Skip to content

Commit

Permalink
Merge branch 'clearmatics-fix-curves-interfaces-inconsistencies'
Browse files Browse the repository at this point in the history 
This closes #35.
  • Loading branch information
@madars
madars committed Apr 28, 2020
2 parents d061b95 + 6bb7a50 commit 5835b8c
Show file tree
Hide file tree
Showing 16 changed files with 518 additions and 507 deletions.
157 changes: 82 additions & 75 deletions libff/algebra/curves/bn128/bn128_g1.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -75,9 +75,9 @@ bn128_G1::bn128_G1()
{
if (bn128_G1::initialized)
{
this->coord[0] = G1_zero.coord[0];
this->coord[1] = G1_zero.coord[1];
this->coord[2] = G1_zero.coord[2];
this->X = G1_zero.X;
this->Y = G1_zero.Y;
this->Z = G1_zero.Z;
}
}

Expand All @@ -91,7 +91,7 @@ void bn128_G1::print() const
{
bn128_G1 copy(*this);
copy.to_affine_coordinates();
std::cout << "(" << copy.coord[0].toString(10) << " : " << copy.coord[1].toString(10) << " : " << copy.coord[2].toString(10) << ")\n";
std::cout << "(" << copy.X.toString(10) << " : " << copy.Y.toString(10) << " : " << copy.Z.toString(10) << ")\n";
}
}

Expand All @@ -103,28 +103,28 @@ void bn128_G1::print_coordinates() const
}
else
{
std::cout << "(" << coord[0].toString(10) << " : " << coord[1].toString(10) << " : " << coord[2].toString(10) << ")\n";
std::cout << "(" << X.toString(10) << " : " << Y.toString(10) << " : " << Z.toString(10) << ")\n";
}
}

void bn128_G1::to_affine_coordinates()
{
if (this->is_zero())
{
coord[0] = 0;
coord[1] = 1;
coord[2] = 0;
X = 0;
Y = 1;
Z = 0;
}
else
{
bn::Fp r;
r = coord[2];
r = Z;
r.inverse();
bn::Fp::square(coord[2], r);
coord[0] *= coord[2];
r *= coord[2];
coord[1] *= r;
coord[2] = 1;
bn::Fp::square(Z, r);
X *= Z;
r *= Z;
Y *= r;
Z = 1;
}
}

Expand All @@ -135,12 +135,12 @@ void bn128_G1::to_special()

bool bn128_G1::is_special() const
{
return (this->is_zero() || this->coord[2] == 1);
return (this->is_zero() || this->Z == 1);
}

bool bn128_G1::is_zero() const
{
return coord[2].isZero();
return Z.isZero();
}

bool bn128_G1::operator==(const bn128_G1 &other) const
Expand All @@ -158,21 +158,21 @@ bool bn128_G1::operator==(const bn128_G1 &other) const
/* now neither is O */

bn::Fp Z1sq, Z2sq, lhs, rhs;
bn::Fp::square(Z1sq, this->coord[2]);
bn::Fp::square(Z2sq, other.coord[2]);
bn::Fp::mul(lhs, Z2sq, this->coord[0]);
bn::Fp::mul(rhs, Z1sq, other.coord[0]);
bn::Fp::square(Z1sq, this->Z);
bn::Fp::square(Z2sq, other.Z);
bn::Fp::mul(lhs, Z2sq, this->X);
bn::Fp::mul(rhs, Z1sq, other.X);

if (lhs != rhs)
{
return false;
}

bn::Fp Z1cubed, Z2cubed;
bn::Fp::mul(Z1cubed, Z1sq, this->coord[2]);
bn::Fp::mul(Z2cubed, Z2sq, other.coord[2]);
bn::Fp::mul(lhs, Z2cubed, this->coord[1]);
bn::Fp::mul(rhs, Z1cubed, other.coord[1]);
bn::Fp::mul(Z1cubed, Z1sq, this->Z);
bn::Fp::mul(Z2cubed, Z2sq, other.Z);
bn::Fp::mul(lhs, Z2cubed, this->Y);
bn::Fp::mul(rhs, Z1cubed, other.Y);

return (lhs == rhs);
}
Expand Down Expand Up @@ -212,7 +212,7 @@ bn128_G1 bn128_G1::operator+(const bn128_G1 &other) const
bn128_G1 bn128_G1::operator-() const
{
bn128_G1 result(*this);
bn::Fp::neg(result.coord[1], result.coord[1]);
bn::Fp::neg(result.Y, result.Y);
return result;
}

