From f2efac5111375c1a9313c65fcd731c3b1fe91c61 Mon Sep 17 00:00:00 2001 From: Pratyush Mishra Date: Thu, 7 Jul 2022 10:44:34 -0700 Subject: [PATCH 1/4] Rename model files and struct names --- CHANGELOG.md | 2 +- ec/README.md | 2 +- ec/src/hashing/curve_maps/swu/mod.rs | 8 +- ec/src/hashing/curve_maps/wb/mod.rs | 16 +- ec/src/hashing/tests/mod.rs | 8 +- ec/src/models/bls12/g1.rs | 6 +- ec/src/models/bls12/g2.rs | 6 +- ec/src/models/bn/g1.rs | 6 +- ec/src/models/bn/g2.rs | 6 +- ec/src/models/bw6/g1.rs | 6 +- ec/src/models/bw6/g2.rs | 6 +- ec/src/models/mnt4/g1.rs | 6 +- ec/src/models/mnt4/g2.rs | 6 +- ec/src/models/mnt6/g1.rs | 6 +- ec/src/models/mnt6/g2.rs | 6 +- ec/src/models/mod.rs | 40 ++-- ...trass_jacobian.rs => short_weierstrass.rs} | 152 ++++++++-------- ...edwards_extended.rs => twisted_edwards.rs} | 172 +++++++++--------- test-curves/src/bls12_381/g1.rs | 6 +- test-curves/src/bls12_381/g2.rs | 4 +- test-curves/src/bn384_small_two_adicity/g1.rs | 6 +- test-curves/src/mnt4_753/g1.rs | 6 +- test-templates/src/curves.rs | 88 ++++----- 23 files changed, 285 insertions(+), 285 deletions(-) rename ec/src/models/{short_weierstrass_jacobian.rs => short_weierstrass.rs} (83%) rename ec/src/models/{twisted_edwards_extended.rs => twisted_edwards.rs} (83%) diff --git a/CHANGELOG.md b/CHANGELOG.md index 45417932c..ed50b71e7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -16,7 +16,7 @@ - [\#365](https://github.com/arkworks-rs/algebra/pull/365) (`ark-ec`) - Move `COFACTOR`, `COFACTOR_INV`, and `is_in_correct_subgroup_assuming_on_curve()` from `{SW,TE}ModelParameters` to `ModelParameters`. - Add `mul_bits()` to `AffineCurve` and provide a default implementation of `mul()` using this. - - Remove duplicate function `scale_by_cofactor()` from `short_weierstrass_jacobian::GroupAffine` and `twisted_edwards_extended::GroupAffine` + - Remove duplicate function `scale_by_cofactor()` from `short_weierstrass::GroupAffine` and `twisted_edwards_extended::GroupAffine` - [\#370](https://github.com/arkworks-rs/algebra/pull/370) (all) Set the minimum `rust-version = 1.56` in the manifests of all crates. - [\#379](https://github.com/arkworks-rs/algebra/pull/379) (`ark-ff`) Refactor `Field` implementation and `PrimeField` trait: - Switch from hardcoded `FpXYZ` to `Fp` based on `const` generics. diff --git a/ec/README.md b/ec/README.md index 7f729db7c..e8d6a116d 100644 --- a/ec/README.md +++ b/ec/README.md @@ -19,5 +19,5 @@ The available elliptic curve traits are: The elliptic curve models implemented are: -* [*Short Weierstrass*](https://github.com/arkworks-rs/algebra/blob/master/ec/src/models/short_weierstrass_jacobian.rs) curves. The `AffineCurve` in this case is in typical Short Weierstrass point representation, and the `ProjectiveCurve` is using points in [Jacobian Coordinates](https://en.wikibooks.org/wiki/Cryptography/Prime_Curve/Jacobian_Coordinates). +* [*Short Weierstrass*](https://github.com/arkworks-rs/algebra/blob/master/ec/src/models/short_weierstrass.rs) curves. The `AffineCurve` in this case is in typical Short Weierstrass point representation, and the `ProjectiveCurve` is using points in [Jacobian Coordinates](https://en.wikibooks.org/wiki/Cryptography/Prime_Curve/Jacobian_Coordinates). * [*Twisted Edwards*](https://github.com/arkworks-rs/algebra/blob/master/ec/src/models/twisted_edwards_extended.rs) curves. The `AffineCurve` in this case is in standard Twisted Edwards curve representation, whereas the `ProjectiveCurve` uses points in [Extended Twisted Edwards Coordinates](https://eprint.iacr.org/2008/522.pdf). diff --git a/ec/src/hashing/curve_maps/swu/mod.rs b/ec/src/hashing/curve_maps/swu/mod.rs index 78c886965..2282fd843 100644 --- a/ec/src/hashing/curve_maps/swu/mod.rs +++ b/ec/src/hashing/curve_maps/swu/mod.rs @@ -5,7 +5,7 @@ use core::marker::PhantomData; use crate::{ hashing::{map_to_curve_hasher::MapToCurve, HashToCurveError}, - models::short_weierstrass_jacobian::GroupAffine, + models::short_weierstrass::Affine, }; /// Trait defining the necessary parameters for the SWU hash-to-curve method @@ -40,7 +40,7 @@ pub fn parity(element: &F) -> bool { .map_or(false, |x| x.into_bigint().is_odd()) } -impl MapToCurve> for SWUMap

{ +impl MapToCurve> for SWUMap

{ /// Constructs a new map if `P` represents a valid map. fn new() -> Result { // Verifying that both XI and ZETA are non-squares @@ -81,7 +81,7 @@ impl MapToCurve> for SWUMap

{ /// Map an arbitrary base field element to a curve point. /// Based on /// . - fn map_to_curve(&self, point: P::BaseField) -> Result, HashToCurveError> { + fn map_to_curve(&self, point: P::BaseField) -> Result, HashToCurveError> { // 1. tv1 = inv0(Z^2 * u^4 + Z * u^2) // 2. x1 = (-B / A) * (1 + tv1) // 3. If tv1 == 0, set x1 = B / (Z * A) @@ -165,7 +165,7 @@ impl MapToCurve> for SWUMap

{ let x_affine = num_x / div; let y_affine = if parity(&y) { -y } else { y }; - let point_on_curve = GroupAffine::

::new(x_affine, y_affine, false); + let point_on_curve = Affine::

::new(x_affine, y_affine, false); assert!( point_on_curve.is_on_curve(), "swu mapped to a point off the curve" diff --git a/ec/src/hashing/curve_maps/wb/mod.rs b/ec/src/hashing/curve_maps/wb/mod.rs index b9935ddb3..7961030d6 100644 --- a/ec/src/hashing/curve_maps/wb/mod.rs +++ b/ec/src/hashing/curve_maps/wb/mod.rs @@ -6,7 +6,7 @@ use ark_poly::{univariate::DensePolynomial, DenseUVPolynomial, Polynomial}; use crate::{ hashing::{map_to_curve_hasher::MapToCurve, HashToCurveError}, - models::short_weierstrass_jacobian::GroupAffine, + models::short_weierstrass::Affine, AffineCurve, }; @@ -31,8 +31,8 @@ pub trait WBParams: SWModelParameters + Sized { const PHI_Y_DEN: &'static [BaseField]; fn isogeny_map( - domain_point: GroupAffine, - ) -> Result, HashToCurveError> { + domain_point: Affine, + ) -> Result, HashToCurveError> { let x_num = DensePolynomial::from_coefficients_slice(Self::PHI_X_NOM); let x_den = DensePolynomial::from_coefficients_slice(Self::PHI_X_DEN); @@ -47,7 +47,7 @@ pub trait WBParams: SWModelParameters + Sized { let img_x = x_num.evaluate(&domain_point.x) * v[0]; let img_y = (y_num.evaluate(&domain_point.x) * domain_point.y) * v[1]; - Ok(GroupAffine::new(img_x, img_y, false)) + Ok(Affine::new(img_x, img_y, false)) } } @@ -56,11 +56,11 @@ pub struct WBMap { curve_params: PhantomData P>, } -impl MapToCurve> for WBMap

{ +impl MapToCurve> for WBMap

{ /// Constructs a new map if `P` represents a valid map. fn new() -> Result { // Verifying that the isogeny maps the generator of the SWU curve into us - let isogenous_curve_generator = GroupAffine::::new( + let isogenous_curve_generator = Affine::::new( P::IsogenousCurve::AFFINE_GENERATOR_COEFFS.0, P::IsogenousCurve::AFFINE_GENERATOR_COEFFS.1, false, @@ -86,8 +86,8 @@ impl MapToCurve> for WBMap

{ /// fn map_to_curve( &self, - element: as AffineCurve>::BaseField, - ) -> Result, HashToCurveError> { + element: as AffineCurve>::BaseField, + ) -> Result, HashToCurveError> { // first we need to map the field point to the isogenous curve let point_on_isogenious_curve = self.swu_field_curve_hasher.map_to_curve(element).unwrap(); P::isogeny_map(point_on_isogenious_curve) diff --git a/ec/src/hashing/tests/mod.rs b/ec/src/hashing/tests/mod.rs index 83df44019..5d5ef9302 100644 --- a/ec/src/hashing/tests/mod.rs +++ b/ec/src/hashing/tests/mod.rs @@ -8,7 +8,7 @@ use crate::{ map_to_curve_hasher::{MapToCurve, MapToCurveBasedHasher}, }, models::SWModelParameters, - short_weierstrass_jacobian::GroupAffine, + short_weierstrass::Affine, ModelParameters, }; use ark_ff::field_hashers::DefaultFieldHasher; @@ -126,7 +126,7 @@ fn checking_the_hashing_parameters() { #[test] fn hash_arbitary_string_to_curve_swu() { let test_swu_to_curve_hasher = MapToCurveBasedHasher::< - GroupAffine, + Affine, DefaultFieldHasher, SWUMap, >::new(&[1]) @@ -147,7 +147,7 @@ fn hash_arbitary_string_to_curve_swu() { fn map_field_to_curve_swu() { let test_map_to_curve = SWUMap::::new().unwrap(); - let mut map_range: Vec> = vec![]; + let mut map_range: Vec> = vec![]; for current_field_element in 0..127 { map_range.push( test_map_to_curve @@ -347,7 +347,7 @@ impl WBParams for TestWBF127MapToCurveParams { #[test] fn hash_arbitary_string_to_curve_wb() { let test_wb_to_curve_hasher = MapToCurveBasedHasher::< - GroupAffine, + Affine, DefaultFieldHasher, WBMap, >::new(&[1]) diff --git a/ec/src/models/bls12/g1.rs b/ec/src/models/bls12/g1.rs index 21a4ba43d..8375ca173 100644 --- a/ec/src/models/bls12/g1.rs +++ b/ec/src/models/bls12/g1.rs @@ -1,12 +1,12 @@ use crate::{ bls12::Bls12Parameters, - short_weierstrass_jacobian::{GroupAffine, GroupProjective}, + short_weierstrass::{Affine, Projective}, AffineCurve, }; use num_traits::Zero; -pub type G1Affine

= GroupAffine<

::G1Parameters>; -pub type G1Projective

= GroupProjective<

::G1Parameters>; +pub type G1Affine

= Affine<

::G1Parameters>; +pub type G1Projective

= Projective<

::G1Parameters>; #[derive(Derivative)] #[derivative( diff --git a/ec/src/models/bls12/g2.rs b/ec/src/models/bls12/g2.rs index fd2007313..85d1c92c2 100644 --- a/ec/src/models/bls12/g2.rs +++ b/ec/src/models/bls12/g2.rs @@ -7,12 +7,12 @@ use num_traits::{One, Zero}; use crate::{ bls12::{Bls12Parameters, TwistType}, models::SWModelParameters, - short_weierstrass_jacobian::{GroupAffine, GroupProjective}, + short_weierstrass::{Affine, Projective}, AffineCurve, }; -pub type G2Affine

= GroupAffine<

::G2Parameters>; -pub type G2Projective

= GroupProjective<

::G2Parameters>; +pub type G2Affine

= Affine<

::G2Parameters>; +pub type G2Projective

= Projective<

::G2Parameters>; #[derive(Derivative)] #[derivative( diff --git a/ec/src/models/bn/g1.rs b/ec/src/models/bn/g1.rs index cfcbbd9c4..e60f0d87d 100644 --- a/ec/src/models/bn/g1.rs +++ b/ec/src/models/bn/g1.rs @@ -1,12 +1,12 @@ use crate::{ bn::BnParameters, - short_weierstrass_jacobian::{GroupAffine, GroupProjective}, + short_weierstrass::{Affine, Projective}, AffineCurve, }; use num_traits::Zero; -pub type G1Affine

= GroupAffine<

::G1Parameters>; -pub type G1Projective

= GroupProjective<

::G1Parameters>; +pub type G1Affine

= Affine<

::G1Parameters>; +pub type G1Projective

= Projective<

::G1Parameters>; #[derive(Derivative)] #[derivative( diff --git a/ec/src/models/bn/g2.rs b/ec/src/models/bn/g2.rs index fa88249df..bd71556a1 100644 --- a/ec/src/models/bn/g2.rs +++ b/ec/src/models/bn/g2.rs @@ -7,12 +7,12 @@ use num_traits::{One, Zero}; use crate::{ bn::{BnParameters, TwistType}, models::SWModelParameters, - short_weierstrass_jacobian::{GroupAffine, GroupProjective}, + short_weierstrass::{Affine, Projective}, AffineCurve, }; -pub type G2Affine

= GroupAffine<

::G2Parameters>; -pub type G2Projective

= GroupProjective<

::G2Parameters>; +pub type G2Affine

= Affine<

::G2Parameters>; +pub type G2Projective

= Projective<

::G2Parameters>; #[derive(Derivative)] #[derivative( diff --git a/ec/src/models/bw6/g1.rs b/ec/src/models/bw6/g1.rs index fae95210b..ff8306465 100644 --- a/ec/src/models/bw6/g1.rs +++ b/ec/src/models/bw6/g1.rs @@ -1,12 +1,12 @@ use crate::{ bw6::BW6Parameters, - short_weierstrass_jacobian::{GroupAffine, GroupProjective}, + short_weierstrass::{Affine, Projective}, AffineCurve, }; use num_traits::Zero; -pub type G1Affine

= GroupAffine<

::G1Parameters>; -pub type G1Projective

= GroupProjective<

::G1Parameters>; +pub type G1Affine

= Affine<

::G1Parameters>; +pub type G1Projective

= Projective<

::G1Parameters>; #[derive(Derivative)] #[derivative( diff --git a/ec/src/models/bw6/g2.rs b/ec/src/models/bw6/g2.rs index 47e557b39..d53850f9f 100644 --- a/ec/src/models/bw6/g2.rs +++ b/ec/src/models/bw6/g2.rs @@ -7,12 +7,12 @@ use num_traits::{One, Zero}; use crate::{ bw6::{BW6Parameters, TwistType}, models::SWModelParameters, - short_weierstrass_jacobian::{GroupAffine, GroupProjective}, + short_weierstrass::{Affine, Projective}, AffineCurve, }; -pub type G2Affine

= GroupAffine<

::G2Parameters>; -pub type G2Projective

= GroupProjective<

::G2Parameters>; +pub type G2Affine

= Affine<

::G2Parameters>; +pub type G2Projective

= Projective<

::G2Parameters>; #[derive(Derivative)] #[derivative( diff --git a/ec/src/models/mnt4/g1.rs b/ec/src/models/mnt4/g1.rs index 927ec54bf..55f0fc3ff 100644 --- a/ec/src/models/mnt4/g1.rs +++ b/ec/src/models/mnt4/g1.rs @@ -1,12 +1,12 @@ use crate::{ mnt4::MNT4Parameters, - short_weierstrass_jacobian::{GroupAffine, GroupProjective}, + short_weierstrass::{Affine, Projective}, AffineCurve, }; use ark_ff::Fp2; -pub type G1Affine

= GroupAffine<

::G1Parameters>; -pub type G1Projective

= GroupProjective<

::G1Parameters>; +pub type G1Affine

= Affine<

::G1Parameters>; +pub type G1Projective

= Projective<

::G1Parameters>; #[derive(Derivative)] #[derivative( diff --git a/ec/src/models/mnt4/g2.rs b/ec/src/models/mnt4/g2.rs index fabd2b377..031175c5e 100644 --- a/ec/src/models/mnt4/g2.rs +++ b/ec/src/models/mnt4/g2.rs @@ -1,15 +1,15 @@ use crate::{ mnt4::MNT4Parameters, models::mnt4::MNT4, - short_weierstrass_jacobian::{GroupAffine, GroupProjective}, + short_weierstrass::{Affine, Projective}, AffineCurve, }; use ark_ff::fields::{Field, Fp2}; use ark_std::vec::Vec; use num_traits::One; -pub type G2Affine

= GroupAffine<

::G2Parameters>; -pub type G2Projective

= GroupProjective<

::G2Parameters>; +pub type G2Affine

= Affine<

::G2Parameters>; +pub type G2Projective

= Projective<

::G2Parameters>; #[derive(Derivative)] #[derivative( diff --git a/ec/src/models/mnt6/g1.rs b/ec/src/models/mnt6/g1.rs index a4f87f515..bd1aef20c 100644 --- a/ec/src/models/mnt6/g1.rs +++ b/ec/src/models/mnt6/g1.rs @@ -1,12 +1,12 @@ use crate::{ mnt6::MNT6Parameters, - short_weierstrass_jacobian::{GroupAffine, GroupProjective}, + short_weierstrass::{Affine, Projective}, AffineCurve, }; use ark_ff::Fp3; -pub type G1Affine

= GroupAffine<

::G1Parameters>; -pub type G1Projective

= GroupProjective<

::G1Parameters>; +pub type G1Affine

= Affine<

::G1Parameters>; +pub type G1Projective

= Projective<

::G1Parameters>; #[derive(Derivative)] #[derivative( diff --git a/ec/src/models/mnt6/g2.rs b/ec/src/models/mnt6/g2.rs index 753983219..34fea52ed 100644 --- a/ec/src/models/mnt6/g2.rs +++ b/ec/src/models/mnt6/g2.rs @@ -1,15 +1,15 @@ use crate::{ mnt6::MNT6Parameters, models::mnt6::MNT6, - short_weierstrass_jacobian::{GroupAffine, GroupProjective}, + short_weierstrass::{Affine, Projective}, AffineCurve, }; use ark_ff::fields::{Field, Fp3}; use ark_std::vec::Vec; use num_traits::One; -pub type G2Affine

