From 4e276ffff4c3846ae12fdb10ab48e341bf4ebf11 Mon Sep 17 00:00:00 2001 From: zhenfei Date: Mon, 27 Sep 2021 19:14:27 -0400 Subject: [PATCH 1/9] twisted Edwards parameters for bls12-377 --- bls12_377/src/curves/g1.rs | 64 ++++++++++++++++++++++++++++++++++- bls12_377/src/curves/mod.rs | 2 ++ bls12_377/src/curves/tests.rs | 24 ++++++++----- 3 files changed, 81 insertions(+), 9 deletions(-) diff --git a/bls12_377/src/curves/g1.rs b/bls12_377/src/curves/g1.rs index 74f140de..2f38e706 100644 --- a/bls12_377/src/curves/g1.rs +++ b/bls12_377/src/curves/g1.rs @@ -1,5 +1,11 @@ -use ark_ec::models::{ModelParameters, SWModelParameters}; +use ark_ec::models::{ + twisted_edwards_extended::{ + GroupAffine as TEGroupAffine, GroupProjective as TEGroupProjective, + }, + ModelParameters, MontgomeryModelParameters, SWModelParameters, TEModelParameters, +}; use ark_ff::{field_new, Zero}; +use core::ops::Neg; use crate::{ fields::{FQ_ONE, FQ_ZERO}, @@ -40,6 +46,53 @@ impl SWModelParameters for Parameters { } } +pub type G1TEAffine = TEGroupAffine; +pub type G1TEProjective = TEGroupProjective; + +impl TEModelParameters for Parameters { + /// COEFF_A = -1 + const COEFF_A: Fq = field_new!(Fq, "-1"); + + /// COEFF_D = 122268283598675559488486339158635529096981886914877139579534153582033676785385790730042363341236035746924960903179 mod q + const COEFF_D: Fq = field_new!(Fq, "122268283598675559488486339158635529096981886914877139579534153582033676785385790730042363341236035746924960903179"); + + /// COFACTOR = (x - 1)^2 / 3 = 30631250834960419227450344600217059328 + const COFACTOR: &'static [u64] = &[0x0, 0x170b5d4430000000]; + + /// COFACTOR_INV = COFACTOR^{-1} mod r + /// = 5285428838741532253824584287042945485047145357130994810877 + #[rustfmt::skip] + const COFACTOR_INV: Fr = field_new!(Fr, "5285428838741532253824584287042945485047145357130994810877"); + + /// AFFINE_GENERATOR_COEFFS = (GENERATOR_X, GENERATOR_Y) + const AFFINE_GENERATOR_COEFFS: (Self::BaseField, Self::BaseField) = + (TE_GENERATOR_X, TE_GENERATOR_Y); + + type MontgomeryModelParameters = Parameters; + + /// Multiplication by `a` is multiply by `-5`. + #[inline(always)] + fn mul_by_a(elem: &Self::BaseField) -> Self::BaseField { + elem.neg() + } +} + +impl MontgomeryModelParameters for Parameters { + /// COEFF_A = 228097355113300204138531148905234651262148041026195375645000724271212049151994375092458297304264351187709081232384 + const COEFF_A: Fq = field_new!( + Fq, + "228097355113300204138531148905234651262148041026195375645000724271212049151994375092458297304264351187709081232384" + ); + + /// COEFF_B = 10189023633222963290707194929886294091415157242906428298294512798502806398782149227503530278436336312243746741931 + const COEFF_B: Fq = field_new!( + Fq, + "10189023633222963290707194929886294091415157242906428298294512798502806398782149227503530278436336312243746741931" + ); + + type TEModelParameters = Parameters; +} + /// G1_GENERATOR_X = /// 81937999373150964239938255573465948239988671502647976594219695644855304257327692006745978603320413799295628339695 #[rustfmt::skip] @@ -49,3 +102,12 @@ pub const G1_GENERATOR_X: Fq = field_new!(Fq, "819379993731509642399382555734659 /// 241266749859715473739788878240585681733927191168601896383759122102112907357779751001206799952863815012735208165030 #[rustfmt::skip] pub const G1_GENERATOR_Y: Fq = field_new!(Fq, "241266749859715473739788878240585681733927191168601896383759122102112907357779751001206799952863815012735208165030"); + +pub const TE_GENERATOR_X: Fq = field_new!