Productionize: move protocols top-level vs backend (#179)

* Productionize: move protocols top-level vs backend

* fix path

* import fix

* the last one

* benches as well

README.md

@@ -10,8 +10,8 @@
 > “A cryptographic system should be secure even if everything about the system, except the key, is public knowledge.”\
 >   — Auguste Kerckhoffs
 
-This library provides [constant-time](https://en.wikipedia.org/wiki/Timing_attack) implementation of elliptic curve cryptography
-with a particular focus on pairing-based cryptography.
+This library provides [constant-time](https://en.wikipedia.org/wiki/Timing_attack) implementation of cryptography protocols
+with a particular focus on pairing-based cryptography as used in blockchains and zero-knowledge protocols.
 
 The implementations are accompanied with SAGE code used as reference implementation and test vectors generators before writing highly optimized routines implemented in the [Nim language](https://nim-lang.org/)
 
@@ -26,7 +26,63 @@ The library focuses on following properties:
 - performance
 - generated code size, datatype size and stack usage
 
-in this order
+in this order.
+
+## Protocols
+
+Protocols are a set of routines, designed for specific goals or a combination thereof:
+- confidentiality: only the intended receiver of a message can read it
+- authentication: the other party in the communication is the expected part
+- integrity: the received message has not been tampered with
+- non-repudiation: the sender of a message cannot repudiated it
+
+Protocols to address these goals, (authenticated) encryption, signature, traitor-tracing, etc 
+are designed.\
+Note: some goals might be mutually exclusive, for example "plausible deniability" and "non-repudiation".
+
+After [installation](#installation), the available high-level protocols are:
+
+- [x] Ethereum EVM precompiles on BN254_Snarks (also called alt_bn128 or bn256 in Ethereum)
+
+  `import constantine/ethereum_evm_precompiles`
+- [ ] BLS signature on BLS12-381 G2 as used in Ethereum 2.
+  Cryptographic suite: `BLS_SIG_BLS12381G2_XMD:SHA-256_SSWU_RO_POP_`
+
+  This scheme is also used in the following blockchains:
+  Algorand, Chia, Dfinity, Filecoin, Tezos, Zcash.
+  They may have their pubkeys on G1 and signatures on G2 like Ethereum or the other way around.
+
+  > Parameter discussion:
+  >
+  > As Ethereum validators' pubkeys are duplicated, stored and transmitter over and over in the protocol,
+  having them be as small as possible was important.
+  On another hand, BLS signatures were first popularized due to their succinctness.
+  And having signatures on G1 is useful when short signatures are desired, in embedded for example.
+- [ ] SHA256 hash
+- ...
+
+## Curves supported in the backend
+
+_The backend, unlike protocols, is not public. Here be dragons._
+
+At the moment the following curves are implemented, adding a new curve only requires adding the prime modulus
+and its bitsize in [constantine/config/curves.nim](constantine/backend/config/curves_declaration.nim).
+
+The following curves are configured:
+
+- Pairing-Friendly curves
+  - BN254_Nogami
+  - BN254_Snarks (Zero-Knowledge Proofs, Snarks, Starks, Zcash, Ethereum 1)
+  - BLS12-377 (Zexe)
+  - BLS12-381 (Algorand, Chia Networks, Dfinity, Ethereum 2, Filecoin, Zcash Sapling)
+  - BW6-671 (Celo, EY Blockchain) (Pairings are WIP)\
+  BLS12-377 is embedded in BW6-761 for one layer proof composition in zk-SNARKS.
+- Embedded curves
+  - Jubjub, a curve embedded in BLS12-381 scalar field to be used in zk-SNARKS circuits.
+  - Bandersnatch, a more efficient curve embedded in BLS12-381 scalar field to be used in zk-SNARKS circuits.
+- Other curves
+  - Curve25519, used in ed25519 and X25519 from TLS 1.3 protocol and the Signal protocol.
+  With Ristretto, it can be used in bulletproofs.
 
 ## Installation
 
@@ -42,62 +98,7 @@ generated incorrect add-with-carry code.
 
 On x86-64, inline assembly is used to workaround compilers having issues optimizing large integer arithmetic,
 and also ensure constant-time code.
-This can be deactivated with `"-d:CttASM=false"`:
-- at a significant performance cost with GCC (~50% slower than Clang).
-- at misssed opportunity on recent CPUs that support MULX/ADCX/ADOX instructions (~60% faster than Clang).
-- There is a 2.4x perf ratio between using plain GCC vs GCC with inline assembly.
 
-## Why Nim
-
-The Nim language offers the following benefits for cryptography:
-- Compilation to machine code via C or C++ or alternatively compilation to Javascript. Easy FFI to those languages.
-  - Obscure embedded devices with proprietary C compilers can be targeted.
-  - WASM can be targeted.
-- Performance reachable in C is reachable in Nim, easily.
-- Rich type system: generics, dependent types, mutability-tracking and side-effect analysis, borrow-checking, compiler enforced distinct types (Miles != Meters, SecretBool != bool and SecretWord != uint64).
-- Compile-time evaluation, including parsing hex string, converting them to BigInt or Finite Field elements and doing bigint operations.
-- Assembly support either inline or ``__attribute__((naked))`` or a simple `{.compile: "myasm.S".}` away
-- No GC if no GC-ed types are used (automatic memory management is set at the type level and optimized for latency/soft-realtime by default and can be totally deactivated).
-- Procedural macros working directly on AST to
-  - create generic curve configuration,
-  - derive constants
-  - write a size-independent inline assembly code generator
-- Upcoming proof system for formal verification via Z3 ([DrNim](https://nim-lang.org/docs/drnim.html), [Correct-by-Construction RFC](https://github.com/nim-lang/RFCs/issues/222))
-
-## Curves supported
-
-At the moment the following curves are supported, adding a new curve only requires adding the prime modulus
-and its bitsize in [constantine/config/curves.nim](constantine/config/curves_declaration.nim).
-
-The following curves are configured:
-
-### Pairing-Friendly curves
-
-Supports:
-- [x] Field arithmetics
-- [x] Curve arithmetic
-- [x] Pairing
-- [x] Multi-Pairing
-- [x] Hash-To-Curve
-
-Families:
-- BN: Barreto-Naehrig
-- BLS: Barreto-Lynn-Scott
-
-Curves:
-- BN254_Nogami
-- BN254_Snarks (Zero-Knowledge Proofs, Snarks, Starks, Zcash, Ethereum 1)
-- BLS12-377 (Zexe)
-- BLS12-381 (Algorand, Chia Networks, Dfinity, Ethereum 2, Filecoin, Zcash Sapling)
-- BW6-671 (Celo, EY Blockchain) (Pairings are WIP)\
-  BLS12-377 is embedded in BW6-761 for one layer proof composition in zk-SNARKS.
-
-### Other curves
-
-- Curve25519, used in ed25519 and X25519 from TLS 1.3 protocol and the Signal protocol.
-  With Ristretto, it can be used in bulletproofs.
-- Jubjub, a curve embedded in BLS12-381 scalar field to be used in zk-SNARKS circuits.
-- Bandersnatch, a more efficient curve embedded in BLS12-381 scalar field to be used in zk-SNARKS circuits.
 ## Security
 
 Hardening an implementation against all existing and upcoming attack vectors is an extremely complex task.
@@ -176,118 +177,57 @@ nimble bench_fp_clang_noasm # Using Clang only (acceptable)
 nimble bench_fp_gcc         # Using GCC only (slowest)
 nimble bench_fp2
 # ...
-nimble bench_ec_g1
-nimble bench_ec_g2
-nimble bench_pairing_bn254_nogami
-nimble bench_pairing_bn254_snarks
-nimble bench_pairing_bls12_377
-nimble bench_pairing_bls12_381
+nimble bench_ec_g1_clang
+nimble bench_ec_g2_clang
+nimble bench_pairing_bn254_nogami_clang
+nimble bench_pairing_bn254_snarks_clang
+nimble bench_pairing_bls12_377_clang
+nimble bench_pairing_bls12_381_clang
 
