codex-storage
/
constantine
mirror of https://github.com/codex-storage/constantine.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Move the cubic root to GLV files

This commit is contained in:
Mamy André-Ratsimbazafy 2020-09-27 16:01:31 +02:00
parent 34eb6fcfbd
commit d04ccdd578
No known key found for this signature in database
GPG Key ID: 7B88AD1FE79492E1
10 changed files with 23 additions and 84 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
constantine.nimble
View File

@ -33,8 +33,7 @@ const testDesc: seq[tuple[path: string, useGMP: bool]] = @[
("tests/t_finite_fields_sqrt.nim", false), ("tests/t_finite_fields_sqrt.nim", false),
("tests/t_finite_fields_powinv.nim", false), ("tests/t_finite_fields_powinv.nim", false),
("tests/t_finite_fields_vs_gmp.nim", true), ("tests/t_finite_fields_vs_gmp.nim", true),
# Precompute ("tests/t_fp_cubic_root.nim", false),
("tests/t_precomputed", false),
# Double-width finite fields # Double-width finite fields
("tests/t_finite_fields_double_width.nim", false), ("tests/t_finite_fields_double_width.nim", false),
# Towers of extension fields # Towers of extension fields

10
constantine/config/curves.nim
View File

@ -175,16 +175,6 @@ macro getBN_param_6u_minus_1_BE*(C: static Curve): untyped =
## of a BN curve in canonical big-endian representation ## of a BN curve in canonical big-endian representation
result = bindSym($C & "_BN_6u_minus_1_BE") result = bindSym($C & "_BN_6u_minus_1_BE")
# Endomorphism
# -------------------------------------------------------
macro getCubicRootOfUnity_mod_p*(C: static Curve): untyped =
## Get a non-trivial cubic root of unity (mod p) with p the prime field
result = bindSym($C & "_cubicRootOfUnity_mod_p")
macro getCubicRootOfUnity_mod_r*(C: static Curve): untyped =
## Get a non-trivial cubic root of unity (mod r) with r the curve order
result = bindSym($C & "_cubicRootOfUnity_mod_r")
# ############################################################ # ############################################################
# #
# Debug info printed at compile-time # Debug info printed at compile-time

5
constantine/config/curves_declaration.nim
View File

@ -104,9 +104,6 @@ declareCurves:
family: BarretoNaehrig family: BarretoNaehrig
bn_u_bitwidth: 63 bn_u_bitwidth: 63
bn_u: "0x44e992b44a6909f1" # u: 4965661367192848881 bn_u: "0x44e992b44a6909f1" # u: 4965661367192848881
cubicRootOfUnity_modP: "0x30644e72e131a0295e6dd9e7e0acccb0c28f069fbb966e3de4bd44e5607cfd48"
# For sanity checks
cubicRootOfUnity_modR: "0x30644e72e131a029048b6e193fd84104cc37a73fec2bc5e9b8ca0b2d36636f23"
# G1 Equation: Y^2 = X^3 + 3 # G1 Equation: Y^2 = X^3 + 3
# G2 Equation: Y^2 = X^3 + 3/(9+𝑖) # G2 Equation: Y^2 = X^3 + 3/(9+𝑖)
@ -140,7 +137,6 @@ declareCurves:
family: BarretoLynnScott family: BarretoLynnScott
# u: 3 * 2^46 * (7 * 13 * 499) + 1 # u: 3 * 2^46 * (7 * 13 * 499) + 1
# u: 0x8508c00000000001 # u: 0x8508c00000000001
cubicRootOfUnity_mod_p: "0x9b3af05dd14f6ec619aaf7d34594aabc5ed1347970dec00452217cc900000008508c00000000001"
# G1 Equation: y² = x³ + 1 # G1 Equation: y² = x³ + 1
# G2 Equation: y² = x³ + 1/ with 𝑗 = √-5 # G2 Equation: y² = x³ + 1/ with 𝑗 = √-5
@ -160,7 +156,6 @@ declareCurves:
modulus: "0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaaab" modulus: "0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaaab"
family: BarretoLynnScott family: BarretoLynnScott
# u: -(2^63 + 2^62 + 2^60 + 2^57 + 2^48 + 2^16) # u: -(2^63 + 2^62 + 2^60 + 2^57 + 2^48 + 2^16)
cubicRootOfUnity_mod_p: "0x1a0111ea397fe699ec02408663d4de85aa0d857d89759ad4897d29650fb85f9b409427eb4f49fffd8bfd00000000aaac"
# G1 Equation: y² = x³ + 4 # G1 Equation: y² = x³ + 4
# G2 Equation: y² = x³ + 4 (1+i) # G2 Equation: y² = x³ + 4 (1+i)