( + Fq, + "71222569531709137229370268896323705690285216175189308202338047559628438110820800641278662592954630774340654489393" +); +pub const TE_GENERATOR_Y: Fq = field_new!( + Fq, + "6177051365529633638563236407038680211609544222665285371549726196884440490905471891908272386851767077598415378235" +); \ No newline at end of file diff --git a/bls12_377/src/curves/mod.rs b/bls12_377/src/curves/mod.rs index 33a87fda..8a0d114b 100644 --- a/bls12_377/src/curves/mod.rs +++ b/bls12_377/src/curves/mod.rs @@ -31,3 +31,5 @@ pub type G1Affine = bls12::G1Affine; pub type G1Projective = bls12::G1Projective; pub type G2Affine = bls12::G2Affine; pub type G2Projective = bls12::G2Projective; + +pub use g1::{G1TEAffine, G1TEProjective}; \ No newline at end of file diff --git a/bls12_377/src/curves/tests.rs b/bls12_377/src/curves/tests.rs index 6010f1c3..988d6b3c 100644 --- a/bls12_377/src/curves/tests.rs +++ b/bls12_377/src/curves/tests.rs @@ -1,19 +1,22 @@ #![allow(unused_imports)] +use crate::{ + g1, g2, Bls12_377, Fq, Fq12, Fq2, Fr, G1Affine, G1Projective, G1TEProjective, G2Affine, + G2Projective, +}; +use ark_ec::{ + models::SWModelParameters, short_weierstrass_jacobian, AffineCurve, PairingEngine, + ProjectiveCurve, +}; use ark_ff::{ fields::{Field, FpParameters, PrimeField, SquareRootField}, One, Zero, }; use ark_serialize::CanonicalSerialize; -use ark_std::test_rng; - -use ark_ec::{models::SWModelParameters, AffineCurve, PairingEngine, ProjectiveCurve}; -use ark_std::rand::Rng; +use ark_std::{rand::Rng, test_rng}; use core::ops::{AddAssign, MulAssign}; -use crate::{g1, g2, Bls12_377, Fq, Fq12, Fq2, Fr, G1Affine, G1Projective, G2Affine, G2Projective}; - use ark_algebra_test_templates::{ - curves::{curve_tests, sw_tests}, + curves::{curve_tests, edwards_tests, sw_tests}, groups::group_test, }; @@ -22,6 +25,7 @@ fn test_g1_projective_curve() { curve_tests::(); sw_tests::(); + edwards_tests::(); } #[test] @@ -30,6 +34,10 @@ fn test_g1_projective_group() { let a: G1Projective = rng.gen(); let b: G1Projective = rng.gen(); group_test(a, b); + + let c = rng.gen(); + let d = rng.gen(); + group_test::(c, d); } #[test] @@ -119,4 +127,4 @@ fn test_g1_generator_raw() { i += 1; x.add_assign(&Fq::one()); } -} +} \ No newline at end of file From aaae46503d1b87fb4c692eaa3291ee802416ae61 Mon Sep 17 00:00:00 2001 From: zhenfei Date: Mon, 27 Sep 2021 19:18:03 -0400 Subject: [PATCH 2/9] update change log --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0930e352..cf68a2ff 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,8 @@ ## Pending +- [\#76](https://github.com/arkworks-rs/curves/pull/76) twisted Edwards parameters for bls12-377 + ### Breaking changes ### Features From 1fd665b8a34014836fa0926b41712409399613d4 Mon Sep 17 00:00:00 2001 From: zhenfei Date: Mon, 27 Sep 2021 19:28:46 -0400 Subject: [PATCH 3/9] cargo fmt --- bls12_377/src/curves/g1.rs | 2 +- bls12_377/src/curves/mod.rs | 2 +- bls12_377/src/curves/tests.rs | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/bls12_377/src/curves/g1.rs b/bls12_377/src/curves/g1.rs index 2f38e706..7c2e7a4e 100644 --- a/bls12_377/src/curves/g1.rs +++ b/bls12_377/src/curves/g1.rs @@ -110,4 +110,4 @@ pub const TE_GENERATOR_X: Fq = field_new!( pub const TE_GENERATOR_Y: Fq = field_new!