 # And per-curve summaries
-nimble bench_summary_bn254_nogami
-nimble bench_summary_bn254_snarks
-nimble bench_summary_bls12_377
-nimble bench_summary_bls12_381
+nimble bench_summary_bn254_nogami_clang
+nimble bench_summary_bn254_snarks_clang
+nimble bench_summary_bls12_377_clang
+nimble bench_summary_bls12_381_clang
 ```
 
 As mentioned in the [Compiler caveats](#compiler-caveats) section, GCC is up to 2x slower than Clang due to mishandling of carries and register usage.
 
-On my machine i9-9980XE (overclocked @ 3.9 GHz, nominal clock 3.0 GHz), for Clang + Assembly, **all being constant-time** (including scalar multiplication, square root and inversion).
-
-#### BN254_Snarks (Clang + inline assembly)
-
-```
---------------------------------------------------------------------------------------------------------------------------------------------------------
-Multiplication                      Fr[BN254_Snarks]                            66666666.667 ops/s            15 ns/op            47 CPU cycles (approx)
-Squaring                            Fr[BN254_Snarks]                            71428571.429 ops/s            14 ns/op            42 CPU cycles (approx)
---------------------------------------------------------------------------------------------------------------------------------------------------------
-Multiplication                      Fp[BN254_Snarks]                            66666666.667 ops/s            15 ns/op            47 CPU cycles (approx)
-Squaring                            Fp[BN254_Snarks]                            71428571.429 ops/s            14 ns/op            42 CPU cycles (approx)
-Inversion                           Fp[BN254_Snarks]                              189537.528 ops/s          5276 ns/op         15828 CPU cycles (approx)
-Square Root + isSquare              Fp[BN254_Snarks]                              189358.076 ops/s          5281 ns/op         15843 CPU cycles (approx)
---------------------------------------------------------------------------------------------------------------------------------------------------------
-Multiplication                      Fp2[BN254_Snarks]                           18867924.528 ops/s            53 ns/op           160 CPU cycles (approx)
-Squaring                            Fp2[BN254_Snarks]                           25641025.641 ops/s            39 ns/op           119 CPU cycles (approx)
-Inversion                           Fp2[BN254_Snarks]                             186776.242 ops/s          5354 ns/op         16064 CPU cycles (approx)
-Square Root + isSquare              Fp2[BN254_Snarks]                              92790.201 ops/s         10777 ns/op         32332 CPU cycles (approx)
---------------------------------------------------------------------------------------------------------------------------------------------------------
-EC Add G1                           ECP_ShortW_Prj[Fp[BN254_Snarks]]             3731343.284 ops/s           268 ns/op           806 CPU cycles (approx)
-EC Mixed Addition G1                ECP_ShortW_Prj[Fp[BN254_Snarks]]             3952569.170 ops/s           253 ns/op           761 CPU cycles (approx)
-EC Double G1                        ECP_ShortW_Prj[Fp[BN254_Snarks]]             6024096.386 ops/s           166 ns/op           500 CPU cycles (approx)
-EC ScalarMul 254-bit G1             ECP_ShortW_Prj[Fp[BN254_Snarks]]               23140.113 ops/s         43215 ns/op        129647 CPU cycles (approx)
---------------------------------------------------------------------------------------------------------------------------------------------------------
-EC Add G1                           ECP_ShortW_Jac[Fp[BN254_Snarks]]             2985074.627 ops/s           335 ns/op          1005 CPU cycles (approx)
-EC Mixed Addition G1                ECP_ShortW_Jac[Fp[BN254_Snarks]]             4184100.418 ops/s           239 ns/op           718 CPU cycles (approx)
-EC Double G1                        ECP_ShortW_Jac[Fp[BN254_Snarks]]             6410256.410 ops/s           156 ns/op           469 CPU cycles (approx)
-EC ScalarMul 254-bit G1             ECP_ShortW_Jac[Fp[BN254_Snarks]]               21458.307 ops/s         46602 ns/op        139809 CPU cycles (approx)
---------------------------------------------------------------------------------------------------------------------------------------------------------
-EC Add G2                           ECP_ShortW_Prj[Fp2[BN254_Snarks]]            1061571.125 ops/s           942 ns/op          2826 CPU cycles (approx)
-EC Mixed Addition G2                ECP_ShortW_Prj[Fp2[BN254_Snarks]]            1183431.953 ops/s           845 ns/op          2536 CPU cycles (approx)
-EC Double G2                        ECP_ShortW_Prj[Fp2[BN254_Snarks]]            1821493.625 ops/s           549 ns/op          1649 CPU cycles (approx)
-EC ScalarMul 254-bit G2             ECP_ShortW_Prj[Fp2[BN254_Snarks]]               9259.602 ops/s        107996 ns/op        323995 CPU cycles (approx)
---------------------------------------------------------------------------------------------------------------------------------------------------------
-EC Add G2                           ECP_ShortW_Jac[Fp2[BN254_Snarks]]            1092896.175 ops/s           915 ns/op          2747 CPU cycles (approx)
-EC Mixed Addition G2                ECP_ShortW_Jac[Fp2[BN254_Snarks]]            1577287.066 ops/s           634 ns/op          1904 CPU cycles (approx)
-EC Double G2                        ECP_ShortW_Jac[Fp2[BN254_Snarks]]            2570694.087 ops/s           389 ns/op          1167 CPU cycles (approx)
-EC ScalarMul 254-bit G2             ECP_ShortW_Jac[Fp2[BN254_Snarks]]              10358.615 ops/s         96538 ns/op        289621 CPU cycles (approx)
---------------------------------------------------------------------------------------------------------------------------------------------------------
-Multiplication                      Fp12[BN254_Snarks]                            691085.003 ops/s          1447 ns/op          4342 CPU cycles (approx)
-Squaring                            Fp12[BN254_Snarks]                            893655.049 ops/s          1119 ns/op          3357 CPU cycles (approx)
-Inversion                           Fp12[BN254_Snarks]                            121876.904 ops/s          8205 ns/op         24617 CPU cycles (approx)
---------------------------------------------------------------------------------------------------------------------------------------------------------
-Miller Loop BN                      BN254_Snarks                                    4635.102 ops/s        215745 ns/op        647249 CPU cycles (approx)
-Final Exponentiation BN             BN254_Snarks                                    4011.038 ops/s        249312 ns/op        747950 CPU cycles (approx)
-Pairing BN                          BN254_Snarks                                    2158.047 ops/s        463382 ns/op       1390175 CPU cycles (approx)
---------------------------------------------------------------------------------------------------------------------------------------------------------
-```
+On my machine i9-11980HK (8 cores 2.6GHz, turbo 5GHz), for Clang + Assembly, **all being constant-time** (including scalar multiplication, square root and inversion).
 
 #### BLS12_381 (Clang + inline Assembly)
 
