diff --git a/CHANGELOG.md b/CHANGELOG.md index 45417932c..c20839f77 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -14,9 +14,9 @@ - [\#348](https://github.com/arkworks-rs/algebra/pull/348) (`ark-ec`) Rename `msm:{Fixed,Variable}BaseMSM:multi_scalar_mul` to `msm:{Fixed,Variable}:msm` to avoid redundancy. - [\#359](https://github.com/arkworks-rs/algebra/pull/359) (`ark-test-templates`) Simplify the field and curve test macros. - [\#365](https://github.com/arkworks-rs/algebra/pull/365) (`ark-ec`) - - Move `COFACTOR`, `COFACTOR_INV`, and `is_in_correct_subgroup_assuming_on_curve()` from `{SW,TE}ModelParameters` to `ModelParameters`. + - Move `COFACTOR`, `COFACTOR_INV`, and `is_in_correct_subgroup_assuming_on_curve()` from `{SW,TE}CurveConfig` to `CurveConfig`. - Add `mul_bits()` to `AffineCurve` and provide a default implementation of `mul()` using this. - - Remove duplicate function `scale_by_cofactor()` from `short_weierstrass_jacobian::GroupAffine` and `twisted_edwards_extended::GroupAffine` + - Remove duplicate function `scale_by_cofactor()` from `short_weierstrass::GroupAffine` and `twisted_edwards_extended::GroupAffine` - [\#370](https://github.com/arkworks-rs/algebra/pull/370) (all) Set the minimum `rust-version = 1.56` in the manifests of all crates. - [\#379](https://github.com/arkworks-rs/algebra/pull/379) (`ark-ff`) Refactor `Field` implementation and `PrimeField` trait: - Switch from hardcoded `FpXYZ` to `Fp` based on `const` generics. @@ -35,18 +35,27 @@ - [\#412](https://github.com/arkworks-rs/algebra/pull/412) (`ark-poly`) Rename UV/MVPolynomial to DenseUV/MVPolynomial. - [\#417](https://github.com/arkworks-rs/algebra/pull/417) (`ark-ff`) Remove `ToBytes` and `FromBytes`. - [\#425](https://github.com/arkworks-rs/algebra/pull/425) (`ark-ec`) Refactor `VariableBase` struct to `VariableBaseMSM` trait and implement it for `GroupProjective`. +- [\#438](https://github.com/arkworks-rs/algebra/pull/438) (`ark-ec`) Rename modules, structs, and traits related to `ec`. + - `short_weierstrass_jacobian` → `short_weierstrass` + - `twisted_edwards_extend` → `twisted_edwards` + - `GroupAffine` → `Affine` + - `GroupProjective` → `Projective` + - `ModelParameters` → `CurveConfig` + - `SWModelParameters` → `SWCurveConfig` + - `TEModelParameters` → `TECurveConfig` + - `MontgomeryModelParameters` → `MontCurveConfig` ### Features - [\#301](https://github.com/arkworks-rs/algebra/pull/301) (`ark-ec`) Add `GLVParameters` trait definition. -- [\#312](https://github.com/arkworks-rs/algebra/pull/312) (`ark-ec`) Add `is_in_correct_subgroup_assuming_on_curve` for all `SWModelParameters`. +- [\#312](https://github.com/arkworks-rs/algebra/pull/312) (`ark-ec`) Add `is_in_correct_subgroup_assuming_on_curve` for all `Parameters`. - [\#321](https://github.com/arkworks-rs/algebra/pull/321) (`ark-ff`) Change bigint conversions to impl `From` instead of `Into`. - [\#343](https://github.com/arkworks-rs/algebra/pull/343) (`ark-ec`) Add WB and SWU hash-to-curve maps. - [\#348](https://github.com/arkworks-rs/algebra/pull/348) (`ark-ec`) Add `msm:{Fixed,Variable}Base:msm_checked_len`. - [\#364](https://github.com/arkworks-rs/algebra/pull/364) (`ark-ec`) Add `ChunkedPippenger` to variable-base MSM. - [\#371](https://github.com/arkworks-rs/algebra/pull/371) (`ark-serialize`) Add serialization impls for arrays - [\#386](https://github.com/arkworks-rs/algebra/pull/386) (`ark-ff-macros`, `ark-ff`) Add a macro to derive `MontConfig`. -- [\#396](https://github.com/arkworks-rs/algebra/pull/396) (`ark-ec`) Add a default `mul` function to `{TE,SW}ModelParameters` trait definition. +- [\#396](https://github.com/arkworks-rs/algebra/pull/396) (`ark-ec`) Add a default `mul` function to `{TE,SW}CurveConfig` trait definition. - [\#397](https://github.com/arkworks-rs/algebra/pull/397) (`ark-ec`) Add `HashMapPippenger` to variable-base MSM. - [\#420](https://github.com/arkworks-rs/algebra/pull/420) (`ark-ec`) Add a `clear_cofactor` method to `AffineCurve`. diff --git a/ec/README.md b/ec/README.md index 7f729db7c..921fd0368 100644 --- a/ec/README.md +++ b/ec/README.md @@ -19,5 +19,5 @@ The available elliptic curve traits are: The elliptic curve models implemented are: -* [*Short Weierstrass*](https://github.com/arkworks-rs/algebra/blob/master/ec/src/models/short_weierstrass_jacobian.rs) curves. The `AffineCurve` in this case is in typical Short Weierstrass point representation, and the `ProjectiveCurve` is using points in [Jacobian Coordinates](https://en.wikibooks.org/wiki/Cryptography/Prime_Curve/Jacobian_Coordinates). -* [*Twisted Edwards*](https://github.com/arkworks-rs/algebra/blob/master/ec/src/models/twisted_edwards_extended.rs) curves. The `AffineCurve` in this case is in standard Twisted Edwards curve representation, whereas the `ProjectiveCurve` uses points in [Extended Twisted Edwards Coordinates](https://eprint.iacr.org/2008/522.pdf). +* [*Short Weierstrass*](https://github.com/arkworks-rs/algebra/blob/master/ec/src/models/short_weierstrass.rs) curves. The `AffineCurve` in this case is in typical Short Weierstrass point representation, and the `ProjectiveCurve` is using points in [Jacobian Coordinates](https://en.wikibooks.org/wiki/Cryptography/Prime_Curve/Jacobian_Coordinates). +* [*Twisted Edwards*](https://github.com/arkworks-rs/algebra/blob/master/ec/src/models/twisted_edwards.rs) curves. The `AffineCurve` in this case is in standard Twisted Edwards curve representation, whereas the `ProjectiveCurve` uses points in [Extended Twisted Edwards Coordinates](https://eprint.iacr.org/2008/522.pdf). diff --git a/ec/src/glv.rs b/ec/src/glv.rs index d15c791ff..7232890a8 100644 --- a/ec/src/glv.rs +++ b/ec/src/glv.rs @@ -1,7 +1,7 @@ -use crate::ModelParameters; +use crate::CurveConfig; /// The GLV parameters for computing the endomorphism and scalar decomposition. -pub trait GLVParameters: Send + Sync + 'static + ModelParameters { +pub trait GLVParameters: Send + Sync + 'static + CurveConfig { /// Affine representation of curve points. type CurveAffine; /// A representation of curve points that enables efficient arithmetic by diff --git a/ec/src/hashing/curve_maps/swu/mod.rs b/ec/src/hashing/curve_maps/swu/mod.rs index 78c886965..a2202d4af 100644 --- a/ec/src/hashing/curve_maps/swu/mod.rs +++ b/ec/src/hashing/curve_maps/swu/mod.rs @@ -1,11 +1,11 @@ -use crate::models::SWModelParameters; +use crate::models::short_weierstrass::SWCurveConfig; use ark_ff::{BigInteger, Field, One, PrimeField, SquareRootField, Zero}; use ark_std::string::ToString; use core::marker::PhantomData; use crate::{ hashing::{map_to_curve_hasher::MapToCurve, HashToCurveError}, - models::short_weierstrass_jacobian::GroupAffine, + models::short_weierstrass::Affine, }; /// Trait defining the necessary parameters for the SWU hash-to-curve method @@ -13,7 +13,7 @@ use crate::{ /// y^2 = x^3 + a*x + b where ab != 0. From [\[WB2019\]] /// /// - [\[WB2019\]] -pub trait SWUParams: SWModelParameters { +pub trait SWUParams: SWCurveConfig { /// An element of the base field that is not a square root see \[WB2019, Section 4\]. /// It is also convenient to have $g(b/xi * a)$ to be square. In general /// we use a `XI` with low absolute value coefficients when they are @@ -40,7 +40,7 @@ pub fn parity(element: &F) -> bool { .map_or(false, |x| x.into_bigint().is_odd()) } -impl MapToCurve> for SWUMap

{ +impl MapToCurve> for SWUMap

{ /// Constructs a new map if `P` represents a valid map. fn new() -> Result { // Verifying that both XI and ZETA are non-squares @@ -81,7 +81,7 @@ impl MapToCurve> for SWUMap

{ /// Map an arbitrary base field element to a curve point. /// Based on /// . - fn map_to_curve(&self, point: P::BaseField) -> Result, HashToCurveError> { + fn map_to_curve(&self, point: P::BaseField) -> Result, HashToCurveError> { // 1. tv1 = inv0(Z^2 * u^4 + Z * u^2) // 2. x1 = (-B / A) * (1 + tv1) // 3. If tv1 == 0, set x1 = B / (Z * A) @@ -165,7 +165,7 @@ impl MapToCurve> for SWUMap

{ let x_affine = num_x / div; let y_affine = if parity(&y) { -y } else { y }; - let point_on_curve = GroupAffine::

::new(x_affine, y_affine, false); + let point_on_curve = Affine::

::new(x_affine, y_affine, false); assert!( point_on_curve.is_on_curve(), "swu mapped to a point off the curve" diff --git a/ec/src/hashing/curve_maps/wb/mod.rs b/ec/src/hashing/curve_maps/wb/mod.rs index b9935ddb3..c61005170 100644 --- a/ec/src/hashing/curve_maps/wb/mod.rs +++ b/ec/src/hashing/curve_maps/wb/mod.rs @@ -1,17 +1,17 @@ use core::marker::PhantomData; -use crate::{models::SWModelParameters, ModelParameters}; +use crate::{models::short_weierstrass::SWCurveConfig, CurveConfig}; use ark_ff::batch_inversion; use ark_poly::{univariate::DensePolynomial, DenseUVPolynomial, Polynomial}; use crate::{ hashing::{map_to_curve_hasher::MapToCurve, HashToCurveError}, - models::short_weierstrass_jacobian::GroupAffine, + models::short_weierstrass::Affine, AffineCurve, }; use super::swu::{SWUMap, SWUParams}; -type BaseField = ::BaseField; +type BaseField = ::BaseField; /// Trait defining the necessary parameters for the WB hash-to-curve method /// for the curves of Weierstrass form of: @@ -19,7 +19,7 @@ type BaseField = ::BaseField; /// From [\[WB2019\]] /// /// - [\[WB2019\]] -pub trait WBParams: SWModelParameters + Sized { +pub trait WBParams: SWCurveConfig + Sized { // The isogenous curve should be defined over the same base field but it can have // different scalar field type IsogenousCurveScalarField : type IsogenousCurve: SWUParams>; @@ -31,8 +31,8 @@ pub trait WBParams: SWModelParameters + Sized { const PHI_Y_DEN: &'static [BaseField]; fn isogeny_map( - domain_point: GroupAffine, - ) -> Result, HashToCurveError> { + domain_point: Affine, + ) -> Result, HashToCurveError> { let x_num = DensePolynomial::from_coefficients_slice(Self::PHI_X_NOM); let x_den = DensePolynomial::from_coefficients_slice(Self::PHI_X_DEN); @@ -47,7 +47,7 @@ pub trait WBParams: SWModelParameters + Sized { let img_x = x_num.evaluate(&domain_point.x) * v[0]; let img_y = (y_num.evaluate(&domain_point.x) * domain_point.y) * v[1]; - Ok(GroupAffine::new(img_x, img_y, false)) + Ok(Affine::new(img_x, img_y, false)) } } @@ -56,11 +56,11 @@ pub struct WBMap { curve_params: PhantomData P>, } -impl MapToCurve> for WBMap

{ +impl MapToCurve> for WBMap

{ /// Constructs a new map if `P` represents a valid map. fn new() -> Result { // Verifying that the isogeny maps the generator of the SWU curve into us - let isogenous_curve_generator = GroupAffine::::new( + let isogenous_curve_generator = Affine::::new( P::IsogenousCurve::AFFINE_GENERATOR_COEFFS.0, P::IsogenousCurve::AFFINE_GENERATOR_COEFFS.1, false, @@ -86,8 +86,8 @@ impl MapToCurve> for WBMap