= GroupAffine<

::G2Parameters>; -pub type G2Projective

= GroupProjective<

::G2Parameters>; +pub type G2Affine

= Affine<

::G2Parameters>; +pub type G2Projective

= Projective<

::G2Parameters>; #[derive(Derivative)] #[derivative( diff --git a/ec/src/models/mod.rs b/ec/src/models/mod.rs index 264357641..a9f943069 100644 --- a/ec/src/models/mod.rs +++ b/ec/src/models/mod.rs @@ -6,8 +6,8 @@ pub mod bn; pub mod bw6; pub mod mnt4; pub mod mnt6; -pub mod short_weierstrass_jacobian; -pub mod twisted_edwards_extended; +pub mod short_weierstrass; +pub mod twisted_edwards; /// Elliptic curves can be represented via different "models" with varying /// efficiency properties. @@ -73,7 +73,7 @@ pub trait SWModelParameters: ModelParameters { /// for performing this check (for example, via leveraging curve /// isomorphisms). fn is_in_correct_subgroup_assuming_on_curve( - item: &short_weierstrass_jacobian::GroupAffine, + item: &short_weierstrass::Affine, ) -> bool { Self::mul_affine(item, Self::ScalarField::characteristic()).is_zero() } @@ -82,18 +82,18 @@ pub trait SWModelParameters: ModelParameters { /// The default method is simply to multiply by the cofactor. /// Some curves can implement a more efficient algorithm. fn clear_cofactor( - item: &short_weierstrass_jacobian::GroupAffine, - ) -> short_weierstrass_jacobian::GroupAffine { + item: &short_weierstrass::Affine, + ) -> short_weierstrass::Affine { item.mul_by_cofactor() } /// Default implementation of group multiplication for projective /// coordinates fn mul_projective( - base: &short_weierstrass_jacobian::GroupProjective, + base: &short_weierstrass::Projective, scalar: &[u64], - ) -> short_weierstrass_jacobian::GroupProjective { - let mut res = short_weierstrass_jacobian::GroupProjective::::zero(); + ) -> short_weierstrass::Projective { + let mut res = short_weierstrass::Projective::::zero(); for b in ark_ff::BitIteratorBE::without_leading_zeros(scalar) { res.double_in_place(); if b { @@ -107,10 +107,10 @@ pub trait SWModelParameters: ModelParameters { /// Default implementation of group multiplication for affine /// coordinates. fn mul_affine( - base: &short_weierstrass_jacobian::GroupAffine, + base: &short_weierstrass::Affine, scalar: &[u64], - ) -> short_weierstrass_jacobian::GroupProjective { - let mut res = short_weierstrass_jacobian::GroupProjective::::zero(); + ) -> short_weierstrass::Projective { + let mut res = short_weierstrass::Projective::::zero(); for b in ark_ff::BitIteratorBE::without_leading_zeros(scalar) { res.double_in_place(); if b { @@ -152,7 +152,7 @@ pub trait TEModelParameters: ModelParameters { /// Checks that the current point is in the prime order subgroup given /// the point on the curve. fn is_in_correct_subgroup_assuming_on_curve( - item: &twisted_edwards_extended::GroupAffine, + item: &twisted_edwards::Affine, ) -> bool { Self::mul_affine(item, Self::ScalarField::characteristic()).is_zero() } @@ -162,18 +162,18 @@ pub trait TEModelParameters: ModelParameters { /// For some curve families though, it is sufficient to multiply /// by a smaller scalar. fn clear_cofactor( - item: &twisted_edwards_extended::GroupAffine, - ) -> twisted_edwards_extended::GroupAffine { + item: &twisted_edwards::Affine, + ) -> twisted_edwards::Affine { item.mul_by_cofactor() } /// Default implementation of group multiplication for projective /// coordinates fn mul_projective( - base: &twisted_edwards_extended::GroupProjective, + base: &twisted_edwards::Projective, scalar: &[u64], - ) -> twisted_edwards_extended::GroupProjective { - let mut res = twisted_edwards_extended::GroupProjective::::zero(); + ) -> twisted_edwards::Projective { + let mut res = twisted_edwards::Projective::::zero(); for b in ark_ff::BitIteratorBE::without_leading_zeros(scalar) { res.double_in_place(); if b { @@ -187,10 +187,10 @@ pub trait TEModelParameters: ModelParameters { /// Default implementation of group multiplication for affine /// coordinates fn mul_affine( - base: &twisted_edwards_extended::GroupAffine, + base: &twisted_edwards::Affine, scalar: &[u64], - ) -> twisted_edwards_extended::GroupProjective { - let mut res = twisted_edwards_extended::GroupProjective::::zero(); + ) -> twisted_edwards::Projective { + let mut res = twisted_edwards::Projective::::zero(); for b in ark_ff::BitIteratorBE::without_leading_zeros(scalar) { res.double_in_place(); if b { diff --git a/ec/src/models/short_weierstrass_jacobian.rs b/ec/src/models/short_weierstrass.rs similarity index 83% rename from ec/src/models/short_weierstrass_jacobian.rs rename to ec/src/models/short_weierstrass.rs index 038a0bdc8..4ee5ea2e5 100644 --- a/ec/src/models/short_weierstrass_jacobian.rs +++ b/ec/src/models/short_weierstrass.rs @@ -44,7 +44,7 @@ use rayon::prelude::*; #[must_use] // DISCUSS these shouldn't be public and instead we should have functions // encapsulating the attributes -pub struct GroupAffine { +pub struct Affine { /// X coordinate of the point represented as a field element pub x: P::BaseField, /// Y coordinate of the point represented as a field element @@ -53,31 +53,31 @@ pub struct GroupAffine { pub infinity: bool, } -impl PartialEq> for GroupAffine

{ - fn eq(&self, other: &GroupProjective

) -> bool { +impl PartialEq> for Affine

{ + fn eq(&self, other: &Projective

) -> bool { self.into_projective() == *other } } -impl PartialEq> for GroupProjective

{ - fn eq(&self, other: &GroupAffine

) -> bool { +impl PartialEq> for Projective

{ + fn eq(&self, other: &Affine

) -> bool { *self == other.into_projective() } } -impl Display for GroupAffine

{ +impl Display for Affine

{ fn fmt(&self, f: &mut Formatter<'_>) -> FmtResult { if self.infinity { - write!(f, "GroupAffine(Infinity)") + write!(f, "Affine(Infinity)") } else { - write!(f, "GroupAffine(x={}, y={})", self.x, self.y) + write!(f, "Affine(x={}, y={})", self.x, self.y) } } } -impl GroupAffine

{ +impl Affine

{ // DISCUSS The function shouldn't take infinity as parameter but instead accept - // only `(x,y)` so we have another const function `GroupAffine::infinity` + // only `(x,y)` so we have another const function `Affine::infinity` // that takes no parameters pub fn new(x: P::BaseField, y: P::BaseField, infinity: bool) -> Self { Self { x, y, infinity } @@ -124,7 +124,7 @@ impl GroupAffine

{ } } -impl GroupAffine

{ +impl Affine

{ /// Checks if `self` is in the subgroup having order that equaling that of /// `P::ScalarField`. // DISCUSS Maybe these function names are too verbose? @@ -133,7 +133,7 @@ impl GroupAffine

{ } } -impl Zeroize for GroupAffine

{ +impl Zeroize for Affine

{ // The phantom data does not contain element-specific data // and thus does not need to be zeroized. fn zeroize(&mut self) { @@ -143,7 +143,7 @@ impl Zeroize for GroupAffine

{ } } -impl Zero for GroupAffine

{ +impl Zero for Affine

{ /// Returns the point at infinity. Note that in affine coordinates, /// the point at infinity does not lie on the curve, and this is indicated /// by setting the `infinity` flag to true. @@ -159,7 +159,7 @@ impl Zero for GroupAffine

{ } } -impl Add for GroupAffine

{ +impl Add for Affine

{ type Output = Self; fn add(self, other: Self) -> Self { let mut copy = self; @@ -168,33 +168,33 @@ impl Add for GroupAffine

{ } } -impl<'a, P: Parameters> AddAssign<&'a Self> for GroupAffine

{ +impl<'a, P: Parameters> AddAssign<&'a Self> for Affine

{ fn add_assign(&mut self, other: &'a Self) { - let mut s_proj = GroupProjective::from(*self); + let mut s_proj = Projective::from(*self); s_proj.add_assign_mixed(other); *self = s_proj.into(); } } -impl Distribution> for Standard { +impl Distribution> for Standard { #[inline] - fn sample(&self, rng: &mut R) -> GroupAffine

{ + fn sample(&self, rng: &mut R) -> Affine

{ loop { let x = P::BaseField::rand(rng); let greatest = rng.gen(); - if let Some(p) = GroupAffine::get_point_from_x(x, greatest) { + if let Some(p) = Affine::get_point_from_x(x, greatest) { return p.mul_by_cofactor(); } } } } -impl AffineCurve for GroupAffine

{ +impl AffineCurve for Affine

{ type Parameters = P; type BaseField = P::BaseField; type ScalarField = P::ScalarField; - type Projective = GroupProjective

; + type Projective = Projective

; fn xy(&self) -> (Self::BaseField, Self::BaseField) { (self.x, self.y) @@ -243,7 +243,7 @@ impl AffineCurve for GroupAffine

{ } } -impl Neg for GroupAffine

{ +impl Neg for Affine

{ type Output = Self; /// If `self.is_zero()`, returns `self` (`== Self::zero()`). @@ -258,23 +258,23 @@ impl Neg for GroupAffine

{ } } -impl Default for GroupAffine

{ +impl Default for Affine

{ #[inline] fn default() -> Self { Self::zero() } } -impl core::iter::Sum for GroupAffine

{ +impl core::iter::Sum for Affine

{ fn sum>(iter: I) -> Self { - iter.fold(GroupProjective::

::zero(), |sum, x| sum.add_mixed(&x)) + iter.fold(Projective::

::zero(), |sum, x| sum.add_mixed(&x)) .into() } } -impl<'a, P: Parameters> core::iter::Sum<&'a Self> for GroupAffine

{ +impl<'a, P: Parameters> core::iter::Sum<&'a Self> for Affine

{ fn sum>(iter: I) -> Self { - iter.fold(GroupProjective::

::zero(), |sum, x| sum.add_mixed(x)) + iter.fold(Projective::

::zero(), |sum, x| sum.add_mixed(x)) .into() } } @@ -289,7 +289,7 @@ impl<'a, P: Parameters> core::iter::Sum<&'a Self> for GroupAffine

{ Debug(bound = "P: Parameters") )] #[must_use] -pub struct GroupProjective { +pub struct Projective { /// `X / Z` projection of the affine `X` pub x: P::BaseField, /// `Y / Z` projection of the affine `Y` @@ -298,14 +298,14 @@ pub struct GroupProjective { pub z: P::BaseField, } -impl Display for GroupProjective

{ +impl Display for Projective

{ fn fmt(&self, f: &mut Formatter<'_>) -> FmtResult { - write!(f, "{}", GroupAffine::from(*self)) + write!(f, "{}", Affine::from(*self)) } } -impl Eq for GroupProjective

{} -impl PartialEq for GroupProjective

{ +impl Eq for Projective

{} +impl PartialEq for Projective

{ fn eq(&self, other: &Self) -> bool { if self.is_zero() { return other.is_zero(); @@ -329,40 +329,40 @@ impl PartialEq for GroupProjective

{ } } -impl Hash for GroupProjective

{ +impl Hash for Projective

{ fn hash(&self, state: &mut H) { self.into_affine().hash(state) } } -impl Distribution> for Standard { +impl Distribution> for Standard { #[inline] - fn sample(&self, rng: &mut R) -> GroupProjective

{ + fn sample(&self, rng: &mut R) -> Projective

{ loop { let x = P::BaseField::rand(rng); let greatest = rng.gen(); - if let Some(p) = GroupAffine::get_point_from_x(x, greatest) { + if let Some(p) = Affine::get_point_from_x(x, greatest) { return p.mul_by_cofactor_to_projective(); } } } } -impl Default for GroupProjective

{ +impl Default for Projective

{ #[inline] fn default() -> Self { Self::zero() } } -impl GroupProjective

{ +impl Projective

{ pub fn new(x: P::BaseField, y: P::BaseField, z: P::BaseField) -> Self { Self { x, y, z } } } -impl Zeroize for GroupProjective

{ +impl Zeroize for Projective

{ fn zeroize(&mut self) { self.x.zeroize(); self.y.zeroize(); @@ -370,7 +370,7 @@ impl Zeroize for GroupProjective

{ } } -impl Zero for GroupProjective

{ +impl Zero for Projective

{ /// Returns the point at infinity, which always has Z = 0. #[inline] fn zero() -> Self { @@ -388,15 +388,15 @@ impl Zero for GroupProjective

{ } } -impl ProjectiveCurve for GroupProjective

{ +impl ProjectiveCurve for Projective

{ type Parameters = P; type BaseField = P::BaseField; type ScalarField = P::ScalarField; - type Affine = GroupAffine

; + type Affine = Affine

; #[inline] fn prime_subgroup_generator() -> Self { - GroupAffine::prime_subgroup_generator().into() + Affine::prime_subgroup_generator().into() } #[inline] @@ -509,7 +509,7 @@ impl ProjectiveCurve for GroupProjective

{ /// When `other.is_normalized()` (i.e., `other.z == 1`), we can use a more /// efficient [formula](http://www.hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html#addition-madd-2007-bl) /// to compute `self + other`. - fn add_assign_mixed(&mut self, other: &GroupAffine

) { + fn add_assign_mixed(&mut self, other: &Affine

) { if other.is_zero() { return; } @@ -582,7 +582,7 @@ impl ProjectiveCurve for GroupProjective

{ } } -impl Neg for GroupProjective

{ +impl Neg for Projective

{ type Output = Self; #[inline] @@ -595,9 +595,9 @@ impl Neg for GroupProjective

{ } } -ark_ff::impl_additive_ops_from_ref!(GroupProjective, Parameters); +ark_ff::impl_additive_ops_from_ref!(Projective, Parameters); -impl<'a, P: Parameters> Add<&'a Self> for GroupProjective

{ +impl<'a, P: Parameters> Add<&'a Self> for Projective

{ type Output = Self; #[inline] @@ -607,7 +607,7 @@ impl<'a, P: Parameters> Add<&'a Self> for GroupProjective

{ } } -impl<'a, P: Parameters> AddAssign<&'a Self> for GroupProjective

{ +impl<'a, P: Parameters> AddAssign<&'a Self> for Projective

{ fn add_assign(&mut self, other: &'a Self) { if self.is_zero() { *self = *other; @@ -672,7 +672,7 @@ impl<'a, P: Parameters> AddAssign<&'a Self> for GroupProjective

{ } } -impl<'a, P: Parameters> Sub<&'a Self> for GroupProjective

{ +impl<'a, P: Parameters> Sub<&'a Self> for Projective

{ type Output = Self; #[inline] @@ -682,13 +682,13 @@ impl<'a, P: Parameters> Sub<&'a Self> for GroupProjective

{ } } -impl<'a, P: Parameters> SubAssign<&'a Self> for GroupProjective

{ +impl<'a, P: Parameters> SubAssign<&'a Self> for Projective

{ fn sub_assign(&mut self, other: &'a Self) { *self += &(-(*other)); } } -impl MulAssign for GroupProjective

{ +impl MulAssign for Projective

{ fn mul_assign(&mut self, other: P::ScalarField) { *self = self.mul(other.into_bigint()) } @@ -696,9 +696,9 @@ impl MulAssign for GroupProjective

{ // The affine point X, Y is represented in the Jacobian // coordinates with Z = 1. -impl From> for GroupProjective

{ +impl From> for Projective

{ #[inline] - fn from(p: GroupAffine

) -> GroupProjective

{ + fn from(p: Affine

) -> Projective

{ if p.is_zero() { Self::zero() } else { @@ -709,14 +709,14 @@ impl From> for GroupProjective

{ // The projective point X, Y, Z is represented in the affine // coordinates as X/Z^2, Y/Z^3. -impl From> for GroupAffine

{ +impl From> for Affine

{ #[inline] - fn from(p: GroupProjective

) -> GroupAffine

{ + fn from(p: Projective

) -> Affine

{ if p.is_zero() { - GroupAffine::zero() + Affine::zero() } else if p.z.is_one() { // If Z is one, the point is already normalized. - GroupAffine::new(p.x, p.y, false) + Affine::new(p.x, p.y, false) } else { // Z is nonzero, so it must have an inverse in a field. let zinv = p.z.inverse().unwrap(); @@ -728,12 +728,12 @@ impl From> for GroupAffine

{ // Y/Z^3 let y = p.y * &(zinv_squared * &zinv); - GroupAffine::new(x, y, false) + Affine::new(x, y, false) } } } -impl CanonicalSerialize for GroupAffine

{ +impl CanonicalSerialize for Affine

{ #[allow(unused_qualifications)] #[inline] fn serialize(&self, writer: W) -> Result<(), SerializationError> { @@ -771,35 +771,35 @@ impl CanonicalSerialize for GroupAffine

{ } } -impl CanonicalSerialize for GroupProjective

{ +impl CanonicalSerialize for Projective

{ #[allow(unused_qualifications)] #[inline] fn serialize(&self, writer: W) -> Result<(), SerializationError> { - let aff = GroupAffine::

::from(*self); + let aff = Affine::

::from(*self); aff.serialize(writer) } #[inline] fn serialized_size(&self) -> usize { - let aff = GroupAffine::

::from(*self); + let aff = Affine::

::from(*self); aff.serialized_size() } #[allow(unused_qualifications)] #[inline] fn serialize_uncompressed(&self, writer: W) -> Result<(), SerializationError> { - let aff = GroupAffine::

::from(*self); + let aff = Affine::

::from(*self); aff.serialize_uncompressed(writer) } #[inline] fn uncompressed_size(&self) -> usize { - let aff = GroupAffine::

::from(*self); + let aff = Affine::

::from(*self); aff.uncompressed_size() } } -impl CanonicalDeserialize for GroupAffine

{ +impl CanonicalDeserialize for Affine

{ #[allow(unused_qualifications)] fn deserialize(reader: R) -> Result { let (x, flags): (P::BaseField, SWFlags) = @@ -807,7 +807,7 @@ impl CanonicalDeserialize for GroupAffine

{ if flags.is_infinity() { Ok(Self::zero()) } else { - let p = GroupAffine::

::get_point_from_x(x, flags.is_positive().unwrap()) + let p = Affine::

::get_point_from_x(x, flags.is_positive().unwrap()) .ok_or(SerializationError::InvalidData)?; if !p.is_in_correct_subgroup_assuming_on_curve() { return Err(SerializationError::InvalidData); @@ -833,32 +833,32 @@ impl CanonicalDeserialize for GroupAffine

{ let x: P::BaseField = CanonicalDeserialize::deserialize(&mut reader)?; let (y, flags): (P::BaseField, SWFlags) = CanonicalDeserializeWithFlags::deserialize_with_flags(&mut reader)?; - let p = GroupAffine::

