* Example+Test C API vs GMP
* Create build directory for bindings test
* --nimMainPrefix is 1.6 only
* Add libdl for dynamic loading
* absolute paths
* add static link test
* Fix man main, rename Nimmain to init_NimMain
* Deal with MacOS annoying linker w.r.t. static libraries
* use .exe extension to satisfy windows (?)
* annoying GCC which doesn't create paths
* Try skipping DLL test on windows
* windows extensions ...
* no lib prefix on windows
* Try to compile with GMP on windows and 32-bit linux
* remove leftover msys shell
* Don't use GMP Mersenne Twister, bad randomness and untested Nim wrapper
* properly cache nim
* fix path after cache
* run pacman in msys2 env
* rework msys2 ... again
* shell compat for file clearing
* shell compat try-again for file clearing
* force bash for clearing parallel builds on windows
* Use nimscript directly (why didn't it work last time?)
* Avoid IO redirection to support any shell
* Avoid IO redirection v2 to support any shell
* add debug data
* add debug again
* Introduce pararun, a parallel test runner to remove need of GNU parallel
* pararun: style
* First draft at bindings generation
* finite field bindings PoC
* support openarray, export NimMain
* PoC extension fields and elliptic curve bindings
* Pasta
* expose more bindings, remove nimZeroMem, remove tracer when unused, codegen name_mangling`gensym issue
* workaround bad C gensym codegen with {.inline.} pragma in non-dirty template nested in generic proc instantiated by template
* try 1.6 CI
* Try CI with 1.6 and windows.
* Bend the knee
* have fun debugging CI
* have fun debugging CI
* more CI spam
* branch -> nim_version
* fight or flight
* properly detect windows
* Fix galore
* 🐍🐍 snake:
* meh give up on parallelizing windows and dealing with windows PATH issues
* ¯\_ (ツ)_/¯
* split modular inversion in its own file
* Stash fast GCD inversion https://eprint.iacr.org/2020/972.pdf
* Stash Pornin's bingcd -> issue with inner modular reduction
* Implement Bernstein-Yang inversion
* Avoid Nim checks on signed integers (32-bit runtime issue)
* cleanup: remove old inversion impls
* cleanup: static moduli, move div2
* small comments (skip ci)
* comment cleanup (skip ci)
* fix total iterations on 32-bit
* Add batch conversion to affine coordinates using simultaneous inversion trick
* fix conditional setZero and batchAffine conversion
* cleanup unneeded branches following affine conversion unification
* Fix batchAffine with zero inputs and add fuzz failure to test suite
* Move cofactor clearing to dedicated per-curve subgroups file
* Add BLS12-381 fast subgroup checks
* Implement fast cofactor clearing for BN254_snarks
* Add fast subgroup check to BN254Snarks
* add BLS12_377 optimized cofactor and subgroup functions
* Add BN254_Nogami
* Add GT-subgroup tests
* Use the new subgroup checks for Eth1 EVM precompiles
* Point decoding: optimized sqrt for p ≡ 5 (mod 8) (Curve25519)
* Implement fused sqrt(u/v) for twisted edwards point deserialization
* Introduce twisted edwards affine
* Allow declaration of curve field elements (and fight against recursive dependencies
* Twisted edwards group law + tests
* Add support for jubjub and bandersnatch #162
* test twisted edwards scalar mul
* Hash to Curve: impl expand_message_xmd
* Try to precompute part of hash to curve at compile-time
* sha256 bench - use the new hashes module
* [WIP] smoke test hash to field
* Implement hash_to_field with expected output
* unoptimized hash-to-curve G2 for BLS12-381
* Don't run sanitizer on hash to field as it uses GC-ed strings
* Pairing with affine: align API to BLST and Gurvy and common use-case.
