From 1855d144971c7f30f0c477c1156acb1ed81a4f7a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mamy=20Andr=C3=A9-Ratsimbazafy?= Date: Sat, 21 Mar 2020 13:05:58 +0100 Subject: [PATCH] Add more curves for testing: Curve25519, BLS12-377, BN446, FKM-447, BLS12-461, BN462 --- README.md | 74 ++++++++++ benchmarks/bench_fp.nim | 8 +- benchmarks/bench_fp2.nim | 8 +- benchmarks/bench_fp6.nim | 8 +- constantine/config/curves.nim | 139 ++++++++++++------- constantine/config/curves_parser.nim | 47 ++++--- constantine/pairing/README.md | 9 +- constantine/tower_field_extensions/README.md | 4 + tests/test_finite_fields_vs_gmp.nim | 28 ++-- tests/test_fp2.nim | 34 ++++- tests/test_fp6.nim | 28 ++++ 11 files changed, 297 insertions(+), 90 deletions(-) diff --git a/README.md b/README.md index db7ac10..2ba6167 100644 --- a/README.md +++ b/README.md @@ -35,6 +35,36 @@ The library focuses on following properties: in this order +## Curves supported + +At the moment the following curves are supported, adding a new curve only requires adding the prime modulus +and its bitsize in [constantine/config/curves.nim](). + +The following curves are configured: + +### ECDH / ECDSA curves + +- NIST P-224 +- Curve25519 +- NIST P-256 / Secp256r1 +- Secp256k1 (Bitcoin, Ethereum 1) + +### Pairing-Friendly curves + +Families: +- BN: Barreto-Naerig +- BLS: Barreto-Lynn-Scott +- FKM: Fotiadis-Konstantinou-Martindale + +Curves: +- BN254 (Zero-Knowledge Proofs, Snarks, Starks, Zcash, Ethereum 1) +- BLS12-377 (Zexe) +- BLS12-381 (Algorand, Chia Networks, Dfinity, Ethereum 2, Filecoin, Zcash Sapling) +- BN446 +- FKM12-447 +- BLS12-461 +- BN462 + ## Security Hardening an implementation against all existing and upcoming attack vectors is an extremely complex task. @@ -82,6 +112,50 @@ The previous implementation was 15x slower and one of the key optimizations was changing the elliptic curve cryptography backend. It had a direct implication on hardware cost and/or cloud computing resources required. +## Measuring performance + +To measure the performance of Constantine + +```bash +git clone https://github.com/mratsim/constantine +nimble bench_fp_clang +nimble bench_fp2_clang +``` + +As mentioned in the [Compiler caveats](#compiler-caveats) section, GCC is up to 2x slower than Clang due to mishandling of carries and register usage. + +On my machine, for selected benchmarks on the prime field for popular pairing-friendly curves. + +``` +⚠️ Measurements are approximate and use the CPU nominal clock: Turbo-Boost and overclocking will skew them. +========================================================================================================== + +All benchmarks are using constant-time implementations to protect against side-channel attacks. + +Compiled with Clang +Running on Intel(R) Core(TM) i9-9980XE CPU @ 3.00GHz (overclocked all-core Turbo @4.1GHz) + +-------------------------------------------------------------------------------- +Addition Fp[BN254] 0 ns 0 cycles +Substraction Fp[BN254] 0 ns 0 cycles +Negation Fp[BN254] 0 ns 0 cycles +Multiplication Fp[BN254] 21 ns 65 cycles +Squaring Fp[BN254] 18 ns 55 cycles +Inversion Fp[BN254] 6266 ns 18799 cycles +-------------------------------------------------------------------------------- +Addition Fp[BLS12_381] 0 ns 0 cycles +Substraction Fp[BLS12_381] 0 ns 0 cycles +Negation Fp[BLS12_381] 0 ns 0 cycles +Multiplication Fp[BLS12_381] 45 ns 136 cycles +Squaring Fp[BLS12_381] 39 ns 