::new(x, y, flags.is_infinity()); + let p = Affine::

::new(x, y, flags.is_infinity()); Ok(p) } } -impl CanonicalDeserialize for GroupProjective

{ +impl CanonicalDeserialize for Projective

{ #[allow(unused_qualifications)] fn deserialize(reader: R) -> Result { - let aff = GroupAffine::

::deserialize(reader)?; + let aff = Affine::

::deserialize(reader)?; Ok(aff.into()) } #[allow(unused_qualifications)] fn deserialize_uncompressed(reader: R) -> Result { - let aff = GroupAffine::

::deserialize_uncompressed(reader)?; + let aff = Affine::

::deserialize_uncompressed(reader)?; Ok(aff.into()) } #[allow(unused_qualifications)] fn deserialize_unchecked(reader: R) -> Result { - let aff = GroupAffine::

::deserialize_unchecked(reader)?; + let aff = Affine::

::deserialize_unchecked(reader)?; Ok(aff.into()) } } -impl ToConstraintField for GroupAffine +impl ToConstraintField for Affine where M::BaseField: ToConstraintField, { @@ -873,18 +873,18 @@ where } } -impl ToConstraintField for GroupProjective +impl ToConstraintField for Projective where M::BaseField: ToConstraintField, { #[inline] fn to_field_elements(&self) -> Option> { - GroupAffine::from(*self).to_field_elements() + Affine::from(*self).to_field_elements() } } -impl VariableBaseMSM for GroupProjective

{ - type MSMBase = GroupAffine

; +impl VariableBaseMSM for Projective

{ + type MSMBase = Affine

; type Scalar = ::ScalarField; diff --git a/ec/src/models/twisted_edwards_extended.rs b/ec/src/models/twisted_edwards.rs similarity index 83% rename from ec/src/models/twisted_edwards_extended.rs rename to ec/src/models/twisted_edwards.rs index 3eca98098..c7134d30f 100644 --- a/ec/src/models/twisted_edwards_extended.rs +++ b/ec/src/models/twisted_edwards.rs @@ -41,20 +41,20 @@ use rayon::prelude::*; Hash(bound = "P: Parameters") )] #[must_use] -pub struct GroupAffine { +pub struct Affine { /// X coordinate of the point represented as a field element pub x: P::BaseField, /// Y coordinate of the point represented as a field element pub y: P::BaseField, } -impl Display for GroupAffine

{ +impl Display for Affine

{ fn fmt(&self, f: &mut Formatter<'_>) -> FmtResult { - write!(f, "GroupAffine(x={}, y={})", self.x, self.y) + write!(f, "Affine(x={}, y={})", self.x, self.y) } } -impl GroupAffine

{ +impl Affine

{ pub fn new(x: P::BaseField, y: P::BaseField) -> Self { Self { x, y } } @@ -99,7 +99,7 @@ impl GroupAffine

{ } } -impl GroupAffine

{ +impl Affine

{ /// Checks if `self` is in the subgroup having order equaling that of /// `P::ScalarField` given it is on the curve. pub fn is_in_correct_subgroup_assuming_on_curve(&self) -> bool { @@ -107,7 +107,7 @@ impl GroupAffine

{ } } -impl Zero for GroupAffine

{ +impl Zero for Affine

{ fn zero() -> Self { Self::new(P::BaseField::zero(), P::BaseField::one()) } @@ -117,11 +117,11 @@ impl Zero for GroupAffine

{ } } -impl AffineCurve for GroupAffine

{ +impl AffineCurve for Affine

{ type Parameters = P; type BaseField = P::BaseField; type ScalarField = P::ScalarField; - type Projective = GroupProjective

; + type Projective = Projective

; fn xy(&self) -> (Self::BaseField, Self::BaseField) { (self.x, self.y) @@ -162,7 +162,7 @@ impl AffineCurve for GroupAffine

{ } } -impl Zeroize for GroupAffine

{ +impl Zeroize for Affine

{ // The phantom data does not contain element-specific data // and thus does not need to be zeroized. fn zeroize(&mut self) { @@ -171,7 +171,7 @@ impl Zeroize for GroupAffine

{ } } -impl Neg for GroupAffine

{ +impl Neg for Affine

{ type Output = Self; fn neg(self) -> Self { @@ -179,9 +179,9 @@ impl Neg for GroupAffine

{ } } -ark_ff::impl_additive_ops_from_ref!(GroupAffine, Parameters); +ark_ff::impl_additive_ops_from_ref!(Affine, Parameters); -impl<'a, P: Parameters> Add<&'a Self> for GroupAffine

{ +impl<'a, P: Parameters> Add<&'a Self> for Affine

{ type Output = Self; fn add(self, other: &'a Self) -> Self { let mut copy = self; @@ -190,7 +190,7 @@ impl<'a, P: Parameters> Add<&'a Self> for GroupAffine

{ } } -impl<'a, P: Parameters> AddAssign<&'a Self> for GroupAffine

{ +impl<'a, P: Parameters> AddAssign<&'a Self> for Affine

{ fn add_assign(&mut self, other: &'a Self) { let y1y2 = self.y * &other.y; let x1x2 = self.x * &other.x; @@ -207,7 +207,7 @@ impl<'a, P: Parameters> AddAssign<&'a Self> for GroupAffine

{ } } -impl<'a, P: Parameters> Sub<&'a Self> for GroupAffine

{ +impl<'a, P: Parameters> Sub<&'a Self> for Affine

{ type Output = Self; fn sub(self, other: &'a Self) -> Self { let mut copy = self; @@ -216,33 +216,33 @@ impl<'a, P: Parameters> Sub<&'a Self> for GroupAffine

{ } } -impl<'a, P: Parameters> SubAssign<&'a Self> for GroupAffine

{ +impl<'a, P: Parameters> SubAssign<&'a Self> for Affine

{ fn sub_assign(&mut self, other: &'a Self) { *self += &(-(*other)); } } -impl MulAssign for GroupAffine

{ +impl MulAssign for Affine

{ fn mul_assign(&mut self, other: P::ScalarField) { *self = self.mul(other.into_bigint()).into() } } -impl Default for GroupAffine

{ +impl Default for Affine

{ #[inline] fn default() -> Self { Self::zero() } } -impl Distribution> for Standard { +impl Distribution> for Standard { #[inline] - fn sample(&self, rng: &mut R) -> GroupAffine

{ + fn sample(&self, rng: &mut R) -> Affine

{ loop { let y = P::BaseField::rand(rng); let greatest = rng.gen(); - if let Some(p) = GroupAffine::get_point_from_y(y, greatest) { + if let Some(p) = Affine::get_point_from_y(y, greatest) { return p.mul_by_cofactor(); } } @@ -253,7 +253,7 @@ mod group_impl { use super::*; use crate::group::Group; - impl Group for GroupAffine

{ + impl Group for Affine

{ type ScalarField = P::ScalarField; #[inline] @@ -275,7 +275,7 @@ mod group_impl { ////////////////////////////////////////////////////////////////////////////// -/// `GroupProjective` implements Extended Twisted Edwards Coordinates +/// `Projective` implements Extended Twisted Edwards Coordinates /// as described in [\[HKCD08\]](https://eprint.iacr.org/2008/522.pdf). /// /// This implementation uses the unified addition formulae from that paper (see @@ -288,32 +288,32 @@ mod group_impl { Debug(bound = "P: Parameters") )] #[must_use] -pub struct GroupProjective { +pub struct Projective { pub x: P::BaseField, pub y: P::BaseField, pub t: P::BaseField, pub z: P::BaseField, } -impl PartialEq> for GroupAffine

{ - fn eq(&self, other: &GroupProjective

) -> bool { +impl PartialEq> for Affine

{ + fn eq(&self, other: &Projective

) -> bool { self.into_projective() == *other } } -impl PartialEq> for GroupProjective

{ - fn eq(&self, other: &GroupAffine

) -> bool { +impl PartialEq> for Projective

{ + fn eq(&self, other: &Affine

) -> bool { *self == other.into_projective() } } -impl Display for GroupProjective

{ +impl Display for Projective

{ fn fmt(&self, f: &mut Formatter<'_>) -> FmtResult { - write!(f, "{}", GroupAffine::from(*self)) + write!(f, "{}", Affine::from(*self)) } } -impl PartialEq for GroupProjective

{ +impl PartialEq for Projective

{ fn eq(&self, other: &Self) -> bool { if self.is_zero() { return other.is_zero(); @@ -328,39 +328,39 @@ impl PartialEq for GroupProjective

{ } } -impl Hash for GroupProjective

{ +impl Hash for Projective

{ fn hash(&self, state: &mut H) { self.into_affine().hash(state) } } -impl Distribution> for Standard { +impl Distribution> for Standard { #[inline] - fn sample(&self, rng: &mut R) -> GroupProjective

{ + fn sample(&self, rng: &mut R) -> Projective

{ loop { let y = P::BaseField::rand(rng); let greatest = rng.gen(); - if let Some(p) = GroupAffine::get_point_from_y(y, greatest) { + if let Some(p) = Affine::get_point_from_y(y, greatest) { return p.mul_by_cofactor_to_projective(); } } } } -impl Default for GroupProjective

{ +impl Default for Projective

{ #[inline] fn default() -> Self { Self::zero() } } -impl GroupProjective

{ +impl Projective

{ pub fn new(x: P::BaseField, y: P::BaseField, t: P::BaseField, z: P::BaseField) -> Self { Self { x, y, t, z } } } -impl Zeroize for GroupProjective

{ +impl Zeroize for Projective

{ // The phantom data does not contain element-specific data // and thus does not need to be zeroized. fn zeroize(&mut self) { @@ -371,7 +371,7 @@ impl Zeroize for GroupProjective

{ } } -impl Zero for GroupProjective

{ +impl Zero for Projective

{ fn zero() -> Self { Self::new( P::BaseField::zero(), @@ -386,14 +386,14 @@ impl Zero for GroupProjective

{ } } -impl ProjectiveCurve for GroupProjective

{ +impl ProjectiveCurve for Projective

{ type Parameters = P; type BaseField = P::BaseField; type ScalarField = P::ScalarField; - type Affine = GroupAffine

; + type Affine = Affine

; fn prime_subgroup_generator() -> Self { - GroupAffine::prime_subgroup_generator().into() + Affine::prime_subgroup_generator().into() } fn is_normalized(&self) -> bool { @@ -456,7 +456,7 @@ impl ProjectiveCurve for GroupProjective

{ self } - fn add_assign_mixed(&mut self, other: &GroupAffine

) { + fn add_assign_mixed(&mut self, other: &Affine

) { // See "Twisted Edwards Curves Revisited" // Huseyin Hisil, Kenneth Koon-Ho Wong, Gary Carter, and Ed Dawson // 3.1 Unified Addition in E^e @@ -495,7 +495,7 @@ impl ProjectiveCurve for GroupProjective

{ } } -impl Neg for GroupProjective

{ +impl Neg for Projective

{ type Output = Self; fn neg(mut self) -> Self { self.x = -self.x; @@ -504,9 +504,9 @@ impl Neg for GroupProjective

{ } } -ark_ff::impl_additive_ops_from_ref!(GroupProjective, Parameters); +ark_ff::impl_additive_ops_from_ref!(Projective, Parameters); -impl<'a, P: Parameters> Add<&'a Self> for GroupProjective

{ +impl<'a, P: Parameters> Add<&'a Self> for Projective

{ type Output = Self; fn add(mut self, other: &'a Self) -> Self { self += other; @@ -514,7 +514,7 @@ impl<'a, P: Parameters> Add<&'a Self> for GroupProjective

{ } } -impl<'a, P: Parameters> AddAssign<&'a Self> for GroupProjective

{ +impl<'a, P: Parameters> AddAssign<&'a Self> for Projective

{ fn add_assign(&mut self, other: &'a Self) { // See "Twisted Edwards Curves Revisited" (https://eprint.iacr.org/2008/522.pdf) // by Huseyin Hisil, Kenneth Koon-Ho Wong, Gary Carter, and Ed Dawson @@ -558,7 +558,7 @@ impl<'a, P: Parameters> AddAssign<&'a Self> for GroupProjective

{ } } -impl<'a, P: Parameters> Sub<&'a Self> for GroupProjective

{ +impl<'a, P: Parameters> Sub<&'a Self> for Projective

{ type Output = Self; fn sub(mut self, other: &'a Self) -> Self { self -= other; @@ -566,13 +566,13 @@ impl<'a, P: Parameters> Sub<&'a Self> for GroupProjective

{ } } -impl<'a, P: Parameters> SubAssign<&'a Self> for GroupProjective

{ +impl<'a, P: Parameters> SubAssign<&'a Self> for Projective

{ fn sub_assign(&mut self, other: &'a Self) { *self += &(-(*other)); } } -impl MulAssign for GroupProjective

{ +impl MulAssign for Projective

{ fn mul_assign(&mut self, other: P::ScalarField) { *self = self.mul(other.into_bigint()) } @@ -580,32 +580,32 @@ impl MulAssign for GroupProjective

{ // The affine point (X, Y) is represented in the Extended Projective coordinates // with Z = 1. -impl From> for GroupProjective

{ - fn from(p: GroupAffine

) -> GroupProjective

{ +impl From> for Projective

{ + fn from(p: Affine

) -> Projective

{ Self::new(p.x, p.y, p.x * &p.y, P::BaseField::one()) } } // The projective point X, Y, T, Z is represented in the affine // coordinates as X/Z, Y/Z. -impl From> for GroupAffine

{ - fn from(p: GroupProjective

) -> GroupAffine

{ +impl From> for Affine

{ + fn from(p: Projective

) -> Affine

{ if p.is_zero() { - GroupAffine::zero() + Affine::zero() } else if p.z.is_one() { // If Z is one, the point is already normalized. - GroupAffine::new(p.x, p.y) + Affine::new(p.x, p.y) } else { // Z is nonzero, so it must have an inverse in a field. let z_inv = p.z.inverse().unwrap(); let x = p.x * &z_inv; let y = p.y * &z_inv; - GroupAffine::new(x, y) + Affine::new(x, y) } } } -impl core::str::FromStr for GroupAffine

+impl core::str::FromStr for Affine

where P::BaseField: core::str::FromStr, { @@ -650,24 +650,24 @@ where Debug(bound = "P: MontgomeryParameters"), Hash(bound = "P: MontgomeryParameters") )] -pub struct MontgomeryGroupAffine { +pub struct MontgomeryAffine { pub x: P::BaseField, pub y: P::BaseField, } -impl Display for MontgomeryGroupAffine

{ +impl Display for MontgomeryAffine

{ fn fmt(&self, f: &mut Formatter<'_>) -> FmtResult { - write!(f, "MontgomeryGroupAffine(x={}, y={})", self.x, self.y) + write!(f, "MontgomeryAffine(x={}, y={})", self.x, self.y) } } -impl MontgomeryGroupAffine

{ +impl MontgomeryAffine

{ pub fn new(x: P::BaseField, y: P::BaseField) -> Self { Self { x, y } } } -impl CanonicalSerialize for GroupAffine

{ +impl CanonicalSerialize for Affine

{ #[allow(unused_qualifications)] #[inline] fn serialize(&self, writer: W) -> Result<(), SerializationError> { @@ -701,35 +701,35 @@ impl CanonicalSerialize for GroupAffine

{ } } -impl CanonicalSerialize for GroupProjective

{ +impl CanonicalSerialize for Projective

{ #[allow(unused_qualifications)] #[inline] fn serialize(&self, writer: W) -> Result<(), SerializationError> { - let aff = GroupAffine::

::from(*self); + let aff = Affine::

::from(*self); aff.serialize(writer) } #[inline] fn serialized_size(&self) -> usize { - let aff = GroupAffine::

::from(*self); + let aff = Affine::

::from(*self); aff.serialized_size() } #[allow(unused_qualifications)] #[inline] fn serialize_uncompressed(&self, writer: W) -> Result<(), SerializationError> { - let aff = GroupAffine::

::from(*self); + let aff = Affine::

::from(*self); aff.serialize_uncompressed(writer) } #[inline] fn uncompressed_size(&self) -> usize { - let aff = GroupAffine::

::from(*self); + let aff = Affine::

::from(*self); aff.uncompressed_size() } } -impl CanonicalDeserialize for GroupAffine

{ +impl CanonicalDeserialize for Affine

{ #[allow(unused_qualifications)] fn deserialize(mut reader: R) -> Result { let (y, flags): (P::BaseField, EdwardsFlags) = @@ -737,7 +737,7 @@ impl CanonicalDeserialize for GroupAffine

{ if y == P::BaseField::zero() { Ok(Self::zero()) } else { - let p = GroupAffine::

::get_point_from_y(y, flags.is_positive()) + let p = Affine::

::get_point_from_y(y, flags.is_positive()) .ok_or(SerializationError::InvalidData)?; if !p.is_in_correct_subgroup_assuming_on_curve() { return Err(SerializationError::InvalidData); @@ -761,32 +761,32 @@ impl CanonicalDeserialize for GroupAffine

{ let x: P::BaseField = CanonicalDeserialize::deserialize(&mut reader)?; let y: P::BaseField = CanonicalDeserialize::deserialize(&mut reader)?; - let p = GroupAffine::

::new(x, y); + let p = Affine::

::new(x, y); Ok(p) } } -impl CanonicalDeserialize for GroupProjective

{ +impl CanonicalDeserialize for Projective

{ #[allow(unused_qualifications)] fn deserialize(reader: R) -> Result { - let aff = GroupAffine::

::deserialize(reader)?; + let aff = Affine::

::deserialize(reader)?; Ok(aff.into()) } #[allow(unused_qualifications)] fn deserialize_uncompressed(reader: R) -> Result { - let aff = GroupAffine::

::deserialize_uncompressed(reader)?; + let aff = Affine::

::deserialize_uncompressed(reader)?; Ok(aff.into()) } #[allow(unused_qualifications)] fn deserialize_unchecked(reader: R) -> Result { - let aff = GroupAffine::

::deserialize_unchecked(reader)?; + let aff = Affine::

::deserialize_unchecked(reader)?; Ok(aff.into()) } } -impl ToConstraintField for GroupAffine +impl ToConstraintField for Affine where M::BaseField: ToConstraintField, { @@ -799,13 +799,13 @@ where } } -impl ToConstraintField for GroupProjective +impl ToConstraintField for Projective where M::BaseField: ToConstraintField, { #[inline] fn to_field_elements(&self) -> Option> { - GroupAffine::from(*self).to_field_elements() + Affine::from(*self).to_field_elements() } } @@ -813,7 +813,7 @@ where // the methods that are needed for backwards compatibility with the old // serialization format // See Issue #330 -impl GroupAffine

