logos-storage/constantine
1
0
Fork 0
mirror of https://github.com/logos-storage/constantine.git synced 2026-01-04 22:23:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

Rename NotOnTwist/OnTwist => subgroup G1 and G2

Browse Source
This commit is contained in:
Mamy Ratsimbazafy 2022-01-01 19:17:04 +01:00
parent 86a67013dd
commit c42e2a0251
No known key found for this signature in database
GPG Key ID: 6227262F49BE273A
104 changed files with 580 additions and 580 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
benchmarks/bench_ec_g1.nim
View File

@ -45,32 +45,32 @@ proc main() =
separator() separator()
staticFor i, 0, AvailableCurves.len: staticFor i, 0, AvailableCurves.len:
const curve = AvailableCurves[i] const curve = AvailableCurves[i]
addBench(ECP_ShortW_Prj[Fp[curve], NotOnTwist], Iters) addBench(ECP_ShortW_Prj[Fp[curve], G1], Iters)
addBench(ECP_ShortW_Jac[Fp[curve], NotOnTwist], Iters) addBench(ECP_ShortW_Jac[Fp[curve], G1], Iters)
mixedAddBench(ECP_ShortW_Prj[Fp[curve], NotOnTwist], Iters) mixedAddBench(ECP_ShortW_Prj[Fp[curve], G1], Iters)
mixedAddBench(ECP_ShortW_Jac[Fp[curve], NotOnTwist], Iters) mixedAddBench(ECP_ShortW_Jac[Fp[curve], G1], Iters)
doublingBench(ECP_ShortW_Prj[Fp[curve], NotOnTwist], Iters) doublingBench(ECP_ShortW_Prj[Fp[curve], G1], Iters)
doublingBench(ECP_ShortW_Jac[Fp[curve], NotOnTwist], Iters) doublingBench(ECP_ShortW_Jac[Fp[curve], G1], Iters)
separator() separator()
affFromProjBench(ECP_ShortW_Prj[Fp[curve], NotOnTwist], MulIters) affFromProjBench(ECP_ShortW_Prj[Fp[curve], G1], MulIters)
affFromJacBench(ECP_ShortW_Jac[Fp[curve], NotOnTwist], MulIters) affFromJacBench(ECP_ShortW_Jac[Fp[curve], G1], MulIters)
separator() separator()
scalarMulUnsafeDoubleAddBench(ECP_ShortW_Prj[Fp[curve], NotOnTwist], MulIters) scalarMulUnsafeDoubleAddBench(ECP_ShortW_Prj[Fp[curve], G1], MulIters)
scalarMulUnsafeDoubleAddBench(ECP_ShortW_Jac[Fp[curve], NotOnTwist], MulIters) scalarMulUnsafeDoubleAddBench(ECP_ShortW_Jac[Fp[curve], G1], MulIters)
separator() separator()
scalarMulGenericBench(ECP_ShortW_Prj[Fp[curve], NotOnTwist], window = 2, MulIters) scalarMulGenericBench(ECP_ShortW_Prj[Fp[curve], G1], window = 2, MulIters)
scalarMulGenericBench(ECP_ShortW_Prj[Fp[curve], NotOnTwist], window = 3, MulIters) scalarMulGenericBench(ECP_ShortW_Prj[Fp[curve], G1], window = 3, MulIters)
scalarMulGenericBench(ECP_ShortW_Prj[Fp[curve], NotOnTwist], window = 4, MulIters) scalarMulGenericBench(ECP_ShortW_Prj[Fp[curve], G1], window = 4, MulIters)
scalarMulGenericBench(ECP_ShortW_Prj[Fp[curve], NotOnTwist], window = 5, MulIters) scalarMulGenericBench(ECP_ShortW_Prj[Fp[curve], G1], window = 5, MulIters)
scalarMulGenericBench(ECP_ShortW_Jac[Fp[curve], NotOnTwist], window = 2, MulIters) scalarMulGenericBench(ECP_ShortW_Jac[Fp[curve], G1], window = 2, MulIters)
scalarMulGenericBench(ECP_ShortW_Jac[Fp[curve], NotOnTwist], window = 3, MulIters) scalarMulGenericBench(ECP_ShortW_Jac[Fp[curve], G1], window = 3, MulIters)
scalarMulGenericBench(ECP_ShortW_Jac[Fp[curve], NotOnTwist], window = 4, MulIters) scalarMulGenericBench(ECP_ShortW_Jac[Fp[curve], G1], window = 4, MulIters)
scalarMulGenericBench(ECP_ShortW_Jac[Fp[curve], NotOnTwist], window = 5, MulIters) scalarMulGenericBench(ECP_ShortW_Jac[Fp[curve], G1], window = 5, MulIters)
separator() separator()
scalarMulEndo(ECP_ShortW_Prj[Fp[curve], NotOnTwist], MulIters) scalarMulEndo(ECP_ShortW_Prj[Fp[curve], G1], MulIters)
scalarMulEndoWindow(ECP_ShortW_Prj[Fp[curve], NotOnTwist], MulIters) scalarMulEndoWindow(ECP_ShortW_Prj[Fp[curve], G1], MulIters)
scalarMulEndo(ECP_ShortW_Jac[Fp[curve], NotOnTwist], MulIters) scalarMulEndo(ECP_ShortW_Jac[Fp[curve], G1], MulIters)
scalarMulEndoWindow(ECP_ShortW_Jac[Fp[curve], NotOnTwist], MulIters) scalarMulEndoWindow(ECP_ShortW_Jac[Fp[curve], G1], MulIters)
separator() separator()
separator() separator()

40
benchmarks/bench_ec_g2.nim
View File

@ -46,30 +46,30 @@ proc main() =
separator() separator()
staticFor i, 0, AvailableCurves.len: staticFor i, 0, AvailableCurves.len:
const curve = AvailableCurves[i] const curve = AvailableCurves[i]
addBench(ECP_ShortW_Prj[Fp2[curve], OnTwist], Iters) addBench(ECP_ShortW_Prj[Fp2[curve], G2], Iters)
addBench(ECP_ShortW_Jac[Fp2[curve], OnTwist], Iters) addBench(ECP_ShortW_Jac[Fp2[curve], G2], Iters)
mixedAddBench(ECP_ShortW_Prj[Fp2[curve], OnTwist], Iters) mixedAddBench(ECP_ShortW_Prj[Fp2[curve], G2], Iters)
mixedAddBench(ECP_ShortW_Jac[Fp2[curve], OnTwist], Iters) mixedAddBench(ECP_ShortW_Jac[Fp2[curve], G2], Iters)
doublingBench(ECP_ShortW_Prj[Fp2[curve], OnTwist], Iters) doublingBench(ECP_ShortW_Prj[Fp2[curve], G2], Iters)
doublingBench(ECP_ShortW_Jac[Fp2[curve], OnTwist], Iters) doublingBench(ECP_ShortW_Jac[Fp2[curve], G2], Iters)
separator() separator()
affFromProjBench(ECP_ShortW_Prj[Fp2[curve], OnTwist], MulIters) affFromProjBench(ECP_ShortW_Prj[Fp2[curve], G2], MulIters)
affFromJacBench(ECP_ShortW_Jac[Fp2[curve], OnTwist], MulIters) affFromJacBench(ECP_ShortW_Jac[Fp2[curve], G2], MulIters)
separator() separator()
scalarMulUnsafeDoubleAddBench(ECP_ShortW_Prj[Fp2[curve], OnTwist], MulIters) scalarMulUnsafeDoubleAddBench(ECP_ShortW_Prj[Fp2[curve], G2], MulIters)
scalarMulUnsafeDoubleAddBench(ECP_ShortW_Jac[Fp2[curve], OnTwist], MulIters) scalarMulUnsafeDoubleAddBench(ECP_ShortW_Jac[Fp2[curve], G2], MulIters)
separator() separator()
scalarMulGenericBench(ECP_ShortW_Prj[Fp2[curve], OnTwist], window = 2, MulIters) scalarMulGenericBench(ECP_ShortW_Prj[Fp2[curve], G2], window = 2, MulIters)
scalarMulGenericBench(ECP_ShortW_Prj[Fp2[curve], OnTwist], window = 3, MulIters) scalarMulGenericBench(ECP_ShortW_Prj[Fp2[curve], G2], window = 3, MulIters)
scalarMulGenericBench(ECP_ShortW_Prj[Fp2[curve], OnTwist], window = 4, MulIters) scalarMulGenericBench(ECP_ShortW_Prj[Fp2[curve], G2], window = 4, MulIters)
scalarMulGenericBench(ECP_ShortW_Prj[Fp2[curve], OnTwist], window = 5, MulIters) scalarMulGenericBench(ECP_ShortW_Prj[Fp2[curve], G2], window = 5, MulIters)
scalarMulGenericBench(ECP_ShortW_Jac[Fp2[curve], OnTwist], window = 2, MulIters) scalarMulGenericBench(ECP_ShortW_Jac[Fp2[curve], G2], window = 2, MulIters)
scalarMulGenericBench(ECP_ShortW_Jac[Fp2[curve], OnTwist], window = 3, MulIters) scalarMulGenericBench(ECP_ShortW_Jac[Fp2[curve], G2], window = 3, MulIters)
scalarMulGenericBench(ECP_ShortW_Jac[Fp2[curve], OnTwist], window = 4, MulIters) scalarMulGenericBench(ECP_ShortW_Jac[Fp2[curve], G2], window = 4, MulIters)
scalarMulGenericBench(ECP_ShortW_Jac[Fp2[curve], OnTwist], window = 5, MulIters) scalarMulGenericBench(ECP_ShortW_Jac[Fp2[curve], G2], window = 5, MulIters)
separator() separator()
scalarMulEndo(ECP_ShortW_Prj[Fp2[curve], OnTwist], MulIters) scalarMulEndo(ECP_ShortW_Prj[Fp2[curve], G2], MulIters)
scalarMulEndo(ECP_ShortW_Jac[Fp2[curve], OnTwist], MulIters) scalarMulEndo(ECP_ShortW_Jac[Fp2[curve], G2], MulIters)
separator() separator()
separator() separator()

6
benchmarks/bench_elliptic_template.nim
View File

@ -67,7 +67,7 @@ proc mixedAddBench*(T: typedesc, iters: int) =
var r {.noInit.}: T var r {.noInit.}: T
let P = rng.random_unsafe(T) let P = rng.random_unsafe(T)
let Q = rng.random_unsafe(T) let Q = rng.random_unsafe(T)
var Qaff: ECP_ShortW_Aff[T.F, T.Tw] var Qaff: ECP_ShortW_Aff[T.F, T.G]
when Q is ECP_ShortW_Prj: when Q is ECP_ShortW_Prj:
Qaff.affineFromProjective(Q) Qaff.affineFromProjective(Q)
else: else:
@ -84,14 +84,14 @@ proc doublingBench*(T: typedesc, iters: int) =
proc affFromProjBench*(T: typedesc, iters: int) = proc affFromProjBench*(T: typedesc, iters: int) =
const G1_or_G2 = when T.F is Fp: "G1" else: "G2" const G1_or_G2 = when T.F is Fp: "G1" else: "G2"
var r {.noInit.}: ECP_ShortW_Aff[T.F, T.Tw] var r {.noInit.}: ECP_ShortW_Aff[T.F, T.G]
let P = rng.random_unsafe(T) let P = rng.random_unsafe(T)
bench("EC Projective to Affine " & G1_or_G2, T, iters): bench("EC Projective to Affine " & G1_or_G2, T, iters):
r.affineFromProjective(P) r.affineFromProjective(P)
proc affFromJacBench*(T: typedesc, iters: int) = proc affFromJacBench*(T: typedesc, iters: int) =
const G1_or_G2 = when T.F is Fp: "G1" else: "G2" const G1_or_G2 = when T.F is Fp: "G1" else: "G2"
var r {.noInit.}: ECP_ShortW_Aff[T.F, T.Tw] var r {.noInit.}: ECP_ShortW_Aff[T.F, T.G]
let P = rng.random_unsafe(T) let P = rng.random_unsafe(T)
bench("EC Jacobian to Affine " & G1_or_G2, T, iters): bench("EC Jacobian to Affine " & G1_or_G2, T, iters):
r.affineFromJacobian(P) r.affineFromJacobian(P)

6
benchmarks/bench_hash_to_curve.nim
View File

@ -37,7 +37,7 @@ proc bench_BLS12_381_hash_to_G2(iters: int) =
const dst = "BLS_SIG_BLS12381G2-SHA256-SSWU-RO_POP_" const dst = "BLS_SIG_BLS12381G2-SHA256-SSWU-RO_POP_"
let msg = "Mr F was here" let msg = "Mr F was here"
var P: ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist] var P: ECP_ShortW_Prj[Fp2[BLS12_381], G2]
bench("Hash to G2 (Draft #11)", BLS12_381, iters): bench("Hash to G2 (Draft #11)", BLS12_381, iters):
sha256.hashToCurve( sha256.hashToCurve(
@ -52,8 +52,8 @@ proc bench_BLS12_381_proj_aff_conversion(iters: int) =
const dst = "BLS_SIG_BLS12381G2-SHA256-SSWU-RO_POP_" const dst = "BLS_SIG_BLS12381G2-SHA256-SSWU-RO_POP_"
let msg = "Mr F was here" let msg = "Mr F was here"
var P: ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist] var P: ECP_ShortW_Prj[Fp2[BLS12_381], G2]
var Paff: ECP_ShortW_Aff[Fp2[BLS12_381], OnTwist] var Paff: ECP_ShortW_Aff[Fp2[BLS12_381], G2]
sha256.hashToCurve( sha256.hashToCurve(
k = 128, k = 128,

76
benchmarks/bench_pairing_template.nim
View File

@ -48,10 +48,10 @@ template bench(op: string, C: static Curve, iters: int, body: untyped): untyped
measure(iters, startTime, stopTime, startClk, stopClk, body) measure(iters, startTime, stopTime, startClk, stopClk, body)
report(op, $C, startTime, stopTime, startClk, stopClk, iters) report(op, $C, startTime, stopTime, startClk, stopClk, iters)
func clearCofactorReference[F; Tw: static Twisted]( func clearCofactorReference[F; G: static Subgroup](
ec: var ECP_ShortW_Aff[F, Tw]) = ec: var ECP_ShortW_Aff[F, G]) =
# For now we don't have any affine operation defined # For now we don't have any affine operation defined
var t {.noInit.}: ECP_ShortW_Prj[F, Tw] var t {.noInit.}: ECP_ShortW_Prj[F, G]
t.projectiveFromAffine(ec) t.projectiveFromAffine(ec)
t.clearCofactorReference() t.clearCofactorReference()
ec.affineFromProjective(t) ec.affineFromProjective(t)
@ -62,24 +62,24 @@ func random_point*(rng: var RngState, EC: typedesc): EC {.noInit.} =
proc lineDoubleBench*(C: static Curve, iters: int) = proc lineDoubleBench*(C: static Curve, iters: int) =
var line: Line[Fp2[C]] var line: Line[Fp2[C]]
var T = rng.random_point(ECP_ShortW_Prj[Fp2[C], OnTwist]) var T = rng.random_point(ECP_ShortW_Prj[Fp2[C], G2])
let P = rng.random_point(ECP_ShortW_Aff[Fp[C], NotOnTwist]) let P = rng.random_point(ECP_ShortW_Aff[Fp[C], G1])
bench("Line double", C, iters): bench("Line double", C, iters):
line.line_double(T, P) line.line_double(T, P)
proc lineAddBench*(C: static Curve, iters: int) = proc lineAddBench*(C: static Curve, iters: int) =
var line: Line[Fp2[C]] var line: Line[Fp2[C]]
var T = rng.random_point(ECP_ShortW_Prj[Fp2[C], OnTwist]) var T = rng.random_point(ECP_ShortW_Prj[Fp2[C], G2])
let let
P = rng.random_point(ECP_ShortW_Aff[Fp[C], NotOnTwist]) P = rng.random_point(ECP_ShortW_Aff[Fp[C], G1])
Q = rng.random_point(ECP_ShortW_Aff[Fp2[C], OnTwist]) Q = rng.random_point(ECP_ShortW_Aff[Fp2[C], G2])
bench("Line add", C, iters): bench("Line add", C, iters):
line.line_add(T, Q, P) line.line_add(T, Q, P)
proc mulFp12byLine_xyz000_Bench*(C: static Curve, iters: int) = proc mulFp12byLine_xyz000_Bench*(C: static Curve, iters: int) =
var line: Line[Fp2[C]] var line: Line[Fp2[C]]
var T = rng.random_point(ECP_ShortW_Prj[Fp2[C], OnTwist]) var T = rng.random_point(ECP_ShortW_Prj[Fp2[C], G2])
let P = rng.random_point(ECP_ShortW_Aff[Fp[C], NotOnTwist]) let P = rng.random_point(ECP_ShortW_Aff[Fp[C], G1])
line.line_double(T, P) line.line_double(T, P)
var f = rng.random_unsafe(Fp12[C]) var f = rng.random_unsafe(Fp12[C])
@ -88,8 +88,8 @@ proc mulFp12byLine_xyz000_Bench*(C: static Curve, iters: int) =
proc mulFp12byLine_xy000z_Bench*(C: static Curve, iters: int) = proc mulFp12byLine_xy000z_Bench*(C: static Curve, iters: int) =
var line: Line[Fp2[C]] var line: Line[Fp2[C]]
var T = rng.random_point(ECP_ShortW_Prj[Fp2[C], OnTwist]) var T = rng.random_point(ECP_ShortW_Prj[Fp2[C], G2])
let P = rng.random_point(ECP_ShortW_Aff[Fp[C], NotOnTwist]) let P = rng.random_point(ECP_ShortW_Aff[Fp[C], G1])
line.line_double(T, P) line.line_double(T, P)
var f = rng.random_unsafe(Fp12[C]) var f = rng.random_unsafe(Fp12[C])
@ -98,8 +98,8 @@ proc mulFp12byLine_xy000z_Bench*(C: static Curve, iters: int) =
proc mulLinebyLine_xyz000_Bench*(C: static Curve, iters: int) = proc mulLinebyLine_xyz000_Bench*(C: static Curve, iters: int) =
var l0, l1: Line[Fp2[C]] var l0, l1: Line[Fp2[C]]
var T = rng.random_point(ECP_ShortW_Prj[Fp2[C], OnTwist]) var T = rng.random_point(ECP_ShortW_Prj[Fp2[C], G2])
let P = rng.random_point(ECP_ShortW_Aff[Fp[C], NotOnTwist]) let P = rng.random_point(ECP_ShortW_Aff[Fp[C], G1])
l0.line_double(T, P) l0.line_double(T, P)
l1.line_double(T, P) l1.line_double(T, P)
var f = rng.random_unsafe(Fp12[C]) var f = rng.random_unsafe(Fp12[C])
@ -109,8 +109,8 @@ proc mulLinebyLine_xyz000_Bench*(C: static Curve, iters: int) =
proc mulLinebyLine_xy000z_Bench*(C: static Curve, iters: int) = proc mulLinebyLine_xy000z_Bench*(C: static Curve, iters: int) =
var l0, l1: Line[Fp2[C]] var l0, l1: Line[Fp2[C]]
var T = rng.random_point(ECP_ShortW_Prj[Fp2[C], OnTwist]) var T = rng.random_point(ECP_ShortW_Prj[Fp2[C], G2])
let P = rng.random_point(ECP_ShortW_Aff[Fp[C], NotOnTwist]) let P = rng.random_point(ECP_ShortW_Aff[Fp[C], G1])
l0.line_double(T, P) l0.line_double(T, P)
l1.line_double(T, P) l1.line_double(T, P)
var f = rng.random_unsafe(Fp12[C]) var f = rng.random_unsafe(Fp12[C])
@ -134,8 +134,8 @@ proc mulFp12by_abcd00efghij_Bench*(C: static Curve, iters: int) =
proc mulFp12_by_2lines_v1_xyz000_Bench*(C: static Curve, iters: int) = proc mulFp12_by_2lines_v1_xyz000_Bench*(C: static Curve, iters: int) =
var l0, l1: Line[Fp2[C]] var l0, l1: Line[Fp2[C]]
var T = rng.random_point(ECP_ShortW_Prj[Fp2[C], OnTwist]) var T = rng.random_point(ECP_ShortW_Prj[Fp2[C], G2])
let P = rng.random_point(ECP_ShortW_Aff[Fp[C], NotOnTwist]) let P = rng.random_point(ECP_ShortW_Aff[Fp[C], G1])
l0.line_double(T, P) l0.line_double(T, P)
l1.line_double(T, P) l1.line_double(T, P)
var f = rng.random_unsafe(Fp12[C]) var f = rng.random_unsafe(Fp12[C])
@ -146,8 +146,8 @@ proc mulFp12_by_2lines_v1_xyz000_Bench*(C: static Curve, iters: int) =
proc mulFp12_by_2lines_v2_xyz000_Bench*(C: static Curve, iters: int) = proc mulFp12_by_2lines_v2_xyz000_Bench*(C: static Curve, iters: int) =
var l0, l1: Line[Fp2[C]] var l0, l1: Line[Fp2[C]]
var T = rng.random_point(ECP_ShortW_Prj[Fp2[C], OnTwist]) var T = rng.random_point(ECP_ShortW_Prj[Fp2[C], G2])
let P = rng.random_point(ECP_ShortW_Aff[Fp[C], NotOnTwist]) let P = rng.random_point(ECP_ShortW_Aff[Fp[C], G1])
l0.line_double(T, P) l0.line_double(T, P)
l1.line_double(T, P) l1.line_double(T, P)
var f = rng.random_unsafe(Fp12[C]) var f = rng.random_unsafe(Fp12[C])
@ -159,8 +159,8 @@ proc mulFp12_by_2lines_v2_xyz000_Bench*(C: static Curve, iters: int) =
proc mulFp12_by_2lines_v1_xy000z_Bench*(C: static Curve, iters: int) = proc mulFp12_by_2lines_v1_xy000z_Bench*(C: static Curve, iters: int) =
var l0, l1: Line[Fp2[C]] var l0, l1: Line[Fp2[C]]
var T = rng.random_point(ECP_ShortW_Prj[Fp2[C], OnTwist]) var T = rng.random_point(ECP_ShortW_Prj[Fp2[C], G2])
let P = rng.random_point(ECP_ShortW_Aff[Fp[C], NotOnTwist]) let P = rng.random_point(ECP_ShortW_Aff[Fp[C], G1])
l0.line_double(T, P) l0.line_double(T, P)
l1.line_double(T, P) l1.line_double(T, P)
var f = rng.random_unsafe(Fp12[C]) var f = rng.random_unsafe(Fp12[C])
@ -171,8 +171,8 @@ proc mulFp12_by_2lines_v1_xy000z_Bench*(C: static Curve, iters: int) =
proc mulFp12_by_2lines_v2_xy000z_Bench*(C: static Curve, iters: int) = proc mulFp12_by_2lines_v2_xy000z_Bench*(C: static Curve, iters: int) =
var l0, l1: Line[Fp2[C]] var l0, l1: Line[Fp2[C]]
var T = rng.random_point(ECP_ShortW_Prj[Fp2[C], OnTwist]) var T = rng.random_point(ECP_ShortW_Prj[Fp2[C], G2])
let P = rng.random_point(ECP_ShortW_Aff[Fp[C], NotOnTwist]) let P = rng.random_point(ECP_ShortW_Aff[Fp[C], G1])
l0.line_double(T, P) l0.line_double(T, P)
l1.line_double(T, P) l1.line_double(T, P)
var f = rng.random_unsafe(Fp12[C]) var f = rng.random_unsafe(Fp12[C])
@ -184,8 +184,8 @@ proc mulFp12_by_2lines_v2_xy000z_Bench*(C: static Curve, iters: int) =
proc millerLoopBLS12Bench*(C: static Curve, iters: int) = proc millerLoopBLS12Bench*(C: static Curve, iters: int) =
let let
P = rng.random_point(ECP_ShortW_Aff[Fp[C], NotOnTwist]) P = rng.random_point(ECP_ShortW_Aff[Fp[C], G1])
Q = rng.random_point(ECP_ShortW_Aff[Fp2[C], OnTwist]) Q = rng.random_point(ECP_ShortW_Aff[Fp2[C], G2])
var f: Fp12[C] var f: Fp12[C]
bench("Miller Loop BLS12", C, iters): bench("Miller Loop BLS12", C, iters):
@ -193,8 +193,8 @@ proc millerLoopBLS12Bench*(C: static Curve, iters: int) =
proc millerLoopBNBench*(C: static Curve, iters: int) = proc millerLoopBNBench*(C: static Curve, iters: int) =
let let
P = rng.random_point(ECP_ShortW_Aff[Fp[C], NotOnTwist]) P = rng.random_point(ECP_ShortW_Aff[Fp[C], G1])
Q = rng.random_point(ECP_ShortW_Aff[Fp2[C], OnTwist]) Q = rng.random_point(ECP_ShortW_Aff[Fp2[C], G2])
var f: Fp12[C] var f: Fp12[C]
bench("Miller Loop BN", C, iters): bench("Miller Loop BN", C, iters):
@ -231,8 +231,8 @@ proc finalExpBNBench*(C: static Curve, iters: int) =
proc pairingBLS12Bench*(C: static Curve, iters: int) = proc pairingBLS12Bench*(C: static Curve, iters: int) =
let let
P = rng.random_point(ECP_ShortW_Aff[Fp[C], NotOnTwist]) P = rng.random_point(ECP_ShortW_Aff[Fp[C], G1])
Q = rng.random_point(ECP_ShortW_Aff[Fp2[C], OnTwist]) Q = rng.random_point(ECP_ShortW_Aff[Fp2[C], G2])
var f: Fp12[C] var f: Fp12[C]
bench("Pairing BLS12", C, iters): bench("Pairing BLS12", C, iters):
@ -240,12 +240,12 @@ proc pairingBLS12Bench*(C: static Curve, iters: int) =
proc pairing_multisingle_BLS12Bench*(C: static Curve, N: static int, iters: int) = proc pairing_multisingle_BLS12Bench*(C: static Curve, N: static int, iters: int) =
let let
P = rng.random_point(ECP_ShortW_Aff[Fp[C], NotOnTwist]) P = rng.random_point(ECP_ShortW_Aff[Fp[C], G1])
Q = rng.random_point(ECP_ShortW_Aff[Fp2[C], OnTwist]) Q = rng.random_point(ECP_ShortW_Aff[Fp2[C], G2])
var var
Ps {.noInit.}: array[N, ECP_ShortW_Aff[Fp[C], NotOnTwist]] Ps {.noInit.}: array[N, ECP_ShortW_Aff[Fp[C], G1]]
Qs {.noInit.}: array[N, ECP_ShortW_Aff[Fp2[C], OnTwist]] Qs {.noInit.}: array[N, ECP_ShortW_Aff[Fp2[C], G2]]
GTs {.noInit.}: array[N, Fp12[C]] GTs {.noInit.}: array[N, Fp12[C]]
@ -264,8 +264,8 @@ proc pairing_multisingle_BLS12Bench*(C: static Curve, N: static int, iters: int)
proc pairing_multipairing_BLS12Bench*(C: static Curve, N: static int, iters: int) = proc pairing_multipairing_BLS12Bench*(C: static Curve, N: static int, iters: int) =
var var
Ps {.noInit.}: array[N, ECP_ShortW_Aff[Fp[C], NotOnTwist]] Ps {.noInit.}: array[N, ECP_ShortW_Aff[Fp[C], G1]]
Qs {.noInit.}: array[N, ECP_ShortW_Aff[Fp2[C], OnTwist]] Qs {.noInit.}: array[N, ECP_ShortW_Aff[Fp2[C], G2]]
for i in 0 ..< N: for i in 0 ..< N:
Ps[i] = rng.random_unsafe(typeof(Ps[0])) Ps[i] = rng.random_unsafe(typeof(Ps[0]))
@ -277,8 +277,8 @@ proc pairing_multipairing_BLS12Bench*(C: static Curve, N: static int, iters: int
proc pairingBNBench*(C: static Curve, iters: int) = proc pairingBNBench*(C: static Curve, iters: int) =
let let
P = rng.random_point(ECP_ShortW_Aff[Fp[C], NotOnTwist]) P = rng.random_point(ECP_ShortW_Aff[Fp[C], G1])
Q = rng.random_point(ECP_ShortW_Aff[Fp2[C], OnTwist]) Q = rng.random_point(ECP_ShortW_Aff[Fp2[C], G2])
var f: Fp12[C] var f: Fp12[C]
bench("Pairing BN", C, iters): bench("Pairing BN", C, iters):