118 cycles +Inversion Fp[BLS12_381] 15683 ns 47050 cycles +-------------------------------------------------------------------------------- + +Notes: + GCC is significantly slower than Clang on multiprecision arithmetic. + The simplest operations might be optimized away by the compiler. +``` + ### Compiler caveats Unfortunately compilers and in particular GCC are not very good at optimizing big integers and/or cryptographic code even when using intrinsics like `addcarry_u64`. diff --git a/benchmarks/bench_fp.nim b/benchmarks/bench_fp.nim index f8d7a60..6cb7440 100644 --- a/benchmarks/bench_fp.nim +++ b/benchmarks/bench_fp.nim @@ -27,9 +27,15 @@ const InvIters = 1000 const AvailableCurves = [ P224, BN254, + Curve25519, P256, Secp256k1, - BLS12_381 + BLS12_377, + BLS12_381, + BN446, + FKM12_447, + BLS12_461, + BN462 ] proc main() = diff --git a/benchmarks/bench_fp2.nim b/benchmarks/bench_fp2.nim index 71796b6..629abfd 100644 --- a/benchmarks/bench_fp2.nim +++ b/benchmarks/bench_fp2.nim @@ -26,8 +26,14 @@ import const Iters = 1_000_000 const InvIters = 1000 const AvailableCurves = [ + # Pairing-Friendly curves BN254, - BLS12_381 + BLS12_377, + BLS12_381, + BN446, + FKM12_447, + BLS12_461, + BN462 ] proc main() = diff --git a/benchmarks/bench_fp6.nim b/benchmarks/bench_fp6.nim index 633b74c..53f4995 100644 --- a/benchmarks/bench_fp6.nim +++ b/benchmarks/bench_fp6.nim @@ -26,8 +26,14 @@ import const Iters = 1_000_000 const InvIters = 1000 const AvailableCurves = [ + # Pairing-Friendly curves BN254, - BLS12_381 + BLS12_377, + BLS12_381, + BN446, + FKM12_447, + BLS12_461, + BN462 ] proc main() = diff --git a/constantine/config/curves.nim b/constantine/config/curves.nim index 7419200..21859fb 100644 --- a/constantine/config/curves.nim +++ b/constantine/config/curves.nim @@ -39,54 +39,93 @@ import # - type Curve* = enum # - proc Mod*(curve: static Curve): auto # which returns the field modulus of the curve -when not defined(testingCurves): - declareCurves: - curve P224: # NIST P-224 - bitsize: 224 - modulus: "0xffffffff_ffffffff_ffffffff_ffffffff_00000000_00000000_00000001" - curve BN254: - bitsize: 254 - modulus: "0x30644e72e131a029b85045b68181585d97816a916871ca8d3c208c16d87cfd47" - # Equation: Y^2 = X^3 + 3 - curve P256: # secp256r1 / NIST P-256 - bitsize: 256 - modulus: "0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff" - curve Secp256k1: # Bitcoin curve - bitsize: 256 - modulus: "0xFFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFE FFFFFC2F" - curve BLS12_381: - bitsize: 381 - modulus: "0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaaab" - # Equation: y^2 = x^3 + 4 -else: - # Fake curve for testing field arithmetic - declareCurves: - curve Fake101: - bitsize: 7 - modulus: "0x65" # 101 in hex - curve Mersenne61: - bitsize: 61 - modulus: "0x1fffffffffffffff" # 2^61 - 1 - curve Mersenne127: - bitsize: 127 - modulus: "0x7fffffffffffffffffffffffffffffff" # 2^127 - 1 - curve P224: # NIST P-224 - bitsize: 224 - modulus: "0xffffffff_ffffffff_ffffffff_ffffffff_00000000_00000000_00000001" - curve BN254: # Zero-Knowledge proofs curve (SNARKS, STARKS) - bitsize: 254 - modulus: "0x30644e72e131a029b85045b68181585d97816a916871ca8d3c208c16d87cfd47" - # Equation: Y^2 = X^3 + 3 - curve P256: # secp256r1 / NIST P-256 - bitsize: 256 - modulus: "0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff" - curve Secp256k1: # Bitcoin curve - bitsize: 256 - modulus: "0xFFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFE FFFFFC2F" - curve BLS12_381: - bitsize: 381 - modulus: "0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaaab" - # Equation: y^2 = x^3 + 4 + +declareCurves: + # ----------------------------------------------------------------------------- + # Curves added when passed "-d:testingCurves" + curve Fake101: + testingCurve: true + bitsize: 7 + modulus: "0x65" # 101 in hex + curve Mersenne61: + testingCurve: true + bitsize: 61 + modulus: "0x1fffffffffffffff" # 2^61 - 1 + curve Mersenne127: + testingCurve: true + bitsize: 127 + modulus: "0x7fffffffffffffffffffffffffffffff" # 2^127 - 1 + # ----------------------------------------------------------------------------- + curve P224: # NIST P-224 + bitsize: 224 + modulus: "0xffffffff_ffffffff_ffffffff_ffffffff_00000000_00000000_00000001" + curve BN254: # Zero-Knowledge proofs curve (SNARKS, STARKS) + bitsize: 254 + modulus: "0x30644e72e131a029b85045b68181585d97816a916871ca8d3c208c16d87cfd47" + # Equation: Y^2 = X^3 + 3 + curve Curve25519: # Bernstein curve + bitsize: 255 + modulus: "0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffed" + curve P256: # secp256r1 / NIST P-256 + bitsize: 256 + modulus: "0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff" + curve Secp256k1: # Bitcoin curve + bitsize: 256 + modulus: "0xFFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFE FFFFFC2F" + curve BLS12_377: + # Zexe curve + # (p41) https://eprint.iacr.org/2018/962.pdf + # https://github.com/ethereum/EIPs/blob/41dea9615/EIPS/eip-2539.md + bitsize: 377 + modulus: "0x01ae3a4617c510eac63b05c06ca1493b1a22d9f300f5138f1ef3622fba094800170b5d44300000008508c00000000001" + curve BLS12_381: + bitsize: 381 + modulus: "0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaaab" + # Equation: y^2 = x^3 + 4 + curve BN446: + bitsize: 446 + modulus: "0x2400000000000000002400000002d00000000d800000021c0000001800000000870000000b0400000057c00000015c000000132000000067" + # u = 2^110 + 2^36 + 1 + curve FKM12_447: # Fotiadis-Konstantinou-Martindale + bitsize: 447 + modulus: "0x4ce300001338c00001c08180000f20cfffffe5a8bffffd08a000000f228000007e8ffffffaddfffffffdc00000009efffffffca000000007" + # TNFS Resistant Families of Pairing-Friendly Elliptic Curves + # Georgios Fotiadis and Elisavet Konstantinou, 2018 + # https://eprint.iacr.org/2018/1017 + # + # Family 17 choice b of + # Optimal TNFS-secure pairings on elliptic curves with composite embedding degree + # Georgios Fotiadis and Chloe Martindale, 2019 + # https://eprint.iacr.org/2019/555 + # + # A short-list of pairing-friendly curves resistant toSpecial TNFS at the 128-bit security level + # Aurore Guillevic + # https://hal.inria.fr/hal-02396352v2/document + # + # p(x) = 1728x^6 + 2160x^5 + 1548x^4 + 756x^3 + 240x^2 + 54x + 7 + # t(x) = −6x² + 1, r(x) = 36x^4 + 36x^3 + 18x^2 + 6x + 1. + # Choice (b):u=−2^72 − 2^71 − 2^36 + # + # Note the paper mentions 446-bit but it's 447 + curve BLS12_461: + # Updating Key Size Estimations for Pairings + # Barbulescu, R. and S. Duquesne, 2018 + # https://hal.archives-ouvertes.fr/hal-01534101/file/main.pdf + bitsize: 461 + modulus: "0x15555545554d5a555a55d69414935fbd6f1e32d8bacca47b14848b42a8dffa5c1cc00f26aa91557f00400020000555554aaaaaac0000aaaaaaab" + # u = −2^77 + 2^50 + 2^33 + # p = (u - 1)^2 (u^4 - u^2 + 1)/3 + u + curve BN462: + # Pairing-Friendly Curves + # IETF Draft + # https://tools.ietf.org/id/draft-irtf-cfrg-pairing-friendly-curves-02.html + + # Updating Key Size Estimations for Pairings + # Barbulescu, R. and S. Duquesne, 2018 + # https://hal.archives-ouvertes.fr/hal-01534101/file/main.pdf + bitsize: 462 + modulus: "0x240480360120023ffffffffff6ff0cf6b7d9bfca0000000000d812908f41c8020ffffffffff6ff66fc6ff687f640000000002401b00840138013" + # u = 2^114 + 2^101 − 2^14 − 1 # ############################################################ # @@ -253,6 +292,10 @@ macro genMontyMagics(T: typed): untyped = genMontyMagics(Curve) +func getCurveBitSize*(C: static Curve): static int = + ## Returns the number of bits taken by the curve modulus + result = static(CurveBitSize[C]) + macro canUseNoCarryMontyMul*(C: static Curve): untyped = ## Returns true if the Modulus is compatible with a fast ## Montgomery multiplication that avoids many carries diff --git a/constantine/config/curves_parser.nim b/constantine/config/curves_parser.nim index 6254ab4..9f494da 100644 --- a/constantine/config/curves_parser.nim +++ b/constantine/config/curves_parser.nim @@ -71,38 +71,45 @@ macro declareCurves*(curves: untyped): untyped = let curve = curveDesc[1] - let sizeSection = curveDesc[2][0] + var offset = 0 + var testCurve = false + if curveDesc[2][0][0].eqident"testingCurve": + offset = 1 + testCurve = curveDesc[2][0][1].boolVal + + let sizeSection = curveDesc[2][offset] doAssert sizeSection[0].eqIdent"bitsize" sizeSection[1].expectKind(nnkStmtList) let bitSize = sizeSection[1][0] - let modSection = curveDesc[2][1] + let modSection = curveDesc[2][offset+1] doAssert modSection[0].eqIdent"modulus" modSection[1].expectKind(nnkStmtList) let modulus = modSection[1][0] - Curves.add curve - # "BN254: 254" for array construction - CurveBitSize.add nnkExprColonExpr.newTree( - curve, bitSize - ) + if not testCurve or defined(testingCurves): + Curves.add curve + # "BN254: 254" for array construction + CurveBitSize.add nnkExprColonExpr.newTree( + curve, bitSize + ) - # const BN254_Modulus = Fp[BN254](value: fromHex(BigInt[254], "0x30644e72e131a029b85045b68181585d97816a916871ca8d3c208c16d87cfd47")) - let modulusID = ident($curve & "_Modulus") - curveModStmts.add newConstStmt( - modulusID, - nnkObjConstr.newTree( - nnkBracketExpr.newTree(Fp, curve), - nnkExprColonExpr.newTree( - ident"mres", - newCall( - bindSym"fromHex", - nnkBracketExpr.newTree(bindSym"BigInt", bitSize), - modulus + # const BN254_Modulus = Fp[BN254](value: fromHex(BigInt[254], "0x30644e72e131a029b85045b68181585d97816a916871ca8d3c208c16d87cfd47")) + let modulusID = ident($curve & "_Modulus") + curveModStmts.add newConstStmt( + modulusID, + nnkObjConstr.newTree( + nnkBracketExpr.newTree(Fp, curve), + nnkExprColonExpr.newTree( + ident"mres", + newCall( + bindSym"fromHex", + nnkBracketExpr.newTree(bindSym"BigInt", bitSize), + modulus + ) ) ) ) - ) # end for --------------------------------------------------- diff --git a/constantine/pairing/README.md b/constantine/pairing/README.md index f96ad8e..486c87d 100644 --- a/constantine/pairing/README.md +++ b/constantine/pairing/README.md @@ -15,6 +15,10 @@ Ben Lynn, 2007\ https://crypto.stanford.edu/pbc/thesis.pdf +- An Analysis of Affine Coordinates for Pairing Computation\ + Kristin Lauter, Peter L. Montgomery, and Michael Naehrig, 2010\ + https://eprint.iacr.org/2010/363.pdf + - Pairings for beginners\ Craig Costello, 2012 (?)