mirror of
https://github.com/logos-storage/plonky2.git
synced 2026-01-03 22:33:06 +00:00
fair naming
This commit is contained in:
Dmitry Vagner
parent
4a42ddb203
commit
f6a49e88cb
@ -6,7 +6,7 @@ use crate::cpu::kernel::interpreter::{
|
||||
run_interpreter_with_memory, Interpreter, InterpreterMemoryInitialization,
|
||||
};
|
||||
use crate::cpu::kernel::tests::u256ify;
|
||||
use crate::curve_pairings::{final_exponent, gen_fp12_sparse, miller_loop, Curve};
|
||||
use crate::curve_pairings::{bn_final_exponent, gen_bn_fp12_sparse, bn_miller_loop, Curve};
|
||||
use crate::extension_tower::{FieldExt, Fp12, Fp2, Fp6, Stack, BN254};
|
||||
use crate::memory::segments::Segment::BnPairing;
|
||||
|
||||
@ -84,7 +84,7 @@ fn test_bn_mul_fp12() -> Result<()> {
|
||||
let mut rng = rand::thread_rng();
|
||||
let f: Fp12<BN254> = rng.gen::<Fp12<BN254>>();
|
||||
let g: Fp12<BN254> = rng.gen::<Fp12<BN254>>();
|
||||
let h: Fp12<BN254> = gen_fp12_sparse(&mut rng);
|
||||
let h: Fp12<BN254> = gen_bn_fp12_sparse(&mut rng);
|
||||
|
||||
let out_normal: Vec<U256> = run_bn_mul_fp12(f, g, "mul_fp254_12");
|
||||
let out_sparse: Vec<U256> = run_bn_mul_fp12(f, h, "mul_fp254_12_sparse");
|
||||
@ -192,7 +192,7 @@ fn test_bn_final_exponent() -> Result<()> {
|
||||
|
||||
let interpreter: Interpreter = run_interpreter_with_memory(setup).unwrap();
|
||||
let output: Vec<U256> = interpreter.extract_kernel_memory(BnPairing, ptr..ptr + 12);
|
||||
let expected: Vec<U256> = final_exponent(f).on_stack();
|
||||
let expected: Vec<U256> = bn_final_exponent(f).on_stack();
|
||||
|
||||
assert_eq!(output, expected);
|
||||
|
||||
@ -219,7 +219,7 @@ fn test_bn_miller() -> Result<()> {
|
||||
};
|
||||
let interpreter = run_interpreter_with_memory(setup).unwrap();
|
||||
let output: Vec<U256> = interpreter.extract_kernel_memory(BnPairing, out..out + 12);
|
||||
let expected = miller_loop(p, q).on_stack();
|
||||
let expected = bn_miller_loop(p, q).on_stack();
|
||||
|
||||
assert_eq!(output, expected);
|
||||
|
||||
|
||||
@ -186,25 +186,25 @@ impl CyclicGroup for Curve<Fp2<BN254>> {
|
||||
}
|
||||
|
||||
// The tate pairing takes a point each from the curve and its twist and outputs an Fp12 element
|
||||
pub fn tate(p: Curve<BN254>, q: Curve<Fp2<BN254>>) -> Fp12<BN254> {
|
||||
let miller_output = miller_loop(p, q);
|
||||
final_exponent(miller_output)
|
||||
pub fn bn_tate(p: Curve<BN254>, q: Curve<Fp2<BN254>>) -> Fp12<BN254> {
|
||||
let miller_output = bn_miller_loop(p, q);
|
||||
bn_final_exponent(miller_output)
|
||||
}
|
||||
|
||||
/// Standard code for miller loop, can be found on page 99 at this url:
|
||||
/// https://static1.squarespace.com/static/5fdbb09f31d71c1227082339/t/5ff394720493bd28278889c6/1609798774687/PairingsForBeginners.pdf#page=107
|
||||
/// where EXP is a hardcoding of the array of Booleans that the loop traverses
|
||||
pub fn miller_loop(p: Curve<BN254>, q: Curve<Fp2<BN254>>) -> Fp12<BN254> {
|
||||
/// where BN_EXP is a hardcoding of the array of Booleans that the loop traverses
|
||||
pub fn bn_miller_loop(p: Curve<BN254>, q: Curve<Fp2<BN254>>) -> Fp12<BN254> {
|
||||
let mut r = p;
|
||||
let mut acc: Fp12<BN254> = Fp12::<BN254>::UNIT;