32
benchmarks/bench_summary_bls12_377.nim
View File

@ -49,25 +49,25 @@ proc main() =
invBench(Fp2[curve], Iters) invBench(Fp2[curve], Iters)
sqrtBench(Fp2[curve], Iters) sqrtBench(Fp2[curve], Iters)
separator() separator()
addBench(ECP_ShortW_Prj[Fp[curve], NotOnTwist], Iters) addBench(ECP_ShortW_Prj[Fp[curve], G1], Iters)
mixedAddBench(ECP_ShortW_Prj[Fp[curve], NotOnTwist], Iters) mixedAddBench(ECP_ShortW_Prj[Fp[curve], G1], Iters)
doublingBench(ECP_ShortW_Prj[Fp[curve], NotOnTwist], Iters) doublingBench(ECP_ShortW_Prj[Fp[curve], G1], Iters)
scalarMulBench(ECP_ShortW_Prj[Fp[curve], NotOnTwist], Iters) scalarMulBench(ECP_ShortW_Prj[Fp[curve], G1], Iters)
separator() separator()
addBench(ECP_ShortW_Jac[Fp[curve], NotOnTwist], Iters) addBench(ECP_ShortW_Jac[Fp[curve], G1], Iters)
mixedAddBench(ECP_ShortW_Jac[Fp[curve], NotOnTwist], Iters) mixedAddBench(ECP_ShortW_Jac[Fp[curve], G1], Iters)
doublingBench(ECP_ShortW_Jac[Fp[curve], NotOnTwist], Iters) doublingBench(ECP_ShortW_Jac[Fp[curve], G1], Iters)
scalarMulBench(ECP_ShortW_Jac[Fp[curve], NotOnTwist], Iters) scalarMulBench(ECP_ShortW_Jac[Fp[curve], G1], Iters)
separator() separator()
addBench(ECP_ShortW_Prj[Fp2[curve], OnTwist], Iters) addBench(ECP_ShortW_Prj[Fp2[curve], G2], Iters)
mixedAddBench(ECP_ShortW_Prj[Fp2[curve], OnTwist], Iters) mixedAddBench(ECP_ShortW_Prj[Fp2[curve], G2], Iters)
doublingBench(ECP_ShortW_Prj[Fp2[curve], OnTwist], Iters) doublingBench(ECP_ShortW_Prj[Fp2[curve], G2], Iters)
scalarMulBench(ECP_ShortW_Prj[Fp2[curve], OnTwist], Iters) scalarMulBench(ECP_ShortW_Prj[Fp2[curve], G2], Iters)
separator() separator()
addBench(ECP_ShortW_Jac[Fp2[curve], OnTwist], Iters) addBench(ECP_ShortW_Jac[Fp2[curve], G2], Iters)
mixedAddBench(ECP_ShortW_Jac[Fp2[curve], OnTwist], Iters) mixedAddBench(ECP_ShortW_Jac[Fp2[curve], G2], Iters)
doublingBench(ECP_ShortW_Jac[Fp2[curve], OnTwist], Iters) doublingBench(ECP_ShortW_Jac[Fp2[curve], G2], Iters)
scalarMulBench(ECP_ShortW_Jac[Fp2[curve], OnTwist], Iters) scalarMulBench(ECP_ShortW_Jac[Fp2[curve], G2], Iters)
separator() separator()
mulBench(Fp12[curve], Iters) mulBench(Fp12[curve], Iters)
sqrBench(Fp12[curve], Iters) sqrBench(Fp12[curve], Iters)

32
benchmarks/bench_summary_bls12_381.nim
View File

@ -49,25 +49,25 @@ proc main() =
invBench(Fp2[curve], Iters) invBench(Fp2[curve], Iters)
sqrtBench(Fp2[curve], Iters) sqrtBench(Fp2[curve], Iters)
separator() separator()
addBench(ECP_ShortW_Prj[Fp[curve], NotOnTwist], Iters) addBench(ECP_ShortW_Prj[Fp[curve], G1], Iters)
mixedAddBench(ECP_ShortW_Prj[Fp[curve], NotOnTwist], Iters) mixedAddBench(ECP_ShortW_Prj[Fp[curve], G1], Iters)
doublingBench(ECP_ShortW_Prj[Fp[curve], NotOnTwist], Iters) doublingBench(ECP_ShortW_Prj[Fp[curve], G1], Iters)
scalarMulBench(ECP_ShortW_Prj[Fp[curve], NotOnTwist], Iters) scalarMulBench(ECP_ShortW_Prj[Fp[curve], G1], Iters)
separator() separator()
addBench(ECP_ShortW_Jac[Fp[curve], NotOnTwist], Iters) addBench(ECP_ShortW_Jac[Fp[curve], G1], Iters)
mixedAddBench(ECP_ShortW_Jac[Fp[curve], NotOnTwist], Iters) mixedAddBench(ECP_ShortW_Jac[Fp[curve], G1], Iters)
doublingBench(ECP_ShortW_Jac[Fp[curve], NotOnTwist], Iters) doublingBench(ECP_ShortW_Jac[Fp[curve], G1], Iters)
scalarMulBench(ECP_ShortW_Jac[Fp[curve], NotOnTwist], Iters) scalarMulBench(ECP_ShortW_Jac[Fp[curve], G1], Iters)
separator() separator()
addBench(ECP_ShortW_Prj[Fp2[curve], OnTwist], Iters) addBench(ECP_ShortW_Prj[Fp2[curve], G2], Iters)
mixedAddBench(ECP_ShortW_Prj[Fp2[curve], OnTwist], Iters) mixedAddBench(ECP_ShortW_Prj[Fp2[curve], G2], Iters)
doublingBench(ECP_ShortW_Prj[Fp2[curve], OnTwist], Iters) doublingBench(ECP_ShortW_Prj[Fp2[curve], G2], Iters)
scalarMulBench(ECP_ShortW_Prj[Fp2[curve], OnTwist], Iters) scalarMulBench(ECP_ShortW_Prj[Fp2[curve], G2], Iters)
separator() separator()
addBench(ECP_ShortW_Jac[Fp2[curve], OnTwist], Iters) addBench(ECP_ShortW_Jac[Fp2[curve], G2], Iters)
mixedAddBench(ECP_ShortW_Jac[Fp2[curve], OnTwist], Iters) mixedAddBench(ECP_ShortW_Jac[Fp2[curve], G2], Iters)
doublingBench(ECP_ShortW_Jac[Fp2[curve], OnTwist], Iters) doublingBench(ECP_ShortW_Jac[Fp2[curve], G2], Iters)
scalarMulBench(ECP_ShortW_Jac[Fp2[curve], OnTwist], Iters) scalarMulBench(ECP_ShortW_Jac[Fp2[curve], G2], Iters)
separator() separator()
mulBench(Fp12[curve], Iters) mulBench(Fp12[curve], Iters)
sqrBench(Fp12[curve], Iters) sqrBench(Fp12[curve], Iters)

32
benchmarks/bench_summary_bn254_nogami.nim
View File

@ -49,25 +49,25 @@ proc main() =
invBench(Fp2[curve], Iters) invBench(Fp2[curve], Iters)
sqrtBench(Fp2[curve], Iters) sqrtBench(Fp2[curve], Iters)
separator() separator()
addBench(ECP_ShortW_Prj[Fp[curve], NotOnTwist], Iters) addBench(ECP_ShortW_Prj[Fp[curve], G1], Iters)
mixedAddBench(ECP_ShortW_Prj[Fp[curve], NotOnTwist], Iters) mixedAddBench(ECP_ShortW_Prj[Fp[curve], G1], Iters)
doublingBench(ECP_ShortW_Prj[Fp[curve], NotOnTwist], Iters) doublingBench(ECP_ShortW_Prj[Fp[curve], G1], Iters)
scalarMulBench(ECP_ShortW_Prj[Fp[curve], NotOnTwist], Iters) scalarMulBench(ECP_ShortW_Prj[Fp[curve], G1], Iters)
separator() separator()
addBench(ECP_ShortW_Jac[Fp[curve], NotOnTwist], Iters) addBench(ECP_ShortW_Jac[Fp[curve], G1], Iters)
mixedAddBench(ECP_ShortW_Jac[Fp[curve], NotOnTwist], Iters) mixedAddBench(ECP_ShortW_Jac[Fp[curve], G1], Iters)
doublingBench(ECP_ShortW_Jac[Fp[curve], NotOnTwist], Iters) doublingBench(ECP_ShortW_Jac[Fp[curve], G1], Iters)
scalarMulBench(ECP_ShortW_Jac[Fp[curve], NotOnTwist], Iters) scalarMulBench(ECP_ShortW_Jac[Fp[curve], G1], Iters)
separator() separator()
addBench(ECP_ShortW_Prj[Fp2[curve], OnTwist], Iters) addBench(ECP_ShortW_Prj[Fp2[curve], G2], Iters)
mixedAddBench(ECP_ShortW_Prj[Fp2[curve], OnTwist], Iters) mixedAddBench(ECP_ShortW_Prj[Fp2[curve], G2], Iters)
doublingBench(ECP_ShortW_Prj[Fp2[curve], OnTwist], Iters) doublingBench(ECP_ShortW_Prj[Fp2[curve], G2], Iters)
scalarMulBench(ECP_ShortW_Prj[Fp2[curve], OnTwist], Iters) scalarMulBench(ECP_ShortW_Prj[Fp2[curve], G2], Iters)
separator() separator()
addBench(ECP_ShortW_Jac[Fp2[curve], OnTwist], Iters) addBench(ECP_ShortW_Jac[Fp2[curve], G2], Iters)
mixedAddBench(ECP_ShortW_Jac[Fp2[curve], OnTwist], Iters) mixedAddBench(ECP_ShortW_Jac[Fp2[curve], G2], Iters)
doublingBench(ECP_ShortW_Jac[Fp2[curve], OnTwist], Iters) doublingBench(ECP_ShortW_Jac[Fp2[curve], G2], Iters)
scalarMulBench(ECP_ShortW_Jac[Fp2[curve], OnTwist], Iters) scalarMulBench(ECP_ShortW_Jac[Fp2[curve], G2], Iters)
separator() separator()
mulBench(Fp12[curve], Iters) mulBench(Fp12[curve], Iters)
sqrBench(Fp12[curve], Iters) sqrBench(Fp12[curve], Iters)

32
benchmarks/bench_summary_bn254_snarks.nim
View File

@ -49,25 +49,25 @@ proc main() =
invBench(Fp2[curve], Iters) invBench(Fp2[curve], Iters)
sqrtBench(Fp2[curve], Iters) sqrtBench(Fp2[curve], Iters)
separator() separator()
addBench(ECP_ShortW_Prj[Fp[curve], NotOnTwist], Iters) addBench(ECP_ShortW_Prj[Fp[curve], G1], Iters)
mixedAddBench(ECP_ShortW_Prj[Fp[curve], NotOnTwist], Iters) mixedAddBench(ECP_ShortW_Prj[Fp[curve], G1], Iters)
doublingBench(ECP_ShortW_Prj[Fp[curve], NotOnTwist], Iters) doublingBench(ECP_ShortW_Prj[Fp[curve], G1], Iters)
scalarMulBench(ECP_ShortW_Prj[Fp[curve], NotOnTwist], Iters) scalarMulBench(ECP_ShortW_Prj[Fp[curve], G1], Iters)
separator() separator()
addBench(ECP_ShortW_Jac[Fp[curve], NotOnTwist], Iters) addBench(ECP_ShortW_Jac[Fp[curve], G1], Iters)
mixedAddBench(ECP_ShortW_Jac[Fp[curve], NotOnTwist], Iters) mixedAddBench(ECP_ShortW_Jac[Fp[curve], G1], Iters)
doublingBench(ECP_ShortW_Jac[Fp[curve], NotOnTwist], Iters) doublingBench(ECP_ShortW_Jac[Fp[curve], G1], Iters)
scalarMulBench(ECP_ShortW_Jac[Fp[curve], NotOnTwist], Iters) scalarMulBench(ECP_ShortW_Jac[Fp[curve], G1], Iters)
separator() separator()
addBench(ECP_ShortW_Prj[Fp2[curve], OnTwist], Iters) addBench(ECP_ShortW_Prj[Fp2[curve], G2], Iters)
mixedAddBench(ECP_ShortW_Prj[Fp2[curve], OnTwist], Iters) mixedAddBench(ECP_ShortW_Prj[Fp2[curve], G2], Iters)
doublingBench(ECP_ShortW_Prj[Fp2[curve], OnTwist], Iters) doublingBench(ECP_ShortW_Prj[Fp2[curve], G2], Iters)
scalarMulBench(ECP_ShortW_Prj[Fp2[curve], OnTwist], Iters) scalarMulBench(ECP_ShortW_Prj[Fp2[curve], G2], Iters)
separator() separator()
addBench(ECP_ShortW_Jac[Fp2[curve], OnTwist], Iters) addBench(ECP_ShortW_Jac[Fp2[curve], G2], Iters)
mixedAddBench(ECP_ShortW_Jac[Fp2[curve], OnTwist], Iters) mixedAddBench(ECP_ShortW_Jac[Fp2[curve], G2], Iters)
doublingBench(ECP_ShortW_Jac[Fp2[curve], OnTwist], Iters) doublingBench(ECP_ShortW_Jac[Fp2[curve], G2], Iters)
scalarMulBench(ECP_ShortW_Jac[Fp2[curve], OnTwist], Iters) scalarMulBench(ECP_ShortW_Jac[Fp2[curve], G2], Iters)
separator() separator()
mulBench(Fp12[curve], Iters) mulBench(Fp12[curve], Iters)
sqrBench(Fp12[curve], Iters) sqrBench(Fp12[curve], Iters)

26
benchmarks/bench_summary_template.nim
View File

@ -81,10 +81,10 @@ template bench(op: string, T: typed, iters: int, body: untyped): untyped =
measure(iters, startTime, stopTime, startClk, stopClk, body) measure(iters, startTime, stopTime, startClk, stopClk, body)
report(op, fixDisplay(T), startTime, stopTime, startClk, stopClk, iters) report(op, fixDisplay(T), startTime, stopTime, startClk, stopClk, iters)
func clearCofactorReference[F; Tw: static Twisted]( func clearCofactorReference[F; G: static Subgroup](
ec: var ECP_ShortW_Aff[F, Tw]) = ec: var ECP_ShortW_Aff[F, G]) =
# For now we don't have any affine operation defined # For now we don't have any affine operation defined
var t {.noInit.}: ECP_ShortW_Prj[F, Tw] var t {.noInit.}: ECP_ShortW_Prj[F, G]
t.projectiveFromAffine(ec) t.projectiveFromAffine(ec)
t.clearCofactorReference() t.clearCofactorReference()
ec.affineFromProjective(t) ec.affineFromProjective(t)
@ -134,7 +134,7 @@ proc mixedAddBench*(T: typedesc, iters: int) =
var r {.noInit.}: T var r {.noInit.}: T
let P = rng.random_unsafe(T) let P = rng.random_unsafe(T)
let Q = rng.random_unsafe(T) let Q = rng.random_unsafe(T)
var Qaff: ECP_ShortW_Aff[T.F, T.Tw] var Qaff: ECP_ShortW_Aff[T.F, T.G]
when Q is ECP_ShortW_Prj: when Q is ECP_ShortW_Prj:
Qaff.affineFromProjective(Q) Qaff.affineFromProjective(Q)
else: else:
@ -166,8 +166,8 @@ proc scalarMulBench*(T: typedesc, iters: int) =
proc millerLoopBLS12Bench*(C: static Curve, iters: int) = proc millerLoopBLS12Bench*(C: static Curve, iters: int) =
let let
P = rng.random_point(ECP_ShortW_Aff[Fp[C], NotOnTwist]) P = rng.random_point(ECP_ShortW_Aff[Fp[C], G1])
Q = rng.random_point(ECP_ShortW_Aff[Fp2[C], OnTwist]) Q = rng.random_point(ECP_ShortW_Aff[Fp2[C], G2])
var f: Fp12[C] var f: Fp12[C]
bench("Miller Loop BLS12", C, iters): bench("Miller Loop BLS12", C, iters):
@ -175,8 +175,8 @@ proc millerLoopBLS12Bench*(C: static Curve, iters: int) =
proc millerLoopBNBench*(C: static Curve, iters: int) = proc millerLoopBNBench*(C: static Curve, iters: int) =
let let
P = rng.random_point(ECP_ShortW_Aff[Fp[C], NotOnTwist]) P = rng.random_point(ECP_ShortW_Aff[Fp[C], G1])
Q = rng.random_point(ECP_ShortW_Aff[Fp2[C], OnTwist]) Q = rng.random_point(ECP_ShortW_Aff[Fp2[C], G2])
var f: Fp12[C] var f: Fp12[C]
bench("Miller Loop BN", C, iters): bench("Miller Loop BN", C, iters):
@ -196,8 +196,8 @@ proc finalExpBNBench*(C: static Curve, iters: int) =
proc pairingBLS12Bench*(C: static Curve, iters: int) = proc pairingBLS12Bench*(C: static Curve, iters: int) =
let let
P = rng.random_point(ECP_ShortW_Aff[Fp[C], NotOnTwist]) P = rng.random_point(ECP_ShortW_Aff[Fp[C], G1])
Q = rng.random_point(ECP_ShortW_Aff[Fp2[C], OnTwist]) Q = rng.random_point(ECP_ShortW_Aff[Fp2[C], G2])
var f: Fp12[C] var f: Fp12[C]
bench("Pairing BLS12", C, iters): bench("Pairing BLS12", C, iters):
@ -205,8 +205,8 @@ proc pairingBLS12Bench*(C: static Curve, iters: int) =
proc pairingBNBench*(C: static Curve, iters: int) = proc pairingBNBench*(C: static Curve, iters: int) =
let let
P = rng.random_point(ECP_ShortW_Aff[Fp[C], NotOnTwist]) P = rng.random_point(ECP_ShortW_Aff[Fp[C], G1])
Q = rng.random_point(ECP_ShortW_Aff[Fp2[C], OnTwist]) Q = rng.random_point(ECP_ShortW_Aff[Fp2[C], G2])
var f: Fp12[C] var f: Fp12[C]
bench("Pairing BN", C, iters): bench("Pairing BN", C, iters):
@ -218,7 +218,7 @@ proc hashToCurveBLS12_381G2Bench*(iters: int) =
# 'CryptoHash' resolution issue # 'CryptoHash' resolution issue
const dst = "BLS_SIG_BLS12381G2-SHA256-SSWU-RO_POP_" const dst = "BLS_SIG_BLS12381G2-SHA256-SSWU-RO_POP_"
let msg = "Mr F was here" let msg = "Mr F was here"
var P: ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist] var P: ECP_ShortW_Prj[Fp2[BLS12_381], G2]
bench("Hash to G2 (Draft #11)", BLS12_381, iters): bench("Hash to G2 (Draft #11)", BLS12_381, iters):
sha256.hashToCurve( sha256.hashToCurve(

6
constantine/curves/bls12_377_pairing.nim
View File

@ -42,13 +42,13 @@ const BLS12_377_pairing_finalexponent* = block:
func millerLoopAddchain*( func millerLoopAddchain*(
f: var Fp12[BLS12_377], f: var Fp12[BLS12_377],
Q: ECP_ShortW_Aff[Fp2[BLS12_377], OnTwist], Q: ECP_ShortW_Aff[Fp2[BLS12_377], G2],
P: ECP_ShortW_Aff[Fp[BLS12_377], NotOnTwist] P: ECP_ShortW_Aff[Fp[BLS12_377], G1]
) = ) =
## Miller Loop for BLS12-377 curve ## Miller Loop for BLS12-377 curve
## Computes f{u,Q}(P) with u the BLS curve parameter ## Computes f{u,Q}(P) with u the BLS curve parameter
var T {.noInit.}: ECP_ShortW_Prj[Fp2[BLS12_377], OnTwist] var T {.noInit.}: ECP_ShortW_Prj[Fp2[BLS12_377], G2]
f.miller_init_double_then_add(T, Q, P, 5) # 0b100001 f.miller_init_double_then_add(T, Q, P, 5) # 0b100001
f.miller_accum_double_then_add(T, Q, P, 2) # 0b10000101 f.miller_accum_double_then_add(T, Q, P, 2) # 0b10000101

12
constantine/curves/bls12_381_pairing.nim
View File

@ -40,13 +40,13 @@ const BLS12_381_pairing_finalexponent* = block:
func millerLoopAddchain*( func millerLoopAddchain*(
f: var Fp12[BLS12_381], f: var Fp12[BLS12_381],
Q: ECP_ShortW_Aff[Fp2[BLS12_381], OnTwist], Q: ECP_ShortW_Aff[Fp2[BLS12_381], G2],
P: ECP_ShortW_Aff[Fp[BLS12_381], NotOnTwist] P: ECP_ShortW_Aff[Fp[BLS12_381], G1]
) = ) =
## Miller Loop for BLS12-381 curve ## Miller Loop for BLS12-381 curve
## Computes f{u,Q}(P) with u the BLS curve parameter ## Computes f{u,Q}(P) with u the BLS curve parameter
var T {.noInit.}: ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist] var T {.noInit.}: ECP_ShortW_Prj[Fp2[BLS12_381], G2]
f.miller_init_double_then_add(T, Q, P, 1) # 0b11 f.miller_init_double_then_add(T, Q, P, 1) # 0b11
f.miller_accum_double_then_add(T, Q, P, 2) # 0b1101 f.miller_accum_double_then_add(T, Q, P, 2) # 0b1101
@ -60,13 +60,13 @@ func millerLoopAddchain*(
func millerLoopAddchain*[N: static int]( func millerLoopAddchain*[N: static int](
f: var Fp12[BLS12_381], f: var Fp12[BLS12_381],
Qs: array[N, ECP_ShortW_Aff[Fp2[BLS12_381], OnTwist]], Qs: array[N, ECP_ShortW_Aff[Fp2[BLS12_381], G2]],
Ps: array[N, ECP_ShortW_Aff[Fp[BLS12_381], NotOnTwist]] Ps: array[N, ECP_ShortW_Aff[Fp[BLS12_381], G1]]
) = ) =
## Generic Miller Loop for BLS12 curve ## Generic Miller Loop for BLS12 curve
## Computes f{u,Q}(P) with u the BLS curve parameter ## Computes f{u,Q}(P) with u the BLS curve parameter
var Ts {.noInit.}: array[N, ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist]] var Ts {.noInit.}: array[N, ECP_ShortW_Prj[Fp2[BLS12_381], G2]]
# Ate param addition chain # Ate param addition chain
# Hex: 0xd201000000010000 # Hex: 0xd201000000010000

6
constantine/curves/bn254_nogami_pairing.nim
View File

@ -38,12 +38,12 @@ const BN254_Nogami_pairing_finalexponent* = block:
func millerLoopAddchain*( func millerLoopAddchain*(
f: var Fp12[BN254_Nogami], f: var Fp12[BN254_Nogami],
Q: ECP_ShortW_Aff[Fp2[BN254_Nogami], OnTwist], Q: ECP_ShortW_Aff[Fp2[BN254_Nogami], G2],
P: ECP_ShortW_Aff[Fp[BN254_Nogami], NotOnTwist] P: ECP_ShortW_Aff[Fp[BN254_Nogami], G1]
) = ) =
## Miller Loop for BN254-Nogami curve ## Miller Loop for BN254-Nogami curve
## Computes f{6u+2,Q}(P) with u the BLS curve parameter ## Computes f{6u+2,Q}(P) with u the BLS curve parameter
var T {.noInit.}: ECP_ShortW_Prj[Fp2[BN254_Nogami], OnTwist] var T {.noInit.}: ECP_ShortW_Prj[Fp2[BN254_Nogami], G2]
f.miller_init_double_then_add(T, Q, P, 1) # 0b11 f.miller_init_double_then_add(T, Q, P, 1) # 0b11
f.miller_accum_double_then_add(T, Q, P, 6) # 0b11000001 f.miller_accum_double_then_add(T, Q, P, 6) # 0b11000001

6
constantine/ec_shortweierstrass.nim
View File

@ -22,9 +22,9 @@ import
export ec_shortweierstrass_affine, ec_shortweierstrass_jacobian, ec_shortweierstrass_projective, ec_scalar_mul export ec_shortweierstrass_affine, ec_shortweierstrass_jacobian, ec_shortweierstrass_projective, ec_scalar_mul
func projectiveFromJacobian*[F; Tw]( func projectiveFromJacobian*[F; G](
prj: var ECP_ShortW_Prj[F, Tw], prj: var ECP_ShortW_Prj[F, G],
jac: ECP_ShortW_Jac[F, Tw]) {.inline.} = jac: ECP_ShortW_Jac[F, G]) {.inline.} =
prj.x.prod(jac.x, jac.z) prj.x.prod(jac.x, jac.z)
prj.y = jac.y prj.y = jac.y
prj.z.square(jac.z) prj.z.square(jac.z)

4
constantine/elliptic/ec_endomorphism_accel.nim
View File

@ -292,7 +292,7 @@ func scalarMulEndo*[scalBits; EC](
const M = 2 const M = 2
# 1. Compute endomorphisms # 1. Compute endomorphisms
var endomorphisms {.noInit.}: array[M-1, typeof(P)] var endomorphisms {.noInit.}: array[M-1, typeof(P)]
when P.Tw == NotOnTwist: when P.G == G1:
endomorphisms[0] = P endomorphisms[0] = P
endomorphisms[0].x *= C.getCubicRootOfUnity_mod_p() endomorphisms[0].x *= C.getCubicRootOfUnity_mod_p()
else: else:
@ -481,7 +481,7 @@ func scalarMulGLV_m2w2*[scalBits; EC](
static: doAssert: scalBits == C.getCurveOrderBitwidth() static: doAssert: scalBits == C.getCurveOrderBitwidth()
# 1. Compute endomorphisms # 1. Compute endomorphisms
when P0.Tw == NotOnTwist: when P0.G == G1:
var P1 = P0 var P1 = P0
P1.x *= C.getCubicRootOfUnity_mod_p() P1.x *= C.getCubicRootOfUnity_mod_p()
else: else:

22
constantine/elliptic/ec_shortweierstrass_affine.nim
View File

@ -22,11 +22,11 @@ import
# ############################################################ # ############################################################
type type
Twisted* = enum Subgroup* = enum
NotOnTwist G1
OnTwist G2
ECP_ShortW_Aff*[F; Tw: static Twisted] = object ECP_ShortW_Aff*[F; G: static Subgroup] = object
## Elliptic curve point for a curve in Short Weierstrass form ## Elliptic curve point for a curve in Short Weierstrass form
## y² = x³ + a x + b ## y² = x³ + a x + b
## ##
@ -45,7 +45,7 @@ func isInf*(P: ECP_ShortW_Aff): SecretBool =
## and false otherwise ## and false otherwise
result = P.x.isZero() and P.y.isZero() result = P.x.isZero() and P.y.isZero()
func curve_eq_rhs*[F](y2: var F, x: F, Tw: static Twisted) = func curve_eq_rhs*[F](y2: var F, x: F, G: static Subgroup) =
## Compute the curve equation right-hand-side from field element `x` ## Compute the curve equation right-hand-side from field element `x`
## i.e. `y²` in `y² = x³ + a x + b` ## i.e. `y²` in `y² = x³ + a x + b`
## or on sextic twists for pairing curves `y² = x³ + b/µ` or `y² = x³ + µ b` ## or on sextic twists for pairing curves `y² = x³ + b/µ` or `y² = x³ + µ b`
@ -55,7 +55,7 @@ func curve_eq_rhs*[F](y2: var F, x: F, Tw: static Twisted) =
t.square(x) t.square(x)
t *= x t *= x
when Tw == NotOnTwist: when G == G1:
when F.C.getCoefB() >= 0: when F.C.getCoefB() >= 0:
y2.fromUint uint F.C.getCoefB() y2.fromUint uint F.C.getCoefB()
y2 += t y2 += t
@ -70,18 +70,18 @@ func curve_eq_rhs*[F](y2: var F, x: F, Tw: static Twisted) =
t *= F.C.getCoefA() t *= F.C.getCoefA()
y2 += t y2 += t
func isOnCurve*[F](x, y: F, Tw: static Twisted): SecretBool = func isOnCurve*[F](x, y: F, G: static Subgroup): SecretBool =
## Returns true if the (x, y) coordinates ## Returns true if the (x, y) coordinates
## represents a point of the elliptic curve ## represents a point of the elliptic curve
var y2, rhs {.noInit.}: F var y2, rhs {.noInit.}: F
y2.square(y) y2.square(y)
rhs.curve_eq_rhs(x, Tw) rhs.curve_eq_rhs(x, G)
return y2 == rhs return y2 == rhs
func trySetFromCoordX*[F, Tw]( func trySetFromCoordX*[F, G](
P: var ECP_ShortW_Aff[F, Tw], P: var ECP_ShortW_Aff[F, G],
x: F): SecretBool = x: F): SecretBool =
## Try to create a point the elliptic curve ## Try to create a point the elliptic curve
## y² = x³ + a x + b (affine coordinate) ## y² = x³ + a x + b (affine coordinate)
@ -101,7 +101,7 @@ func trySetFromCoordX*[F, Tw](
## - scalar multiplication works ## - scalar multiplication works
## - a generator point is defined ## - a generator point is defined
## i.e. you can't test unless everything is already working ## i.e. you can't test unless everything is already working
P.y.curve_eq_rhs(x, Tw) P.y.curve_eq_rhs(x, G)
result = sqrt_if_square(P.y) result = sqrt_if_square(P.y)
P.x = x P.x = x