{ +impl Affine

{ /// Attempts to construct an affine point given an x-coordinate. The /// point is not guaranteed to be in the prime order subgroup. /// @@ -887,7 +887,7 @@ impl GroupAffine

{ if x == P::BaseField::zero() { Ok(Self::zero()) } else { - let p = GroupAffine::

::get_point_from_x_old(x, flags.is_positive()) + let p = Affine::

::get_point_from_x_old(x, flags.is_positive()) .ok_or(SerializationError::InvalidData)?; if !p.is_in_correct_subgroup_assuming_on_curve() { return Err(SerializationError::InvalidData); @@ -896,12 +896,12 @@ impl GroupAffine

{ } } } -impl GroupProjective

{ +impl Projective

{ /// This method is implemented for backwards compatibility with the old /// serialization format and will be deprecated and then removed in a /// future version. pub fn serialize_old(&self, writer: W) -> Result<(), SerializationError> { - let aff = GroupAffine::

::from(*self); + let aff = Affine::

::from(*self); aff.serialize_old(writer) } @@ -914,7 +914,7 @@ impl GroupProjective

{ &self, writer: W, ) -> Result<(), SerializationError> { - let aff = GroupAffine::

::from(*self); + let aff = Affine::

::from(*self); aff.serialize_uncompressed(writer) } @@ -923,20 +923,20 @@ impl GroupProjective

{ /// serialization format and will be deprecated and then removed in a /// future version. pub fn deserialize_uncompressed_old(reader: R) -> Result { - let aff = GroupAffine::

::deserialize_uncompressed(reader)?; + let aff = Affine::

::deserialize_uncompressed(reader)?; Ok(aff.into()) } /// This method is implemented for backwards compatibility with the old /// serialization format and will be deprecated and then removed in a /// future version. pub fn deserialize_old(reader: R) -> Result { - let aff = GroupAffine::

::deserialize_old(reader)?; + let aff = Affine::

::deserialize_old(reader)?; Ok(aff.into()) } } -impl VariableBaseMSM for GroupProjective

{ - type MSMBase = GroupAffine

; +impl VariableBaseMSM for Projective

{ + type MSMBase = Affine

; type Scalar = ::ScalarField; diff --git a/test-curves/src/bls12_381/g1.rs b/test-curves/src/bls12_381/g1.rs index 2ba4efeb0..a625fefb5 100644 --- a/test-curves/src/bls12_381/g1.rs +++ b/test-curves/src/bls12_381/g1.rs @@ -1,12 +1,12 @@ use crate::bls12_381::*; use ark_ec::{ models::{ModelParameters, SWModelParameters}, - short_weierstrass_jacobian::*, + short_weierstrass::*, }; use ark_ff::{MontFp, Zero}; -pub type G1Affine = GroupAffine; -pub type G1Projective = GroupProjective; +pub type G1Affine = Affine; +pub type G1Projective = Projective; #[derive(Clone, Default, PartialEq, Eq)] pub struct Parameters; diff --git a/test-curves/src/bls12_381/g2.rs b/test-curves/src/bls12_381/g2.rs index ff9a73721..3195b56c3 100644 --- a/test-curves/src/bls12_381/g2.rs +++ b/test-curves/src/bls12_381/g2.rs @@ -2,7 +2,7 @@ use crate::bls12_381::*; use ark_ec::{ bls12, models::{ModelParameters, SWModelParameters}, - short_weierstrass_jacobian::GroupAffine, + short_weierstrass::Affine, AffineCurve, }; use ark_ff::{BigInt, Field, MontFp, QuadExt, Zero}; @@ -119,7 +119,7 @@ pub const P_POWER_ENDOMORPHISM_COEFF_1: Fq2 = QuadExt!( "1028732146235106349975324479215795277384839936929757896155643118032610843298655225875571310552543014690878354869257") ); -pub fn p_power_endomorphism(p: &GroupAffine) -> GroupAffine { +pub fn p_power_endomorphism(p: &Affine) -> Affine { // The p-power endomorphism for G2 is defined as follows: // 1. Note that G2 is defined on curve E': y^2 = x^3 + 4(u+1). To map a point (x, y) in E' to (s, t) in E, // one set s = x / ((u+1) ^ (1/3)), t = y / ((u+1) ^ (1/2)), because E: y^2 = x^3 + 4. diff --git a/test-curves/src/bn384_small_two_adicity/g1.rs b/test-curves/src/bn384_small_two_adicity/g1.rs index 5704db7d2..5facbfbaa 100644 --- a/test-curves/src/bn384_small_two_adicity/g1.rs +++ b/test-curves/src/bn384_small_two_adicity/g1.rs @@ -1,13 +1,13 @@ use ark_ec::{ models::{ModelParameters, SWModelParameters}, - short_weierstrass_jacobian::*, + short_weierstrass::*, }; use ark_ff::Zero; use crate::bn384_small_two_adicity::{Fq, Fr, FR_ONE}; -pub type G1Affine = GroupAffine; -pub type G1Projective = GroupProjective; +pub type G1Affine = Affine; +pub type G1Projective = Projective; #[derive(Clone, Default, PartialEq, Eq)] pub struct Parameters; diff --git a/test-curves/src/mnt4_753/g1.rs b/test-curves/src/mnt4_753/g1.rs index 0af29920d..99e62b781 100644 --- a/test-curves/src/mnt4_753/g1.rs +++ b/test-curves/src/mnt4_753/g1.rs @@ -1,13 +1,13 @@ use ark_ec::{ models::{ModelParameters, SWModelParameters}, - short_weierstrass_jacobian::*, + short_weierstrass::*, }; use ark_ff::MontFp; use crate::mnt4_753::{Fq, Fr, FR_ONE}; -pub type G1Affine = GroupAffine; -pub type G1Projective = GroupProjective; +pub type G1Affine = Affine; +pub type G1Projective = Projective; #[derive(Clone, Default, PartialEq, Eq)] pub struct Parameters; diff --git a/test-templates/src/curves.rs b/test-templates/src/curves.rs index d13c9c678..fb42874d5 100644 --- a/test-templates/src/curves.rs +++ b/test-templates/src/curves.rs @@ -1,6 +1,6 @@ #![allow(unused)] use ark_ec::{ - short_weierstrass_jacobian::GroupAffine, twisted_edwards_extended::GroupProjective, + short_weierstrass::Affine, twisted_edwards::Projective, wnaf::WnafContext, AffineCurve, MontgomeryModelParameters, ProjectiveCurve, SWModelParameters, TEModelParameters, }; @@ -307,14 +307,14 @@ pub fn sw_tests() { } pub fn sw_from_random_bytes() { - use ark_ec::models::short_weierstrass_jacobian::{GroupAffine, GroupProjective}; + use ark_ec::models::short_weierstrass::{Affine, Projective}; - let buf_size = GroupAffine::

::zero().serialized_size(); + let buf_size = Affine::

::zero().serialized_size(); let mut rng = ark_std::test_rng(); for _ in 0..ITERATIONS { - let a = GroupProjective::

::rand(&mut rng); + let a = Projective::

::rand(&mut rng); let mut a = a.into_affine(); { let mut serialized = vec![0; buf_size]; @@ -322,22 +322,22 @@ pub fn sw_from_random_bytes() { a.serialize(&mut cursor).unwrap(); let mut cursor = Cursor::new(&serialized[..]); - let p1 = GroupAffine::

::deserialize(&mut cursor).unwrap(); - let p2 = GroupAffine::

::from_random_bytes(&serialized).unwrap(); + let p1 = Affine::

::deserialize(&mut cursor).unwrap(); + let p2 = Affine::

::from_random_bytes(&serialized).unwrap(); assert_eq!(p1, p2); } } } pub fn sw_curve_serialization_test() { - use ark_ec::models::short_weierstrass_jacobian::{GroupAffine, GroupProjective}; + use ark_ec::models::short_weierstrass::{Affine, Projective}; - let buf_size = GroupAffine::

::zero().serialized_size(); + let buf_size = Affine::

::zero().serialized_size(); let mut rng = ark_std::test_rng(); for _ in 0..ITERATIONS { - let a = GroupProjective::

::rand(&mut rng); + let a = Projective::

::rand(&mut rng); let mut a = a.into_affine(); { let mut serialized = vec![0; buf_size]; @@ -345,7 +345,7 @@ pub fn sw_curve_serialization_test() { a.serialize(&mut cursor).unwrap(); let mut cursor = Cursor::new(&serialized[..]); - let b = GroupAffine::

::deserialize(&mut cursor).unwrap(); + let b = Affine::

::deserialize(&mut cursor).unwrap(); assert_eq!(a, b); } @@ -355,22 +355,22 @@ pub fn sw_curve_serialization_test() { let mut cursor = Cursor::new(&mut serialized[..]); a.serialize(&mut cursor).unwrap(); let mut cursor = Cursor::new(&serialized[..]); - let b = GroupAffine::

::deserialize(&mut cursor).unwrap(); + let b = Affine::

::deserialize(&mut cursor).unwrap(); assert_eq!(a, b); } { - let a = GroupAffine::

::zero(); + let a = Affine::

::zero(); let mut serialized = vec![0; buf_size]; let mut cursor = Cursor::new(&mut serialized[..]); a.serialize(&mut cursor).unwrap(); let mut cursor = Cursor::new(&serialized[..]); - let b = GroupAffine::

::deserialize(&mut cursor).unwrap(); + let b = Affine::

::deserialize(&mut cursor).unwrap(); assert_eq!(a, b); } { - let a = GroupAffine::

::zero(); + let a = Affine::

::zero(); let mut serialized = vec![0; buf_size - 1]; let mut cursor = Cursor::new(&mut serialized[..]); a.serialize(&mut cursor).unwrap_err(); @@ -379,7 +379,7 @@ pub fn sw_curve_serialization_test() { { let serialized = vec![0; buf_size - 1]; let mut cursor = Cursor::new(&serialized[..]); - GroupAffine::

::deserialize(&mut cursor).unwrap_err(); + Affine::

::deserialize(&mut cursor).unwrap_err(); } { @@ -388,7 +388,7 @@ pub fn sw_curve_serialization_test() { a.serialize_uncompressed(&mut cursor).unwrap(); let mut cursor = Cursor::new(&serialized[..]); - let b = GroupAffine::

::deserialize_uncompressed(&mut cursor).unwrap(); + let b = Affine::

::deserialize_uncompressed(&mut cursor).unwrap(); assert_eq!(a, b); } @@ -398,35 +398,35 @@ pub fn sw_curve_serialization_test() { let mut cursor = Cursor::new(&mut serialized[..]); a.serialize_uncompressed(&mut cursor).unwrap(); let mut cursor = Cursor::new(&serialized[..]); - let b = GroupAffine::

::deserialize_uncompressed(&mut cursor).unwrap(); + let b = Affine::

::deserialize_uncompressed(&mut cursor).unwrap(); assert_eq!(a, b); } { - let a = GroupAffine::

::zero(); + let a = Affine::

::zero(); let mut serialized = vec![0; a.uncompressed_size()]; let mut cursor = Cursor::new(&mut serialized[..]); a.serialize_uncompressed(&mut cursor).unwrap(); let mut cursor = Cursor::new(&serialized[..]); - let b = GroupAffine::

::deserialize_uncompressed(&mut cursor).unwrap(); + let b = Affine::

::deserialize_uncompressed(&mut cursor).unwrap(); assert_eq!(a, b); } } } pub fn sw_affine_sum_test() { - use ark_ec::models::short_weierstrass_jacobian::{GroupAffine, GroupProjective}; + use ark_ec::models::short_weierstrass::{Affine, Projective}; let mut rng = ark_std::test_rng(); for _ in 0..ITERATIONS { let mut test_vec = Vec::new(); for _ in 0..10 { - test_vec.push(GroupProjective::

::rand(&mut rng).into_affine()); + test_vec.push(Projective::

::rand(&mut rng).into_affine()); } - let sum_computed: GroupAffine

= test_vec.iter().sum(); - let mut sum_expected = GroupAffine::zero(); + let sum_computed: Affine

= test_vec.iter().sum(); + let mut sum_expected = Affine::zero(); for p in test_vec.iter() { sum_expected += p; } @@ -439,7 +439,7 @@ fn sw_cofactor_clearing_test() { let mut rng = ark_std::test_rng(); for _ in 0..ITERATIONS { - let a = GroupAffine::

::rand(&mut rng); + let a = Affine::

::rand(&mut rng); let b = a.clear_cofactor(); assert!(b.is_in_correct_subgroup_assuming_on_curve()); } @@ -473,14 +473,14 @@ pub fn edwards_from_random_bytes() where P::BaseField: PrimeField, { - use ark_ec::models::twisted_edwards_extended::{GroupAffine, GroupProjective}; + use ark_ec::models::twisted_edwards::{Affine, Projective}; - let buf_size = GroupAffine::

::zero().serialized_size(); + let buf_size = Affine::

::zero().serialized_size(); let mut rng = ark_std::test_rng(); for _ in 0..ITERATIONS { - let a = GroupProjective::

::rand(&mut rng); + let a = Projective::

::rand(&mut rng); let mut a = a.into_affine(); { let mut serialized = vec![0; buf_size]; @@ -488,15 +488,15 @@ where a.serialize(&mut cursor).unwrap(); let mut cursor = Cursor::new(&serialized[..]); - let p1 = GroupAffine::

::deserialize(&mut cursor).unwrap(); - let p2 = GroupAffine::

::from_random_bytes(&serialized).unwrap(); + let p1 = Affine::

::deserialize(&mut cursor).unwrap(); + let p2 = Affine::

::from_random_bytes(&serialized).unwrap(); assert_eq!(p1, p2); } } for _ in 0..ITERATIONS { let mut biginteger = - < as AffineCurve>::BaseField as PrimeField>::BigInt::rand(&mut rng); + < as AffineCurve>::BaseField as PrimeField>::BigInt::rand(&mut rng); let mut bytes = { let mut result = vec![0u8; biginteger.serialized_size()]; biginteger @@ -504,24 +504,24 @@ where .unwrap(); result }; - let mut g = GroupAffine::

::from_random_bytes(&bytes); + let mut g = Affine::

::from_random_bytes(&bytes); while g.is_none() { bytes.iter_mut().for_each(|i| *i = i.wrapping_sub(1)); - g = GroupAffine::

::from_random_bytes(&bytes); + g = Affine::

::from_random_bytes(&bytes); } let _g = g.unwrap(); } } pub fn edwards_curve_serialization_test() { - use ark_ec::models::twisted_edwards_extended::{GroupAffine, GroupProjective}; + use ark_ec::models::twisted_edwards::{Affine, Projective}; - let buf_size = GroupAffine::

::zero().serialized_size(); + let buf_size = Affine::

::zero().serialized_size(); let mut rng = ark_std::test_rng(); for _ in 0..ITERATIONS { - let a = GroupProjective::

::rand(&mut rng); + let a = Projective::

::rand(&mut rng); let a = a.into_affine(); { let mut serialized = vec![0; buf_size]; @@ -529,22 +529,22 @@ pub fn edwards_curve_serialization_test() { a.serialize(&mut cursor).unwrap(); let mut cursor = Cursor::new(&serialized[..]); - let b = GroupAffine::

::deserialize(&mut cursor).unwrap(); + let b = Affine::

::deserialize(&mut cursor).unwrap(); assert_eq!(a, b); } { - let a = GroupAffine::

::zero(); + let a = Affine::

::zero(); let mut serialized = vec![0; buf_size]; let mut cursor = Cursor::new(&mut serialized[..]); a.serialize(&mut cursor).unwrap(); let mut cursor = Cursor::new(&serialized[..]); - let b = GroupAffine::

::deserialize(&mut cursor).unwrap(); + let b = Affine::

::deserialize(&mut cursor).unwrap(); assert_eq!(a, b); } { - let a = GroupAffine::

::zero(); + let a = Affine::

::zero(); let mut serialized = vec![0; buf_size - 1]; let mut cursor = Cursor::new(&mut serialized[..]); a.serialize(&mut cursor).unwrap_err(); @@ -553,7 +553,7 @@ pub fn edwards_curve_serialization_test() { { let serialized = vec![0; buf_size - 1]; let mut cursor = Cursor::new(&serialized[..]); - GroupAffine::

::deserialize(&mut cursor).unwrap_err(); + Affine::

::deserialize(&mut cursor).unwrap_err(); } { @@ -562,17 +562,17 @@ pub fn edwards_curve_serialization_test() { a.serialize_uncompressed(&mut cursor).unwrap(); let mut cursor = Cursor::new(&serialized[..]); - let b = GroupAffine::

::deserialize_uncompressed(&mut cursor).unwrap(); + let b = Affine::

::deserialize_uncompressed(&mut cursor).unwrap(); assert_eq!(a, b); } { - let a = GroupAffine::

::zero(); + let a = Affine::

::zero(); let mut serialized = vec![0; a.uncompressed_size()]; let mut cursor = Cursor::new(&mut serialized[..]); a.serialize_uncompressed(&mut cursor).unwrap(); let mut cursor = Cursor::new(&serialized[..]); - let b = GroupAffine::

::deserialize_uncompressed(&mut cursor).unwrap(); + let b = Affine::

::deserialize_uncompressed(&mut cursor).unwrap(); assert_eq!(a, b); } } @@ -582,7 +582,7 @@ fn edwards_cofactor_clearing_test() { let mut rng = ark_std::test_rng(); for _ in 0..ITERATIONS { - let a = GroupProjective::

::rand(&mut rng).into_affine(); + let a = Projective::

