GLV mul

2026-01-08 16:53:07 +00:00 · 2022-02-03 11:02:37 -08:00 · 2022-02-03 11:02:37 -08:00 · fd7abb35da
commit fd7abb35da
parent 2f4da9b49d
1 changed files with 31 additions and 2 deletions
--- a/plonky2/src/curve/glv.rs
+++ b/plonky2/src/curve/glv.rs
@ -1,8 +1,9 @@
 use num::rational::Ratio;
 use plonky2_field::field_types::Field;
+use plonky2_field::secp256k1_base::Secp256K1Base;
 use plonky2_field::secp256k1_scalar::Secp256K1Scalar;

-const BETA: Secp256K1Scalar = Secp256K1Scalar([
+pub const BETA: Secp256K1Base = Secp256K1Base([
    13923278643952681454,
    11308619431505398165,
    7954561588662645993,
@ -48,7 +49,10 @@ mod tests {
    use plonky2_field::field_types::Field;
    use plonky2_field::secp256k1_scalar::Secp256K1Scalar;

-    use crate::curve::glv::{decompose_secp256k1_scalar, S};
+    use crate::curve::curve_msm::msm_parallel;
+    use crate::curve::curve_types::{AffinePoint, Curve, CurveScalar};
+    use crate::curve::glv::{decompose_secp256k1_scalar, BETA, S};
+    use crate::curve::secp256k1::Secp256K1;

    #[test]
    fn test_glv_decompose() -> Result<()> {
@ -59,4 +63,29 @@ mod tests {

        Ok(())
    }
+
+    #[test]
+    fn test_glv_mul() -> Result<()> {
+        for _ in 0..20 {
+            let k = Secp256K1Scalar::rand();
+            let (k1, k2) = decompose_secp256k1_scalar(k);
+
+            assert!(k1 + S * k2 == k);
+
+            let p = (CurveScalar(Secp256K1Scalar::rand()) * Secp256K1::GENERATOR_PROJECTIVE)
+                .to_affine();
+            let sp = AffinePoint::<Secp256K1> {
+                x: p.x * BETA,
+                y: p.y,
+                zero: p.zero,
+            };
+
+            let kp = CurveScalar(k) * p.to_projective();
+            let glv = msm_parallel(&[k1, k2], &[p.to_projective(), sp.to_projective()], 5);
+
+            assert!(kp == glv);
+        }
+
+        Ok(())
+    }
 }