60
constantine/elliptic/ec_shortweierstrass_jacobian.nim
View File

@ -13,7 +13,7 @@ import
../towers, ../towers,
./ec_shortweierstrass_affine ./ec_shortweierstrass_affine
export Twisted export Subgroup
# ############################################################ # ############################################################
# #
@ -22,7 +22,7 @@ export Twisted
# #
# ############################################################ # ############################################################
type ECP_ShortW_Jac*[F; Tw: static Twisted] = object type ECP_ShortW_Jac*[F; G: static Subgroup] = object
## Elliptic curve point for a curve in Short Weierstrass form ## Elliptic curve point for a curve in Short Weierstrass form
## y² = x³ + a x + b ## y² = x³ + a x + b
## ##
@ -80,8 +80,8 @@ func ccopy*(P: var ECP_ShortW_Jac, Q: ECP_ShortW_Jac, ctl: SecretBool) {.inline.
for fP, fQ in fields(P, Q): for fP, fQ in fields(P, Q):
ccopy(fP, fQ, ctl) ccopy(fP, fQ, ctl)
func trySetFromCoordsXandZ*[F; Tw]( func trySetFromCoordsXandZ*[F; G](
P: var ECP_ShortW_Jac[F, Tw], P: var ECP_ShortW_Jac[F, G],
x, z: F): SecretBool = x, z: F): SecretBool =
## Try to create a point the elliptic curve ## Try to create a point the elliptic curve
## Y² = X³ + aXZ⁴ + bZ⁶ (Jacobian coordinates) ## Y² = X³ + aXZ⁴ + bZ⁶ (Jacobian coordinates)
@ -100,7 +100,7 @@ func trySetFromCoordsXandZ*[F; Tw](
## - scalar multiplication works ## - scalar multiplication works
## - a generator point is defined ## - a generator point is defined
## i.e. you can't test unless everything is already working ## i.e. you can't test unless everything is already working
P.y.curve_eq_rhs(x, Tw) P.y.curve_eq_rhs(x, G)
result = sqrt_if_square(P.y) result = sqrt_if_square(P.y)
var z2 {.noInit.}: F var z2 {.noInit.}: F
@ -110,8 +110,8 @@ func trySetFromCoordsXandZ*[F; Tw](
P.y *= z P.y *= z
P.z = z P.z = z
func trySetFromCoordX*[F; Tw]( func trySetFromCoordX*[F; G](
P: var ECP_ShortW_Jac[F, Tw], P: var ECP_ShortW_Jac[F, G],
x: F): SecretBool = x: F): SecretBool =
## Try to create a point the elliptic curve ## Try to create a point the elliptic curve
## y² = x³ + a x + b (affine coordinate) ## y² = x³ + a x + b (affine coordinate)
@ -132,7 +132,7 @@ func trySetFromCoordX*[F; Tw](
## - scalar multiplication works ## - scalar multiplication works
## - a generator point is defined ## - a generator point is defined
## i.e. you can't test unless everything is already working ## i.e. you can't test unless everything is already working
P.y.curve_eq_rhs(x, Tw) P.y.curve_eq_rhs(x, G)
result = sqrt_if_square(P.y) result = sqrt_if_square(P.y)
P.x = x P.x = x
P.z.setOne() P.z.setOne()
@ -152,9 +152,9 @@ func cneg*(P: var ECP_ShortW_Jac, ctl: CTBool) {.inline.} =
## Negate if ``ctl`` is true ## Negate if ``ctl`` is true
P.y.cneg(ctl) P.y.cneg(ctl)
template sumImpl[F; Tw: static Twisted]( template sumImpl[F; G: static Subgroup](
r: var ECP_ShortW_Jac[F, Tw], r: var ECP_ShortW_Jac[F, G],
P, Q: ECP_ShortW_Jac[F, Tw], P, Q: ECP_ShortW_Jac[F, G],
CoefA: untyped CoefA: untyped
) = ) =
## Elliptic curve point addition for Short Weierstrass curves in Jacobian coordinates ## Elliptic curve point addition for Short Weierstrass curves in Jacobian coordinates
@ -324,9 +324,9 @@ template sumImpl[F; Tw: static Twisted](
r.ccopy(Q, P.isInf()) r.ccopy(Q, P.isInf())
r.ccopy(P, Q.isInf()) r.ccopy(P, Q.isInf())
func sum*[F; Tw: static Twisted]( func sum*[F; G: static Subgroup](
r: var ECP_ShortW_Jac[F, Tw], r: var ECP_ShortW_Jac[F, G],
P, Q: ECP_ShortW_Jac[F, Tw], P, Q: ECP_ShortW_Jac[F, G],
CoefA: static F CoefA: static F
) = ) =
## Elliptic curve point addition for Short Weierstrass curves in Jacobian coordinates ## Elliptic curve point addition for Short Weierstrass curves in Jacobian coordinates
@ -349,9 +349,9 @@ func sum*[F; Tw: static Twisted](
## This is done by using a "complete" or "exception-free" addition law. ## This is done by using a "complete" or "exception-free" addition law.
r.sumImpl(P, Q, CoefA) r.sumImpl(P, Q, CoefA)
func sum*[F; Tw: static Twisted]( func sum*[F; G: static Subgroup](
r: var ECP_ShortW_Jac[F, Tw], r: var ECP_ShortW_Jac[F, G],
P, Q: ECP_ShortW_Jac[F, Tw] P, Q: ECP_ShortW_Jac[F, G]
) = ) =
## Elliptic curve point addition for Short Weierstrass curves in Jacobian coordinates ## Elliptic curve point addition for Short Weierstrass curves in Jacobian coordinates
## ##
@ -370,10 +370,10 @@ func sum*[F; Tw: static Twisted](
## This is done by using a "complete" or "exception-free" addition law. ## This is done by using a "complete" or "exception-free" addition law.
r.sumImpl(P, Q, F.C.getCoefA()) r.sumImpl(P, Q, F.C.getCoefA())
func madd*[F; Tw: static Twisted]( func madd*[F; G: static Subgroup](
r: var ECP_ShortW_Jac[F, Tw], r: var ECP_ShortW_Jac[F, G],
P: ECP_ShortW_Jac[F, Tw], P: ECP_ShortW_Jac[F, G],
Q: ECP_ShortW_Aff[F, Tw] Q: ECP_ShortW_Aff[F, G]
) = ) =
## Elliptic curve mixed addition for Short Weierstrass curves ## Elliptic curve mixed addition for Short Weierstrass curves
## with p in Jacobian coordinates and Q in affine coordinates ## with p in Jacobian coordinates and Q in affine coordinates
@ -449,9 +449,9 @@ func madd*[F; Tw: static Twisted](
r.ccopy(P, qIsInf) r.ccopy(P, qIsInf)
func double*[F; Tw: static Twisted]( func double*[F; G: static Subgroup](
r: var ECP_ShortW_Jac[F, Tw], r: var ECP_ShortW_Jac[F, G],
P: ECP_ShortW_Jac[F, Tw] P: ECP_ShortW_Jac[F, G]
) = ) =
## Elliptic curve point doubling for Short Weierstrass curves in projective coordinate ## Elliptic curve point doubling for Short Weierstrass curves in projective coordinate
## ##
@ -528,9 +528,9 @@ func diff*(r: var ECP_ShortW_Jac,
nQ.neg(Q) nQ.neg(Q)
r.sum(P, nQ) r.sum(P, nQ)
func affineFromJacobian*[F; Tw]( func affineFromJacobian*[F; G](
aff: var ECP_ShortW_Aff[F, Tw], aff: var ECP_ShortW_Aff[F, G],
jac: ECP_ShortW_Jac[F, Tw]) = jac: ECP_ShortW_Jac[F, G]) =
var invZ {.noInit.}, invZ2{.noInit.}: F var invZ {.noInit.}, invZ2{.noInit.}: F
invZ.inv(jac.z) invZ.inv(jac.z)
invZ2.square(invZ) invZ2.square(invZ)
@ -539,9 +539,9 @@ func affineFromJacobian*[F; Tw](
aff.y.prod(jac.y, invZ) aff.y.prod(jac.y, invZ)
aff.y *= invZ2 aff.y *= invZ2
func jacobianFromAffine*[F; Tw]( func jacobianFromAffine*[F; G](
jac: var ECP_ShortW_Jac[F, Tw], jac: var ECP_ShortW_Jac[F, G],
aff: ECP_ShortW_Aff[F, Tw]) {.inline.} = aff: ECP_ShortW_Aff[F, G]) {.inline.} =
jac.x = aff.x jac.x = aff.x
jac.y = aff.y jac.y = aff.y
jac.z.setOne() jac.z.setOne()

72
constantine/elliptic/ec_shortweierstrass_projective.nim
View File

@ -13,7 +13,7 @@ import
../towers, ../towers,
./ec_shortweierstrass_affine ./ec_shortweierstrass_affine
export Twisted export Subgroup
# ############################################################ # ############################################################
# #
@ -22,7 +22,7 @@ export Twisted
# #
# ############################################################ # ############################################################
type ECP_ShortW_Prj*[F; Tw: static Twisted] = object type ECP_ShortW_Prj*[F; G: static Subgroup] = object
## Elliptic curve point for a curve in Short Weierstrass form ## Elliptic curve point for a curve in Short Weierstrass form
## y² = x³ + a x + b ## y² = x³ + a x + b
## ##
@ -74,8 +74,8 @@ func ccopy*(P: var ECP_ShortW_Prj, Q: ECP_ShortW_Prj, ctl: SecretBool) {.inline.
for fP, fQ in fields(P, Q): for fP, fQ in fields(P, Q):
ccopy(fP, fQ, ctl) ccopy(fP, fQ, ctl)
func trySetFromCoordsXandZ*[F; Tw]( func trySetFromCoordsXandZ*[F; G](
P: var ECP_ShortW_Prj[F, Tw], P: var ECP_ShortW_Prj[F, G],
x, z: F): SecretBool = x, z: F): SecretBool =
## Try to create a point the elliptic curve ## Try to create a point the elliptic curve
## Y²Z = X³ + aXZ² + bZ³ (projective coordinates) ## Y²Z = X³ + aXZ² + bZ³ (projective coordinates)
@ -94,15 +94,15 @@ func trySetFromCoordsXandZ*[F; Tw](
## - scalar multiplication works ## - scalar multiplication works
## - a generator point is defined ## - a generator point is defined
## i.e. you can't test unless everything is already working ## i.e. you can't test unless everything is already working
P.y.curve_eq_rhs(x, Tw) P.y.curve_eq_rhs(x, G)
result = sqrt_if_square(P.y) result = sqrt_if_square(P.y)
P.x.prod(x, z) P.x.prod(x, z)
P.y *= z P.y *= z
P.z = z P.z = z
func trySetFromCoordX*[F; Tw]( func trySetFromCoordX*[F; G](
P: var ECP_ShortW_Prj[F, Tw], P: var ECP_ShortW_Prj[F, G],
x: F): SecretBool = x: F): SecretBool =
## Try to create a point the elliptic curve ## Try to create a point the elliptic curve
## y² = x³ + a x + b (affine coordinate) ## y² = x³ + a x + b (affine coordinate)
@ -123,7 +123,7 @@ func trySetFromCoordX*[F; Tw](
## - scalar multiplication works ## - scalar multiplication works
## - a generator point is defined ## - a generator point is defined
## i.e. you can't test unless everything is already working ## i.e. you can't test unless everything is already working
P.y.curve_eq_rhs(x, Tw) P.y.curve_eq_rhs(x, G)
result = sqrt_if_square(P.y) result = sqrt_if_square(P.y)
P.x = x P.x = x
P.z.setOne() P.z.setOne()
@ -143,9 +143,9 @@ func cneg*(P: var ECP_ShortW_Prj, ctl: CTBool) {.inline.} =
## Negate if ``ctl`` is true ## Negate if ``ctl`` is true
P.y.cneg(ctl) P.y.cneg(ctl)
func sum*[F; Tw: static Twisted]( func sum*[F; G: static Subgroup](
r: var ECP_ShortW_Prj[F, Tw], r: var ECP_ShortW_Prj[F, G],
P, Q: ECP_ShortW_Prj[F, Tw] P, Q: ECP_ShortW_Prj[F, G]
) = ) =
## Elliptic curve point addition for Short Weierstrass curves in projective coordinates ## Elliptic curve point addition for Short Weierstrass curves in projective coordinates
## ##
@ -205,32 +205,32 @@ func sum*[F; Tw: static Twisted](
t3 *= t4 # 6. t₃ <- t₃ * t₄ t3 *= t4 # 6. t₃ <- t₃ * t₄
t4.sum(t0, t1) # 7. t₄ <- t₀ + t₁ t4.sum(t0, t1) # 7. t₄ <- t₀ + t₁
t3 -= t4 # 8. t₃ <- t₃ - t₄ t₃ = (X₁ + Y₁)(X₂ + Y₂) - (X₁X₂ + Y₁Y₂) = X₁Y₂ + X₂Y₁ t3 -= t4 # 8. t₃ <- t₃ - t₄ t₃ = (X₁ + Y₁)(X₂ + Y₂) - (X₁X₂ + Y₁Y₂) = X₁Y₂ + X₂Y₁
when Tw == OnTwist and F.C.getSexticTwist() == D_Twist: when G == G2 and F.C.getSexticTwist() == D_Twist:
t3 *= SexticNonResidue t3 *= SexticNonResidue
t4.sum(P.y, P.z) # 9. t₄ <- Y₁ + Z₁ t4.sum(P.y, P.z) # 9. t₄ <- Y₁ + Z₁
x3.sum(Q.y, Q.z) # 10. X₃ <- Y₂ + Z₂ x3.sum(Q.y, Q.z) # 10. X₃ <- Y₂ + Z₂
t4 *= x3 # 11. t₄ <- t₄ X₃ t4 *= x3 # 11. t₄ <- t₄ X₃
x3.sum(t1, t2) # 12. X₃ <- t₁ + t₂ X₃ = Y₁Y₂ + Z₁Z₂ x3.sum(t1, t2) # 12. X₃ <- t₁ + t₂ X₃ = Y₁Y₂ + Z₁Z₂
t4 -= x3 # 13. t₄ <- t₄ - X₃ t₄ = (Y₁ + Z₁)(Y₂ + Z₂) - (Y₁Y₂ + Z₁Z₂) = Y₁Z₂ + Y₂Z₁ t4 -= x3 # 13. t₄ <- t₄ - X₃ t₄ = (Y₁ + Z₁)(Y₂ + Z₂) - (Y₁Y₂ + Z₁Z₂) = Y₁Z₂ + Y₂Z₁
when Tw == OnTwist and F.C.getSexticTwist() == D_Twist: when G == G2 and F.C.getSexticTwist() == D_Twist:
t4 *= SexticNonResidue t4 *= SexticNonResidue
x3.sum(P.x, P.z) # 14. X₃ <- X₁ + Z₁ x3.sum(P.x, P.z) # 14. X₃ <- X₁ + Z₁
y3.sum(Q.x, Q.z) # 15. Y₃ <- X₂ + Z₂ y3.sum(Q.x, Q.z) # 15. Y₃ <- X₂ + Z₂
x3 *= y3 # 16. X₃ <- X₃ Y₃ X₃ = (X₁Z₁)(X₂Z₂) x3 *= y3 # 16. X₃ <- X₃ Y₃ X₃ = (X₁Z₁)(X₂Z₂)
y3.sum(t0, t2) # 17. Y₃ <- t₀ + t₂ Y₃ = X₁ X₂ + Z₁ Z₂ y3.sum(t0, t2) # 17. Y₃ <- t₀ + t₂ Y₃ = X₁ X₂ + Z₁ Z₂
y3.diff(x3, y3) # 18. Y₃ <- X₃ - Y₃ Y₃ = (X₁ + Z₁)(X₂ + Z₂) - (X₁ X₂ + Z₁ Z₂) = X₁Z₂ + X₂Z₁ y3.diff(x3, y3) # 18. Y₃ <- X₃ - Y₃ Y₃ = (X₁ + Z₁)(X₂ + Z₂) - (X₁ X₂ + Z₁ Z₂) = X₁Z₂ + X₂Z₁
when Tw == OnTwist and F.C.getSexticTwist() == D_Twist: when G == G2 and F.C.getSexticTwist() == D_Twist:
t0 *= SexticNonResidue t0 *= SexticNonResidue
t1 *= SexticNonResidue t1 *= SexticNonResidue
x3.double(t0) # 19. X₃ <- t₀ + t₀ X₃ = 2 X₁X₂ x3.double(t0) # 19. X₃ <- t₀ + t₀ X₃ = 2 X₁X₂
t0 += x3 # 20. t₀ <- X₃ + t₀ t₀ = 3 X₁X₂ t0 += x3 # 20. t₀ <- X₃ + t₀ t₀ = 3 X₁X₂
t2 *= b3 # 21. t₂ <- 3b t₂ t₂ = 3bZ₁Z₂ t2 *= b3 # 21. t₂ <- 3b t₂ t₂ = 3bZ₁Z₂
when Tw == OnTwist and F.C.getSexticTwist() == M_Twist: when G == G2 and F.C.getSexticTwist() == M_Twist:
t2 *= SexticNonResidue t2 *= SexticNonResidue
z3.sum(t1, t2) # 22. Z₃ <- t₁ + t₂ Z₃ = Y₁Y₂ + 3bZ₁Z₂ z3.sum(t1, t2) # 22. Z₃ <- t₁ + t₂ Z₃ = Y₁Y₂ + 3bZ₁Z₂
t1 -= t2 # 23. t₁ <- t₁ - t₂ t₁ = Y₁Y₂ - 3bZ₁Z₂ t1 -= t2 # 23. t₁ <- t₁ - t₂ t₁ = Y₁Y₂ - 3bZ₁Z₂
y3 *= b3 # 24. Y₃ <- 3b Y₃ Y₃ = 3b(X₁Z₂ + X₂Z₁) y3 *= b3 # 24. Y₃ <- 3b Y₃ Y₃ = 3b(X₁Z₂ + X₂Z₁)
when Tw == OnTwist and F.C.getSexticTwist() == M_Twist: when G == G2 and F.C.getSexticTwist() == M_Twist:
y3 *= SexticNonResidue y3 *= SexticNonResidue
x3.prod(t4, y3) # 25. X₃ <- t₄ Y₃ X₃ = 3b(Y₁Z₂ + Y₂Z₁)(X₁Z₂ + X₂Z₁) x3.prod(t4, y3) # 25. X₃ <- t₄ Y₃ X₃ = 3b(Y₁Z₂ + Y₂Z₁)(X₁Z₂ + X₂Z₁)
t2.prod(t3, t1) # 26. t₂ <- t₃ t₁ t₂ = (X₁Y₂ + X₂Y₁) (Y₁Y₂ - 3bZ₁Z₂) t2.prod(t3, t1) # 26. t₂ <- t₃ t₁ t₂ = (X₁Y₂ + X₂Y₁) (Y₁Y₂ - 3bZ₁Z₂)
@ -244,10 +244,10 @@ func sum*[F; Tw: static Twisted](
else: else:
{.error: "Not implemented.".} {.error: "Not implemented.".}
func madd*[F; Tw: static Twisted]( func madd*[F; G: static Subgroup](
r: var ECP_ShortW_Prj[F, Tw], r: var ECP_ShortW_Prj[F, G],
P: ECP_ShortW_Prj[F, Tw], P: ECP_ShortW_Prj[F, G],
Q: ECP_ShortW_Aff[F, Tw] Q: ECP_ShortW_Aff[F, G]
) = ) =
## Elliptic curve mixed addition for Short Weierstrass curves ## Elliptic curve mixed addition for Short Weierstrass curves
## with p in Projective coordinates and Q in affine coordinates ## with p in Projective coordinates and Q in affine coordinates
@ -276,27 +276,27 @@ func madd*[F; Tw: static Twisted](
t3 *= t4 # 5. t₃ <- t₃ * t₄ t3 *= t4 # 5. t₃ <- t₃ * t₄
t4.sum(t0, t1) # 6. t₄ <- t₀ + t₁ t4.sum(t0, t1) # 6. t₄ <- t₀ + t₁
t3 -= t4 # 7. t₃ <- t₃ - t₄, t₃ = (X₁ + Y₁)(X₂ + Y₂) - (X₁ X₂ + Y₁ Y₂) = X₁Y₂ + X₂Y₁ t3 -= t4 # 7. t₃ <- t₃ - t₄, t₃ = (X₁ + Y₁)(X₂ + Y₂) - (X₁ X₂ + Y₁ Y₂) = X₁Y₂ + X₂Y₁
when Tw == OnTwist and F.C.getSexticTwist() == D_Twist: when G == G2 and F.C.getSexticTwist() == D_Twist:
t3 *= SexticNonResidue t3 *= SexticNonResidue
t4.prod(Q.y, P.z) # 8. t₄ <- Y₂ Z₁ t4.prod(Q.y, P.z) # 8. t₄ <- Y₂ Z₁
t4 += P.y # 9. t₄ <- t₄ + Y₁, t₄ = Y₁+Y₂Z₁ t4 += P.y # 9. t₄ <- t₄ + Y₁, t₄ = Y₁+Y₂Z₁
when Tw == OnTwist and F.C.getSexticTwist() == D_Twist: when G == G2 and F.C.getSexticTwist() == D_Twist:
t4 *= SexticNonResidue t4 *= SexticNonResidue
y3.prod(Q.x, P.z) # 10. Y₃ <- X₂ Z₁ y3.prod(Q.x, P.z) # 10. Y₃ <- X₂ Z₁
y3 += P.x # 11. Y₃ <- Y₃ + X₁, Y₃ = X₁ + X₂Z₁ y3 += P.x # 11. Y₃ <- Y₃ + X₁, Y₃ = X₁ + X₂Z₁
when Tw == OnTwist and F.C.getSexticTwist() == D_Twist: when G == G2 and F.C.getSexticTwist() == D_Twist:
t0 *= SexticNonResidue t0 *= SexticNonResidue
t1 *= SexticNonResidue t1 *= SexticNonResidue
x3.double(t0) # 12. X₃ <- t₀ + t₀ x3.double(t0) # 12. X₃ <- t₀ + t₀
t0 += x3 # 13. t₀ <- X₃ + t₀, t₀ = 3X₁X₂ t0 += x3 # 13. t₀ <- X₃ + t₀, t₀ = 3X₁X₂
t2 = P.z t2 = P.z
t2 *= b3 # 14. t₂ <- 3bZ₁ t2 *= b3 # 14. t₂ <- 3bZ₁
when Tw == OnTwist and F.C.getSexticTwist() == M_Twist: when G == G2 and F.C.getSexticTwist() == M_Twist:
t2 *= SexticNonResidue t2 *= SexticNonResidue
z3.sum(t1, t2) # 15. Z₃ <- t₁ + t₂, Z₃ = Y₁Y₂ + 3bZ₁ z3.sum(t1, t2) # 15. Z₃ <- t₁ + t₂, Z₃ = Y₁Y₂ + 3bZ₁
t1 -= t2 # 16. t₁ <- t₁ - t₂, t₁ = Y₁Y₂ - 3bZ₁ t1 -= t2 # 16. t₁ <- t₁ - t₂, t₁ = Y₁Y₂ - 3bZ₁
y3 *= b3 # 17. Y₃ <- 3bY₃, Y₃ = 3b(X₁ + X₂Z₁) y3 *= b3 # 17. Y₃ <- 3bY₃, Y₃ = 3b(X₁ + X₂Z₁)
when Tw == OnTwist and F.C.getSexticTwist() == M_Twist: when G == G2 and F.C.getSexticTwist() == M_Twist:
y3 *= SexticNonResidue y3 *= SexticNonResidue
x3.prod(t4, y3) # 18. X₃ <- t₄ Y₃, X₃ = (Y₁ + Y₂Z₁) 3b(X₁ + X₂Z₁) x3.prod(t4, y3) # 18. X₃ <- t₄ Y₃, X₃ = (Y₁ + Y₂Z₁) 3b(X₁ + X₂Z₁)
t2.prod(t3, t1) # 19. t₂ <- t₃ t₁, t₂ = (X₁Y₂ + X₂Y₁)(Y₁Y₂ - 3bZ₁) t2.prod(t3, t1) # 19. t₂ <- t₃ t₁, t₂ = (X₁Y₂ + X₂Y₁)(Y₁Y₂ - 3bZ₁)
@ -310,9 +310,9 @@ func madd*[F; Tw: static Twisted](
else: else:
{.error: "Not implemented.".} {.error: "Not implemented.".}
func double*[F; Tw: static Twisted]( func double*[F; G: static Subgroup](
r: var ECP_ShortW_Prj[F, Tw], r: var ECP_ShortW_Prj[F, G],
P: ECP_ShortW_Prj[F, Tw] P: ECP_ShortW_Prj[F, G]
) = ) =
## Elliptic curve point doubling for Short Weierstrass curves in projective coordinate ## Elliptic curve point doubling for Short Weierstrass curves in projective coordinate
## ##
@ -357,7 +357,7 @@ func double*[F; Tw: static Twisted](
# X₃ = 2XY(Y² - 9bZ²) # X₃ = 2XY(Y² - 9bZ²)
# Y₃ = (Y² - 9bZ²)(Y² + 3bZ²) + 24bY²Z² # Y₃ = (Y² - 9bZ²)(Y² + 3bZ²) + 24bY²Z²
# Z₃ = 8Y³Z # Z₃ = 8Y³Z
when Tw == OnTwist and F.C.getSexticTwist() == D_Twist: when G == G2 and F.C.getSexticTwist() == D_Twist:
var snrY {.noInit.}: F var snrY {.noInit.}: F
snrY.prod(P.y, SexticNonResidue) snrY.prod(P.y, SexticNonResidue)
t0.square(P.y) t0.square(P.y)
@ -371,7 +371,7 @@ func double*[F; Tw: static Twisted](
t1.prod(snrY, P.z) # 5. t₁ <- Y Z t1.prod(snrY, P.z) # 5. t₁ <- Y Z
t2.square(P.z) # 6. t₂ <- Z Z t2.square(P.z) # 6. t₂ <- Z Z
t2 *= b3 # 7. t₂ <- 3b t₂ t2 *= b3 # 7. t₂ <- 3b t₂
when Tw == OnTwist and F.C.getSexticTwist() == M_Twist: when G == G2 and F.C.getSexticTwist() == M_Twist:
t2 *= SexticNonResidue t2 *= SexticNonResidue
x3.prod(t2, z3) # 8. X₃ <- t₂ Z₃ x3.prod(t2, z3) # 8. X₃ <- t₂ Z₃
y3.sum(t0, t2) # 9. Y₃ <- t₀ + t₂ y3.sum(t0, t2) # 9. Y₃ <- t₀ + t₂
@ -409,18 +409,18 @@ func diff*(r: var ECP_ShortW_Prj,
nQ.neg(Q) nQ.neg(Q)
r.sum(P, nQ) r.sum(P, nQ)
func affineFromProjective*[F, Tw]( func affineFromProjective*[F, G](
aff: var ECP_ShortW_Aff[F, Tw], aff: var ECP_ShortW_Aff[F, G],
proj: ECP_ShortW_Prj[F, Tw]) = proj: ECP_ShortW_Prj[F, G]) =
var invZ {.noInit.}: F var invZ {.noInit.}: F
invZ.inv(proj.z) invZ.inv(proj.z)
aff.x.prod(proj.x, invZ) aff.x.prod(proj.x, invZ)
aff.y.prod(proj.y, invZ) aff.y.prod(proj.y, invZ)
func projectiveFromAffine*[F, Tw]( func projectiveFromAffine*[F, G](
proj: var ECP_ShortW_Prj[F, Tw], proj: var ECP_ShortW_Prj[F, G],
aff: ECP_ShortW_Aff[F, Tw]) {.inline.} = aff: ECP_ShortW_Aff[F, G]) {.inline.} =
proj.x = aff.x proj.x = aff.x
proj.y = aff.y proj.y = aff.y
proj.z.setOne() proj.z.setOne()