\ http://www.craigcostello.com.au/pairings/PairingsForBeginners.pdf @@ -30,11 +34,14 @@ https://scholarworks.rit.edu/cgi/viewcontent.cgi?referer=&httpsredir=1&article=10083&context=theses https://github.com/rajeevakarv/FiniteFieldComputations - - A taxonomy of pairings, their security, their complexity\ Razvan Barbulescu, Nadia El Mrabet, and Loubna Ghammam, 2019\ https://hal.archives-ouvertes.fr/hal-02129868/file/2019-485.pdf +- A short-list of pairing-friendly curves resistantto Special TNFS at the 128-bit security level\ + Aurore Guillevic\ + https://eprint.iacr.org/2019/1371.pdf + ### Presentations - Introduction to pairings\ diff --git a/constantine/tower_field_extensions/README.md b/constantine/tower_field_extensions/README.md index 9ae3b58..baa5463 100644 --- a/constantine/tower_field_extensions/README.md +++ b/constantine/tower_field_extensions/README.md @@ -79,6 +79,10 @@ From Ben Edgington, https://hackmd.io/@benjaminion/bls12-381 Naomi Benger and Michael Scott, 2009\ https://eprint.iacr.org/2009/556 +- Faster Squaring in the Cyclotomic Subgroup of Sixth Degree Extensions\ + Robert Granger and Michael Scott, 2009\ + https://eprint.iacr.org/2009/565.pdf + - High-Speed Software Implementation of the Optimal Ate Pairing over Barreto-Naehrig Curves\ Jean-Luc Beuchat and Jorge Enrique González Díaz and Shigeo Mitsunari and Eiji Okamoto and Francisco Rodríguez-Henríquez and Tadanori Teruya, 2010\ https://eprint.iacr.org/2010/354 diff --git a/tests/test_finite_fields_vs_gmp.nim b/tests/test_finite_fields_vs_gmp.nim index a4b2e42..9027022 100644 --- a/tests/test_finite_fields_vs_gmp.nim +++ b/tests/test_finite_fields_vs_gmp.nim @@ -19,11 +19,17 @@ import var RNG {.compileTime.} = initRand(1234) const CurveParams = [ - P224: (224, "0xffffffffffffffffffffffffffffffff000000000000000000000001"), - BN254: (254, "0x30644e72e131a029b85045b68181585d97816a916871ca8d3c208c16d87cfd47"), - P256: (256, "0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff"), - Secp256k1: (256, "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F"), - BLS12_381: (381, "0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaaab") + P224, + BN254, + Curve25519, + P256, + Secp256k1, + BLS12_377, + BLS12_381, + BN446, + FKM12_447, + BLS12_461, + BN462 ] const AvailableCurves = [P224, BN254, P256, Secp256k1, BLS12_381] @@ -49,13 +55,13 @@ proc binary_prologue[C: static Curve, N: static int]( a, b, p: var mpz_t, aTest, bTest: var Fp[C], aBuf, bBuf: var array[N, byte]) = - const bits = CurveParams[C][0] + const bits = C.getCurveBitSize() # Generate random value in the range 0 ..< 2^(bits-1) mpz_urandomb(a, gmpRng, uint bits) mpz_urandomb(b, gmpRng, uint bits) # Set modulus to curve modulus - let err = mpz_set_str(p, CurveParams[C][1], 0) + let err = mpz_set_str(p, Curve(C).Mod.mres.toHex(), 0) doAssert err == 0, "Error on prime for curve " & $Curve(C) ######################################################### @@ -116,7 +122,7 @@ proc addTests(gmpRng: var gmp_randstate_t, a, b, p, r: var mpz_t, C: static Curv # echo "Testing: random modular addition on ", $C const - bits = CurveParams[C][0] + bits = C.getCurveBitSize() bufLen = (bits + 7) div 8 var aTest, bTest{.noInit.}: Fp[C] @@ -139,7 +145,7 @@ proc subTests(gmpRng: var gmp_randstate_t, a, b, p, r: var mpz_t, C: static Curv # echo "Testing: random modular substraction on ", $C const - bits = CurveParams[C][0] + bits = C.getCurveBitSize() bufLen = (bits + 7) div 8 var aTest, bTest{.noInit.