 ```
 --------------------------------------------------------------------------------------------------------------------------------------------------------
-Multiplication                      Fr[BLS12_381]                               66666666.667 ops/s            15 ns/op            47 CPU cycles (approx)
-Squaring                            Fr[BLS12_381]                               71428571.429 ops/s            14 ns/op            43 CPU cycles (approx)
+EC ScalarMul 255-bit G1             ECP_ShortW_Prj[Fp[BLS12_381]]                  16086.740 ops/s         62163 ns/op        205288 CPU cycles (approx)
+EC ScalarMul 255-bit G1             ECP_ShortW_Jac[Fp[BLS12_381]]                  16670.834 ops/s         59985 ns/op        198097 CPU cycles (approx)
+EC ScalarMul 255-bit G2             ECP_ShortW_Prj[Fp2[BLS12_381]]                  8333.403 ops/s        119999 ns/op        396284 CPU cycles (approx)
+EC ScalarMul 255-bit G2             ECP_ShortW_Jac[Fp2[BLS12_381]]                  9300.682 ops/s        107519 ns/op        355071 CPU cycles (approx)
 --------------------------------------------------------------------------------------------------------------------------------------------------------
-Multiplication                      Fp[BLS12_381]                               35714285.714 ops/s            28 ns/op            84 CPU cycles (approx)
-Squaring                            Fp[BLS12_381]                               35714285.714 ops/s            28 ns/op            84 CPU cycles (approx)
-Inversion                           Fp[BLS12_381]                                  70131.145 ops/s         14259 ns/op         42780 CPU cycles (approx)
-Square Root + isSquare              Fp[BLS12_381]                                  69793.412 ops/s         14328 ns/op         42986 CPU cycles (approx)
+Miller Loop BLS12                   BLS12_381                                       5102.223 ops/s        195993 ns/op        647251 CPU cycles (approx)
+Final Exponentiation BLS12          BLS12_381                                       4209.109 ops/s        237580 ns/op        784588 CPU cycles (approx)
+Pairing BLS12                       BLS12_381                                       2343.045 ops/s        426795 ns/op       1409453 CPU cycles (approx)
 --------------------------------------------------------------------------------------------------------------------------------------------------------
-Multiplication                      Fp2[BLS12_381]                              10526315.789 ops/s            95 ns/op           287 CPU cycles (approx)
-Squaring                            Fp2[BLS12_381]                              14084507.042 ops/s            71 ns/op           213 CPU cycles (approx)
-Inversion                           Fp2[BLS12_381]                                 69376.995 ops/s         14414 ns/op         43242 CPU cycles (approx)
-Square Root + isSquare              Fp2[BLS12_381]                                 34526.810 ops/s         28963 ns/op         86893 CPU cycles (approx)
---------------------------------------------------------------------------------------------------------------------------------------------------------
-EC Add G1                           ECP_ShortW_Prj[Fp[BLS12_381]]                2127659.574 ops/s           470 ns/op          1412 CPU cycles (approx)
-EC Mixed Addition G1                ECP_ShortW_Prj[Fp[BLS12_381]]                2415458.937 ops/s           414 ns/op          1243 CPU cycles (approx)
-EC Double G1                        ECP_ShortW_Prj[Fp[BLS12_381]]                3412969.283 ops/s           293 ns/op           881 CPU cycles (approx)
-EC ScalarMul 255-bit G1             ECP_ShortW_Prj[Fp[BLS12_381]]                  13218.596 ops/s         75651 ns/op        226959 CPU cycles (approx)
---------------------------------------------------------------------------------------------------------------------------------------------------------
-EC Add G1                           ECP_ShortW_Jac[Fp[BLS12_381]]                1757469.244 ops/s           569 ns/op          1708 CPU cycles (approx)
-EC Mixed Addition G1                ECP_ShortW_Jac[Fp[BLS12_381]]                2433090.024 ops/s           411 ns/op          1235 CPU cycles (approx)
-EC Double G1                        ECP_ShortW_Jac[Fp[BLS12_381]]                3636363.636 ops/s           275 ns/op           826 CPU cycles (approx)
-EC ScalarMul 255-bit G1             ECP_ShortW_Jac[Fp[BLS12_381]]                  12390.499 ops/s         80707 ns/op        242126 CPU cycles (approx)
---------------------------------------------------------------------------------------------------------------------------------------------------------
-EC Add G2                           ECP_ShortW_Prj[Fp2[BLS12_381]]                710227.273 ops/s          1408 ns/op          4225 CPU cycles (approx)
-EC Mixed Addition G2                ECP_ShortW_Prj[Fp2[BLS12_381]]                800640.512 ops/s          1249 ns/op          3748 CPU cycles (approx)
-EC Double G2                        ECP_ShortW_Prj[Fp2[BLS12_381]]               1179245.283 ops/s           848 ns/op          2545 CPU cycles (approx)
-EC ScalarMul 255-bit G2             ECP_ShortW_Prj[Fp2[BLS12_381]]                  6179.171 ops/s        161834 ns/op        485514 CPU cycles (approx)
---------------------------------------------------------------------------------------------------------------------------------------------------------
-EC Add G2                           ECP_ShortW_Jac[Fp2[BLS12_381]]                631711.939 ops/s          1583 ns/op          4751 CPU cycles (approx)
-EC Mixed Addition G2                ECP_ShortW_Jac[Fp2[BLS12_381]]                900900.901 ops/s          1110 ns/op          3332 CPU cycles (approx)
-EC Double G2                        ECP_ShortW_Jac[Fp2[BLS12_381]]               1501501.502 ops/s           666 ns/op          1999 CPU cycles (approx)
-EC ScalarMul 255-bit G2             ECP_ShortW_Jac[Fp2[BLS12_381]]                  6067.519 ops/s        164812 ns/op        494446 CPU cycles (approx)
---------------------------------------------------------------------------------------------------------------------------------------------------------
-Multiplication                      Fp12[BLS12_381]                               504540.868 ops/s          1982 ns/op          5949 CPU cycles (approx)
-Squaring                            Fp12[BLS12_381]                               688231.246 ops/s          1453 ns/op          4360 CPU cycles (approx)
-Inversion                           Fp12[BLS12_381]                                54279.976 ops/s         18423 ns/op         55271 CPU cycles (approx)
---------------------------------------------------------------------------------------------------------------------------------------------------------
-Miller Loop BLS12                   BLS12_381                                       3856.953 ops/s        259272 ns/op        777833 CPU cycles (approx)
-Final Exponentiation BLS12          BLS12_381                                       2526.465 ops/s        395810 ns/op       1187454 CPU cycles (approx)
-Pairing BLS12                       BLS12_381                                       1548.870 ops/s        645632 ns/op       1936937 CPU cycles (approx)
+Hash to G2 (Draft #11)              BLS12_381                                       6558.495 ops/s        152474 ns/op        503531 CPU cycles (approx)
 --------------------------------------------------------------------------------------------------------------------------------------------------------
 ```
 
+## Why Nim
+
+The Nim language offers the following benefits for cryptography:
+- Compilation to machine code via C or C++ or alternatively compilation to Javascript. Easy FFI to those languages.
+  - Obscure embedded devices with proprietary C compilers can be targeted.
+  - WASM can be targeted.
+- Performance reachable in C is reachable in Nim, easily.
+- Rich type system: generics, dependent types, mutability-tracking and side-effect analysis, borrow-checking, compiler enforced distinct types (Miles != Meters, SecretBool != bool and SecretWord != uint64).
+- Compile-time evaluation, including parsing hex string, converting them to BigInt or Finite Field elements and doing bigint operations.
+- Assembly support either inline or ``__attribute__((naked))`` or a simple `{.compile: "myasm.S".}` away
+- No GC if no GC-ed types are used (automatic memory management is set at the type level and optimized for latency/soft-realtime by default and can be totally deactivated).
+- Procedural macros working directly on AST to
+  - create generic curve configuration,
+  - derive constants
+  - write a size-independent inline assembly code generator
+- Upcoming proof system for formal verification via Z3 ([DrNim](https://nim-lang.org/docs/drnim.html), [Correct-by-Construction RFC](https://github.com/nim-lang/RFCs/issues/222))
 ### Compiler caveats
 
 Unfortunately compilers and in particular GCC are not very good at optimizing big integers and/or cryptographic code even when using intrinsics like `addcarry_u64`.
@@ -346,9 +286,6 @@ add256:
         adcq    %rax, 24(%rdi)
         retq
 ```
-
-As a workaround key procedures use inline assembly.
-
 ### Inline assembly
 
 While using intrinsics significantly improve code readability, portability, auditability and maintainability,
@@ -357,6 +294,15 @@ and also to use dedicated large integer instructions MULX, ADCX, ADOX that compi
 
 The speed improvement on finite field arithmetic is up 60% with MULX, ADCX, ADOX on BLS12-381 (6 limbs).
 