{ /// fn map_to_curve( &self, - element: as AffineCurve>::BaseField, - ) -> Result, HashToCurveError> { + element: as AffineCurve>::BaseField, + ) -> Result, HashToCurveError> { // first we need to map the field point to the isogenous curve let point_on_isogenious_curve = self.swu_field_curve_hasher.map_to_curve(element).unwrap(); P::isogeny_map(point_on_isogenious_curve) diff --git a/ec/src/hashing/tests/mod.rs b/ec/src/hashing/tests/mod.rs index 83df44019..1e904a894 100644 --- a/ec/src/hashing/tests/mod.rs +++ b/ec/src/hashing/tests/mod.rs @@ -7,9 +7,9 @@ use crate::{ }, map_to_curve_hasher::{MapToCurve, MapToCurveBasedHasher}, }, - models::SWModelParameters, - short_weierstrass_jacobian::GroupAffine, - ModelParameters, + models::short_weierstrass::SWCurveConfig, + short_weierstrass::Affine, + CurveConfig, }; use ark_ff::field_hashers::DefaultFieldHasher; use ark_ff::{biginteger::BigInteger64, fields::Fp64, BigInt, MontBackend, MontFp}; @@ -53,7 +53,7 @@ const F127_ONE: F127 = MontFp!(F127, "1"); struct TestSWUMapToCurveParams; -impl ModelParameters for TestSWUMapToCurveParams { +impl CurveConfig for TestSWUMapToCurveParams { const COFACTOR: &'static [u64] = &[1]; #[rustfmt::skip] @@ -76,7 +76,7 @@ impl ModelParameters for TestSWUMapToCurveParams { /// pass /// /// y^2 = x^3 + x + 63 -impl SWModelParameters for TestSWUMapToCurveParams { +impl SWCurveConfig for TestSWUMapToCurveParams { /// COEFF_A = 1 const COEFF_A: F127 = F127_ONE; @@ -126,7 +126,7 @@ fn checking_the_hashing_parameters() { #[test] fn hash_arbitary_string_to_curve_swu() { let test_swu_to_curve_hasher = MapToCurveBasedHasher::< - GroupAffine, + Affine, DefaultFieldHasher, SWUMap, >::new(&[1]) @@ -147,7 +147,7 @@ fn hash_arbitary_string_to_curve_swu() { fn map_field_to_curve_swu() { let test_map_to_curve = SWUMap::::new().unwrap(); - let mut map_range: Vec> = vec![]; + let mut map_range: Vec> = vec![]; for current_field_element in 0..127 { map_range.push( test_map_to_curve @@ -183,7 +183,7 @@ struct TestSWU127MapToIsogenousCurveParams; /// First we define the isogenous curve /// sage: E_isogenous.order() /// 127 -impl ModelParameters for TestSWU127MapToIsogenousCurveParams { +impl CurveConfig for TestSWU127MapToIsogenousCurveParams { const COFACTOR: &'static [u64] = &[1]; #[rustfmt::skip] @@ -195,7 +195,7 @@ impl ModelParameters for TestSWU127MapToIsogenousCurveParams { /// E_isogenous : Elliptic Curve defined by y^2 = x^3 + 109*x + 124 over Finite /// Field of size 127 -impl SWModelParameters for TestSWU127MapToIsogenousCurveParams { +impl SWCurveConfig for TestSWU127MapToIsogenousCurveParams { /// COEFF_A = 109 const COEFF_A: F127 = MontFp!(F127, "109"); @@ -221,7 +221,7 @@ impl SWUParams for TestSWU127MapToIsogenousCurveParams { /// The struct defining our parameters for the target curve of hashing struct TestWBF127MapToCurveParams; -impl ModelParameters for TestWBF127MapToCurveParams { +impl CurveConfig for TestWBF127MapToCurveParams { const COFACTOR: &'static [u64] = &[1]; #[rustfmt::skip] @@ -233,7 +233,7 @@ impl ModelParameters for TestWBF127MapToCurveParams { /// E: Elliptic Curve defined by y^2 = x^3 + 3 over Finite /// Field of size 127 -impl SWModelParameters for TestWBF127MapToCurveParams { +impl SWCurveConfig for TestWBF127MapToCurveParams { /// COEFF_A = 0 const COEFF_A: F127 = F127_ZERO; @@ -264,7 +264,7 @@ impl SWModelParameters for TestWBF127MapToCurveParams { impl WBParams for TestWBF127MapToCurveParams { type IsogenousCurve = TestSWU127MapToIsogenousCurveParams; - const PHI_X_NOM: &'static [::BaseField] = &[ + const PHI_X_NOM: &'static [::BaseField] = &[ MontFp!(F127, "4"), MontFp!(F127, "63"), MontFp!(F127, "23"), @@ -281,7 +281,7 @@ impl WBParams for TestWBF127MapToCurveParams { MontFp!(F127, "-57"), ]; - const PHI_X_DEN: &'static [::BaseField] = &[ + const PHI_X_DEN: &'static [::BaseField] = &[ MontFp!(F127, "2"), MontFp!(F127, "31"), MontFp!(F127, "-10"), @@ -297,7 +297,7 @@ impl WBParams for TestWBF127MapToCurveParams { MontFp!(F127, "1"), ]; - const PHI_Y_NOM: &'static [::BaseField] = &[ + const PHI_Y_NOM: &'static [::BaseField] = &[ MontFp!(F127, "-34"), MontFp!(F127, "-57"), MontFp!(F127, "30"), @@ -319,7 +319,7 @@ impl WBParams for TestWBF127MapToCurveParams { MontFp!(F127, "10"), ]; - const PHI_Y_DEN: &'static [::BaseField] = &[ + const PHI_Y_DEN: &'static [::BaseField] = &[ MontFp!(F127, "32"), MontFp!(F127, "-18"), MontFp!(F127, "-24"), @@ -347,7 +347,7 @@ impl WBParams for TestWBF127MapToCurveParams { #[test] fn hash_arbitary_string_to_curve_wb() { let test_wb_to_curve_hasher = MapToCurveBasedHasher::< - GroupAffine, + Affine, DefaultFieldHasher, WBMap, >::new(&[1]) diff --git a/ec/src/lib.rs b/ec/src/lib.rs index dd67b25d2..8eae6c9c1 100644 --- a/ec/src/lib.rs +++ b/ec/src/lib.rs @@ -162,11 +162,11 @@ pub trait ProjectiveCurve: + for<'a> core::iter::Sum<&'a Self> + From<::Affine> { - type Parameters: ModelParameters; + type Config: CurveConfig; type ScalarField: PrimeField + SquareRootField; type BaseField: Field; type Affine: AffineCurve< - Parameters = Self::Parameters, + Config = Self::Config, Projective = Self, ScalarField = Self::ScalarField, BaseField = Self::BaseField, @@ -249,7 +249,7 @@ pub trait AffineCurve: + for<'a> core::iter::Sum<&'a Self> + From<::Projective> { - type Parameters: ModelParameters; + type Config: CurveConfig; /// The group defined by this curve has order `h * r` where `r` is a large /// prime. `Self::ScalarField` is the prime field defined by `r` @@ -260,7 +260,7 @@ pub trait AffineCurve: /// The projective representation of points on this curve. type Projective: ProjectiveCurve< - Parameters = Self::Parameters, + Config = Self::Config, Affine = Self, ScalarField = Self::ScalarField, BaseField = Self::BaseField, @@ -310,7 +310,7 @@ pub trait AffineCurve: /// `Self::ScalarField`. #[must_use] fn mul_by_cofactor_inv(&self) -> Self { - self.mul(Self::Parameters::COFACTOR_INV).into() + self.mul(Self::Config::COFACTOR_INV).into() } } diff --git a/ec/src/models/bls12/g1.rs b/ec/src/models/bls12/g1.rs index 21a4ba43d..8375ca173 100644 --- a/ec/src/models/bls12/g1.rs +++ b/ec/src/models/bls12/g1.rs @@ -1,12 +1,12 @@ use crate::{ bls12::Bls12Parameters, - short_weierstrass_jacobian::{GroupAffine, GroupProjective}, + short_weierstrass::{Affine, Projective}, AffineCurve, }; use num_traits::Zero; -pub type G1Affine

= GroupAffine<

::G1Parameters>; -pub type G1Projective

= GroupProjective<

::G1Parameters>; +pub type G1Affine

= Affine<

::G1Parameters>; +pub type G1Projective

= Projective<

::G1Parameters>; #[derive(Derivative)] #[derivative( diff --git a/ec/src/models/bls12/g2.rs b/ec/src/models/bls12/g2.rs index fd2007313..90c562af4 100644 --- a/ec/src/models/bls12/g2.rs +++ b/ec/src/models/bls12/g2.rs @@ -6,13 +6,13 @@ use num_traits::{One, Zero}; use crate::{ bls12::{Bls12Parameters, TwistType}, - models::SWModelParameters, - short_weierstrass_jacobian::{GroupAffine, GroupProjective}, + models::short_weierstrass::SWCurveConfig, + short_weierstrass::{Affine, Projective}, AffineCurve, }; -pub type G2Affine

= GroupAffine<

::G2Parameters>; -pub type G2Projective

= GroupProjective<

::G2Parameters>; +pub type G2Affine

= Affine<

::G2Parameters>; +pub type G2Projective

= Projective<

::G2Parameters>; #[derive(Derivative)] #[derivative( diff --git a/ec/src/models/bls12/mod.rs b/ec/src/models/bls12/mod.rs index 1c75de81c..f580ec440 100644 --- a/ec/src/models/bls12/mod.rs +++ b/ec/src/models/bls12/mod.rs @@ -1,5 +1,5 @@ use crate::{ - models::{ModelParameters, SWModelParameters}, + models::{short_weierstrass::SWCurveConfig, CurveConfig}, PairingEngine, }; use ark_ff::fields::{ @@ -37,10 +37,10 @@ pub trait Bls12Parameters: 'static { type Fp2Config: Fp2Config; type Fp6Config: Fp6Config; type Fp12Config: Fp12Config; - type G1Parameters: SWModelParameters; - type G2Parameters: SWModelParameters< + type G1Parameters: SWCurveConfig; + type G2Parameters: SWCurveConfig< BaseField = Fp2, - ScalarField = ::ScalarField, + ScalarField = ::ScalarField, >; } @@ -87,7 +87,7 @@ impl Bls12

{ } impl PairingEngine for Bls12

{ - type Fr = ::ScalarField; + type Fr = ::ScalarField; type G1Projective = G1Projective

; type G1Affine = G1Affine

; type G1Prepared = G1Prepared

; diff --git a/ec/src/models/bn/g1.rs b/ec/src/models/bn/g1.rs index cfcbbd9c4..e60f0d87d 100644 --- a/ec/src/models/bn/g1.rs +++ b/ec/src/models/bn/g1.rs @@ -1,12 +1,12 @@ use crate::{ bn::BnParameters, - short_weierstrass_jacobian::{GroupAffine, GroupProjective}, + short_weierstrass::{Affine, Projective}, AffineCurve, }; use num_traits::Zero; -pub type G1Affine

= GroupAffine<

::G1Parameters>; -pub type G1Projective

= GroupProjective<

::G1Parameters>; +pub type G1Affine

= Affine<

::G1Parameters>; +pub type G1Projective

= Projective<

::G1Parameters>; #[derive(Derivative)] #[derivative( diff --git a/ec/src/models/bn/g2.rs b/ec/src/models/bn/g2.rs index fa88249df..8684ff1f1 100644 --- a/ec/src/models/bn/g2.rs +++ b/ec/src/models/bn/g2.rs @@ -6,13 +6,13 @@ use num_traits::{One, Zero}; use crate::{ bn::{BnParameters, TwistType}, - models::SWModelParameters, - short_weierstrass_jacobian::{GroupAffine, GroupProjective}, + models::short_weierstrass::SWCurveConfig, + short_weierstrass::{Affine, Projective}, AffineCurve, }; -pub type G2Affine

= GroupAffine<

::G2Parameters>; -pub type G2Projective

= GroupProjective<

::G2Parameters>; +pub type G2Affine

= Affine<

::G2Parameters>; +pub type G2Projective

= Projective<

::G2Parameters>; #[derive(Derivative)] #[derivative( diff --git a/ec/src/models/bn/mod.rs b/ec/src/models/bn/mod.rs index c9a04bb16..2a6e69a4e 100644 --- a/ec/src/models/bn/mod.rs +++ b/ec/src/models/bn/mod.rs @@ -1,5 +1,5 @@ use crate::{ - models::{ModelParameters, SWModelParameters}, + models::{short_weierstrass::SWCurveConfig, CurveConfig}, PairingEngine, }; use ark_ff::fields::{ @@ -35,10 +35,10 @@ pub trait BnParameters: 'static { type Fp2Config: Fp2Config; type Fp6Config: Fp6Config; type Fp12Config: Fp12Config; - type G1Parameters: SWModelParameters; - type G2Parameters: SWModelParameters< + type G1Parameters: SWCurveConfig; + type G2Parameters: SWCurveConfig< BaseField = Fp2, - ScalarField = ::ScalarField, + ScalarField = ::ScalarField, >; } @@ -85,7 +85,7 @@ impl Bn

{ } impl PairingEngine for Bn

{ - type Fr = ::ScalarField; + type Fr = ::ScalarField; type G1Projective = G1Projective

; type G1Affine = G1Affine

; type G1Prepared = G1Prepared

; diff --git a/ec/src/models/bw6/g1.rs b/ec/src/models/bw6/g1.rs index fae95210b..ff8306465 100644 --- a/ec/src/models/bw6/g1.rs +++ b/ec/src/models/bw6/g1.rs @@ -1,12 +1,12 @@ use crate::{ bw6::BW6Parameters, - short_weierstrass_jacobian::{GroupAffine, GroupProjective}, + short_weierstrass::{Affine, Projective}, AffineCurve, }; use num_traits::Zero; -pub type G1Affine

= GroupAffine<

::G1Parameters>; -pub type G1Projective

= GroupProjective<

::G1Parameters>; +pub type G1Affine

= Affine<

::G1Parameters>; +pub type G1Projective

= Projective<

::G1Parameters>; #[derive(Derivative)] #[derivative( diff --git a/ec/src/models/bw6/g2.rs b/ec/src/models/bw6/g2.rs index 47e557b39..1186c5f39 100644 --- a/ec/src/models/bw6/g2.rs +++ b/ec/src/models/bw6/g2.rs @@ -6,13 +6,13 @@ use num_traits::{One, Zero}; use crate::{ bw6::{BW6Parameters, TwistType}, - models::SWModelParameters, - short_weierstrass_jacobian::{GroupAffine, GroupProjective}, + models::short_weierstrass::SWCurveConfig, + short_weierstrass::{Affine, Projective}, AffineCurve, }; -pub type G2Affine