28
constantine/config/curves_derived.nim
View File

@ -124,34 +124,6 @@ macro genDerivedConstants*(): untyped =
) )
) )
# const MyCurve_cubicRootOfUnity_mod_p
block:
let cubicHex = ident(curve & "_cubicRootOfUnity_modP_Hex")
let cubic = used(curve & "_cubicRootOfUnity_mod_p")
let M = bindSym(curve & "_Modulus")
let r2modM = ident(curve & "_R2modP")
let m0ninv = ident(curve & "_NegInvModWord")
result.add quote do:
when declared(`cubicHex`):
const `cubic` = block:
var cubic: Fp[Curve(`curveSym`)]
montyResidue_precompute(
cubic.mres,
fromHex(cubic.mres.typeof, `cubicHex`),
`M`, `r2modM`, `m0ninv`
)
cubic
# const MyCurve_cubicRootOfUnity_mod_r
block: # For scalar decomposition sanity checks
let cubicHex = ident(curve & "_cubicRootOfUnity_modR_Hex")
let cubic = used(curve & "_cubicRootOfUnity_mod_r")
let getCurveOrderBitwidth = ident"getCurveOrderBitwidth"
result.add quote do:
when declared(`cubicHex`):
const `cubic` = fromHex(BigInt[
`getCurveOrderBitwidth`(Curve(`curveSym`))
], `cubicHex`)
if CurveFamilies[curveSym] == BarretoNaehrig: if CurveFamilies[curveSym] == BarretoNaehrig:
# when declared(MyCurve_BN_param_u): # when declared(MyCurve_BN_param_u):
# const MyCurve_BN_u_BE = toCanonicalIntRepr(MyCurve_BN_param_u) # const MyCurve_BN_u_BE = toCanonicalIntRepr(MyCurve_BN_param_u)

21
constantine/config/curves_parser.nim
View File

@ -109,10 +109,6 @@ type
sexticTwist: SexticTwist sexticTwist: SexticTwist
sexticNonResidue_fp2: NimNode # nnkPar(nnkIntLit, nnkIntLit) sexticNonResidue_fp2: NimNode # nnkPar(nnkIntLit, nnkIntLit)
# Endomorphisms
cubicRootOfUnity_modP: NimNode # nnkStrLit
cubicRootOfUnity_modR: NimNode # nnkStrLit
family: CurveFamily family: CurveFamily
# BN family # BN family
# ------------------------ # ------------------------
@ -186,10 +182,6 @@ proc parseCurveDecls(defs: var seq[CurveParams], curves: NimNode) =
params.bn_u_bitwidth = sectionVal params.bn_u_bitwidth = sectionVal
elif sectionId.eqIdent"bn_u": elif sectionId.eqIdent"bn_u":
params.bn_u = sectionVal params.bn_u = sectionVal
elif sectionId.eqident"cubicRootOfUnity_modP":
params.cubicRootOfUnity_modP = sectionVal
elif sectionId.eqident"cubicRootOfUnity_modR":
params.cubicRootOfUnity_modR = sectionVal
elif sectionId.eqIdent"eq_form": elif sectionId.eqIdent"eq_form":
params.eq_form = parseEnum[CurveEquationForm]($sectionVal) params.eq_form = parseEnum[CurveEquationForm]($sectionVal)
elif sectionId.eqIdent"coef_a": elif sectionId.eqIdent"coef_a":
@ -323,19 +315,6 @@ proc genMainConstants(defs: var seq[CurveParams]): NimNode =
curveDef.sexticNonResidue_fp2 curveDef.sexticNonResidue_fp2
) )
# Endomorphisms
# -----------------------------------------------
if not curveDef.cubicRootOfUnity_modP.isNil:
curveExtraStmts.add newConstStmt(
exported($curve & "_cubicRootOfUnity_modP_Hex"),
curveDef.cubicRootOfUnity_modP
)
if not curveDef.cubicRootOfUnity_modR.isNil:
curveExtraStmts.add newConstStmt(
exported($curve & "_cubicRootOfUnity_modR_Hex"),
curveDef.cubicRootOfUnity_modR
)
# BN curves # BN curves
# ----------------------------------------------- # -----------------------------------------------
if family == BarretoNaehrig: if family == BarretoNaehrig:

7
constantine/curves/bls12_377_glv.nim
View File

@ -7,12 +7,15 @@
# at your option. This file may not be copied, modified, or distributed except according to those terms. # at your option. This file may not be copied, modified, or distributed except according to those terms.
import import
../config/type_bigint, ../config/[curves, type_bigint, type_fp],
../io/io_bigints ../io/[io_bigints, io_fields]
# BLS12-377 G1 # BLS12-377 G1
# ---------------------------------------------------------------------------------------- # ----------------------------------------------------------------------------------------
const BLS12_377_cubicRootofUnity_mod_p* =
Fp[BLS12_377].fromHex"0x9b3af05dd14f6ec619aaf7d34594aabc5ed1347970dec00452217cc900000008508c00000000001"
const Lattice_BLS12_377_G1* = ( const Lattice_BLS12_377_G1* = (
# (BigInt, isNeg) # (BigInt, isNeg)
((BigInt[127].fromHex"0x452217cc900000010a11800000000000", false), # u² - 1 ((BigInt[127].fromHex"0x452217cc900000010a11800000000000", false), # u² - 1