26
constantine/hash_to_curve/cofactors.nim
View File

@ -51,49 +51,49 @@ const Cofactor_Eff_BW6_761_G1 = BigInt[384].fromHex"0xad1972339049ce762c77d5ac34
const Cofactor_Eff_BW6_761_G2 = BigInt[384].fromHex"0xad1972339049ce762c77d5ac34cb12efc856a0853c9db94cc61c554757551c0c832ba4061000003b3de580000000007c" const Cofactor_Eff_BW6_761_G2 = BigInt[384].fromHex"0xad1972339049ce762c77d5ac34cb12efc856a0853c9db94cc61c554757551c0c832ba4061000003b3de580000000007c"
## P -> (103([u³]P) 83([u²]P) 143([u]P) + 27P) + ψ(7([u²]P) 117([u]P) 109P) ## P -> (103([u³]P) 83([u²]P) 143([u]P) + 27P) + ψ(7([u²]P) 117([u]P) 109P)
func clearCofactorReference*(P: var ECP_ShortW_Prj[Fp[BN254_Nogami], NotOnTwist]) {.inline.} = func clearCofactorReference*(P: var ECP_ShortW_Prj[Fp[BN254_Nogami], G1]) {.inline.} =
## Clear the cofactor of BN254_Nogami G1 ## Clear the cofactor of BN254_Nogami G1
## BN curve have a G1 cofactor of 1 so this is a no-op ## BN curve have a G1 cofactor of 1 so this is a no-op
discard discard
func clearCofactorReference*(P: var ECP_ShortW_Prj[Fp2[BN254_Nogami], OnTwist]) {.inline.} = func clearCofactorReference*(P: var ECP_ShortW_Prj[Fp2[BN254_Nogami], G2]) {.inline.} =
## Clear the cofactor of BN254_Snarks G2 ## Clear the cofactor of BN254_Snarks G2
# Endomorphism acceleration cannot be used if cofactor is not cleared # Endomorphism acceleration cannot be used if cofactor is not cleared
P.scalarMulGeneric(Cofactor_Eff_BN254_Nogami_G2) P.scalarMulGeneric(Cofactor_Eff_BN254_Nogami_G2)
func clearCofactorReference*(P: var ECP_ShortW_Prj[Fp[BN254_Snarks], NotOnTwist]) {.inline.} = func clearCofactorReference*(P: var ECP_ShortW_Prj[Fp[BN254_Snarks], G1]) {.inline.} =
## Clear the cofactor of BN254_Snarks G1 ## Clear the cofactor of BN254_Snarks G1
## BN curve have a G1 cofactor of 1 so this is a no-op ## BN curve have a G1 cofactor of 1 so this is a no-op
discard discard
func clearCofactorReference*(P: var ECP_ShortW_Prj[Fp2[BN254_Snarks], OnTwist]) {.inline.} = func clearCofactorReference*(P: var ECP_ShortW_Prj[Fp2[BN254_Snarks], G2]) {.inline.} =
## Clear the cofactor of BN254_Snarks G2 ## Clear the cofactor of BN254_Snarks G2
# Endomorphism acceleration cannot be used if cofactor is not cleared # Endomorphism acceleration cannot be used if cofactor is not cleared
P.scalarMulGeneric(Cofactor_Eff_BN254_Snarks_G2) P.scalarMulGeneric(Cofactor_Eff_BN254_Snarks_G2)
func clearCofactorReference*(P: var ECP_ShortW_Prj[Fp[BLS12_377], NotOnTwist]) {.inline.} = func clearCofactorReference*(P: var ECP_ShortW_Prj[Fp[BLS12_377], G1]) {.inline.} =
## Clear the cofactor of BLS12_377 G1 ## Clear the cofactor of BLS12_377 G1
P.scalarMulGeneric(Cofactor_Eff_BLS12_377_G1) P.scalarMulGeneric(Cofactor_Eff_BLS12_377_G1)
func clearCofactorReference*(P: var ECP_ShortW_Prj[Fp2[BLS12_377], OnTwist]) {.inline.} = func clearCofactorReference*(P: var ECP_ShortW_Prj[Fp2[BLS12_377], G2]) {.inline.} =
## Clear the cofactor of BLS12_377 G2 ## Clear the cofactor of BLS12_377 G2
# Endomorphism acceleration cannot be used if cofactor is not cleared # Endomorphism acceleration cannot be used if cofactor is not cleared
P.scalarMulGeneric(Cofactor_Eff_BLS12_377_G2) P.scalarMulGeneric(Cofactor_Eff_BLS12_377_G2)
func clearCofactorReference*(P: var ECP_ShortW_Prj[Fp[BLS12_381], NotOnTwist]) {.inline.} = func clearCofactorReference*(P: var ECP_ShortW_Prj[Fp[BLS12_381], G1]) {.inline.} =
## Clear the cofactor of BLS12_381 G1 ## Clear the cofactor of BLS12_381 G1
P.scalarMulGeneric(Cofactor_Eff_BLS12_381_G1) P.scalarMulGeneric(Cofactor_Eff_BLS12_381_G1)
func clearCofactorReference*(P: var ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist]) {.inline.} = func clearCofactorReference*(P: var ECP_ShortW_Prj[Fp2[BLS12_381], G2]) {.inline.} =
## Clear the cofactor of BLS12_381 G2 ## Clear the cofactor of BLS12_381 G2
# Endomorphism acceleration cannot be used if cofactor is not cleared # Endomorphism acceleration cannot be used if cofactor is not cleared
P.scalarMulGeneric(Cofactor_Eff_BLS12_381_G2) P.scalarMulGeneric(Cofactor_Eff_BLS12_381_G2)
func clearCofactorReference*(P: var ECP_ShortW_Prj[Fp[BW6_761], NotOnTwist]) {.inline.} = func clearCofactorReference*(P: var ECP_ShortW_Prj[Fp[BW6_761], G1]) {.inline.} =
## Clear the cofactor of BW6_761 G1 ## Clear the cofactor of BW6_761 G1
P.scalarMulGeneric(Cofactor_Eff_BW6_761_G1) P.scalarMulGeneric(Cofactor_Eff_BW6_761_G1)
func clearCofactorReference*(P: var ECP_ShortW_Prj[Fp[BW6_761], OnTwist]) {.inline.} = func clearCofactorReference*(P: var ECP_ShortW_Prj[Fp[BW6_761], G2]) {.inline.} =
## Clear the cofactor of BW6_761 G2 ## Clear the cofactor of BW6_761 G2
# Endomorphism acceleration cannot be used if cofactor is not cleared # Endomorphism acceleration cannot be used if cofactor is not cleared
P.scalarMulGeneric(Cofactor_Eff_BW6_761_G2) P.scalarMulGeneric(Cofactor_Eff_BW6_761_G2)
@ -139,8 +139,8 @@ func double_repeated*[EC](P: var EC, num: int) {.inline.} =
P.double() P.double()
func pow_x( func pow_x(
r{.noalias.}: var ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist], r{.noalias.}: var ECP_ShortW_Prj[Fp2[BLS12_381], G2],
P{.noalias.}: ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist], P{.noalias.}: ECP_ShortW_Prj[Fp2[BLS12_381], G2],
) = ) =
## Does the scalar multiplication [x]P ## Does the scalar multiplication [x]P
## with x the BLS12 curve parameter ## with x the BLS12 curve parameter
@ -170,7 +170,7 @@ func pow_x(
r.neg(r) r.neg(r)
func clearCofactorFast*(P: var ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist]) = func clearCofactorFast*(P: var ECP_ShortW_Prj[Fp2[BLS12_381], G2]) =
## Clear the cofactor of BLS12_381 G2 ## Clear the cofactor of BLS12_381 G2
## Optimized using endomorphisms ## Optimized using endomorphisms
## P -> [x²-x-1]P + [x-1] ψ(P) + ψ²([2]P) ## P -> [x²-x-1]P + [x-1] ψ(P) + ψ²([2]P)

22
constantine/hash_to_curve/hash_to_curve.nim
View File

@ -34,8 +34,8 @@ import
# Map to curve # Map to curve
# ---------------------------------------------------------------- # ----------------------------------------------------------------
func mapToIsoCurve_sswuG2_opt9mod16[F; Tw: static Twisted]( func mapToIsoCurve_sswuG2_opt9mod16[F; G: static Subgroup](
r: var ECP_ShortW_Jac[F, Tw], r: var ECP_ShortW_Jac[F, G],
u: F) = u: F) =
var var
xn{.noInit.}, xd{.noInit.}: F xn{.noInit.}, xd{.noInit.}: F
@ -53,8 +53,8 @@ func mapToIsoCurve_sswuG2_opt9mod16[F; Tw: static Twisted](
r.x.prod(xn, xd) # X = xZ² = xn/xd * xd² = xn*xd r.x.prod(xn, xd) # X = xZ² = xn/xd * xd² = xn*xd
r.y.prod(yn, xd3) # Y = yZ³ = yn * xd³ r.y.prod(yn, xd3) # Y = yZ³ = yn * xd³
func mapToCurve[F; Tw: static Twisted]( func mapToCurve[F; G: static Subgroup](
r: var (ECP_ShortW_Prj[F, Tw] or ECP_ShortW_Jac[F, Tw]), r: var (ECP_ShortW_Prj[F, G] or ECP_ShortW_Jac[F, G]),
u: F) = u: F) =
## Map an element of the ## Map an element of the
## finite or extension field F ## finite or extension field F
@ -85,8 +85,8 @@ func mapToCurve[F; Tw: static Twisted](
else: else:
{.error: "Not implemented".} {.error: "Not implemented".}
func mapToCurve_fusedAdd[F; Tw: static Twisted]( func mapToCurve_fusedAdd[F; G: static Subgroup](
r: var ECP_ShortW_Jac[F, Tw], r: var ECP_ShortW_Jac[F, G],
u0, u1: F) = u0, u1: F) =
## Map 2 elements of the ## Map 2 elements of the
## finite or extension field F ## finite or extension field F
@ -105,7 +105,7 @@ func mapToCurve_fusedAdd[F; Tw: static Twisted](
# unlike the complete projective formulae which heavily depends on it # unlike the complete projective formulae which heavily depends on it
# So we use jacobian coordinates for computation on isogenies. # So we use jacobian coordinates for computation on isogenies.
var P0{.noInit.}, P1{.noInit.}: ECP_ShortW_Jac[F, Tw] var P0{.noInit.}, P1{.noInit.}: ECP_ShortW_Jac[F, G]
when F.C == BLS12_381 and F is Fp2: when F.C == BLS12_381 and F is Fp2:
# 1. Map to E'2 isogenous to E2 # 1. Map to E'2 isogenous to E2
P0.mapToIsoCurve_sswuG2_opt9mod16(u0) P0.mapToIsoCurve_sswuG2_opt9mod16(u0)
@ -122,11 +122,11 @@ func mapToCurve_fusedAdd[F; Tw: static Twisted](
# ---------------------------------------------------------------- # ----------------------------------------------------------------
func hashToCurve*[ func hashToCurve*[
F; Tw: static Twisted; F; G: static Subgroup;
B1, B2, B3: byte|char]( B1, B2, B3: byte|char](
H: type CryptoHash, H: type CryptoHash,
k: static int, k: static int,
output: var ECP_ShortW_Prj[F, Tw], output: var ECP_ShortW_Prj[F, G],
augmentation: openarray[B1], augmentation: openarray[B1],
message: openarray[B2], message: openarray[B2],
domainSepTag: openarray[B3] domainSepTag: openarray[B3]
@ -157,12 +157,12 @@ func hashToCurve*[
H.hashToField(k, u, augmentation, message, domainSepTag) H.hashToField(k, u, augmentation, message, domainSepTag)
when false: when false:
var P{.noInit.}: array[2, ECP_ShortW_Prj[F, Tw]] var P{.noInit.}: array[2, ECP_ShortW_Prj[F, G]]
P[0].mapToCurve(u[0]) P[0].mapToCurve(u[0])
P[1].mapToCurve(u[1]) P[1].mapToCurve(u[1])
output.sum(P[0], P[1]) output.sum(P[0], P[1])
else: else:
var Pjac{.noInit.}: ECP_ShortW_Jac[F, Tw] var Pjac{.noInit.}: ECP_ShortW_Jac[F, G]
Pjac.mapToCurve_fusedAdd(u[0], u[1]) Pjac.mapToCurve_fusedAdd(u[0], u[1])
output.projectiveFromJacobian(Pjac) output.projectiveFromJacobian(Pjac)

10
constantine/io/io_ec.nim
View File

@ -38,7 +38,7 @@ func toHex*[EC: ECP_ShortW_Prj or ECP_ShortW_Jac or ECP_ShortW_Aff](P: EC): stri
## ##
## This proc output may change format in the future ## This proc output may change format in the future
var aff {.noInit.}: ECP_ShortW_Aff[EC.F, EC.Tw] var aff {.noInit.}: ECP_ShortW_Aff[EC.F, EC.G]
when EC is ECP_ShortW_Prj: when EC is ECP_ShortW_Prj:
aff.affineFromProjective(P) aff.affineFromProjective(P)
elif EC is ECP_ShortW_Jac: elif EC is ECP_ShortW_Jac:
@ -61,7 +61,7 @@ func fromHex*(dst: var (ECP_ShortW_Prj or ECP_ShortW_Jac), x, y: string): bool {
dst.x.fromHex(x) dst.x.fromHex(x)
dst.y.fromHex(y) dst.y.fromHex(y)
dst.z.setOne() dst.z.setOne()
return bool(isOnCurve(dst.x, dst.y, dst.Tw)) return bool(isOnCurve(dst.x, dst.y, dst.G))
func fromHex*(dst: var (ECP_ShortW_Prj or ECP_ShortW_Jac), x0, x1, y0, y1: string): bool {.raises: [ValueError].}= func fromHex*(dst: var (ECP_ShortW_Prj or ECP_ShortW_Jac), x0, x1, y0, y1: string): bool {.raises: [ValueError].}=
## Convert hex strings to a G2 curve point ## Convert hex strings to a G2 curve point
@ -72,7 +72,7 @@ func fromHex*(dst: var (ECP_ShortW_Prj or ECP_ShortW_Jac), x0, x1, y0, y1: strin
dst.x.fromHex(x0, x1) dst.x.fromHex(x0, x1)
dst.y.fromHex(y0, y1) dst.y.fromHex(y0, y1)
dst.z.setOne() dst.z.setOne()
return bool(isOnCurve(dst.x, dst.y, dst.Tw)) return bool(isOnCurve(dst.x, dst.y, dst.G))
func fromHex*(dst: var ECP_ShortW_Aff, x, y: string): bool {.raises: [ValueError].}= func fromHex*(dst: var ECP_ShortW_Aff, x, y: string): bool {.raises: [ValueError].}=
## Convert hex strings to a G1 curve point ## Convert hex strings to a G1 curve point
@ -82,7 +82,7 @@ func fromHex*(dst: var ECP_ShortW_Aff, x, y: string): bool {.raises: [ValueError
static: doAssert dst.F is Fp, "dst must be on G1, an elliptic curve over 𝔽p" static: doAssert dst.F is Fp, "dst must be on G1, an elliptic curve over 𝔽p"
dst.x.fromHex(x) dst.x.fromHex(x)
dst.y.fromHex(y) dst.y.fromHex(y)
return bool(isOnCurve(dst.x, dst.y, dst.Tw)) return bool(isOnCurve(dst.x, dst.y, dst.G))
func fromHex*(dst: var ECP_ShortW_Aff, x0, x1, y0, y1: string): bool {.raises: [ValueError].}= func fromHex*(dst: var ECP_ShortW_Aff, x0, x1, y0, y1: string): bool {.raises: [ValueError].}=
## Convert hex strings to a G2 curve point ## Convert hex strings to a G2 curve point
@ -92,4 +92,4 @@ func fromHex*(dst: var ECP_ShortW_Aff, x0, x1, y0, y1: string): bool {.raises: [
static: doAssert dst.F is Fp2, "dst must be on G2, an elliptic curve over 𝔽p2" static: doAssert dst.F is Fp2, "dst must be on G2, an elliptic curve over 𝔽p2"
dst.x.fromHex(x0, x1) dst.x.fromHex(x0, x1)
dst.y.fromHex(y0, y1) dst.y.fromHex(y0, y1)
return bool(isOnCurve(dst.x, dst.y, dst.Tw)) return bool(isOnCurve(dst.x, dst.y, dst.G))

14
constantine/isogeny/h2c_isogeny_maps.nim
View File

@ -126,8 +126,8 @@ func h2c_isogeny_map[F](
# y coordinate is y' * poly_yNum(x) # y coordinate is y' * poly_yNum(x)
ryn *= yn ryn *= yn
func h2c_isogeny_map*[F; Tw: static Twisted]( func h2c_isogeny_map*[F; G: static Subgroup](
r: var ECP_ShortW_Prj[F, Tw], r: var ECP_ShortW_Prj[F, G],
xn, xd, yn: F, isodegree: static int) = xn, xd, yn: F, isodegree: static int) =
## Given G2, the target prime order subgroup of E2, ## Given G2, the target prime order subgroup of E2,
## this function maps an element of ## this function maps an element of
@ -160,8 +160,8 @@ func h2c_isogeny_map*[F; Tw: static Twisted](
r.x *= t r.x *= t
r.z *= t r.z *= t
func h2c_isogeny_map*[F; Tw: static Twisted]( func h2c_isogeny_map*[F; G: static Subgroup](
r: var ECP_ShortW_Jac[F, Tw], r: var ECP_ShortW_Jac[F, G],
xn, xd, yn: F, isodegree: static int) = xn, xd, yn: F, isodegree: static int) =
## Given G2, the target prime order subgroup of E2, ## Given G2, the target prime order subgroup of E2,
## this function maps an element of ## this function maps an element of
@ -197,9 +197,9 @@ func h2c_isogeny_map*[F; Tw: static Twisted](
r.y *= rdx # Y = yd² * xd³ r.y *= rdx # Y = yd² * xd³
r.y *= ryn # Y = yn * yd² * xd³ r.y *= ryn # Y = yn * yd² * xd³
func h2c_isogeny_map*[F; Tw: static Twisted]( func h2c_isogeny_map*[F; G: static Subgroup](
r: var ECP_ShortW_Jac[F, Tw], r: var ECP_ShortW_Jac[F, G],
P: ECP_ShortW_Jac[F, Tw], P: ECP_ShortW_Jac[F, G],
isodegree: static int) = isodegree: static int) =
## Map P in isogenous curve E'2 ## Map P in isogenous curve E'2
## to r in E2 ## to r in E2

2
constantine/pairing/lines_common.nim
View File

@ -65,7 +65,7 @@ func toHex*(line: Line, order: static Endianness = bigEndian): string =
# Line evaluation # Line evaluation
# -------------------------------------------------- # --------------------------------------------------
func line_update*[F1, F2](line: var Line[F2], P: ECP_ShortW_Aff[F1, NotOnTwist]) = func line_update*[F1, F2](line: var Line[F2], P: ECP_ShortW_Aff[F1, G1]) =
## Update the line evaluation with P ## Update the line evaluation with P
## after addition or doubling ## after addition or doubling
## P in G1 ## P in G1

22
constantine/pairing/lines_projective.nim
View File

@ -49,7 +49,7 @@ export lines_common
func line_eval_double[F]( func line_eval_double[F](
line: var Line[F], line: var Line[F],
T: ECP_ShortW_Prj[F, OnTwist]) = T: ECP_ShortW_Prj[F, G2]) =
## Evaluate the line function for doubling ## Evaluate the line function for doubling
## i.e. the tangent at T ## i.e. the tangent at T
## ##
@ -119,8 +119,8 @@ func line_eval_double[F](
func line_eval_add[F]( func line_eval_add[F](
line: var Line[F], line: var Line[F],
T: ECP_ShortW_Prj[F, OnTwist], T: ECP_ShortW_Prj[F, G2],
Q: ECP_ShortW_Aff[F, OnTwist]) = Q: ECP_ShortW_Aff[F, G2]) =
## Evaluate the line function for addition ## Evaluate the line function for addition
## i.e. the line between T and Q ## i.e. the line between T and Q
## ##
@ -163,7 +163,7 @@ func line_eval_add[F](
func line_eval_fused_double[Field]( func line_eval_fused_double[Field](
line: var Line[Field], line: var Line[Field],
T: var ECP_ShortW_Prj[Field, OnTwist]) = T: var ECP_ShortW_Prj[Field, G2]) =
## Fused line evaluation and elliptic point doubling ## Fused line evaluation and elliptic point doubling
# Grewal et al, 2012 adapted to Scott 2019 line notation # Grewal et al, 2012 adapted to Scott 2019 line notation
var A {.noInit.}, B {.noInit.}, C {.noInit.}: Field var A {.noInit.}, B {.noInit.}, C {.noInit.}: Field
@ -230,8 +230,8 @@ func line_eval_fused_double[Field](
func line_eval_fused_add[Field]( func line_eval_fused_add[Field](
line: var Line[Field], line: var Line[Field],
T: var ECP_ShortW_Prj[Field, OnTwist], T: var ECP_ShortW_Prj[Field, G2],
Q: ECP_ShortW_Aff[Field, OnTwist]) = Q: ECP_ShortW_Aff[Field, G2]) =
## Fused line evaluation and elliptic point addition ## Fused line evaluation and elliptic point addition
# Grewal et al, 2012 adapted to Scott 2019 line notation # Grewal et al, 2012 adapted to Scott 2019 line notation
var var
@ -286,8 +286,8 @@ func line_eval_fused_add[Field](
func line_double*[F1, F2]( func line_double*[F1, F2](
line: var Line[F2], line: var Line[F2],
T: var ECP_ShortW_Prj[F2, OnTwist], T: var ECP_ShortW_Prj[F2, G2],
P: ECP_ShortW_Aff[F1, NotOnTwist]) = P: ECP_ShortW_Aff[F1, G1]) =
## Doubling step of the Miller loop ## Doubling step of the Miller loop
## T in G2, P in G1 ## T in G2, P in G1
## ##
@ -303,9 +303,9 @@ func line_double*[F1, F2](
func line_add*[F1, F2]( func line_add*[F1, F2](
line: var Line[F2], line: var Line[F2],
T: var ECP_ShortW_Prj[F2, OnTwist], T: var ECP_ShortW_Prj[F2, G2],
Q: ECP_ShortW_Aff[F2, OnTwist], Q: ECP_ShortW_Aff[F2, G2],
P: ECP_ShortW_Aff[F1, NotOnTwist]) = P: ECP_ShortW_Aff[F1, G1]) =
## Addition step of the Miller loop ## Addition step of the Miller loop
## T and Q in G2, P in G1 ## T and Q in G2, P in G1
## ##

46
constantine/pairing/miller_loops.nim
View File

@ -26,10 +26,10 @@ import
template basicMillerLoop*[FT, F1, F2]( template basicMillerLoop*[FT, F1, F2](
f: var FT, f: var FT,
T: var ECP_ShortW_Prj[F2, OnTwist], T: var ECP_ShortW_Prj[F2, G2],
line: var Line[F2], line: var Line[F2],
P: ECP_ShortW_Aff[F1, NotOnTwist], P: ECP_ShortW_Aff[F1, G1],
Q, nQ: ECP_ShortW_Aff[F2, OnTwist], Q, nQ: ECP_ShortW_Aff[F2, G2],
ate_param: untyped, ate_param: untyped,
ate_param_isNeg: untyped ate_param_isNeg: untyped
) = ) =
@ -65,9 +65,9 @@ template basicMillerLoop*[FT, F1, F2](
func millerCorrectionBN*[FT, F1, F2]( func millerCorrectionBN*[FT, F1, F2](
f: var FT, f: var FT,
T: var ECP_ShortW_Prj[F2, OnTwist], T: var ECP_ShortW_Prj[F2, G2],
Q: ECP_ShortW_Aff[F2, OnTwist], Q: ECP_ShortW_Aff[F2, G2],
P: ECP_ShortW_Aff[F1, NotOnTwist], P: ECP_ShortW_Aff[F1, G1],
ate_param_isNeg: static bool ate_param_isNeg: static bool
) = ) =
## Ate pairing for BN curves need adjustment after basic Miller loop ## Ate pairing for BN curves need adjustment after basic Miller loop
@ -119,9 +119,9 @@ func millerCorrectionBN*[FT, F1, F2](
func miller_init_double_then_add*[FT, F1, F2]( func miller_init_double_then_add*[FT, F1, F2](
f: var FT, f: var FT,
T: var ECP_ShortW_Prj[F2, OnTwist], T: var ECP_ShortW_Prj[F2, G2],
Q: ECP_ShortW_Aff[F2, OnTwist], Q: ECP_ShortW_Aff[F2, G2],
P: ECP_ShortW_Aff[F1, NotOnTwist], P: ECP_ShortW_Aff[F1, G1],
numDoublings: static int numDoublings: static int
) = ) =
## Start a Miller Loop with ## Start a Miller Loop with
@ -181,9 +181,9 @@ func miller_init_double_then_add*[FT, F1, F2](
func miller_accum_double_then_add*[FT, F1, F2]( func miller_accum_double_then_add*[FT, F1, F2](
f: var FT, f: var FT,
T: var ECP_ShortW_Prj[F2, OnTwist], T: var ECP_ShortW_Prj[F2, G2],
Q: ECP_ShortW_Aff[F2, OnTwist], Q: ECP_ShortW_Aff[F2, G2],
P: ECP_ShortW_Aff[F1, NotOnTwist], P: ECP_ShortW_Aff[F1, G1],
numDoublings: int, numDoublings: int,
add = true add = true
) = ) =
@ -222,8 +222,8 @@ func double_jToN[N: static int, FT, F1, F2](
f: var FT, f: var FT,
j: static int, j: static int,
line0, line1: var Line[F2], line0, line1: var Line[F2],
Ts: var array[N, ECP_ShortW_Prj[F2, OnTwist]], Ts: var array[N, ECP_ShortW_Prj[F2, G2]],
Ps: array[N, ECP_ShortW_Aff[F1, NotOnTwist]]) = Ps: array[N, ECP_ShortW_Aff[F1, G1]]) =
## Doubling steps for pairings j to N ## Doubling steps for pairings j to N
{.push checks: off.} # No OverflowError or IndexError allowed {.push checks: off.} # No OverflowError or IndexError allowed
@ -246,9 +246,9 @@ func add_jToN[N: static int, FT, F1, F2](
f: var FT, f: var FT,
j: static int, j: static int,
line0, line1: var Line[F2], line0, line1: var Line[F2],
Ts: var array[N, ECP_ShortW_Prj[F2, OnTwist]], Ts: var array[N, ECP_ShortW_Prj[F2, G2]],
Qs: array[N, ECP_ShortW_Aff[F2, OnTwist]], Qs: array[N, ECP_ShortW_Aff[F2, G2]],
Ps: array[N, ECP_ShortW_Aff[F1, NotOnTwist]])= Ps: array[N, ECP_ShortW_Aff[F1, G1]])=
## Addition steps for pairings 0 to N ## Addition steps for pairings 0 to N
{.push checks: off.} # No OverflowError or IndexError allowed {.push checks: off.} # No OverflowError or IndexError allowed
@ -269,9 +269,9 @@ func add_jToN[N: static int, FT, F1, F2](
func miller_init_double_then_add*[N: static int, FT, F1, F2]( func miller_init_double_then_add*[N: static int, FT, F1, F2](
f: var FT, f: var FT,
Ts: var array[N, ECP_ShortW_Prj[F2, OnTwist]], Ts: var array[N, ECP_ShortW_Prj[F2, G2]],
Qs: array[N, ECP_ShortW_Aff[F2, OnTwist]], Qs: array[N, ECP_ShortW_Aff[F2, G2]],
Ps: array[N, ECP_ShortW_Aff[F1, NotOnTwist]], Ps: array[N, ECP_ShortW_Aff[F1, G1]],
numDoublings: static int numDoublings: static int
) = ) =
## Start a Miller Loop ## Start a Miller Loop
@ -328,9 +328,9 @@ func miller_init_double_then_add*[N: static int, FT, F1, F2](
func miller_accum_double_then_add*[N: static int, FT, F1, F2]( func miller_accum_double_then_add*[N: static int, FT, F1, F2](
f: var FT, f: var FT,
Ts: var array[N, ECP_ShortW_Prj[F2, OnTwist]], Ts: var array[N, ECP_ShortW_Prj[F2, G2]],
Qs: array[N, ECP_ShortW_Aff[F2, OnTwist]], Qs: array[N, ECP_ShortW_Aff[F2, G2]],
Ps: array[N, ECP_ShortW_Aff[F1, NotOnTwist]], Ps: array[N, ECP_ShortW_Aff[F1, G1]],
numDoublings: int, numDoublings: int,
add = true add = true
) = ) =

18
constantine/pairing/pairing_bls12.nim
View File

@ -52,14 +52,14 @@ export zoo_pairings # generic sandwich https://github.com/nim-lang/Nim/issues/11
func millerLoopGenericBLS12*[C]( func millerLoopGenericBLS12*[C](
f: var Fp12[C], f: var Fp12[C],
P: ECP_ShortW_Aff[Fp[C], NotOnTwist], P: ECP_ShortW_Aff[Fp[C], G1],
Q: ECP_ShortW_Aff[Fp2[C], OnTwist] Q: ECP_ShortW_Aff[Fp2[C], G2]
) {.meter.} = ) {.meter.} =
## Generic Miller Loop for BLS12 curve ## Generic Miller Loop for BLS12 curve
## Computes f{u,Q}(P) with u the BLS curve parameter ## Computes f{u,Q}(P) with u the BLS curve parameter
var var
T {.noInit.}: ECP_ShortW_Prj[Fp2[C], OnTwist] T {.noInit.}: ECP_ShortW_Prj[Fp2[C], G2]
line {.noInit.}: Line[Fp2[C]] line {.noInit.}: Line[Fp2[C]]
nQ{.noInit.}: typeof(Q) nQ{.noInit.}: typeof(Q)
@ -79,8 +79,8 @@ func finalExpGeneric[C: static Curve](f: var Fp12[C]) =
func pairing_bls12_reference*[C]( func pairing_bls12_reference*[C](
gt: var Fp12[C], gt: var Fp12[C],
P: ECP_ShortW_Aff[Fp[C], NotOnTwist], P: ECP_ShortW_Aff[Fp[C], G1],
Q: ECP_ShortW_Aff[Fp2[C], OnTwist]) = Q: ECP_ShortW_Aff[Fp2[C], G2]) =
## Compute the optimal Ate Pairing for BLS12 curves ## Compute the optimal Ate Pairing for BLS12 curves
## Input: P ∈ G1, Q ∈ G2 ## Input: P ∈ G1, Q ∈ G2
## Output: e(P, Q) ∈ Gt ## Output: e(P, Q) ∈ Gt
@ -149,8 +149,8 @@ func finalExpHard_BLS12*[C](f: var Fp12[C]) {.meter.} =
func pairing_bls12*[C]( func pairing_bls12*[C](
gt: var Fp12[C], gt: var Fp12[C],
P: ECP_ShortW_Aff[Fp[C], NotOnTwist], P: ECP_ShortW_Aff[Fp[C], G1],
Q: ECP_ShortW_Aff[Fp2[C], OnTwist]) {.meter.} = Q: ECP_ShortW_Aff[Fp2[C], G2]) {.meter.} =
## Compute the optimal Ate Pairing for BLS12 curves ## Compute the optimal Ate Pairing for BLS12 curves
## Input: P ∈ G1, Q ∈ G2 ## Input: P ∈ G1, Q ∈ G2
## Output: e(P, Q) ∈ Gt ## Output: e(P, Q) ∈ Gt
@ -160,8 +160,8 @@ func pairing_bls12*[C](
func pairing_bls12*[N: static int, C]( func pairing_bls12*[N: static int, C](
gt: var Fp12[C], gt: var Fp12[C],
Ps: array[N, ECP_ShortW_Aff[Fp[C], NotOnTwist]], Ps: array[N, ECP_ShortW_Aff[Fp[C], G1]],
Qs: array[N, ECP_ShortW_Aff[Fp2[C], OnTwist]]) {.meter.} = Qs: array[N, ECP_ShortW_Aff[Fp2[C], G2]]) {.meter.} =
## Compute the optimal Ate Pairing for BLS12 curves ## Compute the optimal Ate Pairing for BLS12 curves
## Input: an array of Ps ∈ G1 and Qs ∈ G2 ## Input: an array of Ps ∈ G1 and Qs ∈ G2
## Output: ## Output:

14
constantine/pairing/pairing_bn.nim
View File

@ -50,14 +50,14 @@ export zoo_pairings # generic sandwich https://github.com/nim-lang/Nim/issues/11
func millerLoopGenericBN*[C]( func millerLoopGenericBN*[C](
f: var Fp12[C], f: var Fp12[C],
P: ECP_ShortW_Aff[Fp[C], NotOnTwist], P: ECP_ShortW_Aff[Fp[C], G1],
Q: ECP_ShortW_Aff[Fp2[C], OnTwist] Q: ECP_ShortW_Aff[Fp2[C], G2]
) = ) =
## Generic Miller Loop for BN curves ## Generic Miller Loop for BN curves
## Computes f{6u+2,Q}(P) with u the BN curve parameter ## Computes f{6u+2,Q}(P) with u the BN curve parameter
var var
T {.noInit.}: ECP_ShortW_Prj[Fp2[C], OnTwist] T {.noInit.}: ECP_ShortW_Prj[Fp2[C], G2]
line {.noInit.}: Line[Fp2[C]] line {.noInit.}: Line[Fp2[C]]
nQ{.noInit.}: typeof(Q) nQ{.noInit.}: typeof(Q)
@ -83,8 +83,8 @@ func finalExpGeneric[C: static Curve](f: var Fp12[C]) =
func pairing_bn_reference*[C]( func pairing_bn_reference*[C](
gt: var Fp12[C], gt: var Fp12[C],
P: ECP_ShortW_Aff[Fp[C], NotOnTwist], P: ECP_ShortW_Aff[Fp[C], G1],
Q: ECP_ShortW_Aff[Fp2[C], OnTwist]) = Q: ECP_ShortW_Aff[Fp2[C], G2]) =
## Compute the optimal Ate Pairing for BN curves ## Compute the optimal Ate Pairing for BN curves
## Input: P ∈ G1, Q ∈ G2 ## Input: P ∈ G1, Q ∈ G2
## Output: e(P, Q) ∈ Gt ## Output: e(P, Q) ∈ Gt
@ -150,8 +150,8 @@ func finalExpHard_BN*[C: static Curve](f: var Fp12[C]) =
func pairing_bn*[C]( func pairing_bn*[C](
gt: var Fp12[C], gt: var Fp12[C],
P: ECP_ShortW_Aff[Fp[C], NotOnTwist], P: ECP_ShortW_Aff[Fp[C], G1],
Q: ECP_ShortW_Aff[Fp2[C], OnTwist]) = Q: ECP_ShortW_Aff[Fp2[C], G2]) =
## Compute the optimal Ate Pairing for BLS12 curves ## Compute the optimal Ate Pairing for BLS12 curves
## Input: P ∈ G1, Q ∈ G2 ## Input: P ∈ G1, Q ∈ G2
## Output: e(P, Q) ∈ Gt ## Output: e(P, Q) ∈ Gt

28
constantine/protocols/ethereum_evm_precompiles.nim
View File

@ -50,7 +50,7 @@ func parseRawUint(
return cttEVM_Success return cttEVM_Success
func fromRawCoords( func fromRawCoords(
dst: var ECP_ShortW_Prj[Fp[BN254_Snarks], NotOnTwist], dst: var ECP_ShortW_Prj[Fp[BN254_Snarks], G1],
x, y: openarray[byte]): CttEVMStatus = x, y: openarray[byte]): CttEVMStatus =
# Deserialization # Deserialization
@ -76,7 +76,7 @@ func fromRawCoords(
# ---------------------- # ----------------------
# Point on curve # Point on curve
if not bool(isOnCurve(dst.x, dst.y, NotOnTwist)): if not bool(isOnCurve(dst.x, dst.y, G1)):
return cttEVM_PointNotOnCurve return cttEVM_PointNotOnCurve
# BN254_Snarks is a curve with cofactor 1, # BN254_Snarks is a curve with cofactor 1,
@ -115,7 +115,7 @@ func eth_evm_ecadd*(
let lastIdx = min(inputs.len, 128) - 1 let lastIdx = min(inputs.len, 128) - 1
padded[0 .. lastIdx] = inputs.toOpenArray(0, lastIdx) padded[0 .. lastIdx] = inputs.toOpenArray(0, lastIdx)
var P{.noInit.}, Q{.noInit.}, R{.noInit.}: ECP_ShortW_Prj[Fp[BN254_Snarks], NotOnTwist] var P{.noInit.}, Q{.noInit.}, R{.noInit.}: ECP_ShortW_Prj[Fp[BN254_Snarks], G1]
let statusP = P.fromRawCoords( let statusP = P.fromRawCoords(
x = padded.toOpenArray(0, 31), x = padded.toOpenArray(0, 31),
@ -131,7 +131,7 @@ func eth_evm_ecadd*(
return statusQ return statusQ
R.sum(P, Q) R.sum(P, Q)
var aff{.noInit.}: ECP_ShortW_Aff[Fp[BN254_Snarks], NotOnTwist] var aff{.noInit.}: ECP_ShortW_Aff[Fp[BN254_Snarks], G1]
aff.affineFromProjective(R) aff.affineFromProjective(R)
r.toOpenArray(0, 31).exportRawUint( r.toOpenArray(0, 31).exportRawUint(
@ -172,7 +172,7 @@ func eth_evm_ecmul*(
let lastIdx = min(inputs.len, 128) - 1 let lastIdx = min(inputs.len, 128) - 1
padded[0 .. lastIdx] = inputs.toOpenArray(0, lastIdx) padded[0 .. lastIdx] = inputs.toOpenArray(0, lastIdx)
var P{.noInit.}: ECP_ShortW_Prj[Fp[BN254_Snarks], NotOnTwist] var P{.noInit.}: ECP_ShortW_Prj[Fp[BN254_Snarks], G1]
let statusP = P.fromRawCoords( let statusP = P.fromRawCoords(
x = padded.toOpenArray(0, 31), x = padded.toOpenArray(0, 31),
@ -205,7 +205,7 @@ func eth_evm_ecmul*(
else: else:
P.scalarMul(s) P.scalarMul(s)
var aff{.noInit.}: ECP_ShortW_Aff[Fp[BN254_Snarks], NotOnTwist] var aff{.noInit.}: ECP_ShortW_Aff[Fp[BN254_Snarks], G1]
aff.affineFromProjective(P) aff.affineFromProjective(P)
r.toOpenArray(0, 31).exportRawUint( r.toOpenArray(0, 31).exportRawUint(
@ -215,14 +215,14 @@ func eth_evm_ecmul*(
aff.y, bigEndian aff.y, bigEndian
) )
func subgroupCheck(P: ECP_ShortW_Aff[Fp2[BN254_Snarks], OnTwist]): bool = func subgroupCheck(P: ECP_ShortW_Aff[Fp2[BN254_Snarks], G2]): bool =
## A point may be on a curve but in case the curve has a cofactor != 1 ## A point may be on a curve but in case the curve has a cofactor != 1
## that point may not be in the correct cyclic subgroup. ## that point may not be in the correct cyclic subgroup.
## If we are on the subgroup of order r then [r]P = 0 ## If we are on the subgroup of order r then [r]P = 0
# TODO: Generic for any curve # TODO: Generic for any curve
var Q{.noInit.}: ECP_ShortW_Prj[Fp2[BN254_Snarks], OnTwist] var Q{.noInit.}: ECP_ShortW_Prj[Fp2[BN254_Snarks], G2]
# TODO: precompute up to the endomorphism decomposition # TODO: precompute up to the endomorphism decomposition
# or implement fixed base scalar mul # or implement fixed base scalar mul
@ -242,7 +242,7 @@ func subgroupCheck(P: ECP_ShortW_Aff[Fp2[BN254_Snarks], OnTwist]): bool =
return bool(Q.isInf()) return bool(Q.isInf())
func fromRawCoords( func fromRawCoords(
dst: var ECP_ShortW_Aff[Fp[BN254_Snarks], NotOnTwist], dst: var ECP_ShortW_Aff[Fp[BN254_Snarks], G1],
x, y: openarray[byte]): CttEVMStatus = x, y: openarray[byte]): CttEVMStatus =
# Deserialization # Deserialization
@ -264,7 +264,7 @@ func fromRawCoords(
# ---------------------- # ----------------------
# Point on curve # Point on curve
if not bool(isOnCurve(dst.x, dst.y, NotOnTwist)): if not bool(isOnCurve(dst.x, dst.y, G1)):
return cttEVM_PointNotOnCurve return cttEVM_PointNotOnCurve
# BN254_Snarks is a curve with cofactor 1, # BN254_Snarks is a curve with cofactor 1,
@ -273,7 +273,7 @@ func fromRawCoords(
return cttEVM_Success return cttEVM_Success
func fromRawCoords( func fromRawCoords(
dst: var ECP_ShortW_Aff[Fp2[BN254_Snarks], OnTwist], dst: var ECP_ShortW_Aff[Fp2[BN254_Snarks], G2],
x0, x1, y0, y1: openarray[byte]): CttEVMStatus = x0, x1, y0, y1: openarray[byte]): CttEVMStatus =
# Deserialization # Deserialization
@ -302,7 +302,7 @@ func fromRawCoords(
# ---------------------- # ----------------------
# Point on curve # Point on curve
if not bool(isOnCurve(dst.x, dst.y, OnTwist)): if not bool(isOnCurve(dst.x, dst.y, G2)):
return cttEVM_PointNotOnCurve return cttEVM_PointNotOnCurve
if not subgroupCheck(dst): if not subgroupCheck(dst):
@ -342,8 +342,8 @@ func eth_evm_ecpairing*(
return return
var gt0{.noInit.}, gt1{.noInit.}: Fp12[BN254_Snarks] var gt0{.noInit.}, gt1{.noInit.}: Fp12[BN254_Snarks]
var P{.noInit.}: ECP_ShortW_Aff[Fp[BN254_Snarks], NotOnTwist] var P{.noInit.}: ECP_ShortW_Aff[Fp[BN254_Snarks], G1]
var Q{.noInit.}: ECP_ShortW_Aff[Fp2[BN254_Snarks], OnTwist] var Q{.noInit.}: ECP_ShortW_Aff[Fp2[BN254_Snarks], G2]
for i in 0 ..< N: for i in 0 ..< N:
let pos = i*192 let pos = i*192

4
metering/README.md
View File

@ -34,8 +34,8 @@ func random_point*(rng: var RngState, EC: typedesc): EC {.noInit.} =
proc pairingBLS12Meter*(C: static Curve) = proc pairingBLS12Meter*(C: static Curve) =
let let
P = rng.random_point(ECP_ShortW_Prj[Fp[C], NotOnTwist]) P = rng.random_point(ECP_ShortW_Prj[Fp[C], G1])
Q = rng.random_point(ECP_ShortW_Prj[Fp2[C], OnTwist]) Q = rng.random_point(ECP_ShortW_Prj[Fp2[C], G2])
var f: Fp12[C] var f: Fp12[C]

4
metering/m_pairings.nim
View File

@ -28,8 +28,8 @@ func random_point*(rng: var RngState, EC: typedesc): EC {.noInit.} =
proc pairingBLS12Meter*(C: static Curve) = proc pairingBLS12Meter*(C: static Curve) =
let let
P = rng.random_point(ECP_ShortW_Prj[Fp[C], NotOnTwist]) P = rng.random_point(ECP_ShortW_Prj[Fp[C], G1])
Q = rng.random_point(ECP_ShortW_Prj[Fp2[C], OnTwist]) Q = rng.random_point(ECP_ShortW_Prj[Fp2[C], G2])
var f: Fp12[C] var f: Fp12[C]

4
research/kzg_poly_commit/fft_g1.nim
View File

@ -220,8 +220,8 @@ when isMainModule:
std/[times, monotimes, strformat], std/[times, monotimes, strformat],
../../helpers/prng_unsafe ../../helpers/prng_unsafe
type G1 = ECP_ShortW_Prj[Fp[BLS12_381], NotOnTwist] type G1 = ECP_ShortW_Prj[Fp[BLS12_381], G1]
var Generator1: ECP_ShortW_Aff[Fp[BLS12_381], NotOnTwist] var Generator1: ECP_ShortW_Aff[Fp[BLS12_381], G1]
doAssert Generator1.fromHex( doAssert Generator1.fromHex(
"0x17f1d3a73197d7942695638c4fa9ac0fc3688c4f9774b905a14e3a3f171bac586c55e83ff97a1aeffb3af00adb22c6bb", "0x17f1d3a73197d7942695638c4fa9ac0fc3688c4f9774b905a14e3a3f171bac586c55e83ff97a1aeffb3af00adb22c6bb",
"0x08b3f481e3aaa0f1a09e30ed741d8ae4fcf5e095d5d00af600db18cb2c04b3edd03cc744a2888ae40caa232946c5e7e1" "0x08b3f481e3aaa0f1a09e30ed741d8ae4fcf5e095d5d00af600db18cb2c04b3edd03cc744a2888ae40caa232946c5e7e1"

8
research/kzg_poly_commit/kzg_single_proofs.nim
View File

@ -18,8 +18,8 @@ import
./fft_fr ./fft_fr
type type
G1 = ECP_ShortW_Prj[Fp[BLS12_381], NotOnTwist] G1 = ECP_ShortW_Prj[Fp[BLS12_381], G1]
G2 = ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist] G2 = ECP_ShortW_Prj[Fp2[BLS12_381], G2]
KZGDescriptor = object KZGDescriptor = object
fftDesc: FFTDescriptor[Fr[BLS12_381]] fftDesc: FFTDescriptor[Fr[BLS12_381]]
@ -29,13 +29,13 @@ type
# [b.multiply(b.G2, pow(s, i, MODULUS)) for i in range(WIDTH+1)] # [b.multiply(b.G2, pow(s, i, MODULUS)) for i in range(WIDTH+1)]
secretG2: seq[G2] secretG2: seq[G2]
var Generator1: ECP_ShortW_Aff[Fp[BLS12_381], NotOnTwist] var Generator1: ECP_ShortW_Aff[Fp[BLS12_381], G1]
doAssert Generator1.fromHex( doAssert Generator1.fromHex(
"0x17f1d3a73197d7942695638c4fa9ac0fc3688c4f9774b905a14e3a3f171bac586c55e83ff97a1aeffb3af00adb22c6bb", "0x17f1d3a73197d7942695638c4fa9ac0fc3688c4f9774b905a14e3a3f171bac586c55e83ff97a1aeffb3af00adb22c6bb",
"0x08b3f481e3aaa0f1a09e30ed741d8ae4fcf5e095d5d00af600db18cb2c04b3edd03cc744a2888ae40caa232946c5e7e1" "0x08b3f481e3aaa0f1a09e30ed741d8ae4fcf5e095d5d00af600db18cb2c04b3edd03cc744a2888ae40caa232946c5e7e1"
) )
var Generator2: ECP_ShortW_Aff[Fp2[BLS12_381], OnTwist] var Generator2: ECP_ShortW_Aff[Fp2[BLS12_381], G2]
doAssert Generator2.fromHex( doAssert Generator2.fromHex(
"0x024aa2b2f08f0a91260805272dc51051c6e47ad4fa403b02b4510b647ae3d1770bac0326a805bbefd48056c8c121bdb8", "0x024aa2b2f08f0a91260805272dc51051c6e47ad4fa403b02b4510b647ae3d1770bac0326a805bbefd48056c8c121bdb8",
"0x13e02b6052719f607dacd3a088274f65596bd0d09920b61ab5da61bbdc7f5049334cf11213945d57e5ac7d055d042b7e", "0x13e02b6052719f607dacd3a088274f65596bd0d09920b61ab5da61bbdc7f5049334cf11213945d57e5ac7d055d042b7e",

8
research/kzg_poly_commit/polynomials.nim
View File

@ -14,10 +14,10 @@ import
] ]
type type
G1 = ECP_ShortW_Prj[Fp[BLS12_381], NotOnTwist] G1 = ECP_ShortW_Prj[Fp[BLS12_381], G1]
G2 = ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist] G2 = ECP_ShortW_Prj[Fp2[BLS12_381], G2]
G1aff = ECP_ShortW_Aff[Fp[BLS12_381], NotOnTwist] G1aff = ECP_ShortW_Aff[Fp[BLS12_381], G1]
G2aff = ECP_ShortW_Aff[Fp2[BLS12_381], OnTwist] G2aff = ECP_ShortW_Aff[Fp2[BLS12_381], G2]
GT = Fp12[BLS12_381] GT = Fp12[BLS12_381]
func linear_combination*( func linear_combination*(

54
tests/t_ec_frobenius.nim
View File

@ -55,7 +55,7 @@ suite "ψ (Psi) - Untwist-Frobenius-Twist Endomorphism on G2 vs SageMath" & " ["
# - sage sage/frobenius_bls12_381.sage # - sage sage/frobenius_bls12_381.sage
test( test(
id = 0, id = 0,
EC = ECP_ShortW_Prj[Fp2[BN254_Snarks], OnTwist], EC = ECP_ShortW_Prj[Fp2[BN254_Snarks], G2],
Px0 = "598e4c8c14c24c90834f2debedee4db3d31fed98a5134177704bfec14f46cb5", Px0 = "598e4c8c14c24c90834f2debedee4db3d31fed98a5134177704bfec14f46cb5",
Px1 = "c6fffa61daeb7caaf96983e70f164931d958c6820b205cdde19f2fa1eaaa7b1", Px1 = "c6fffa61daeb7caaf96983e70f164931d958c6820b205cdde19f2fa1eaaa7b1",
Py0 = "2f5fa252a27df56f5ca2e9c3382c17e531d317d50396f3fe952704304946a5a", Py0 = "2f5fa252a27df56f5ca2e9c3382c17e531d317d50396f3fe952704304946a5a",
@ -68,7 +68,7 @@ suite "ψ (Psi) - Untwist-Frobenius-Twist Endomorphism on G2 vs SageMath" & " ["
test( test(
id = 1, id = 1,
EC = ECP_ShortW_Prj[Fp2[BN254_Snarks], OnTwist], EC = ECP_ShortW_Prj[Fp2[BN254_Snarks], G2],
Px0 = "21014830dd88a0e7961e704cea531200866c5df46cb25aa3e2aac8d4fec64c6e", Px0 = "21014830dd88a0e7961e704cea531200866c5df46cb25aa3e2aac8d4fec64c6e",
Px1 = "1db17d8364def10443beab6e4a055c210d3e49c7c3af31e9cfb66d829938dca7", Px1 = "1db17d8364def10443beab6e4a055c210d3e49c7c3af31e9cfb66d829938dca7",
Py0 = "1394ab8c346ad3eba14fa14789d3bbfc2deed5a7a510da8e9418580515d27bda", Py0 = "1394ab8c346ad3eba14fa14789d3bbfc2deed5a7a510da8e9418580515d27bda",
@ -81,7 +81,7 @@ suite "ψ (Psi) - Untwist-Frobenius-Twist Endomorphism on G2 vs SageMath" & " ["
test( test(
id = 2, id = 2,
EC = ECP_ShortW_Prj[Fp2[BN254_Snarks], OnTwist], EC = ECP_ShortW_Prj[Fp2[BN254_Snarks], G2],
Px0 = "46f2a2be9a3e19c1bb484fc37703ff64c3d7379de22249ccf0881037948beec", Px0 = "46f2a2be9a3e19c1bb484fc37703ff64c3d7379de22249ccf0881037948beec",
Px1 = "10a5aaae14cb028f4ff4b81d41b712038b9f620a99e208c23504887e56831806", Px1 = "10a5aaae14cb028f4ff4b81d41b712038b9f620a99e208c23504887e56831806",
Py0 = "2e6c3ebe0f3dada0063dc59f85fe2264dc3502bf65206336106a8d39d838a7b2", Py0 = "2e6c3ebe0f3dada0063dc59f85fe2264dc3502bf65206336106a8d39d838a7b2",
@ -94,7 +94,7 @@ suite "ψ (Psi) - Untwist-Frobenius-Twist Endomorphism on G2 vs SageMath" & " ["
test( test(
id = 3, id = 3,
EC = ECP_ShortW_Prj[Fp2[BN254_Snarks], OnTwist], EC = ECP_ShortW_Prj[Fp2[BN254_Snarks], G2],
Px0 = "1cf3af1d41e89d8df378aa81463a978c021f27f4a48387e74655ce2cf5c1f298", Px0 = "1cf3af1d41e89d8df378aa81463a978c021f27f4a48387e74655ce2cf5c1f298",
Px1 = "36553e80e5c7c7360c7a2ae6bf1b8f68eb48804fc7eba7d2f56f09e87bbb0b1", Px1 = "36553e80e5c7c7360c7a2ae6bf1b8f68eb48804fc7eba7d2f56f09e87bbb0b1",
Py0 = "25f03e551d74b6be3268bf001905dfbe0bcbe43a2d1aac645a3ca8650b52e551", Py0 = "25f03e551d74b6be3268bf001905dfbe0bcbe43a2d1aac645a3ca8650b52e551",
@ -109,7 +109,7 @@ suite "ψ (Psi) - Untwist-Frobenius-Twist Endomorphism on G2 vs SageMath" & " ["
test( test(
id = 0, id = 0,
EC = ECP_ShortW_Prj[Fp2[BLS12_377], OnTwist], EC = ECP_ShortW_Prj[Fp2[BLS12_377], G2],
Px0 = "112de13b7cd42bccdb005f2d4dc2726f360243103335ef6cf5e217e777554ae7c1deff5ddb5bcbb581fc9f13728a439", Px0 = "112de13b7cd42bccdb005f2d4dc2726f360243103335ef6cf5e217e777554ae7c1deff5ddb5bcbb581fc9f13728a439",
Px1 = "10d1a8963e5c6854d5e610ece9914f9b5619c27652be1e9ec3e87687d63ed5d45b449bf59c2481e18ac6159f75966ac", Px1 = "10d1a8963e5c6854d5e610ece9914f9b5619c27652be1e9ec3e87687d63ed5d45b449bf59c2481e18ac6159f75966ac",
Py0 = "8aaf3a8660cf0edd6e97a2cd7837af1c63ec89e18f9bf4c64638662a661636b928a4f8097e6a2e8dfa11e13c51b075", Py0 = "8aaf3a8660cf0edd6e97a2cd7837af1c63ec89e18f9bf4c64638662a661636b928a4f8097e6a2e8dfa11e13c51b075",
@ -122,7 +122,7 @@ suite "ψ (Psi) - Untwist-Frobenius-Twist Endomorphism on G2 vs SageMath" & " ["
test( test(
id = 1, id = 1,
EC = ECP_ShortW_Prj[Fp2[BLS12_377], OnTwist], EC = ECP_ShortW_Prj[Fp2[BLS12_377], G2],
Px0 = "2f9318360b53c2d706061f527571e91679e6086a72ce8203ba1a04850f83bb192b29307e9b2d63feb1d23979e3f632", Px0 = "2f9318360b53c2d706061f527571e91679e6086a72ce8203ba1a04850f83bb192b29307e9b2d63feb1d23979e3f632",
Px1 = "3cbab0789968a3a35fa5d2e2326baa40c34d11a4af05a4109350944300ce32eef74dc5e47ba46717bd8bf87604696d", Px1 = "3cbab0789968a3a35fa5d2e2326baa40c34d11a4af05a4109350944300ce32eef74dc5e47ba46717bd8bf87604696d",
Py0 = "14ea84922f76f2681fec869dce26141392975dcdb4f21d5fa8aec06b37bf71ba6249c219ecbaef4a266196dafb4ad19", Py0 = "14ea84922f76f2681fec869dce26141392975dcdb4f21d5fa8aec06b37bf71ba6249c219ecbaef4a266196dafb4ad19",
@ -135,7 +135,7 @@ suite "ψ (Psi) - Untwist-Frobenius-Twist Endomorphism on G2 vs SageMath" & " ["
test( test(
id = 2, id = 2,
EC = ECP_ShortW_Prj[Fp2[BLS12_377], OnTwist], EC = ECP_ShortW_Prj[Fp2[BLS12_377], G2],
Px0 = "833ca23630be463c388ea6cfcff5b0e3b055065702a84310d2c726aee14d9e140cba05be79b5cb0441816d9e8c8370", Px0 = "833ca23630be463c388ea6cfcff5b0e3b055065702a84310d2c726aee14d9e140cba05be79b5cb0441816d9e8c8370",
Px1 = "264a9755524baac8d9e53b0a45789e9dafcb6b453e965061fcfa20bb12a27d9b9417d5277ae2a499b1cfe567d75e2d", Px1 = "264a9755524baac8d9e53b0a45789e9dafcb6b453e965061fcfa20bb12a27d9b9417d5277ae2a499b1cfe567d75e2d",
Py0 = "5b670b9789825e2b48101b5b6e660cf9117e29c521dad54640cb356b674b3946c98cb43909c3495fb6d6d231891b7e", Py0 = "5b670b9789825e2b48101b5b6e660cf9117e29c521dad54640cb356b674b3946c98cb43909c3495fb6d6d231891b7e",
@ -148,7 +148,7 @@ suite "ψ (Psi) - Untwist-Frobenius-Twist Endomorphism on G2 vs SageMath" & " ["
test( test(
id = 3, id = 3,
EC = ECP_ShortW_Prj[Fp2[BLS12_377], OnTwist], EC = ECP_ShortW_Prj[Fp2[BLS12_377], G2],
Px0 = "14cd89e2e2755ddc086f63fd62e1f9904c3c1497243455c578a963e81b389f04e95ceafc4f47dc777579cdc82eca79b", Px0 = "14cd89e2e2755ddc086f63fd62e1f9904c3c1497243455c578a963e81b389f04e95ceafc4f47dc777579cdc82eca79b",
Px1 = "ba8801beba0654f20ccb78783efa7a911d182ec0eb99abe10f9a3d26b46fb7f90552e4ff6beb4df4611a9072be648b", Px1 = "ba8801beba0654f20ccb78783efa7a911d182ec0eb99abe10f9a3d26b46fb7f90552e4ff6beb4df4611a9072be648b",
Py0 = "12e23bc97d891f2a047bac9c90e728cb89760c812156f96c95e36c40f1c830cf6ecbb5d407b189070d48a92eb461ea6", Py0 = "12e23bc97d891f2a047bac9c90e728cb89760c812156f96c95e36c40f1c830cf6ecbb5d407b189070d48a92eb461ea6",
@ -163,7 +163,7 @@ suite "ψ (Psi) - Untwist-Frobenius-Twist Endomorphism on G2 vs SageMath" & " ["
test( test(
id = 0, id = 0,
EC = ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist], EC = ECP_ShortW_Prj[Fp2[BLS12_381], G2],
Px0 = "d6904be428a0310dbd6e15a744a774bcf9800abe27536267a5383f1ddbd7783e1dc20098a8e045e3cca66b83f6d7f0f", Px0 = "d6904be428a0310dbd6e15a744a774bcf9800abe27536267a5383f1ddbd7783e1dc20098a8e045e3cca66b83f6d7f0f",
Px1 = "12107f6ef71d0d1e3bcba9e00a0675d3080519dd1b6c086bd660eb2d2bca8f276e283a891b5c0615064d7886af625cf2", Px1 = "12107f6ef71d0d1e3bcba9e00a0675d3080519dd1b6c086bd660eb2d2bca8f276e283a891b5c0615064d7886af625cf2",
Py0 = "c592a3546d2d61d671070909e97860822db0a389e351c1744bdbb2c472cf52f3ca3e94068b0b6f3b0121923659131f5", Py0 = "c592a3546d2d61d671070909e97860822db0a389e351c1744bdbb2c472cf52f3ca3e94068b0b6f3b0121923659131f5",
@ -176,7 +176,7 @@ suite "ψ (Psi) - Untwist-Frobenius-Twist Endomorphism on G2 vs SageMath" & " ["
test( test(
id = 1, id = 1,
EC = ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist], EC = ECP_ShortW_Prj[Fp2[BLS12_381], G2],
Px0 = "112de130b7cd42bccdb005f2d4dc2726f360243103335ef6cf5e217e777554ae7c1deff5ddb5bcbb581fc9f13728a439", Px0 = "112de130b7cd42bccdb005f2d4dc2726f360243103335ef6cf5e217e777554ae7c1deff5ddb5bcbb581fc9f13728a439",
Px1 = "10d1a89a63e5c6854d5e610ece9914f9b5619c27652be1e9ec3e87687d63ed5d45b449bf59c2481e18ac6159f75966ac", Px1 = "10d1a89a63e5c6854d5e610ece9914f9b5619c27652be1e9ec3e87687d63ed5d45b449bf59c2481e18ac6159f75966ac",
Py0 = "11261c8fcb0f4f560479547fe6b2a1c1e8b648d87e54c39f299eba8729294e99b415851d134ca31e8bb861c42e6f1022", Py0 = "11261c8fcb0f4f560479547fe6b2a1c1e8b648d87e54c39f299eba8729294e99b415851d134ca31e8bb861c42e6f1022",
@ -189,7 +189,7 @@ suite "ψ (Psi) - Untwist-Frobenius-Twist Endomorphism on G2 vs SageMath" & " ["
test( test(
id = 2, id = 2,
EC = ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist], EC = ECP_ShortW_Prj[Fp2[BLS12_381], G2],
Px0 = "2f93183360b53c2d706061f527571e91679e6086a72ce8203ba1a04850f83bb192b29307e9b2d63feb1d23979e3f632", Px0 = "2f93183360b53c2d706061f527571e91679e6086a72ce8203ba1a04850f83bb192b29307e9b2d63feb1d23979e3f632",
Px1 = "3cbab0c789968a3a35fa5d2e2326baa40c34d11a4af05a4109350944300ce32eef74dc5e47ba46717bd8bf87604696d", Px1 = "3cbab0c789968a3a35fa5d2e2326baa40c34d11a4af05a4109350944300ce32eef74dc5e47ba46717bd8bf87604696d",
Py0 = "2b8d995b0f2114442b7bbdbe5732fbf94430d6d413e1f388031f3abb956e598cb6764275a75832c1670868c458378b6", Py0 = "2b8d995b0f2114442b7bbdbe5732fbf94430d6d413e1f388031f3abb956e598cb6764275a75832c1670868c458378b6",
@ -202,7 +202,7 @@ suite "ψ (Psi) - Untwist-Frobenius-Twist Endomorphism on G2 vs SageMath" & " ["
test( test(
id = 3, id = 3,
EC = ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist], EC = ECP_ShortW_Prj[Fp2[BLS12_381], G2],
Px0 = "d7d1c55ddf8bd03b7a15c3ea4f8f69aee37bf282d4aac82b7bd1fd47139250b9c708997a7ff8f603e48f0471c2cfe03", Px0 = "d7d1c55ddf8bd03b7a15c3ea4f8f69aee37bf282d4aac82b7bd1fd47139250b9c708997a7ff8f603e48f0471c2cfe03",
Px1 = "d145a91934a6ad865d24ab556ae1e6c42decdd05d676b80e53365a6ff7536332859c9682e7200e40515f675415d71a3", Px1 = "d145a91934a6ad865d24ab556ae1e6c42decdd05d676b80e53365a6ff7536332859c9682e7200e40515f675415d71a3",
Py0 = "6de67fa12af93813a42612b1e9449c7b1f160c5de004ec26ea61010e48ba38dcf158d2692f347fdc6c6332bbec7106f", Py0 = "6de67fa12af93813a42612b1e9449c7b1f160c5de004ec26ea61010e48ba38dcf158d2692f347fdc6c6332bbec7106f",
@ -240,11 +240,11 @@ suite "ψ - psi(psi(P)) == psi2(P) - (Untwist-Frobenius-Twist Endomorphism)" & "
test(EC, randZ = false, gen = Long01Sequence) test(EC, randZ = false, gen = Long01Sequence)
test(EC, randZ = true, gen = Long01Sequence) test(EC, randZ = true, gen = Long01Sequence)
testAll(ECP_ShortW_Prj[Fp2[BN254_Nogami], OnTwist]) testAll(ECP_ShortW_Prj[Fp2[BN254_Nogami], G2])
testAll(ECP_ShortW_Prj[Fp2[BN254_Snarks], OnTwist]) testAll(ECP_ShortW_Prj[Fp2[BN254_Snarks], G2])
testAll(ECP_ShortW_Prj[Fp2[BLS12_377], OnTwist]) testAll(ECP_ShortW_Prj[Fp2[BLS12_377], G2])
testAll(ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist]) testAll(ECP_ShortW_Prj[Fp2[BLS12_381], G2])
testAll(ECP_ShortW_Prj[Fp[BW6_761], OnTwist]) testAll(ECP_ShortW_Prj[Fp[BW6_761], G2])
suite "ψ²(P) - [t]ψ(P) + [p]P = Inf" & " [" & $WordBitwidth & "-bit mode]": suite "ψ²(P) - [t]ψ(P) + [p]P = Inf" & " [" & $WordBitwidth & "-bit mode]":
const Iters = 10 const Iters = 10
@ -307,11 +307,11 @@ suite "ψ²(P) - [t]ψ(P) + [p]P = Inf" & " [" & $WordBitwidth & "-bit mode]":
test(EC, randZ = false, gen = Long01Sequence) test(EC, randZ = false, gen = Long01Sequence)
test(EC, randZ = true, gen = Long01Sequence) test(EC, randZ = true, gen = Long01Sequence)
testAll(ECP_ShortW_Prj[Fp2[BN254_Nogami], OnTwist]) testAll(ECP_ShortW_Prj[Fp2[BN254_Nogami], G2])
testAll(ECP_ShortW_Prj[Fp2[BN254_Snarks], OnTwist]) testAll(ECP_ShortW_Prj[Fp2[BN254_Snarks], G2])
testAll(ECP_ShortW_Prj[Fp2[BLS12_377], OnTwist]) testAll(ECP_ShortW_Prj[Fp2[BLS12_377], G2])
testAll(ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist]) testAll(ECP_ShortW_Prj[Fp2[BLS12_381], G2])
testAll(ECP_ShortW_Prj[Fp[BW6_761], OnTwist]) testAll(ECP_ShortW_Prj[Fp[BW6_761], G2])
suite "ψ⁴(P) - ψ²(P) + P = Inf (k-th cyclotomic polynomial with embedding degree k=12)" & " [" & $WordBitwidth & "-bit mode]": suite "ψ⁴(P) - ψ²(P) + P = Inf (k-th cyclotomic polynomial with embedding degree k=12)" & " [" & $WordBitwidth & "-bit mode]":
const Iters = 10 const Iters = 10
@ -338,10 +338,10 @@ suite "ψ⁴(P) - ψ²(P) + P = Inf (k-th cyclotomic polynomial with embedding d
test(EC, randZ = false, gen = Long01Sequence) test(EC, randZ = false, gen = Long01Sequence)
test(EC, randZ = true, gen = Long01Sequence) test(EC, randZ = true, gen = Long01Sequence)
testAll(ECP_ShortW_Prj[Fp2[BN254_Nogami], OnTwist]) testAll(ECP_ShortW_Prj[Fp2[BN254_Nogami], G2])
testAll(ECP_ShortW_Prj[Fp2[BN254_Snarks], OnTwist]) testAll(ECP_ShortW_Prj[Fp2[BN254_Snarks], G2])
testAll(ECP_ShortW_Prj[Fp2[BLS12_377], OnTwist]) testAll(ECP_ShortW_Prj[Fp2[BLS12_377], G2])
testAll(ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist]) testAll(ECP_ShortW_Prj[Fp2[BLS12_381], G2])
suite "ψ²(P) - ψ(P) + P = Inf (k-th cyclotomic polynomial with embedding degree k=6)" & " [" & $WordBitwidth & "-bit mode]": suite "ψ²(P) - ψ(P) + P = Inf (k-th cyclotomic polynomial with embedding degree k=6)" & " [" & $WordBitwidth & "-bit mode]":
const Iters = 10 const Iters = 10
@ -368,4 +368,4 @@ suite "ψ²(P) - ψ(P) + P = Inf (k-th cyclotomic polynomial with embedding degr
test(EC, randZ = false, gen = Long01Sequence) test(EC, randZ = false, gen = Long01Sequence)
test(EC, randZ = true, gen = Long01Sequence) test(EC, randZ = true, gen = Long01Sequence)
testAll(ECP_ShortW_Prj[Fp[BW6_761], OnTwist]) testAll(ECP_ShortW_Prj[Fp[BW6_761], G2])