::rand(&mut rng).into_affine(); let b = a.clear_cofactor(); assert!(b.is_in_correct_subgroup_assuming_on_curve()); } From ccfc63b4570ea0a5ce6b45aca289e9b4bf128097 Mon Sep 17 00:00:00 2001 From: Pratyush Mishra Date: Thu, 7 Jul 2022 11:24:50 -0700 Subject: [PATCH 2/4] Rename `ModelParameters` --- CHANGELOG.md | 6 +- ec/src/glv.rs | 4 +- ec/src/hashing/curve_maps/swu/mod.rs | 4 +- ec/src/hashing/curve_maps/wb/mod.rs | 6 +- ec/src/hashing/tests/mod.rs | 24 +- ec/src/lib.rs | 10 +- ec/src/models/bls12/g2.rs | 2 +- ec/src/models/bls12/mod.rs | 10 +- ec/src/models/bn/g2.rs | 2 +- ec/src/models/bn/mod.rs | 10 +- ec/src/models/bw6/g2.rs | 2 +- ec/src/models/bw6/mod.rs | 10 +- ec/src/models/mnt4/mod.rs | 10 +- ec/src/models/mnt6/mod.rs | 10 +- ec/src/models/mod.rs | 197 +-------------- ec/src/models/short_weierstrass.rs | 200 ++++++++++----- ec/src/models/twisted_edwards.rs | 230 ++++++++++++------ test-curves/src/bls12_381/g1.rs | 8 +- test-curves/src/bls12_381/g2.rs | 8 +- test-curves/src/bls12_381/tests.rs | 4 +- test-curves/src/bn384_small_two_adicity/g1.rs | 8 +- .../src/bn384_small_two_adicity/tests.rs | 4 +- test-curves/src/mnt4_753/g1.rs | 8 +- test-templates/src/curves.rs | 31 +-- 24 files changed, 393 insertions(+), 415 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index ed50b71e7..d69988060 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -14,7 +14,7 @@ - [\#348](https://github.com/arkworks-rs/algebra/pull/348) (`ark-ec`) Rename `msm:{Fixed,Variable}BaseMSM:multi_scalar_mul` to `msm:{Fixed,Variable}:msm` to avoid redundancy. - [\#359](https://github.com/arkworks-rs/algebra/pull/359) (`ark-test-templates`) Simplify the field and curve test macros. - [\#365](https://github.com/arkworks-rs/algebra/pull/365) (`ark-ec`) - - Move `COFACTOR`, `COFACTOR_INV`, and `is_in_correct_subgroup_assuming_on_curve()` from `{SW,TE}ModelParameters` to `ModelParameters`. + - Move `COFACTOR`, `COFACTOR_INV`, and `is_in_correct_subgroup_assuming_on_curve()` from `{SW,TE}CurveConfig` to `CurveConfig`. - Add `mul_bits()` to `AffineCurve` and provide a default implementation of `mul()` using this. - Remove duplicate function `scale_by_cofactor()` from `short_weierstrass::GroupAffine` and `twisted_edwards_extended::GroupAffine` - [\#370](https://github.com/arkworks-rs/algebra/pull/370) (all) Set the minimum `rust-version = 1.56` in the manifests of all crates. @@ -39,14 +39,14 @@ ### Features - [\#301](https://github.com/arkworks-rs/algebra/pull/301) (`ark-ec`) Add `GLVParameters` trait definition. -- [\#312](https://github.com/arkworks-rs/algebra/pull/312) (`ark-ec`) Add `is_in_correct_subgroup_assuming_on_curve` for all `SWModelParameters`. +- [\#312](https://github.com/arkworks-rs/algebra/pull/312) (`ark-ec`) Add `is_in_correct_subgroup_assuming_on_curve` for all `Parameters`. - [\#321](https://github.com/arkworks-rs/algebra/pull/321) (`ark-ff`) Change bigint conversions to impl `From` instead of `Into`. - [\#343](https://github.com/arkworks-rs/algebra/pull/343) (`ark-ec`) Add WB and SWU hash-to-curve maps. - [\#348](https://github.com/arkworks-rs/algebra/pull/348) (`ark-ec`) Add `msm:{Fixed,Variable}Base:msm_checked_len`. - [\#364](https://github.com/arkworks-rs/algebra/pull/364) (`ark-ec`) Add `ChunkedPippenger` to variable-base MSM. - [\#371](https://github.com/arkworks-rs/algebra/pull/371) (`ark-serialize`) Add serialization impls for arrays - [\#386](https://github.com/arkworks-rs/algebra/pull/386) (`ark-ff-macros`, `ark-ff`) Add a macro to derive `MontConfig`. -- [\#396](https://github.com/arkworks-rs/algebra/pull/396) (`ark-ec`) Add a default `mul` function to `{TE,SW}ModelParameters` trait definition. +- [\#396](https://github.com/arkworks-rs/algebra/pull/396) (`ark-ec`) Add a default `mul` function to `{TE,SW}CurveConfig` trait definition. - [\#397](https://github.com/arkworks-rs/algebra/pull/397) (`ark-ec`) Add `HashMapPippenger` to variable-base MSM. - [\#420](https://github.com/arkworks-rs/algebra/pull/420) (`ark-ec`) Add a `clear_cofactor` method to `AffineCurve`. diff --git a/ec/src/glv.rs b/ec/src/glv.rs index d15c791ff..7232890a8 100644 --- a/ec/src/glv.rs +++ b/ec/src/glv.rs @@ -1,7 +1,7 @@ -use crate::ModelParameters; +use crate::CurveConfig; /// The GLV parameters for computing the endomorphism and scalar decomposition. -pub trait GLVParameters: Send + Sync + 'static + ModelParameters { +pub trait GLVParameters: Send + Sync + 'static + CurveConfig { /// Affine representation of curve points. type CurveAffine; /// A representation of curve points that enables efficient arithmetic by diff --git a/ec/src/hashing/curve_maps/swu/mod.rs b/ec/src/hashing/curve_maps/swu/mod.rs index 2282fd843..a2202d4af 100644 --- a/ec/src/hashing/curve_maps/swu/mod.rs +++ b/ec/src/hashing/curve_maps/swu/mod.rs @@ -1,4 +1,4 @@ -use crate::models::SWModelParameters; +use crate::models::short_weierstrass::SWCurveConfig; use ark_ff::{BigInteger, Field, One, PrimeField, SquareRootField, Zero}; use ark_std::string::ToString; use core::marker::PhantomData; @@ -13,7 +13,7 @@ use crate::{ /// y^2 = x^3 + a*x + b where ab != 0. From [\[WB2019\]] /// /// - [\[WB2019\]] -pub trait SWUParams: SWModelParameters { +pub trait SWUParams: SWCurveConfig { /// An element of the base field that is not a square root see \[WB2019, Section 4\]. /// It is also convenient to have $g(b/xi * a)$ to be square. In general /// we use a `XI` with low absolute value coefficients when they are diff --git a/ec/src/hashing/curve_maps/wb/mod.rs b/ec/src/hashing/curve_maps/wb/mod.rs index 7961030d6..c61005170 100644 --- a/ec/src/hashing/curve_maps/wb/mod.rs +++ b/ec/src/hashing/curve_maps/wb/mod.rs @@ -1,6 +1,6 @@ use core::marker::PhantomData; -use crate::{models::SWModelParameters, ModelParameters}; +use crate::{models::short_weierstrass::SWCurveConfig, CurveConfig}; use ark_ff::batch_inversion; use ark_poly::{univariate::DensePolynomial, DenseUVPolynomial, Polynomial}; @@ -11,7 +11,7 @@ use crate::{ }; use super::swu::{SWUMap, SWUParams}; -type BaseField = ::BaseField; +type BaseField = ::BaseField; /// Trait defining the necessary parameters for the WB hash-to-curve method /// for the curves of Weierstrass form of: @@ -19,7 +19,7 @@ type BaseField = ::BaseField; /// From [\[WB2019\]] /// /// - [\[WB2019\]] -pub trait WBParams: SWModelParameters + Sized { +pub trait WBParams: SWCurveConfig + Sized { // The isogenous curve should be defined over the same base field but it can have // different scalar field type IsogenousCurveScalarField : type IsogenousCurve: SWUParams>; diff --git a/ec/src/hashing/tests/mod.rs b/ec/src/hashing/tests/mod.rs index 5d5ef9302..1e904a894 100644 --- a/ec/src/hashing/tests/mod.rs +++ b/ec/src/hashing/tests/mod.rs @@ -7,9 +7,9 @@ use crate::{ }, map_to_curve_hasher::{MapToCurve, MapToCurveBasedHasher}, }, - models::SWModelParameters, + models::short_weierstrass::SWCurveConfig, short_weierstrass::Affine, - ModelParameters, + CurveConfig, }; use ark_ff::field_hashers::DefaultFieldHasher; use ark_ff::{biginteger::BigInteger64, fields::Fp64, BigInt, MontBackend, MontFp}; @@ -53,7 +53,7 @@ const F127_ONE: F127 = MontFp!(F127, "1"); struct TestSWUMapToCurveParams; -impl ModelParameters for TestSWUMapToCurveParams { +impl CurveConfig for TestSWUMapToCurveParams { const COFACTOR: &'static [u64] = &[1]; #[rustfmt::skip] @@ -76,7 +76,7 @@ impl ModelParameters for TestSWUMapToCurveParams { /// pass /// /// y^2 = x^3 + x + 63 -impl SWModelParameters for TestSWUMapToCurveParams { +impl SWCurveConfig for TestSWUMapToCurveParams { /// COEFF_A = 1 const COEFF_A: F127 = F127_ONE; @@ -183,7 +183,7 @@ struct TestSWU127MapToIsogenousCurveParams; /// First we define the isogenous curve /// sage: E_isogenous.order() /// 127 -impl ModelParameters for TestSWU127MapToIsogenousCurveParams { +impl CurveConfig for TestSWU127MapToIsogenousCurveParams { const COFACTOR: &'static [u64] = &[1]; #[rustfmt::skip] @@ -195,7 +195,7 @@ impl ModelParameters for TestSWU127MapToIsogenousCurveParams { /// E_isogenous : Elliptic Curve defined by y^2 = x^3 + 109*x + 124 over Finite /// Field of size 127 -impl SWModelParameters for TestSWU127MapToIsogenousCurveParams { +impl SWCurveConfig for TestSWU127MapToIsogenousCurveParams { /// COEFF_A = 109 const COEFF_A: F127 = MontFp!(F127, "109"); @@ -221,7 +221,7 @@ impl SWUParams for TestSWU127MapToIsogenousCurveParams { /// The struct defining our parameters for the target curve of hashing struct TestWBF127MapToCurveParams; -impl ModelParameters for TestWBF127MapToCurveParams { +impl CurveConfig for TestWBF127MapToCurveParams { const COFACTOR: &'static [u64] = &[1]; #[rustfmt::skip] @@ -233,7 +233,7 @@ impl ModelParameters for TestWBF127MapToCurveParams { /// E: Elliptic Curve defined by y^2 = x^3 + 3 over Finite /// Field of size 127 -impl SWModelParameters for TestWBF127MapToCurveParams { +impl SWCurveConfig for TestWBF127MapToCurveParams { /// COEFF_A = 0 const COEFF_A: F127 = F127_ZERO; @@ -264,7 +264,7 @@ impl SWModelParameters for TestWBF127MapToCurveParams { impl WBParams for TestWBF127MapToCurveParams { type IsogenousCurve = TestSWU127MapToIsogenousCurveParams; - const PHI_X_NOM: &'static [::BaseField] = &[ + const PHI_X_NOM: &'static [::BaseField] = &[ MontFp!(F127, "4"), MontFp!(F127, "63"), MontFp!(F127, "23"), @@ -281,7 +281,7 @@ impl WBParams for TestWBF127MapToCurveParams { MontFp!(F127, "-57"), ]; - const PHI_X_DEN: &'static [::BaseField] = &[ + const PHI_X_DEN: &'static [::BaseField] = &[ MontFp!(F127, "2"), MontFp!(F127, "31"), MontFp!(F127, "-10"), @@ -297,7 +297,7 @@ impl WBParams for TestWBF127MapToCurveParams { MontFp!(F127, "1"), ]; - const PHI_Y_NOM: &'static [::BaseField] = &[ + const PHI_Y_NOM: &'static [::BaseField] = &[ MontFp!(F127, "-34"), MontFp!(F127, "-57"), MontFp!(F127, "30"), @@ -319,7 +319,7 @@ impl WBParams for TestWBF127MapToCurveParams { MontFp!(F127, "10"), ]; - const PHI_Y_DEN: &'static [::BaseField] = &[ + const PHI_Y_DEN: &'static [::BaseField] = &[ MontFp!(F127, "32"), MontFp!(F127, "-18"), MontFp!(F127, "-24"), diff --git a/ec/src/lib.rs b/ec/src/lib.rs index dd67b25d2..8eae6c9c1 100644 --- a/ec/src/lib.rs +++ b/ec/src/lib.rs @@ -162,11 +162,11 @@ pub trait ProjectiveCurve: + for<'a> core::iter::Sum<&'a Self> + From<::Affine> { - type Parameters: ModelParameters; + type Config: CurveConfig; type ScalarField: PrimeField + SquareRootField; type BaseField: Field; type Affine: AffineCurve< - Parameters = Self::Parameters, + Config = Self::Config, Projective = Self, ScalarField = Self::ScalarField, BaseField = Self::BaseField, @@ -249,7 +249,7 @@ pub trait AffineCurve: + for<'a> core::iter::Sum<&'a Self> + From<::Projective> { - type Parameters: ModelParameters; + type Config: CurveConfig; /// The group defined by this curve has order `h * r` where `r` is a large /// prime. `Self::ScalarField` is the prime field defined by `r` @@ -260,7 +260,7 @@ pub trait AffineCurve: /// The projective representation of points on this curve. type Projective: ProjectiveCurve< - Parameters = Self::Parameters, + Config = Self::Config, Affine = Self, ScalarField = Self::ScalarField, BaseField = Self::BaseField, @@ -310,7 +310,7 @@ pub trait AffineCurve: /// `Self::ScalarField`. #[must_use] fn mul_by_cofactor_inv(&self) -> Self { - self.mul(Self::Parameters::COFACTOR_INV).into() + self.mul(Self::Config::COFACTOR_INV).into() } } diff --git a/ec/src/models/bls12/g2.rs b/ec/src/models/bls12/g2.rs index 85d1c92c2..90c562af4 100644 --- a/ec/src/models/bls12/g2.rs +++ b/ec/src/models/bls12/g2.rs @@ -6,7 +6,7 @@ use num_traits::{One, Zero}; use crate::{ bls12::{Bls12Parameters, TwistType}, - models::SWModelParameters, + models::short_weierstrass::SWCurveConfig, short_weierstrass::{Affine, Projective}, AffineCurve, }; diff --git a/ec/src/models/bls12/mod.rs b/ec/src/models/bls12/mod.rs index 1c75de81c..f580ec440 100644 --- a/ec/src/models/bls12/mod.rs +++ b/ec/src/models/bls12/mod.rs @@ -1,5 +1,5 @@ use crate::{ - models::{ModelParameters, SWModelParameters}, + models::{short_weierstrass::SWCurveConfig, CurveConfig}, PairingEngine, }; use ark_ff::fields::{ @@ -37,10 +37,10 @@ pub trait Bls12Parameters: 'static { type Fp2Config: Fp2Config; type Fp6Config: Fp6Config; type Fp12Config: Fp12Config; - type G1Parameters: SWModelParameters; - type G2Parameters: SWModelParameters< + type G1Parameters: SWCurveConfig; + type G2Parameters: SWCurveConfig< BaseField = Fp2, - ScalarField = ::ScalarField, + ScalarField = ::ScalarField, >; } @@ -87,7 +87,7 @@ impl Bls12

{ } impl PairingEngine for Bls12

{ - type Fr = ::ScalarField; + type Fr = ::ScalarField; type G1Projective = G1Projective

; type G1Affine = G1Affine

; type G1Prepared = G1Prepared

; diff --git a/ec/src/models/bn/g2.rs b/ec/src/models/bn/g2.rs index bd71556a1..8684ff1f1 100644 --- a/ec/src/models/bn/g2.rs +++ b/ec/src/models/bn/g2.rs @@ -6,7 +6,7 @@ use num_traits::{One, Zero}; use crate::{ bn::{BnParameters, TwistType}, - models::SWModelParameters, + models::short_weierstrass::SWCurveConfig, short_weierstrass::{Affine, Projective}, AffineCurve, }; diff --git a/ec/src/models/bn/mod.rs b/ec/src/models/bn/mod.rs index c9a04bb16..2a6e69a4e 100644 --- a/ec/src/models/bn/mod.rs +++ b/ec/src/models/bn/mod.rs @@ -1,5 +1,5 @@ use crate::{ - models::{ModelParameters, SWModelParameters}, + models::{short_weierstrass::SWCurveConfig, CurveConfig}, PairingEngine, }; use ark_ff::fields::{ @@ -35,10 +35,10 @@ pub trait BnParameters: 'static { type Fp2Config: Fp2Config; type Fp6Config: Fp6Config; type Fp12Config: Fp12Config; - type G1Parameters: SWModelParameters; - type G2Parameters: SWModelParameters< + type G1Parameters: SWCurveConfig; + type G2Parameters: SWCurveConfig< BaseField = Fp2, - ScalarField = ::ScalarField, + ScalarField = ::ScalarField, >; } @@ -85,7 +85,7 @@ impl Bn

{ } impl PairingEngine for Bn

{ - type Fr = ::ScalarField; + type Fr = ::ScalarField; type G1Projective = G1Projective

; type G1Affine = G1Affine

; type G1Prepared = G1Prepared

; diff --git a/ec/src/models/bw6/g2.rs b/ec/src/models/bw6/g2.rs index d53850f9f..1186c5f39 100644 --- a/ec/src/models/bw6/g2.rs +++ b/ec/src/models/bw6/g2.rs @@ -6,7 +6,7 @@ use num_traits::{One, Zero}; use crate::{ bw6::{BW6Parameters, TwistType}, - models::SWModelParameters, + models::short_weierstrass::SWCurveConfig, short_weierstrass::{Affine, Projective}, AffineCurve, }; diff --git a/ec/src/models/bw6/mod.rs b/ec/src/models/bw6/mod.rs index 3b56355db..2f263f5b2 100644 --- a/ec/src/models/bw6/mod.rs +++ b/ec/src/models/bw6/mod.rs @@ -1,5 +1,5 @@ use crate::{ - models::{ModelParameters, SWModelParameters}, + models::{short_weierstrass::SWCurveConfig, CurveConfig}, PairingEngine, }; use ark_ff::fields::{ @@ -27,10 +27,10 @@ pub trait BW6Parameters: 'static + Eq + PartialEq { type Fp: PrimeField + SquareRootField + Into<::BigInt>; type Fp3Config: Fp3Config; type Fp6Config: Fp6Config; - type G1Parameters: SWModelParameters; - type G2Parameters: SWModelParameters< + type G1Parameters: SWCurveConfig; + type G2Parameters: SWCurveConfig< BaseField = Self::Fp, - ScalarField = ::ScalarField, + ScalarField = ::ScalarField, >; } @@ -210,7 +210,7 @@ impl BW6

{ } impl PairingEngine for BW6

{ - type Fr = ::ScalarField; + type Fr = ::ScalarField; type G1Projective = G1Projective

; type G1Affine = G1Affine

; type G1Prepared = G1Prepared

; diff --git a/ec/src/models/mnt4/mod.rs b/ec/src/models/mnt4/mod.rs index 5332e73ae..c4c3ba2e6 100644 --- a/ec/src/models/mnt4/mod.rs +++ b/ec/src/models/mnt4/mod.rs @@ -1,5 +1,5 @@ use crate::{ - models::{ModelParameters, SWModelParameters}, + models::{short_weierstrass::SWCurveConfig, CurveConfig}, PairingEngine, }; use ark_ff::{ @@ -34,10 +34,10 @@ pub trait MNT4Parameters: 'static { type Fr: PrimeField + SquareRootField + Into<::BigInt>; type Fp2Config: Fp2Config; type Fp4Config: Fp4Config; - type G1Parameters: SWModelParameters; - type G2Parameters: SWModelParameters< + type G1Parameters: SWCurveConfig; + type G2Parameters: SWCurveConfig< BaseField = Fp2, - ScalarField = ::ScalarField, + ScalarField = ::ScalarField, >; } @@ -189,7 +189,7 @@ impl MNT4

