constantine/sage/curves.sage
Mamy Ratsimbazafy 244f58350c
Implement BW6-761 Endomorphism acceleration (#104)
* Implement BW6-761 GLV on G1 + Psi Untwist-Frobenius-Twist

* Fix frobenius constants for embedding degree != 12

* Fix test type/parsing issues

* Generalize frobenius map coefficient formula

* Fix Frobenius Psi generalization

* Don't confuse t and trace of frobenius + update scalarMul to use Frobenius on Fp Twist

* Fix ec_sage type definition

* fix decription [skip ci]

* update comment [skip ci]

* typo

* restore frobenius tests iterations
2020-10-13 23:58:35 +02:00

157 lines
3.9 KiB
Python

#!/usr/bin/sage
# vim: syntax=python
# vim: set ts=2 sw=2 et:
# Constantine
# Copyright (c) 2018-2019 Status Research & Development GmbH
# Copyright (c) 2020-Present Mamy André-Ratsimbazafy
# Licensed and distributed under either of
# * MIT license (license terms in the root directory or at http://opensource.org/licenses/MIT).
# * Apache v2 license (license terms in the root directory or at http://www.apache.org/licenses/LICENSE-2.0).
# at your option. This file may not be copied, modified, or distributed except according to those terms.
# ############################################################
#
# Curves configuration
#
# ############################################################
import inspect
# Accelerate arithmetic by accepting probabilistic proofs
from sage.structure.proof.all import arithmetic
arithmetic(False)
def derive_BN_field(x):
params = {
'param': x,
'modulus': 36*x^4 + 36*x^3 + 24*x^2 + 6*x + 1,
'order': 36*x^4 + 36*x^3 + 18*x^2 + 6*x + 1,
'trace': 6*x^2 + 1,
'family': 'BN'
}
return params
def derive_BLS12_field(x):
params = {
'param': x,
'modulus': (x - 1)^2 * (x^4 - x^2 + 1)//3 + x,
'order': x^4 - x^2 + 1,
'trace': x + 1,
'family': 'BLS12'
}
return params
def derive_BW6_compose_BLS12_field(x, cofactor_trace, cofactor_y):
# Brezing-Weng input
r = (x^6 - 2*x^5 + 2*x^3 + x + 1) // 3 # BLS12 modulus
# 6-th root of unity output + cofactors
t = x^5 - 3*x^4 + 3*x^3 - x + 3 + cofactor_trace*r
y = (x^5 - 3*x^4 + 3*x^3 - x + 3)//3 + cofactor_y*r
# Curve parameters
p = (t^2 + 3*y^2)/4
trace = p+1-r # (3*y+t)/2
params = {
'param': x,
'modulus': p,
'order': r,
'trace': trace,
'family': 'BW6'
}
return params
def copyright():
return inspect.cleandoc("""
# Constantine
# Copyright (c) 2018-2019 Status Research & Development GmbH
# Copyright (c) 2020-Present Mamy André-Ratsimbazafy
# Licensed and distributed under either of
# * MIT license (license terms in the root directory or at http://opensource.org/licenses/MIT).
# * Apache v2 license (license terms in the root directory or at http://www.apache.org/licenses/LICENSE-2.0).
# at your option. This file may not be copied, modified, or distributed except according to those terms.
""")
Curves = {
'BN254_Nogami': {
'field': derive_BN_field(-(2^62 + 2^55 + 1)),
'curve': {
'form': 'short_weierstrass',
'a': 0,
'b': 2
},
'tower': {
'embedding_degree': 12,
'twist_degree': 6,
'QNR_Fp': -1,
'SNR_Fp2': [1, 1],
'twist': 'D_Twist'
}
},
'BN254_Snarks': {
'field': derive_BN_field(Integer('0x44e992b44a6909f1')),
'curve': {
'form': 'short_weierstrass',
'a': 0,
'b': 3
},
'tower': {
'embedding_degree': 12,
'twist_degree': 6,
'QNR_Fp': -1,
'SNR_Fp2': [9, 1],
'twist': 'D_Twist'
}
},
'BLS12_377': {
'field': derive_BLS12_field(3 * 2^46 * (7 * 13 * 499) + 1),
'curve': {
'form': 'short_weierstrass',
'a': 0,
'b': 1
},
'tower': {
'embedding_degree': 12,
'twist_degree': 6,
'QNR_Fp': -5,
'SNR_Fp2': [0, 1],
'twist': 'D_Twist'
}
},
'BLS12_381': {
'field': derive_BLS12_field(-(2^63 + 2^62 + 2^60 + 2^57 + 2^48 + 2^16)),
'curve': {
'form': 'short_weierstrass',
'a': 0,
'b': 4
},
'tower': {
'embedding_degree': 12,
'twist_degree': 6,
'QNR_Fp': -1,
'SNR_Fp2': [1, 1],
'twist': 'M_Twist'
}
},
'BW6_761': {
'field': derive_BW6_compose_BLS12_field(
3 * 2^46 * (7 * 13 * 499) + 1,
cofactor_trace = 13,
cofactor_y = 9
),
'curve': {
'form': 'short_weierstrass',
'a': 0,
'b': -1
},
'tower': {
'embedding_degree': 6,
'twist_degree': 6,
'SNR_Fp': -4,
'twist': 'M_Twist'
}
}
}