Expand All @@ -227,8 +227,12 @@ bn128_G1 bn128_G1::add(const bn128_G1 &other) const
this->add_cnt++;
#endif

bn128_G1 result;
bn::ecop::ECAdd(result.coord, this->coord, other.coord);
bn::Fp this_coord[3], other_coord[3], result_coord[3];
this->fill_coord(this_coord);
other.fill_coord(other_coord);
bn::ecop::ECAdd(result_coord, this_coord, other_coord);

bn128_G1 result(result_coord);
return result;
}

Expand Down Expand Up @@ -263,16 +267,16 @@ bn128_G1 bn128_G1::mixed_add(const bn128_G1 &other) const
// we know that Z2 = 1

bn::Fp Z1Z1;
bn::Fp::square(Z1Z1, this->coord[2]);
const bn::Fp &U1 = this->coord[0];
bn::Fp::square(Z1Z1, this->Z);
const bn::Fp &U1 = this->X;
bn::Fp U2;
bn::Fp::mul(U2, other.coord[0], Z1Z1);
bn::Fp::mul(U2, other.X, Z1Z1);
bn::Fp Z1_cubed;
bn::Fp::mul(Z1_cubed, this->coord[2], Z1Z1);
bn::Fp::mul(Z1_cubed, this->Z, Z1Z1);

const bn::Fp &S1 = this->coord[1];
const bn::Fp &S1 = this->Y;
bn::Fp S2;
bn::Fp::mul(S2, other.coord[1], Z1_cubed); // S2 = Y2*Z1*Z1Z1
bn::Fp::mul(S2, other.Y, Z1_cubed); // S2 = Y2*Z1*Z1Z1

if (U1 == U2 && S1 == S2)
{
Expand All @@ -287,7 +291,7 @@ bn128_G1 bn128_G1::mixed_add(const bn128_G1 &other) const
bn128_G1 result;
bn::Fp H, HH, I, J, r, V, tmp;
// H = U2-X1
bn::Fp::sub(H, U2, this->coord[0]);
bn::Fp::sub(H, U2, this->X);
// HH = H^2
bn::Fp::square(HH, H);
// I = 4*HH
Expand All @@ -296,26 +300,26 @@ bn128_G1 bn128_G1::mixed_add(const bn128_G1 &other) const
// J = H*I
bn::Fp::mul(J, H, I);
// r = 2*(S2-Y1)
bn::Fp::sub(tmp, S2, this->coord[1]);
bn::Fp::sub(tmp, S2, this->Y);
bn::Fp::add(r, tmp, tmp);
// V = X1*I
bn::Fp::mul(V, this->coord[0], I);
bn::Fp::mul(V, this->X, I);
// X3 = r^2-J-2*V
bn::Fp::square(result.coord[0], r);
bn::Fp::sub(result.coord[0], result.coord[0], J);
bn::Fp::sub(result.coord[0], result.coord[0], V);
bn::Fp::sub(result.coord[0], result.coord[0], V);
bn::Fp::square(result.X, r);
bn::Fp::sub(result.X, result.X, J);
bn::Fp::sub(result.X, result.X, V);
bn::Fp::sub(result.X, result.X, V);
// Y3 = r*(V-X3)-2*Y1*J
bn::Fp::sub(tmp, V, result.coord[0]);
bn::Fp::mul(result.coord[1], r, tmp);
bn::Fp::mul(tmp, this->coord[1], J);
bn::Fp::sub(result.coord[1], result.coord[1], tmp);
bn::Fp::sub(result.coord[1], result.coord[1], tmp);
bn::Fp::sub(tmp, V, result.X);
bn::Fp::mul(result.Y, r, tmp);
bn::Fp::mul(tmp, this->Y, J);
bn::Fp::sub(result.Y, result.Y, tmp);
bn::Fp::sub(result.Y, result.Y, tmp);
// Z3 = (Z1+H)^2-Z1Z1-HH
bn::Fp::add(tmp, this->coord[2], H);
bn::Fp::square(result.coord[2], tmp);
bn::Fp::sub(result.coord[2], result.coord[2], Z1Z1);
bn::Fp::sub(result.coord[2], result.coord[2], HH);
bn::Fp::add(tmp, this->Z, H);
bn::Fp::square(result.Z, tmp);
bn::Fp::sub(result.Z, result.Z, Z1Z1);
bn::Fp::sub(result.Z, result.Z, HH);
return result;
}

Expand All @@ -325,8 +329,11 @@ bn128_G1 bn128_G1::dbl() const
this->dbl_cnt++;
#endif

bn128_G1 result;
bn::ecop::ECDouble(result.coord, this->coord);
bn::Fp this_coord[3], result_coord[3];
this->fill_coord(this_coord);
bn::ecop::ECDouble(result_coord, this_coord);

bn128_G1 result(result_coord);
return result;
}

Expand Down Expand Up @@ -355,20 +362,20 @@ std::ostream& operator<<(std::ostream &out, const bn128_G1 &g)
#ifdef NO_PT_COMPRESSION
/* no point compression case */
#ifndef BINARY_OUTPUT
out << gcopy.coord[0] << OUTPUT_SEPARATOR << gcopy.coord[1];
out << gcopy.X << OUTPUT_SEPARATOR << gcopy.Y;
#else
out.write((char*) &gcopy.coord[0], sizeof(gcopy.coord[0]));
out.write((char*) &gcopy.coord[1], sizeof(gcopy.coord[1]));
out.write((char*) &gcopy.X, sizeof(gcopy.X));
out.write((char*) &gcopy.Y, sizeof(gcopy.Y));
#endif