{ } impl PairingEngine for MNT4

{ - type Fr = ::ScalarField; + type Fr = ::ScalarField; type G1Projective = G1Projective

; type G1Affine = G1Affine

; type G1Prepared = G1Prepared

; diff --git a/ec/src/models/mnt6/mod.rs b/ec/src/models/mnt6/mod.rs index 111957001..0e5c4b6b3 100644 --- a/ec/src/models/mnt6/mod.rs +++ b/ec/src/models/mnt6/mod.rs @@ -1,5 +1,5 @@ use crate::{ - models::{ModelParameters, SWModelParameters}, + models::{short_weierstrass::SWCurveConfig, CurveConfig}, PairingEngine, }; use ark_ff::{ @@ -34,10 +34,10 @@ pub trait MNT6Parameters: 'static { type Fr: PrimeField + SquareRootField + Into<::BigInt>; type Fp3Config: Fp3Config; type Fp6Config: Fp6Config; - type G1Parameters: SWModelParameters; - type G2Parameters: SWModelParameters< + type G1Parameters: SWCurveConfig; + type G2Parameters: SWCurveConfig< BaseField = Fp3, - ScalarField = ::ScalarField, + ScalarField = ::ScalarField, >; } @@ -195,7 +195,7 @@ impl MNT6

{ } impl PairingEngine for MNT6

{ - type Fr = ::ScalarField; + type Fr = ::ScalarField; type G1Projective = G1Projective

; type G1Affine = G1Affine

; type G1Prepared = G1Prepared

; diff --git a/ec/src/models/mod.rs b/ec/src/models/mod.rs index a9f943069..69dc8e117 100644 --- a/ec/src/models/mod.rs +++ b/ec/src/models/mod.rs @@ -1,5 +1,4 @@ -use crate::{AffineCurve, ProjectiveCurve}; -use ark_ff::{Field, PrimeField, SquareRootField, Zero}; +use ark_ff::{Field, PrimeField, SquareRootField}; pub mod bls12; pub mod bn; @@ -11,11 +10,11 @@ pub mod twisted_edwards; /// Elliptic curves can be represented via different "models" with varying /// efficiency properties. -/// `ModelParameters` bundles together the types that are common +/// `CurveConfig` bundles together the types that are common /// to all models of the given curve, namely the `BaseField` over which the /// curve is defined, and the `ScalarField` defined by the appropriate /// prime-order subgroup of the curve. -pub trait ModelParameters: Send + Sync + Sized + 'static { +pub trait CurveConfig: Send + Sync + Sized + 'static { /// Base field that the curve is defined over. type BaseField: Field + SquareRootField; /// Finite prime field corresponding to an appropriate prime-order subgroup @@ -25,193 +24,3 @@ pub trait ModelParameters: Send + Sync + Sized + 'static { const COFACTOR: &'static [u64]; const COFACTOR_INV: Self::ScalarField; } - -/// Constants and convenience functions that collectively define the [Short Weierstrass model](https://www.hyperelliptic.org/EFD/g1p/auto-shortw.html) -/// of the curve. In this model, the curve equation is `y² = x³ + a * x + b`, -/// for constants `a` and `b`. -pub trait SWModelParameters: ModelParameters { - /// Coefficient `a` of the curve equation. - const COEFF_A: Self::BaseField; - /// Coefficient `b` of the curve equation. - const COEFF_B: Self::BaseField; - /// Coefficients of the base point of the curve - const AFFINE_GENERATOR_COEFFS: (Self::BaseField, Self::BaseField); - - /// Helper method for computing `elem * Self::COEFF_A`. - /// - /// The default implementation should be overridden only if - /// the product can be computed faster than standard field multiplication - /// (eg: via doubling if `COEFF_A == 2`, or if `COEFF_A.is_zero()`). - #[inline(always)] - fn mul_by_a(elem: &Self::BaseField) -> Self::BaseField { - let mut copy = *elem; - copy *= &Self::COEFF_A; - copy - } - - /// Helper method for computing `elem + Self::COEFF_B`. - /// - /// The default implementation should be overridden only if - /// the sum can be computed faster than standard field addition (eg: via - /// doubling). - #[inline(always)] - fn add_b(elem: &Self::BaseField) -> Self::BaseField { - if !Self::COEFF_B.is_zero() { - let mut copy = *elem; - copy += &Self::COEFF_B; - return copy; - } - *elem - } - - /// Check if the provided curve point is in the prime-order subgroup. - /// - /// The default implementation multiplies `item` by the order `r` of the - /// prime-order subgroup, and checks if the result is one. - /// Implementors can choose to override this default impl - /// if the given curve has faster methods - /// for performing this check (for example, via leveraging curve - /// isomorphisms). - fn is_in_correct_subgroup_assuming_on_curve( - item: &short_weierstrass::Affine, - ) -> bool { - Self::mul_affine(item, Self::ScalarField::characteristic()).is_zero() - } - - /// Performs cofactor clearing. - /// The default method is simply to multiply by the cofactor. - /// Some curves can implement a more efficient algorithm. - fn clear_cofactor( - item: &short_weierstrass::Affine, - ) -> short_weierstrass::Affine { - item.mul_by_cofactor() - } - - /// Default implementation of group multiplication for projective - /// coordinates - fn mul_projective( - base: &short_weierstrass::Projective, - scalar: &[u64], - ) -> short_weierstrass::Projective { - let mut res = short_weierstrass::Projective::::zero(); - for b in ark_ff::BitIteratorBE::without_leading_zeros(scalar) { - res.double_in_place(); - if b { - res += base; - } - } - - res - } - - /// Default implementation of group multiplication for affine - /// coordinates. - fn mul_affine( - base: &short_weierstrass::Affine, - scalar: &[u64], - ) -> short_weierstrass::Projective { - let mut res = short_weierstrass::Projective::::zero(); - for b in ark_ff::BitIteratorBE::without_leading_zeros(scalar) { - res.double_in_place(); - if b { - res.add_assign_mixed(base) - } - } - - res - } -} - -/// Constants and convenience functions that collectively define the [Twisted Edwards model](https://www.hyperelliptic.org/EFD/g1p/auto-twisted.html) -/// of the curve. In this model, the curve equation is -/// `a * x² + y² = 1 + d * x² * y²`, for constants `a` and `d`. -pub trait TEModelParameters: ModelParameters { - /// Coefficient `a` of the curve equation. - const COEFF_A: Self::BaseField; - /// Coefficient `d` of the curve equation. - const COEFF_D: Self::BaseField; - /// Coefficients of the base point of the curve - const AFFINE_GENERATOR_COEFFS: (Self::BaseField, Self::BaseField); - - /// Model parameters for the Montgomery curve that is birationally - /// equivalent to this curve. - type MontgomeryModelParameters: MontgomeryModelParameters; - - /// Helper method for computing `elem * Self::COEFF_A`. - /// - /// The default implementation should be overridden only if - /// the product can be computed faster than standard field multiplication - /// (eg: via doubling if `COEFF_A == 2`, or if `COEFF_A.is_zero()`). - #[inline(always)] - fn mul_by_a(elem: &Self::BaseField) -> Self::BaseField { - let mut copy = *elem; - copy *= &Self::COEFF_A; - copy - } - - /// Checks that the current point is in the prime order subgroup given - /// the point on the curve. - fn is_in_correct_subgroup_assuming_on_curve( - item: &twisted_edwards::Affine, - ) -> bool { - Self::mul_affine(item, Self::ScalarField::characteristic()).is_zero() - } - - /// Performs cofactor clearing. - /// The default method is simply to multiply by the cofactor. - /// For some curve families though, it is sufficient to multiply - /// by a smaller scalar. - fn clear_cofactor( - item: &twisted_edwards::Affine, - ) -> twisted_edwards::Affine { - item.mul_by_cofactor() - } - - /// Default implementation of group multiplication for projective - /// coordinates - fn mul_projective( - base: &twisted_edwards::Projective, - scalar: &[u64], - ) -> twisted_edwards::Projective { - let mut res = twisted_edwards::Projective::::zero(); - for b in ark_ff::BitIteratorBE::without_leading_zeros(scalar) { - res.double_in_place(); - if b { - res += base; - } - } - - res - } - - /// Default implementation of group multiplication for affine - /// coordinates - fn mul_affine( - base: &twisted_edwards::Affine, - scalar: &[u64], - ) -> twisted_edwards::Projective { - let mut res = twisted_edwards::Projective::::zero(); - for b in ark_ff::BitIteratorBE::without_leading_zeros(scalar) { - res.double_in_place(); - if b { - res.add_assign_mixed(base) - } - } - - res - } -} - -/// Constants and convenience functions that collectively define the [Montgomery model](https://www.hyperelliptic.org/EFD/g1p/auto-montgom.html) -/// of the curve. In this model, the curve equation is -/// `b * y² = x³ + a * x² + x`, for constants `a` and `b`. -pub trait MontgomeryModelParameters: ModelParameters { - /// Coefficient `a` of the curve equation. - const COEFF_A: Self::BaseField; - /// Coefficient `b` of the curve equation. - const COEFF_B: Self::BaseField; - - /// Model parameters for the Twisted Edwards curve that is birationally - /// equivalent to this curve. - type TEModelParameters: TEModelParameters; -} diff --git a/ec/src/models/short_weierstrass.rs b/ec/src/models/short_weierstrass.rs index 4ee5ea2e5..a697338a4 100644 --- a/ec/src/models/short_weierstrass.rs +++ b/ec/src/models/short_weierstrass.rs @@ -15,9 +15,7 @@ use ark_ff::{ ToConstraintField, UniformRand, }; -use crate::{ - models::SWModelParameters as Parameters, msm::VariableBaseMSM, AffineCurve, ProjectiveCurve, -}; +use crate::{msm::VariableBaseMSM, AffineCurve, ProjectiveCurve}; use num_traits::{One, Zero}; use zeroize::Zeroize; @@ -30,21 +28,107 @@ use ark_std::rand::{ #[cfg(feature = "parallel")] use rayon::prelude::*; +/// Constants and convenience functions that collectively define the [Short Weierstrass model](https://www.hyperelliptic.org/EFD/g1p/auto-shortw.html) +/// of the curve. In this model, the curve equation is `y² = x³ + a * x + b`, +/// for constants `a` and `b`. +pub trait SWCurveConfig: super::CurveConfig { + /// Coefficient `a` of the curve equation. + const COEFF_A: Self::BaseField; + /// Coefficient `b` of the curve equation. + const COEFF_B: Self::BaseField; + /// Coefficients of the base point of the curve + const AFFINE_GENERATOR_COEFFS: (Self::BaseField, Self::BaseField); + + /// Helper method for computing `elem * Self::COEFF_A`. + /// + /// The default implementation should be overridden only if + /// the product can be computed faster than standard field multiplication + /// (eg: via doubling if `COEFF_A == 2`, or if `COEFF_A.is_zero()`). + #[inline(always)] + fn mul_by_a(elem: &Self::BaseField) -> Self::BaseField { + let mut copy = *elem; + copy *= &Self::COEFF_A; + copy + } + + /// Helper method for computing `elem + Self::COEFF_B`. + /// + /// The default implementation should be overridden only if + /// the sum can be computed faster than standard field addition (eg: via + /// doubling). + #[inline(always)] + fn add_b(elem: &Self::BaseField) -> Self::BaseField { + if !Self::COEFF_B.is_zero() { + let mut copy = *elem; + copy += &Self::COEFF_B; + return copy; + } + *elem + } + + /// Check if the provided curve point is in the prime-order subgroup. + /// + /// The default implementation multiplies `item` by the order `r` of the + /// prime-order subgroup, and checks if the result is one. + /// Implementors can choose to override this default impl + /// if the given curve has faster methods + /// for performing this check (for example, via leveraging curve + /// isomorphisms). + fn is_in_correct_subgroup_assuming_on_curve(item: &Affine) -> bool { + Self::mul_affine(item, Self::ScalarField::characteristic()).is_zero() + } + + /// Performs cofactor clearing. + /// The default method is simply to multiply by the cofactor. + /// Some curves can implement a more efficient algorithm. + fn clear_cofactor(item: &Affine) -> Affine { + item.mul_by_cofactor() + } + + /// Default implementation of group multiplication for projective + /// coordinates + fn mul_projective(base: &Projective, scalar: &[u64]) -> Projective { + let mut res = Projective::::zero(); + for b in ark_ff::BitIteratorBE::without_leading_zeros(scalar) { + res.double_in_place(); + if b { + res += base; + } + } + + res + } + + /// Default implementation of group multiplication for affine + /// coordinates. + fn mul_affine(base: &Affine, scalar: &[u64]) -> Projective { + let mut res = Projective::::zero(); + for b in ark_ff::BitIteratorBE::without_leading_zeros(scalar) { + res.double_in_place(); + if b { + res.add_assign_mixed(base) + } + } + + res + } +} + /// Affine coordinates for a point on an elliptic curve in short Weierstrass /// form, over the base field `P::BaseField`. #[derive(Derivative)] #[derivative( - Copy(bound = "P: Parameters"), - Clone(bound = "P: Parameters"), - PartialEq(bound = "P: Parameters"), - Eq(bound = "P: Parameters"), - Debug(bound = "P: Parameters"), - Hash(bound = "P: Parameters") + Copy(bound = "P: SWCurveConfig"), + Clone(bound = "P: SWCurveConfig"), + PartialEq(bound = "P: SWCurveConfig"), + Eq(bound = "P: SWCurveConfig"), + Debug(bound = "P: SWCurveConfig"), + Hash(bound = "P: SWCurveConfig") )] #[must_use] // DISCUSS these shouldn't be public and instead we should have functions // encapsulating the attributes -pub struct Affine { +pub struct Affine { /// X coordinate of the point represented as a field element pub x: P::BaseField, /// Y coordinate of the point represented as a field element @@ -53,19 +137,19 @@ pub struct Affine { pub infinity: bool, } -impl PartialEq> for Affine

{ +impl PartialEq> for Affine

{ fn eq(&self, other: &Projective

) -> bool { self.into_projective() == *other } } -impl PartialEq> for Projective

{ +impl PartialEq> for Projective

{ fn eq(&self, other: &Affine

) -> bool { *self == other.into_projective() } } -impl Display for Affine

{ +impl Display for Affine

{ fn fmt(&self, f: &mut Formatter<'_>) -> FmtResult { if self.infinity { write!(f, "Affine(Infinity)") @@ -75,7 +159,7 @@ impl Display for Affine

{ } } -impl Affine

{ +impl Affine

{ // DISCUSS The function shouldn't take infinity as parameter but instead accept // only `(x,y)` so we have another const function `Affine::infinity` // that takes no parameters @@ -124,7 +208,7 @@ impl Affine

{ } } -impl Affine

{ +impl Affine

{ /// Checks if `self` is in the subgroup having order that equaling that of /// `P::ScalarField`. // DISCUSS Maybe these function names are too verbose? @@ -133,7 +217,7 @@ impl Affine

{ } } -impl Zeroize for Affine

{ +impl Zeroize for Affine

{ // The phantom data does not contain element-specific data // and thus does not need to be zeroized. fn zeroize(&mut self) { @@ -143,7 +227,7 @@ impl Zeroize for Affine

{ } } -impl Zero for Affine

{ +impl Zero for Affine

{ /// Returns the point at infinity. Note that in affine coordinates, /// the point at infinity does not lie on the curve, and this is indicated /// by setting the `infinity` flag to true. @@ -159,7 +243,7 @@ impl Zero for Affine

{ } } -impl Add for Affine

{ +impl Add for Affine

{ type Output = Self; fn add(self, other: Self) -> Self { let mut copy = self; @@ -168,7 +252,7 @@ impl Add for Affine

{ } } -impl<'a, P: Parameters> AddAssign<&'a Self> for Affine

{ +impl<'a, P: SWCurveConfig> AddAssign<&'a Self> for Affine

{ fn add_assign(&mut self, other: &'a Self) { let mut s_proj = Projective::from(*self); s_proj.add_assign_mixed(other); @@ -176,7 +260,7 @@ impl<'a, P: Parameters> AddAssign<&'a Self> for Affine

{ } } -impl Distribution> for Standard { +impl Distribution> for Standard { #[inline] fn sample(&self, rng: &mut R) -> Affine

{ loop { @@ -190,8 +274,8 @@ impl Distribution> for Standard { } } -impl AffineCurve for Affine

{ - type Parameters = P; +impl AffineCurve for Affine

{ + type Config = P; type BaseField = P::BaseField; type ScalarField = P::ScalarField; type Projective = Projective

; @@ -231,7 +315,7 @@ impl AffineCurve for Affine

{ /// resulting projective element. #[must_use] fn mul_by_cofactor_to_projective(&self) -> Self::Projective { - P::mul_affine(self, Self::Parameters::COFACTOR) + P::mul_affine(self, Self::Config::COFACTOR) } /// Performs cofactor clearing. @@ -243,7 +327,7 @@ impl AffineCurve for Affine

{ } } -impl Neg for Affine

{ +impl Neg for Affine

{ type Output = Self; /// If `self.is_zero()`, returns `self` (`== Self::zero()`). @@ -258,21 +342,21 @@ impl Neg for Affine

{ } } -impl Default for Affine

{ +impl Default for Affine

{ #[inline] fn default() -> Self { Self::zero() } } -impl core::iter::Sum for Affine

{ +impl core::iter::Sum for Affine

{ fn sum>(iter: I) -> Self { iter.fold(Projective::

::zero(), |sum, x| sum.add_mixed(&x)) .into() } } -impl<'a, P: Parameters> core::iter::Sum<&'a Self> for Affine

{ +impl<'a, P: SWCurveConfig> core::iter::Sum<&'a Self> for Affine

{ fn sum>(iter: I) -> Self { iter.fold(Projective::

::zero(), |sum, x| sum.add_mixed(x)) .into() @@ -284,12 +368,12 @@ impl<'a, P: Parameters> core::iter::Sum<&'a Self> for Affine

{ /// via the Jacobian formulae #[derive(Derivative)] #[derivative( - Copy(bound = "P: Parameters"), - Clone(bound = "P: Parameters"), - Debug(bound = "P: Parameters") + Copy(bound = "P: SWCurveConfig"), + Clone(bound = "P: SWCurveConfig"), + Debug(bound = "P: SWCurveConfig") )] #[must_use] -pub struct Projective { +pub struct Projective { /// `X / Z` projection of the affine `X` pub x: P::BaseField, /// `Y / Z` projection of the affine `Y` @@ -298,14 +382,14 @@ pub struct Projective { pub z: P::BaseField, } -impl Display for Projective