( Fq, "6177051365529633638563236407038680211609544222665285371549726196884440490905471891908272386851767077598415378235" -); \ No newline at end of file +); diff --git a/bls12_377/src/curves/mod.rs b/bls12_377/src/curves/mod.rs index 8a0d114b..babdb320 100644 --- a/bls12_377/src/curves/mod.rs +++ b/bls12_377/src/curves/mod.rs @@ -32,4 +32,4 @@ pub type G1Projective = bls12::G1Projective; pub type G2Affine = bls12::G2Affine; pub type G2Projective = bls12::G2Projective; -pub use g1::{G1TEAffine, G1TEProjective}; \ No newline at end of file +pub use g1::{G1TEAffine, G1TEProjective}; diff --git a/bls12_377/src/curves/tests.rs b/bls12_377/src/curves/tests.rs index 988d6b3c..2900a33a 100644 --- a/bls12_377/src/curves/tests.rs +++ b/bls12_377/src/curves/tests.rs @@ -127,4 +127,4 @@ fn test_g1_generator_raw() { i += 1; x.add_assign(&Fq::one()); } -} \ No newline at end of file +} From 0247f7daaf42901c7829f5aba2cd54c75bf0f275 Mon Sep 17 00:00:00 2001 From: zhenfei Date: Tue, 28 Sep 2021 08:24:03 -0400 Subject: [PATCH 4/9] fix a typo in comments --- bls12_377/src/curves/g1.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bls12_377/src/curves/g1.rs b/bls12_377/src/curves/g1.rs index 7c2e7a4e..bdfab947 100644 --- a/bls12_377/src/curves/g1.rs +++ b/bls12_377/src/curves/g1.rs @@ -70,7 +70,7 @@ impl TEModelParameters for Parameters { type MontgomeryModelParameters = Parameters; - /// Multiplication by `a` is multiply by `-5`. + /// Multiplication by `a` is multiply by `-1`. #[inline(always)] fn mul_by_a(elem: &Self::BaseField) -> Self::BaseField { elem.neg() From e5d3b70af75933f983c60e77760883c6a7e7a24d Mon Sep 17 00:00:00 2001 From: zhenfei Date: Tue, 19 Oct 2021 11:29:14 -0400 Subject: [PATCH 5/9] circuit tests for TE coords --- bls12_377/src/constraints/curves.rs | 18 ++++++++++++++++- bls12_377/src/curves/g1.rs | 30 ++++++++++++++--------------- bls12_377/src/fields/fr.rs | 5 +++-- bls12_377/src/fields/tests.rs | 3 +-- 4 files changed, 35 insertions(+), 21 deletions(-) diff --git a/bls12_377/src/constraints/curves.rs b/bls12_377/src/constraints/curves.rs index 5441eba0..b7888310 100644 --- a/bls12_377/src/constraints/curves.rs +++ b/bls12_377/src/constraints/curves.rs @@ -1,11 +1,22 @@ use crate::Parameters; -use ark_r1cs_std::groups::bls12; +use ark_ec::bls12::Bls12Parameters; +use ark_ec::ModelParameters; +use ark_r1cs_std::{ + fields::fp::FpVar, + groups::{bls12, curves::twisted_edwards::AffineVar as TEAffineVar}, +}; /// An element of G1 in the BLS12-377 bilinear group. pub type G1Var = bls12::G1Var; /// An element of G2 in the BLS12-377 bilinear group. pub type G2Var = bls12::G2Var; +/// An element of G1 (in TE Affine form) in the BLS12-377 bilinear group. +pub type G1TEAffineVar = TEAffineVar< + ::G1Parameters, + FpVar<<::G1Parameters as ModelParameters>::BaseField>, +>; + /// Represents the cached precomputation that can be performed on a G1 element /// which enables speeding up pairing computation. pub type G1PreparedVar = bls12::G1PreparedVar; @@ -21,6 +32,11 @@ fn test() { G1Var, >() .unwrap(); + ark_curve_constraint_tests::curves::te_test::< + ::G1Parameters, + G1TEAffineVar, + >() + .unwrap(); ark_curve_constraint_tests::curves::sw_test::< ::G2Parameters, G2Var, diff --git a/bls12_377/src/curves/g1.rs b/bls12_377/src/curves/g1.rs index bdfab947..4f997ee1 100644 --- a/bls12_377/src/curves/g1.rs +++ b/bls12_377/src/curves/g1.rs @@ -54,6 +54,7 @@ impl TEModelParameters for Parameters { const COEFF_A: Fq = field_new!(Fq, "-1"); /// COEFF_D = 122268283598675559488486339158635529096981886914877139579534153582033676785385790730042363341236035746924960903179 mod q + #[rustfmt::skip] const COEFF_D: Fq = field_new!