more eip2537 cleanup

nimbus/vm/blscurve.nim

@@ -14,28 +14,9 @@ when BLS_BACKEND == Miracl:
     BLS_SCALAR* = BIG_384
     BLS_FE* = FP_BLS12381
     BLS_FE2* = FP2_BLS12381
-    BLS_GT* = FP12_BLS12381
+    BLS_ACC* = FP12_BLS12381
-
+    BLS_G1P* = BLS_G1
-  #proc FP12_BLS12381_mul(x: ptr FP12_BLS12381, y: ptr FP12_BLS12381) {.importc, cdecl.}
+    BLS_G2P* = BLS_G2
-  #proc ECP_BLS12381_map2point(P: var ECP_BLS12381, h: FP_BLS12381) {.importc, cdecl.}
-  #proc ECP2_BLS12381_map2point(P: var ECP2_BLS12381, h: FP2_BLS12381) {.importc, cdecl.}
-  #proc ECP_BLS12381_set(p: ptr ECP_BLS12381, x, y: BIG_384): cint {.importc, cdecl.}
-  #proc FP_BLS12381_sqr(w: ptr FP_BLS12381, x: ptr FP_BLS12381) {.importc, cdecl.}
-  #
-  #proc sqr*(x: FP_BLS12381): FP_BLS12381 {.inline.} =
-  #  ## Retruns ``x ^ 2``.
-  #  FP_BLS12381_sqr(addr result, unsafeAddr x)
-  #
-  #proc rhs*(x: FP_BLS12381): FP_BLS12381 {.inline.} =
-  #  ## Returns ``x ^ 3 + b``.
-  #  ECP_BLS12381_rhs(addr result, unsafeAddr x)
-  #
-  #proc isOnCurv*(x, y: FP_BLS12381 or FP2_BLS12381): bool =
-  #  ## Returns ``true`` if point is on curve or points to infinite.
-  #  if x.iszilch() and y.iszilch():
-  #    result = true
-  #  else:
-  #    result = (sqr(y) == rhs(x))
 
   func pack(g: var BLS_G1, x, y: BLS_FP): bool {.inline.} =
     discard ECP_BLS12381_set(g.addr, x, y)
@@ -69,13 +50,13 @@ when BLS_BACKEND == Miracl:
     result = mapToCurveG2(fp)
     result.clearCofactor()
 
-  func millerLoop*(g1: BLS_G1, g2: BLS_G2): BLS_GT {.inline.} =
+  func millerLoop*(g1: BLS_G1, g2: BLS_G2): BLS_ACC {.inline.} =
     PAIR_BLS12381_ate(result.addr, g2.unsafeAddr, g1.unsafeAddr)
 
-  proc mul*(a: var BLS_GT, b: BLS_GT) {.inline.} =
+  proc mul*(a: var BLS_ACC, b: BLS_ACC) {.inline.} =
     FP12_BLS12381_mul(a.addr, b.unsafeAddr)
 
-  func check*(x: BLS_GT): bool {.inline.} =
+  func check*(x: BLS_ACC): bool {.inline.} =
     PAIR_BLS12381_fexp(x.unsafeAddr)
     FP12_BLS12381_isunity(x.unsafeAddr).int == 1
 
@@ -90,7 +71,9 @@ else:
     BLS_SCALAR* = blst_scalar
     BLS_FE* = blst_fp
     BLS_FE2* = blst_fp2
-    BLS_GT* = blst_fp12
+    BLS_ACC* = blst_fp12
+    BLS_G1P* = blst_p1_affine
+    BLS_G2P* = blst_p2_affine
 
   func fromBytes*(ret: var BLS_SCALAR, raw: openArray[byte]): bool =
     const L = 32
@@ -176,26 +159,28 @@ else:
     let z: ptr blst_fp2 = nil
     blst_map_to_g2(result, fp, z[])
 