#else
/* point compression case */
#ifndef BINARY_OUTPUT
out << gcopy.coord[0];
out << gcopy.X;
#else
out.write((char*) &gcopy.coord[0], sizeof(gcopy.coord[0]));
out.write((char*) &gcopy.X, sizeof(gcopy.X));
#endif
out << OUTPUT_SEPARATOR << (((unsigned char*)&gcopy.coord[1])[0] & 1 ? '1' : '0');
out << OUTPUT_SEPARATOR << (((unsigned char*)&gcopy.Y)[0] & 1 ? '1' : '0');
#endif

return out;
Expand All @@ -392,13 +399,13 @@ bool bn128_G1::is_well_formed() const
y^2 = x^3 + b z^6
*/
bn::Fp X2, Y2, Z2;
bn::Fp::square(X2, this->coord[0]);
bn::Fp::square(Y2, this->coord[1]);
bn::Fp::square(Z2, this->coord[2]);
bn::Fp::square(X2, this->X);
bn::Fp::square(Y2, this->Y);
bn::Fp::square(Z2, this->Z);

bn::Fp X3, Z3, Z6;
bn::Fp::mul(X3, X2, this->coord[0]);
bn::Fp::mul(Z3, Z2, this->coord[2]);
bn::Fp::mul(X3, X2, this->X);
bn::Fp::mul(Z3, Z2, this->Z);
bn::Fp::square(Z6, Z3);

return (Y2 == X3 + bn128_coeff_b * Z6);
Expand All @@ -415,12 +422,12 @@ std::istream& operator>>(std::istream &in, bn128_G1 &g)
#ifdef NO_PT_COMPRESSION
/* no point compression case */
#ifndef BINARY_OUTPUT
in >> g.coord[0];
in >> g.X;
consume_OUTPUT_SEPARATOR(in);
in >> g.coord[1];
in >> g.Y;
#else
in.read((char*) &g.coord[0], sizeof(g.coord[0]));
in.read((char*) &g.coord[1], sizeof(g.coord[1]));
in.read((char*) &g.X, sizeof(g.X));
in.read((char*) &g.Y, sizeof(g.Y));
#endif

#else
Expand All @@ -439,24 +446,24 @@ std::istream& operator>>(std::istream &in, bn128_G1 &g)
// y = +/- sqrt(x^3 + b)
if (!is_zero)
{
g.coord[0] = tX;
g.X = tX;
bn::Fp tX2, tY2;
bn::Fp::square(tX2, tX);
bn::Fp::mul(tY2, tX2, tX);
bn::Fp::add(tY2, tY2, bn128_coeff_b);

g.coord[1] = bn128_G1::sqrt(tY2);
if ((((unsigned char*)&g.coord[1])[0] & 1) != Y_lsb)
g.Y = bn128_G1::sqrt(tY2);
if ((((unsigned char*)&g.Y)[0] & 1) != Y_lsb)
{
bn::Fp::neg(g.coord[1], g.coord[1]);
bn::Fp::neg(g.Y, g.Y);
}
}
#endif

/* finalize */
if (!is_zero)
{
g.coord[2] = bn::Fp(1);
g.Z = bn::Fp(1);
}
else
{
Expand Down Expand Up @@ -502,7 +509,7 @@ void bn128_G1::batch_to_special_all_non_zeros(std::vector<bn128_G1> &vec)

for (auto &el: vec)
{
Z_vec.emplace_back(el.coord[2]);
Z_vec.emplace_back(el.Z);
}
bn_batch_invert<bn::Fp>(Z_vec);

Expand All @@ -514,9 +521,9 @@ void bn128_G1::batch_to_special_all_non_zeros(std::vector<bn128_G1> &vec)
bn::Fp::square(Z2, Z_vec[i]);
bn::Fp::mul(Z3, Z2, Z_vec[i]);

bn::Fp::mul(vec[i].coord[0], vec[i].coord[0], Z2);
bn::Fp::mul(vec[i].coord[1], vec[i].coord[1], Z3);
vec[i].coord[2] = one;
bn::Fp::mul(vec[i].X, vec[i].X, Z2);
bn::Fp::mul(vec[i].Y, vec[i].Y, Z3);
vec[i].Z = one;
}
}

Expand Down
8 changes: 6 additions & 2 deletions libff/algebra/curves/bn128/bn128_g1.hpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,11 +34,15 @@ class bn128_G1 {
static bn128_G1 G1_one;
static bool initialized;

bn::Fp coord[3];
bn128_G1();
typedef bn128_Fq base_field;
typedef bn128_Fr scalar_field;

bn::Fp X, Y, Z;
void fill_coord(bn::Fp coord[3]) const { coord[0] = this->X; coord[1] = this->Y; coord[2] = this->Z; return; };

bn128_G1();
bn128_G1(bn::Fp coord[3]) : X(coord[0]), Y(coord[1]), Z(coord[2]) {};

void print() const;
void print_coordinates() const;

Expand Down
Loading

0 comments on commit 5835b8c

Please sign in to comment.