - Guide to Pairing-based Cryptography const Lattice_BN254_Snarks_G1* = ( # Curve of order 254 -> mini scalars of size 127 diff --git a/constantine/curves/constants_glv.nim b/constantine/curves/constants_glv.nim index 4216af2..3e76f10 100644 --- a/constantine/curves/constants_glv.nim +++ b/constantine/curves/constants_glv.nim @@ -29,3 +29,7 @@ template lattice*(F: typedesc[Fp or Fp2]): untyped = const G = if F is Fp: "G1" else: "G2" dispatch("Lattice_", F.C, G) + +macro getCubicRootOfUnity_mod_p*(C: static Curve): untyped = + ## Get a non-trivial cubic root of unity (mod p) with p the prime field + result = bindSym($C & "_cubicRootOfUnity_mod_p") diff --git a/tests/t_precomputed.nim b/tests/t_fp_cubic_root.nim similarity index 71% rename from tests/t_precomputed.nim rename to tests/t_fp_cubic_root.nim index 0518937..422f9d3 100644 --- a/tests/t_precomputed.nim +++ b/tests/t_fp_cubic_root.nim @@ -10,7 +10,7 @@ import std/unittest, ../constantine/config/common, ../constantine/arithmetic, ../constantine/config/curves, - ../constantine/io/[io_bigints, io_fields] + ../constantine/curves/constants_glv echo "\n------------------------------------------------------\n" @@ -22,19 +22,10 @@ proc checkCubeRootOfUnity(curve: static Curve) = check: bool cru.isOne() - test $curve & " cube root of unity (mod r)": - var cru: BigInt[3 * curve.getCurveOrderBitwidth()] - cru.prod(curve.getCubicRootOfUnity_mod_r(), curve.getCubicRootOfUnity_mod_r()) - cru.mul(curve.getCubicRootOfUnity_mod_r()) - - var r: BigInt[curve.getCurveOrderBitwidth()] - r.reduce(cru, curve.getCurveOrder) - - check: bool r.isOne() - proc main() = suite "Sanity checks on precomputed values" & " [" & $WordBitwidth & "-bit mode]": checkCubeRootOfUnity(BN254_Snarks) - # checkCubeRootOfUnity(BLS12_381) + checkCubeRootOfUnity(BLS12_377) + checkCubeRootOfUnity(BLS12_381) main()