-  func subgroupCheck*(P: BLS_G1): bool {.inline.} =
+  func pack(g: var BLS_G1P, x, y: BLS_FP): bool =
-    blst_p1_in_g1(P).int == 1
+    g = blst_p1_affine(x: x, y: y)
+    blst_p1_affine_on_curve(g).int == 1
 
-  func subgroupCheck*(P: BLS_G2): bool {.inline.} =
+  func pack(g: var BLS_G2P, x0, x1, y0, y1: BLS_FP): bool =
-    blst_p2_in_g2(P).int == 1
+    g = blst_p2_affine(x: blst_fp2(fp: [x0, x1]), y: blst_fp2(fp: [y0, y1]))
+    blst_p2_affine_on_curve(g).int == 1
 
-  func millerLoop*(g1: BLS_G1, g2: BLS_G2): BLS_GT =
+  func subgroupCheck*(P: BLS_G1P): bool {.inline.} =
-    # TODO: avoid g1, g2 conversion to affine
+    blst_p1_affine_in_g1(P).int == 1
-    var
+
-      P: blst_p1_affine
+  func subgroupCheck*(P: BLS_G2P): bool {.inline.} =
-      Q: blst_p2_affine
+    blst_p2_affine_in_g2(P).int == 1
-    blst_p1_to_affine(P, g1)
+
-    blst_p2_to_affine(Q, g2)
+  func millerLoop*(P: BLS_G1P, Q: BLS_G2P): BLS_ACC {.inline.} =
     blst_miller_loop(result, Q, P)
 
-  proc mul*(a: var BLS_GT, b: BLS_GT) {.inline.} =
+  proc mul*(a: var BLS_ACC, b: BLS_ACC) {.inline.} =
     blst_fp12_mul(a, a, b)
 
-  func check*(x: BLS_GT): bool {.inline.} =
+  func check*(x: BLS_ACC): bool {.inline.} =
-    var ret: BLS_GT
+    var ret: BLS_ACC
     ret.blst_final_exp(x)
     ret.blst_fp12_is_one().int == 1
 
@@ -248,7 +233,7 @@ else:
     res.fp[1].decodeFE input.toOpenArray(64, 127)
 
 # DecodePoint given encoded (x, y) coordinates in 128 bytes returns a valid G1 Point.
-func decodePoint*(g: var BLS_G1, data: openArray[byte]): bool =
+func decodePoint*(g: var (BLS_G1 | BLS_G1P), data: openArray[byte]): bool =
   if data.len != 128:
     return false
 
@@ -276,7 +261,7 @@ func encodePoint*(g: BLS_G1, output: var openArray[byte]): bool =
   y.toBytes output.toOpenArray(64+16, 127)
 
 # DecodePoint given encoded (x, y) coordinates in 256 bytes returns a valid G2 Point.
-func decodePoint*(g: var BLS_G2, data: openArray[byte]): bool =
+func decodePoint*(g: var (BLS_G2 | BLS_G2P), data: openArray[byte]): bool =
   if data.len != 256:
     return false
 

nimbus/vm/map_to_curve_g1.nim

@@ -1,5 +1,4 @@
 import blscurve/miracl/[common, milagro]
-import stew/endians2
 
 # IETF Standard Draft: https://tools.ietf.org/html/draft-irtf-cfrg-hash-to-curve-10
 # The Hash-To-Curve v7 is binary compatible with Hash-To-Curve v9, v10
@@ -81,13 +80,6 @@ func hexToFP(hex: string): FP_BLS12381 =
 func hexToBig(hex: string): BIG_384 {.inline.} =
   discard result.fromHex(hex)
 
