logos-storage/plonky2
1
0
Fork 0
mirror of https://github.com/logos-storage/plonky2.git synced 2026-01-03 06:13:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

Comments

Browse Source
This commit is contained in:
wborgeaud 2022-03-28 14:24:29 +02:00
parent ddd5192489
commit 9b65825572
3 changed files with 10 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
ecdsa/src/curve/glv.rs
View File

@ -31,6 +31,10 @@ const A2: Secp256K1Scalar = Secp256K1Scalar([6323353552219852760, 14980988506747
const B2: Secp256K1Scalar = Secp256K1Scalar([16747920425669159701, 3496713202691238861, 0, 0]);
/// Algorithm 15.41 in Handbook of Elliptic and Hyperelliptic Curve Cryptography.
/// Decompose a scalar `k` into two small scalars `k1, k2` with `|k1|, |k2| < √p` that satisfy
/// `k1 + s * k2 = k`.
/// Returns `(|k1|, |k2|, k1 < 0, k2 < 0)`.
pub fn decompose_secp256k1_scalar(
k: Secp256K1Scalar,
) -> (Secp256K1Scalar, Secp256K1Scalar, bool, bool) {
@ -71,12 +75,12 @@ pub fn decompose_secp256k1_scalar(
(k1, k2, k1_neg, k2_neg)
}
/// See Section 15.2.1 in Handbook of Elliptic and Hyperelliptic Curve Cryptography.
/// GLV scalar multiplication `k * P = k1 * P + k2 * psi(P)`, where `k = k1 + s * k2` is the
/// decomposition computed in `decompose_secp256k1_scalar(k)` and `psi` is the Secp256k1
/// endomorphism `psi: (x, y) |-> (beta * x, y)` equivalent to scalar multiplication by `s`.
pub fn glv_mul(p: ProjectivePoint<Secp256K1>, k: Secp256K1Scalar) -> ProjectivePoint<Secp256K1> {
let (k1, k2, k1_neg, k2_neg) = decompose_secp256k1_scalar(k);
/*let one = Secp256K1Scalar::ONE;
let m1 = if k1_neg { -one } else { one };
let m2 = if k2_neg { -one } else { one };
assert!(k1 * m1 + S * k2 * m2 == k);*/
let p_affine = p.to_affine();
let sp = AffinePoint::<Secp256K1> {

3
ecdsa/src/gadgets/biguint.rs
View File

@ -272,12 +272,11 @@ pub fn witness_get_biguint_target<W: Witness<F>, F: PrimeField>(
witness: &W,
bt: BigUintTarget,
) -> BigUint {
let base = BigUint::from(1usize << 32);
bt.limbs
.into_iter()
.rev()
.fold(BigUint::zero(), |acc, limb| {
acc * &base + witness.get_target(limb.0).to_canonical_biguint()
(acc << 32) + witness.get_target(limb.0).to_canonical_biguint()
})
}

3
plonky2/src/plonk/circuit_builder.rs
View File

@ -70,7 +70,7 @@ pub struct CircuitBuilder<F: RichField + Extendable<D>, const D: usize> {
marked_targets: Vec<MarkedTargets<D>>,
/// Generators used to generate the witness.
pub generators: Vec<Box<dyn WitnessGenerator<F>>>,
generators: Vec<Box<dyn WitnessGenerator<F>>>,
constants_to_targets: HashMap<F, Target>,
targets_to_constants: HashMap<Target, F>,
@ -150,7 +150,6 @@ impl<F: RichField + Extendable<D>, const D: usize> CircuitBuilder<F, D> {
/// generate the final witness (a grid of wire values), these virtual targets will go away.
pub fn add_virtual_target(&mut self) -> Target {
let index = self.virtual_target_index;
self.virtual_target_index += 1;
Target::VirtualTarget { index }
}