= GroupAffine<

::G2Parameters>; -pub type G2Projective

= GroupProjective<

::G2Parameters>; +pub type G2Affine

= Affine<

::G2Parameters>; +pub type G2Projective

= Projective<

::G2Parameters>; #[derive(Derivative)] #[derivative( diff --git a/ec/src/models/bw6/mod.rs b/ec/src/models/bw6/mod.rs index 3b56355db..2f263f5b2 100644 --- a/ec/src/models/bw6/mod.rs +++ b/ec/src/models/bw6/mod.rs @@ -1,5 +1,5 @@ use crate::{ - models::{ModelParameters, SWModelParameters}, + models::{short_weierstrass::SWCurveConfig, CurveConfig}, PairingEngine, }; use ark_ff::fields::{ @@ -27,10 +27,10 @@ pub trait BW6Parameters: 'static + Eq + PartialEq { type Fp: PrimeField + SquareRootField + Into<::BigInt>; type Fp3Config: Fp3Config; type Fp6Config: Fp6Config; - type G1Parameters: SWModelParameters; - type G2Parameters: SWModelParameters< + type G1Parameters: SWCurveConfig; + type G2Parameters: SWCurveConfig< BaseField = Self::Fp, - ScalarField = ::ScalarField, + ScalarField = ::ScalarField, >; } @@ -210,7 +210,7 @@ impl BW6

{ } impl PairingEngine for BW6

{ - type Fr = ::ScalarField; + type Fr = ::ScalarField; type G1Projective = G1Projective

; type G1Affine = G1Affine

; type G1Prepared = G1Prepared

; diff --git a/ec/src/models/mnt4/g1.rs b/ec/src/models/mnt4/g1.rs index 927ec54bf..55f0fc3ff 100644 --- a/ec/src/models/mnt4/g1.rs +++ b/ec/src/models/mnt4/g1.rs @@ -1,12 +1,12 @@ use crate::{ mnt4::MNT4Parameters, - short_weierstrass_jacobian::{GroupAffine, GroupProjective}, + short_weierstrass::{Affine, Projective}, AffineCurve, }; use ark_ff::Fp2; -pub type G1Affine

= GroupAffine<

::G1Parameters>; -pub type G1Projective

= GroupProjective<

::G1Parameters>; +pub type G1Affine

= Affine<

::G1Parameters>; +pub type G1Projective

= Projective<

::G1Parameters>; #[derive(Derivative)] #[derivative( diff --git a/ec/src/models/mnt4/g2.rs b/ec/src/models/mnt4/g2.rs index fabd2b377..031175c5e 100644 --- a/ec/src/models/mnt4/g2.rs +++ b/ec/src/models/mnt4/g2.rs @@ -1,15 +1,15 @@ use crate::{ mnt4::MNT4Parameters, models::mnt4::MNT4, - short_weierstrass_jacobian::{GroupAffine, GroupProjective}, + short_weierstrass::{Affine, Projective}, AffineCurve, }; use ark_ff::fields::{Field, Fp2}; use ark_std::vec::Vec; use num_traits::One; -pub type G2Affine

= GroupAffine<

::G2Parameters>; -pub type G2Projective

= GroupProjective<

::G2Parameters>; +pub type G2Affine

= Affine<

::G2Parameters>; +pub type G2Projective

= Projective<

::G2Parameters>; #[derive(Derivative)] #[derivative( diff --git a/ec/src/models/mnt4/mod.rs b/ec/src/models/mnt4/mod.rs index 5332e73ae..c4c3ba2e6 100644 --- a/ec/src/models/mnt4/mod.rs +++ b/ec/src/models/mnt4/mod.rs @@ -1,5 +1,5 @@ use crate::{ - models::{ModelParameters, SWModelParameters}, + models::{short_weierstrass::SWCurveConfig, CurveConfig}, PairingEngine, }; use ark_ff::{ @@ -34,10 +34,10 @@ pub trait MNT4Parameters: 'static { type Fr: PrimeField + SquareRootField + Into<::BigInt>; type Fp2Config: Fp2Config; type Fp4Config: Fp4Config; - type G1Parameters: SWModelParameters; - type G2Parameters: SWModelParameters< + type G1Parameters: SWCurveConfig; + type G2Parameters: SWCurveConfig< BaseField = Fp2, - ScalarField = ::ScalarField, + ScalarField = ::ScalarField, >; } @@ -189,7 +189,7 @@ impl MNT4

{ } impl PairingEngine for MNT4

{ - type Fr = ::ScalarField; + type Fr = ::ScalarField; type G1Projective = G1Projective

; type G1Affine = G1Affine

; type G1Prepared = G1Prepared

; diff --git a/ec/src/models/mnt6/g1.rs b/ec/src/models/mnt6/g1.rs index a4f87f515..bd1aef20c 100644 --- a/ec/src/models/mnt6/g1.rs +++ b/ec/src/models/mnt6/g1.rs @@ -1,12 +1,12 @@ use crate::{ mnt6::MNT6Parameters, - short_weierstrass_jacobian::{GroupAffine, GroupProjective}, + short_weierstrass::{Affine, Projective}, AffineCurve, }; use ark_ff::Fp3; -pub type G1Affine

= GroupAffine<

::G1Parameters>; -pub type G1Projective

= GroupProjective<

::G1Parameters>; +pub type G1Affine

= Affine<

::G1Parameters>; +pub type G1Projective

= Projective<

::G1Parameters>; #[derive(Derivative)] #[derivative( diff --git a/ec/src/models/mnt6/g2.rs b/ec/src/models/mnt6/g2.rs index 753983219..34fea52ed 100644 --- a/ec/src/models/mnt6/g2.rs +++ b/ec/src/models/mnt6/g2.rs @@ -1,15 +1,15 @@ use crate::{ mnt6::MNT6Parameters, models::mnt6::MNT6, - short_weierstrass_jacobian::{GroupAffine, GroupProjective}, + short_weierstrass::{Affine, Projective}, AffineCurve, }; use ark_ff::fields::{Field, Fp3}; use ark_std::vec::Vec; use num_traits::One; -pub type G2Affine

= GroupAffine<

::G2Parameters>; -pub type G2Projective

= GroupProjective<

::G2Parameters>; +pub type G2Affine

= Affine<

::G2Parameters>; +pub type G2Projective

= Projective<

::G2Parameters>; #[derive(Derivative)] #[derivative( diff --git a/ec/src/models/mnt6/mod.rs b/ec/src/models/mnt6/mod.rs index 111957001..0e5c4b6b3 100644 --- a/ec/src/models/mnt6/mod.rs +++ b/ec/src/models/mnt6/mod.rs @@ -1,5 +1,5 @@ use crate::{ - models::{ModelParameters, SWModelParameters}, + models::{short_weierstrass::SWCurveConfig, CurveConfig}, PairingEngine, }; use ark_ff::{ @@ -34,10 +34,10 @@ pub trait MNT6Parameters: 'static { type Fr: PrimeField + SquareRootField + Into<::BigInt>; type Fp3Config: Fp3Config; type Fp6Config: Fp6Config; - type G1Parameters: SWModelParameters; - type G2Parameters: SWModelParameters< + type G1Parameters: SWCurveConfig; + type G2Parameters: SWCurveConfig< BaseField = Fp3, - ScalarField = ::ScalarField, + ScalarField = ::ScalarField, >; } @@ -195,7 +195,7 @@ impl MNT6

{ } impl PairingEngine for MNT6

{ - type Fr = ::ScalarField; + type Fr = ::ScalarField; type G1Projective = G1Projective