+Finally assembly is a requirement to ensure constant-time property and to avoid compilers turning careful
+branchless code into branches, see [Fighting the compiler (wiki)](https://github.com/mratsim/constantine/wiki/Constant-time-arithmetics#fighting-the-compiler)
+
+In summary, pure C/C++/Nim implies:
+- a smart compiler might unravel the constant time bit manipulation and reintroduce branches.
+- a significant performance cost with GCC (~50% slower than Clang).
+- missed opportunities on recent CPUs that support MULX/ADCX/ADOX instructions (~60% faster than Clang).
+- 2.4x perf ratio between using plain GCC vs GCC with inline assembly.
+
 ## Sizes: code size, stack usage
 
 Thanks to 10x smaller key sizes for the same security level as RSA, elliptic curve cryptography
@@ -369,15 +315,6 @@ At the moment Constantine is optimized for 32-bit and 64-bit CPUs.
 
 When performance and code size conflicts, a careful and informed default is chosen.
 In the future, a compile-time flag that goes beyond the compiler `-Os` might be provided.
-
-### Example tradeoff
-
-Unrolling Montgomery Multiplication brings about 15% performance improvement
-which translate to ~15% on all operations in Constantine as field multiplication bottlenecks
-all cryptographic primitives.
-This is considered a worthwhile tradeoff on all but the most constrained CPUs
-with those CPUs probably being 8-bit or 16-bit.
-
 ## License
 
 Licensed and distributed under either of

benchmarks/bench_blueprint.nim

@@ -14,7 +14,7 @@
 
 import
   # Internal
-  ../constantine/config/common,
+  ../constantine/backend/config/common,
   # Helpers
   ../helpers/prng_unsafe,
   ./platforms,

benchmarks/bench_ec_g1.nim

@@ -8,9 +8,9 @@
 
 import
   # Internals
-  ../constantine/config/curves,
-  ../constantine/arithmetic,
-  ../constantine/elliptic/[
+  ../constantine/backend/config/curves,
+  ../constantine/backend/arithmetic,
+  ../constantine/backend/elliptic/[
     ec_shortweierstrass_projective,
     ec_shortweierstrass_jacobian],
   # Helpers

benchmarks/bench_ec_g2.nim

@@ -8,10 +8,10 @@
 
 import
   # Internals
-  ../constantine/config/curves,
-  ../constantine/arithmetic,
-  ../constantine/towers,
-  ../constantine/elliptic/[
+  ../constantine/backend/config/curves,
+  ../constantine/backend/arithmetic,
+  ../constantine/backend/towers,
+  ../constantine/backend/elliptic/[
     ec_shortweierstrass_projective,
     ec_shortweierstrass_jacobian],
   # Helpers

benchmarks/bench_elliptic_template.nim

@@ -14,10 +14,10 @@
 
 import
   # Internals
-  ../constantine/config/[curves, common],
-  ../constantine/arithmetic,
-  ../constantine/io/io_bigints,
-  ../constantine/elliptic/[
+  ../constantine/backend/config/[curves, common],
+  ../constantine/backend/arithmetic,
+  ../constantine/backend/io/io_bigints,
+  ../constantine/backend/elliptic/[
     ec_shortweierstrass_affine,
     ec_shortweierstrass_projective,
     ec_shortweierstrass_jacobian,
@@ -27,7 +27,7 @@ import
   ./platforms,
   ./bench_blueprint,
   # Reference unsafe scalar multiplication
-  ../tests/support/ec_reference_scalar_mult
+  ../tests/backend/support/ec_reference_scalar_mult
 
 export notes
 proc separator*() = separator(177)

benchmarks/bench_fields_template.nim

@@ -14,10 +14,10 @@
 
 import
   # Internals
-  ../constantine/config/[common, curves],
-  ../constantine/arithmetic,
-  ../constantine/towers,
-  ../constantine/curves/zoo_square_roots,
+  ../constantine/backend/config/[common, curves],
+  ../constantine/backend/arithmetic,
+  ../constantine/backend/towers,
+  ../constantine/backend/curves/zoo_square_roots,
   # Helpers
   ../helpers/prng_unsafe,
   ./bench_blueprint

benchmarks/bench_fp.nim

@@ -8,10 +8,10 @@
 
 import
   # Internals
-  ../constantine/config/[curves, common],
-  ../constantine/arithmetic,
-  ../constantine/io/io_bigints,
-  ../constantine/curves/zoo_square_roots,
+  ../constantine/backend/config/[curves, common],
+  ../constantine/backend/arithmetic,
+  ../constantine/backend/io/io_bigints,
+  ../constantine/backend/curves/zoo_square_roots,
   # Helpers
   ../helpers/static_for,
   ./bench_fields_template

benchmarks/bench_fp12.nim

@@ -8,8 +8,8 @@
 
 import
   # Internals
-  ../constantine/config/curves,
-  ../constantine/towers,
+  ../constantine/backend/config/curves,
+  ../constantine/backend/towers,
   # Helpers
   ../helpers/static_for,
   ./bench_fields_template,

benchmarks/bench_fp2.nim

@@ -8,8 +8,8 @@
 
 import
   # Internals
-  ../constantine/config/curves,
-  ../constantine/towers,
+  ../constantine/backend/config/curves,
+  ../constantine/backend/towers,
   # Helpers
   ../helpers/static_for,
   ./bench_fields_template,

benchmarks/bench_fp4.nim

@@ -8,8 +8,8 @@
 
 import
   # Internals
-  ../constantine/config/curves,
-  ../constantine/towers,
+  ../constantine/backend/config/curves,
+  ../constantine/backend/towers,
   # Helpers
   ../helpers/static_for,
   ./bench_fields_template,

benchmarks/bench_fp6.nim

@@ -8,8 +8,8 @@
 
 import
   # Internals
-  ../constantine/config/curves,
-  ../constantine/towers,
+  ../constantine/backend/config/curves,
+  ../constantine/backend/towers,
   # Helpers
   ../helpers/static_for,
   ./bench_fields_template,

benchmarks/bench_fp_double_precision.nim

@@ -14,9 +14,9 @@
 
 import
   # Internals
-  ../constantine/config/[curves, common],
-  ../constantine/arithmetic,
-  ../constantine/towers,
+  ../constantine/backend/config/[curves, common],
+  ../constantine/backend/arithmetic,
+  ../constantine/backend/towers,
   # Helpers
   ../helpers/[prng_unsafe, static_for],
   ./platforms,

benchmarks/bench_hash_to_curve.nim

@@ -8,13 +8,13 @@
 
 import
   # Internals
-  ../constantine/config/[common, curves, type_bigint, type_ff],
-  ../constantine/[towers, hashes],
-  ../constantine/io/[io_bigints, io_ec],
-  ../constantine/elliptic/[
+  ../constantine/backend/config/[common, curves, type_bigint, type_ff],
+  ../constantine/backend/[towers, hashes],
+  ../constantine/backend/io/[io_bigints, io_ec],
+  ../constantine/backend/elliptic/[
     ec_shortweierstrass_affine,
     ec_shortweierstrass_projective],
-  ../constantine/hash_to_curve/hash_to_curve,
+  ../constantine/backend/hash_to_curve/hash_to_curve,
   # Helpers
   ../helpers/prng_unsafe,
   ./bench_blueprint