|
||||
let mut line: Fp12<BN254>;
|
||||
|
||||
for i in EXP {
|
||||
line = tangent(r, q);
|
||||
for i in BN_EXP {
|
||||
line = bn_tangent(r, q);
|
||||
r = r + r;
|
||||
acc = line * acc * acc;
|
||||
if i {
|
||||
line = cord(p, r, q);
|
||||
line = bn_cord(p, r, q);
|
||||
r = r + p;
|
||||
acc = line * acc;
|
||||
}
|
||||
@ -213,22 +213,22 @@ pub fn miller_loop(p: Curve<BN254>, q: Curve<Fp2<BN254>>) -> Fp12<BN254> {
|
||||
}
|
||||
|
||||
/// The sloped line function for doubling a point
|
||||
pub fn tangent(p: Curve<BN254>, q: Curve<Fp2<BN254>>) -> Fp12<BN254> {
|
||||
pub fn bn_tangent(p: Curve<BN254>, q: Curve<Fp2<BN254>>) -> Fp12<BN254> {
|
||||
let cx = -BN254::new(3) * p.x * p.x;
|
||||
let cy = BN254::new(2) * p.y;
|
||||
sparse_embed(p.y * p.y - BN254::new(9), q.x * cx, q.y * cy)
|
||||
bn_sparse_embed(p.y * p.y - BN254::new(9), q.x * cx, q.y * cy)
|
||||
}
|
||||
|
||||
/// The sloped line function for adding two points
|
||||
pub fn cord(p1: Curve<BN254>, p2: Curve<BN254>, q: Curve<Fp2<BN254>>) -> Fp12<BN254> {
|
||||
pub fn bn_cord(p1: Curve<BN254>, p2: Curve<BN254>, q: Curve<Fp2<BN254>>) -> Fp12<BN254> {
|
||||
let cx = p2.y - p1.y;
|
||||
let cy = p1.x - p2.x;
|
||||
sparse_embed(p1.y * p2.x - p2.y * p1.x, q.x * cx, q.y * cy)
|
||||
bn_sparse_embed(p1.y * p2.x - p2.y * p1.x, q.x * cx, q.y * cy)
|
||||
}
|
||||
|
||||
/// The tangent and cord functions output sparse Fp12 elements.
|
||||
/// This map embeds the nonzero coefficients into an Fp12.
|
||||
pub fn sparse_embed(g000: BN254, g01: Fp2<BN254>, g11: Fp2<BN254>) -> Fp12<BN254> {
|
||||
pub fn bn_sparse_embed(g000: BN254, g01: Fp2<BN254>, g11: Fp2<BN254>) -> Fp12<BN254> {
|
||||
let g0 = Fp6 {
|
||||
t0: Fp2 {
|
||||
re: g000,
|
||||
@ -247,8 +247,8 @@ pub fn sparse_embed(g000: BN254, g01: Fp2<BN254>, g11: Fp2<BN254>) -> Fp12<BN254
|
||||
Fp12 { z0: g0, z1: g1 }
|
||||
}
|
||||
|
||||
pub fn gen_fp12_sparse<R: Rng + ?Sized>(rng: &mut R) -> Fp12<BN254> {
|
||||
sparse_embed(
|
||||
pub fn gen_bn_fp12_sparse<R: Rng + ?Sized>(rng: &mut R) -> Fp12<BN254> {
|
||||
bn_sparse_embed(
|
||||
rng.gen::<BN254>(),
|
||||
rng.gen::<Fp2<BN254>>(),
|
||||
rng.gen::<Fp2<BN254>>(),
|
||||
@ -267,10 +267,10 @@ pub fn gen_fp12_sparse<R: Rng + ?Sized>(rng: &mut R) -> Fp12<BN254> {
|
||||
/// (p^4 - p^2 + 1)/N = p^3 + (a2)p^2 - (a1)p - a0
|
||||
/// where 0 < a0, a1, a2 < p. Then the final power is given by
|
||||
/// y = y_3 * (y^a2)_2 * (y^-a1)_1 * (y^-a0)
|
||||
pub fn final_exponent(f: Fp12<BN254>) -> Fp12<BN254> {
|
||||
pub fn bn_final_exponent(f: Fp12<BN254>) -> Fp12<BN254> {
|
||||
let mut y = f.frob(6) / f;
|
||||
y = y.frob(2) * y;
|
||||
let (y_a2, y_a1, y_a0) = get_custom_powers(y);
|
||||
let (y_a2, y_a1, y_a0) = get_bn_custom_powers(y);
|
||||
y.frob(3) * y_a2.frob(2) * y_a1.frob(1) * y_a0
|
||||
}
|
||||
|
||||
@ -282,10 +282,10 @@ pub fn final_exponent(f: Fp12<BN254>) -> Fp12<BN254> {
|
||||
/// y^a2, y^a1 = y^a4 * y^a2 * y^a2 * y^(-a0), y^(-a0)
|
||||
///
|
||||
/// Representing a4, a2, a0 in *little endian* binary, define
|
||||
/// EXPS4 = [(a4[i], a2[i], a0[i]) for i in 0..len(a4)]
|
||||
/// EXPS2 = [ (a2[i], a0[i]) for i in len(a4)..len(a2)]