(Fq, "122268283598675559488486339158635529096981886914877139579534153582033676785385790730042363341236035746924960903179"); /// COFACTOR = (x - 1)^2 / 3 = 30631250834960419227450344600217059328 @@ -79,16 +80,12 @@ impl TEModelParameters for Parameters { impl MontgomeryModelParameters for Parameters { /// COEFF_A = 228097355113300204138531148905234651262148041026195375645000724271212049151994375092458297304264351187709081232384 - const COEFF_A: Fq = field_new!( - Fq, - "228097355113300204138531148905234651262148041026195375645000724271212049151994375092458297304264351187709081232384" - ); + #[rustfmt::skip] + const COEFF_A: Fq = field_new!(Fq, "228097355113300204138531148905234651262148041026195375645000724271212049151994375092458297304264351187709081232384"); /// COEFF_B = 10189023633222963290707194929886294091415157242906428298294512798502806398782149227503530278436336312243746741931 - const COEFF_B: Fq = field_new!( - Fq, - "10189023633222963290707194929886294091415157242906428298294512798502806398782149227503530278436336312243746741931" - ); + #[rustfmt::skip] + const COEFF_B: Fq = field_new!(Fq, "10189023633222963290707194929886294091415157242906428298294512798502806398782149227503530278436336312243746741931"); type TEModelParameters = Parameters; } @@ -103,11 +100,12 @@ pub const G1_GENERATOR_X: Fq = field_new!(Fq, "819379993731509642399382555734659 #[rustfmt::skip] pub const G1_GENERATOR_Y: Fq = field_new!(Fq, "241266749859715473739788878240585681733927191168601896383759122102112907357779751001206799952863815012735208165030"); -pub const TE_GENERATOR_X: Fq = field_new!( - Fq, - "71222569531709137229370268896323705690285216175189308202338047559628438110820800641278662592954630774340654489393" -); -pub const TE_GENERATOR_Y: Fq = field_new!( - Fq, - "6177051365529633638563236407038680211609544222665285371549726196884440490905471891908272386851767077598415378235" -); +/// TE_GENERATOR_X = +/// 71222569531709137229370268896323705690285216175189308202338047559628438110820800641278662592954630774340654489393 +#[rustfmt::skip] +pub const TE_GENERATOR_X: Fq = field_new!(Fq, "71222569531709137229370268896323705690285216175189308202338047559628438110820800641278662592954630774340654489393"); + +/// TE_GENERATOR_Y = +/// 6177051365529633638563236407038680211609544222665285371549726196884440490905471891908272386851767077598415378235 +#[rustfmt::skip] +pub const TE_GENERATOR_Y: Fq = field_new!(Fq, "6177051365529633638563236407038680211609544222665285371549726196884440490905471891908272386851767077598415378235"); diff --git a/bls12_377/src/fields/fr.rs b/bls12_377/src/fields/fr.rs index 0d257fe1..8e94bdd9 100644 --- a/bls12_377/src/fields/fr.rs +++ b/bls12_377/src/fields/fr.rs @@ -1,4 +1,4 @@ -///! Bls12-377 scalar field. +//! Bls12-377 scalar field. /// /// Roots of unity computed from modulus and R using this sage code: /// @@ -76,7 +76,8 @@ impl FpParameters for FrParameters { /// GENERATOR = 22 /// Encoded in Montgomery form, so the value is - /// (22 * R) % q = 5642976643016801619665363617888466827793962762719196659561577942948671127251 + /// (22 * R) % q = + /// 5642976643016801619665363617888466827793962762719196659561577942948671127251 #[rustfmt::skip] const GENERATOR: BigInteger = BigInteger([ 2984901390528151251u64, diff --git a/bls12_377/src/fields/tests.rs b/bls12_377/src/fields/tests.rs index 66760bb6..b8559034 100644 --- a/bls12_377/src/fields/tests.rs +++ b/bls12_377/src/fields/tests.rs @@ -7,8 +7,7 @@ use ark_ff::{ One, UniformRand, Zero, }; use ark_serialize::{buffer_bit_byte_size, CanonicalSerialize}; -use ark_std::rand::Rng; -use ark_std::test_rng; +use ark_std::{rand::Rng, test_rng}; use core::{ cmp::Ordering, ops::{AddAssign, MulAssign, SubAssign}, From 543d2b94f5bb371fe3559e8b6544e2886677195d Mon Sep 17 00:00:00 2001 From: zhenfei Date: Tue, 19 Oct 2021 11:00:40 -0400 Subject: [PATCH 6/9] fix nightly CI warning --- curve-benches/src/macros/field.