benchmarks/bench_pairing_bls12_377.nim

@@ -8,9 +8,9 @@
 
 import
   # Internals
-  ../constantine/config/curves,
-  ../constantine/arithmetic,
-  ../constantine/towers,
+  ../constantine/backend/config/curves,
+  ../constantine/backend/arithmetic,
+  ../constantine/backend/towers,
   # Helpers
   ../helpers/static_for,
   ./bench_pairing_template,

benchmarks/bench_pairing_bls12_381.nim

@@ -8,9 +8,9 @@
 
 import
   # Internals
-  ../constantine/config/curves,
-  ../constantine/arithmetic,
-  ../constantine/towers,
+  ../constantine/backend/config/curves,
+  ../constantine/backend/arithmetic,
+  ../constantine/backend/towers,
   # Helpers
   ../helpers/static_for,
   ./bench_pairing_template,

benchmarks/bench_pairing_bn254_nogami.nim

@@ -8,9 +8,9 @@
 
 import
   # Internals
-  ../constantine/config/curves,
-  ../constantine/arithmetic,
-  ../constantine/towers,
+  ../constantine/backend/config/curves,
+  ../constantine/backend/arithmetic,
+  ../constantine/backend/towers,
   # Helpers
   ../helpers/static_for,
   ./bench_pairing_template,

benchmarks/bench_pairing_bn254_snarks.nim

@@ -8,9 +8,9 @@
 
 import
   # Internals
-  ../constantine/config/curves,
-  ../constantine/arithmetic,
-  ../constantine/towers,
+  ../constantine/backend/config/curves,
+  ../constantine/backend/arithmetic,
+  ../constantine/backend/towers,
   # Helpers
   ../helpers/static_for,
   ./bench_pairing_template,

benchmarks/bench_pairing_template.nim

@@ -14,18 +14,18 @@
 
 import
   # Internals
-  ../constantine/config/[curves, common],
-  ../constantine/arithmetic,
-  ../constantine/towers,
-  ../constantine/ec_shortweierstrass,
-  ../constantine/curves/zoo_subgroups,
-  ../constantine/pairing/[
+  ../constantine/backend/config/[curves, common],
+  ../constantine/backend/arithmetic,
+  ../constantine/backend/towers,
+  ../constantine/backend/ec_shortweierstrass,
+  ../constantine/backend/curves/zoo_subgroups,
+  ../constantine/backend/pairing/[
     cyclotomic_subgroup,
     lines_eval,
     pairing_bls12,
     pairing_bn
   ],
-  ../constantine/curves/zoo_pairings,
+  ../constantine/backend/curves/zoo_pairings,
   # Helpers
   ../helpers/prng_unsafe,
   ./bench_blueprint

benchmarks/bench_sha256.nim

@@ -1,6 +1,6 @@
 import
   # Internals
-  ../constantine/hashes,
+  ../constantine/backend/hashes,
   # Helpers
   ../helpers/prng_unsafe,
   ./bench_blueprint

benchmarks/bench_summary_bls12_377.nim

@@ -8,9 +8,9 @@
 
 import
   # Internals
-  ../constantine/config/curves,
-  ../constantine/arithmetic,
-  ../constantine/towers,
+  ../constantine/backend/config/curves,
+  ../constantine/backend/arithmetic,
+  ../constantine/backend/towers,
   # Helpers
   ../helpers/static_for,
   ./bench_summary_template,

benchmarks/bench_summary_bls12_381.nim

@@ -8,9 +8,9 @@
 
 import
   # Internals
-  ../constantine/config/curves,
-  ../constantine/arithmetic,
-  ../constantine/towers,
+  ../constantine/backend/config/curves,
+  ../constantine/backend/arithmetic,
+  ../constantine/backend/towers,
   # Helpers
   ../helpers/static_for,
   ./bench_summary_template,

benchmarks/bench_summary_bn254_nogami.nim

@@ -8,9 +8,9 @@
 
 import
   # Internals
-  ../constantine/config/curves,
-  ../constantine/arithmetic,
-  ../constantine/towers,
+  ../constantine/backend/config/curves,
+  ../constantine/backend/arithmetic,
+  ../constantine/backend/towers,
   # Helpers
   ../helpers/static_for,
   ./bench_summary_template,

benchmarks/bench_summary_bn254_snarks.nim

@@ -8,9 +8,9 @@
 
 import
   # Internals
-  ../constantine/config/curves,
-  ../constantine/arithmetic,
-  ../constantine/towers,
+  ../constantine/backend/config/curves,
+  ../constantine/backend/arithmetic,
+  ../constantine/backend/towers,
   # Helpers
   ../helpers/static_for,
   ./bench_summary_template,

benchmarks/bench_summary_template.nim

@@ -14,21 +14,21 @@
 
 import
   # Internals
-  ../constantine/config/[curves, common],
-  ../constantine/[arithmetic, hashes, towers],
-  ../constantine/elliptic/[
+  ../constantine/backend/config/[curves, common],
+  ../constantine/backend/[arithmetic, hashes, towers],
+  ../constantine/backend/elliptic/[
     ec_shortweierstrass_affine,
     ec_shortweierstrass_projective,
     ec_shortweierstrass_jacobian,
     ec_scalar_mul, ec_endomorphism_accel],
-  ../constantine/curves/zoo_subgroups,
-  ../constantine/hash_to_curve/hash_to_curve,
-  ../constantine/pairing/[
+  ../constantine/backend/curves/zoo_subgroups,
+  ../constantine/backend/hash_to_curve/hash_to_curve,
+  ../constantine/backend/pairing/[
     cyclotomic_subgroup,
     pairing_bls12,
     pairing_bn
   ],
-  ../constantine/curves/zoo_pairings,
+  ../constantine/backend/curves/zoo_pairings,
   # Helpers
   ../helpers/[prng_unsafe, static_for],
   ./bench_blueprint