; type G1Affine = G1Affine

; type G1Prepared = G1Prepared

; diff --git a/ec/src/models/mod.rs b/ec/src/models/mod.rs index 264357641..69dc8e117 100644 --- a/ec/src/models/mod.rs +++ b/ec/src/models/mod.rs @@ -1,21 +1,20 @@ -use crate::{AffineCurve, ProjectiveCurve}; -use ark_ff::{Field, PrimeField, SquareRootField, Zero}; +use ark_ff::{Field, PrimeField, SquareRootField}; pub mod bls12; pub mod bn; pub mod bw6; pub mod mnt4; pub mod mnt6; -pub mod short_weierstrass_jacobian; -pub mod twisted_edwards_extended; +pub mod short_weierstrass; +pub mod twisted_edwards; /// Elliptic curves can be represented via different "models" with varying /// efficiency properties. -/// `ModelParameters` bundles together the types that are common +/// `CurveConfig` bundles together the types that are common /// to all models of the given curve, namely the `BaseField` over which the /// curve is defined, and the `ScalarField` defined by the appropriate /// prime-order subgroup of the curve. -pub trait ModelParameters: Send + Sync + Sized + 'static { +pub trait CurveConfig: Send + Sync + Sized + 'static { /// Base field that the curve is defined over. type BaseField: Field + SquareRootField; /// Finite prime field corresponding to an appropriate prime-order subgroup @@ -25,193 +24,3 @@ pub trait ModelParameters: Send + Sync + Sized + 'static { const COFACTOR: &'static [u64]; const COFACTOR_INV: Self::ScalarField; } - -/// Constants and convenience functions that collectively define the [Short Weierstrass model](https://www.hyperelliptic.org/EFD/g1p/auto-shortw.html) -/// of the curve. In this model, the curve equation is `y² = x³ + a * x + b`, -/// for constants `a` and `b`. -pub trait SWModelParameters: ModelParameters { - /// Coefficient `a` of the curve equation. - const COEFF_A: Self::BaseField; - /// Coefficient `b` of the curve equation. - const COEFF_B: Self::BaseField; - /// Coefficients of the base point of the curve - const AFFINE_GENERATOR_COEFFS: (Self::BaseField, Self::BaseField); - - /// Helper method for computing `elem * Self::COEFF_A`. - /// - /// The default implementation should be overridden only if - /// the product can be computed faster than standard field multiplication - /// (eg: via doubling if `COEFF_A == 2`, or if `COEFF_A.is_zero()`). - #[inline(always)] - fn mul_by_a(elem: &Self::BaseField) -> Self::BaseField { - let mut copy = *elem; - copy *= &Self::COEFF_A; - copy - } - - /// Helper method for computing `elem + Self::COEFF_B`. - /// - /// The default implementation should be overridden only if - /// the sum can be computed faster than standard field addition (eg: via - /// doubling). - #[inline(always)] - fn add_b(elem: &Self::BaseField) -> Self::BaseField { - if !Self::COEFF_B.is_zero() { - let mut copy = *elem; - copy += &Self::COEFF_B; - return copy; - } - *elem - } - - /// Check if the provided curve point is in the prime-order subgroup. - /// - /// The default implementation multiplies `item` by the order `r` of the - /// prime-order subgroup, and checks if the result is one. - /// Implementors can choose to override this default impl - /// if the given curve has faster methods - /// for performing this check (for example, via leveraging curve - /// isomorphisms). - fn is_in_correct_subgroup_assuming_on_curve( - item: &short_weierstrass_jacobian::GroupAffine, - ) -> bool { - Self::mul_affine(item, Self::ScalarField::characteristic()).is_zero() - } - - /// Performs cofactor clearing. - /// The default method is simply to multiply by the cofactor. - /// Some curves can implement a more efficient algorithm. - fn clear_cofactor( - item: &short_weierstrass_jacobian::GroupAffine, - ) -> short_weierstrass_jacobian::GroupAffine { - item.mul_by_cofactor() - } - - /// Default implementation of group multiplication for projective - /// coordinates - fn mul_projective( - base: &short_weierstrass_jacobian::GroupProjective, - scalar: &[u64], - ) -> short_weierstrass_jacobian::GroupProjective { - let mut res = short_weierstrass_jacobian::GroupProjective::::zero(); - for b in ark_ff::BitIteratorBE::without_leading_zeros(scalar) { - res.double_in_place(); - if b { - res += base; - } - } - - res - } - - /// Default implementation of group multiplication for affine - /// coordinates. - fn mul_affine( - base: &short_weierstrass_jacobian::GroupAffine, - scalar: &[u64], - ) -> short_weierstrass_jacobian::GroupProjective { - let mut res = short_weierstrass_jacobian::GroupProjective::::zero(); - for b in ark_ff::BitIteratorBE::without_leading_zeros(scalar) { - res.double_in_place(); - if b { - res.add_assign_mixed(base) - } - } - - res - } -} - -/// Constants and convenience functions that collectively define the [Twisted Edwards model](https://www.hyperelliptic.org/EFD/g1p/auto-twisted.html) -/// of the curve. In this model, the curve equation is -/// `a * x² + y² = 1 + d * x² * y²`, for constants `a` and `d`. -pub trait TEModelParameters: ModelParameters { - /// Coefficient `a` of the curve equation. - const COEFF_A: Self::BaseField; - /// Coefficient `d` of the curve equation. - const COEFF_D: Self::BaseField; - /// Coefficients of the base point of the curve - const AFFINE_GENERATOR_COEFFS: (Self::BaseField, Self::BaseField); - - /// Model parameters for the Montgomery curve that is birationally - /// equivalent to this curve. - type MontgomeryModelParameters: MontgomeryModelParameters; - - /// Helper method for computing `elem * Self::COEFF_A`. - /// - /// The default implementation should be overridden only if - /// the product can be computed faster than standard field multiplication - /// (eg: via doubling if `COEFF_A == 2`, or if `COEFF_A.is_zero()`). - #[inline(always)] - fn mul_by_a(elem: &Self::BaseField) -> Self::BaseField { - let mut copy = *elem; - copy *= &Self::COEFF_A; - copy - } - - /// Checks that the current point is in the prime order subgroup given - /// the point on the curve. - fn is_in_correct_subgroup_assuming_on_curve( - item: &twisted_edwards_extended::GroupAffine, - ) -> bool { - Self::mul_affine(item, Self::ScalarField::characteristic()).is_zero() - } - - /// Performs cofactor clearing. - /// The default method is simply to multiply by the cofactor. - /// For some curve families though, it is sufficient to multiply - /// by a smaller scalar. - fn clear_cofactor( - item: &twisted_edwards_extended::GroupAffine, - ) -> twisted_edwards_extended::GroupAffine { - item.mul_by_cofactor() - } - - /// Default implementation of group multiplication for projective - /// coordinates - fn mul_projective( - base: &twisted_edwards_extended::GroupProjective, - scalar: &[u64], - ) -> twisted_edwards_extended::GroupProjective { - let mut res = twisted_edwards_extended::GroupProjective::::zero(); - for b in ark_ff::BitIteratorBE::without_leading_zeros(scalar) { - res.double_in_place(); - if b { - res += base; - } - } - - res - } - - /// Default implementation of group multiplication for affine - /// coordinates - fn mul_affine( - base: &twisted_edwards_extended::GroupAffine, - scalar: &[u64], - ) -> twisted_edwards_extended::GroupProjective { - let mut res = twisted_edwards_extended::GroupProjective::::zero(); - for b in ark_ff::BitIteratorBE::without_leading_zeros(scalar) { - res.double_in_place(); - if b { - res.add_assign_mixed(base) - } - } - - res - } -} - -/// Constants and convenience functions that collectively define the [Montgomery model](https://www.hyperelliptic.org/EFD/g1p/auto-montgom.html) -/// of the curve. In this model, the curve equation is -/// `b * y² = x³ + a * x² + x`, for constants `a` and `b`. -pub trait MontgomeryModelParameters: ModelParameters { - /// Coefficient `a` of the curve equation. - const COEFF_A: Self::BaseField; - /// Coefficient `b` of the curve equation. - const COEFF_B: Self::BaseField; - - /// Model parameters for the Twisted Edwards curve that is birationally - /// equivalent to this curve. - type TEModelParameters: TEModelParameters; -} diff --git a/ec/src/models/short_weierstrass_jacobian.rs b/ec/src/models/short_weierstrass.rs similarity index 73% rename from ec/src/models/short_weierstrass_jacobian.rs rename to ec/src/models/short_weierstrass.rs index 038a0bdc8..a697338a4 100644 --- a/ec/src/models/short_weierstrass_jacobian.rs +++ b/ec/src/models/short_weierstrass.rs @@ -15,9 +15,7 @@ use ark_ff::{ ToConstraintField, UniformRand, }; -use crate::{ - models::SWModelParameters as Parameters, msm::VariableBaseMSM, AffineCurve, ProjectiveCurve, -}; +use crate::{msm::VariableBaseMSM, AffineCurve, ProjectiveCurve}; use num_traits::{One, Zero}; use zeroize::Zeroize; @@ -30,21 +28,107 @@ use ark_std::rand::{ #[cfg(feature = "parallel")] use rayon::prelude::*; +/// Constants and convenience functions that collectively define the [Short Weierstrass model](https://www.hyperelliptic.org/EFD/g1p/auto-shortw.html) +/// of the curve. In this model, the curve equation is `y² = x³ + a * x + b`, +/// for constants `a` and `b`. +pub trait SWCurveConfig: super::CurveConfig { + /// Coefficient `a` of the curve equation. + const COEFF_A: Self::BaseField; + /// Coefficient `b` of the curve equation. + const COEFF_B: Self::BaseField; + /// Coefficients of the base point of the curve + const AFFINE_GENERATOR_COEFFS: (Self::BaseField, Self::BaseField); + + /// Helper method for computing `elem * Self::COEFF_A`. + /// + /// The default implementation should be overridden only if + /// the product can be computed faster than standard field multiplication + /// (eg: via doubling if `COEFF_A == 2`, or if `COEFF_A.is_zero()`). + #[inline(always)] + fn mul_by_a(elem: &Self::BaseField) -> Self::BaseField { + let mut copy = *elem; + copy *= &Self::COEFF_A; + copy + } + + /// Helper method for computing `elem + Self::COEFF_B`. + /// + /// The default implementation should be overridden only if + /// the sum can be computed faster than standard field addition (eg: via + /// doubling). + #[inline(always)] + fn add_b(elem: &Self::BaseField) -> Self::BaseField { + if !Self::COEFF_B.is_zero() { + let mut copy = *elem; + copy += &Self::COEFF_B; + return copy; + } + *elem + } + + /// Check if the provided curve point is in the prime-order subgroup. + /// + /// The default implementation multiplies `item` by the order `r` of the + /// prime-order subgroup, and checks if the result is one. + /// Implementors can choose to override this default impl + /// if the given curve has faster methods + /// for performing this check (for example, via leveraging curve + /// isomorphisms). + fn is_in_correct_subgroup_assuming_on_curve(item: &Affine) -> bool { + Self::mul_affine(item, Self::ScalarField::characteristic()).is_zero() + } + + /// Performs cofactor clearing. + /// The default method is simply to multiply by the cofactor. + /// Some curves can implement a more efficient algorithm. + fn clear_cofactor(item: &Affine) -> Affine { + item.mul_by_cofactor() + } + + /// Default implementation of group multiplication for projective + /// coordinates + fn mul_projective(base: &Projective, scalar: &[u64]) -> Projective { + let mut res = Projective::::zero(); + for b in ark_ff::BitIteratorBE::without_leading_zeros(scalar) { + res.double_in_place(); + if b { + res += base; + } + } + + res + } + + /// Default implementation of group multiplication for affine + /// coordinates. + fn mul_affine(base: &Affine, scalar: &[u64]) -> Projective { + let mut res = Projective::::zero(); + for b in ark_ff::BitIteratorBE::without_leading_zeros(scalar) { + res.double_in_place(); + if b { + res.add_assign_mixed(base) + } + } + + res + } +} + /// Affine coordinates for a point on an elliptic curve in short Weierstrass /// form, over the base field `P::BaseField`. #[derive(Derivative)] #[derivative( - Copy(bound = "P: Parameters"), - Clone(bound = "P: Parameters"), - PartialEq(bound = "P: Parameters"), - Eq(bound = "P: Parameters"), - Debug(bound = "P: Parameters"), - Hash(bound = "P: Parameters") + Copy(bound = "P: SWCurveConfig"), + Clone(bound = "P: SWCurveConfig"), + PartialEq(bound = "P: SWCurveConfig"), + Eq(bound = "P: SWCurveConfig"), + Debug(bound = "P: SWCurveConfig"), + Hash(bound = "P: SWCurveConfig") )] #[must_use] // DISCUSS these shouldn't be public and instead we should have functions // encapsulating the attributes -pub struct GroupAffine { +pub struct Affine { /// X coordinate of the point represented as a field element pub x: P::BaseField, /// Y coordinate of the point represented as a field element @@ -53,31 +137,31 @@ pub struct GroupAffine { pub infinity: bool, } -impl PartialEq> for GroupAffine

{ - fn eq(&self, other: &GroupProjective

) -> bool { +impl PartialEq> for Affine

{ + fn eq(&self, other: &Projective

) -> bool { self.into_projective() == *other } } -impl PartialEq> for GroupProjective

{ - fn eq(&self, other: &GroupAffine

) -> bool { +impl PartialEq> for Projective

{ + fn eq(&self, other: &Affine

) -> bool { *self == other.into_projective() } } -impl Display for GroupAffine

{ +impl Display for Affine

{ fn fmt(&self, f: &mut Formatter<'_>) -> FmtResult { if self.infinity { - write!(f, "GroupAffine(Infinity)") + write!(f, "Affine(Infinity)") } else { - write!(f, "GroupAffine(x={}, y={})", self.x, self.y) + write!(f, "Affine(x={}, y={})", self.x, self.y) } } } -impl GroupAffine

{ +impl Affine

{ // DISCUSS The function shouldn't take infinity as parameter but instead accept - // only `(x,y)` so we have another const function `GroupAffine::infinity` + // only `(x,y)` so we have another const function `Affine::infinity` // that takes no parameters pub fn new(x: P::BaseField, y: P::BaseField, infinity: bool) -> Self { Self { x, y, infinity } @@ -124,7 +208,7 @@ impl GroupAffine

{ } } -impl GroupAffine

{ +impl Affine

{ /// Checks if `self` is in the subgroup having order that equaling that of /// `P::ScalarField`. // DISCUSS Maybe these function names are too verbose? @@ -133,7 +217,7 @@ impl GroupAffine

{ } } -impl Zeroize for GroupAffine

{ +impl Zeroize for Affine

{ // The phantom data does not contain element-specific data // and thus does not need to be zeroized. fn zeroize(&mut self) { @@ -143,7 +227,7 @@ impl Zeroize for GroupAffine

{ } } -impl Zero for GroupAffine

{ +impl Zero for Affine

{ /// Returns the point at infinity. Note that in affine coordinates, /// the point at infinity does not lie on the curve, and this is indicated /// by setting the `infinity` flag to true. @@ -159,7 +243,7 @@ impl Zero for GroupAffine

{ } } -impl Add for GroupAffine

{ +impl Add for Affine

{ type Output = Self; fn add(self, other: Self) -> Self { let mut copy = self; @@ -168,33 +252,33 @@ impl Add for GroupAffine

{ } } -impl<'a, P: Parameters> AddAssign<&'a Self> for GroupAffine

{ +impl<'a, P: SWCurveConfig> AddAssign<&'a Self> for Affine

{ fn add_assign(&mut self, other: &'a Self) { - let mut s_proj = GroupProjective::from(*self); + let mut s_proj = Projective::from(*self); s_proj.add_assign_mixed(other); *self = s_proj.into(); } } -impl Distribution> for Standard { +impl Distribution> for Standard { #[inline] - fn sample(&self, rng: &mut R) -> GroupAffine

{ + fn sample(&self, rng: &mut R) -> Affine

{ loop { let x = P::BaseField::rand(rng); let greatest = rng.gen(); - if let Some(p) = GroupAffine::get_point_from_x(x, greatest) { + if let Some(p) = Affine::get_point_from_x(x, greatest) { return p.mul_by_cofactor(); } } } } -impl AffineCurve for GroupAffine

{ - type Parameters = P; +impl AffineCurve for Affine

{ + type Config = P; type BaseField = P::BaseField; type ScalarField = P::ScalarField; - type Projective = GroupProjective

; + type Projective = Projective

; fn xy(&self) -> (Self::BaseField, Self::BaseField) { (self.x, self.y) @@ -231,7 +315,7 @@ impl AffineCurve for GroupAffine

{ /// resulting projective element. #[must_use] fn mul_by_cofactor_to_projective(&self) -> Self::Projective { - P::mul_affine(self, Self::Parameters::COFACTOR) + P::mul_affine(self, Self::Config::COFACTOR) } /// Performs cofactor clearing. @@ -243,7 +327,7 @@ impl AffineCurve for GroupAffine

{ } } -impl Neg for GroupAffine

{ +impl Neg for Affine

{ type Output = Self; /// If `self.is_zero()`, returns `self` (`== Self::zero()`). @@ -258,23 +342,23 @@ impl Neg for GroupAffine

{ } } -impl Default for GroupAffine

{ +impl Default for Affine

{ #[inline] fn default() -> Self { Self::zero() } } -impl core::iter::Sum for GroupAffine

{ +impl core::iter::Sum for Affine

{ fn sum>(iter: I) -> Self { - iter.fold(GroupProjective::

::zero(), |sum, x| sum.add_mixed(&x)) + iter.fold(Projective::

::zero(), |sum, x| sum.add_mixed(&x)) .into() } } -impl<'a, P: Parameters> core::iter::Sum<&'a Self> for GroupAffine

{ +impl<'a, P: SWCurveConfig> core::iter::Sum<&'a Self> for Affine

{ fn sum>(iter: I) -> Self { - iter.fold(GroupProjective::

::zero(), |sum, x| sum.add_mixed(x)) + iter.fold(Projective::

::zero(), |sum, x| sum.add_mixed(x)) .into() } } @@ -284,12 +368,12 @@ impl<'a, P: Parameters> core::iter::Sum<&'a Self> for GroupAffine

{ /// via the Jacobian formulae #[derive(Derivative)] #[derivative( - Copy(bound = "P: Parameters"), - Clone(bound = "P: Parameters"), - Debug(bound = "P: Parameters") + Copy(bound = "P: SWCurveConfig"), + Clone(bound = "P: SWCurveConfig"), + Debug(bound = "P: SWCurveConfig") )] #[must_use] -pub struct GroupProjective { +pub struct Projective { /// `X / Z` projection of the affine `X` pub x: P::BaseField, /// `Y / Z` projection of the affine `Y` @@ -298,14 +382,14 @@ pub struct GroupProjective { pub z: P::BaseField, } -impl Display for GroupProjective

{ +impl Display for Projective

{ fn fmt(&self, f: &mut Formatter<'_>) -> FmtResult { - write!(f, "{}", GroupAffine::from(*self)) + write!(f, "{}", Affine::from(*self)) } } -impl Eq for GroupProjective

{} -impl PartialEq for GroupProjective

{ +impl Eq for Projective

{} +impl PartialEq for Projective

{ fn eq(&self, other: &Self) -> bool { if self.is_zero() { return other.is_zero(); @@ -329,40 +413,40 @@ impl PartialEq for GroupProjective

{ } } -impl Hash for GroupProjective

{ +impl Hash for Projective

{ fn hash(&self, state: &mut H) { self.into_affine().hash(state) } } -impl Distribution> for Standard { +impl Distribution> for Standard { #[inline] - fn sample(&self, rng: &mut R) -> GroupProjective