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/curve-benches/src/macros/field.rs b/curve-benches/src/macros/field.rs index 1343823b..a0c82fa9 100644 --- a/curve-benches/src/macros/field.rs +++ b/curve-benches/src/macros/field.rs @@ -448,7 +448,7 @@ macro_rules! prime_field { let mut count = 0; b.iter(|| { count = (count + 1) % SAMPLES; - $f::from(v[count]); + let _ = $f::from(v[count]); }); } }; From 824b5f419c736347021eec831c2d6c93b88ace82 Mon Sep 17 00:00:00 2001 From: zhenfei Date: Tue, 19 Oct 2021 13:38:35 -0400 Subject: [PATCH 7/9] adding sage scripts as comments --- bls12_377/src/curves/g1.rs | 121 +++++++++++++++++++++++++++++++++++++ 1 file changed, 121 insertions(+) diff --git a/bls12_377/src/curves/g1.rs b/bls12_377/src/curves/g1.rs index 4f997ee1..c38274d2 100644 --- a/bls12_377/src/curves/g1.rs +++ b/bls12_377/src/curves/g1.rs @@ -49,6 +49,54 @@ impl SWModelParameters for Parameters { pub type G1TEAffine = TEGroupAffine; pub type G1TEProjective = TEGroupProjective; +// BLS12-377::G1 also has a twisted Edwards form. +// It can be obtained via the following script, implementing +// 1. SW -> Montgomery -> TE1 transformation: https://en.wikipedia.org/wiki/Montgomery_curve +// 2. TE1 -> TE2 normalization (enforcing `a = -1`) +// ``` sage +// +// # modulus +// p=0x1ae3a4617c510eac63b05c06ca1493b1a22d9f300f5138f1ef3622fba094800170b5d44300000008508c00000000001 +// Fp=Zmod(p) +// +// ##################################################### +// # Weierstrass curve: y² = x³ + A * x + B +// ##################################################### +// # curve y^2 = x^3 + 1 +// WA=Fp(0) +// WB=Fp(1) +// +// ##################################################### +// # Montgomery curve: By² = x³ + A * x² + x +// ##################################################### +// # root for x^3 + 1 = 0 +// alpha = -1 +// # s = 1 / (sqrt(3alpha^2 + a)) +// s = 1/(Fp(3).sqrt()) +// +// # MA = 3 * alpha * s +// MA=Fp(228097355113300204138531148905234651262148041026195375645000724271212049151994375092458297304264351187709081232384) +// # MB = s +// MB=Fp(10189023633222963290707194929886294091415157242906428298294512798502806398782149227503530278436336312243746741931) +// +// # ##################################################### +// # # Twisted Edwards curve 1: a * x² + y² = 1 + d * x² * y² +// # ##################################################### +// # a = (MA+2)/MB +// TE1a=Fp(61134141799337779744243169579317764548490943457438569789767076791016838392692895365021181670618017873462480451583) +// # b = (MA-2)/MB +// TE1d=Fp(197530284213631314266409564115575768987902569297476090750117185875703629955647927409947706468955342250977841006588) +// +// # ##################################################### +// # # Twisted Edwards curve 2: a * x² + y² = 1 + d * x² * y² +// # ##################################################### +// # a = -1 +// TE2a=Fp(-1) +// # b = -TE1d/TE1a +// TE2d=Fp(122268283598675559488486339158635529096981886914877139579534153582033676785385790730042363341236035746924960903179) +// +// ``` + impl TEModelParameters for Parameters { /// COEFF_A = -1 const COEFF_A: Fq = field_new!