{ +impl Display for Projective

{ fn fmt(&self, f: &mut Formatter<'_>) -> FmtResult { write!(f, "{}", Affine::from(*self)) } } -impl Eq for Projective

{} -impl PartialEq for Projective

{ +impl Eq for Projective

{} +impl PartialEq for Projective

{ fn eq(&self, other: &Self) -> bool { if self.is_zero() { return other.is_zero(); @@ -329,13 +413,13 @@ impl PartialEq for Projective

{ } } -impl Hash for Projective

{ +impl Hash for Projective

{ fn hash(&self, state: &mut H) { self.into_affine().hash(state) } } -impl Distribution> for Standard { +impl Distribution> for Standard { #[inline] fn sample(&self, rng: &mut R) -> Projective

{ loop { @@ -349,20 +433,20 @@ impl Distribution> for Standard { } } -impl Default for Projective

{ +impl Default for Projective

{ #[inline] fn default() -> Self { Self::zero() } } -impl Projective

{ +impl Projective

{ pub fn new(x: P::BaseField, y: P::BaseField, z: P::BaseField) -> Self { Self { x, y, z } } } -impl Zeroize for Projective

{ +impl Zeroize for Projective

{ fn zeroize(&mut self) { self.x.zeroize(); self.y.zeroize(); @@ -370,7 +454,7 @@ impl Zeroize for Projective

{ } } -impl Zero for Projective

{ +impl Zero for Projective

{ /// Returns the point at infinity, which always has Z = 0. #[inline] fn zero() -> Self { @@ -388,8 +472,8 @@ impl Zero for Projective

{ } } -impl ProjectiveCurve for Projective

{ - type Parameters = P; +impl ProjectiveCurve for Projective

{ + type Config = P; type BaseField = P::BaseField; type ScalarField = P::ScalarField; type Affine = Affine

; @@ -582,7 +666,7 @@ impl ProjectiveCurve for Projective

{ } } -impl Neg for Projective

{ +impl Neg for Projective

{ type Output = Self; #[inline] @@ -595,9 +679,9 @@ impl Neg for Projective

{ } } -ark_ff::impl_additive_ops_from_ref!(Projective, Parameters); +ark_ff::impl_additive_ops_from_ref!(Projective, SWCurveConfig); -impl<'a, P: Parameters> Add<&'a Self> for Projective

{ +impl<'a, P: SWCurveConfig> Add<&'a Self> for Projective

{ type Output = Self; #[inline] @@ -607,7 +691,7 @@ impl<'a, P: Parameters> Add<&'a Self> for Projective

{ } } -impl<'a, P: Parameters> AddAssign<&'a Self> for Projective

{ +impl<'a, P: SWCurveConfig> AddAssign<&'a Self> for Projective

{ fn add_assign(&mut self, other: &'a Self) { if self.is_zero() { *self = *other; @@ -672,7 +756,7 @@ impl<'a, P: Parameters> AddAssign<&'a Self> for Projective

{ } } -impl<'a, P: Parameters> Sub<&'a Self> for Projective

{ +impl<'a, P: SWCurveConfig> Sub<&'a Self> for Projective

{ type Output = Self; #[inline] @@ -682,13 +766,13 @@ impl<'a, P: Parameters> Sub<&'a Self> for Projective

{ } } -impl<'a, P: Parameters> SubAssign<&'a Self> for Projective

{ +impl<'a, P: SWCurveConfig> SubAssign<&'a Self> for Projective

{ fn sub_assign(&mut self, other: &'a Self) { *self += &(-(*other)); } } -impl MulAssign for Projective

{ +impl MulAssign for Projective

{ fn mul_assign(&mut self, other: P::ScalarField) { *self = self.mul(other.into_bigint()) } @@ -696,7 +780,7 @@ impl MulAssign for Projective

{ // The affine point X, Y is represented in the Jacobian // coordinates with Z = 1. -impl From> for Projective

{ +impl From> for Projective

{ #[inline] fn from(p: Affine

) -> Projective

{ if p.is_zero() { @@ -709,7 +793,7 @@ impl From> for Projective

{ // The projective point X, Y, Z is represented in the affine // coordinates as X/Z^2, Y/Z^3. -impl From> for Affine

{ +impl From> for Affine

{ #[inline] fn from(p: Projective

) -> Affine

{ if p.is_zero() { @@ -733,7 +817,7 @@ impl From> for Affine

{ } } -impl CanonicalSerialize for Affine

{ +impl CanonicalSerialize for Affine

{ #[allow(unused_qualifications)] #[inline] fn serialize(&self, writer: W) -> Result<(), SerializationError> { @@ -771,7 +855,7 @@ impl CanonicalSerialize for Affine

{ } } -impl CanonicalSerialize for Projective

{ +impl CanonicalSerialize for Projective

{ #[allow(unused_qualifications)] #[inline] fn serialize(&self, writer: W) -> Result<(), SerializationError> { @@ -799,7 +883,7 @@ impl CanonicalSerialize for Projective

{ } } -impl CanonicalDeserialize for Affine

{ +impl CanonicalDeserialize for Affine

{ #[allow(unused_qualifications)] fn deserialize(reader: R) -> Result { let (x, flags): (P::BaseField, SWFlags) = @@ -838,7 +922,7 @@ impl CanonicalDeserialize for Affine

{ } } -impl CanonicalDeserialize for Projective

{ +impl CanonicalDeserialize for Projective

{ #[allow(unused_qualifications)] fn deserialize(reader: R) -> Result { let aff = Affine::

::deserialize(reader)?; @@ -858,7 +942,7 @@ impl CanonicalDeserialize for Projective

{ } } -impl ToConstraintField for Affine +impl ToConstraintField for Affine where M::BaseField: ToConstraintField, { @@ -873,7 +957,7 @@ where } } -impl ToConstraintField for Projective +impl ToConstraintField for Projective where M::BaseField: ToConstraintField, { @@ -883,7 +967,7 @@ where } } -impl VariableBaseMSM for Projective

{ +impl VariableBaseMSM for Projective

{ type MSMBase = Affine

; type Scalar = ::ScalarField; diff --git a/ec/src/models/twisted_edwards.rs b/ec/src/models/twisted_edwards.rs index c7134d30f..26e271fa8 100644 --- a/ec/src/models/twisted_edwards.rs +++ b/ec/src/models/twisted_edwards.rs @@ -1,8 +1,4 @@ -use crate::{ - models::{MontgomeryModelParameters as MontgomeryParameters, TEModelParameters as Parameters}, - msm::VariableBaseMSM, - AffineCurve, ProjectiveCurve, -}; +use crate::{msm::VariableBaseMSM, AffineCurve, ProjectiveCurve}; use ark_serialize::{ CanonicalDeserialize, CanonicalDeserializeWithFlags, CanonicalSerialize, CanonicalSerializeWithFlags, EdwardsFlags, SerializationError, @@ -29,32 +25,116 @@ use ark_ff::{ #[cfg(feature = "parallel")] use rayon::prelude::*; +/// Constants and convenience functions that collectively define the [Twisted Edwards model](https://www.hyperelliptic.org/EFD/g1p/auto-twisted.html) +/// of the curve. In this model, the curve equation is +/// `a * x² + y² = 1 + d * x² * y²`, for constants `a` and `d`. +pub trait TECurveConfig: super::CurveConfig { + /// Coefficient `a` of the curve equation. + const COEFF_A: Self::BaseField; + /// Coefficient `d` of the curve equation. + const COEFF_D: Self::BaseField; + /// Coefficients of the base point of the curve + const AFFINE_GENERATOR_COEFFS: (Self::BaseField, Self::BaseField); + + /// Model parameters for the Montgomery curve that is birationally + /// equivalent to this curve. + type MontCurveConfig: MontCurveConfig; + + /// Helper method for computing `elem * Self::COEFF_A`. + /// + /// The default implementation should be overridden only if + /// the product can be computed faster than standard field multiplication + /// (eg: via doubling if `COEFF_A == 2`, or if `COEFF_A.is_zero()`). + #[inline(always)] + fn mul_by_a(elem: &Self::BaseField) -> Self::BaseField { + let mut copy = *elem; + copy *= &Self::COEFF_A; + copy + } + + /// Checks that the current point is in the prime order subgroup given + /// the point on the curve. + fn is_in_correct_subgroup_assuming_on_curve(item: &Affine) -> bool { + Self::mul_affine(item, Self::ScalarField::characteristic()).is_zero() + } + + /// Performs cofactor clearing. + /// The default method is simply to multiply by the cofactor. + /// For some curve families though, it is sufficient to multiply + /// by a smaller scalar. + fn clear_cofactor(item: &Affine) -> Affine { + item.mul_by_cofactor() + } + + /// Default implementation of group multiplication for projective + /// coordinates + fn mul_projective(base: &Projective, scalar: &[u64]) -> Projective { + let mut res = Projective::::zero(); + for b in ark_ff::BitIteratorBE::without_leading_zeros(scalar) { + res.double_in_place(); + if b { + res += base; + } + } + + res + } + + /// Default implementation of group multiplication for affine + /// coordinates + fn mul_affine(base: &Affine, scalar: &[u64]) -> Projective { + let mut res = Projective::::zero(); + for b in ark_ff::BitIteratorBE::without_leading_zeros(scalar) { + res.double_in_place(); + if b { + res.add_assign_mixed(base) + } + } + + res + } +} + +/// Constants and convenience functions that collectively define the [Montgomery model](https://www.hyperelliptic.org/EFD/g1p/auto-montgom.html) +/// of the curve. In this model, the curve equation is +/// `b * y² = x³ + a * x² + x`, for constants `a` and `b`. +pub trait MontCurveConfig: super::CurveConfig { + /// Coefficient `a` of the curve equation. + const COEFF_A: Self::BaseField; + /// Coefficient `b` of the curve equation. + const COEFF_B: Self::BaseField; + + /// Model parameters for the Twisted Edwards curve that is birationally + /// equivalent to this curve. + type TECurveConfig: TECurveConfig; +} + /// Affine coordinates for a point on a twisted Edwards curve, over the /// base field `P::BaseField`. #[derive(Derivative)] #[derivative( - Copy(bound = "P: Parameters"), - Clone(bound = "P: Parameters"), - PartialEq(bound = "P: Parameters"), - Eq(bound = "P: Parameters"), - Debug(bound = "P: Parameters"), - Hash(bound = "P: Parameters") + Copy(bound = "P: TECurveConfig"), + Clone(bound = "P: TECurveConfig"), + PartialEq(bound = "P: TECurveConfig"), + Eq(bound = "P: TECurveConfig"), + Debug(bound = "P: TECurveConfig"), + Hash(bound = "P: TECurveConfig") )] #[must_use] -pub struct Affine { +pub struct Affine { /// X coordinate of the point represented as a field element pub x: P::BaseField, /// Y coordinate of the point represented as a field element pub y: P::BaseField, } -impl Display for Affine

{ +impl Display for Affine

{ fn fmt(&self, f: &mut Formatter<'_>) -> FmtResult { write!(f, "Affine(x={}, y={})", self.x, self.y) } } -impl Affine

{ +impl Affine

{ pub fn new(x: P::BaseField, y: P::BaseField) -> Self { Self { x, y } } @@ -99,7 +179,7 @@ impl Affine

{ } } -impl Affine

{ +impl Affine

{ /// Checks if `self` is in the subgroup having order equaling that of /// `P::ScalarField` given it is on the curve. pub fn is_in_correct_subgroup_assuming_on_curve(&self) -> bool { @@ -107,7 +187,7 @@ impl Affine

{ } } -impl Zero for Affine

{ +impl Zero for Affine

{ fn zero() -> Self { Self::new(P::BaseField::zero(), P::BaseField::one()) } @@ -117,8 +197,8 @@ impl Zero for Affine

{ } } -impl AffineCurve for Affine

{ - type Parameters = P; +impl AffineCurve for Affine

{ + type Config = P; type BaseField = P::BaseField; type ScalarField = P::ScalarField; type Projective = Projective

; @@ -150,7 +230,7 @@ impl AffineCurve for Affine

{ /// resulting projective element. #[must_use] fn mul_by_cofactor_to_projective(&self) -> Self::Projective { - P::mul_affine(self, Self::Parameters::COFACTOR) + P::mul_affine(self, Self::Config::COFACTOR) } /// Performs cofactor clearing. @@ -162,7 +242,7 @@ impl AffineCurve for Affine

{ } } -impl Zeroize for Affine

{ +impl Zeroize for Affine

{ // The phantom data does not contain element-specific data // and thus does not need to be zeroized. fn zeroize(&mut self) { @@ -171,7 +251,7 @@ impl Zeroize for Affine

{ } } -impl Neg for Affine

{ +impl Neg for Affine

{ type Output = Self; fn neg(self) -> Self { @@ -179,9 +259,9 @@ impl Neg for Affine

{ } } -ark_ff::impl_additive_ops_from_ref!(Affine, Parameters); +ark_ff::impl_additive_ops_from_ref!(Affine, TECurveConfig); -impl<'a, P: Parameters> Add<&'a Self> for Affine

{ +impl<'a, P: TECurveConfig> Add<&'a Self> for Affine

{ type Output = Self; fn add(self, other: &'a Self) -> Self { let mut copy = self; @@ -190,7 +270,7 @@ impl<'a, P: Parameters> Add<&'a Self> for Affine

{ } } -impl<'a, P: Parameters> AddAssign<&'a Self> for Affine

{ +impl<'a, P: TECurveConfig> AddAssign<&'a Self> for Affine

{ fn add_assign(&mut self, other: &'a Self) { let y1y2 = self.y * &other.y; let x1x2 = self.x * &other.x; @@ -207,7 +287,7 @@ impl<'a, P: Parameters> AddAssign<&'a Self> for Affine

{ } } -impl<'a, P: Parameters> Sub<&'a Self> for Affine

{ +impl<'a, P: TECurveConfig> Sub<&'a Self> for Affine

{ type Output = Self; fn sub(self, other: &'a Self) -> Self { let mut copy = self; @@ -216,26 +296,26 @@ impl<'a, P: Parameters> Sub<&'a Self> for Affine

{ } } -impl<'a, P: Parameters> SubAssign<&'a Self> for Affine

{ +impl<'a, P: TECurveConfig> SubAssign<&'a Self> for Affine

{ fn sub_assign(&mut self, other: &'a Self) { *self += &(-(*other)); } } -impl MulAssign for Affine

{ +impl MulAssign for Affine

{ fn mul_assign(&mut self, other: P::ScalarField) { *self = self.mul(other.into_bigint()).into() } } -impl Default for Affine

{ +impl Default for Affine

{ #[inline] fn default() -> Self { Self::zero() } } -impl Distribution> for Standard { +impl Distribution> for Standard { #[inline] fn sample(&self, rng: &mut R) -> Affine

{ loop { @@ -253,7 +333,7 @@ mod group_impl { use super::*; use crate::group::Group; - impl Group for Affine

{ + impl Group for Affine

{ type ScalarField = P::ScalarField; #[inline] @@ -282,38 +362,38 @@ mod group_impl { /// Section 3.1). #[derive(Derivative)] #[derivative( - Copy(bound = "P: Parameters"), - Clone(bound = "P: Parameters"), - Eq(bound = "P: Parameters"), - Debug(bound = "P: Parameters") + Copy(bound = "P: TECurveConfig"), + Clone(bound = "P: TECurveConfig"), + Eq(bound = "P: TECurveConfig"), + Debug(bound = "P: TECurveConfig") )] #[must_use] -pub struct Projective { +pub struct Projective { pub x: P::BaseField, pub y: P::BaseField, pub t: P::BaseField, pub z: P::BaseField, } -impl PartialEq> for Affine

{ +impl PartialEq> for Affine

{ fn eq(&self, other: &Projective

) -> bool { self.into_projective() == *other } } -impl PartialEq> for Projective

{ +impl PartialEq> for Projective

{ fn eq(&self, other: &Affine

) -> bool { *self == other.into_projective() } } -impl Display for Projective

{ +impl Display for Projective

{ fn fmt(&self, f: &mut Formatter<'_>) -> FmtResult { write!(f, "{}", Affine::from(*self)) } } -impl PartialEq for Projective

{ +impl PartialEq for Projective

{ fn eq(&self, other: &Self) -> bool { if self.is_zero() { return other.is_zero(); @@ -328,13 +408,13 @@ impl PartialEq for Projective

{ } } -impl Hash for Projective

{ +impl Hash for Projective

{ fn hash(&self, state: &mut H) { self.into_affine().hash(state) } } -impl Distribution> for Standard { +impl Distribution> for Standard { #[inline] fn sample(&self, rng: &mut R) -> Projective

{ loop { @@ -348,19 +428,19 @@ impl Distribution> for Standard { } } -impl Default for Projective

{ +impl Default for Projective

{ #[inline] fn default() -> Self { Self::zero() } } -impl Projective

{ +impl Projective

{ pub fn new(x: P::BaseField, y: P::BaseField, t: P::BaseField, z: P::BaseField) -> Self { Self { x, y, t, z } } } -impl Zeroize for Projective

{ +impl Zeroize for Projective

{ // The phantom data does not contain element-specific data // and thus does not need to be zeroized. fn zeroize(&mut self) { @@ -371,7 +451,7 @@ impl Zeroize for Projective

{ } } -impl Zero for Projective

{ +impl Zero for Projective

{ fn zero() -> Self { Self::new( P::BaseField::zero(), @@ -386,8 +466,8 @@ impl Zero for Projective

{ } } -impl ProjectiveCurve for Projective

{ - type Parameters = P; +impl ProjectiveCurve for Projective

{ + type Config = P; type BaseField = P::BaseField; type ScalarField = P::ScalarField; type Affine = Affine

; @@ -495,7 +575,7 @@ impl ProjectiveCurve for Projective

{ } } -impl Neg for Projective

{ +impl Neg for Projective

{ type Output = Self; fn neg(mut self) -> Self { self.x = -self.x; @@ -504,9 +584,9 @@ impl Neg for Projective

{ } } -ark_ff::impl_additive_ops_from_ref!(Projective, Parameters); +ark_ff::impl_additive_ops_from_ref!(Projective, TECurveConfig); -impl<'a, P: Parameters> Add<&'a Self> for Projective

{ +impl<'a, P: TECurveConfig> Add<&'a Self> for Projective

{ type Output = Self; fn add(mut self, other: &'a Self) -> Self { self += other; @@ -514,7 +594,7 @@ impl<'a, P: Parameters> Add<&'a Self> for Projective