{ + fn sample(&self, rng: &mut R) -> Projective

{ loop { let x = P::BaseField::rand(rng); let greatest = rng.gen(); - if let Some(p) = GroupAffine::get_point_from_x(x, greatest) { + if let Some(p) = Affine::get_point_from_x(x, greatest) { return p.mul_by_cofactor_to_projective(); } } } } -impl Default for GroupProjective

{ +impl Default for Projective

{ #[inline] fn default() -> Self { Self::zero() } } -impl GroupProjective

{ +impl Projective

{ pub fn new(x: P::BaseField, y: P::BaseField, z: P::BaseField) -> Self { Self { x, y, z } } } -impl Zeroize for GroupProjective

{ +impl Zeroize for Projective

{ fn zeroize(&mut self) { self.x.zeroize(); self.y.zeroize(); @@ -370,7 +454,7 @@ impl Zeroize for GroupProjective

{ } } -impl Zero for GroupProjective

{ +impl Zero for Projective

{ /// Returns the point at infinity, which always has Z = 0. #[inline] fn zero() -> Self { @@ -388,15 +472,15 @@ impl Zero for GroupProjective

{ } } -impl ProjectiveCurve for GroupProjective

{ - type Parameters = P; +impl ProjectiveCurve for Projective

{ + type Config = P; type BaseField = P::BaseField; type ScalarField = P::ScalarField; - type Affine = GroupAffine

; + type Affine = Affine

; #[inline] fn prime_subgroup_generator() -> Self { - GroupAffine::prime_subgroup_generator().into() + Affine::prime_subgroup_generator().into() } #[inline] @@ -509,7 +593,7 @@ impl ProjectiveCurve for GroupProjective

{ /// When `other.is_normalized()` (i.e., `other.z == 1`), we can use a more /// efficient [formula](http://www.hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html#addition-madd-2007-bl) /// to compute `self + other`. - fn add_assign_mixed(&mut self, other: &GroupAffine

) { + fn add_assign_mixed(&mut self, other: &Affine

) { if other.is_zero() { return; } @@ -582,7 +666,7 @@ impl ProjectiveCurve for GroupProjective

{ } } -impl Neg for GroupProjective

{ +impl Neg for Projective

{ type Output = Self; #[inline] @@ -595,9 +679,9 @@ impl Neg for GroupProjective

{ } } -ark_ff::impl_additive_ops_from_ref!(GroupProjective, Parameters); +ark_ff::impl_additive_ops_from_ref!(Projective, SWCurveConfig); -impl<'a, P: Parameters> Add<&'a Self> for GroupProjective

{ +impl<'a, P: SWCurveConfig> Add<&'a Self> for Projective

{ type Output = Self; #[inline] @@ -607,7 +691,7 @@ impl<'a, P: Parameters> Add<&'a Self> for GroupProjective

{ } } -impl<'a, P: Parameters> AddAssign<&'a Self> for GroupProjective

{ +impl<'a, P: SWCurveConfig> AddAssign<&'a Self> for Projective

{ fn add_assign(&mut self, other: &'a Self) { if self.is_zero() { *self = *other; @@ -672,7 +756,7 @@ impl<'a, P: Parameters> AddAssign<&'a Self> for GroupProjective

{ } } -impl<'a, P: Parameters> Sub<&'a Self> for GroupProjective

{ +impl<'a, P: SWCurveConfig> Sub<&'a Self> for Projective

{ type Output = Self; #[inline] @@ -682,13 +766,13 @@ impl<'a, P: Parameters> Sub<&'a Self> for GroupProjective

{ } } -impl<'a, P: Parameters> SubAssign<&'a Self> for GroupProjective

{ +impl<'a, P: SWCurveConfig> SubAssign<&'a Self> for Projective

{ fn sub_assign(&mut self, other: &'a Self) { *self += &(-(*other)); } } -impl MulAssign for GroupProjective

{ +impl MulAssign for Projective

{ fn mul_assign(&mut self, other: P::ScalarField) { *self = self.mul(other.into_bigint()) } @@ -696,9 +780,9 @@ impl MulAssign for GroupProjective

{ // The affine point X, Y is represented in the Jacobian // coordinates with Z = 1. -impl From> for GroupProjective

{ +impl From> for Projective

{ #[inline] - fn from(p: GroupAffine

) -> GroupProjective

{ + fn from(p: Affine

) -> Projective

{ if p.is_zero() { Self::zero() } else { @@ -709,14 +793,14 @@ impl From> for GroupProjective

{ // The projective point X, Y, Z is represented in the affine // coordinates as X/Z^2, Y/Z^3. -impl From> for GroupAffine

{ +impl From> for Affine

{ #[inline] - fn from(p: GroupProjective

) -> GroupAffine

{ + fn from(p: Projective

) -> Affine

{ if p.is_zero() { - GroupAffine::zero() + Affine::zero() } else if p.z.is_one() { // If Z is one, the point is already normalized. - GroupAffine::new(p.x, p.y, false) + Affine::new(p.x, p.y, false) } else { // Z is nonzero, so it must have an inverse in a field. let zinv = p.z.inverse().unwrap(); @@ -728,12 +812,12 @@ impl From> for GroupAffine

{ // Y/Z^3 let y = p.y * &(zinv_squared * &zinv); - GroupAffine::new(x, y, false) + Affine::new(x, y, false) } } } -impl CanonicalSerialize for GroupAffine

{ +impl CanonicalSerialize for Affine

{ #[allow(unused_qualifications)] #[inline] fn serialize(&self, writer: W) -> Result<(), SerializationError> { @@ -771,35 +855,35 @@ impl CanonicalSerialize for GroupAffine

{ } } -impl CanonicalSerialize for GroupProjective

{ +impl CanonicalSerialize for Projective

{ #[allow(unused_qualifications)] #[inline] fn serialize(&self, writer: W) -> Result<(), SerializationError> { - let aff = GroupAffine::

::from(*self); + let aff = Affine::

::from(*self); aff.serialize(writer) } #[inline] fn serialized_size(&self) -> usize { - let aff = GroupAffine::

::from(*self); + let aff = Affine::

::from(*self); aff.serialized_size() } #[allow(unused_qualifications)] #[inline] fn serialize_uncompressed(&self, writer: W) -> Result<(), SerializationError> { - let aff = GroupAffine::

::from(*self); + let aff = Affine::

::from(*self); aff.serialize_uncompressed(writer) } #[inline] fn uncompressed_size(&self) -> usize { - let aff = GroupAffine::

::from(*self); + let aff = Affine::

::from(*self); aff.uncompressed_size() } } -impl CanonicalDeserialize for GroupAffine

{ +impl CanonicalDeserialize for Affine

{ #[allow(unused_qualifications)] fn deserialize(reader: R) -> Result { let (x, flags): (P::BaseField, SWFlags) = @@ -807,7 +891,7 @@ impl CanonicalDeserialize for GroupAffine

{ if flags.is_infinity() { Ok(Self::zero()) } else { - let p = GroupAffine::

::get_point_from_x(x, flags.is_positive().unwrap()) + let p = Affine::

::get_point_from_x(x, flags.is_positive().unwrap()) .ok_or(SerializationError::InvalidData)?; if !p.is_in_correct_subgroup_assuming_on_curve() { return Err(SerializationError::InvalidData); @@ -833,32 +917,32 @@ impl CanonicalDeserialize for GroupAffine

{ let x: P::BaseField = CanonicalDeserialize::deserialize(&mut reader)?; let (y, flags): (P::BaseField, SWFlags) = CanonicalDeserializeWithFlags::deserialize_with_flags(&mut reader)?; - let p = GroupAffine::

::new(x, y, flags.is_infinity()); + let p = Affine::

::new(x, y, flags.is_infinity()); Ok(p) } } -impl CanonicalDeserialize for GroupProjective

{ +impl CanonicalDeserialize for Projective

{ #[allow(unused_qualifications)] fn deserialize(reader: R) -> Result { - let aff = GroupAffine::

::deserialize(reader)?; + let aff = Affine::

::deserialize(reader)?; Ok(aff.into()) } #[allow(unused_qualifications)] fn deserialize_uncompressed(reader: R) -> Result { - let aff = GroupAffine::

::deserialize_uncompressed(reader)?; + let aff = Affine::

::deserialize_uncompressed(reader)?; Ok(aff.into()) } #[allow(unused_qualifications)] fn deserialize_unchecked(reader: R) -> Result { - let aff = GroupAffine::

::deserialize_unchecked(reader)?; + let aff = Affine::

::deserialize_unchecked(reader)?; Ok(aff.into()) } } -impl ToConstraintField for GroupAffine +impl ToConstraintField for Affine where M::BaseField: ToConstraintField, { @@ -873,18 +957,18 @@ where } } -impl ToConstraintField for GroupProjective +impl ToConstraintField for Projective where M::BaseField: ToConstraintField, { #[inline] fn to_field_elements(&self) -> Option> { - GroupAffine::from(*self).to_field_elements() + Affine::from(*self).to_field_elements() } } -impl VariableBaseMSM for GroupProjective

{ - type MSMBase = GroupAffine

; +impl VariableBaseMSM for Projective

{ + type MSMBase = Affine

; type Scalar = ::ScalarField; diff --git a/ec/src/models/twisted_edwards_extended.rs b/ec/src/models/twisted_edwards.rs similarity index 72% rename from ec/src/models/twisted_edwards_extended.rs rename to ec/src/models/twisted_edwards.rs index 3eca98098..26e271fa8 100644 --- a/ec/src/models/twisted_edwards_extended.rs +++ b/ec/src/models/twisted_edwards.rs @@ -1,8 +1,4 @@ -use crate::{ - models::{MontgomeryModelParameters as MontgomeryParameters, TEModelParameters as Parameters}, - msm::VariableBaseMSM, - AffineCurve, ProjectiveCurve, -}; +use crate::{msm::VariableBaseMSM, AffineCurve, ProjectiveCurve}; use ark_serialize::{ CanonicalDeserialize, CanonicalDeserializeWithFlags, CanonicalSerialize, CanonicalSerializeWithFlags, EdwardsFlags, SerializationError, @@ -29,32 +25,116 @@ use ark_ff::{ #[cfg(feature = "parallel")] use rayon::prelude::*; +/// Constants and convenience functions that collectively define the [Twisted Edwards model](https://www.hyperelliptic.org/EFD/g1p/auto-twisted.html) +/// of the curve. In this model, the curve equation is +/// `a * x² + y² = 1 + d * x² * y²`, for constants `a` and `d`. +pub trait TECurveConfig: super::CurveConfig { + /// Coefficient `a` of the curve equation. + const COEFF_A: Self::BaseField; + /// Coefficient `d` of the curve equation. + const COEFF_D: Self::BaseField; + /// Coefficients of the base point of the curve + const AFFINE_GENERATOR_COEFFS: (Self::BaseField, Self::BaseField); + + /// Model parameters for the Montgomery curve that is birationally + /// equivalent to this curve. + type MontCurveConfig: MontCurveConfig; + + /// Helper method for computing `elem * Self::COEFF_A`. + /// + /// The default implementation should be overridden only if + /// the product can be computed faster than standard field multiplication + /// (eg: via doubling if `COEFF_A == 2`, or if `COEFF_A.is_zero()`). + #[inline(always)] + fn mul_by_a(elem: &Self::BaseField) -> Self::BaseField { + let mut copy = *elem; + copy *= &Self::COEFF_A; + copy + } + + /// Checks that the current point is in the prime order subgroup given + /// the point on the curve. + fn is_in_correct_subgroup_assuming_on_curve(item: &Affine) -> bool { + Self::mul_affine(item, Self::ScalarField::characteristic()).is_zero() + } + + /// Performs cofactor clearing. + /// The default method is simply to multiply by the cofactor. + /// For some curve families though, it is sufficient to multiply + /// by a smaller scalar. + fn clear_cofactor(item: &Affine) -> Affine { + item.mul_by_cofactor() + } + + /// Default implementation of group multiplication for projective + /// coordinates + fn mul_projective(base: &Projective, scalar: &[u64]) -> Projective { + let mut res = Projective::::zero(); + for b in ark_ff::BitIteratorBE::without_leading_zeros(scalar) { + res.double_in_place(); + if b { + res += base; + } + } + + res + } + + /// Default implementation of group multiplication for affine + /// coordinates + fn mul_affine(base: &Affine, scalar: &[u64]) -> Projective { + let mut res = Projective::::zero(); + for b in ark_ff::BitIteratorBE::without_leading_zeros(scalar) { + res.double_in_place(); + if b { + res.add_assign_mixed(base) + } + } + + res + } +} + +/// Constants and convenience functions that collectively define the [Montgomery model](https://www.hyperelliptic.org/EFD/g1p/auto-montgom.html) +/// of the curve. In this model, the curve equation is +/// `b * y² = x³ + a * x² + x`, for constants `a` and `b`. +pub trait MontCurveConfig: super::CurveConfig { + /// Coefficient `a` of the curve equation. + const COEFF_A: Self::BaseField; + /// Coefficient `b` of the curve equation. + const COEFF_B: Self::BaseField; + + /// Model parameters for the Twisted Edwards curve that is birationally + /// equivalent to this curve. + type TECurveConfig: TECurveConfig; +} + /// Affine coordinates for a point on a twisted Edwards curve, over the /// base field `P::BaseField`. #[derive(Derivative)] #[derivative( - Copy(bound = "P: Parameters"), - Clone(bound = "P: Parameters"), - PartialEq(bound = "P: Parameters"), - Eq(bound = "P: Parameters"), - Debug(bound = "P: Parameters"), - Hash(bound = "P: Parameters") + Copy(bound = "P: TECurveConfig"), + Clone(bound = "P: TECurveConfig"), + PartialEq(bound = "P: TECurveConfig"), + Eq(bound = "P: TECurveConfig"), + Debug(bound = "P: TECurveConfig"), + Hash(bound = "P: TECurveConfig") )] #[must_use] -pub struct GroupAffine { +pub struct Affine { /// X coordinate of the point represented as a field element pub x: P::BaseField, /// Y coordinate of the point represented as a field element pub y: P::BaseField, } -impl Display for GroupAffine