(Fq, "-1"); @@ -78,6 +126,36 @@ impl TEModelParameters for Parameters { } } +// BLS12-377::G1 also has a Montgomery form. +// BLS12-377::G1 also has a twisted Edwards form. +// It can be obtained via the following script, implementing +// SW -> Montgomery transformation: https://en.wikipedia.org/wiki/Montgomery_curve +// ``` sage +// +// # modulus +// p=0x1ae3a4617c510eac63b05c06ca1493b1a22d9f300f5138f1ef3622fba094800170b5d44300000008508c00000000001 +// Fp=Zmod(p) +// +// ##################################################### +// # Weierstrass curve: y² = x³ + A * x + B +// ##################################################### +// # curve y^2 = x^3 + 1 +// WA=Fp(0) +// WB=Fp(1) +// +// ##################################################### +// # Montgomery curve: By² = x³ + A * x² + x +// ##################################################### +// # root for x^3 + 1 = 0 +// alpha = -1 +// # s = 1 / (sqrt(3alpha^2 + a)) +// s = 1/(Fp(3).sqrt()) +// +// # MA = 3 * alpha * s +// MA=Fp(228097355113300204138531148905234651262148041026195375645000724271212049151994375092458297304264351187709081232384) +// # MB = s +// MB=Fp(10189023633222963290707194929886294091415157242906428298294512798502806398782149227503530278436336312243746741931) +// ``` impl MontgomeryModelParameters for Parameters { /// COEFF_A = 228097355113300204138531148905234651262148041026195375645000724271212049151994375092458297304264351187709081232384 #[rustfmt::skip] @@ -100,6 +178,49 @@ pub const G1_GENERATOR_X: Fq = field_new!(Fq, "819379993731509642399382555734659 #[rustfmt::skip] pub const G1_GENERATOR_Y: Fq = field_new!(Fq, "241266749859715473739788878240585681733927191168601896383759122102112907357779751001206799952863815012735208165030"); +// The generator for twisted Edward form is the same SW generator converted into the normalized TE form (TE2). +// ``` sage +// # following scripts in previous section +// ##################################################### +// # Weierstrass curve generator +// ##################################################### +// Wx = Fp(81937999373150964239938255573465948239988671502647976594219695644855304257327692006745978603320413799295628339695) +// Wy = Fp(241266749859715473739788878240585681733927191168601896383759122102112907357779751001206799952863815012735208165030) +// +// assert(Wy^2 - Wx^3 - WA * Wx - WB == 0) +// +// ##################################################### +// # Montgomery curve generator +// ##################################################### +// # x = s * (x - alpha) +// Mx = Fp(251803586774461569862800610331871502335378228972505599912537082323947581271784390797244487924068052270360793200630) +// # y = s * y +// My = Fp(77739247071951651095607889637653357561348174979132042929587539214321586851215673796661346812932566642719051699820) +// +// assert(MB * My^2 == Mx^3+ MA * Mx^2 + Mx) +// +// # ##################################################### +// # # Twisted Edwards curve 1 generator +// # ##################################################### +// # x = Mx/My +// TE1x = Fp(82241236807150726090333472814441006963902378430536027612759193445733851062772474760677400112551677454953925168208) +// # y = (Mx - 1)/(Mx+1) +// TE1y = Fp(6177051365529633638563236407038680211609544222665285371549726196884440490905471891908272386851767077598415378235) +// +// assert( TE1a * TE1x^2 + TE1y^2 == 1 + TE1d * TE1x^2 * TE1y^2 ) +// +// +// # ##################################################### +// # # Twisted Edwards curve 2 generator +// # ##################################################### +// beta = (-TE1a).sqrt() +// # x = TE1x * sqrt(-TE1a) +// TE2x = Fp(71222569531709137229370268896323705690285216175189308202338047559628438110820800641278662592954630774340654489393) +// # y = TE1y +// TE2y = Fp(6177051365529633638563236407038680211609544222665285371549726196884440490905471891908272386851767077598415378235) +// +// assert( TE2a * TE2x^2 + TE2y^2 == 1 + TE2d * TE2x^2 * TE2y^2 ) +// ``` /// TE_GENERATOR_X = /// 71222569531709137229370268896323705690285216175189308202338047559628438110820800641278662592954630774340654489393 #[rustfmt::skip] From 095bd7242e278cc891ffaca42d621d9ee717c63c Mon Sep 17 00:00:00 2001 From: Pratyush Mishra Date: Tue, 19 Oct 2021 11:05:36 -0700 Subject: [PATCH 8/9] Update bls12_377/src/curves/g1.rs --- bls12_377/src/curves/g1.rs | 97 +++++++++++++++++++------------------- 1 file changed, 49 insertions(+), 48 deletions(-) diff --git a/bls12_377/src/curves/g1.rs b/bls12_377/src/curves/g1.rs index c38274d2..272c9f11 100644 --- a/bls12_377/src/curves/g1.rs +++ b/bls12_377/src/curves/g1.rs @@ -49,54 +49,55 @@ impl SWModelParameters for Parameters { pub type G1TEAffine = TEGroupAffine; pub type G1TEProjective = TEGroupProjective; -// BLS12-377::G1 also has a twisted Edwards form. -// It can be obtained via the following script, implementing -// 1. SW -> Montgomery -> TE1 transformation: https://en.wikipedia.org/wiki/Montgomery_curve -// 2. TE1 -> TE2 normalization (enforcing `a = -1`) -// ``` sage -// -// # modulus -// p=0x1ae3a4617c510eac63b05c06ca1493b1a22d9f300f5138f1ef3622fba094800170b5d44300000008508c00000000001 -// Fp=Zmod(p) -// -// ##################################################### -// # Weierstrass curve: y² = x³ + A * x + B -// ##################################################### -// # curve y^2 = x^3 + 1 -// WA=Fp(0) -// WB=Fp(1) -// -// ##################################################### -// # Montgomery curve: By² = x³ + A * x² + x -// ##################################################### -// # root for x^3 + 1 = 0 -// alpha = -1 -// # s = 1 / (sqrt(3alpha^2 + a)) -// s = 1/(Fp(3).sqrt()) -// -// # MA = 3 * alpha * s -// MA=Fp(228097355113300204138531148905234651262148041026195375645000724271212049151994375092458297304264351187709081232384) -// # MB = s -// MB=Fp(10189023633222963290707194929886294091415157242906428298294512798502806398782149227503530278436336312243746741931) -// -// # ##################################################### -// # # Twisted Edwards curve 1: a * x² + y² = 1 + d * x² * y² -// # ##################################################### -// # a = (MA+2)/MB -// TE1a=Fp(61134141799337779744243169579317764548490943457438569789767076791016838392692895365021181670618017873462480451583) -// # b = (MA-2)/MB -// TE1d=Fp(197530284213631314266409564115575768987902569297476090750117185875703629955647927409947706468955342250977841006588) -// -// # ##################################################### -// # # Twisted Edwards curve 2: a * x² + y² = 1 + d * x² * y² -// # ##################################################### -// # a = -1 -// TE2a=Fp(-1) -// # b = -TE1d/TE1a -// TE2d=Fp(122268283598675559488486339158635529096981886914877139579534153582033676785385790730042363341236035746924960903179) -// -// ``` - +/// Bls12_377::G1 also has a twisted