8
tests/t_ec_sage_bls12_377.nim
View File

@ -16,21 +16,21 @@ import
./t_ec_sage_template ./t_ec_sage_template
run_scalar_mul_test_vs_sage( run_scalar_mul_test_vs_sage(
ECP_ShortW_Prj[Fp[BLS12_377], NotOnTwist], ECP_ShortW_Prj[Fp[BLS12_377], G1],
"t_ec_sage_bls12_377_g1_projective" "t_ec_sage_bls12_377_g1_projective"
) )
run_scalar_mul_test_vs_sage( run_scalar_mul_test_vs_sage(
ECP_ShortW_Jac[Fp[BLS12_377], NotOnTwist], ECP_ShortW_Jac[Fp[BLS12_377], G1],
"t_ec_sage_bls12_377_g1_jacobian" "t_ec_sage_bls12_377_g1_jacobian"
) )
run_scalar_mul_test_vs_sage( run_scalar_mul_test_vs_sage(
ECP_ShortW_Prj[Fp2[BLS12_377], OnTwist], ECP_ShortW_Prj[Fp2[BLS12_377], G2],
"t_ec_sage_bls12_377_g2_projective" "t_ec_sage_bls12_377_g2_projective"
) )
run_scalar_mul_test_vs_sage( run_scalar_mul_test_vs_sage(
ECP_ShortW_Jac[Fp2[BLS12_377], OnTwist], ECP_ShortW_Jac[Fp2[BLS12_377], G2],
"t_ec_sage_bls12_377_g2_jacobian" "t_ec_sage_bls12_377_g2_jacobian"
) )

8
tests/t_ec_sage_bls12_381.nim
View File

@ -16,21 +16,21 @@ import
./t_ec_sage_template ./t_ec_sage_template
run_scalar_mul_test_vs_sage( run_scalar_mul_test_vs_sage(
ECP_ShortW_Prj[Fp[BLS12_381], NotOnTwist], ECP_ShortW_Prj[Fp[BLS12_381], G1],
"t_ec_sage_bls12_381_g1_projective" "t_ec_sage_bls12_381_g1_projective"
) )
run_scalar_mul_test_vs_sage( run_scalar_mul_test_vs_sage(
ECP_ShortW_Jac[Fp[BLS12_381], NotOnTwist], ECP_ShortW_Jac[Fp[BLS12_381], G1],
"t_ec_sage_bls12_381_g1_jacobian" "t_ec_sage_bls12_381_g1_jacobian"
) )
run_scalar_mul_test_vs_sage( run_scalar_mul_test_vs_sage(
ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist], ECP_ShortW_Prj[Fp2[BLS12_381], G2],
"t_ec_sage_bls12_381_g2_projective" "t_ec_sage_bls12_381_g2_projective"
) )
run_scalar_mul_test_vs_sage( run_scalar_mul_test_vs_sage(
ECP_ShortW_Jac[Fp2[BLS12_381], OnTwist], ECP_ShortW_Jac[Fp2[BLS12_381], G2],
"t_ec_sage_bls12_381_g2_jacobian" "t_ec_sage_bls12_381_g2_jacobian"
) )

8
tests/t_ec_sage_bn254_nogami.nim
View File

@ -16,21 +16,21 @@ import
./t_ec_sage_template ./t_ec_sage_template
run_scalar_mul_test_vs_sage( run_scalar_mul_test_vs_sage(
ECP_ShortW_Prj[Fp[BN254_Nogami], NotOnTwist], ECP_ShortW_Prj[Fp[BN254_Nogami], G1],
"t_ec_sage_bn254_nogami_g1_projective" "t_ec_sage_bn254_nogami_g1_projective"
) )
run_scalar_mul_test_vs_sage( run_scalar_mul_test_vs_sage(
ECP_ShortW_Jac[Fp[BN254_Nogami], NotOnTwist], ECP_ShortW_Jac[Fp[BN254_Nogami], G1],
"t_ec_sage_bn254_nogami_g1_jacobian" "t_ec_sage_bn254_nogami_g1_jacobian"
) )
run_scalar_mul_test_vs_sage( run_scalar_mul_test_vs_sage(
ECP_ShortW_Prj[Fp2[BN254_Nogami], OnTwist], ECP_ShortW_Prj[Fp2[BN254_Nogami], G2],
"t_ec_sage_bn254_nogami_g2_projective" "t_ec_sage_bn254_nogami_g2_projective"
) )
run_scalar_mul_test_vs_sage( run_scalar_mul_test_vs_sage(
ECP_ShortW_Jac[Fp2[BN254_Nogami], OnTwist], ECP_ShortW_Jac[Fp2[BN254_Nogami], G2],
"t_ec_sage_bn254_nogami_g2_jacobian" "t_ec_sage_bn254_nogami_g2_jacobian"
) )

8
tests/t_ec_sage_bn254_snarks.nim
View File

@ -16,21 +16,21 @@ import
./t_ec_sage_template ./t_ec_sage_template
run_scalar_mul_test_vs_sage( run_scalar_mul_test_vs_sage(
ECP_ShortW_Prj[Fp[BN254_Snarks], NotOnTwist], ECP_ShortW_Prj[Fp[BN254_Snarks], G1],
"t_ec_sage_bn254_snarks_g1_projective" "t_ec_sage_bn254_snarks_g1_projective"
) )
run_scalar_mul_test_vs_sage( run_scalar_mul_test_vs_sage(
ECP_ShortW_Jac[Fp[BN254_Snarks], NotOnTwist], ECP_ShortW_Jac[Fp[BN254_Snarks], G1],
"t_ec_sage_bn254_snarks_g1_jacobian" "t_ec_sage_bn254_snarks_g1_jacobian"
) )
run_scalar_mul_test_vs_sage( run_scalar_mul_test_vs_sage(
ECP_ShortW_Prj[Fp2[BN254_Snarks], OnTwist], ECP_ShortW_Prj[Fp2[BN254_Snarks], G2],
"t_ec_sage_bn254_snarks_g2_projective" "t_ec_sage_bn254_snarks_g2_projective"
) )
run_scalar_mul_test_vs_sage( run_scalar_mul_test_vs_sage(
ECP_ShortW_Jac[Fp2[BN254_Snarks], OnTwist], ECP_ShortW_Jac[Fp2[BN254_Snarks], G2],
"t_ec_sage_bn254_snarks_g2_jacobian" "t_ec_sage_bn254_snarks_g2_jacobian"
) )

12
tests/t_ec_sage_bw6_761_g1.nim
View File

@ -14,28 +14,28 @@ import
# Test utilities # Test utilities
./t_ec_sage_template ./t_ec_sage_template
# When ECP_ShortW_Aff[Fp[Foo], NotOnTwist] # When ECP_ShortW_Aff[Fp[Foo], G1]
# and ECP_ShortW_Aff[Fp[Foo], OnTwist] # and ECP_ShortW_Aff[Fp[Foo], G2]
# are generated in the same file (i.e. twists and base curve are both on Fp) # are generated in the same file (i.e. twists and base curve are both on Fp)
# this creates bad codegen, in the C code, the `value`parameter gets the wrong type # this creates bad codegen, in the C code, the `value`parameter gets the wrong type
# TODO: upstream # TODO: upstream
run_scalar_mul_test_vs_sage( run_scalar_mul_test_vs_sage(
ECP_ShortW_Prj[Fp[BW6_761], NotOnTwist], ECP_ShortW_Prj[Fp[BW6_761], G1],
"t_ec_sage_bw6_761_g1_projective" "t_ec_sage_bw6_761_g1_projective"
) )
run_scalar_mul_test_vs_sage( run_scalar_mul_test_vs_sage(
ECP_ShortW_Jac[Fp[BW6_761], NotOnTwist], ECP_ShortW_Jac[Fp[BW6_761], G1],
"t_ec_sage_bw6_761_g1_jacobian" "t_ec_sage_bw6_761_g1_jacobian"
) )
# run_scalar_mul_test_vs_sage( # run_scalar_mul_test_vs_sage(
# ECP_ShortW_Prj[Fp[BW6_761], OnTwist], # ECP_ShortW_Prj[Fp[BW6_761], G2],
# "t_ec_sage_bw6_761_g2_projective" # "t_ec_sage_bw6_761_g2_projective"
# ) # )
# run_scalar_mul_test_vs_sage( # run_scalar_mul_test_vs_sage(
# ECP_ShortW_Jac[Fp[BW6_761], OnTwist], # ECP_ShortW_Jac[Fp[BW6_761], G2],
# "t_ec_sage_bw6_761_g2_jacobian" # "t_ec_sage_bw6_761_g2_jacobian"
# ) # )

12
tests/t_ec_sage_bw6_761_g2.nim
View File

@ -14,28 +14,28 @@ import
# Test utilities # Test utilities
./t_ec_sage_template ./t_ec_sage_template
# When ECP_ShortW_Aff[Fp[Foo], NotOnTwist] # When ECP_ShortW_Aff[Fp[Foo], G1]
# and ECP_ShortW_Aff[Fp[Foo], OnTwist] # and ECP_ShortW_Aff[Fp[Foo], G2]
# are generated in the same file (i.e. twists and base curve are both on Fp) # are generated in the same file (i.e. twists and base curve are both on Fp)
# this creates bad codegen, in the C code, the `value`parameter gets the wrong type # this creates bad codegen, in the C code, the `value`parameter gets the wrong type
# TODO: upstream # TODO: upstream
# run_scalar_mul_test_vs_sage( # run_scalar_mul_test_vs_sage(
# ECP_ShortW_Prj[Fp[BW6_761], NotOnTwist], # ECP_ShortW_Prj[Fp[BW6_761], G1],
# "t_ec_sage_bw6_761_g1_projective" # "t_ec_sage_bw6_761_g1_projective"
# ) # )
# run_scalar_mul_test_vs_sage( # run_scalar_mul_test_vs_sage(
# ECP_ShortW_Jac[Fp[BW6_761], NotOnTwist], # ECP_ShortW_Jac[Fp[BW6_761], G1],
# "t_ec_sage_bw6_761_g1_jacobian" # "t_ec_sage_bw6_761_g1_jacobian"
# ) # )
run_scalar_mul_test_vs_sage( run_scalar_mul_test_vs_sage(
ECP_ShortW_Prj[Fp[BW6_761], OnTwist], ECP_ShortW_Prj[Fp[BW6_761], G2],
"t_ec_sage_bw6_761_g2_projective" "t_ec_sage_bw6_761_g2_projective"
) )
run_scalar_mul_test_vs_sage( run_scalar_mul_test_vs_sage(
ECP_ShortW_Jac[Fp[BW6_761], OnTwist], ECP_ShortW_Jac[Fp[BW6_761], G2],
"t_ec_sage_bw6_761_g2_jacobian" "t_ec_sage_bw6_761_g2_jacobian"
) )

12
tests/t_ec_sage_template.nim
View File

@ -140,8 +140,8 @@ proc parseHook*(src: string, pos: var int, value: var BigInt) =
proc parseHook*(src: string, pos: var int, value: var ECP_ShortW_Aff) = proc parseHook*(src: string, pos: var int, value: var ECP_ShortW_Aff) =
# Note when nim-serialization was used: # Note when nim-serialization was used:
# When ECP_ShortW_Aff[Fp[Foo], NotOnTwist] # When ECP_ShortW_Aff[Fp[Foo], G1]
# and ECP_ShortW_Aff[Fp[Foo], OnTwist] # and ECP_ShortW_Aff[Fp[Foo], G2]
# are generated in the same file (i.e. twists and base curve are both on Fp) # are generated in the same file (i.e. twists and base curve are both on Fp)
# this creates bad codegen, in the C code, the `value`parameter gets the wrong type # this creates bad codegen, in the C code, the `value`parameter gets the wrong type
# TODO: upstream # TODO: upstream
@ -165,7 +165,7 @@ proc parseHook*(src: string, pos: var int, value: var ECP_ShortW_Aff) =
{.error: "Not Implemented".} {.error: "Not Implemented".}
proc loadVectors(TestType: typedesc): TestType = proc loadVectors(TestType: typedesc): TestType =
const group = when TestType.EC.Tw == NotOnTwist: "G1" const group = when TestType.EC.G == G1: "G1"
else: "G2" else: "G2"
const filename = "tv_" & $TestType.EC.F.C & "_scalar_mul_" & group & ".json" const filename = "tv_" & $TestType.EC.F.C & "_scalar_mul_" & group & ".json"
let content = readFile(TestVectorsDir/filename) let content = readFile(TestVectorsDir/filename)
@ -181,12 +181,12 @@ proc run_scalar_mul_test_vs_sage*(
echo "\n------------------------------------------------------\n" echo "\n------------------------------------------------------\n"
echo moduleName & '\n' echo moduleName & '\n'
when EC.Tw == NotOnTwist: when EC.G == G1:
const G1_or_G2 = "G1" const G1_or_G2 = "G1"
let vec = loadVectors(ScalarMulTestG1[ECP_ShortW_Aff[EC.F, EC.Tw]]) let vec = loadVectors(ScalarMulTestG1[ECP_ShortW_Aff[EC.F, EC.G]])
else: else:
const G1_or_G2 = "G2" const G1_or_G2 = "G2"
let vec = loadVectors(ScalarMulTestG2[ECP_ShortW_Aff[EC.F, EC.Tw]]) let vec = loadVectors(ScalarMulTestG2[ECP_ShortW_Aff[EC.F, EC.G]])
const coord = when EC is ECP_ShortW_Prj: " Projective coordinates " const coord = when EC is ECP_ShortW_Prj: " Projective coordinates "
elif EC is ECP_ShortW_Jac: " Jacobian coordinates " elif EC is ECP_ShortW_Jac: " Jacobian coordinates "

8
tests/t_ec_shortw_jac_g1_add_double.nim
View File

@ -17,25 +17,25 @@ const
Iters = 8 Iters = 8
run_EC_addition_tests( run_EC_addition_tests(
ec = ECP_ShortW_Jac[Fp[BN254_Snarks], NotOnTwist], ec = ECP_ShortW_Jac[Fp[BN254_Snarks], G1],
Iters = Iters, Iters = Iters,
moduleName = "test_ec_shortweierstrass_jacobian_g1_add_double_" & $BN254_Snarks moduleName = "test_ec_shortweierstrass_jacobian_g1_add_double_" & $BN254_Snarks
) )
run_EC_addition_tests( run_EC_addition_tests(
ec = ECP_ShortW_Jac[Fp[BLS12_381], NotOnTwist], ec = ECP_ShortW_Jac[Fp[BLS12_381], G1],
Iters = Iters, Iters = Iters,
moduleName = "test_ec_shortweierstrass_jacobian_g1_add_double_" & $BLS12_381 moduleName = "test_ec_shortweierstrass_jacobian_g1_add_double_" & $BLS12_381
) )
run_EC_addition_tests( run_EC_addition_tests(
ec = ECP_ShortW_Jac[Fp[BLS12_377], NotOnTwist], ec = ECP_ShortW_Jac[Fp[BLS12_377], G1],
Iters = Iters, Iters = Iters,
moduleName = "test_ec_shortweierstrass_jacobian_g1_add_double_" & $BLS12_377 moduleName = "test_ec_shortweierstrass_jacobian_g1_add_double_" & $BLS12_377
) )
run_EC_addition_tests( run_EC_addition_tests(
ec = ECP_ShortW_Jac[Fp[BW6_761], NotOnTwist], ec = ECP_ShortW_Jac[Fp[BW6_761], G1],
Iters = Iters, Iters = Iters,
moduleName = "test_ec_shortweierstrass_jacobian_g1_add_double_" & $BLS12_377 moduleName = "test_ec_shortweierstrass_jacobian_g1_add_double_" & $BLS12_377
) )

8
tests/t_ec_shortw_jac_g1_mixed_add.nim
View File

@ -18,25 +18,25 @@ const
Iters = 12 Iters = 12
run_EC_mixed_add_impl( run_EC_mixed_add_impl(
ec = ECP_ShortW_Jac[Fp[BN254_Snarks], NotOnTwist], ec = ECP_ShortW_Jac[Fp[BN254_Snarks], G1],
Iters = Iters, Iters = Iters,
moduleName = "test_ec_shortweierstrass_jacobian_mixed_add_" & $BN254_Snarks moduleName = "test_ec_shortweierstrass_jacobian_mixed_add_" & $BN254_Snarks
) )
run_EC_mixed_add_impl( run_EC_mixed_add_impl(
ec = ECP_ShortW_Jac[Fp[BLS12_381], NotOnTwist], ec = ECP_ShortW_Jac[Fp[BLS12_381], G1],
Iters = Iters, Iters = Iters,
moduleName = "test_ec_shortweierstrass_jacobian_mixed_add_" & $BLS12_381 moduleName = "test_ec_shortweierstrass_jacobian_mixed_add_" & $BLS12_381
) )
run_EC_mixed_add_impl( run_EC_mixed_add_impl(
ec = ECP_ShortW_Jac[Fp[BLS12_377], NotOnTwist], ec = ECP_ShortW_Jac[Fp[BLS12_377], G1],
Iters = Iters, Iters = Iters,
moduleName = "test_ec_shortweierstrass_jacobian_mixed_add_" & $BLS12_377 moduleName = "test_ec_shortweierstrass_jacobian_mixed_add_" & $BLS12_377
) )
run_EC_mixed_add_impl( run_EC_mixed_add_impl(
ec = ECP_ShortW_Jac[Fp[BW6_761], NotOnTwist], ec = ECP_ShortW_Jac[Fp[BW6_761], G1],
Iters = Iters, Iters = Iters,
moduleName = "test_ec_shortweierstrass_jacobian_mixed_add_" & $BW6_761 moduleName = "test_ec_shortweierstrass_jacobian_mixed_add_" & $BW6_761
) )

8
tests/t_ec_shortw_jac_g1_mul_distri.nim
View File

@ -18,25 +18,25 @@ const
ItersMul = Iters div 4 ItersMul = Iters div 4
run_EC_mul_distributive_tests( run_EC_mul_distributive_tests(
ec = ECP_ShortW_Jac[Fp[BN254_Snarks], NotOnTwist], ec = ECP_ShortW_Jac[Fp[BN254_Snarks], G1],
ItersMul = ItersMul, ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_jacobian_g1_mul_distributive_" & $BN254_Snarks moduleName = "test_ec_shortweierstrass_jacobian_g1_mul_distributive_" & $BN254_Snarks
) )
run_EC_mul_distributive_tests( run_EC_mul_distributive_tests(
ec = ECP_ShortW_Jac[Fp[BLS12_381], NotOnTwist], ec = ECP_ShortW_Jac[Fp[BLS12_381], G1],
ItersMul = ItersMul, ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_jacobian_g1_mul_distributive_" & $BLS12_381 moduleName = "test_ec_shortweierstrass_jacobian_g1_mul_distributive_" & $BLS12_381
) )
run_EC_mul_distributive_tests( run_EC_mul_distributive_tests(
ec = ECP_ShortW_Jac[Fp[BLS12_377], NotOnTwist], ec = ECP_ShortW_Jac[Fp[BLS12_377], G1],
ItersMul = ItersMul, ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_jacobian_g1_mul_distributive_" & $BLS12_377 moduleName = "test_ec_shortweierstrass_jacobian_g1_mul_distributive_" & $BLS12_377
) )
run_EC_mul_distributive_tests( run_EC_mul_distributive_tests(
ec = ECP_ShortW_Jac[Fp[BW6_761], NotOnTwist], ec = ECP_ShortW_Jac[Fp[BW6_761], G1],
ItersMul = ItersMul, ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_jacobian_g1_mul_distributive_" & $BLS12_377 moduleName = "test_ec_shortweierstrass_jacobian_g1_mul_distributive_" & $BLS12_377
) )