constantine.nimble

@@ -23,194 +23,194 @@ const buildParallel = "test_parallel.txt"
 const testDesc: seq[tuple[path: string, useGMP: bool]] = @[
   # Primitives
   # ----------------------------------------------------------
-  ("tests/t_primitives.nim", false),
-  ("tests/t_primitives_extended_precision.nim", false),
+  ("tests/backend/t_primitives.nim", false),
+  ("tests/backend/t_primitives_extended_precision.nim", false),
   # Big ints
   # ----------------------------------------------------------
-  ("tests/t_io_bigints.nim", false),
-  ("tests/t_io_unsaturated.nim", false),
-  ("tests/t_bigints.nim", false),
-  ("tests/t_bigints_multimod.nim", false),
-  ("tests/t_bigints_mod_vs_gmp.nim", true),
-  ("tests/t_bigints_mul_vs_gmp.nim", true),
-  ("tests/t_bigints_mul_high_words_vs_gmp.nim", true),
+  ("tests/backend/t_io_bigints.nim", false),
+  ("tests/backend/t_io_unsaturated.nim", false),
+  ("tests/backend/t_bigints.nim", false),
+  ("tests/backend/t_bigints_multimod.nim", false),
+  ("tests/backend/t_bigints_mod_vs_gmp.nim", true),
+  ("tests/backend/t_bigints_mul_vs_gmp.nim", true),
+  ("tests/backend/t_bigints_mul_high_words_vs_gmp.nim", true),
   # Field
   # ----------------------------------------------------------
-  ("tests/t_io_fields", false),
-  ("tests/t_finite_fields.nim", false),
-  ("tests/t_finite_fields_conditional_arithmetic.nim", false),
-  ("tests/t_finite_fields_mulsquare.nim", false),
-  ("tests/t_finite_fields_sqrt.nim", false),
-  ("tests/t_finite_fields_powinv.nim", false),
-  ("tests/t_finite_fields_vs_gmp.nim", true),
-  ("tests/t_fp_cubic_root.nim", false),
+  ("tests/backend/t_io_fields", false),
+  ("tests/backend/t_finite_fields.nim", false),
+  ("tests/backend/t_finite_fields_conditional_arithmetic.nim", false),
+  ("tests/backend/t_finite_fields_mulsquare.nim", false),
+  ("tests/backend/t_finite_fields_sqrt.nim", false),
+  ("tests/backend/t_finite_fields_powinv.nim", false),
+  ("tests/backend/t_finite_fields_vs_gmp.nim", true),
+  ("tests/backend/t_fp_cubic_root.nim", false),
   # Double-precision finite fields
   # ----------------------------------------------------------
-  ("tests/t_finite_fields_double_precision.nim", false),
+  ("tests/backend/t_finite_fields_double_precision.nim", false),
   # Towers of extension fields
   # ----------------------------------------------------------
-  ("tests/t_fp2.nim", false),
-  ("tests/t_fp2_sqrt.nim", false),
-  ("tests/t_fp4.nim", false),
-  ("tests/t_fp6_bn254_snarks.nim", false),
-  ("tests/t_fp6_bls12_377.nim", false),
-  ("tests/t_fp6_bls12_381.nim", false),
-  ("tests/t_fp6_bw6_761.nim", false),
-  ("tests/t_fp12_bn254_snarks.nim", false),
-  ("tests/t_fp12_bls12_377.nim", false),
-  ("tests/t_fp12_bls12_381.nim", false),
-  ("tests/t_fp12_exponentiation.nim", false),
-  ("tests/t_fp12_anti_regression.nim", false),
+  ("tests/backend/t_fp2.nim", false),
+  ("tests/backend/t_fp2_sqrt.nim", false),
+  ("tests/backend/t_fp4.nim", false),
+  ("tests/backend/t_fp6_bn254_snarks.nim", false),
+  ("tests/backend/t_fp6_bls12_377.nim", false),
+  ("tests/backend/t_fp6_bls12_381.nim", false),
+  ("tests/backend/t_fp6_bw6_761.nim", false),
+  ("tests/backend/t_fp12_bn254_snarks.nim", false),
+  ("tests/backend/t_fp12_bls12_377.nim", false),
+  ("tests/backend/t_fp12_bls12_381.nim", false),
+  ("tests/backend/t_fp12_exponentiation.nim", false),
+  ("tests/backend/t_fp12_anti_regression.nim", false),
 
-  ("tests/t_fp4_frobenius.nim", false),
-  ("tests/t_fp6_frobenius.nim", false),
-  ("tests/t_fp12_frobenius.nim", false),
+  ("tests/backend/t_fp4_frobenius.nim", false),
+  ("tests/backend/t_fp6_frobenius.nim", false),
+  ("tests/backend/t_fp12_frobenius.nim", false),
 
   # Elliptic curve arithmetic 
   # ----------------------------------------------------------
-  ("tests/t_ec_conversion.nim", false),
+  ("tests/backend/t_ec_conversion.nim", false),
 
   # Elliptic curve arithmetic G1
   # ----------------------------------------------------------
-  # ("tests/t_ec_shortw_prj_g1_add_double.nim", false),
-  # ("tests/t_ec_shortw_prj_g1_mul_sanity.nim", false),
-  # ("tests/t_ec_shortw_prj_g1_mul_distri.nim", false),
-  ("tests/t_ec_shortw_prj_g1_mul_vs_ref.nim", false),
-  ("tests/t_ec_shortw_prj_g1_mixed_add.nim", false),
+  # ("tests/backend/t_ec_shortw_prj_g1_add_double.nim", false),
+  # ("tests/backend/t_ec_shortw_prj_g1_mul_sanity.nim", false),
+  # ("tests/backend/t_ec_shortw_prj_g1_mul_distri.nim", false),
+  ("tests/backend/t_ec_shortw_prj_g1_mul_vs_ref.nim", false),
+  ("tests/backend/t_ec_shortw_prj_g1_mixed_add.nim", false),
 
-  # ("tests/t_ec_shortw_jac_g1_add_double.nim", false),
-  # ("tests/t_ec_shortw_jac_g1_mul_sanity.nim", false),
-  # ("tests/t_ec_shortw_jac_g1_mul_distri.nim", false),
-  ("tests/t_ec_shortw_jac_g1_mul_vs_ref.nim", false),
-  ("tests/t_ec_shortw_jac_g1_mixed_add.nim", false),
+  # ("tests/backend/t_ec_shortw_jac_g1_add_double.nim", false),
+  # ("tests/backend/t_ec_shortw_jac_g1_mul_sanity.nim", false),
+  # ("tests/backend/t_ec_shortw_jac_g1_mul_distri.nim", false),
+  ("tests/backend/t_ec_shortw_jac_g1_mul_vs_ref.nim", false),
+  ("tests/backend/t_ec_shortw_jac_g1_mixed_add.nim", false),
 
-  ("tests/t_ec_twedwards_prj_add_double", false),
-  ("tests/t_ec_twedwards_prj_mul_sanity", false),
-  ("tests/t_ec_twedwards_prj_mul_distri", false),
+  ("tests/backend/t_ec_twedwards_prj_add_double", false),
+  ("tests/backend/t_ec_twedwards_prj_mul_sanity", false),
+  ("tests/backend/t_ec_twedwards_prj_mul_distri", false),
  
 
   # Elliptic curve arithmetic G2
   # ----------------------------------------------------------
-  # ("tests/t_ec_shortw_prj_g2_add_double_bn254_snarks.nim", false),
-  # ("tests/t_ec_shortw_prj_g2_mul_sanity_bn254_snarks.nim", false),
-  # ("tests/t_ec_shortw_prj_g2_mul_distri_bn254_snarks.nim", false),
-  ("tests/t_ec_shortw_prj_g2_mul_vs_ref_bn254_snarks.nim", false),
-  ("tests/t_ec_shortw_prj_g2_mixed_add_bn254_snarks.nim", false),
+  # ("tests/backend/t_ec_shortw_prj_g2_add_double_bn254_snarks.nim", false),
+  # ("tests/backend/t_ec_shortw_prj_g2_mul_sanity_bn254_snarks.nim", false),
+  # ("tests/backend/t_ec_shortw_prj_g2_mul_distri_bn254_snarks.nim", false),
+  ("tests/backend/t_ec_shortw_prj_g2_mul_vs_ref_bn254_snarks.nim", false),
+  ("tests/backend/t_ec_shortw_prj_g2_mixed_add_bn254_snarks.nim", false),
 
-  # ("tests/t_ec_shortw_prj_g2_add_double_bls12_381.nim", false),
-  # ("tests/t_ec_shortw_prj_g2_mul_sanity_bls12_381.nim", false),
-  # ("tests/t_ec_shortw_prj_g2_mul_distri_bls12_381.nim", false),
-  ("tests/t_ec_shortw_prj_g2_mul_vs_ref_bls12_381.nim", false),
-  ("tests/t_ec_shortw_prj_g2_mixed_add_bls12_381.nim", false),
+  # ("tests/backend/t_ec_shortw_prj_g2_add_double_bls12_381.nim", false),
+  # ("tests/backend/t_ec_shortw_prj_g2_mul_sanity_bls12_381.nim", false),
+  # ("tests/backend/t_ec_shortw_prj_g2_mul_distri_bls12_381.nim", false),
+  ("tests/backend/t_ec_shortw_prj_g2_mul_vs_ref_bls12_381.nim", false),
+  ("tests/backend/t_ec_shortw_prj_g2_mixed_add_bls12_381.nim", false),
 