|
||||
/// EXPS0 = [ a0[i] for i in len(a2)..len(a0)]
|
||||
fn get_custom_powers(f: Fp12<BN254>) -> (Fp12<BN254>, Fp12<BN254>, Fp12<BN254>) {
|
||||
/// BN_EXPS4 = [(a4[i], a2[i], a0[i]) for i in 0..len(a4)]
|
||||
/// BN_EXPS2 = [ (a2[i], a0[i]) for i in len(a4)..len(a2)]
|
||||
/// BN_EXPS0 = [ a0[i] for i in len(a2)..len(a0)]
|
||||
fn get_bn_custom_powers(f: Fp12<BN254>) -> (Fp12<BN254>, Fp12<BN254>, Fp12<BN254>) {
|
||||
let mut sq: Fp12<BN254> = f;
|
||||
let mut y0: Fp12<BN254> = Fp12::<BN254>::UNIT;
|
||||
let mut y2: Fp12<BN254> = Fp12::<BN254>::UNIT;
|
||||
@ -294,7 +294,7 @@ fn get_custom_powers(f: Fp12<BN254>) -> (Fp12<BN254>, Fp12<BN254>, Fp12<BN254>)
|
||||
// proceed via standard squaring algorithm for exponentiation
|
||||
|
||||
// must keep multiplying all three values: a4, a2, a0
|
||||
for (a, b, c) in EXPS4 {
|
||||
for (a, b, c) in BN_EXPS4 {
|
||||
if a {
|
||||
y4 = y4 * sq;
|
||||
}
|
||||
@ -310,7 +310,7 @@ fn get_custom_powers(f: Fp12<BN254>) -> (Fp12<BN254>, Fp12<BN254>, Fp12<BN254>)
|
||||
y4 = y4 * sq;
|
||||
|
||||
// must keep multiplying remaining two values: a2, a0
|
||||
for (a, b) in EXPS2 {
|
||||
for (a, b) in BN_EXPS2 {
|
||||
if a {
|
||||
y2 = y2 * sq;
|
||||
}
|
||||
@ -323,7 +323,7 @@ fn get_custom_powers(f: Fp12<BN254>) -> (Fp12<BN254>, Fp12<BN254>, Fp12<BN254>)
|
||||
y2 = y2 * sq;
|
||||
|
||||
// must keep multiplying final remaining value: a0
|
||||
for a in EXPS0 {
|
||||
for a in BN_EXPS0 {
|
||||
if a {
|
||||
y0 = y0 * sq;
|
||||
}
|
||||
@ -339,7 +339,7 @@ fn get_custom_powers(f: Fp12<BN254>) -> (Fp12<BN254>, Fp12<BN254>, Fp12<BN254>)
|
||||
(y2, y4 * y2 * y2 * y0_inv, y0_inv)
|
||||
}
|
||||
|
||||
const EXP: [bool; 253] = [
|
||||
const BN_EXP: [bool; 253] = [
|
||||
true, false, false, false, false, false, true, true, false, false, true, false, false, false,
|
||||
true, false, false, true, true, true, false, false, true, true, true, false, false, true,
|
||||
false, true, true, true, false, false, false, false, true, false, false, true, true, false,
|
||||
@ -363,7 +363,7 @@ const EXP: [bool; 253] = [
|
||||
|
||||
// The folowing constants are defined above get_custom_powers
|
||||
|
||||
const EXPS4: [(bool, bool, bool); 64] = [
|
||||
const BN_EXPS4: [(bool, bool, bool); 64] = [
|
||||
(true, true, false),
|
||||
(true, true, true),
|
||||
(true, true, true),
|
||||
@ -430,7 +430,7 @@ const EXPS4: [(bool, bool, bool); 64] = [
|
||||
(true, true, true),
|
||||
];
|
||||
|
||||
const EXPS2: [(bool, bool); 62] = [
|
||||
const BN_EXPS2: [(bool, bool); 62] = [
|
||||
(true, false),
|
||||
(true, true),
|
||||
(false, false),
|
||||
@ -495,7 +495,7 @@ const EXPS2: [(bool, bool); 62] = [
|
||||
(true, true),
|
||||
];
|
||||
|
||||
const EXPS0: [bool; 65] = [
|
||||
const BN_EXPS0: [bool; 65] = [
|
||||
false, false, true, false, false, true, true, false, true, false, true, true, true, false,
|
||||
true, false, false, false, true, false, false, true, false, true, false, true, true, false,
|
||||
false, false, false, false, true, false, true, false, true, true, true, false, false, true,
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user