12
tests/t_ec_shortw_jac_g1_mul_sanity.nim
View File

@ -24,7 +24,7 @@ const
ItersMul = Iters div 4 ItersMul = Iters div 4
run_EC_mul_sanity_tests( run_EC_mul_sanity_tests(
ec = ECP_ShortW_Jac[Fp[BN254_Snarks], NotOnTwist], ec = ECP_ShortW_Jac[Fp[BN254_Snarks], G1],
ItersMul = ItersMul, ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_jacobian_g1_mul_sanity_" & $BN254_Snarks moduleName = "test_ec_shortweierstrass_jacobian_g1_mul_sanity_" & $BN254_Snarks
) )
@ -56,8 +56,8 @@ suite "Order checks on BN254_Snarks":
bool(impl.isInf()) bool(impl.isInf())
bool(reference.isInf()) bool(reference.isInf())
test(ECP_ShortW_Jac[Fp[BN254_Snarks], NotOnTwist], bits = BN254_Snarks.getCurveOrderBitwidth(), randZ = false) test(ECP_ShortW_Jac[Fp[BN254_Snarks], G1], bits = BN254_Snarks.getCurveOrderBitwidth(), randZ = false)
test(ECP_ShortW_Jac[Fp[BN254_Snarks], NotOnTwist], bits = BN254_Snarks.getCurveOrderBitwidth(), randZ = true) test(ECP_ShortW_Jac[Fp[BN254_Snarks], G1], bits = BN254_Snarks.getCurveOrderBitwidth(), randZ = true)
# TODO: BLS12 is using a subgroup of order "r" such as r*h = CurveOrder # TODO: BLS12 is using a subgroup of order "r" such as r*h = CurveOrder
# with h the curve cofactor # with h the curve cofactor
# instead of the full group # instead of the full group
@ -67,20 +67,20 @@ suite "Order checks on BN254_Snarks":
test "Not a point on the curve / not a square - #67": test "Not a point on the curve / not a square - #67":
var ax, ay: Fp[BN254_Snarks] var ax, ay: Fp[BN254_Snarks]
ax.fromHex"0x2a74c9ca553cd5f3437b41e77ca0c8cc77567a7eca5e7debc55b146b0bee324b" ax.fromHex"0x2a74c9ca553cd5f3437b41e77ca0c8cc77567a7eca5e7debc55b146b0bee324b"
ay.curve_eq_rhs(ax, NotOnTwist) ay.curve_eq_rhs(ax, G1)
check: check:
bool not ay.isSquare() bool not ay.isSquare()
bool not ay.sqrt_if_square() bool not ay.sqrt_if_square()
run_EC_mul_sanity_tests( run_EC_mul_sanity_tests(
ec = ECP_ShortW_Jac[Fp[BLS12_381], NotOnTwist], ec = ECP_ShortW_Jac[Fp[BLS12_381], G1],
ItersMul = ItersMul, ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_jacobian_g1_mul_sanity_" & $BLS12_381 moduleName = "test_ec_shortweierstrass_jacobian_g1_mul_sanity_" & $BLS12_381
) )
run_EC_mul_sanity_tests( run_EC_mul_sanity_tests(
ec = ECP_ShortW_Jac[Fp[BLS12_377], NotOnTwist], ec = ECP_ShortW_Jac[Fp[BLS12_377], G1],
ItersMul = ItersMul, ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_jacobian_g1_mul_sanity_" & $BLS12_377 moduleName = "test_ec_shortweierstrass_jacobian_g1_mul_sanity_" & $BLS12_377
) )

8
tests/t_ec_shortw_jac_g1_mul_vs_ref.nim
View File

@ -18,25 +18,25 @@ const
ItersMul = Iters div 4 ItersMul = Iters div 4
run_EC_mul_vs_ref_impl( run_EC_mul_vs_ref_impl(
ec = ECP_ShortW_Jac[Fp[BN254_Snarks], NotOnTwist], ec = ECP_ShortW_Jac[Fp[BN254_Snarks], G1],
ItersMul = ItersMul, ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_jacobian_g1_mul_vs_ref_" & $BN254_Snarks moduleName = "test_ec_shortweierstrass_jacobian_g1_mul_vs_ref_" & $BN254_Snarks
) )
run_EC_mul_vs_ref_impl( run_EC_mul_vs_ref_impl(
ec = ECP_ShortW_Jac[Fp[BLS12_381], NotOnTwist], ec = ECP_ShortW_Jac[Fp[BLS12_381], G1],
ItersMul = ItersMul, ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_jacobian_g1_mul_vs_ref_" & $BLS12_381 moduleName = "test_ec_shortweierstrass_jacobian_g1_mul_vs_ref_" & $BLS12_381
) )
run_EC_mul_vs_ref_impl( run_EC_mul_vs_ref_impl(
ec = ECP_ShortW_Jac[Fp[BLS12_377], NotOnTwist], ec = ECP_ShortW_Jac[Fp[BLS12_377], G1],
ItersMul = ItersMul, ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_jacobian_g1_mul_vs_ref_" & $BLS12_377 moduleName = "test_ec_shortweierstrass_jacobian_g1_mul_vs_ref_" & $BLS12_377
) )
run_EC_mul_vs_ref_impl( run_EC_mul_vs_ref_impl(
ec = ECP_ShortW_Jac[Fp[BW6_761], NotOnTwist], ec = ECP_ShortW_Jac[Fp[BW6_761], G1],
ItersMul = ItersMul, ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_jacobian_g1_mul_vs_ref_" & $BLS12_377 moduleName = "test_ec_shortweierstrass_jacobian_g1_mul_vs_ref_" & $BLS12_377
) )

2
tests/t_ec_shortw_jac_g2_add_double_bls12_377.nim
View File

@ -18,7 +18,7 @@ const
Iters = 8 Iters = 8
run_EC_addition_tests( run_EC_addition_tests(
ec = ECP_ShortW_Jac[Fp2[BLS12_377], OnTwist], ec = ECP_ShortW_Jac[Fp2[BLS12_377], G2],
Iters = Iters, Iters = Iters,
moduleName = "test_ec_shortweierstrass_jacobian_g2_add_double_" & $BLS12_377 moduleName = "test_ec_shortweierstrass_jacobian_g2_add_double_" & $BLS12_377
) )

2
tests/t_ec_shortw_jac_g2_add_double_bls12_381.nim
View File

@ -18,7 +18,7 @@ const
Iters = 8 Iters = 8
run_EC_addition_tests( run_EC_addition_tests(
ec = ECP_ShortW_Jac[Fp2[BLS12_381], OnTwist], ec = ECP_ShortW_Jac[Fp2[BLS12_381], G2],
Iters = Iters, Iters = Iters,
moduleName = "test_ec_shortweierstrass_jacobian_g2_add_double_" & $BLS12_381 moduleName = "test_ec_shortweierstrass_jacobian_g2_add_double_" & $BLS12_381
) )

2
tests/t_ec_shortw_jac_g2_add_double_bn254_snarks.nim
View File

@ -18,7 +18,7 @@ const
Iters = 8 Iters = 8
run_EC_addition_tests( run_EC_addition_tests(
ec = ECP_ShortW_Jac[Fp2[BN254_Snarks], OnTwist], ec = ECP_ShortW_Jac[Fp2[BN254_Snarks], G2],
Iters = Iters, Iters = Iters,
moduleName = "test_ec_shortweierstrass_jacobian_g2_add_double_" & $BN254_Snarks moduleName = "test_ec_shortweierstrass_jacobian_g2_add_double_" & $BN254_Snarks
) )

2
tests/t_ec_shortw_jac_g2_add_double_bw6_761.nim
View File

@ -17,7 +17,7 @@ const
Iters = 8 Iters = 8
run_EC_addition_tests( run_EC_addition_tests(
ec = ECP_ShortW_Jac[Fp[BW6_761], OnTwist], ec = ECP_ShortW_Jac[Fp[BW6_761], G2],
Iters = Iters, Iters = Iters,
moduleName = "test_ec_shortweierstrass_jacobian_g2_add_double_" & $BW6_761 moduleName = "test_ec_shortweierstrass_jacobian_g2_add_double_" & $BW6_761
) )

2
tests/t_ec_shortw_jac_g2_mixed_add_bls12_377.nim
View File

@ -18,7 +18,7 @@ const
Iters = 12 Iters = 12
run_EC_mixed_add_impl( run_EC_mixed_add_impl(
ec = ECP_ShortW_Jac[Fp2[BLS12_377], OnTwist], ec = ECP_ShortW_Jac[Fp2[BLS12_377], G2],
Iters = Iters, Iters = Iters,
moduleName = "test_ec_shortweierstrass_jacobian_mixed_add_" & $BLS12_377 moduleName = "test_ec_shortweierstrass_jacobian_mixed_add_" & $BLS12_377
) )

2
tests/t_ec_shortw_jac_g2_mixed_add_bls12_381.nim
View File

@ -18,7 +18,7 @@ const
Iters = 12 Iters = 12
run_EC_mixed_add_impl( run_EC_mixed_add_impl(
ec = ECP_ShortW_Jac[Fp2[BLS12_381], OnTwist], ec = ECP_ShortW_Jac[Fp2[BLS12_381], G2],
Iters = Iters, Iters = Iters,
moduleName = "test_ec_shortweierstrass_jacobian_mixed_add_" & $BLS12_381 moduleName = "test_ec_shortweierstrass_jacobian_mixed_add_" & $BLS12_381
) )

2
tests/t_ec_shortw_jac_g2_mixed_add_bn254_snarks.nim
View File

@ -18,7 +18,7 @@ const
Iters = 12 Iters = 12
run_EC_mixed_add_impl( run_EC_mixed_add_impl(
ec = ECP_ShortW_Jac[Fp2[BN254_Snarks], OnTwist], ec = ECP_ShortW_Jac[Fp2[BN254_Snarks], G2],
Iters = Iters, Iters = Iters,
moduleName = "test_ec_shortweierstrass_jacobian_mixed_add_" & $BN254_Snarks moduleName = "test_ec_shortweierstrass_jacobian_mixed_add_" & $BN254_Snarks
) )

2
tests/t_ec_shortw_jac_g2_mixed_add_bw6_761.nim
View File

@ -17,7 +17,7 @@ const
Iters = 12 Iters = 12
run_EC_mixed_add_impl( run_EC_mixed_add_impl(
ec = ECP_ShortW_Jac[Fp[BW6_761], OnTwist], ec = ECP_ShortW_Jac[Fp[BW6_761], G2],
Iters = Iters, Iters = Iters,
moduleName = "test_ec_shortweierstrass_jacobian_mixed_add_" & $BW6_761 moduleName = "test_ec_shortweierstrass_jacobian_mixed_add_" & $BW6_761
) )

2
tests/t_ec_shortw_jac_g2_mul_distri_bls12_377.nim
View File

@ -19,7 +19,7 @@ const
ItersMul = Iters div 4 ItersMul = Iters div 4
run_EC_mul_distributive_tests( run_EC_mul_distributive_tests(
ec = ECP_ShortW_Jac[Fp2[BLS12_377], OnTwist], ec = ECP_ShortW_Jac[Fp2[BLS12_377], G2],
ItersMul = ItersMul, ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_jacobian_g2_mul_distributive_" & $BLS12_377 moduleName = "test_ec_shortweierstrass_jacobian_g2_mul_distributive_" & $BLS12_377
) )

2
tests/t_ec_shortw_jac_g2_mul_distri_bls12_381.nim
View File

@ -19,7 +19,7 @@ const
ItersMul = Iters div 4 ItersMul = Iters div 4
run_EC_mul_distributive_tests( run_EC_mul_distributive_tests(
ec = ECP_ShortW_Jac[Fp2[BLS12_381], OnTwist], ec = ECP_ShortW_Jac[Fp2[BLS12_381], G2],
ItersMul = ItersMul, ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_jacobian_g2_mul_distributive_" & $BLS12_381 moduleName = "test_ec_shortweierstrass_jacobian_g2_mul_distributive_" & $BLS12_381
) )

2
tests/t_ec_shortw_jac_g2_mul_distri_bn254_snarks.nim
View File

@ -19,7 +19,7 @@ const
ItersMul = Iters div 4 ItersMul = Iters div 4
run_EC_mul_distributive_tests( run_EC_mul_distributive_tests(
ec = ECP_ShortW_Jac[Fp2[BN254_Snarks], OnTwist], ec = ECP_ShortW_Jac[Fp2[BN254_Snarks], G2],
ItersMul = ItersMul, ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_jacobian_g2_mul_distributive_" & $BN254_Snarks moduleName = "test_ec_shortweierstrass_jacobian_g2_mul_distributive_" & $BN254_Snarks
) )

2
tests/t_ec_shortw_jac_g2_mul_distri_bw6_761.nim
View File

@ -18,7 +18,7 @@ const
ItersMul = Iters div 4 ItersMul = Iters div 4
run_EC_mul_distributive_tests( run_EC_mul_distributive_tests(
ec = ECP_ShortW_Jac[Fp[BW6_761], OnTwist], ec = ECP_ShortW_Jac[Fp[BW6_761], G2],
ItersMul = ItersMul, ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_jacobian_g2_mul_distributive_" & $BW6_761 moduleName = "test_ec_shortweierstrass_jacobian_g2_mul_distributive_" & $BW6_761
) )

2
tests/t_ec_shortw_jac_g2_mul_sanity_bls12_377.nim
View File

@ -19,7 +19,7 @@ const
ItersMul = Iters div 4 ItersMul = Iters div 4
run_EC_mul_sanity_tests( run_EC_mul_sanity_tests(
ec = ECP_ShortW_Jac[Fp2[BLS12_377], OnTwist], ec = ECP_ShortW_Jac[Fp2[BLS12_377], G2],
ItersMul = ItersMul, ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_jacobian_g2_mul_sanity_" & $BLS12_377 moduleName = "test_ec_shortweierstrass_jacobian_g2_mul_sanity_" & $BLS12_377
) )

2
tests/t_ec_shortw_jac_g2_mul_sanity_bls12_381.nim
View File

@ -19,7 +19,7 @@ const
ItersMul = Iters div 4 ItersMul = Iters div 4
run_EC_mul_sanity_tests( run_EC_mul_sanity_tests(
ec = ECP_ShortW_Jac[Fp2[BLS12_381], OnTwist], ec = ECP_ShortW_Jac[Fp2[BLS12_381], G2],
ItersMul = ItersMul, ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_jacobian_g2_mul_sanity_" & $BLS12_381 moduleName = "test_ec_shortweierstrass_jacobian_g2_mul_sanity_" & $BLS12_381
) )

2
tests/t_ec_shortw_jac_g2_mul_sanity_bn254_snarks.nim
View File

@ -19,7 +19,7 @@ const
ItersMul = Iters div 4 ItersMul = Iters div 4
run_EC_mul_sanity_tests( run_EC_mul_sanity_tests(
ec = ECP_ShortW_Jac[Fp2[BN254_Snarks], OnTwist], ec = ECP_ShortW_Jac[Fp2[BN254_Snarks], G2],
ItersMul = ItersMul, ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_jacobian_g2_mul_sanity_" & $BN254_Snarks moduleName = "test_ec_shortweierstrass_jacobian_g2_mul_sanity_" & $BN254_Snarks
) )

2
tests/t_ec_shortw_jac_g2_mul_sanity_bw6_761.nim
View File

@ -18,7 +18,7 @@ const
ItersMul = Iters div 4 ItersMul = Iters div 4
run_EC_mul_sanity_tests( run_EC_mul_sanity_tests(
ec = ECP_ShortW_Jac[Fp[BW6_761], OnTwist], ec = ECP_ShortW_Jac[Fp[BW6_761], G2],
ItersMul = ItersMul, ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_jacobian_g2_mul_sanity_" & $BW6_761 moduleName = "test_ec_shortweierstrass_jacobian_g2_mul_sanity_" & $BW6_761
) )

2
tests/t_ec_shortw_jac_g2_mul_vs_ref_bls12_377.nim
View File

@ -19,7 +19,7 @@ const
ItersMul = Iters div 4 ItersMul = Iters div 4
run_EC_mul_vs_ref_impl( run_EC_mul_vs_ref_impl(
ec = ECP_ShortW_Jac[Fp2[BLS12_377], OnTwist], ec = ECP_ShortW_Jac[Fp2[BLS12_377], G2],
ItersMul = ItersMul, ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_jacobian_g2_mul_vs_ref_" & $BLS12_377 moduleName = "test_ec_shortweierstrass_jacobian_g2_mul_vs_ref_" & $BLS12_377
) )

2
tests/t_ec_shortw_jac_g2_mul_vs_ref_bls12_381.nim
View File

@ -19,7 +19,7 @@ const
ItersMul = Iters div 4 ItersMul = Iters div 4
run_EC_mul_vs_ref_impl( run_EC_mul_vs_ref_impl(
ec = ECP_ShortW_Jac[Fp2[BLS12_381], OnTwist], ec = ECP_ShortW_Jac[Fp2[BLS12_381], G2],
ItersMul = ItersMul, ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_jacobian_g2_mul_vs_ref_" & $BLS12_381 moduleName = "test_ec_shortweierstrass_jacobian_g2_mul_vs_ref_" & $BLS12_381
) )

2
tests/t_ec_shortw_jac_g2_mul_vs_ref_bn254_snarks.nim
View File

@ -19,7 +19,7 @@ const
ItersMul = Iters div 4 ItersMul = Iters div 4
run_EC_mul_vs_ref_impl( run_EC_mul_vs_ref_impl(
ec = ECP_ShortW_Jac[Fp2[BN254_Snarks], OnTwist], ec = ECP_ShortW_Jac[Fp2[BN254_Snarks], G2],
ItersMul = ItersMul, ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_jacobian_g2_mul_vs_ref_" & $BN254_Snarks moduleName = "test_ec_shortweierstrass_jacobian_g2_mul_vs_ref_" & $BN254_Snarks
) )

2
tests/t_ec_shortw_jac_g2_mul_vs_ref_bw6_761.nim
View File

@ -18,7 +18,7 @@ const
ItersMul = Iters div 4 ItersMul = Iters div 4
run_EC_mul_vs_ref_impl( run_EC_mul_vs_ref_impl(
ec = ECP_ShortW_Jac[Fp[BW6_761], OnTwist], ec = ECP_ShortW_Jac[Fp[BW6_761], G2],
ItersMul = ItersMul, ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_jacobian_g2_mul_vs_ref_" & $BW6_761 moduleName = "test_ec_shortweierstrass_jacobian_g2_mul_vs_ref_" & $BW6_761
) )

8
tests/t_ec_shortw_prj_edge_cases.nim
View File

@ -26,7 +26,7 @@ import
./support/ec_reference_scalar_mult ./support/ec_reference_scalar_mult
func testAddAssociativity[EC](a, b, c: EC) = func testAddAssociativity[EC](a, b, c: EC) =
var tmp1{.noInit.}, tmp2{.noInit.}: ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist] var tmp1{.noInit.}, tmp2{.noInit.}: ECP_ShortW_Prj[Fp2[BLS12_381], G2]
# r0 = (a + b) + c # r0 = (a + b) + c
tmp1.sum(a, b) tmp1.sum(a, b)
@ -63,7 +63,7 @@ func testAddAssociativity[EC](a, b, c: EC) =
suite "Short Weierstrass Elliptic Curve - Edge cases [" & $WordBitwidth & "-bit mode]": suite "Short Weierstrass Elliptic Curve - Edge cases [" & $WordBitwidth & "-bit mode]":
test "EC Add G2 is associative - #60": test "EC Add G2 is associative - #60":
var a, b, c: ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist] var a, b, c: ECP_ShortW_Prj[Fp2[BLS12_381], G2]
var ax, az, bx, bz, cx, cz: Fp2[BLS12_381] var ax, az, bx, bz, cx, cz: Fp2[BLS12_381]
ax.fromHex( ax.fromHex(
@ -101,7 +101,7 @@ suite "Short Weierstrass Elliptic Curve - Edge cases [" & $WordBitwidth & "-bit
test "EC Add G2 is associative - #65-1": test "EC Add G2 is associative - #65-1":
var a, b, c: ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist] var a, b, c: ECP_ShortW_Prj[Fp2[BLS12_381], G2]
var ax, az, bx, bz, cx, cz: Fp2[BLS12_381] var ax, az, bx, bz, cx, cz: Fp2[BLS12_381]
ax.fromHex( ax.fromHex(
@ -139,7 +139,7 @@ suite "Short Weierstrass Elliptic Curve - Edge cases [" & $WordBitwidth & "-bit
test "EC Add G2 is associative - #65-2": test "EC Add G2 is associative - #65-2":
var a, b, c: ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist] var a, b, c: ECP_ShortW_Prj[Fp2[BLS12_381], G2]
var ax, az, bx, bz, cx, cz: Fp2[BLS12_381] var ax, az, bx, bz, cx, cz: Fp2[BLS12_381]
ax.fromHex( ax.fromHex(

8
tests/t_ec_shortw_prj_g1_add_double.nim
View File

@ -17,25 +17,25 @@ const
Iters = 8 Iters = 8
run_EC_addition_tests( run_EC_addition_tests(
ec = ECP_ShortW_Prj[Fp[BN254_Snarks], NotOnTwist], ec = ECP_ShortW_Prj[Fp[BN254_Snarks], G1],
Iters = Iters, Iters = Iters,
moduleName = "test_ec_shortweierstrass_projective_g1_add_double_" & $BN254_Snarks moduleName = "test_ec_shortweierstrass_projective_g1_add_double_" & $BN254_Snarks
) )
run_EC_addition_tests( run_EC_addition_tests(
ec = ECP_ShortW_Prj[Fp[BLS12_381], NotOnTwist], ec = ECP_ShortW_Prj[Fp[BLS12_381], G1],
Iters = Iters, Iters = Iters,
moduleName = "test_ec_shortweierstrass_projective_g1_add_double_" & $BLS12_381 moduleName = "test_ec_shortweierstrass_projective_g1_add_double_" & $BLS12_381
) )
run_EC_addition_tests( run_EC_addition_tests(
ec = ECP_ShortW_Prj[Fp[BLS12_377], NotOnTwist], ec = ECP_ShortW_Prj[Fp[BLS12_377], G1],
Iters = Iters, Iters = Iters,
moduleName = "test_ec_shortweierstrass_projective_g1_add_double_" & $BLS12_377 moduleName = "test_ec_shortweierstrass_projective_g1_add_double_" & $BLS12_377
) )
run_EC_addition_tests( run_EC_addition_tests(
ec = ECP_ShortW_Prj[Fp[BW6_761], NotOnTwist], ec = ECP_ShortW_Prj[Fp[BW6_761], G1],
Iters = Iters, Iters = Iters,
moduleName = "test_ec_shortweierstrass_projective_g1_add_double_" & $BW6_761 moduleName = "test_ec_shortweierstrass_projective_g1_add_double_" & $BW6_761
) )

8
tests/t_ec_shortw_prj_g1_mixed_add.nim
View File

@ -18,25 +18,25 @@ const
Iters = 12 Iters = 12
run_EC_mixed_add_impl( run_EC_mixed_add_impl(
ec = ECP_ShortW_Prj[Fp[BN254_Snarks], NotOnTwist], ec = ECP_ShortW_Prj[Fp[BN254_Snarks], G1],
Iters = Iters, Iters = Iters,
moduleName = "test_ec_shortweierstrass_projective_mixed_add_" & $BN254_Snarks moduleName = "test_ec_shortweierstrass_projective_mixed_add_" & $BN254_Snarks
) )
run_EC_mixed_add_impl( run_EC_mixed_add_impl(
ec = ECP_ShortW_Prj[Fp[BLS12_381], NotOnTwist], ec = ECP_ShortW_Prj[Fp[BLS12_381], G1],
Iters = Iters, Iters = Iters,
moduleName = "test_ec_shortweierstrass_projective_mixed_add_" & $BLS12_381 moduleName = "test_ec_shortweierstrass_projective_mixed_add_" & $BLS12_381
) )
run_EC_mixed_add_impl( run_EC_mixed_add_impl(
ec = ECP_ShortW_Prj[Fp[BLS12_377], NotOnTwist], ec = ECP_ShortW_Prj[Fp[BLS12_377], G1],
Iters = Iters, Iters = Iters,
moduleName = "test_ec_shortweierstrass_projective_mixed_add_" & $BLS12_377 moduleName = "test_ec_shortweierstrass_projective_mixed_add_" & $BLS12_377
) )
run_EC_mixed_add_impl( run_EC_mixed_add_impl(
ec = ECP_ShortW_Prj[Fp[BW6_761], NotOnTwist], ec = ECP_ShortW_Prj[Fp[BW6_761], G1],
Iters = Iters, Iters = Iters,
moduleName = "test_ec_shortweierstrass_projective_mixed_add_" & $BW6_761 moduleName = "test_ec_shortweierstrass_projective_mixed_add_" & $BW6_761
) )

8
tests/t_ec_shortw_prj_g1_mul_distri.nim
View File

@ -18,25 +18,25 @@ const
ItersMul = Iters div 4 ItersMul = Iters div 4
run_EC_mul_distributive_tests( run_EC_mul_distributive_tests(
ec = ECP_ShortW_Prj[Fp[BN254_Snarks], NotOnTwist], ec = ECP_ShortW_Prj[Fp[BN254_Snarks], G1],
ItersMul = ItersMul, ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_projective_g1_mul_distributive_" & $BN254_Snarks moduleName = "test_ec_shortweierstrass_projective_g1_mul_distributive_" & $BN254_Snarks
) )
run_EC_mul_distributive_tests( run_EC_mul_distributive_tests(
ec = ECP_ShortW_Prj[Fp[BLS12_381], NotOnTwist], ec = ECP_ShortW_Prj[Fp[BLS12_381], G1],
ItersMul = ItersMul, ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_projective_g1_mul_distributive_" & $BLS12_381 moduleName = "test_ec_shortweierstrass_projective_g1_mul_distributive_" & $BLS12_381
) )
run_EC_mul_distributive_tests( run_EC_mul_distributive_tests(
ec = ECP_ShortW_Prj[Fp[BLS12_377], NotOnTwist], ec = ECP_ShortW_Prj[Fp[BLS12_377], G1],
ItersMul = ItersMul, ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_projective_g1_mul_distributive_" & $BLS12_377 moduleName = "test_ec_shortweierstrass_projective_g1_mul_distributive_" & $BLS12_377
) )
run_EC_mul_distributive_tests( run_EC_mul_distributive_tests(
ec = ECP_ShortW_Prj[Fp[BW6_761], NotOnTwist], ec = ECP_ShortW_Prj[Fp[BW6_761], G1],
ItersMul = ItersMul, ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_projective_g1_mul_distributive_" & $BW6_761 moduleName = "test_ec_shortweierstrass_projective_g1_mul_distributive_" & $BW6_761
) )

16
tests/t_ec_shortw_prj_g1_mul_sanity.nim
View File

@ -24,7 +24,7 @@ const
ItersMul = Iters div 4 ItersMul = Iters div 4
run_EC_mul_sanity_tests( run_EC_mul_sanity_tests(
ec = ECP_ShortW_Prj[Fp[BN254_Snarks], NotOnTwist], ec = ECP_ShortW_Prj[Fp[BN254_Snarks], G1],
ItersMul = ItersMul, ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_projective_g1_mul_sanity_" & $BN254_Snarks moduleName = "test_ec_shortweierstrass_projective_g1_mul_sanity_" & $BN254_Snarks
) )
@ -56,37 +56,37 @@ suite "Order checks on BN254_Snarks":
bool(impl.isInf()) bool(impl.isInf())
bool(reference.isInf()) bool(reference.isInf())
test(ECP_ShortW_Prj[Fp[BN254_Snarks], NotOnTwist], bits = BN254_Snarks.getCurveOrderBitwidth(), randZ = false) test(ECP_ShortW_Prj[Fp[BN254_Snarks], G1], bits = BN254_Snarks.getCurveOrderBitwidth(), randZ = false)
test(ECP_ShortW_Prj[Fp[BN254_Snarks], NotOnTwist], bits = BN254_Snarks.getCurveOrderBitwidth(), randZ = true) test(ECP_ShortW_Prj[Fp[BN254_Snarks], G1], bits = BN254_Snarks.getCurveOrderBitwidth(), randZ = true)
# TODO: BLS12 is using a subgroup of order "r" such as r*h = CurveOrder # TODO: BLS12 is using a subgroup of order "r" such as r*h = CurveOrder
# with h the curve cofactor # with h the curve cofactor
# instead of the full group # instead of the full group
# test(Fp[BLS12_381], bits = BLS12_381.getCurveOrderBitwidth(), randZ = NotOnTwist) # test(Fp[BLS12_381], bits = BLS12_381.getCurveOrderBitwidth(), randZ = G1)
# test(Fp[BLS12_381], bits = BLS12_381.getCurveOrderBitwidth(), randZ = true) # test(Fp[BLS12_381], bits = BLS12_381.getCurveOrderBitwidth(), randZ = true)
test "Not a point on the curve / not a square - #67": test "Not a point on the curve / not a square - #67":
var ax, ay: Fp[BN254_Snarks] var ax, ay: Fp[BN254_Snarks]
ax.fromHex"0x2a74c9ca553cd5f3437b41e77ca0c8cc77567a7eca5e7debc55b146b0bee324b" ax.fromHex"0x2a74c9ca553cd5f3437b41e77ca0c8cc77567a7eca5e7debc55b146b0bee324b"
ay.curve_eq_rhs(ax, NotOnTwist) ay.curve_eq_rhs(ax, G1)
check: check:
bool not ay.isSquare() bool not ay.isSquare()
bool not ay.sqrt_if_square() bool not ay.sqrt_if_square()
run_EC_mul_sanity_tests( run_EC_mul_sanity_tests(
ec = ECP_ShortW_Prj[Fp[BLS12_381], NotOnTwist], ec = ECP_ShortW_Prj[Fp[BLS12_381], G1],
ItersMul = ItersMul, ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_projective_g1_mul_sanity_" & $BLS12_381 moduleName = "test_ec_shortweierstrass_projective_g1_mul_sanity_" & $BLS12_381
) )
run_EC_mul_sanity_tests( run_EC_mul_sanity_tests(
ec = ECP_ShortW_Prj[Fp[BLS12_377], NotOnTwist], ec = ECP_ShortW_Prj[Fp[BLS12_377], G1],
ItersMul = ItersMul, ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_projective_g1_mul_sanity_" & $BLS12_377 moduleName = "test_ec_shortweierstrass_projective_g1_mul_sanity_" & $BLS12_377
) )
run_EC_mul_sanity_tests( run_EC_mul_sanity_tests(
ec = ECP_ShortW_Prj[Fp[BW6_761], NotOnTwist], ec = ECP_ShortW_Prj[Fp[BW6_761], G1],
ItersMul = ItersMul, ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_projective_g1_mul_sanity_" & $BW6_761 moduleName = "test_ec_shortweierstrass_projective_g1_mul_sanity_" & $BW6_761
) )