-  # ("tests/t_ec_shortw_prj_g2_add_double_bls12_377.nim", false),
-  # ("tests/t_ec_shortw_prj_g2_mul_sanity_bls12_377.nim", false),
-  # ("tests/t_ec_shortw_prj_g2_mul_distri_bls12_377.nim", false),
-  ("tests/t_ec_shortw_prj_g2_mul_vs_ref_bls12_377.nim", false),
-  ("tests/t_ec_shortw_prj_g2_mixed_add_bls12_377.nim", false),
+  # ("tests/backend/t_ec_shortw_prj_g2_add_double_bls12_377.nim", false),
+  # ("tests/backend/t_ec_shortw_prj_g2_mul_sanity_bls12_377.nim", false),
+  # ("tests/backend/t_ec_shortw_prj_g2_mul_distri_bls12_377.nim", false),
+  ("tests/backend/t_ec_shortw_prj_g2_mul_vs_ref_bls12_377.nim", false),
+  ("tests/backend/t_ec_shortw_prj_g2_mixed_add_bls12_377.nim", false),
 
-  # ("tests/t_ec_shortw_prj_g2_add_double_bw6_761.nim", false),
-  # ("tests/t_ec_shortw_prj_g2_mul_sanity_bw6_761.nim", false),
-  # ("tests/t_ec_shortw_prj_g2_mul_distri_bw6_761.nim", false),
-  ("tests/t_ec_shortw_prj_g2_mul_vs_ref_bw6_761.nim", false),
-  ("tests/t_ec_shortw_prj_g2_mixed_add_bw6_761.nim", false),
+  # ("tests/backend/t_ec_shortw_prj_g2_add_double_bw6_761.nim", false),
+  # ("tests/backend/t_ec_shortw_prj_g2_mul_sanity_bw6_761.nim", false),
+  # ("tests/backend/t_ec_shortw_prj_g2_mul_distri_bw6_761.nim", false),
+  ("tests/backend/t_ec_shortw_prj_g2_mul_vs_ref_bw6_761.nim", false),
+  ("tests/backend/t_ec_shortw_prj_g2_mixed_add_bw6_761.nim", false),
 
-  # ("tests/t_ec_shortw_jac_g2_add_double_bn254_snarks.nim", false),
-  # ("tests/t_ec_shortw_jac_g2_mul_sanity_bn254_snarks.nim", false),
-  # ("tests/t_ec_shortw_jac_g2_mul_distri_bn254_snarks.nim", false),
-  ("tests/t_ec_shortw_jac_g2_mul_vs_ref_bn254_snarks.nim", false),
-  ("tests/t_ec_shortw_jac_g2_mixed_add_bn254_snarks.nim", false),
+  # ("tests/backend/t_ec_shortw_jac_g2_add_double_bn254_snarks.nim", false),
+  # ("tests/backend/t_ec_shortw_jac_g2_mul_sanity_bn254_snarks.nim", false),
+  # ("tests/backend/t_ec_shortw_jac_g2_mul_distri_bn254_snarks.nim", false),
+  ("tests/backend/t_ec_shortw_jac_g2_mul_vs_ref_bn254_snarks.nim", false),
+  ("tests/backend/t_ec_shortw_jac_g2_mixed_add_bn254_snarks.nim", false),
 
-  # ("tests/t_ec_shortw_jac_g2_add_double_bls12_381.nim", false),
-  # ("tests/t_ec_shortw_jac_g2_mul_sanity_bls12_381.nim", false),
-  # ("tests/t_ec_shortw_jac_g2_mul_distri_bls12_381.nim", false),
-  ("tests/t_ec_shortw_jac_g2_mul_vs_ref_bls12_381.nim", false),
-  ("tests/t_ec_shortw_jac_g2_mixed_add_bls12_381.nim", false),
+  # ("tests/backend/t_ec_shortw_jac_g2_add_double_bls12_381.nim", false),
+  # ("tests/backend/t_ec_shortw_jac_g2_mul_sanity_bls12_381.nim", false),
+  # ("tests/backend/t_ec_shortw_jac_g2_mul_distri_bls12_381.nim", false),
+  ("tests/backend/t_ec_shortw_jac_g2_mul_vs_ref_bls12_381.nim", false),
+  ("tests/backend/t_ec_shortw_jac_g2_mixed_add_bls12_381.nim", false),
 
-  # ("tests/t_ec_shortw_jac_g2_add_double_bls12_377.nim", false),
-  # ("tests/t_ec_shortw_jac_g2_mul_sanity_bls12_377.nim", false),
-  # ("tests/t_ec_shortw_jac_g2_mul_distri_bls12_377.nim", false),
-  ("tests/t_ec_shortw_jac_g2_mul_vs_ref_bls12_377.nim", false),
-  ("tests/t_ec_shortw_jac_g2_mixed_add_bls12_377.nim", false),
+  # ("tests/backend/t_ec_shortw_jac_g2_add_double_bls12_377.nim", false),
+  # ("tests/backend/t_ec_shortw_jac_g2_mul_sanity_bls12_377.nim", false),
+  # ("tests/backend/t_ec_shortw_jac_g2_mul_distri_bls12_377.nim", false),
+  ("tests/backend/t_ec_shortw_jac_g2_mul_vs_ref_bls12_377.nim", false),
+  ("tests/backend/t_ec_shortw_jac_g2_mixed_add_bls12_377.nim", false),
 
-  # ("tests/t_ec_shortw_jac_g2_add_double_bw6_761.nim", false),
-  # ("tests/t_ec_shortw_jac_g2_mul_sanity_bw6_761.nim", false),
-  # ("tests/t_ec_shortw_jac_g2_mul_distri_bw6_761.nim", false),
-  ("tests/t_ec_shortw_jac_g2_mul_vs_ref_bw6_761.nim", false),
-  ("tests/t_ec_shortw_jac_g2_mixed_add_bw6_761.nim", false),
+  # ("tests/backend/t_ec_shortw_jac_g2_add_double_bw6_761.nim", false),
+  # ("tests/backend/t_ec_shortw_jac_g2_mul_sanity_bw6_761.nim", false),
+  # ("tests/backend/t_ec_shortw_jac_g2_mul_distri_bw6_761.nim", false),
+  ("tests/backend/t_ec_shortw_jac_g2_mul_vs_ref_bw6_761.nim", false),
+  ("tests/backend/t_ec_shortw_jac_g2_mixed_add_bw6_761.nim", false),
 
   # Elliptic curve arithmetic vs Sagemath
   # ----------------------------------------------------------
-  ("tests/t_ec_frobenius.nim", false),
-  ("tests/t_ec_sage_bn254_nogami.nim", false),
-  ("tests/t_ec_sage_bn254_snarks.nim", false),
-  ("tests/t_ec_sage_bls12_377.nim", false),
-  ("tests/t_ec_sage_bls12_381.nim", false),
+  ("tests/backend/t_ec_frobenius.nim", false),
+  ("tests/backend/t_ec_sage_bn254_nogami.nim", false),
+  ("tests/backend/t_ec_sage_bn254_snarks.nim", false),
+  ("tests/backend/t_ec_sage_bls12_377.nim", false),
+  ("tests/backend/t_ec_sage_bls12_381.nim", false),
   # Edge cases highlighted by past bugs
   # ----------------------------------------------------------
-  ("tests/t_ec_shortw_prj_edge_cases.nim", false),
+  ("tests/backend/t_ec_shortw_prj_edge_cases.nim", false),
 
   # Subgroups and cofactors
   # ----------------------------------------------------------
-  ("tests/t_ec_subgroups_bn254_nogami.nim", false),
-  ("tests/t_ec_subgroups_bn254_snarks.nim", false),
-  ("tests/t_ec_subgroups_bls12_377.nim", false),
-  ("tests/t_ec_subgroups_bls12_381.nim", false),
+  ("tests/backend/t_ec_subgroups_bn254_nogami.nim", false),
+  ("tests/backend/t_ec_subgroups_bn254_snarks.nim", false),
+  ("tests/backend/t_ec_subgroups_bls12_377.nim", false),
+  ("tests/backend/t_ec_subgroups_bls12_381.nim", false),
 