{ +impl Display for Affine

{ fn fmt(&self, f: &mut Formatter<'_>) -> FmtResult { - write!(f, "GroupAffine(x={}, y={})", self.x, self.y) + write!(f, "Affine(x={}, y={})", self.x, self.y) } } -impl GroupAffine

{ +impl Affine

{ pub fn new(x: P::BaseField, y: P::BaseField) -> Self { Self { x, y } } @@ -99,7 +179,7 @@ impl GroupAffine

{ } } -impl GroupAffine

{ +impl Affine

{ /// Checks if `self` is in the subgroup having order equaling that of /// `P::ScalarField` given it is on the curve. pub fn is_in_correct_subgroup_assuming_on_curve(&self) -> bool { @@ -107,7 +187,7 @@ impl GroupAffine

{ } } -impl Zero for GroupAffine

{ +impl Zero for Affine

{ fn zero() -> Self { Self::new(P::BaseField::zero(), P::BaseField::one()) } @@ -117,11 +197,11 @@ impl Zero for GroupAffine

{ } } -impl AffineCurve for GroupAffine

{ - type Parameters = P; +impl AffineCurve for Affine

{ + type Config = P; type BaseField = P::BaseField; type ScalarField = P::ScalarField; - type Projective = GroupProjective

; + type Projective = Projective

; fn xy(&self) -> (Self::BaseField, Self::BaseField) { (self.x, self.y) @@ -150,7 +230,7 @@ impl AffineCurve for GroupAffine

{ /// resulting projective element. #[must_use] fn mul_by_cofactor_to_projective(&self) -> Self::Projective { - P::mul_affine(self, Self::Parameters::COFACTOR) + P::mul_affine(self, Self::Config::COFACTOR) } /// Performs cofactor clearing. @@ -162,7 +242,7 @@ impl AffineCurve for GroupAffine

{ } } -impl Zeroize for GroupAffine

{ +impl Zeroize for Affine

{ // The phantom data does not contain element-specific data // and thus does not need to be zeroized. fn zeroize(&mut self) { @@ -171,7 +251,7 @@ impl Zeroize for GroupAffine

{ } } -impl Neg for GroupAffine

{ +impl Neg for Affine

{ type Output = Self; fn neg(self) -> Self { @@ -179,9 +259,9 @@ impl Neg for GroupAffine

{ } } -ark_ff::impl_additive_ops_from_ref!(GroupAffine, Parameters); +ark_ff::impl_additive_ops_from_ref!(Affine, TECurveConfig); -impl<'a, P: Parameters> Add<&'a Self> for GroupAffine

{ +impl<'a, P: TECurveConfig> Add<&'a Self> for Affine

{ type Output = Self; fn add(self, other: &'a Self) -> Self { let mut copy = self; @@ -190,7 +270,7 @@ impl<'a, P: Parameters> Add<&'a Self> for GroupAffine

{ } } -impl<'a, P: Parameters> AddAssign<&'a Self> for GroupAffine

{ +impl<'a, P: TECurveConfig> AddAssign<&'a Self> for Affine

{ fn add_assign(&mut self, other: &'a Self) { let y1y2 = self.y * &other.y; let x1x2 = self.x * &other.x; @@ -207,7 +287,7 @@ impl<'a, P: Parameters> AddAssign<&'a Self> for GroupAffine

{ } } -impl<'a, P: Parameters> Sub<&'a Self> for GroupAffine

{ +impl<'a, P: TECurveConfig> Sub<&'a Self> for Affine

{ type Output = Self; fn sub(self, other: &'a Self) -> Self { let mut copy = self; @@ -216,33 +296,33 @@ impl<'a, P: Parameters> Sub<&'a Self> for GroupAffine

{ } } -impl<'a, P: Parameters> SubAssign<&'a Self> for GroupAffine

{ +impl<'a, P: TECurveConfig> SubAssign<&'a Self> for Affine

{ fn sub_assign(&mut self, other: &'a Self) { *self += &(-(*other)); } } -impl MulAssign for GroupAffine

{ +impl MulAssign for Affine

{ fn mul_assign(&mut self, other: P::ScalarField) { *self = self.mul(other.into_bigint()).into() } } -impl Default for GroupAffine

{ +impl Default for Affine

{ #[inline] fn default() -> Self { Self::zero() } } -impl Distribution> for Standard { +impl Distribution> for Standard { #[inline] - fn sample(&self, rng: &mut R) -> GroupAffine

{ + fn sample(&self, rng: &mut R) -> Affine

{ loop { let y = P::BaseField::rand(rng); let greatest = rng.gen(); - if let Some(p) = GroupAffine::get_point_from_y(y, greatest) { + if let Some(p) = Affine::get_point_from_y(y, greatest) { return p.mul_by_cofactor(); } } @@ -253,7 +333,7 @@ mod group_impl { use super::*; use crate::group::Group; - impl Group for GroupAffine

{ + impl Group for Affine

{ type ScalarField = P::ScalarField; #[inline] @@ -275,45 +355,45 @@ mod group_impl { ////////////////////////////////////////////////////////////////////////////// -/// `GroupProjective` implements Extended Twisted Edwards Coordinates +/// `Projective` implements Extended Twisted Edwards Coordinates /// as described in [\[HKCD08\]](https://eprint.iacr.org/2008/522.pdf). /// /// This implementation uses the unified addition formulae from that paper (see /// Section 3.1). #[derive(Derivative)] #[derivative( - Copy(bound = "P: Parameters"), - Clone(bound = "P: Parameters"), - Eq(bound = "P: Parameters"), - Debug(bound = "P: Parameters") + Copy(bound = "P: TECurveConfig"), + Clone(bound = "P: TECurveConfig"), + Eq(bound = "P: TECurveConfig"), + Debug(bound = "P: TECurveConfig") )] #[must_use] -pub struct GroupProjective { +pub struct Projective { pub x: P::BaseField, pub y: P::BaseField, pub t: P::BaseField, pub z: P::BaseField, } -impl PartialEq> for GroupAffine

{ - fn eq(&self, other: &GroupProjective

) -> bool { +impl PartialEq> for Affine

{ + fn eq(&self, other: &Projective

) -> bool { self.into_projective() == *other } } -impl PartialEq> for GroupProjective

{ - fn eq(&self, other: &GroupAffine

) -> bool { +impl PartialEq> for Projective

{ + fn eq(&self, other: &Affine

) -> bool { *self == other.into_projective() } } -impl Display for GroupProjective

{ +impl Display for Projective

{ fn fmt(&self, f: &mut Formatter<'_>) -> FmtResult { - write!(f, "{}", GroupAffine::from(*self)) + write!(f, "{}", Affine::from(*self)) } } -impl PartialEq for GroupProjective

{ +impl PartialEq for Projective

{ fn eq(&self, other: &Self) -> bool { if self.is_zero() { return other.is_zero(); @@ -328,39 +408,39 @@ impl PartialEq for GroupProjective

{ } } -impl Hash for GroupProjective

{ +impl Hash for Projective

{ fn hash(&self, state: &mut H) { self.into_affine().hash(state) } } -impl Distribution> for Standard { +impl Distribution> for Standard { #[inline] - fn sample(&self, rng: &mut R) -> GroupProjective

{ + fn sample(&self, rng: &mut R) -> Projective

{ loop { let y = P::BaseField::rand(rng); let greatest = rng.gen(); - if let Some(p) = GroupAffine::get_point_from_y(y, greatest) { + if let Some(p) = Affine::get_point_from_y(y, greatest) { return p.mul_by_cofactor_to_projective(); } } } } -impl Default for GroupProjective

{ +impl Default for Projective

{ #[inline] fn default() -> Self { Self::zero() } } -impl GroupProjective

{ +impl Projective

{ pub fn new(x: P::BaseField, y: P::BaseField, t: P::BaseField, z: P::BaseField) -> Self { Self { x, y, t, z } } } -impl Zeroize for GroupProjective

{ +impl Zeroize for Projective

{ // The phantom data does not contain element-specific data // and thus does not need to be zeroized. fn zeroize(&mut self) { @@ -371,7 +451,7 @@ impl Zeroize for GroupProjective

{ } } -impl Zero for GroupProjective

{ +impl Zero for Projective

{ fn zero() -> Self { Self::new( P::BaseField::zero(), @@ -386,14 +466,14 @@ impl Zero for GroupProjective

{ } } -impl ProjectiveCurve for GroupProjective

{ - type Parameters = P; +impl ProjectiveCurve for Projective

{ + type Config = P; type BaseField = P::BaseField; type ScalarField = P::ScalarField; - type Affine = GroupAffine

; + type Affine = Affine

; fn prime_subgroup_generator() -> Self { - GroupAffine::prime_subgroup_generator().into() + Affine::prime_subgroup_generator().into() } fn is_normalized(&self) -> bool { @@ -456,7 +536,7 @@ impl ProjectiveCurve for GroupProjective

{ self } - fn add_assign_mixed(&mut self, other: &GroupAffine

) { + fn add_assign_mixed(&mut self, other: &Affine

) { // See "Twisted Edwards Curves Revisited" // Huseyin Hisil, Kenneth Koon-Ho Wong, Gary Carter, and Ed Dawson // 3.1 Unified Addition in E^e @@ -495,7 +575,7 @@ impl ProjectiveCurve for GroupProjective

{ } } -impl Neg for GroupProjective

{ +impl Neg for Projective

{ type Output = Self; fn neg(mut self) -> Self { self.x = -self.x; @@ -504,9 +584,9 @@ impl Neg for GroupProjective

{ } } -ark_ff::impl_additive_ops_from_ref!(GroupProjective, Parameters); +ark_ff::impl_additive_ops_from_ref!(Projective, TECurveConfig); -impl<'a, P: Parameters> Add<&'a Self> for GroupProjective

{ +impl<'a, P: TECurveConfig> Add<&'a Self> for Projective

{ type Output = Self; fn add(mut self, other: &'a Self) -> Self { self += other; @@ -514,7 +594,7 @@ impl<'a, P: Parameters> Add<&'a Self> for GroupProjective

{ } } -impl<'a, P: Parameters> AddAssign<&'a Self> for GroupProjective

{ +impl<'a, P: TECurveConfig> AddAssign<&'a Self> for Projective

{ fn add_assign(&mut self, other: &'a Self) { // See "Twisted Edwards Curves Revisited" (https://eprint.iacr.org/2008/522.pdf) // by Huseyin Hisil, Kenneth Koon-Ho Wong, Gary Carter, and Ed Dawson @@ -558,7 +638,7 @@ impl<'a, P: Parameters> AddAssign<&'a Self> for GroupProjective

{ } } -impl<'a, P: Parameters> Sub<&'a Self> for GroupProjective

{ +impl<'a, P: TECurveConfig> Sub<&'a Self> for Projective

{ type Output = Self; fn sub(mut self, other: &'a Self) -> Self { self -= other; @@ -566,13 +646,13 @@ impl<'a, P: Parameters> Sub<&'a Self> for GroupProjective

{ } } -impl<'a, P: Parameters> SubAssign<&'a Self> for GroupProjective

{ +impl<'a, P: TECurveConfig> SubAssign<&'a Self> for Projective

{ fn sub_assign(&mut self, other: &'a Self) { *self += &(-(*other)); } } -impl MulAssign for GroupProjective

{ +impl MulAssign for Projective

{ fn mul_assign(&mut self, other: P::ScalarField) { *self = self.mul(other.into_bigint()) } @@ -580,32 +660,32 @@ impl MulAssign for GroupProjective

{ // The affine point (X, Y) is represented in the Extended Projective coordinates // with Z = 1. -impl From> for GroupProjective

{ - fn from(p: GroupAffine

) -> GroupProjective

{ +impl From> for Projective

{ + fn from(p: Affine

) -> Projective

{ Self::new(p.x, p.y, p.x * &p.y, P::BaseField::one()) } } // The projective point X, Y, T, Z is represented in the affine // coordinates as X/Z, Y/Z. -impl From> for GroupAffine

{ - fn from(p: GroupProjective

) -> GroupAffine

{ +impl From> for Affine

{ + fn from(p: Projective

) -> Affine

{ if p.is_zero() { - GroupAffine::zero() + Affine::zero() } else if p.z.is_one() { // If Z is one, the point is already normalized. - GroupAffine::new(p.x, p.y) + Affine::new(p.x, p.y) } else { // Z is nonzero, so it must have an inverse in a field. let z_inv = p.z.inverse().unwrap(); let x = p.x * &z_inv; let y = p.y * &z_inv; - GroupAffine::new(x, y) + Affine::new(x, y) } } } -impl core::str::FromStr for GroupAffine

+impl core::str::FromStr for Affine

where P::BaseField: core::str::FromStr, { @@ -643,31 +723,31 @@ where #[derive(Derivative)] #[derivative( - Copy(bound = "P: MontgomeryParameters"), - Clone(bound = "P: MontgomeryParameters"), - PartialEq(bound = "P: MontgomeryParameters"), - Eq(bound = "P: MontgomeryParameters"), - Debug(bound = "P: MontgomeryParameters"), - Hash(bound = "P: MontgomeryParameters") + Copy(bound = "P: MontCurveConfig"), + Clone(bound = "P: MontCurveConfig"), + PartialEq(bound = "P: MontCurveConfig"), + Eq(bound = "P: MontCurveConfig"), + Debug(bound = "P: MontCurveConfig"), + Hash(bound = "P: MontCurveConfig") )] -pub struct MontgomeryGroupAffine { +pub struct MontgomeryAffine { pub x: P::BaseField, pub y: P::BaseField, } -impl Display for MontgomeryGroupAffine