-{.pragma: milagro_func, importc, cdecl.}
-
-proc FP_BLS12381_mul*(x, y, z: ptr FP_BLS12381) {.milagro_func.}
-proc FP_BLS12381_add*(x, y, z: ptr FP_BLS12381) {.milagro_func.}
-proc FP_BLS12381_inv*(x, y, z: ptr FP_BLS12381) {.milagro_func.}
-proc FP_BLS12381_cmove*(x, y: ptr FP_BLS12381, s: cint) {.milagro_func.}
-
 # syntactic sugars
 proc `*=`(a: var FP_BLS12381, b: FP_BLS12381) {.inline.} =
   FP_BLS12381_mul(a.addr, a.addr, b.unsafeAddr)
@@ -128,14 +120,17 @@ func isSquare(a: FP_BLS12381): bool {.inline.} =
 proc sqrt(a: FP_BLS12381): FP_BLS12381 {.inline.} =
   FP_BLS12381_sqrt(addr result, unsafeAddr a, nil)
 
-func sign0(x: FP_BLS12381): bool =
+func sign0(x: FP_BLS12381): bool {.inline.} =
   # The sgn0 function. Section 4.1
-  const
+  when false:
-    sign_0 = 0
+    const
-    zero_0 = 1
+      sign_0 = 0
-  let sign_1 = x.parity()
+      zero_0 = 1
-  # hope the compiler can optimize this
+    let sign_1 = x.parity()
-  bool(sign_0 or (zero_0 and sign_1))
+    # hope the compiler can optimize this
+    bool(sign_0 or (zero_0 and sign_1))
+  else:
+    bool x.parity
 
 func initArray[N: static[int]](hex: array[N, string]): array[N, FP_BLS12381] =
   for i in 0..<N:
@@ -187,7 +182,7 @@ func mapToIsoCurveSSWU(u: FP_BLS12381): tuple[x, y: FP_BLS12381] =
       c1 {.global.} = neg B/A    # -B/A
       c2 {.global.} = neg inv(Z) # -1/Z
 
-    # Simplified Shallue-van de Woestijne method. Apendix F.2.
+    # Simplified Shallue-van de Woestijne-Ulas method. Apendix F.2.
     let tv1 = Z * sqr(u)
     var tv2 = sqr(tv1)
     var x1  = tv1 + tv2
@@ -214,8 +209,13 @@ func mapToIsoCurveSSWU(u: FP_BLS12381): tuple[x, y: FP_BLS12381] =
   result.y = y
 
 func mapToCurveG1*(u: FP_BLS12381): ECP_BLS12381 =
-  {.noSideEffect.}:
+  when false:
-    let cofactor {.global.} = hexToBig("d201000000010001")
+    {.noSideEffect.}:
+      let cofactor {.global.} = hexToBig("d201000000010001")
+      let p = mapToIsoCurveSSWU(u)
+      result = isogenyMapG1(p.x, p.y)
+      result.mul cofactor
+  else:
     let p = mapToIsoCurveSSWU(u)
     result = isogenyMapG1(p.x, p.y)
-    result.mul cofactor
+    ECP_BLS12381_cfp(addr result)

nimbus/vm/precompiles.nim

@@ -586,9 +586,9 @@ proc blsPairing*(c: Computation) =
   c.gasMeter.consumeGas(gas, reason="blsG2Pairing Precompile")
 
   var
-    g1: BLS_G1
+    g1: BLS_G1P
-    g2: BLS_G2
+    g2: BLS_G2P
-    gt: BLS_GT
+    acc: BLS_ACC
 
   # Decode pairs
   for i in 0..<K:
@@ -612,12 +612,12 @@ proc blsPairing*(c: Computation) =
 
     # Update pairing engine with G1 and G2 points
     if i == 0:
-      gt = millerLoop(g1, g2)
+      acc = millerLoop(g1, g2)
     else:
-      gt.mul(millerLoop(g1, g2))
+      acc.mul(millerLoop(g1, g2))
 
   c.output = newSeq[byte](32)
-  if gt.check():
+  if acc.check():
     c.output[^1] = 1.byte
 
 proc blsMapG1*(c: Computation) =