8
tests/t_ec_shortw_prj_g1_mul_vs_ref.nim
View File

@ -18,25 +18,25 @@ const
ItersMul = Iters div 4 ItersMul = Iters div 4
run_EC_mul_vs_ref_impl( run_EC_mul_vs_ref_impl(
ec = ECP_ShortW_Prj[Fp[BN254_Snarks], NotOnTwist], ec = ECP_ShortW_Prj[Fp[BN254_Snarks], G1],
ItersMul = ItersMul, ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_projective_g1_mul_vs_ref_" & $BN254_Snarks moduleName = "test_ec_shortweierstrass_projective_g1_mul_vs_ref_" & $BN254_Snarks
) )
run_EC_mul_vs_ref_impl( run_EC_mul_vs_ref_impl(
ec = ECP_ShortW_Prj[Fp[BLS12_381], NotOnTwist], ec = ECP_ShortW_Prj[Fp[BLS12_381], G1],
ItersMul = ItersMul, ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_projective_g1_mul_vs_ref_" & $BLS12_381 moduleName = "test_ec_shortweierstrass_projective_g1_mul_vs_ref_" & $BLS12_381
) )
run_EC_mul_vs_ref_impl( run_EC_mul_vs_ref_impl(
ec = ECP_ShortW_Prj[Fp[BLS12_377], NotOnTwist], ec = ECP_ShortW_Prj[Fp[BLS12_377], G1],
ItersMul = ItersMul, ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_projective_g1_mul_vs_ref_" & $BLS12_377 moduleName = "test_ec_shortweierstrass_projective_g1_mul_vs_ref_" & $BLS12_377
) )
run_EC_mul_vs_ref_impl( run_EC_mul_vs_ref_impl(
ec = ECP_ShortW_Prj[Fp[BW6_761], NotOnTwist], ec = ECP_ShortW_Prj[Fp[BW6_761], G1],
ItersMul = ItersMul, ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_projective_g1_mul_vs_ref_" & $BW6_761 moduleName = "test_ec_shortweierstrass_projective_g1_mul_vs_ref_" & $BW6_761
) )

2
tests/t_ec_shortw_prj_g2_add_double_bls12_377.nim
View File

@ -18,7 +18,7 @@ const
Iters = 8 Iters = 8
run_EC_addition_tests( run_EC_addition_tests(
ec = ECP_ShortW_Prj[Fp2[BLS12_377], OnTwist], ec = ECP_ShortW_Prj[Fp2[BLS12_377], G2],
Iters = Iters, Iters = Iters,
moduleName = "test_ec_shortweierstrass_projective_g2_add_double_" & $BLS12_377 moduleName = "test_ec_shortweierstrass_projective_g2_add_double_" & $BLS12_377
) )

2
tests/t_ec_shortw_prj_g2_add_double_bls12_381.nim
View File

@ -18,7 +18,7 @@ const
Iters = 8 Iters = 8
run_EC_addition_tests( run_EC_addition_tests(
ec = ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist], ec = ECP_ShortW_Prj[Fp2[BLS12_381], G2],
Iters = Iters, Iters = Iters,
moduleName = "test_ec_shortweierstrass_projective_g2_add_double_" & $BLS12_381 moduleName = "test_ec_shortweierstrass_projective_g2_add_double_" & $BLS12_381
) )

2
tests/t_ec_shortw_prj_g2_add_double_bn254_snarks.nim
View File

@ -18,7 +18,7 @@ const
Iters = 8 Iters = 8
run_EC_addition_tests( run_EC_addition_tests(
ec = ECP_ShortW_Prj[Fp2[BN254_Snarks], OnTwist], ec = ECP_ShortW_Prj[Fp2[BN254_Snarks], G2],
Iters = Iters, Iters = Iters,
moduleName = "test_ec_shortweierstrass_projective_g2_add_double_" & $BN254_Snarks moduleName = "test_ec_shortweierstrass_projective_g2_add_double_" & $BN254_Snarks
) )

2
tests/t_ec_shortw_prj_g2_add_double_bw6_761.nim
View File

@ -17,7 +17,7 @@ const
Iters = 8 Iters = 8
run_EC_addition_tests( run_EC_addition_tests(
ec = ECP_ShortW_Prj[Fp[BW6_761], OnTwist], ec = ECP_ShortW_Prj[Fp[BW6_761], G2],
Iters = Iters, Iters = Iters,
moduleName = "test_ec_shortweierstrass_projective_g2_add_double_" & $BW6_761 moduleName = "test_ec_shortweierstrass_projective_g2_add_double_" & $BW6_761
) )

2
tests/t_ec_shortw_prj_g2_mixed_add_bls12_377.nim
View File

@ -18,7 +18,7 @@ const
Iters = 12 Iters = 12
run_EC_mixed_add_impl( run_EC_mixed_add_impl(
ec = ECP_ShortW_Prj[Fp2[BLS12_377], OnTwist], ec = ECP_ShortW_Prj[Fp2[BLS12_377], G2],
Iters = Iters, Iters = Iters,
moduleName = "test_ec_shortweierstrass_projective_mixed_add_" & $BLS12_377 moduleName = "test_ec_shortweierstrass_projective_mixed_add_" & $BLS12_377
) )

2
tests/t_ec_shortw_prj_g2_mixed_add_bls12_381.nim
View File

@ -18,7 +18,7 @@ const
Iters = 12 Iters = 12
run_EC_mixed_add_impl( run_EC_mixed_add_impl(
ec = ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist], ec = ECP_ShortW_Prj[Fp2[BLS12_381], G2],
Iters = Iters, Iters = Iters,
moduleName = "test_ec_shortweierstrass_projective_mixed_add_" & $BLS12_381 moduleName = "test_ec_shortweierstrass_projective_mixed_add_" & $BLS12_381
) )

2
tests/t_ec_shortw_prj_g2_mixed_add_bn254_snarks.nim
View File

@ -18,7 +18,7 @@ const
Iters = 12 Iters = 12
run_EC_mixed_add_impl( run_EC_mixed_add_impl(
ec = ECP_ShortW_Prj[Fp2[BN254_Snarks], OnTwist], ec = ECP_ShortW_Prj[Fp2[BN254_Snarks], G2],
Iters = Iters, Iters = Iters,
moduleName = "test_ec_shortweierstrass_projective_mixed_add_" & $BN254_Snarks moduleName = "test_ec_shortweierstrass_projective_mixed_add_" & $BN254_Snarks
) )

2
tests/t_ec_shortw_prj_g2_mixed_add_bw6_761.nim
View File

@ -17,7 +17,7 @@ const
Iters = 12 Iters = 12
run_EC_mixed_add_impl( run_EC_mixed_add_impl(
ec = ECP_ShortW_Prj[Fp[BW6_761], OnTwist], ec = ECP_ShortW_Prj[Fp[BW6_761], G2],
Iters = Iters, Iters = Iters,
moduleName = "test_ec_shortweierstrass_projective_mixed_add_" & $BW6_761 moduleName = "test_ec_shortweierstrass_projective_mixed_add_" & $BW6_761
) )

2
tests/t_ec_shortw_prj_g2_mul_distri_bls12_377.nim
View File

@ -19,7 +19,7 @@ const
ItersMul = Iters div 4 ItersMul = Iters div 4
run_EC_mul_distributive_tests( run_EC_mul_distributive_tests(
ec = ECP_ShortW_Prj[Fp2[BLS12_377], OnTwist], ec = ECP_ShortW_Prj[Fp2[BLS12_377], G2],
ItersMul = ItersMul, ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_projective_g2_mul_distributive_" & $BLS12_377 moduleName = "test_ec_shortweierstrass_projective_g2_mul_distributive_" & $BLS12_377
) )

2
tests/t_ec_shortw_prj_g2_mul_distri_bls12_381.nim
View File

@ -19,7 +19,7 @@ const
ItersMul = Iters div 4 ItersMul = Iters div 4
run_EC_mul_distributive_tests( run_EC_mul_distributive_tests(
ec = ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist], ec = ECP_ShortW_Prj[Fp2[BLS12_381], G2],
ItersMul = ItersMul, ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_projective_g2_mul_distributive_" & $BLS12_381 moduleName = "test_ec_shortweierstrass_projective_g2_mul_distributive_" & $BLS12_381
) )

2
tests/t_ec_shortw_prj_g2_mul_distri_bn254_snarks.nim
View File

@ -19,7 +19,7 @@ const
ItersMul = Iters div 4 ItersMul = Iters div 4
run_EC_mul_distributive_tests( run_EC_mul_distributive_tests(
ec = ECP_ShortW_Prj[Fp2[BN254_Snarks], OnTwist], ec = ECP_ShortW_Prj[Fp2[BN254_Snarks], G2],
ItersMul = ItersMul, ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_projective_g2_mul_distributive_" & $BN254_Snarks moduleName = "test_ec_shortweierstrass_projective_g2_mul_distributive_" & $BN254_Snarks
) )

2
tests/t_ec_shortw_prj_g2_mul_distri_bw6_761.nim
View File

@ -18,7 +18,7 @@ const
ItersMul = Iters div 4 ItersMul = Iters div 4
run_EC_mul_distributive_tests( run_EC_mul_distributive_tests(
ec = ECP_ShortW_Prj[Fp[BW6_761], OnTwist], ec = ECP_ShortW_Prj[Fp[BW6_761], G2],
ItersMul = ItersMul, ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_projective_g2_mul_distributive_" & $BW6_761 moduleName = "test_ec_shortweierstrass_projective_g2_mul_distributive_" & $BW6_761
) )

2
tests/t_ec_shortw_prj_g2_mul_sanity_bls12_377.nim
View File

@ -19,7 +19,7 @@ const
ItersMul = Iters div 4 ItersMul = Iters div 4
run_EC_mul_sanity_tests( run_EC_mul_sanity_tests(
ec = ECP_ShortW_Prj[Fp2[BLS12_377], OnTwist], ec = ECP_ShortW_Prj[Fp2[BLS12_377], G2],
ItersMul = ItersMul, ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_projective_g2_mul_sanity_" & $BLS12_377 moduleName = "test_ec_shortweierstrass_projective_g2_mul_sanity_" & $BLS12_377
) )

2
tests/t_ec_shortw_prj_g2_mul_sanity_bls12_381.nim
View File

@ -19,7 +19,7 @@ const
ItersMul = Iters div 4 ItersMul = Iters div 4
run_EC_mul_sanity_tests( run_EC_mul_sanity_tests(
ec = ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist], ec = ECP_ShortW_Prj[Fp2[BLS12_381], G2],
ItersMul = ItersMul, ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_projective_g2_mul_sanity_" & $BLS12_381 moduleName = "test_ec_shortweierstrass_projective_g2_mul_sanity_" & $BLS12_381
) )

2
tests/t_ec_shortw_prj_g2_mul_sanity_bn254_snarks.nim
View File

@ -19,7 +19,7 @@ const
ItersMul = Iters div 4 ItersMul = Iters div 4
run_EC_mul_sanity_tests( run_EC_mul_sanity_tests(
ec = ECP_ShortW_Prj[Fp2[BN254_Snarks], OnTwist], ec = ECP_ShortW_Prj[Fp2[BN254_Snarks], G2],
ItersMul = ItersMul, ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_projective_g2_mul_sanity_" & $BN254_Snarks moduleName = "test_ec_shortweierstrass_projective_g2_mul_sanity_" & $BN254_Snarks
) )

2
tests/t_ec_shortw_prj_g2_mul_sanity_bw6_761.nim
View File

@ -18,7 +18,7 @@ const
ItersMul = Iters div 4 ItersMul = Iters div 4
run_EC_mul_sanity_tests( run_EC_mul_sanity_tests(
ec = ECP_ShortW_Prj[Fp[BW6_761], OnTwist], ec = ECP_ShortW_Prj[Fp[BW6_761], G2],
ItersMul = ItersMul, ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_projective_g2_mul_sanity_" & $BW6_761 moduleName = "test_ec_shortweierstrass_projective_g2_mul_sanity_" & $BW6_761
) )

2
tests/t_ec_shortw_prj_g2_mul_vs_ref_bls12_377.nim
View File

@ -19,7 +19,7 @@ const
ItersMul = Iters div 4 ItersMul = Iters div 4
run_EC_mul_vs_ref_impl( run_EC_mul_vs_ref_impl(
ec = ECP_ShortW_Prj[Fp2[BLS12_377], OnTwist], ec = ECP_ShortW_Prj[Fp2[BLS12_377], G2],
ItersMul = ItersMul, ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_projective_g2_mul_vs_ref_" & $BLS12_377 moduleName = "test_ec_shortweierstrass_projective_g2_mul_vs_ref_" & $BLS12_377
) )

2
tests/t_ec_shortw_prj_g2_mul_vs_ref_bls12_381.nim
View File

@ -19,7 +19,7 @@ const
ItersMul = Iters div 4 ItersMul = Iters div 4
run_EC_mul_vs_ref_impl( run_EC_mul_vs_ref_impl(
ec = ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist], ec = ECP_ShortW_Prj[Fp2[BLS12_381], G2],
ItersMul = ItersMul, ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_projective_g2_mul_vs_ref_" & $BLS12_381 moduleName = "test_ec_shortweierstrass_projective_g2_mul_vs_ref_" & $BLS12_381
) )

2
tests/t_ec_shortw_prj_g2_mul_vs_ref_bn254_snarks.nim
View File

@ -19,7 +19,7 @@ const
ItersMul = Iters div 4 ItersMul = Iters div 4
run_EC_mul_vs_ref_impl( run_EC_mul_vs_ref_impl(
ec = ECP_ShortW_Prj[Fp2[BN254_Snarks], OnTwist], ec = ECP_ShortW_Prj[Fp2[BN254_Snarks], G2],
ItersMul = ItersMul, ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_projective_g2_mul_vs_ref_" & $BN254_Snarks moduleName = "test_ec_shortweierstrass_projective_g2_mul_vs_ref_" & $BN254_Snarks
) )

2
tests/t_ec_shortw_prj_g2_mul_vs_ref_bw6_761.nim
View File

@ -18,7 +18,7 @@ const
ItersMul = Iters div 4 ItersMul = Iters div 4
run_EC_mul_vs_ref_impl( run_EC_mul_vs_ref_impl(
ec = ECP_ShortW_Prj[Fp[BW6_761], OnTwist], ec = ECP_ShortW_Prj[Fp[BW6_761], G2],
ItersMul = ItersMul, ItersMul = ItersMul,
moduleName = "test_ec_shortweierstrass_projective_g2_mul_vs_ref_" & $BW6_761 moduleName = "test_ec_shortweierstrass_projective_g2_mul_vs_ref_" & $BW6_761
) )

6
tests/t_ec_template.nim
View File

@ -55,7 +55,7 @@ func random_point*(rng: var RngState, EC: typedesc, randZ: bool, gen: RandomGen)
template pairingGroup(EC: typedesc): string = template pairingGroup(EC: typedesc): string =
when EC is (ECP_ShortW_Aff or ECP_ShortW_Prj or ECP_ShortW_Jac): when EC is (ECP_ShortW_Aff or ECP_ShortW_Prj or ECP_ShortW_Jac):
when EC.Tw == NotOnTwist: when EC.G == G1:
"G1" "G1"
else: else:
"G2" "G2"
@ -426,7 +426,7 @@ proc run_EC_mixed_add_impl*(
echo "\n------------------------------------------------------\n" echo "\n------------------------------------------------------\n"
echo moduleName, " xoshiro512** seed: ", seed echo moduleName, " xoshiro512** seed: ", seed
when ec.Tw == NotOnTwist: when ec.G == G1:
const G1_or_G2 = "G1" const G1_or_G2 = "G1"
else: else:
const G1_or_G2 = "G2" const G1_or_G2 = "G2"
@ -439,7 +439,7 @@ proc run_EC_mixed_add_impl*(
for _ in 0 ..< Iters: for _ in 0 ..< Iters:
let a = rng.random_point(EC, randZ, gen) let a = rng.random_point(EC, randZ, gen)
let b = rng.random_point(EC, randZ, gen) let b = rng.random_point(EC, randZ, gen)
var bAff: ECP_ShortW_Aff[EC.F, EC.Tw] var bAff: ECP_ShortW_Aff[EC.F, EC.G]
when b is ECP_ShortW_Prj: when b is ECP_ShortW_Prj:
bAff.affineFromProjective(b) bAff.affineFromProjective(b)
else: else:

12
tests/t_hash_to_curve.nim
View File

@ -67,8 +67,8 @@ const
proc parseHook*(src: string, pos: var int, value: var ECP_ShortW_Aff) = proc parseHook*(src: string, pos: var int, value: var ECP_ShortW_Aff) =
# Note when nim-serialization was used: # Note when nim-serialization was used:
# When ECP_ShortW_Aff[Fp[Foo], NotOnTwist] # When ECP_ShortW_Aff[Fp[Foo], G1]
# and ECP_ShortW_Aff[Fp[Foo], OnTwist] # and ECP_ShortW_Aff[Fp[Foo], G2]
# are generated in the same file (i.e. twists and base curve are both on Fp) # are generated in the same file (i.e. twists and base curve are both on Fp)
# this creates bad codegen, in the C code, the `value`parameter gets the wrong type # this creates bad codegen, in the C code, the `value`parameter gets the wrong type
# TODO: upstream # TODO: upstream
@ -107,11 +107,11 @@ proc run_hash_to_curve_test(
filename: string filename: string
) = ) =
when EC.Tw == NotOnTwist: when EC.G == G1:
const G1_or_G2 = "G1" const G1_or_G2 = "G1"
else: else:
const G1_or_G2 = "G2" const G1_or_G2 = "G2"
let vec = loadVectors(HashToCurveTest[ECP_ShortW_Aff[EC.F, EC.Tw]], filename) let vec = loadVectors(HashToCurveTest[ECP_ShortW_Aff[EC.F, EC.G]], filename)
let testSuiteDesc = "Hash to Curve " & $EC.F.C & " " & G1_or_G2 & " - official specs " & spec_version & " test vectors" let testSuiteDesc = "Hash to Curve " & $EC.F.C & " " & G1_or_G2 & " - official specs " & spec_version & " test vectors"
@ -142,7 +142,7 @@ echo "Hash-to-curve" & '\n'
# Hash-to-curve v8 to latest # Hash-to-curve v8 to latest
# https://github.com/cfrg/draft-irtf-cfrg-hash-to-curve/blob/draft-irtf-cfrg-hash-to-curve-10/poc/vectors/BLS12381G2_XMD:SHA-256_SSWU_RO_.json # https://github.com/cfrg/draft-irtf-cfrg-hash-to-curve/blob/draft-irtf-cfrg-hash-to-curve-10/poc/vectors/BLS12381G2_XMD:SHA-256_SSWU_RO_.json
run_hash_to_curve_test( run_hash_to_curve_test(
ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist], ECP_ShortW_Prj[Fp2[BLS12_381], G2],
"v8", "v8",
"tv_h2c_v8_BLS12_381_hash_to_G2_SHA256_SSWU_RO.json" "tv_h2c_v8_BLS12_381_hash_to_G2_SHA256_SSWU_RO.json"
) )
@ -150,7 +150,7 @@ run_hash_to_curve_test(
# Hash-to-curve v7 (different domain separation tag) # Hash-to-curve v7 (different domain separation tag)
# https://github.com/cfrg/draft-irtf-cfrg-hash-to-curve/blob/draft-irtf-cfrg-hash-to-curve-07/poc/vectors/BLS12381G2_XMD:SHA-256_SSWU_RO_.json # https://github.com/cfrg/draft-irtf-cfrg-hash-to-curve/blob/draft-irtf-cfrg-hash-to-curve-07/poc/vectors/BLS12381G2_XMD:SHA-256_SSWU_RO_.json
run_hash_to_curve_test( run_hash_to_curve_test(
ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist], ECP_ShortW_Prj[Fp2[BLS12_381], G2],
"v7", "v7",
"tv_h2c_v7_BLS12_381_hash_to_G2_SHA256_SSWU_RO.json" "tv_h2c_v7_BLS12_381_hash_to_G2_SHA256_SSWU_RO.json"
) )

14
tests/t_pairing_bls12_377_line_functions.nim
View File

@ -69,9 +69,9 @@ suite "Pairing - Line Functions on BLS12-377" & " [" & $WordBitwidth & "-bit mod
test "Line double - lt,t(P)": test "Line double - lt,t(P)":
proc test_line_double(C: static Curve, randZ: bool, gen: RandomGen) = proc test_line_double(C: static Curve, randZ: bool, gen: RandomGen) =
for _ in 0 ..< Iters: for _ in 0 ..< Iters:
let P = rng.random_point(ECP_ShortW_Aff[Fp[C], NotOnTwist], gen) let P = rng.random_point(ECP_ShortW_Aff[Fp[C], G1], gen)
var T = rng.random_point(ECP_ShortW_Prj[Fp2[C], OnTwist], randZ, gen) var T = rng.random_point(ECP_ShortW_Prj[Fp2[C], G2], randZ, gen)
let Q = rng.random_point(ECP_ShortW_Prj[Fp2[C], OnTwist], randZ, gen) let Q = rng.random_point(ECP_ShortW_Prj[Fp2[C], G2], randZ, gen)
var l: Line[Fp2[C]] var l: Line[Fp2[C]]
var T2: typeof(Q) var T2: typeof(Q)
@ -91,15 +91,15 @@ suite "Pairing - Line Functions on BLS12-377" & " [" & $WordBitwidth & "-bit mod
test "Line add - lt,q(P)": test "Line add - lt,q(P)":
proc test_line_add(C: static Curve, randZ: bool, gen: RandomGen) = proc test_line_add(C: static Curve, randZ: bool, gen: RandomGen) =
for _ in 0 ..< Iters: for _ in 0 ..< Iters:
let P = rng.random_point(ECP_ShortW_Aff[Fp[C], NotOnTwist], gen) let P = rng.random_point(ECP_ShortW_Aff[Fp[C], G1], gen)
let Q = rng.random_point(ECP_ShortW_Prj[Fp2[C], OnTwist], randZ, gen) let Q = rng.random_point(ECP_ShortW_Prj[Fp2[C], G2], randZ, gen)
var T = rng.random_point(ECP_ShortW_Prj[Fp2[C], OnTwist], randZ, gen) var T = rng.random_point(ECP_ShortW_Prj[Fp2[C], G2], randZ, gen)
var l: Line[Fp2[C]] var l: Line[Fp2[C]]
var TQ{.noInit.}: typeof(T) var TQ{.noInit.}: typeof(T)
TQ.sum(T, Q) TQ.sum(T, Q)
var Qaff{.noInit.}: ECP_ShortW_Aff[Fp2[C], OnTwist] var Qaff{.noInit.}: ECP_ShortW_Aff[Fp2[C], G2]
Qaff.affineFromProjective(Q) Qaff.affineFromProjective(Q)
l.line_add(T, Qaff, P) l.line_add(T, Qaff, P)

4
tests/t_pairing_bls12_377_optate.nim
View File

@ -15,7 +15,7 @@ import
runPairingTests( runPairingTests(
4, BLS12_377, 4, BLS12_377,
G1 = ECP_ShortW_Prj[Fp[BLS12_377], NotOnTwist], G1 = ECP_ShortW_Prj[Fp[BLS12_377], G1],
G2 = ECP_ShortW_Prj[Fp2[BLS12_377], OnTwist], G2 = ECP_ShortW_Prj[Fp2[BLS12_377], G2],
GT = Fp12[BLS12_377], GT = Fp12[BLS12_377],
pairing_bls12) pairing_bls12)

14
tests/t_pairing_bls12_381_line_functions.nim
View File

@ -69,9 +69,9 @@ suite "Pairing - Line Functions on BLS12-381" & " [" & $WordBitwidth & "-bit mod
test "Line double - lt,t(P)": test "Line double - lt,t(P)":
proc test_line_double(C: static Curve, randZ: bool, gen: RandomGen) = proc test_line_double(C: static Curve, randZ: bool, gen: RandomGen) =
for _ in 0 ..< Iters: for _ in 0 ..< Iters:
let P = rng.random_point(ECP_ShortW_Aff[Fp[C], NotOnTwist], gen) let P = rng.random_point(ECP_ShortW_Aff[Fp[C], G1], gen)
var T = rng.random_point(ECP_ShortW_Prj[Fp2[C], OnTwist], randZ, gen) var T = rng.random_point(ECP_ShortW_Prj[Fp2[C], G2], randZ, gen)
let Q = rng.random_point(ECP_ShortW_Prj[Fp2[C], OnTwist], randZ, gen) let Q = rng.random_point(ECP_ShortW_Prj[Fp2[C], G2], randZ, gen)
var l: Line[Fp2[C]] var l: Line[Fp2[C]]
var T2: typeof(Q) var T2: typeof(Q)
@ -91,15 +91,15 @@ suite "Pairing - Line Functions on BLS12-381" & " [" & $WordBitwidth & "-bit mod
test "Line add - lt,q(P)": test "Line add - lt,q(P)":
proc test_line_add(C: static Curve, randZ: bool, gen: RandomGen) = proc test_line_add(C: static Curve, randZ: bool, gen: RandomGen) =
for _ in 0 ..< Iters: for _ in 0 ..< Iters:
let P = rng.random_point(ECP_ShortW_Aff[Fp[C], NotOnTwist], gen) let P = rng.random_point(ECP_ShortW_Aff[Fp[C], G1], gen)
let Q = rng.random_point(ECP_ShortW_Prj[Fp2[C], OnTwist], randZ, gen) let Q = rng.random_point(ECP_ShortW_Prj[Fp2[C], G2], randZ, gen)
var T = rng.random_point(ECP_ShortW_Prj[Fp2[C], OnTwist], randZ, gen) var T = rng.random_point(ECP_ShortW_Prj[Fp2[C], G2], randZ, gen)
var l: Line[Fp2[C]] var l: Line[Fp2[C]]
var TQ{.noInit.}: typeof(T) var TQ{.noInit.}: typeof(T)
TQ.sum(T, Q) TQ.sum(T, Q)
var Qaff{.noInit.}: ECP_ShortW_Aff[Fp2[C], OnTwist] var Qaff{.noInit.}: ECP_ShortW_Aff[Fp2[C], G2]
Qaff.affineFromProjective(Q) Qaff.affineFromProjective(Q)
l.line_add(T, Qaff, P) l.line_add(T, Qaff, P)

4
tests/t_pairing_bls12_381_multi.nim
View File

@ -32,8 +32,8 @@ echo "test_pairing_bls12_381_multi xoshiro512** seed: ", timeseed
proc testMultiPairing(rng: var RngState, N: static int) = proc testMultiPairing(rng: var RngState, N: static int) =
var var
Ps {.noInit.}: array[N, ECP_ShortW_Aff[Fp[BLS12_381], NotOnTwist]] Ps {.noInit.}: array[N, ECP_ShortW_Aff[Fp[BLS12_381], G1]]
Qs {.noInit.}: array[N, ECP_ShortW_Aff[Fp2[BLS12_381], OnTwist]] Qs {.noInit.}: array[N, ECP_ShortW_Aff[Fp2[BLS12_381], G2]]
GTs {.noInit.}: array[N, Fp12[BLS12_381]] GTs {.noInit.}: array[N, Fp12[BLS12_381]]

4
tests/t_pairing_bls12_381_optate.nim
View File

@ -15,7 +15,7 @@ import
runPairingTests( runPairingTests(
4, BLS12_381, 4, BLS12_381,
G1 = ECP_ShortW_Prj[Fp[BLS12_381], NotOnTwist], G1 = ECP_ShortW_Prj[Fp[BLS12_381], G1],
G2 = ECP_ShortW_Prj[Fp2[BLS12_381], OnTwist], G2 = ECP_ShortW_Prj[Fp2[BLS12_381], G2],
GT = Fp12[BLS12_381], GT = Fp12[BLS12_381],
pairing_bls12) pairing_bls12)

4
tests/t_pairing_bn254_nogami_optate.nim
View File

@ -15,7 +15,7 @@ import
runPairingTests( runPairingTests(
4, BN254_Nogami, 4, BN254_Nogami,
G1 = ECP_ShortW_Prj[Fp[BN254_Nogami], NotOnTwist], G1 = ECP_ShortW_Prj[Fp[BN254_Nogami], G1],
G2 = ECP_ShortW_Prj[Fp2[BN254_Nogami], OnTwist], G2 = ECP_ShortW_Prj[Fp2[BN254_Nogami], G2],
GT = Fp12[BN254_Nogami], GT = Fp12[BN254_Nogami],
pairing_bn) pairing_bn)

Some files were not shown because too many files have changed in this diff Show More