From 3123948164e5e4d9f708222b57aab2a9b00e186e Mon Sep 17 00:00:00 2001 From: Dmitriy Ryajov Date: Mon, 13 Nov 2023 14:33:46 -0600 Subject: [PATCH] fix msm --- groth16/bn128.nim | 41 ++++++++++++++++++++++++++++------------- 1 file changed, 28 insertions(+), 13 deletions(-) diff --git a/groth16/bn128.nim b/groth16/bn128.nim index 5c050a3..ee8f03f 100644 --- a/groth16/bn128.nim +++ b/groth16/bn128.nim @@ -26,12 +26,12 @@ import constantine/math/config/curves import constantine/math/config/type_ff as tff import constantine/math/extension_fields/towers as ext -import constantine/math/ec_shortweierstrass as wst import constantine/math/elliptic/ec_shortweierstrass_affine as aff import constantine/math/elliptic/ec_shortweierstrass_projective as prj import constantine/math/pairings/pairings_bn as ate import constantine/math/elliptic/ec_scalar_mul as scl import constantine/math/elliptic/ec_multi_scalar_mul as msm +import constantine/math/isogenies/frobenius as frb #------------------------------------------------------------------------------- @@ -674,14 +674,38 @@ func msmG1*( coeffs: openArray[Fr] , points: openArray[G1] ): G1 = for x in coeffs: bigcfs.add( x.toBig() ) - var r : G1 + var r : ProjG1 # [Fp,aff.G1] - msm.multiScalarMul_vartime( wst.ECP_ShortW[Fp, Subgroup.G1](r), + msm.multiScalarMul_vartime( r, toOpenArray(bigcfs, 0, N-1), toOpenArray(points, 0, N-1) ) - return r + var rAff: G1 + prj.affine(rAff, r) + + return rAff + +func msmG2*( coeffs: openArray[Fr] , points: openArray[G2] ): G2 = + + let N = coeffs.len + assert( N == points.len, "incompatible sequence lengths" ) + + var bigcfs : seq[BigInt[254]] + for x in coeffs: + bigcfs.add( x.toBig() ) + + var r : ProjG2 + + # [Fp,aff.G1] + msm.multiScalarMul_vartime( r, + toOpenArray(bigcfs, 0, N-1), + toOpenArray(points, 0, N-1) ) + + var rAff: G2 + prj.affine(rAff, r) + + return rAff #------------------------------------------------------------------------------- # @@ -764,15 +788,6 @@ func msmNaiveG2( coeffs: seq[Fr] , points: seq[G2] ): G2 = #------------------------------------------------------------------------------- -# TODO: proper MSM implementation (couldn't make constantine work at first...) -# func msmG1*( coeffs: seq[Fr] , points: seq[G1] ): G1 = -# return msmNaiveG1( coeffs, points ) - -func msmG2*( coeffs: seq[Fr] , points: seq[G2] ): G2 = - return msmNaiveG2( coeffs, points ) - -#------------------------------------------------------------------------------- - proc sanityCheckGroupGen*() = echo( "gen1 on the curve = ", checkCurveEqG1(gen1.x,gen1.y) ) echo( "gen2 on the curve = ", checkCurveEqG2(gen2.x,gen2.y) )