}: Fp[C] @@ -162,7 +168,7 @@ proc mulTests(gmpRng: var gmp_randstate_t, a, b, p, r: var mpz_t, C: static Curv # echo "Testing: random modular multiplication on ", $C const - bits = CurveParams[C][0] + bits = C.getCurveBitSize() bufLen = (bits + 7) div 8 var aTest, bTest{.noInit.}: Fp[C] @@ -182,7 +188,7 @@ proc invTests(gmpRng: var gmp_randstate_t, a, b, p, r: var mpz_t, C: static Curv # echo "Testing: random modular inversion on ", $C const - bits = CurveParams[C][0] + bits = C.getCurveBitSize() bufLen = (bits + 7) div 8 var aTest, bTest{.noInit.}: Fp[C] diff --git a/tests/test_fp2.nim b/tests/test_fp2.nim index 05cc0fa..02029bf 100644 --- a/tests/test_fp2.nim +++ b/tests/test_fp2.nim @@ -76,9 +76,14 @@ suite "𝔽p2 = 𝔽p[𝑖] (irreducible polynomial x²+1)": testInstance() test(BN254) - test(BLS12_381) test(P256) test(Secp256k1) + test(BLS12_377) + test(BLS12_381) + test(BN446) + test(FKM12_447) + test(BLS12_461) + test(BN462) test "Multiplication by 0 and 1": template test(C: static Curve, body: untyped) = @@ -192,9 +197,14 @@ suite "𝔽p2 = 𝔽p[𝑖] (irreducible polynomial x²+1)": bool(r0 == r4) abelianGroup(BN254) - abelianGroup(BLS12_381) - abelianGroup(Secp256k1) abelianGroup(P256) + abelianGroup(Secp256k1) + abelianGroup(BLS12_377) + abelianGroup(BLS12_381) + abelianGroup(BN446) + abelianGroup(FKM12_447) + abelianGroup(BLS12_461) + abelianGroup(BN462) test "𝔽p2 = 𝔽p[𝑖] multiplication is associative and commutative": proc commutativeRing(curve: static Curve) = @@ -239,9 +249,14 @@ suite "𝔽p2 = 𝔽p[𝑖] (irreducible polynomial x²+1)": bool(r0 == r4) commutativeRing(BN254) - commutativeRing(BLS12_381) - commutativeRing(Secp256k1) commutativeRing(P256) + commutativeRing(Secp256k1) + commutativeRing(BLS12_377) + commutativeRing(BLS12_381) + commutativeRing(BN446) + commutativeRing(FKM12_447) + commutativeRing(BLS12_461) + commutativeRing(BN462) test "𝔽p2 = 𝔽p[𝑖] extension field multiplicative inverse": proc mulInvOne(curve: static Curve) = @@ -259,6 +274,11 @@ suite "𝔽p2 = 𝔽p[𝑖] (irreducible polynomial x²+1)": check: bool(r == one) mulInvOne(BN254) - mulInvOne(BLS12_381) - mulInvOne(Secp256k1) mulInvOne(P256) + mulInvOne(Secp256k1) + mulInvOne(BLS12_377) + mulInvOne(BLS12_381) + mulInvOne(BN446) + mulInvOne(FKM12_447) + mulInvOne(BLS12_461) + mulInvOne(BN462) diff --git a/tests/test_fp6.nim b/tests/test_fp6.nim index fbd8aec..5d4f925 100644 --- a/tests/test_fp6.nim +++ b/tests/test_fp6.nim @@ -51,7 +51,14 @@ suite "𝔽p6 = 𝔽p2[∛(1+𝑖)] (irreducible polynomial x³ - (1+𝑖))": testInstance() test(BN254) + test(P256) + test(Secp256k1) + test(BLS12_377) test(BLS12_381) + test(BN446) + test(FKM12_447) + test(BLS12_461) + test(BN462) test "Squaring 2 returns 4": template test(C: static Curve) = @@ -76,7 +83,14 @@ suite "𝔽p6 = 𝔽p2[∛(1+𝑖)] (irreducible polynomial x³ - (1+𝑖))": testInstance() test(BN254) + test(P256) + test(Secp256k1) + test(BLS12_377) test(BLS12_381) + test(BN446) + test(FKM12_447) + test(BLS12_461) + test(BN462) test "Squaring 3 returns 9": template test(C: static Curve) = @@ -103,7 +117,14 @@ suite "𝔽p6 = 𝔽p2[∛(1+𝑖)] (irreducible polynomial x³ - (1+𝑖))": testInstance() test(BN254) + test(P256) + test(Secp256k1) + test(BLS12_377) test(BLS12_381) + test(BN446) + test(FKM12_447) + test(BLS12_461) + test(BN462) test "Squaring -3 returns 9": template test(C: static Curve) = @@ -130,4 +151,11 @@ suite "𝔽p6 = 𝔽p2[∛(1+𝑖)] (irreducible polynomial x³ - (1+𝑖))": testInstance() test(BN254) + test(P256) + test(Secp256k1) + test(BLS12_377) test(BLS12_381) + test(BN446) + test(FKM12_447) + test(BLS12_461) + test(BN462)