{ } } -impl<'a, P: Parameters> AddAssign<&'a Self> for Projective

{ +impl<'a, P: TECurveConfig> AddAssign<&'a Self> for Projective

{ fn add_assign(&mut self, other: &'a Self) { // See "Twisted Edwards Curves Revisited" (https://eprint.iacr.org/2008/522.pdf) // by Huseyin Hisil, Kenneth Koon-Ho Wong, Gary Carter, and Ed Dawson @@ -558,7 +638,7 @@ impl<'a, P: Parameters> AddAssign<&'a Self> for Projective

{ } } -impl<'a, P: Parameters> Sub<&'a Self> for Projective

{ +impl<'a, P: TECurveConfig> Sub<&'a Self> for Projective

{ type Output = Self; fn sub(mut self, other: &'a Self) -> Self { self -= other; @@ -566,13 +646,13 @@ impl<'a, P: Parameters> Sub<&'a Self> for Projective

{ } } -impl<'a, P: Parameters> SubAssign<&'a Self> for Projective

{ +impl<'a, P: TECurveConfig> SubAssign<&'a Self> for Projective

{ fn sub_assign(&mut self, other: &'a Self) { *self += &(-(*other)); } } -impl MulAssign for Projective

{ +impl MulAssign for Projective

{ fn mul_assign(&mut self, other: P::ScalarField) { *self = self.mul(other.into_bigint()) } @@ -580,7 +660,7 @@ impl MulAssign for Projective

{ // The affine point (X, Y) is represented in the Extended Projective coordinates // with Z = 1. -impl From> for Projective

{ +impl From> for Projective

{ fn from(p: Affine

) -> Projective

{ Self::new(p.x, p.y, p.x * &p.y, P::BaseField::one()) } @@ -588,7 +668,7 @@ impl From> for Projective

{ // The projective point X, Y, T, Z is represented in the affine // coordinates as X/Z, Y/Z. -impl From> for Affine

{ +impl From> for Affine

{ fn from(p: Projective

) -> Affine

{ if p.is_zero() { Affine::zero() @@ -605,7 +685,7 @@ impl From> for Affine

{ } } -impl core::str::FromStr for Affine

+impl core::str::FromStr for Affine

where P::BaseField: core::str::FromStr, { @@ -643,31 +723,31 @@ where #[derive(Derivative)] #[derivative( - Copy(bound = "P: MontgomeryParameters"), - Clone(bound = "P: MontgomeryParameters"), - PartialEq(bound = "P: MontgomeryParameters"), - Eq(bound = "P: MontgomeryParameters"), - Debug(bound = "P: MontgomeryParameters"), - Hash(bound = "P: MontgomeryParameters") + Copy(bound = "P: MontCurveConfig"), + Clone(bound = "P: MontCurveConfig"), + PartialEq(bound = "P: MontCurveConfig"), + Eq(bound = "P: MontCurveConfig"), + Debug(bound = "P: MontCurveConfig"), + Hash(bound = "P: MontCurveConfig") )] -pub struct MontgomeryAffine { +pub struct MontgomeryAffine { pub x: P::BaseField, pub y: P::BaseField, } -impl Display for MontgomeryAffine

{ +impl Display for MontgomeryAffine

{ fn fmt(&self, f: &mut Formatter<'_>) -> FmtResult { write!(f, "MontgomeryAffine(x={}, y={})", self.x, self.y) } } -impl MontgomeryAffine

{ +impl MontgomeryAffine

{ pub fn new(x: P::BaseField, y: P::BaseField) -> Self { Self { x, y } } } -impl CanonicalSerialize for Affine

{ +impl CanonicalSerialize for Affine

{ #[allow(unused_qualifications)] #[inline] fn serialize(&self, writer: W) -> Result<(), SerializationError> { @@ -701,7 +781,7 @@ impl CanonicalSerialize for Affine

{ } } -impl CanonicalSerialize for Projective

{ +impl CanonicalSerialize for Projective

{ #[allow(unused_qualifications)] #[inline] fn serialize(&self, writer: W) -> Result<(), SerializationError> { @@ -729,7 +809,7 @@ impl CanonicalSerialize for Projective

{ } } -impl CanonicalDeserialize for Affine

{ +impl CanonicalDeserialize for Affine

{ #[allow(unused_qualifications)] fn deserialize(mut reader: R) -> Result { let (y, flags): (P::BaseField, EdwardsFlags) = @@ -766,7 +846,7 @@ impl CanonicalDeserialize for Affine

{ } } -impl CanonicalDeserialize for Projective

{ +impl CanonicalDeserialize for Projective

{ #[allow(unused_qualifications)] fn deserialize(reader: R) -> Result { let aff = Affine::

::deserialize(reader)?; @@ -786,7 +866,7 @@ impl CanonicalDeserialize for Projective

{ } } -impl ToConstraintField for Affine +impl ToConstraintField for Affine where M::BaseField: ToConstraintField, { @@ -799,7 +879,7 @@ where } } -impl ToConstraintField for Projective +impl ToConstraintField for Projective where M::BaseField: ToConstraintField, { @@ -813,7 +893,7 @@ where // the methods that are needed for backwards compatibility with the old // serialization format // See Issue #330 -impl Affine

{ +impl Affine

{ /// Attempts to construct an affine point given an x-coordinate. The /// point is not guaranteed to be in the prime order subgroup. /// @@ -896,7 +976,7 @@ impl Affine

{ } } } -impl Projective

{ +impl Projective

{ /// This method is implemented for backwards compatibility with the old /// serialization format and will be deprecated and then removed in a /// future version. @@ -935,7 +1015,7 @@ impl Projective

{ } } -impl VariableBaseMSM for Projective

{ +impl VariableBaseMSM for Projective

{ type MSMBase = Affine

; type Scalar = ::ScalarField; diff --git a/test-curves/src/bls12_381/g1.rs b/test-curves/src/bls12_381/g1.rs index a625fefb5..2a1df17bb 100644 --- a/test-curves/src/bls12_381/g1.rs +++ b/test-curves/src/bls12_381/g1.rs @@ -1,7 +1,7 @@ use crate::bls12_381::*; use ark_ec::{ - models::{ModelParameters, SWModelParameters}, - short_weierstrass::*, + models::CurveConfig, + short_weierstrass::{self, *}, }; use ark_ff::{MontFp, Zero}; @@ -11,7 +11,7 @@ pub type G1Projective = Projective; #[derive(Clone, Default, PartialEq, Eq)] pub struct Parameters; -impl ModelParameters for Parameters { +impl CurveConfig for Parameters { type BaseField = Fq; type ScalarField = Fr; @@ -24,7 +24,7 @@ impl ModelParameters for Parameters { const COFACTOR_INV: Fr = MontFp!(Fr, "52435875175126190458656871551744051925719901746859129887267498875565241663483"); } -impl SWModelParameters for Parameters { +impl short_weierstrass::SWCurveConfig for Parameters { /// COEFF_A = 0 const COEFF_A: Fq = MontFp!(Fq, "0"); diff --git a/test-curves/src/bls12_381/g2.rs b/test-curves/src/bls12_381/g2.rs index 3195b56c3..7d6484b62 100644 --- a/test-curves/src/bls12_381/g2.rs +++ b/test-curves/src/bls12_381/g2.rs @@ -1,8 +1,8 @@ use crate::bls12_381::*; use ark_ec::{ bls12, - models::{ModelParameters, SWModelParameters}, - short_weierstrass::Affine, + models::CurveConfig, + short_weierstrass::{self, Affine}, AffineCurve, }; use ark_ff::{BigInt, Field, MontFp, QuadExt, Zero}; @@ -13,7 +13,7 @@ pub type G2Projective = bls12::G2Projective; #[derive(Clone, Default, PartialEq, Eq)] pub struct Parameters; -impl ModelParameters for Parameters { +impl CurveConfig for Parameters { type BaseField = Fq2; type ScalarField = Fr; @@ -41,7 +41,7 @@ impl ModelParameters for Parameters { ); } -impl SWModelParameters for Parameters { +impl short_weierstrass::SWCurveConfig for Parameters { /// COEFF_A = [0, 0] const COEFF_A: Fq2 = QuadExt!(g1::Parameters::COEFF_A, g1::Parameters::COEFF_A,); diff --git a/test-curves/src/bls12_381/tests.rs b/test-curves/src/bls12_381/tests.rs index 7defdd9ef..e74aad32c 100644 --- a/test-curves/src/bls12_381/tests.rs +++ b/test-curves/src/bls12_381/tests.rs @@ -1,5 +1,7 @@ #![allow(unused_imports)] -use ark_ec::{models::SWModelParameters, AffineCurve, PairingEngine, ProjectiveCurve}; +use ark_ec::{ + models::short_weierstrass::SWCurveConfig, AffineCurve, PairingEngine, ProjectiveCurve, +}; use ark_ff::{Field, One, SquareRootField, UniformRand, Zero}; use crate::bls12_381::{g1, Fq, Fq2, Fq6, FqConfig, Fr, FrConfig, G1Affine, G1Projective}; diff --git a/test-curves/src/bn384_small_two_adicity/g1.rs b/test-curves/src/bn384_small_two_adicity/g1.rs index 5facbfbaa..8223b1992 100644 --- a/test-curves/src/bn384_small_two_adicity/g1.rs +++ b/test-curves/src/bn384_small_two_adicity/g1.rs @@ -1,6 +1,6 @@ use ark_ec::{ - models::{ModelParameters, SWModelParameters}, - short_weierstrass::*, + models::CurveConfig, + short_weierstrass::{self, *}, }; use ark_ff::Zero; @@ -12,7 +12,7 @@ pub type G1Projective = Projective; #[derive(Clone, Default, PartialEq, Eq)] pub struct Parameters; -impl ModelParameters for Parameters { +impl CurveConfig for Parameters { type BaseField = Fq; type ScalarField = Fr; @@ -23,7 +23,7 @@ impl ModelParameters for Parameters { const COFACTOR_INV: Fr = FR_ONE; } -impl SWModelParameters for Parameters { +impl short_weierstrass::SWCurveConfig for Parameters { /// COEFF_A = 0 const COEFF_A: Fq = ark_ff::MontFp!(Fq, "0"); diff --git a/test-curves/src/bn384_small_two_adicity/tests.rs b/test-curves/src/bn384_small_two_adicity/tests.rs index 661857977..8cb1b84c1 100644 --- a/test-curves/src/bn384_small_two_adicity/tests.rs +++ b/test-curves/src/bn384_small_two_adicity/tests.rs @@ -1,5 +1,7 @@ #![allow(unused_imports)] -use ark_ec::{models::SWModelParameters, AffineCurve, PairingEngine, ProjectiveCurve}; +use ark_ec::{ + models::short_weierstrass::SWCurveConfig, AffineCurve, PairingEngine, ProjectiveCurve, +}; use ark_ff::{Field, One, SquareRootField, UniformRand, Zero}; use ark_std::{rand::Rng, test_rng}; diff --git a/test-curves/src/mnt4_753/g1.rs b/test-curves/src/mnt4_753/g1.rs index 99e62b781..0955fea53 100644 --- a/test-curves/src/mnt4_753/g1.rs +++ b/test-curves/src/mnt4_753/g1.rs @@ -1,6 +1,6 @@ use ark_ec::{ - models::{ModelParameters, SWModelParameters}, - short_weierstrass::*, + models::CurveConfig, + short_weierstrass::{self, *}, }; use ark_ff::MontFp; @@ -12,7 +12,7 @@ pub type G1Projective = Projective; #[derive(Clone, Default, PartialEq, Eq)] pub struct Parameters; -impl ModelParameters for Parameters { +impl CurveConfig for Parameters { type BaseField = Fq; type ScalarField = Fr; @@ -24,7 +24,7 @@ impl ModelParameters for Parameters { const COFACTOR_INV: Fr = FR_ONE; } -impl SWModelParameters for Parameters { +impl short_weierstrass::SWCurveConfig for Parameters { /// COEFF_A = 2 #[rustfmt::skip] const COEFF_A: Fq = MontFp!(Fq, "2"); diff --git a/test-templates/src/curves.rs b/test-templates/src/curves.rs index fb42874d5..8535b25c4 100644 --- a/test-templates/src/curves.rs +++ b/test-templates/src/curves.rs @@ -1,8 +1,9 @@ #![allow(unused)] use ark_ec::{ - short_weierstrass::Affine, twisted_edwards::Projective, - wnaf::WnafContext, AffineCurve, MontgomeryModelParameters, ProjectiveCurve, SWModelParameters, - TEModelParameters, + short_weierstrass::{Affine, SWCurveConfig}, + twisted_edwards::{MontCurveConfig, Projective, TECurveConfig}, + wnaf::WnafContext, + AffineCurve, ProjectiveCurve, }; use ark_ff::{Field, One, PrimeField, UniformRand, Zero}; use ark_serialize::{CanonicalDeserialize, CanonicalSerialize, SWFlags, SerializationError}; @@ -299,14 +300,14 @@ pub fn curve_tests() { random_transformation_test::(); } -pub fn sw_tests() { +pub fn sw_tests() { sw_curve_serialization_test::

(); sw_from_random_bytes::

(); sw_affine_sum_test::

(); sw_cofactor_clearing_test::

(); } -pub fn sw_from_random_bytes() { +pub fn sw_from_random_bytes() { use ark_ec::models::short_weierstrass::{Affine, Projective}; let buf_size = Affine::

::zero().serialized_size(); @@ -329,7 +330,7 @@ pub fn sw_from_random_bytes() { } } -pub fn sw_curve_serialization_test() { +pub fn sw_curve_serialization_test() { use ark_ec::models::short_weierstrass::{Affine, Projective}; let buf_size = Affine::

::zero().serialized_size(); @@ -414,7 +415,7 @@ pub fn sw_curve_serialization_test() { } } -pub fn sw_affine_sum_test() { +pub fn sw_affine_sum_test() { use ark_ec::models::short_weierstrass::{Affine, Projective}; let mut rng = ark_std::test_rng(); @@ -435,7 +436,7 @@ pub fn sw_affine_sum_test() { } } -fn sw_cofactor_clearing_test() { +fn sw_cofactor_clearing_test() { let mut rng = ark_std::test_rng(); for _ in 0..ITERATIONS { @@ -447,7 +448,7 @@ fn sw_cofactor_clearing_test() { pub fn montgomery_conversion_test

() where - P: TEModelParameters, + P: TECurveConfig, { // A = 2 * (a + d) / (a - d) let a = P::BaseField::one().double() @@ -456,11 +457,11 @@ where // B = 4 / (a - d) let b = P::BaseField::one().double().double() * &(P::COEFF_A - &P::COEFF_D).inverse().unwrap(); - assert_eq!(a, P::MontgomeryModelParameters::COEFF_A); - assert_eq!(b, P::MontgomeryModelParameters::COEFF_B); + assert_eq!(a, P::MontCurveConfig::COEFF_A); + assert_eq!(b, P::MontCurveConfig::COEFF_B); } -pub fn edwards_tests() +pub fn edwards_tests() where P::BaseField: PrimeField, { @@ -469,7 +470,7 @@ where edwards_cofactor_clearing_test::

(); } -pub fn edwards_from_random_bytes() +pub fn edwards_from_random_bytes() where P::BaseField: PrimeField, { @@ -513,7 +514,7 @@ where } } -pub fn edwards_curve_serialization_test() { +pub fn edwards_curve_serialization_test() { use ark_ec::models::twisted_edwards::{Affine, Projective}; let buf_size = Affine::

::zero().serialized_size(); @@ -578,7 +579,7 @@ pub fn edwards_curve_serialization_test() { } } -fn edwards_cofactor_clearing_test() { +fn edwards_cofactor_clearing_test() { let mut rng = ark_std::test_rng(); for _ in 0..ITERATIONS { From cd287826802c82aac5cbd5e940fcb005c6945624 Mon Sep 17 00:00:00 2001 From: Pratyush Mishra Date: Thu, 7 Jul 2022 11:48:22 -0700 Subject: [PATCH 3/4] Update CHANGELOG --- CHANGELOG.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index d69988060..c20839f77 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -35,6 +35,15 @@ - [\#412](https://github.com/arkworks-rs/algebra/pull/412) (`ark-poly`) Rename UV/MVPolynomial to DenseUV/MVPolynomial. - [\#417](https://github.com/arkworks-rs/algebra/pull/417) (`ark-ff`) Remove `ToBytes` and `FromBytes`. - [\#425](https://github.com/arkworks-rs/algebra/pull/425) (`ark-ec`) Refactor `VariableBase` struct to `VariableBaseMSM` trait and implement it for `GroupProjective`. +- [\#438](https://github.com/arkworks-rs/algebra/pull/438) (`ark-ec`) Rename modules, structs, and traits related to `ec`. + - `short_weierstrass_jacobian` → `short_weierstrass` + - `twisted_edwards_extend` → `twisted_edwards` + - `GroupAffine` → `Affine` + - `GroupProjective` → `Projective` + - `ModelParameters` → `CurveConfig` + - `SWModelParameters` → `SWCurveConfig` + - `TEModelParameters` → `TECurveConfig` + - `MontgomeryModelParameters` → `MontCurveConfig` ### Features From e3b4542775b2d232797257dc4045285aaffddedc Mon Sep 17 00:00:00 2001 From: Pratyush Mishra Date: Fri, 8 Jul 2022 11:01:45 -0700 Subject: [PATCH 4/4] Fix readme path --- ec/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ec/README.md b/ec/README.md index e8d6a116d..921fd0368 100644 --- a/ec/README.md +++ b/ec/README.md @@ -20,4 +20,4 @@ The available elliptic curve traits are: The elliptic curve models implemented are: * [*Short Weierstrass*](https://github.com/arkworks-rs/algebra/blob/master/ec/src/models/short_weierstrass.rs) curves. The `AffineCurve` in this case is in typical Short Weierstrass point representation, and the `ProjectiveCurve` is using points in [Jacobian Coordinates](https://en.wikibooks.org/wiki/Cryptography/Prime_Curve/Jacobian_Coordinates). -* [*Twisted Edwards*](https://github.com/arkworks-rs/algebra/blob/master/ec/src/models/twisted_edwards_extended.rs) curves. The `AffineCurve` in this case is in standard Twisted Edwards curve representation, whereas the `ProjectiveCurve` uses points in [Extended Twisted Edwards Coordinates](https://eprint.iacr.org/2008/522.pdf). +* [*Twisted Edwards*](https://github.com/arkworks-rs/algebra/blob/master/ec/src/models/twisted_edwards.rs) curves. The `AffineCurve` in this case is in standard Twisted Edwards curve representation, whereas the `ProjectiveCurve` uses points in [Extended Twisted Edwards Coordinates](https://eprint.iacr.org/2008/522.pdf).