7
constantine/curves/bls12_381_glv.nim
View File

@ -7,12 +7,15 @@
# at your option. This file may not be copied, modified, or distributed except according to those terms. # at your option. This file may not be copied, modified, or distributed except according to those terms.
import import
../config/type_bigint, ../config/[curves, type_bigint, type_fp],
../io/io_bigints ../io/[io_bigints, io_fields]
# BLS12-381 G1 # BLS12-381 G1
# ---------------------------------------------------------------------------------------- # ----------------------------------------------------------------------------------------
const BLS12_381_cubicRootOfUnity_mod_p* =
Fp[BLS12_381].fromHex"0x1a0111ea397fe699ec02408663d4de85aa0d857d89759ad4897d29650fb85f9b409427eb4f49fffd8bfd00000000aaac"
const Lattice_BLS12_381_G1* = ( const Lattice_BLS12_381_G1* = (
# (BigInt, isNeg) # (BigInt, isNeg)
((BigInt[128].fromHex"0xac45a4010001a40200000000ffffffff", false), # u² - 1 ((BigInt[128].fromHex"0xac45a4010001a40200000000ffffffff", false), # u² - 1

7
constantine/curves/bn254_snarks_glv.nim
View File

@ -7,12 +7,15 @@
# at your option. This file may not be copied, modified, or distributed except according to those terms. # at your option. This file may not be copied, modified, or distributed except according to those terms.
import import
../config/type_bigint, ../config/[curves, type_bigint, type_fp],
../io/io_bigints ../io/[io_bigints, io_fields]
# BN254 Snarks G1 # BN254 Snarks G1
# ---------------------------------------------------------------------------------------- # ----------------------------------------------------------------------------------------
const BN254_Snarks_cubicRootofUnity_mod_p* =
Fp[BN254_Snarks].fromHex"0x30644e72e131a0295e6dd9e7e0acccb0c28f069fbb966e3de4bd44e5607cfd48"
# Chapter 6.3.1 - Guide to Pairing-based Cryptography # Chapter 6.3.1 - Guide to Pairing-based Cryptography
const Lattice_BN254_Snarks_G1* = ( const Lattice_BN254_Snarks_G1* = (
# Curve of order 254 -> mini scalars of size 127 # Curve of order 254 -> mini scalars of size 127

4
constantine/curves/constants_glv.nim
View File

@ -29,3 +29,7 @@ template lattice*(F: typedesc[Fp or Fp2]): untyped =
const G = if F is Fp: "G1" const G = if F is Fp: "G1"
else: "G2" else: "G2"
dispatch("Lattice_", F.C, G) dispatch("Lattice_", F.C, G)
macro getCubicRootOfUnity_mod_p*(C: static Curve): untyped =
## Get a non-trivial cubic root of unity (mod p) with p the prime field
result = bindSym($C & "_cubicRootOfUnity_mod_p")

15
tests/t_precomputed.nim → tests/t_fp_cubic_root.nim
View File

@ -10,7 +10,7 @@ import std/unittest,
../constantine/config/common, ../constantine/config/common,
../constantine/arithmetic, ../constantine/arithmetic,
../constantine/config/curves, ../constantine/config/curves,
../constantine/io/[io_bigints, io_fields] ../constantine/curves/constants_glv
echo "\n------------------------------------------------------\n" echo "\n------------------------------------------------------\n"
@ -22,19 +22,10 @@ proc checkCubeRootOfUnity(curve: static Curve) =
check: bool cru.isOne() check: bool cru.isOne()
test $curve & " cube root of unity (mod r)":
var cru: BigInt[3 * curve.getCurveOrderBitwidth()]
cru.prod(curve.getCubicRootOfUnity_mod_r(), curve.getCubicRootOfUnity_mod_r())
cru.mul(curve.getCubicRootOfUnity_mod_r())
var r: BigInt[curve.getCurveOrderBitwidth()]
r.reduce(cru, curve.getCurveOrder)
check: bool r.isOne()
proc main() = proc main() =
suite "Sanity checks on precomputed values" & " [" & $WordBitwidth & "-bit mode]": suite "Sanity checks on precomputed values" & " [" & $WordBitwidth & "-bit mode]":
checkCubeRootOfUnity(BN254_Snarks) checkCubeRootOfUnity(BN254_Snarks)
# checkCubeRootOfUnity(BLS12_381) checkCubeRootOfUnity(BLS12_377)
checkCubeRootOfUnity(BLS12_381)
main() main()