* Implement multi-pairing / aggregate verif for BLS12-381 (+2% pairing perf)
* Generalize the optimized miller loop for single pairing
* Immplement the miller loop addchain for BLS12-377
* Miller addition chain for BN254-Nogami
* no Miller adchain for BN254-Snarks
* Update the line test with new tower https://github.com/mratsim/constantine/pull/153
* Somewhat sparse for Fp2 M-Twist
* Implement line by line multiplication for Fp12 D-Twist
* Somewhat sparse Mul for Fp12 D-Twist
* Finish the sparse and somewhat sparse multiplications
* consistent naming for dbl-width
* Isolate double-width Fp2 mul
* Implement double-width complex multiplication
* Lay out Fp4 double-width mul
* Off by p in square Fp4 as well :/
* less copies and stack space in addition chains
* Address https://github.com/mratsim/constantine/issues/154 partly
* Fix#154, faster Fp4 square: less non-residue, no Mul, only square (bit more ops total)
* Fix typo
* better assembly scheduling for add/sub
* Double-width -> Double-precision
* Unred -> Unr
* double-precision modular addition
* Replace canUseNoCarryMontyMul and canUseNoCarryMontySquare by getSpareBits
* Complete the double-precision implementation
* Use double-precision path for Fp4 squaring and mul
* remove mixin annotations
* Lazy reduction in Fp4 prod
* Fix assembly for sum2xMod
* Assembly for double-precision negation
* reduce white spaces in pairing benchmarks
* ADX implies BMI2
* Fix#114 - Negating 0 left the prime modulus, which is working most of the time for everything except for comparison. (also somehow triggers and workaround weird compiler bug where exceptions tracking is activated in macros and all the curve enums were stringified as their ordinal value)
* https://github.com/mratsim/constantine/issues/136 was also fixed, add to anti-regression
* add comment in test
* Fix the pure Nim fallback as well
* Pin nim-serialization. Workaround #113 and https://github.com/status-im/nim-serialization/issues/33
* Need to workaround nimble installing dependency multiple times
* non-interactive
* UB sanitizer missing on mingw
* Fix OpenSSL benchmark on non-Linux platforms
* Accelerate CI:
- Skip 32-bit on 64-bit tests
- Only test leaf functionality.
* Don't define -fstack-protector-all with MinGW
* skip line functions and cyclotomic tests (already tested in pairing) + only compile the benches don't run them.
* Implement a Sage codegenerator for frobenius constants
* Sage codegen for pairings
* Autogen of endomorphism acceleration constants
* The autogen fixed a copy-paste bug in lattice decomposition. We can use conditional negation now and save an add+dbl in scalar mul
* small fixes
* sage code for square root bls12-377 is not old
* readme updates
* Provide test suggestions for derive_frobenius
* indentation + add equation form to sage
* Sage test vector generator
* Use the json vectors
- includes type system workaround: generic sandwich https://github.com/nim-lang/Nim/issues/11225
- converting NimNode to typedesc: https://github.com/nim-lang/Nim/issues/6785
* Delete old sage code
* Install nim-serialization and nim-json-serialization in CI
* CI nimble install force yes
* Add Fp, Fp2, Fp6 support for BW6-761
* Add G1 for BW6-761
* Prepare to support G2 twists on the same field as G1
* Remove a useless dependent type for lines
* Implement G2 for BW6-761
* Fix Line leftover
* Reorg line functions to allow for Jacobian eval
* 2x faster Miller loop!!! with fused line eval double
* Support Line Double Fusion for D-Twists
* Implement fused line addition
* add Sage for constant time tonelli shanks
* Fused sqrt and invsqrt via Tonelli Shanks
* isolate sqrt in their own folder
* Implement constant-time Tonelli Shanks for any prime
* Implement Fp2 sqrt for any non-residue
* Add tests for BLS12_377
* Lattice decomposition script for BLS12_377 G1
* BLS12-377 G1 GLV ok, G2 GLV issue
* Proper endomorphism acceleration support for BLS12-377
* Add naive pairing support for BLS12-377
* Activate more bench for BLS12-377
* Fix MSB computation
* Optimize final exponentiation + add benches
* Implement optimized final exponentiation for BN254-Nogami
* And BN254 Snarks support
* Optimize D-Twist sparse Fp12 x line multiplication
* Move quadruple/octuple and add to Github issues: https://github.com/mratsim/constantine/issues/88 [skip ci]
* Pairing - initial commit
- line functions
- sparse Fp12 functions
* Small fixes:
- Line parametrized by twist for generic algorithm
- Add a conjugate operator for quadratic extensions
- Have frobenius use it
- Create an Affine coordinate type for elliptic curve
* Implement (failing) pairing test
* Stash pairing debug session, temp switch Fp12 over Fp4
* Proper naive pairing on BLS12-381
* Frobenius map
* Implement naive pairing for BN curves
* Add pairing tests to CI + reduce time spent on lower-level tests
* Test without assembler in Github Actions + less base layers test iterations
Mamy Ratsimbazafy