Edwards form. +/// It can be obtained via the following script, implementing +/// 1. SW -> Montgomery -> TE1 transformation: https://en.wikipedia.org/wiki/Montgomery_curve +/// 2. TE1 -> TE2 normalization (enforcing `a = -1`) +/// ``` sage +/// +/// # modulus +/// p = 0x1ae3a4617c510eac63b05c06ca1493b1a22d9f300f5138f1ef3622fba094800170b5d44300000008508c00000000001 +/// Fp = Zmod(p) +/// +/// ##################################################### +/// # Weierstrass curve: y² = x³ + A * x + B +/// ##################################################### +/// # curve y^2 = x^3 + 1 +/// WA = Fp(0) +/// WB = Fp(1) +/// +/// ##################################################### +/// # Montgomery curve: By² = x³ + A * x² + x +/// ##################################################### +/// # root for x^3 + 1 = 0 +/// alpha = -1 +/// # s = 1 / (sqrt(3alpha^2 + a)) +/// s = 1/(Fp(3).sqrt()) +/// +/// # MA = 3 * alpha * s +/// MA = Fp(228097355113300204138531148905234651262148041026195375645000724271212049151994375092458297304264351187709081232384) +/// # MB = s +/// MB = Fp(10189023633222963290707194929886294091415157242906428298294512798502806398782149227503530278436336312243746741931) +/// +/// # ##################################################### +/// # # Twisted Edwards curve 1: a * x² + y² = 1 + d * x² * y² +/// # ##################################################### +/// # We first convert to TE form obtaining a curve with a != -1, and then +/// # apply a transformation to obtain a TE curve with a = -1. +/// # a = (MA+2)/MB +/// TE1a = Fp(61134141799337779744243169579317764548490943457438569789767076791016838392692895365021181670618017873462480451583) +/// # b = (MA-2)/MB +/// TE1d = Fp(197530284213631314266409564115575768987902569297476090750117185875703629955647927409947706468955342250977841006588) +/// +/// # ##################################################### +/// # # Twisted Edwards curve 2: a * x² + y² = 1 + d * x² * y² +/// # ##################################################### +/// # a = -1 +/// TE2a = Fp(-1) +/// # b = -TE1d/TE1a +/// TE2d = Fp(122268283598675559488486339158635529096981886914877139579534153582033676785385790730042363341236035746924960903179) +/// +/// ``` impl TEModelParameters for Parameters { /// COEFF_A = -1 const COEFF_A: Fq = field_new!(Fq, "-1"); From 2047b888f5ecd0fd936c57a759c73616739a5db7 Mon Sep 17 00:00:00 2001 From: zhenfei Date: Tue, 19 Oct 2021 14:16:17 -0400 Subject: [PATCH 9/9] fix CI complains on hyperlinks --- bls12_377/src/curves/g1.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bls12_377/src/curves/g1.rs b/bls12_377/src/curves/g1.rs index 272c9f11..6363ceb2 100644 --- a/bls12_377/src/curves/g1.rs +++ b/bls12_377/src/curves/g1.rs @@ -51,7 +51,7 @@ pub type G1TEProjective = TEGroupProjective; /// Bls12_377::G1 also has a twisted Edwards form. /// It can be obtained via the following script, implementing -/// 1. SW -> Montgomery -> TE1 transformation: https://en.wikipedia.org/wiki/Montgomery_curve +/// 1. SW -> Montgomery -> TE1 transformation: /// 2. TE1 -> TE2 normalization (enforcing `a = -1`) /// ``` sage /// @@ -130,7 +130,7 @@ impl TEModelParameters for Parameters { // BLS12-377::G1 also has a Montgomery form. // BLS12-377::G1 also has a twisted Edwards form. // It can be obtained via the following script, implementing -// SW -> Montgomery transformation: https://en.wikipedia.org/wiki/Montgomery_curve +// SW -> Montgomery transformation: // ``` sage // // # modulus