-  ("tests/t_pairing_bn254_nogami_gt_subgroup.nim", false),
-  ("tests/t_pairing_bn254_snarks_gt_subgroup.nim", false),
-  ("tests/t_pairing_bls12_377_gt_subgroup.nim", false),
-  ("tests/t_pairing_bls12_381_gt_subgroup.nim", false),
-  ("tests/t_pairing_bw6_761_gt_subgroup.nim", false),
+  ("tests/backend/t_pairing_bn254_nogami_gt_subgroup.nim", false),
+  ("tests/backend/t_pairing_bn254_snarks_gt_subgroup.nim", false),
+  ("tests/backend/t_pairing_bls12_377_gt_subgroup.nim", false),
+  ("tests/backend/t_pairing_bls12_381_gt_subgroup.nim", false),
+  ("tests/backend/t_pairing_bw6_761_gt_subgroup.nim", false),
 
   # Pairing
   # ----------------------------------------------------------
-  # ("tests/t_pairing_bls12_377_line_functions.nim", false),
-  # ("tests/t_pairing_bls12_381_line_functions.nim", false),
-  ("tests/t_pairing_mul_fp12_by_lines.nim", false),
-  ("tests/t_pairing_cyclotomic_subgroup.nim", false),
-  ("tests/t_pairing_bn254_nogami_optate.nim", false),
-  ("tests/t_pairing_bn254_snarks_optate.nim", false),
-  ("tests/t_pairing_bls12_377_optate.nim", false),
-  ("tests/t_pairing_bls12_381_optate.nim", false),
-  ("tests/t_pairing_bls12_381_multi.nim", false),
+  # ("tests/backend/t_pairing_bls12_377_line_functions.nim", false),
+  # ("tests/backend/t_pairing_bls12_381_line_functions.nim", false),
+  ("tests/backend/t_pairing_mul_fp12_by_lines.nim", false),
+  ("tests/backend/t_pairing_cyclotomic_subgroup.nim", false),
+  ("tests/backend/t_pairing_bn254_nogami_optate.nim", false),
+  ("tests/backend/t_pairing_bn254_snarks_optate.nim", false),
+  ("tests/backend/t_pairing_bls12_377_optate.nim", false),
+  ("tests/backend/t_pairing_bls12_381_optate.nim", false),
+  ("tests/backend/t_pairing_bls12_381_multi.nim", false),
+
+  # Hashing to elliptic curves
+  # ----------------------------------------------------------
+  ("tests/backend/t_hash_to_field.nim", false),
+  ("tests/backend/t_hash_to_curve.nim", false),
+
+  # Prime order fields
+  # ----------------------------------------------------------
+  ("tests/backend/t_fr.nim", false),
 
   # Hashing vs OpenSSL
   # ----------------------------------------------------------
   ("tests/t_hash_sha256_vs_openssl.nim", true), # skip OpenSSL tests on Windows
 
-  # Hashing to elliptic curves
-  # ----------------------------------------------------------
-  ("tests/t_hash_to_field.nim", false),
-  ("tests/t_hash_to_curve.nim", false),
-
-  # Prime order fields
-  # ----------------------------------------------------------
-  ("tests/t_fr.nim", false),
-
   # Protocols
   # ----------------------------------------------------------
   ("tests/t_sig_bls_lowlevel.nim", false),
-  ("tests/protocols/t_ethereum_evm_precompiles.nim", false),
+  ("tests/t_ethereum_evm_precompiles.nim", false),
 ]
 
 # For temporary (hopefully) investigation that can only be reproduced in CI
 const useDebug = [
-  "tests/t_bigints.nim",
-  "tests/t_hash_sha256_vs_openssl.nim",
+  "tests/backend/t_bigints.nim",
+  "tests/backend/t_hash_sha256_vs_openssl.nim",
 ]
 
 # Tests that uses sequences require Nim GC, stack scanning and nil pointer passed to openarray
 # In particular the tests that uses the json test vectors, don't sanitize them.
 # we do use gc:none to help
 const skipSanitizers = [
-  "tests/t_ec_sage_bn254_nogami.nim",
-  "tests/t_ec_sage_bn254_snarks.nim",
-  "tests/t_ec_sage_bls12_377.nim",
-  "tests/t_ec_sage_bls12_381.nim",
-  "tests/t_hash_to_field.nim",
-  "tests/t_hash_to_curve.nim",
-  "tests/t_sig_bls_lowlevel.nim",
+  "tests/backend/t_ec_sage_bn254_nogami.nim",
+  "tests/backend/t_ec_sage_bn254_snarks.nim",
+  "tests/backend/t_ec_sage_bls12_377.nim",
+  "tests/backend/t_ec_sage_bls12_381.nim",
+  "tests/backend/t_hash_to_field.nim",
+  "tests/backend/t_hash_to_curve.nim",
+  "tests/backend/t_sig_bls_lowlevel.nim",
   "tests/protocols/t_ethereum_evm_precompiles.nim"
 ]
 

constantine/README.md

@@ -1,16 +1,19 @@
 # Constantine-backed protocols
 
+This folder stores protocol implemented on top of Constantine.
+
 ## Ethereum Virtual Machine
 
-For Zero-Knowledge Proofs as described in
+Constantine implements precompiles primitives for the Ethereum virtual machine
+
+- ECADD on BN254_Snarks (called `alt_bn128` in Ethereum), address 0x6, spec [EIP-196](https://eips.ethereum.org/EIPS/eip-196) and pricing [EIP-1108](https://eips.ethereum.org/EIPS/eip-1108)
+- ECMUL on BN254_Snarks (called `alt_bn128` in Ethereum), address 0x7, spec [EIP-196](https://eips.ethereum.org/EIPS/eip-196) and pricing [EIP-1108](https://eips.ethereum.org/EIPS/eip-1108)
+- ECPAIRING on BN254_Snarks (called `alt_bn128` in Ethereum), address 0x8, spec [EIP-197](https://eips.ethereum.org/EIPS/eip-197) and pricing [EIP-1108](https://eips.ethereum.org/EIPS/eip-1108)
+
+Their main use-case is for use zero-knowledge proofs and zkRollups and be compatible with work on Zcash
 
 - Succinct Non-Interactive Zero Knowledge
 for a von Neumann Architecture\
   Eli Ben-Sasson, Alessandro Chiesa, Eran Tromer, Madars Virza\
   https://eprint.iacr.org/2013/879.pdf
 
-Constantine-backed precompiles for
-
-- ECADD on BN254_Snarks (called `alt_bn128` in Ethereum), address 0x6, spec [EIP-196](https://eips.ethereum.org/EIPS/eip-196) and pricing [EIP-1108](https://eips.ethereum.org/EIPS/eip-1108)
-- ECMUL on BN254_Snarks (called `alt_bn128` in Ethereum), address 0x7, spec [EIP-196](https://eips.ethereum.org/EIPS/eip-196) and pricing [EIP-1108](https://eips.ethereum.org/EIPS/eip-1108)
-- ECPAIRING on BN254_Snarks (called `alt_bn128` in Ethereum), address 0x8, spec [EIP-197](https://eips.ethereum.org/EIPS/eip-197) and pricing [EIP-1108](https://eips.ethereum.org/EIPS/eip-1108)

constantine/backend/config/common.nim

@@ -13,7 +13,7 @@
 # ############################################################
 
 import ../primitives
-import ../../metering/tracer
+import ../../../metering/tracer
 
 export tracer