{ +impl Display for MontgomeryAffine

{ fn fmt(&self, f: &mut Formatter<'_>) -> FmtResult { - write!(f, "MontgomeryGroupAffine(x={}, y={})", self.x, self.y) + write!(f, "MontgomeryAffine(x={}, y={})", self.x, self.y) } } -impl MontgomeryGroupAffine

{ +impl MontgomeryAffine

{ pub fn new(x: P::BaseField, y: P::BaseField) -> Self { Self { x, y } } } -impl CanonicalSerialize for GroupAffine

{ +impl CanonicalSerialize for Affine

{ #[allow(unused_qualifications)] #[inline] fn serialize(&self, writer: W) -> Result<(), SerializationError> { @@ -701,35 +781,35 @@ impl CanonicalSerialize for GroupAffine

{ } } -impl CanonicalSerialize for GroupProjective

{ +impl CanonicalSerialize for Projective

{ #[allow(unused_qualifications)] #[inline] fn serialize(&self, writer: W) -> Result<(), SerializationError> { - let aff = GroupAffine::

::from(*self); + let aff = Affine::

::from(*self); aff.serialize(writer) } #[inline] fn serialized_size(&self) -> usize { - let aff = GroupAffine::

::from(*self); + let aff = Affine::

::from(*self); aff.serialized_size() } #[allow(unused_qualifications)] #[inline] fn serialize_uncompressed(&self, writer: W) -> Result<(), SerializationError> { - let aff = GroupAffine::

::from(*self); + let aff = Affine::

::from(*self); aff.serialize_uncompressed(writer) } #[inline] fn uncompressed_size(&self) -> usize { - let aff = GroupAffine::

::from(*self); + let aff = Affine::

::from(*self); aff.uncompressed_size() } } -impl CanonicalDeserialize for GroupAffine

{ +impl CanonicalDeserialize for Affine

{ #[allow(unused_qualifications)] fn deserialize(mut reader: R) -> Result { let (y, flags): (P::BaseField, EdwardsFlags) = @@ -737,7 +817,7 @@ impl CanonicalDeserialize for GroupAffine

{ if y == P::BaseField::zero() { Ok(Self::zero()) } else { - let p = GroupAffine::

::get_point_from_y(y, flags.is_positive()) + let p = Affine::

::get_point_from_y(y, flags.is_positive()) .ok_or(SerializationError::InvalidData)?; if !p.is_in_correct_subgroup_assuming_on_curve() { return Err(SerializationError::InvalidData); @@ -761,32 +841,32 @@ impl CanonicalDeserialize for GroupAffine

{ let x: P::BaseField = CanonicalDeserialize::deserialize(&mut reader)?; let y: P::BaseField = CanonicalDeserialize::deserialize(&mut reader)?; - let p = GroupAffine::

::new(x, y); + let p = Affine::

::new(x, y); Ok(p) } } -impl CanonicalDeserialize for GroupProjective

{ +impl CanonicalDeserialize for Projective

{ #[allow(unused_qualifications)] fn deserialize(reader: R) -> Result { - let aff = GroupAffine::

::deserialize(reader)?; + let aff = Affine::

::deserialize(reader)?; Ok(aff.into()) } #[allow(unused_qualifications)] fn deserialize_uncompressed(reader: R) -> Result { - let aff = GroupAffine::

::deserialize_uncompressed(reader)?; + let aff = Affine::

::deserialize_uncompressed(reader)?; Ok(aff.into()) } #[allow(unused_qualifications)] fn deserialize_unchecked(reader: R) -> Result { - let aff = GroupAffine::

::deserialize_unchecked(reader)?; + let aff = Affine::

::deserialize_unchecked(reader)?; Ok(aff.into()) } } -impl ToConstraintField for GroupAffine +impl ToConstraintField for Affine where M::BaseField: ToConstraintField, { @@ -799,13 +879,13 @@ where } } -impl ToConstraintField for GroupProjective +impl ToConstraintField for Projective where M::BaseField: ToConstraintField, { #[inline] fn to_field_elements(&self) -> Option> { - GroupAffine::from(*self).to_field_elements() + Affine::from(*self).to_field_elements() } } @@ -813,7 +893,7 @@ where // the methods that are needed for backwards compatibility with the old // serialization format // See Issue #330 -impl GroupAffine

{ +impl Affine

{ /// Attempts to construct an affine point given an x-coordinate. The /// point is not guaranteed to be in the prime order subgroup. /// @@ -887,7 +967,7 @@ impl GroupAffine

{ if x == P::BaseField::zero() { Ok(Self::zero()) } else { - let p = GroupAffine::

::get_point_from_x_old(x, flags.is_positive()) + let p = Affine::

::get_point_from_x_old(x, flags.is_positive()) .ok_or(SerializationError::InvalidData)?; if !p.is_in_correct_subgroup_assuming_on_curve() { return Err(SerializationError::InvalidData); @@ -896,12 +976,12 @@ impl GroupAffine

{ } } } -impl GroupProjective

{ +impl Projective

{ /// This method is implemented for backwards compatibility with the old /// serialization format and will be deprecated and then removed in a /// future version. pub fn serialize_old(&self, writer: W) -> Result<(), SerializationError> { - let aff = GroupAffine::

::from(*self); + let aff = Affine::

::from(*self); aff.serialize_old(writer) } @@ -914,7 +994,7 @@ impl GroupProjective

{ &self, writer: W, ) -> Result<(), SerializationError> { - let aff = GroupAffine::

::from(*self); + let aff = Affine::

::from(*self); aff.serialize_uncompressed(writer) } @@ -923,20 +1003,20 @@ impl GroupProjective

{ /// serialization format and will be deprecated and then removed in a /// future version. pub fn deserialize_uncompressed_old(reader: R) -> Result { - let aff = GroupAffine::

::deserialize_uncompressed(reader)?; + let aff = Affine::

::deserialize_uncompressed(reader)?; Ok(aff.into()) } /// This method is implemented for backwards compatibility with the old /// serialization format and will be deprecated and then removed in a /// future version. pub fn deserialize_old(reader: R) -> Result { - let aff = GroupAffine::

::deserialize_old(reader)?; + let aff = Affine::

::deserialize_old(reader)?; Ok(aff.into()) } } -impl VariableBaseMSM for GroupProjective

{ - type MSMBase = GroupAffine

; +impl VariableBaseMSM for Projective

{ + type MSMBase = Affine

; type Scalar = ::ScalarField; diff --git a/test-curves/src/bls12_381/g1.rs b/test-curves/src/bls12_381/g1.rs index 2ba4efeb0..2a1df17bb 100644 --- a/test-curves/src/bls12_381/g1.rs +++ b/test-curves/src/bls12_381/g1.rs @@ -1,17 +1,17 @@ use crate::bls12_381::*; use ark_ec::{ - models::{ModelParameters, SWModelParameters}, - short_weierstrass_jacobian::*, + models::CurveConfig, + short_weierstrass::{self, *}, }; use ark_ff::{MontFp, Zero}; -pub type G1Affine = GroupAffine; -pub type G1Projective = GroupProjective; +pub type G1Affine = Affine; +pub type G1Projective = Projective; #[derive(Clone, Default, PartialEq, Eq)] pub struct Parameters; -impl ModelParameters for Parameters { +impl CurveConfig for Parameters { type BaseField = Fq; type ScalarField = Fr; @@ -24,7 +24,7 @@ impl ModelParameters for Parameters { const COFACTOR_INV: Fr = MontFp!(Fr, "52435875175126190458656871551744051925719901746859129887267498875565241663483"); } -impl SWModelParameters for Parameters { +impl short_weierstrass::SWCurveConfig for Parameters { /// COEFF_A = 0 const COEFF_A: Fq = MontFp!(Fq, "0"); diff --git a/test-curves/src/bls12_381/g2.rs b/test-curves/src/bls12_381/g2.rs index ff9a73721..7d6484b62 100644 --- a/test-curves/src/bls12_381/g2.rs +++ b/test-curves/src/bls12_381/g2.rs @@ -1,8 +1,8 @@ use crate::bls12_381::*; use ark_ec::{ bls12, - models::{ModelParameters, SWModelParameters}, - short_weierstrass_jacobian::GroupAffine, + models::CurveConfig, + short_weierstrass::{self, Affine}, AffineCurve, }; use ark_ff::{BigInt, Field, MontFp, QuadExt, Zero}; @@ -13,7 +13,7 @@ pub type G2Projective = bls12::G2Projective; #[derive(Clone, Default, PartialEq, Eq)] pub struct Parameters; -impl ModelParameters for Parameters { +impl CurveConfig for Parameters { type BaseField = Fq2; type ScalarField = Fr; @@ -41,7 +41,7 @@ impl ModelParameters for Parameters { ); } -impl SWModelParameters for Parameters { +impl short_weierstrass::SWCurveConfig for Parameters { /// COEFF_A = [0, 0] const COEFF_A: Fq2 = QuadExt!(g1::Parameters::COEFF_A, g1::Parameters::COEFF_A,); @@ -119,7 +119,7 @@ pub const P_POWER_ENDOMORPHISM_COEFF_1: Fq2 = QuadExt!( "1028732146235106349975324479215795277384839936929757896155643118032610843298655225875571310552543014690878354869257") ); -pub fn p_power_endomorphism(p: &GroupAffine) -> GroupAffine { +pub fn p_power_endomorphism(p: &Affine) -> Affine { // The p-power endomorphism for G2 is defined as follows: // 1. Note that G2 is defined on curve E': y^2 = x^3 + 4(u+1). To map a point (x, y) in E' to (s, t) in E, // one set s = x / ((u+1) ^ (1/3)), t = y / ((u+1) ^ (1/2)), because E: y^2 = x^3 + 4. diff --git a/test-curves/src/bls12_381/tests.rs b/test-curves/src/bls12_381/tests.rs index 7defdd9ef..e74aad32c 100644 --- a/test-curves/src/bls12_381/tests.rs +++ b/test-curves/src/bls12_381/tests.rs @@ -1,5 +1,7 @@ #![allow(unused_imports)] -use ark_ec::{models::SWModelParameters, AffineCurve, PairingEngine, ProjectiveCurve}; +use ark_ec::{ + models::short_weierstrass::SWCurveConfig, AffineCurve, PairingEngine, ProjectiveCurve, +}; use ark_ff::{Field, One, SquareRootField, UniformRand, Zero}; use crate::bls12_381::{g1, Fq, Fq2, Fq6, FqConfig, Fr, FrConfig, G1Affine, G1Projective}; diff --git a/test-curves/src/bn384_small_two_adicity/g1.rs b/test-curves/src/bn384_small_two_adicity/g1.rs index 5704db7d2..8223b1992 100644 --- a/test-curves/src/bn384_small_two_adicity/g1.rs +++ b/test-curves/src/bn384_small_two_adicity/g1.rs @@ -1,18 +1,18 @@ use ark_ec::{ - models::{ModelParameters, SWModelParameters}, - short_weierstrass_jacobian::*, + models::CurveConfig, + short_weierstrass::{self, *}, }; use ark_ff::Zero; use crate::bn384_small_two_adicity::{Fq, Fr, FR_ONE}; -pub type G1Affine = GroupAffine; -pub type G1Projective = GroupProjective; +pub type G1Affine = Affine; +pub type G1Projective = Projective; #[derive(Clone, Default, PartialEq, Eq)] pub struct Parameters; -impl ModelParameters for Parameters { +impl CurveConfig for Parameters { type BaseField = Fq; type ScalarField = Fr; @@ -23,7 +23,7 @@ impl ModelParameters for Parameters { const COFACTOR_INV: Fr = FR_ONE; } -impl SWModelParameters for Parameters { +impl short_weierstrass::SWCurveConfig for Parameters { /// COEFF_A = 0 const COEFF_A: Fq = ark_ff::MontFp!(Fq, "0"); diff --git a/test-curves/src/bn384_small_two_adicity/tests.rs b/test-curves/src/bn384_small_two_adicity/tests.rs index 661857977..8cb1b84c1 100644 --- a/test-curves/src/bn384_small_two_adicity/tests.rs +++ b/test-curves/src/bn384_small_two_adicity/tests.rs @@ -1,5 +1,7 @@ #![allow(unused_imports)] -use ark_ec::{models::SWModelParameters, AffineCurve, PairingEngine, ProjectiveCurve}; +use ark_ec::{ + models::short_weierstrass::SWCurveConfig, AffineCurve, PairingEngine, ProjectiveCurve, +}; use ark_ff::{Field, One, SquareRootField, UniformRand, Zero}; use ark_std::{rand::Rng, test_rng}; diff --git a/test-curves/src/mnt4_753/g1.rs b/test-curves/src/mnt4_753/g1.rs index 0af29920d..0955fea53 100644 --- a/test-curves/src/mnt4_753/g1.rs +++ b/test-curves/src/mnt4_753/g1.rs @@ -1,18 +1,18 @@ use ark_ec::{ - models::{ModelParameters, SWModelParameters}, - short_weierstrass_jacobian::*, + models::CurveConfig, + short_weierstrass::{self, *}, }; use ark_ff::MontFp; use crate::mnt4_753::{Fq, Fr, FR_ONE}; -pub type G1Affine = GroupAffine; -pub type G1Projective = GroupProjective; +pub type G1Affine = Affine; +pub type G1Projective = Projective; #[derive(Clone, Default, PartialEq, Eq)] pub struct Parameters; -impl ModelParameters for Parameters { +impl CurveConfig for Parameters { type BaseField = Fq; type ScalarField = Fr; @@ -24,7 +24,7 @@ impl ModelParameters for Parameters { const COFACTOR_INV: Fr = FR_ONE; } -impl SWModelParameters for Parameters { +impl short_weierstrass::SWCurveConfig for Parameters { /// COEFF_A = 2 #[rustfmt::skip] const COEFF_A: Fq = MontFp!(Fq, "2"); diff --git a/test-templates/src/curves.rs b/test-templates/src/curves.rs index d13c9c678..8535b25c4 100644 --- a/test-templates/src/curves.rs +++ b/test-templates/src/curves.rs @@ -1,8 +1,9 @@ #![allow(unused)] use ark_ec::{ - short_weierstrass_jacobian::GroupAffine, twisted_edwards_extended::GroupProjective, - wnaf::WnafContext, AffineCurve, MontgomeryModelParameters, ProjectiveCurve, SWModelParameters, - TEModelParameters, + short_weierstrass::{Affine, SWCurveConfig}, + twisted_edwards::{MontCurveConfig, Projective, TECurveConfig}, + wnaf::WnafContext, + AffineCurve, ProjectiveCurve, }; use ark_ff::{Field, One, PrimeField, UniformRand, Zero}; use ark_serialize::{CanonicalDeserialize, CanonicalSerialize, SWFlags, SerializationError}; @@ -299,22 +300,22 @@ pub fn curve_tests() { random_transformation_test::(); } -pub fn sw_tests() { +pub fn sw_tests() { sw_curve_serialization_test::

(); sw_from_random_bytes::

(); sw_affine_sum_test::

(); sw_cofactor_clearing_test::

(); } -pub fn sw_from_random_bytes() { - use ark_ec::models::short_weierstrass_jacobian::{GroupAffine, GroupProjective}; +pub fn sw_from_random_bytes() { + use ark_ec::models::short_weierstrass::{Affine, Projective}; - let buf_size = GroupAffine::

::zero().serialized_size(); + let buf_size = Affine::

::zero().serialized_size(); let mut rng = ark_std::test_rng(); for _ in 0..ITERATIONS { - let a = GroupProjective::

::rand(&mut rng); + let a = Projective::

::rand(&mut rng); let mut a = a.into_affine(); { let mut serialized = vec![0; buf_size]; @@ -322,22 +323,22 @@ pub fn sw_from_random_bytes() { a.serialize(&mut cursor).unwrap(); let mut cursor = Cursor::new(&serialized[..]); - let p1 = GroupAffine::

::deserialize(&mut cursor).unwrap(); - let p2 = GroupAffine::

::from_random_bytes(&serialized).unwrap(); + let p1 = Affine::

::deserialize(&mut cursor).unwrap(); + let p2 = Affine::

::from_random_bytes(&serialized).unwrap(); assert_eq!(p1, p2); } } } -pub fn sw_curve_serialization_test() { - use ark_ec::models::short_weierstrass_jacobian::{GroupAffine, GroupProjective}; +pub fn sw_curve_serialization_test() { + use ark_ec::models::short_weierstrass::{Affine, Projective}; - let buf_size = GroupAffine::

::zero().serialized_size(); + let buf_size = Affine::

::zero().serialized_size(); let mut rng = ark_std::test_rng(); for _ in 0..ITERATIONS { - let a = GroupProjective::

::rand(&mut rng); + let a = Projective::

::rand(&mut rng); let mut a = a.into_affine(); { let mut serialized = vec![0; buf_size]; @@ -345,7 +346,7 @@ pub fn sw_curve_serialization_test() { a.serialize(&mut cursor).unwrap(); let mut cursor = Cursor::new(&serialized[..]); - let b = GroupAffine::

::deserialize(&mut cursor).unwrap(); + let b = Affine::

::deserialize(&mut cursor).unwrap(); assert_eq!(a, b); } @@ -355,22 +356,22 @@ pub fn sw_curve_serialization_test() { let mut cursor = Cursor::new(&mut serialized[..]); a.serialize(&mut cursor).unwrap(); let mut cursor = Cursor::new(&serialized[..]); - let b = GroupAffine::

::deserialize(&mut cursor).unwrap(); + let b = Affine::

::deserialize(&mut cursor).unwrap(); assert_eq!(a, b); } { - let a = GroupAffine::

::zero(); + let a = Affine::

::zero(); let mut serialized = vec![0; buf_size]; let mut cursor = Cursor::new(&mut serialized[..]); a.serialize(&mut cursor).unwrap(); let mut cursor = Cursor::new(&serialized[..]); - let b = GroupAffine::

::deserialize(&mut cursor).unwrap(); + let b = Affine::

::deserialize(&mut cursor).unwrap(); assert_eq!(a, b); } { - let a = GroupAffine::

::zero(); + let a = Affine::

::zero(); let mut serialized = vec![0; buf_size - 1]; let mut cursor = Cursor::new(&mut serialized[..]); a.serialize(&mut cursor).unwrap_err(); @@ -379,7 +380,7 @@ pub fn sw_curve_serialization_test() { { let serialized = vec![0; buf_size - 1]; let mut cursor = Cursor::new(&serialized[..]); - GroupAffine::

::deserialize(&mut cursor).unwrap_err(); + Affine::

::deserialize(&mut cursor).unwrap_err(); } { @@ -388,7 +389,7 @@ pub fn sw_curve_serialization_test() { a.serialize_uncompressed(&mut cursor).unwrap(); let mut cursor = Cursor::new(&serialized[..]); - let b = GroupAffine::

::deserialize_uncompressed(&mut cursor).unwrap(); + let b = Affine::

::deserialize_uncompressed(&mut cursor).unwrap(); assert_eq!(a, b); } @@ -398,35 +399,35 @@ pub fn sw_curve_serialization_test() { let mut cursor = Cursor::new(&mut serialized[..]); a.serialize_uncompressed(&mut cursor).unwrap(); let mut cursor = Cursor::new(&serialized[..]); - let b = GroupAffine::

::deserialize_uncompressed(&mut cursor).unwrap(); + let b = Affine::

::deserialize_uncompressed(&mut cursor).unwrap(); assert_eq!(a, b); } { - let a = GroupAffine::

::zero(); + let a = Affine::

::zero(); let mut serialized = vec![0; a.uncompressed_size()]; let mut cursor = Cursor::new(&mut serialized[..]); a.serialize_uncompressed(&mut cursor).unwrap(); let mut cursor = Cursor::new(&serialized[..]); - let b = GroupAffine::

::deserialize_uncompressed(&mut cursor).unwrap(); + let b = Affine::

::deserialize_uncompressed(&mut cursor).unwrap(); assert_eq!(a, b); } } } -pub fn sw_affine_sum_test() { - use ark_ec::models::short_weierstrass_jacobian::{GroupAffine, GroupProjective}; +pub fn sw_affine_sum_test() { + use ark_ec::models::short_weierstrass::{Affine, Projective}; let mut rng = ark_std::test_rng(); for _ in 0..ITERATIONS { let mut test_vec = Vec::new(); for _ in 0..10 { - test_vec.push(GroupProjective::

::rand(&mut rng).into_affine()); + test_vec.push(Projective::

::rand(&mut rng).into_affine()); } - let sum_computed: GroupAffine

= test_vec.iter().sum(); - let mut sum_expected = GroupAffine::zero(); + let sum_computed: Affine

= test_vec.iter().sum(); + let mut sum_expected = Affine::zero(); for p in test_vec.iter() { sum_expected += p; } @@ -435,11 +436,11 @@ pub fn sw_affine_sum_test() { } } -fn sw_cofactor_clearing_test() { +fn sw_cofactor_clearing_test() { let mut rng = ark_std::test_rng(); for _ in 0..ITERATIONS { - let a = GroupAffine::

::rand(&mut rng); + let a = Affine::

::rand(&mut rng); let b = a.clear_cofactor(); assert!(b.is_in_correct_subgroup_assuming_on_curve()); } @@ -447,7 +448,7 @@ fn sw_cofactor_clearing_test() { pub fn montgomery_conversion_test

() where - P: TEModelParameters, + P: TECurveConfig, { // A = 2 * (a + d) / (a - d) let a = P::BaseField::one().double() @@ -456,11 +457,11 @@ where // B = 4 / (a - d) let b = P::BaseField::one().double().double() * &(P::COEFF_A - &P::COEFF_D).inverse().unwrap(); - assert_eq!(a, P::MontgomeryModelParameters::COEFF_A); - assert_eq!(b, P::MontgomeryModelParameters::COEFF_B); + assert_eq!(a, P::MontCurveConfig::COEFF_A); + assert_eq!(b, P::MontCurveConfig::COEFF_B); } -pub fn edwards_tests() +pub fn edwards_tests() where P::BaseField: PrimeField, { @@ -469,18 +470,18 @@ where edwards_cofactor_clearing_test::

(); } -pub fn edwards_from_random_bytes() +pub fn edwards_from_random_bytes() where P::BaseField: PrimeField, { - use ark_ec::models::twisted_edwards_extended::{GroupAffine, GroupProjective}; + use ark_ec::models::twisted_edwards::{Affine, Projective}; - let buf_size = GroupAffine::

::zero().serialized_size(); + let buf_size = Affine::

::zero().serialized_size(); let mut rng = ark_std::test_rng(); for _ in 0..ITERATIONS { - let a = GroupProjective::

::rand(&mut rng); + let a = Projective::

::rand(&mut rng); let mut a = a.into_affine(); { let mut serialized = vec![0; buf_size]; @@ -488,15 +489,15 @@ where a.serialize(&mut cursor).unwrap(); let mut cursor = Cursor::new(&serialized[..]); - let p1 = GroupAffine::

::deserialize(&mut cursor).unwrap(); - let p2 = GroupAffine::

::from_random_bytes(&serialized).unwrap(); + let p1 = Affine::

::deserialize(&mut cursor).unwrap(); + let p2 = Affine::

::from_random_bytes(&serialized).unwrap(); assert_eq!(p1, p2); } } for _ in 0..ITERATIONS { let mut biginteger = - < as AffineCurve>::BaseField as PrimeField>::BigInt::rand(&mut rng); + < as AffineCurve>::BaseField as PrimeField>::BigInt::rand(&mut rng); let mut bytes = { let mut result = vec![0u8; biginteger.serialized_size()]; biginteger @@ -504,24 +505,24 @@ where .unwrap(); result }; - let mut g = GroupAffine::

::from_random_bytes(&bytes); + let mut g = Affine::

::from_random_bytes(&bytes); while g.is_none() { bytes.iter_mut().for_each(|i| *i = i.wrapping_sub(1)); - g = GroupAffine::

::from_random_bytes(&bytes); + g = Affine::

::from_random_bytes(&bytes); } let _g = g.unwrap(); } } -pub fn edwards_curve_serialization_test() { - use ark_ec::models::twisted_edwards_extended::{GroupAffine, GroupProjective}; +pub fn edwards_curve_serialization_test() { + use ark_ec::models::twisted_edwards::{Affine, Projective}; - let buf_size = GroupAffine::

::zero().serialized_size(); + let buf_size = Affine::

::zero().serialized_size(); let mut rng = ark_std::test_rng(); for _ in 0..ITERATIONS { - let a = GroupProjective::

::rand(&mut rng); + let a = Projective::

::rand(&mut rng); let a = a.into_affine(); { let mut serialized = vec![0; buf_size]; @@ -529,22 +530,22 @@ pub fn edwards_curve_serialization_test() { a.serialize(&mut cursor).unwrap(); let mut cursor = Cursor::new(&serialized[..]); - let b = GroupAffine::

::deserialize(&mut cursor).unwrap(); + let b = Affine::

::deserialize(&mut cursor).unwrap(); assert_eq!(a, b); } { - let a = GroupAffine::

::zero(); + let a = Affine::

::zero(); let mut serialized = vec![0; buf_size]; let mut cursor = Cursor::new(&mut serialized[..]); a.serialize(&mut cursor).unwrap(); let mut cursor = Cursor::new(&serialized[..]); - let b = GroupAffine::

::deserialize(&mut cursor).unwrap(); + let b = Affine::

::deserialize(&mut cursor).unwrap(); assert_eq!(a, b); } { - let a = GroupAffine::

::zero(); + let a = Affine::

::zero(); let mut serialized = vec![0; buf_size - 1]; let mut cursor = Cursor::new(&mut serialized[..]); a.serialize(&mut cursor).unwrap_err(); @@ -553,7 +554,7 @@ pub fn edwards_curve_serialization_test() { { let serialized = vec![0; buf_size - 1]; let mut cursor = Cursor::new(&serialized[..]); - GroupAffine::

::deserialize(&mut cursor).unwrap_err(); + Affine::

::deserialize(&mut cursor).unwrap_err(); } { @@ -562,27 +563,27 @@ pub fn edwards_curve_serialization_test() { a.serialize_uncompressed(&mut cursor).unwrap(); let mut cursor = Cursor::new(&serialized[..]); - let b = GroupAffine::

::deserialize_uncompressed(&mut cursor).unwrap(); + let b = Affine::

::deserialize_uncompressed(&mut cursor).unwrap(); assert_eq!(a, b); } { - let a = GroupAffine::

::zero(); + let a = Affine::

::zero(); let mut serialized = vec![0; a.uncompressed_size()]; let mut cursor = Cursor::new(&mut serialized[..]); a.serialize_uncompressed(&mut cursor).unwrap(); let mut cursor = Cursor::new(&serialized[..]); - let b = GroupAffine::

::deserialize_uncompressed(&mut cursor).unwrap(); + let b = Affine::

::deserialize_uncompressed(&mut cursor).unwrap(); assert_eq!(a, b); } } } -fn edwards_cofactor_clearing_test() { +fn edwards_cofactor_clearing_test() { let mut rng = ark_std::test_rng(); for _ in 0..ITERATIONS { - let a = GroupProjective::

::rand(&mut rng).into_affine(); + let a = Projective::

::rand(&mut rng).into_affine(); let b = a.clear_cofactor(); assert!(b.is_in_correct_subgroup_assuming_on_curve()); }